예제 #1
0
 protected override HashedPassword DoComputeHash(PasswordFamily family, SecureBuffer password, IPasswordHashingOptions options)
 {
     return(new HashedPassword(Name, family)
     {
         { "h", Convert.ToBase64String(password.Content) }
     });
 }
예제 #2
0
        public int CalculateStrenghtPercent(PasswordFamily family, SecureBuffer password, int maxScore = 0)
        {
            if (maxScore <= 0)
            {
                maxScore = TOP_SCORE_NORMAL;
            }
            var score  = DoCalculateStrenghtScore(family, password);
            var result = (int)(100d * (score / (double)maxScore));

            return(result > 100 ? 100 : result);
        }
예제 #3
0
 public int CalculateStrenghtScore(PasswordFamily family, SecureBuffer password)
 {
     if (password == null)
     {
         throw new SecurityException(StringConsts.ARGUMENT_ERROR + "DefaultPasswordManager.CalculateStrenghtScore(password==null)");
     }
     if (!password.IsSealed)
     {
         throw new SecurityException(StringConsts.ARGUMENT_ERROR + "DefaultPasswordManager.CalculateStrenghtScore(!password.IsSealed)");
     }
     CheckDaemonActive();
     return(DoCalculateStrenghtScore(family, password));
 }
예제 #4
0
        public HashedPassword ComputeHash(PasswordFamily family, SecureBuffer password)
        {
            if (password == null)
            {
                throw new SecurityException(StringConsts.ARGUMENT_ERROR + "PasswordManager.ComputeHash(password==null)");
            }
            if (!password.IsSealed)
            {
                throw new SecurityException(StringConsts.ARGUMENT_ERROR + "PasswordManager.ComputeHash(!password.IsSealed)");
            }

            CheckDaemonActive();

            return(DoComputeHash(family, password));
        }
예제 #5
0
        public HashedPassword ComputeHash(PasswordFamily family, SecureBuffer password, PasswordStrengthLevel level = PasswordStrengthLevel.Default)
        {
            if (password == null)
            {
                throw new SecurityException(StringConsts.ARGUMENT_ERROR + "DefaultPasswordManager.ComputeHash(password==null)");
            }
            if (!password.IsSealed)
            {
                throw new SecurityException(StringConsts.ARGUMENT_ERROR + "DefaultPasswordManager.ComputeHash(!password.IsSealed)");
            }

            CheckDaemonActive();

            return(DoComputeHash(family, password, level == PasswordStrengthLevel.Default ? DefaultStrengthLevel : level));
        }
예제 #6
0
        public bool Verify(SecureBuffer password, HashedPassword hash, out bool needRehash)
        {
            if (password == null || hash == null)
            {
                throw new SecurityException(StringConsts.ARGUMENT_ERROR + "PasswordManager.Verify((password|hash)==null)");
            }
            if (!password.IsSealed)
            {
                throw new SecurityException(StringConsts.ARGUMENT_ERROR + "PasswordManager.Verify(!password.IsSealed)");
            }

            needRehash = false;
            if (!Running)
            {
                return(false);
            }

            return(DoVerify(password, hash, out needRehash));
        }
예제 #7
0
        protected override HashedPassword DoComputeHash(PasswordFamily family, SecureBuffer password, MD5PasswordHashingOptions options)
        {
            using (var md5 = new System.Security.Cryptography.MD5CryptoServiceProvider())
            {
                var content       = password.Content;
                var contentLength = content.Length;
                var salt          = options.Salt;
                var buffer        = new byte[contentLength + salt.Length];
                Array.Copy(content, buffer, contentLength);
                Array.Copy(salt, 0, buffer, contentLength, salt.Length);
                var hash = md5.ComputeHash(buffer);
                Array.Clear(buffer, 0, buffer.Length);

                return(new HashedPassword(Name, family)
                {
                    { "hash", Convert.ToBase64String(hash) },
                    { "salt", Convert.ToBase64String(salt) }
                });
            }
        }
예제 #8
0
        protected override HashedPassword DoComputeHash(PasswordFamily family, SecureBuffer password, PBKDF2PasswordHashingOptions options)
        {
            var salt    = options.Salt;
            var content = password.Content;

            var iterations = getIterations();

            //https://stackoverflow.com/questions/18648084/rfc2898-pbkdf2-with-sha256-as-digest-in-c-sharp
            var hash = PlatformAbstractionLayer.Cryptography.ComputePBKDF2(content, salt, HASH_LENGTH_BYTES, iterations, HashAlgorithmName.SHA256);

            var pwd = new HashedPassword(Name, family)
            {
                { "h", hash.ToWebSafeBase64() },
                { "s", salt.ToWebSafeBase64() }
            };

