public static void GetPasswordHash(string password, out byte[] passwordSalt, out byte[] passwordHash)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
}
}
internal static string Hash(string value, string key)
{
if (String.IsNullOrWhiteSpace(value)) throw new ArgumentNullException("value");
if (String.IsNullOrWhiteSpace(key)) throw new ArgumentNullException("key");
var valueBytes = System.Text.Encoding.UTF8.GetBytes(key);
var keyBytes = System.Text.Encoding.UTF8.GetBytes(key);
var alg = new System.Security.Cryptography.HMACSHA512(keyBytes);
var hash = alg.ComputeHash(valueBytes);
var result = Crypto.BinaryToHex(hash);
return result;
}
public override void AuthenticatePostRequest(HttpWebRequest request, string messageBody)
{
doAuthentication(request);
#if TEMP_FIX
// _dch temp fix for temp keys not being able to POST content
Nonce nonce = _nonceClient.GetNonce("PsaonlV2MnSheEd4QXub");
var key = System.Text.Encoding.UTF8.GetBytes("E0sNkz0TbcmlNXSrXknLPi0Npn0fuVMGOguUTjfx");
var messageBytes = System.Text.Encoding.UTF8.GetBytes(nonce.NonceValue);
var hmacsha512 = new System.Security.Cryptography.HMACSHA512(key);
var signedValue = hmacsha512.ComputeHash(messageBytes);
this.WriteAuthenticationHeader(request, nonce.POSTAuthenticationHeaderValue("PsaonlV2MnSheEd4QXub", Convert.ToBase64String(signedValue)));
#endif
}
private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
var computeHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computeHash.Length; i++)
{
if (computeHash[i] != passwordHash[i])
{
return(false);
}
}
}
return(true);
}
private string CalculateHmac(string signature)
{
string encodedKey = Configuration.AuthenticationKey;
while (encodedKey.Length % 4 != 0)
{
encodedKey += "=";
}
byte[] keyBytes = System.Convert.FromBase64String(encodedKey);
using (var hmac = new System.Security.Cryptography.HMACSHA512(keyBytes))
{
byte[] signatureBytes = System.Text.Encoding.UTF8.GetBytes(signature);
byte[] hashBytes = hmac.ComputeHash(signatureBytes);
return(System.Convert.ToBase64String(hashBytes));
}
}
// private helper methods
private static void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
{
if (password == null)
{
throw new ArgumentNullException("password");
}
if (string.IsNullOrWhiteSpace(password))
{
throw new ArgumentException("Value cannot be empty or whitespace only string.", "password");
}
using (var hmac = new System.Security.Cryptography.HMACSHA512()) {
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
}
}
// la clé de cryptage est passée pour contrôler
private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt)){
//transorme chq caractère de password en crypté
var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computedHash.Length; i++)
{
//comparer chq caractère du tableau de byte
if (computedHash[i] != passwordHash[i])
{
return(false);
}
}
return(true);
}
}
private bool passwordChecks(User user, string password)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(user.PasswordSalt))
{
var calcPassword = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < calcPassword.Length; i++)
{
if (calcPassword[i] != user.PasswordHash[i])
{
return(false);
}
}
}
return(true);
}
private bool VerificarPassword(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt)){
var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(password)); //gera o hash usando o key armazenado
//Verificação do array do hash
for (int i = 0; i < hash.Length; i++)
{
if (hash[i] != passwordHash[i])
{
return(false);
}
}
}
return(true);
}
public static bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt) //kullanıcının verdiği şifrenin hashının bizim hash ile eşleşip eşleşmediğini ontrol ettiğimiz yer
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != passwordHash[i])
{
return(false);
}
}
}
return(true);
}
private bool VarifyHashPassword(string password, byte[] userPasswordHash, byte[] userPasswordKey)
{
using (var hashMap = new System.Security.Cryptography.HMACSHA512(userPasswordKey))
{
var computedPasswordHash = hashMap.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computedPasswordHash.Length; i++)
{
if (userPasswordHash[i] != computedPasswordHash[i])
{
return(false);
}
}
}
return(true);
}
private bool VerifyPasswordHash(string password, SaltyHash saltyHash)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(saltyHash.salt))
{
var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (var x = 0; x < saltyHash.hash.Length; x++)
{
if (computedHash[x] != saltyHash.hash[x])
{
return(false);
}
}
}
return(true);
}
public bool IsPassword(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hashedPasswordFromDb = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
var enteredPasswordHash = hashedPasswordFromDb.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < enteredPasswordHash.Length; i++)
{
if (passwordHash[i] != enteredPasswordHash[i])
{
return(false);
}
}
}
return(true);
}
//sonrada sisteme girmek isteyen kişinin verdiği password'un ,
//bizim veritabanındaki passwordHash ile ilgli passwordSalt'a göre eşleşip eşleşmediğini verdiğmiz metot:
public static bool VerifyPasswordHash
(string password, byte[] passwordHash, byte[] passwordSalt) // pass işini doğrula
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(password)); //oluşan array byte array dir. //hesaplanan hash salt kullanarak yapılıyor.
