2019-02-20 09:17:30 +00:00
|
|
|
using System;
|
|
|
|
using System.Collections.Generic;
|
2021-11-10 21:34:54 +00:00
|
|
|
using System.Globalization;
|
2019-02-20 09:17:30 +00:00
|
|
|
using System.Security.Cryptography;
|
2021-11-10 21:34:54 +00:00
|
|
|
using System.Text;
|
2020-11-13 18:14:44 +00:00
|
|
|
using MediaBrowser.Common.Extensions;
|
2019-02-20 09:17:30 +00:00
|
|
|
using MediaBrowser.Model.Cryptography;
|
2021-11-10 21:34:54 +00:00
|
|
|
using static MediaBrowser.Model.Cryptography.Constants;
|
2019-02-20 09:17:30 +00:00
|
|
|
|
|
|
|
namespace Emby.Server.Implementations.Cryptography
|
|
|
|
{
|
2019-11-01 17:38:54 +00:00
|
|
|
/// <summary>
|
|
|
|
/// Class providing abstractions over cryptographic functions.
|
|
|
|
/// </summary>
|
2021-10-08 13:02:58 +00:00
|
|
|
public class CryptographyProvider : ICryptoProvider
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
2021-11-10 21:34:54 +00:00
|
|
|
// TODO: remove when not needed for backwards compat
|
2019-03-07 11:32:05 +00:00
|
|
|
private static readonly HashSet<string> _supportedHashMethods = new HashSet<string>()
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
2019-03-07 11:11:41 +00:00
|
|
|
"MD5",
|
|
|
|
"System.Security.Cryptography.MD5",
|
|
|
|
"SHA",
|
|
|
|
"SHA1",
|
|
|
|
"System.Security.Cryptography.SHA1",
|
|
|
|
"SHA256",
|
|
|
|
"SHA-256",
|
|
|
|
"System.Security.Cryptography.SHA256",
|
|
|
|
"SHA384",
|
|
|
|
"SHA-384",
|
|
|
|
"System.Security.Cryptography.SHA384",
|
|
|
|
"SHA512",
|
|
|
|
"SHA-512",
|
|
|
|
"System.Security.Cryptography.SHA512"
|
2019-02-20 09:17:30 +00:00
|
|
|
};
|
2019-03-07 11:32:05 +00:00
|
|
|
|
2019-11-01 17:38:54 +00:00
|
|
|
/// <inheritdoc />
|
2021-11-10 21:34:54 +00:00
|
|
|
public string DefaultHashMethod => "PBKDF2-SHA512";
|
2019-05-21 17:28:34 +00:00
|
|
|
|
2019-11-01 17:38:54 +00:00
|
|
|
/// <inheritdoc />
|
2021-11-10 21:34:54 +00:00
|
|
|
public PasswordHash CreatePasswordHash(ReadOnlySpan<char> password)
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
2021-11-10 21:34:54 +00:00
|
|
|
byte[] salt = GenerateSalt();
|
|
|
|
return new PasswordHash(
|
|
|
|
DefaultHashMethod,
|
|
|
|
Rfc2898DeriveBytes.Pbkdf2(
|
|
|
|
password,
|
|
|
|
salt,
|
|
|
|
DefaultIterations,
|
|
|
|
HashAlgorithmName.SHA512,
|
|
|
|
DefaultOutputLength),
|
|
|
|
salt,
|
|
|
|
new Dictionary<string, string>
|
|
|
|
{
|
|
|
|
{ "iterations", DefaultIterations.ToString(CultureInfo.InvariantCulture) }
|
|
|
|
});
|
2019-02-20 09:17:30 +00:00
|
|
|
}
|
|
|
|
|
2019-11-01 17:38:54 +00:00
|
|
|
/// <inheritdoc />
|
2021-11-10 21:34:54 +00:00
|
|
|