            Array.Clear(hash, 0, hash.Length);

            return(pwd);
        }
예제 #9
0
        protected virtual bool DoVerify(SecureBuffer password, HashedPassword hash, out bool needRehash)
        {
            needRehash = false;
            var algo = m_Algorithms[hash.AlgoName];

            if (algo == null)
            {
                return(false);
            }

            bool need = false;

            if (!algo.Verify(password, hash, out need))
            {
                return(false);
            }

            needRehash = !algo.IsDefault || need;
            return(true);
        }
예제 #10
0
        /// <summary>
        /// Obtains an unsecured string password as SecureBuffer.
        /// Note: The IDPasswordCredentials class is purposely designed to store password as plain text.
        /// This is needed for simple cases and HTTP application where login credentials are posted via plain text anyway
        /// </summary>
        public static SecureBuffer PlainPasswordToSecureBuffer(string password)
        {
            SecureBuffer buffer;

            if (password.IsNullOrEmpty())
            {
                buffer = new SecureBuffer(0);
            }
            else
            {
                var bytes = Encoding.UTF8.GetBytes(password);
                buffer = new SecureBuffer(bytes.Length);
                foreach (var b in bytes)
                {
                    buffer.Push(b);
                }
                Array.Clear(bytes, 0, bytes.Length);
            }
            buffer.Seal();
            return(buffer);
        }
예제 #11
0
        protected virtual HashedPassword DoComputeHash(PasswordFamily family, SecureBuffer password, PasswordStrengthLevel level)
        {
            var algoFamily = m_Algorithms.Where(al => al.Match(family));

            if (!algoFamily.Any())
            {
                throw new SecurityException(GetType().Name + ".DoComputeHash(family!match)");
            }
            var algs = algoFamily.Where(al => al.StrengthLevel == level);

            if (!algs.Any())
            {
                algs = algoFamily.Where(al => al.StrengthLevel > level).OrderBy(al => al.StrengthLevel);
            }
            if (!algs.Any())
            {
                algs = algoFamily;
            }
            var algo = algs.FirstOrDefault(al => al.IsDefault) ?? algs.First();

            return(algo.ComputeHash(family, password));
        }
예제 #12
0
 protected abstract bool DoVerify(SecureBuffer password, HashedPassword hash, out bool needRehash);
예제 #13
0
 protected abstract HashedPassword DoComputeHash(PasswordFamily family, SecureBuffer password);
예제 #14
0
        protected virtual int DoCalculateStrenghtScore(PasswordFamily family, SecureBuffer password)
        {
            var chars = Encoding.UTF8.GetChars(password.Content);

            if (chars.Length == 0)
            {
                return(0);
            }

            try
            {
                var begin = Array.FindIndex(chars, c => !Char.IsWhiteSpace(c));
                if (begin < 0)
                {
                    return(0);
                }
                if (chars.Length == begin)
                {
                    return(0);
                }
                var end = Array.FindLastIndex(chars, c => !Char.IsWhiteSpace(c)) + 1;

                var score = (end - begin) * CREDIT_CHAR_PRESENT;
                if (score == 0)
                {
                    return(0);
                }

                var wasUpper  = false;
                var wasLower  = false;
                var wasDigit  = false;
                var wasSymbol = false;

                char pc = (char)0;
                for (var i = begin; i < end; i++)
                {
                    var c = chars[i];

                    if (Char.IsUpper(c))
                    {
                        wasUpper = true;
                    }
                    if (Char.IsLower(c))
                    {
                        wasLower = true;
                    }
                    if (Char.IsDigit(c))
                    {
                        wasDigit = true;
                    }
                    if (isSymbol(c))
                    {
                        wasSymbol = true;
                    }

                    if (i > 0 &&
                        (Char.IsUpper(c) != Char.IsUpper(pc) ||
                         Char.IsDigit(c) != Char.IsDigit(pc) ||
                         isSymbol(c) != isSymbol(pc)))
                    {
                        score += CREDIT_TYPE_TRANSITION;
                    }

                    if (c == pc)
                    {
                        score -= DEBIT_CHAR_REPEAT;
                    }

                    if (Math.Abs(c - pc) == 1)
                    {
                        score -= DEBIT_ADJACENT_CHAR;
                    }
                    pc       = c;
                    chars[i] = Char.ToLowerInvariant(c);
                }

                if (wasUpper && wasLower)
                {
                    score += CREDIT_CASE_MIX;
                }
                if (wasDigit && (wasUpper || wasLower || wasSymbol))
                {
                    score += CREDIT_DIGIT_MIX;
                }
                if (wasSymbol)
                {
                    score += CREDIT_SYMBOL_MIX;
                }

                for (var i = 0; i < DEFAULT_COMMON_WORDS.Length; i++)
                {
                    var commonChars = DEFAULT_COMMON_WORDS[i].ToCharArray();
                    var from        = begin;
                    while ((from = Array.IndexOf(chars, commonChars[0], from)) >= 0)
                    {
                        var find = true;
                        var j    = 0;
                        for (; j < commonChars.Length && from + j < chars.Length; j++)
                        {
                            if (chars[from + j] != commonChars[j])
                            {
                                find = false;
                                break;
                            }
                        }

                        if (find && j == commonChars.Length)
                        {
                            score -= DEBIT_COMMON_WORD;
                        }
                        from++;
                    }
                }

                return(score < 0 ? 0 : score);
            }
            finally
            {
                Array.Clear(chars, 0, chars.Length);
            }
        }