/*********************************************************************** * * Copyright (C) 2005-2006 Novell, Inc. All Rights Reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; version 2.1 * of the License. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Library Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, Novell, Inc. * * To contact Novell about this file by physical or electronic mail, * you may find current contact information at www.novell.com. * ***********************************************************************/ // // Rfc2898DeriveBytes.cs: RFC2898 (PKCS#5 v2) Key derivation for Password Based Encryption // // Author: // Sebastien Pouliot (sebastien@ximian.com) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com) // // Permission is hereby granted, free of charge, to any person obtaining // a copy of this software and associated documentation files (the // "Software"), to deal in the Software without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Software, and to // permit persons to whom the Software is furnished to do so, subject to // the following conditions: // // The above copyright notice and this permission notice shall be // included in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // //using System.Runtime.InteropServices; using System; using System.Text; using System.Security.Cryptography; using sscs.lss; namespace sscs.crypto { //[ComVisible (true)] public class Rfc2898DeriveBytes : DeriveBytes { private const int defaultIterations = 1000; private int _iteration; private byte[] _salt; private HMACSHA1 _hmac; private byte[] _buffer; private int _pos; private int _f; // constructors public Rfc2898DeriveBytes (string password, byte[] salt) : this (password, salt, defaultIterations) { } public Rfc2898DeriveBytes (string password, byte[] salt, int iterations) { if (password == null) throw new ArgumentNullException ("password"); Salt = salt; IterationCount = iterations; _hmac = new HMACSHA1 (Encoding.UTF8.GetBytes (password)); } public Rfc2898DeriveBytes (byte[] password, byte[] salt, int iterations) { if (password == null) throw new ArgumentNullException ("password"); Salt = salt; IterationCount = iterations; _hmac = new HMACSHA1 (password); } public Rfc2898DeriveBytes (string password, int saltSize) : this (password, saltSize, defaultIterations) { } public Rfc2898DeriveBytes(string password, int saltSize, int iterations) : this (password, saltSize, iterations, false) { } public Rfc2898DeriveBytes (string password, int saltSize, int iterations, bool bUseOldMethod) { if (password == null) throw new ArgumentNullException ("password"); if (saltSize < 0) throw new ArgumentOutOfRangeException ("invalid salt length"); if (bUseOldMethod) { Salt = GenerateOldSalt(password, saltSize); } else { Salt = GenerateNewSalt(password, saltSize); } IterationCount = iterations; _hmac = new HMACSHA1 (Encoding.UTF8.GetBytes (password)); } private static byte[] GenerateOldSalt(string password, int saltSize) { byte[] buffer = new byte[saltSize]; Random rand = new Random(password.GetHashCode()); rand.NextBytes(buffer); return buffer; } private static byte[] GenerateNewSalt(string password, int saltSize) { int j = 0; byte[] buffer = new byte[saltSize]; // iterate thru each character, creating a new Random, // getting 2 bytes from each, until our salt buffer is full. for (int i = 0; i < password.Length;) { char letter = password[i]; int iLetter = (int)letter; FastRandom ranNum = new FastRandom(iLetter * (j+1)); byte[] temp = new byte[2]; ranNum.NextBytes(temp); for (int k = 0; k < temp.Length; k++) { buffer[j++] = temp[k]; // get out if buffer is full if (j >= saltSize) { return buffer; } } i++; // reset i if at end of password if ((i + 1) > password.Length) { i = 0; } } return buffer; } // properties public int IterationCount { get { return _iteration; } set { if (value < 1) throw new ArgumentOutOfRangeException ("IterationCount < 1"); _iteration = value; } } public byte[] Salt { get { return (byte[]) _salt.Clone (); } set { if (value == null) throw new ArgumentNullException ("Salt"); if (value.Length < 8) throw new ArgumentException ("Salt < 8 bytes"); _salt = (byte[])value.Clone (); } } // methods private byte[] F (byte[] s, int c, int i) { byte[] data = new byte [s.Length + 4]; Buffer.BlockCopy (s, 0, data, 0, s.Length); byte[] int4 = BitConverter.GetBytes (i); Array.Reverse (int4, 0, 4); Buffer.BlockCopy (int4, 0, data, s.Length, 4); // this is like j=0 byte[] u1 = _hmac.ComputeHash (data); data = u1; // so we start at j=1 for (int j=1; j < c; j++) { byte[] un = _hmac.ComputeHash (data); // xor for (int k=0; k < 20; k++) u1 [k] = (byte)(u1 [k] ^ un [k]); data = un; } return u1; } public override byte[] GetBytes (int cb) { if (cb < 1) throw new ArgumentOutOfRangeException ("cb"); int l = cb / 20; // HMACSHA1 == 160 bits == 20 bytes int r = cb % 20; // remainder if (r != 0) l++; // rounding up byte[] result = new byte [cb]; int rpos = 0; if (_pos > 0) { int count = Math.Min (20 - _pos, cb); Buffer.BlockCopy (_buffer, _pos, result, 0, count); if (count >= cb) return result; _pos = 0; rpos = 20 - cb; r = cb - rpos; } for (int i=1; i <= l; i++) { _buffer = F (_salt, _iteration, ++_f); int count = ((i == l) ? r : 20); Buffer.BlockCopy (_buffer, _pos, result, rpos, count); rpos += _pos + count; _pos = ((count == 20) ? 0 : count); } return result; } public override void Reset () { _buffer = null; _pos = 0; _f = 0; } } }