You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

PasswordHash.cs 3.1KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
  1. using System;
  2. using System.Security.Cryptography;
  3. namespace iiie.Authentication.Business.JWT
  4. {
  5. /// <summary>
  6. /// Hash generator for passwords
  7. /// </summary>
  8. public static class PasswordHash
  9. {
  10. private const int ITERATION_INDEX = 0;
  11. private const int SALT_INDEX = 1;
  12. private const int PBKDF2_INDEX = 2;
  13. /// <summary>
  14. /// Crée un hash à partir du password
  15. /// </summary>
  16. /// <param name="password">le password à hasher</param>
  17. /// <returns>le hash du password</returns>
  18. public static string CreateHash(string password)
  19. {
  20. // génaration du SALT aléatoire
  21. RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
  22. byte[] salt = new byte[AuthProvider.Instance.GetPasswordSaltByteSize()];
  23. csprng.GetBytes(salt);
  24. // hash le password et création de la chaine avec les paramêtres
  25. byte[] hash = PBKDF2(password, salt, AuthProvider.Instance.GetPasswordIterations(),
  26. AuthProvider.Instance.GetPasswordSaltByteSize());
  27. return AuthProvider.Instance.GetPasswordIterations() + ":" +
  28. Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash);
  29. }
  30. /// <summary>
  31. /// Valide le password en adequation avec le hash
  32. /// </summary>
  33. /// <param name="password">le password à vérifier</param>
  34. /// <param name="correctHash">le hash du password stocké en base</param>
  35. /// <returns>True si c'est bon sinon false</returns>
  36. public static bool ValidatePassword(string password, string correctHash)
  37. {
  38. // Extraction des paramêtres du hash
  39. char[] delimiter = { ':' };
  40. string[] split = correctHash.Split(delimiter);
  41. int iterations = Int32.Parse(split[ITERATION_INDEX]);
  42. byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
  43. byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
  44. byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
  45. return SlowEquals(hash, testHash);
  46. }
  47. private static bool SlowEquals(byte[] a, byte[] b)
  48. {
  49. uint diff = (uint)a.Length ^ (uint)b.Length;
  50. for (int i = 0; i < a.Length && i < b.Length; i++)
  51. diff |= (uint)(a[i] ^ b[i]);
  52. return diff == 0;
  53. }
  54. /// <summary>
  55. /// Calcul le PBKDF2-SHA1 hash du password.
  56. /// </summary>
  57. /// <param name="password">The password à hasher</param>
  58. /// <param name="salt">le salt</param>
  59. /// <param name="iterations">le nombre d'itération</param>
  60. /// <param name="outputBytes">la longueur du hash à générer</param>
  61. /// <returns>le hash du password.</returns>
  62. private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
  63. {
  64. Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt);
  65. pbkdf2.IterationCount = iterations;
  66. return pbkdf2.GetBytes(outputBytes);
  67. }
  68. }
  69. }