/// <summary>
/// Obtains <see cref="IniProperties"/> with default settings and simple encryption.
/// (This is not a security feature, use file system acl to protect from other users.)
/// </summary>
/// <param name="password">Password to use.</param>
/// <param name="salt">Salt to use.</param>
/// <param name="iterations">Number of iterations.</param>
/// <returns>Returns a new <see cref="IniProperties"/> instance.</returns>
public static IniProperties Encrypted(string password, byte[] salt, int iterations = 20000)
{
var pbkdf2 = new PBKDF2(password, salt, iterations);
var result = Default;
result.Encryption = new RijndaelManaged
{
BlockSize = 256,
};
result.Encryption.Key = pbkdf2.GetBytes(result.Encryption.KeySize / 8);
result.Encryption.IV = pbkdf2.GetBytes(result.Encryption.BlockSize / 8);
(pbkdf2 as IDisposable)?.Dispose();
return(result);
}
internal static byte[] GenerateSaltedPassword(byte[] passwordBytes, byte[] salt, int iterations)
{
using (var pass = new PBKDF2(HMACMethod.SHA512, passwordBytes, salt, iterations))
{
return(pass.GetBytes(PasswordSize));
}
}
public void TestRfc2898DeriveBytes()
{
byte[] password = new byte[20];
byte[] salt = new byte[20];
int bytes = 64;
for (int iterations = 1000; iterations <= 10000; iterations += 1000)
{
Tester.RandomGenerator.NextBytes(password);
Tester.RandomGenerator.NextBytes(salt);
using (PBKDF2 <HMACSHA1> pbkdf2 = new PBKDF2 <HMACSHA1>(password, salt, iterations))
using (Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, salt, iterations))
{
byte[] pbkdf2Bytes = pbkdf2.GetBytes(bytes);
byte[] rfc2898Bytes = rfc2898.GetBytes(bytes);
Assert.AreEqual(bytes, rfc2898Bytes.Length);
Assert.AreEqual(bytes, pbkdf2Bytes.Length);
for (int i = 0; i < bytes; i++)
{
Assert.AreEqual(rfc2898Bytes[i], pbkdf2Bytes[i]);
}
}
}
}
internal bool UnlockWithPassword(string password)
{
PBKDF2 password1 = new PBKDF2(password, Attrs["DPSL"], Attrs["DPIC"], "HMACSHA256");
byte[] byteArray1 = password1.GetBytes(32);
PBKDF2 passCodeKey = new PBKDF2(byteArray1, Attrs["SALT"], Attrs["ITER"], "HMACSHA1");
byte[] byteArray2 = passCodeKey.GetBytes(32);
foreach (Dictionary <string, dynamic> item in ClassKeys.Values)
{
if (!item.ContainsKey("WPKY"))
{
continue;
}
dynamic k = item["WPKY"];
if ((item["WRAP"] & ConstData.WRAP_PASSCODE) != 0)
{
k = AESUnwrap(item["WPKY"], byteArray2);
if (k == null)
{
Unlocked = false;
return(false);
}
item["KEY"] = k;
}
}
Unlocked = true;
return(Unlocked);
}
public static void TestPBKDF2()
{
PBKDF2 kg;
byte[] DK;
byte[] tv1 = new byte[] { 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, 0x2f, 0xe0, 0x37, 0xa6 };
kg = new PBKDF2(Encoding.Default.GetBytes("password"), Encoding.Default.GetBytes("salt"), 1);
DK = kg.GetBytes(20);
Assert.AreEqual(DK, tv1);
byte[] tv2 = new byte[] { 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, 0xd8, 0xde, 0x89, 0x57 };
kg = new PBKDF2(Encoding.Default.GetBytes("password"), Encoding.Default.GetBytes("salt"), 2);
DK = kg.GetBytes(20);
Assert.AreEqual(DK, tv2);
byte[] tv3 = new byte[] { 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 0x65, 0xa4, 0x29, 0xc1 };
kg = new PBKDF2(Encoding.Default.GetBytes("password"), Encoding.Default.GetBytes("salt"), 4096);
DK = kg.GetBytes(20);
Assert.AreEqual(DK, tv3);
byte[] tv4 = new byte[] { 0x2f, 0x25, 0x5b, 0x3a, 0x95, 0x46, 0x3c, 0x76, 0x62, 0x1f, 0x06, 0x80, 0xa2, 0xb3, 0x35, 0xad, 0x90, 0x3b, 0x85, 0xde };
kg = new PBKDF2(Encoding.Default.GetBytes("VXFr[24c=6(D8He"), Encoding.Default.GetBytes("salt"), 1000);
DK = kg.GetBytes(20);
Assert.AreEqual(DK, tv4);
}
private void SetBip32(string passPhrase)
{
byte[] salt = Encoding.UTF8.GetBytes($"BetterMnemonic{passPhrase?.Normalize(NormalizationForm.FormKD)}");
using PBKDF2 kdf = new PBKDF2(2048, new HmacSha512());
byte[] bytes = kdf.GetBytes(entropy, salt, 64);
// Initialize BIP32 here:
SetEntropy(bytes);
}
public string hash256(USUARIO user, string password)
{
String[] pass = user.PASSWORD.Split('$');
int iter = int.Parse(pass[1]);
string salt = pass[2];
PBKDF2 hash = new PBKDF2(password, Encoding.ASCII.GetBytes(salt), iter);
return(Convert.ToBase64String(hash.GetBytes(32)));
}
private void Initialize()
{
var utf8 = new UTF8Encoding(false);
