| | 1 | | using System; |
| | 2 | | using System.Collections.Generic; |
| | 3 | | using System.Globalization; |
| | 4 | | using System.Security.Cryptography; |
| | 5 | | using MediaBrowser.Model.Cryptography; |
| | 6 | | using static MediaBrowser.Model.Cryptography.Constants; |
| | 7 | |
|
| | 8 | | namespace Emby.Server.Implementations.Cryptography |
| | 9 | | { |
| | 10 | | /// <summary> |
| | 11 | | /// Class providing abstractions over cryptographic functions. |
| | 12 | | /// </summary> |
| | 13 | | public class CryptographyProvider : ICryptoProvider |
| | 14 | | { |
| | 15 | | /// <inheritdoc /> |
| 2 | 16 | | public string DefaultHashMethod => "PBKDF2-SHA512"; |
| | 17 | |
|
| | 18 | | /// <inheritdoc /> |
| | 19 | | public PasswordHash CreatePasswordHash(ReadOnlySpan<char> password) |
| | 20 | | { |
| 2 | 21 | | byte[] salt = GenerateSalt(); |
| 2 | 22 | | return new PasswordHash( |
| 2 | 23 | | DefaultHashMethod, |
| 2 | 24 | | Rfc2898DeriveBytes.Pbkdf2( |
| 2 | 25 | | password, |
| 2 | 26 | | salt, |
| 2 | 27 | | DefaultIterations, |
| 2 | 28 | | HashAlgorithmName.SHA512, |
| 2 | 29 | | DefaultOutputLength), |
| 2 | 30 | | salt, |
| 2 | 31 | | new Dictionary<string, string> |
| 2 | 32 | | { |
| 2 | 33 | | { "iterations", DefaultIterations.ToString(CultureInfo.InvariantCulture) } |
| 2 | 34 | | }); |
| | 35 | | } |
| | 36 | |
|
| | 37 | | /// <inheritdoc /> |
| | 38 | | public bool Verify(PasswordHash hash, ReadOnlySpan<char> password) |
| | 39 | | { |
| 0 | 40 | | if (string.Equals(hash.Id, "PBKDF2", StringComparison.Ordinal)) |
| | 41 | | { |
| 0 | 42 | | return hash.Hash.SequenceEqual( |
| 0 | 43 | | Rfc2898DeriveBytes.Pbkdf2( |
| 0 | 44 | | password, |
| 0 | 45 | | hash.Salt, |
| 0 | 46 | | int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture), |
| 0 | 47 | | HashAlgorithmName.SHA1, |
| 0 | 48 | | 32)); |
| | 49 | | } |
| | 50 | |
|
| 0 | 51 | | if (string.Equals(hash.Id, "PBKDF2-SHA512", StringComparison.Ordinal)) |
| | 52 | | { |
| 0 | 53 | | return hash.Hash.SequenceEqual( |
| 0 | 54 | | Rfc2898DeriveBytes.Pbkdf2( |
| 0 | 55 | | password, |
| 0 | 56 | | hash.Salt, |
| 0 | 57 | | int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture), |
| 0 | 58 | | HashAlgorithmName.SHA512, |
| 0 | 59 | | DefaultOutputLength)); |
| | 60 | | } |
| | 61 | |
|
| 0 | 62 | | throw new NotSupportedException($"Can't verify hash with id: {hash.Id}"); |
| | 63 | | } |
| | 64 | |
|
| | 65 | | /// <inheritdoc /> |
| | 66 | | public byte[] GenerateSalt() |
| 2 | 67 | | => GenerateSalt(DefaultSaltLength); |
| | 68 | |
|
| | 69 | | /// <inheritdoc /> |
| | 70 | | public byte[] GenerateSalt(int length) |
| | 71 | | { |
| 2 | 72 | | var salt = new byte[length]; |
| 2 | 73 | | using var rng = RandomNumberGenerator.Create(); |
| 2 | 74 | | rng.GetNonZeroBytes(salt); |
| 2 | 75 | | return salt; |
| 2 | 76 | | } |
| | 77 | | } |
| | 78 | | } |