jellyfin/Emby.Server.Implementations/Cryptography/CryptographyProvider.cs

using System;
using System.Collections.Generic;
using System.Globalization;
using System.Security.Cryptography;
using MediaBrowser.Model.Cryptography;
using static MediaBrowser.Model.Cryptography.Constants;

namespace Emby.Server.Implementations.Cryptography
{
    /// <summary>
    /// Class providing abstractions over cryptographic functions.
    /// </summary>
    public class CryptographyProvider : ICryptoProvider
    {
        /// <inheritdoc />
        public string DefaultHashMethod => "PBKDF2-SHA512";

        /// <inheritdoc />
        public PasswordHash CreatePasswordHash(ReadOnlySpan<char> password)
        {
            byte[] salt = GenerateSalt();
            return new PasswordHash(
                DefaultHashMethod,
                Rfc2898DeriveBytes.Pbkdf2(
                    password,
                    salt,
                    DefaultIterations,
                    HashAlgorithmName.SHA512,
                    DefaultOutputLength),
                salt,
                new Dictionary<string, string>
                {
                    { "iterations", DefaultIterations.ToString(CultureInfo.InvariantCulture) }
                });
        }

        /// <inheritdoc />
        public bool Verify(PasswordHash hash, ReadOnlySpan<char> password)
        {
            if (string.Equals(hash.Id, "PBKDF2", StringComparison.Ordinal))
            {
                return hash.Hash.SequenceEqual(
                    Rfc2898DeriveBytes.Pbkdf2(
                        password,
                        hash.Salt,
                        int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),
                        HashAlgorithmName.SHA1,
                        32));
            }

            if (string.Equals(hash.Id, "PBKDF2-SHA512", StringComparison.Ordinal))
            {
                return hash.Hash.SequenceEqual(
                    Rfc2898DeriveBytes.Pbkdf2(
                        password,
                        hash.Salt,
                        int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),
                        HashAlgorithmName.SHA512,
                        DefaultOutputLength));
            }

            throw new NotSupportedException($"Can't verify hash with id: {hash.Id}");
        }

        /// <inheritdoc />
        public byte[] GenerateSalt()
            => GenerateSalt(DefaultSaltLength);

        /// <inheritdoc />
        public byte[] GenerateSalt(int length)
        {
            var salt = new byte[length];
            using var rng = RandomNumberGenerator.Create();
            rng.GetNonZeroBytes(salt);
            return salt;
        }
    }
}
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`using System;`
			`using System.Collections.Generic;`
Replace PBKDF2-SHA1 with PBKDF2-SHA512 This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 2021-11-10 21:34:54 +00:00			`using System.Globalization;`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`using System.Security.Cryptography;`
			`using MediaBrowser.Model.Cryptography;`
Replace PBKDF2-SHA1 with PBKDF2-SHA512 This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 2021-11-10 21:34:54 +00:00			`using static MediaBrowser.Model.Cryptography.Constants;`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00
			`namespace Emby.Server.Implementations.Cryptography`
			`{`
Fix more warnings 2019-11-01 17:38:54 +00:00			`/// <summary>`
			`/// Class providing abstractions over cryptographic functions.`
			`/// </summary>`
Use static crypto rng 2021-10-08 13:02:58 +00:00			`public class CryptographyProvider : ICryptoProvider`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`{`
Fix more warnings 2019-11-01 17:38:54 +00:00			`/// <inheritdoc />`
Replace PBKDF2-SHA1 with PBKDF2-SHA512 This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 2021-11-10 21:34:54 +00:00			`public string DefaultHashMethod => "PBKDF2-SHA512";`
Streamline authentication proccess 2019-05-21 17:28:34 +00:00
Fix more warnings 2019-11-01 17:38:54 +00:00			`/// <inheritdoc />`
Replace PBKDF2-SHA1 with PBKDF2-SHA512 This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 2021-11-10 21:34:54 +00:00			`public PasswordHash CreatePasswordHash(ReadOnlySpan<char> password)`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`{`
Replace PBKDF2-SHA1 with PBKDF2-SHA512 This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 2021-11-10 21:34:54 +00:00			`byte[] salt = GenerateSalt();`
			`return new PasswordHash(`
			`DefaultHashMethod,`
			`Rfc2898DeriveBytes.Pbkdf2(`
			`password,`
			`salt,`
			`DefaultIterations,`
			`HashAlgorithmName.SHA512,`
			`DefaultOutputLength),`
			`salt,`
			`new Dictionary<string, string>`
			`{`
			`{ "iterations", DefaultIterations.ToString(CultureInfo.InvariantCulture) }`
			`});`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`}`

Fix more warnings 2019-11-01 17:38:54 +00:00			`/// <inheritdoc />`
Replace PBKDF2-SHA1 with PBKDF2-SHA512 This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 2021-11-10 21:34:54 +00:00			`public bool Verify(PasswordHash hash, ReadOnlySpan<char> password)`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`{`
Replace PBKDF2-SHA1 with PBKDF2-SHA512 This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 2021-11-10 21:34:54 +00:00			`if (string.Equals(hash.Id, "PBKDF2", StringComparison.Ordinal))`
fixed logic flip in auth empty check and fixed crypto algo choice 2019-02-28 07:05:12 +00:00			`{`
Replace PBKDF2-SHA1 with PBKDF2-SHA512 This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 2021-11-10 21:34:54 +00:00			`return hash.Hash.SequenceEqual(`
			`Rfc2898DeriveBytes.Pbkdf2(`
			`password,`
			`hash.Salt,`
			`int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),`
			`HashAlgorithmName.SHA1,`
			`32));`
fixed logic flip in auth empty check and fixed crypto algo choice 2019-02-28 07:05:12 +00:00			`}`
Clean up and document CryptographyProvider.cs 2020-04-14 20:13:41 +00:00
Replace PBKDF2-SHA1 with PBKDF2-SHA512 This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 2021-11-10 21:34:54 +00:00			`if (string.Equals(hash.Id, "PBKDF2-SHA512", StringComparison.Ordinal))`
Clean up and document CryptographyProvider.cs 2020-04-14 20:13:41 +00:00			`{`
Replace PBKDF2-SHA1 with PBKDF2-SHA512 This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 2021-11-10 21:34:54 +00:00			`return hash.Hash.SequenceEqual(`
			`Rfc2898DeriveBytes.Pbkdf2(`
			`password,`
			`hash.Salt,`
			`int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),`
			`HashAlgorithmName.SHA512,`
			`DefaultOutputLength));`
Clean up and document CryptographyProvider.cs 2020-04-14 20:13:41 +00:00			`}`

Don't use deprecated HashAlgorithm.Create(string) 2022-11-08 20:14:52 +00:00			`throw new NotSupportedException($"Can't verify hash with id: {hash.Id}");`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`}`

Fix more warnings 2019-11-01 17:38:54 +00:00			`/// <inheritdoc />`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`public byte[] GenerateSalt()`
Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`=> GenerateSalt(DefaultSaltLength);`

Fix more warnings 2019-11-01 17:38:54 +00:00			`/// <inheritdoc />`
Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`public byte[] GenerateSalt(int length)`
Replace PBKDF2-SHA1 with PBKDF2-SHA512 This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 2021-11-10 21:34:54 +00:00			`{`
			`var salt = new byte[length];`
			`using var rng = RandomNumberGenerator.Create();`
			`rng.GetNonZeroBytes(salt);`
			`return salt;`
			`}`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`}`
			`}`