mirror of
https://github.com/jellyfin/jellyfin.git
synced 2025-12-27 19:24:47 +03:00
Replace PBKDF2-SHA1 with PBKDF2-SHA512
This also migrates already created passwords on login Source for the number of iterations: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
This commit is contained in:
Bond_009
@@ -1,9 +1,11 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Globalization;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using MediaBrowser.Common.Extensions;
|
||||
using MediaBrowser.Model.Cryptography;
|
||||
using static MediaBrowser.Common.Cryptography.Constants;
|
||||
using static MediaBrowser.Model.Cryptography.Constants;
|
||||
|
||||
namespace Emby.Server.Implementations.Cryptography
|
||||
{
|
||||
@@ -12,10 +14,7 @@ namespace Emby.Server.Implementations.Cryptography
|
||||
/// </summary>
|
||||
public class CryptographyProvider : ICryptoProvider
|
||||
{
|
||||
// FIXME: When we get DotNet Standard 2.1 we need to revisit how we do the crypto
|
||||
// Currently supported hash methods from https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.cryptoconfig?view=netcore-2.1
|
||||
// there might be a better way to autogenerate this list as dotnet updates, but I couldn't find one
|
||||
// Please note the default method of PBKDF2 is not included, it cannot be used to generate hashes cleanly as it is actually a pbkdf with sha1
|
||||
// TODO: remove when not needed for backwards compat
|
||||
private static readonly HashSet<string> _supportedHashMethods = new HashSet<string>()
|
||||
{
|
||||
"MD5",
|
||||
@@ -35,60 +34,81 @@ namespace Emby.Server.Implementations.Cryptography
|
||||
};
|
||||
|
||||
/// <inheritdoc />
|
||||
public string DefaultHashMethod => "PBKDF2";
|
||||
public string DefaultHashMethod => "PBKDF2-SHA512";
|
||||
|
||||
/// <inheritdoc />
|
||||
public IEnumerable<string> GetSupportedHashMethods()
|
||||
=> _supportedHashMethods;
|
||||
|
||||
private byte[] PBKDF2(string method, byte[] bytes, byte[] salt, int iterations)
|
||||
public PasswordHash CreatePasswordHash(ReadOnlySpan<char> password)
|
||||
{
|
||||
// downgrading for now as we need this library to be dotnetstandard compliant
|
||||
// with this downgrade we'll add a check to make sure we're on the downgrade method at the moment
|
||||
if (method != DefaultHashMethod)
|
||||
{
|
||||
throw new CryptographicException($"Cannot currently use PBKDF2 with requested hash method: {method}");
|
||||
}
|
||||
|
||||
using var r = new Rfc2898DeriveBytes(bytes, salt, iterations);
|
||||
return r.GetBytes(32);
|
||||
byte[] salt = GenerateSalt();
|
||||
return new PasswordHash(
|
||||
DefaultHashMethod,
|
||||
Rfc2898DeriveBytes.Pbkdf2(
|
||||
password,
|
||||
salt,
|
||||
DefaultIterations,
|
||||
HashAlgorithmName.SHA512,
|
||||
DefaultOutputLength),
|
||||
salt,
|
||||
new Dictionary<string, string>
|
||||
{
|
||||
{ "iterations", DefaultIterations.ToString(CultureInfo.InvariantCulture) }
|
||||
});
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public byte[] ComputeHash(string hashMethod, byte[] bytes, byte[] salt)
|
||||
public bool Verify(PasswordHash hash, ReadOnlySpan<char> password)
|
||||
{
|
||||
if (hashMethod == DefaultHashMethod)
|
||||
if (string.Equals(hash.Id, "PBKDF2", StringComparison.Ordinal))
|
||||
{
|
||||
return PBKDF2(hashMethod, bytes, salt, DefaultIterations);
|
||||
return hash.Hash.SequenceEqual(
|
||||
Rfc2898DeriveBytes.Pbkdf2(
|
||||
password,
|
||||
hash.Salt,
|
||||
int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),
|
||||
HashAlgorithmName.SHA1,
|
||||
32));
|
||||
}
|
||||
|
||||
if (!_supportedHashMethods.Contains(hashMethod))
|
||||
if (string.Equals(hash.Id, "PBKDF2-SHA512", StringComparison.Ordinal))
|
||||
{
|
||||
throw new CryptographicException($"Requested hash method is not supported: {hashMethod}");
|
||||
return hash.Hash.SequenceEqual(
|
||||
Rfc2898DeriveBytes.Pbkdf2(
|
||||
password,
|
||||
hash.Salt,
|
||||
int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),
|
||||
HashAlgorithmName.SHA512,
|
||||
DefaultOutputLength));
|
||||
}
|
||||
|
||||
using var h = HashAlgorithm.Create(hashMethod) ?? throw new ResourceNotFoundException($"Unknown hash method: {hashMethod}.");
|
||||
if (salt.Length == 0)
|
||||
if (!_supportedHashMethods.Contains(hash.Id))
|
||||
{
|
||||
return h.ComputeHash(bytes);
|
||||
throw new CryptographicException($"Requested hash method is not supported: {hash.Id}");
|
||||
}
|
||||
|
||||
byte[] salted = new byte[bytes.Length + salt.Length];
|
||||
using var h = HashAlgorithm.Create(hash.Id) ?? throw new ResourceNotFoundException($"Unknown hash method: {hash.Id}.");
|
||||
var bytes = Encoding.UTF8.GetBytes(password.ToArray());
|
||||
if (hash.Salt.Length == 0)
|
||||
{
|
||||
return hash.Hash.SequenceEqual(h.ComputeHash(bytes));
|
||||
}
|
||||
|
||||
byte[] salted = new byte[bytes.Length + hash.Salt.Length];
|
||||
Array.Copy(bytes, salted, bytes.Length);
|
||||
Array.Copy(salt, 0, salted, bytes.Length, salt.Length);
|
||||
return h.ComputeHash(salted);
|
||||
hash.Salt.CopyTo(salted.AsSpan(bytes.Length));
|
||||
return hash.Hash.SequenceEqual(h.ComputeHash(salted));
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public byte[] ComputeHashWithDefaultMethod(byte[] bytes, byte[] salt)
|
||||
=> PBKDF2(DefaultHashMethod, bytes, salt, DefaultIterations);
|
||||
|
||||
/// <inheritdoc />
|
||||
public byte[] GenerateSalt()
|
||||
=> GenerateSalt(DefaultSaltLength);
|
||||
|
||||
/// <inheritdoc />
|
||||
public byte[] GenerateSalt(int length)
|
||||
=> RandomNumberGenerator.GetBytes(length);
|
||||
{
|
||||
var salt = new byte[length];
|
||||
using var rng = RandomNumberGenerator.Create();
|
||||
rng.GetNonZeroBytes(salt);
|
||||
return salt;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user