src/IOL.Helpers/PasswordHelpers.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using Microsoft.AspNetCore.Cryptography.KeyDerivation;

namespace IOL.Helpers
{
	public static class PasswordHelper
	{
		private const int ITERATION_COUNT = 10000;
		private const int SALT_SIZE = 128 / 8;
		private const KeyDerivationPrf PRF = KeyDerivationPrf.HMACSHA256;

		public static string HashPassword(string value) {
			using var rng = RandomNumberGenerator.Create();
			var salt = new byte[SALT_SIZE];
			rng.GetBytes(salt);
			var subkey = KeyDerivation.Pbkdf2(value, salt, PRF, ITERATION_COUNT, 256 / 8);
			var outputBytes = new byte[13 + salt.Length + subkey.Length];
			WriteNetworkByteOrder(outputBytes, 1, (uint) PRF);
			WriteNetworkByteOrder(outputBytes, 5, (uint) ITERATION_COUNT);
			WriteNetworkByteOrder(outputBytes, 9, (uint) SALT_SIZE);
			Buffer.BlockCopy(salt, 0, outputBytes, 13, salt.Length);
			Buffer.BlockCopy(subkey, 0, outputBytes, 13 + SALT_SIZE, subkey.Length);
			return Convert.ToBase64String(outputBytes);
		}

		public static bool Verify(string password, string hashedPassword) {
			var decodedHashedPassword = Convert.FromBase64String(hashedPassword);
			if (decodedHashedPassword.Length == 0) return false;
			try {
				// Read header information
				var networkByteOrder = (KeyDerivationPrf) ReadNetworkByteOrder(decodedHashedPassword, 1);
				var saltLength = (int) ReadNetworkByteOrder(decodedHashedPassword, 9);

				// Read the salt: must be >= 128 bits
				if (saltLength < SALT_SIZE) return false;
				var salt = new byte[saltLength];
				Buffer.BlockCopy(decodedHashedPassword, 13, salt, 0, salt.Length);

				// Read the subkey (the rest of the payload): must be >= 128 bits
				var subkeyLength = decodedHashedPassword.Length - 13 - salt.Length;
				if (subkeyLength < SALT_SIZE) return false;
				var expectedSubkey = new byte[subkeyLength];
				Buffer.BlockCopy(decodedHashedPassword, 13 + salt.Length, expectedSubkey, 0, expectedSubkey.Length);

				// Hash the incoming password and verify it
				var actualSubkey =
					KeyDerivation.Pbkdf2(password, salt, networkByteOrder, ITERATION_COUNT, subkeyLength);
				return CryptographicOperations.FixedTimeEquals(actualSubkey, expectedSubkey);
			} catch {
				return false;
			}
		}

		private static uint ReadNetworkByteOrder(IReadOnlyList<byte> buffer, int offset) {
			return ((uint) buffer[offset + 0] << 24)
			       | ((uint) buffer[offset + 1] << 16)
			       | ((uint) buffer[offset + 2] << 8)
			       | buffer[offset + 3];
		}

		private static void WriteNetworkByteOrder(IList<byte> buffer, int offset, uint value) {
			buffer[offset + 0] = (byte) (value >> 24);
			buffer[offset + 1] = (byte) (value >> 16);
			buffer[offset + 2] = (byte) (value >> 8);
			buffer[offset + 3] = (byte) (value >> 0);
		}
	}
}