for (int i = 0; i < computedHash.Length; i++) // iki arrayin değerleri aynı mı, hesaplanan hash in tüm değerlerini tek tek dolaş
{
if (computedHash[i] != passwordHash[i]) //ikisi karşılaştırılıyor
{
return(false); //eşleşmezse
}
}
return(true); //eşleşirse
}
}
public static bool VerifyPasswordHash(string sifre, byte[] sifrele, byte[] sifrecoz)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(sifrecoz))
{
var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(sifre));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != sifrele[i])
{
return(false);
}
}
}
return(true);
}
private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt)){
//aqui arriba se le pone la key del passwordsalt y con esa key se generara un passwordhash aqui abajo
//se tendra que comparar el passwordhash de aqui abajo con el que esta guardado con el usuario para saber si es la contraseña correcta
var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != passwordHash[i])
{
return(false);
}
}
}
return(true);
}
internal bool VerifyPasswordHash(string strPassword, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
var strComputedPassword = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(strPassword));
for (int i = 0; i < strComputedPassword.Length; i++)
{
if (passwordHash[i] != strComputedPassword[i])
{
return(false);
}
}
}
return(true);
}
public static bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt) //şifre esleşirse true eslesmezse flase
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt)) //bunları ezberlemene gerek yok
//burada sana kullandıgın key anahtarını soruyor
{
var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(password)); //burada hesaplanan hash bu salt hesaplanarak yapılıyor
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != passwordHash[i])
{
return(false); //eşleşmezse false
}
}
}
return(true); //eşleşirse true
}
private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
//Anything in here will be disposed of once we're done using it
var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i > computedHash.Length; i++)
{
if (computedHash[i] != passwordHash[1])
{
return(false);
}
}
}
return(true);
}
private static void CreatePasswordHash(string wachtwoord, out byte[] wachtwoordHash, out byte[] wachtwoordSalt)
{
if (wachtwoord == null)
{
throw new ArgumentNullException("wachtwoord");
}
if (string.IsNullOrWhiteSpace(wachtwoord))
{
throw new ArgumentException("Value mag niet leeg zijn", "wachtwoord");
}
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
wachtwoordSalt = hmac.Key;
wachtwoordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(wachtwoord));
}
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, DataContext dataContext)
{
dataContext.Database.Migrate();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseCors(x => x
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
bool defaultUserExists = dataContext.Users.Any(e => e.Username.Equals("PotatoDotJar"));
if (!defaultUserExists)
{
Debug.WriteLine("Creating new default user.");
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
byte[] passwordSalt = hmac.Key;
byte[] passwordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes("Abcd1234"));
dataContext.Users.Add(new User()
{
FirstName = "John",
LastName = "Doe",
Username = "******",
PasswordHash = passwordHash,
PasswordSalt = passwordSalt
});
dataContext.SaveChanges();
}
}
}
private bool VerifyHashPassword(string password, User user)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(user.PasswordSalt))
{
var inputPasswordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < user.PasswordHash.Length; i++)
{
if (inputPasswordHash[i] != user.PasswordHash[i])
{
bool blnresult = false;
return(blnresult);
}
}
return(true);
}
}
/// <summary>