var paramz = new PBKDF2(utf8.GetBytes(password), salt, RFC2898_ITERATIONS);
KeyBytes = paramz.GetBytes(KeySizeInBytes);
IvBytes = paramz.GetBytes(KeySizeInBytes);
generatedVerifyValue = paramz.GetBytes(2);
short verify = BitConverter.ToInt16(passwordVerifyValue, 0);
if (password != null)
{
short generated = BitConverter.ToInt16(generatedVerifyValue, 0);
if (verify != generated)
{
throw new InvalidFormatException("bad password");
}
}
}
public static string GeneratePasswordHashUsingSalt_Optimized(string password, byte[] salt)
{
PBKDF2 pbkdf2 = new PBKDF2(password, salt, iterate);
byte[] hash = pbkdf2.GetBytes(20);
byte[] hashBytes = new byte[36];
Array.Copy(salt, 0, hashBytes, 0, 16);
Array.Copy(hash, 0, hashBytes, 16, 20);
var passwordHash = Convert.ToBase64String(hashBytes);
return(passwordHash);
}
public void GetBytes_ExceptionTest()
{
PBKDF2 kdf = new PBKDF2(1000, new HmacSha256());
byte[] pass = new byte[1];
byte[] salt = new byte[1];
Exception ex = Assert.Throws <ArgumentNullException>(() => kdf.GetBytes(null, salt, 32));
Assert.Contains("Password can not be null.", ex.Message);
ex = Assert.Throws <ArgumentNullException>(() => kdf.GetBytes(pass, null, 32));
Assert.Contains("Salt can not be null.", ex.Message);
ex = Assert.Throws <ArgumentOutOfRangeException>(() => kdf.GetBytes(pass, salt, -1));
Assert.Contains("Derived key length must be bigger than zero.", ex.Message);
kdf.Dispose();
ex = Assert.Throws <ObjectDisposedException>(() => kdf.GetBytes(pass, salt, 10));
Assert.Contains("Instance was disposed.", ex.Message);
}
private void SetBip32(string passPhrase)
{
byte[] password = Encoding.UTF8.GetBytes(Normalize(ToMnemonic()));
string pass = passPhrase == null ? "" : Normalize(passPhrase);
byte[] salt = Encoding.UTF8.GetBytes($"electrum{pass}");
using PBKDF2 kdf = new PBKDF2(2048, new HmacSha512());
byte[] bytes = kdf.GetBytes(password, salt, 64);
// Initialize BIP32 here:
SetEntropy(bytes);
}
internal static byte[] GenerateSaltedPassword(byte[] passwordBytes, byte[] salt, int iterations)
{
using (var pass = new PBKDF2(HMACMethod.SHA512, passwordBytes, salt, iterations))
{
return pass.GetBytes(PasswordSize);
}
}
/// <summary>
/// Return a Base64 encoded PBKDF2 password string.
/// </summary>
/// <param name="password">The plaintext password string.</param>
/// <param name="salt">The salt string.</param>
/// <returns></returns>
public static string GeneratePassword(string password, string salt) {
var input = password.Trim();
var pbk = new PBKDF2(input, salt);
var raw = pbk.GetBytes(256);
var txt = System.Text.Encoding.Default.GetString(raw);
var pwd = Convert.ToBase64String(raw);
return pwd;
}
void TestSHA512(string P, string S, int c, int dkLen, string dk)
{
byte[] dkExpected = StringToByteArray(dk);
using (var pdf = new PBKDF2(HMACMethod.SHA512, Encoding.ASCII.GetBytes(P), Encoding.ASCII.GetBytes(S), c))
{
byte[] dkBytes = pdf.GetBytes(dkLen);
if (!dkBytes.SequenceEqual(dkExpected))
{
throw new Exception();
}
}
}
public void GetBytesTest(IHmacFunction hmac, int iter, byte[] pass, byte[] salt, int len, byte[] expected)
{
using PBKDF2 kdf = new PBKDF2(iter, hmac);
byte[] actual = kdf.GetBytes(pass, salt, len);
Assert.Equal(expected, actual);
}
/// <summary>
/// Implements a <see cref="PBKDF2"/> algorthim with a user definded MAC method.
/// </summary>
/// <param name="method">the HMAC method to use.</param>
/// <param name="password">the password to use</param>
/// <param name="salt">the salt. Must be at least 64-bit</param>
/// <param name="iterations">the number of iterations. Must be at least 1000</param>
/// <param name="length">the number of bytes to return</param>
/// <returns>
/// A salted password based on the specified length.
/// </returns>
public static byte[] ComputeSaltedPassword(HMACMethod method, byte[] password, byte[] salt, int iterations, int length)
{
using (var kdf = new PBKDF2(method, password, salt, iterations))
{
return kdf.GetBytes(length);
}
}
public string generarContraseña(string pass)
{
string algor = "pbkdf2_sha256";
int iteraciones = 180000;
string salt = this.RandomString(12);
PBKDF2 hash = new PBKDF2(pass, Encoding.ASCII.GetBytes(salt), iteraciones);
return(algor + "$" + iteraciones + "$" + salt + "$" + Convert.ToBase64String(hash.GetBytes(32)));
}