public bool Verify(PasswordHash hash, ReadOnlySpan<char> password)
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
2021-11-10 21:34:54 +00:00
|
|
|
if (string.Equals(hash.Id, "PBKDF2", StringComparison.Ordinal))
|
2019-02-28 07:05:12 +00:00
|
|
|
{
|
2021-11-10 21:34:54 +00:00
|
|
|
return hash.Hash.SequenceEqual(
|
|
|
|
Rfc2898DeriveBytes.Pbkdf2(
|
|
|
|
password,
|
|
|
|
hash.Salt,
|
|
|
|
int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),
|
|
|
|
HashAlgorithmName.SHA1,
|
|
|
|
32));
|
2019-02-28 07:05:12 +00:00
|
|
|
}
|
2020-04-14 20:13:41 +00:00
|
|
|
|
2021-11-10 21:34:54 +00:00
|
|
|
if (string.Equals(hash.Id, "PBKDF2-SHA512", StringComparison.Ordinal))
|
2020-04-14 20:13:41 +00:00
|
|
|
{
|
2021-11-10 21:34:54 +00:00
|
|
|
return hash.Hash.SequenceEqual(
|
|
|
|
Rfc2898DeriveBytes.Pbkdf2(
|
|
|
|
password,
|
|
|
|
hash.Salt,
|
|
|
|
int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),
|
|
|
|
HashAlgorithmName.SHA512,
|
|
|
|
DefaultOutputLength));
|
2020-04-14 20:13:41 +00:00
|
|
|
}
|
|
|
|
|
2021-11-10 21:34:54 +00:00
|
|
|
if (!_supportedHashMethods.Contains(hash.Id))
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
2021-11-10 21:34:54 +00:00
|
|
|
throw new CryptographicException($"Requested hash method is not supported: {hash.Id}");
|
2019-02-20 09:17:30 +00:00
|
|
|
}
|
2019-05-21 17:28:34 +00:00
|
|
|
|
2021-11-10 21:34:54 +00:00
|
|
|
using var h = HashAlgorithm.Create(hash.Id) ?? throw new ResourceNotFoundException($"Unknown hash method: {hash.Id}.");
|
|
|
|
var bytes = Encoding.UTF8.GetBytes(password.ToArray());
|
|
|
|
if (hash.Salt.Length == 0)
|
|
|
|
{
|
|
|
|
return hash.Hash.SequenceEqual(h.ComputeHash(bytes));
|
|
|
|
}
|
|
|
|
|
|
|
|
byte[] salted = new byte[bytes.Length + hash.Salt.Length];
|
2020-04-14 20:13:41 +00:00
|
|
|
Array.Copy(bytes, salted, bytes.Length);
|
2021-11-10 21:34:54 +00:00
|
|
|
hash.Salt.CopyTo(salted.AsSpan(bytes.Length));
|
|
|
|
return hash.Hash.SequenceEqual(h.ComputeHash(salted));
|
2019-02-20 09:17:30 +00:00
|
|
|
}
|
|
|
|
|
2019-11-01 17:38:54 +00:00
|
|
|
/// <inheritdoc />
|
2019-02-20 09:17:30 +00:00
|
|
|
public byte[] GenerateSalt()
|
2019-09-17 16:07:15 +00:00
|
|
|
=> GenerateSalt(DefaultSaltLength);
|
|
|
|
|
2019-11-01 17:38:54 +00:00
|
|
|
/// <inheritdoc />
|
2019-09-17 16:07:15 +00:00
|
|
|
public byte[] GenerateSalt(int length)
|
2021-11-10 21:34:54 +00:00
|
|
|
{
|
|
|
|
var salt = new byte[length];
|
|
|
|
using var rng = RandomNumberGenerator.Create();
|
|
|
|
rng.GetNonZeroBytes(salt);
|
|
|
|
return salt;
|
|
|
|
}
|
2019-02-20 09:17:30 +00:00
|
|
|
}
|
|
|
|
}
|