/// Băm password
/// </summary>
/// <param name="password">password dạng string</param>
/// <param name="passwordHash">password được băm</param>
/// <param name="passwordSalt">key để giải mã</param>
private void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
{
if (password == null)
{
throw new ArgumentNullException("password");
}
if (string.IsNullOrWhiteSpace(password))
{
throw new ArgumentException("Password không thể trống hoặc chỉ chứa khoảng trắng.", "password");
}
// băm sử dụng thuật toán PBKDF2
// thêm một chuỗi byte ngẫu nhiên vào mật khẩu của người dùng tránh trường hợp trùng email password
using var hmac = new System.Security.Cryptography.HMACSHA512();
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
}
private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password)); // password user dijadikan hash
for (int i = 0; i < computedHash.Length; i++) // cek setiap karakter password hash
{
if (computedHash[i] != passwordHash[i]) // jika computed hash tidak cocok dengan passwordHast(yang ada di database)
{
return(false); // jika tidak cocok return false
}
}
return(true);
}
}
private void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
{
if (password == null)
{
throw new ArgumentNullException("password");
}
if (string.IsNullOrWhiteSpace(password))
{
throw new ArgumentException("Se debe proporcionar un valor.", "password");
}
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
}
}
public bool AdminLogin2(AdminDto admindto)
{
using (var crypto = new System.Security.Cryptography.HMACSHA512())
{
byte[] username = crypto.ComputeHash(Encoding.UTF8.GetBytes(admindto.UserName));
var admin = _adminService2.GetList();
foreach (var item in admin)
{
if (HashingHelper.VerifyPasswordHash(admindto.Password, admindto.UserName,
item.AdminPasswordHash, item.AdminUserName, item.AdminPasswordSalt))
{
return(true);
}
}
return(false);
}
}
private bool verifyPassword(string password, byte [] PasswordHash, byte [] PasswordSalt)
{
using (var hash = new System.Security.Cryptography.HMACSHA512(PasswordSalt))
{
var Generate_password = hash.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < Generate_password.Length; i++)
{
if (PasswordHash[i] != Generate_password[i])
{
return(false);
}
}
}
return(true);
}
private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt)) // convert passwordSalt back to hmac which is then used to generated computedHash
{
var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != passwordHash[i])
{
return(false);
}
}
}
return(true); // passwords match
}
private PasswordModel CreatePasswordHash(string password)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
var result = new PasswordModel();
// random key generated from hmac hash algo
result.PasswordSalt = Convert.ToBase64String(hmac.Key);
// Hash bytes of password
// (Computes / hashes password with key generated on HMACSHA512 construction)
var hashBytes = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
result.PasswordHash = Convert.ToBase64String((hashBytes));
return(result);
}
}
// private helper methods
private static void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
{
if (password == null)
{
throw new ArgumentNullException("password");
}
if (string.IsNullOrWhiteSpace(password))
{
throw new ArgumentException("El campo no puede estar vacio o contener espacios.", "password");
}
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
}
}
private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
//passwordSalt is the key we are passing
//we'll compare the two hashes, if the hashes match --> password is correct
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != passwordHash[i])
{
return(false);
}
}
}
return(true);
}
