public static string GetSeedStringFromPasswordBasedBackup(byte[] passwordKeyHash, SignInPasswordBasedBackup passwordBasedBackup)
{
var salt = Convert.FromBase64String(passwordBasedBackup.PasswordBasedEncryptionKeySalt);
var info = Utils.FillOddsWithZeros(Encoding.ASCII.GetBytes("password-based-encryption"));
var passwordBasedEncryptionKey = new Hkdf().DeriveKey(salt, passwordKeyHash, info, 32);
var aesgcm = new AesGcm(passwordBasedEncryptionKey);
var ciphertext = Convert.FromBase64String(passwordBasedBackup.PasswordEncryptedSeed);
var ivStartIndex = ciphertext.Length - RECOMMENDED_IV_BYTE_SIZE;
var atStartIndex = ciphertext.Length - RECOMMENDED_IV_BYTE_SIZE - RECOMMENDED_AUTHENTICATION_TAG_LENGTH;
var ciphertextArrayBuffer = ciphertext.Take(atStartIndex).ToArray();
var iv = new byte[RECOMMENDED_IV_BYTE_SIZE];
var at = new byte[RECOMMENDED_AUTHENTICATION_TAG_LENGTH];
Array.Copy(ciphertext, ivStartIndex, iv, 0, RECOMMENDED_IV_BYTE_SIZE);
Array.Copy(ciphertext, atStartIndex, at, 0, RECOMMENDED_AUTHENTICATION_TAG_LENGTH);
var plaintextBuffer = new byte[ciphertextArrayBuffer.Length];
aesgcm.Decrypt(iv, ciphertextArrayBuffer, at, plaintextBuffer);
var seedStringFromBackup = Convert.ToBase64String(plaintextBuffer);
return(seedStringFromBackup);
}
public static string GetPasswordToken(string passwordhash, byte[] salt)
{
var ikm = Utils.FillOddsWithZeros(Encoding.ASCII.GetBytes(passwordhash));
var info = Utils.FillOddsWithZeros(Encoding.ASCII.GetBytes("password-token"));
//var salt = Convert.FromBase64String(salts.PasswordTokenSalt);
var passwordToken = new Hkdf().DeriveKey(salt, ikm, info, 32);
return(Convert.ToBase64String(passwordToken));
}