public static bool VerifyHashedPasswordByCSHA512(string password, byte[] hashedPassword, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
byte[] computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < hashedPassword.Length; i++)
{
if (hashedPassword[i] != computedHash[i])
{
return(false);
}
}
return(true);
}
}
public virtual bool Verify(string password, string storedPassword)
{
if (string.IsNullOrWhiteSpace(password))
{
throw new ArgumentNullException(nameof(password));
}
using (var hmac = new System.Security.Cryptography.HMACSHA512(ApplicationSettings.Salt))
{
var hashedPassword = hmac
.ComputeHash(Encoding.UTF8.GetBytes(password));
return(storedPassword.Equals(
Convert.ToBase64String(hashedPassword),
StringComparison.InvariantCultureIgnoreCase));
}
}
private void CompareBlocks(HmacAlg Algorithm)
{
if (Algorithm == HmacAlg.Sha256Hmac)
{
byte[] hashKey = new byte[32];
byte[] buffer = new byte[640];
byte[] hash1 = new byte[32];
byte[] hash2 = new byte[32];
using (System.Security.Cryptography.RNGCryptoServiceProvider rng = new System.Security.Cryptography.RNGCryptoServiceProvider())
{
rng.GetBytes(hashKey);
rng.GetBytes(buffer);
}
using (System.Security.Cryptography.HMACSHA256 hmac = new System.Security.Cryptography.HMACSHA256(hashKey))
hash1 = hmac.ComputeHash(buffer);
// test 1: HMAC interface
HMAC hmac1 = new HMAC(new SHA256Digest());
hmac1.Init(hashKey);
hmac1.BlockUpdate(buffer, 0, buffer.Length);
hmac1.DoFinal(hash2, 0);
if (!Compare.AreEqual(hash2, hash1))
throw new Exception("hmac is not equal!");
// test 2: class with dofinal
using (SHA256HMAC hmac = new SHA256HMAC())
{
hmac.Init(hashKey);
hmac.BlockUpdate(buffer, 0, buffer.Length);
hmac.DoFinal(hash2, 0);
}
if (!Compare.AreEqual(hash2, hash1))
throw new Exception("hmac1 is not equal!");
// test 3: class with computemac
using (SHA256HMAC hmac = new SHA256HMAC(hashKey))
hash2 = hmac.ComputeMac(buffer);
if (!Compare.AreEqual(hash2, hash1))
throw new Exception("hmac2 is not equal!");
}
else
{
// SHA512 //
byte[] hash1 = new byte[64];
byte[] hash2 = new byte[64];
byte[] hashKey = new byte[64];
byte[] buffer = new byte[128];
using (System.Security.Cryptography.RNGCryptoServiceProvider rng = new System.Security.Cryptography.RNGCryptoServiceProvider())
{
rng.GetBytes(hashKey);
rng.GetBytes(buffer);
}
using (System.Security.Cryptography.HMACSHA512 hmac = new System.Security.Cryptography.HMACSHA512(hashKey))
hash1 = hmac.ComputeHash(buffer);
// test 1: HMAC interface
HMAC hmac1 = new HMAC(new SHA512Digest());
hmac1.Init(hashKey);
hmac1.BlockUpdate(buffer, 0, buffer.Length);
hmac1.DoFinal(hash2, 0);
if (!Compare.AreEqual(hash2, hash1))
throw new Exception("hmac1 is not equal!");
// test 2: class with dofinal
using (SHA512HMAC hmac = new SHA512HMAC())
{
hmac.Init(hashKey);
hmac.BlockUpdate(buffer, 0, buffer.Length);
hmac.DoFinal(hash2, 0);
}
if (!Compare.AreEqual(hash2, hash1))
throw new Exception("hmac1 is not equal!");
// test 3: class with computemac
using (SHA512HMAC hmac = new SHA512HMAC(hashKey))
hash2 = hmac.ComputeMac(buffer);
if (!Compare.AreEqual(hash2, hash1))
throw new Exception("hmac2 is not equal!");
}
}
protected static string GetBase64HMAC(byte[] key, System.IO.MemoryStream stream)
{
System.Security.Cryptography.HMACSHA512 hmac = new System.Security.Cryptography.HMACSHA512(key);
string ret = Convert.ToBase64String(hmac.ComputeHash(stream.ToArray()));
stream.Seek(0, System.IO.SeekOrigin.Begin);
return ret;
}
public static HttpWebRequest SignRequest(this HttpWebRequest req, string pData, string singingKey)
{
string nonce = new Random().Next(Int16.MaxValue, Int32.MaxValue).ToString("X", System.Globalization.CultureInfo.InvariantCulture);
string timeStamp = DateTime.UtcNow.ToUnixTimeStamp().ToString();
// Create the base string. This is the string that will be hashed for the signature.
Dictionary<string, string> param = new Dictionary<string, string>();
param.Add("oauth_nonce", nonce);
param.Add("oauth_signature_method", "HMAC-SHA512");
param.Add("oauth_timestamp", timeStamp);
pData += req.RequestUri.Query;
foreach (string kv in pData.Replace("?", "&").Split('&'))
{
string[] akv = kv.Split('=');
if (akv.Length == 2)
{
param.Add(akv[0], akv[1].PercentDecode());
}
}
StringBuilder sParam = new StringBuilder(); ;
foreach (KeyValuePair<string, string> p in param.OrderBy(k => k.Key))
{
if (sParam.Length > 0)
sParam.Append("&");
sParam.AppendFormat("{0}={1}", p.Key.PercentEncode(), p.Value.PercentEncode());
}
string url = req.RequestUri.AbsoluteUri;
if (!string.IsNullOrEmpty(req.RequestUri.Query))
{
url = url.Replace(req.RequestUri.Query, "");
}
string signatureBaseString
= string.Format("{0}&{1}&{2}",
req.Method.ToUpper(),
url.PercentEncode(),
sParam.ToString().PercentEncode()
);
// Generate the hash
System.Security.Cryptography.HMACSHA512 hmacsha512 = new System.Security.Cryptography.HMACSHA512(Encoding.UTF8.GetBytes(singingKey));
byte[] signatureBytes = hmacsha512.ComputeHash(Encoding.UTF8.GetBytes(signatureBaseString));
string signature = Convert.ToBase64String(signatureBytes).PercentEncode();
req.Headers.Add("oauth_nonce", nonce);
req.Headers.Add("oauth_signature_method", "HMAC-SHA512");
req.Headers.Add("oauth_timestamp", timeStamp);
req.Headers.Add("oauth_signature", signature);
req.ContentType = "application/x-www-form-urlencoded";
return req;
}
static byte[] Sign(byte[] signingKey, byte[] message)
{
var hmac = new System.Security.Cryptography.HMACSHA512(signingKey);
var hash = hmac.ComputeHash(message);
return hash;
}
private void HashPassword(string Password, out byte[] passwordSalt, out byte[] passwordHash)
{
if (Password == null) throw new ArgumentNullException("Password");
if (string.IsNullOrWhiteSpace(Password) || string.IsNullOrEmpty(Password)) throw new ArgumentException("Value cannot be empty or null", "Password");
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Password));
}
}
private bool VerifyPassword(string Password, byte[] storedSalt, byte[] storedHash)
{
if (Password == null) throw new ArgumentNullException("Password");
if (string.IsNullOrWhiteSpace(Password) || string.IsNullOrEmpty(Password)) throw new ArgumentException("Value cannot be empty or null", "Password");
if (storedSalt.Length != 128) throw new ArgumentException("Invalid salt size (64 bytes expected)", "passwordSalt");
if (storedHash.Length != 64) throw new ArgumentException("Invalid hash size (128 bytes expected)", "passwordHash");
using (var hmac = new System.Security.Cryptography.HMACSHA512(storedSalt))
{
var computed = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Password));
return computed.SequenceEqual(storedHash);
}
}
public void Authenticate(string user, string base64HMAC, byte[] nonce, System.IO.MemoryStream stream)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
if (!users.ContainsKey(user))
{
Logger.Error("Someone tried to login with username " + user);
throw new System.Security.SecurityException("Invalid authentication. Check your username and password.");
}
string password = users[user].Password;
byte[] key = new System.Security.Cryptography.Rfc2898DeriveBytes(password, nonce, 997).GetBytes(64);
System.Security.Cryptography.HMACSHA512 hmac = new System.Security.Cryptography.HMACSHA512(key);
string computedBase64HMAC = Convert.ToBase64String(hmac.ComputeHash(stream.ToArray()));
stream.Seek(0, System.IO.SeekOrigin.Begin);
if (base64HMAC == computedBase64HMAC)
{
if (users[user].LastConnect < DateTime.Now - new TimeSpan(0, 10, 0))
Logger.Info("User " + user + " authenticated.");
users[user].SetUserConnected();
System.Threading.Thread.CurrentPrincipal = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(user), new string[] { USER_ROLE });
}
else
{
Logger.Error("User " + user + " failed to authenticate.");
throw new System.Security.SecurityException("Invalid authentication. Check your username and password.");
}
}
}
