From ea202d0a8e52ca18acb41449dbb75fbb08c676fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartosz=20Chy=C5=BCy?= Date: Wed, 24 Jun 2020 00:57:30 +0200 Subject: [PATCH] Hash --- .../AuthorizationService.cs | 29 +++++++++++++++---- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/src/SafeMessageStorage/SafeMessageStorage/SafeMessageStorage/Services/AuthorizationService/AuthorizationService.cs b/src/SafeMessageStorage/SafeMessageStorage/SafeMessageStorage/Services/AuthorizationService/AuthorizationService.cs index bc61a74..8e44076 100644 --- a/src/SafeMessageStorage/SafeMessageStorage/SafeMessageStorage/Services/AuthorizationService/AuthorizationService.cs +++ b/src/SafeMessageStorage/SafeMessageStorage/SafeMessageStorage/Services/AuthorizationService/AuthorizationService.cs @@ -10,6 +10,7 @@ namespace SafeMessageStorage.Services.AuthorizationService public class AuthorizationService : IAuthorizationService { private readonly string _passwordKey = "86d9ee32-c00e-4b18-bb1b-a4f7d9e23ec9"; + private readonly string _saltKey = "d18930d9-6aae-4e71-a700-e5d292a8724b"; private readonly IHashProvider _hashProvider; public AuthorizationService(IHashProvider hashProvider) @@ -24,13 +25,14 @@ namespace SafeMessageStorage.Services.AuthorizationService public bool IsPasswordSet => Xamarin.Essentials.SecureStorage.GetAsync(_passwordKey).Result != null; public async Task AuthorizeAsync(string password) { + //Xamarin.Essentials.SecureStorage.RemoveAll(); if (string.IsNullOrWhiteSpace(password)) return false; var keyChainPassword = await Xamarin.Essentials.SecureStorage.GetAsync(_passwordKey); - var hash = _hashProvider.GetHashString(password); + var hash = await GetHashWithSalt(password); var result = keyChainPassword?.Equals(hash) ?? false; IsAuthorized = result; - AuthorizedUserHash = IsAuthorized ? keyChainPassword : null; + AuthorizedUserHash = IsAuthorized ? _hashProvider.GetHashString(password) : null; return result; } @@ -44,15 +46,32 @@ namespace SafeMessageStorage.Services.AuthorizationService public async Task ChangePasswordAsync(string currentPassword, string newPassword) { var keyChainPassword = await Xamarin.Essentials.SecureStorage.GetAsync(_passwordKey); - var passwordMatch = keyChainPassword?.Equals(_hashProvider.GetHashString(currentPassword)) ?? true; + var passwordMatch = keyChainPassword?.Equals(await GetHashWithSalt(currentPassword)) ?? true; if (!passwordMatch) return false; - var passwordHash = _hashProvider.GetHashString(newPassword); - AuthorizedUserHash = passwordHash; + var passwordHash = await GetHashWithSalt(newPassword); + AuthorizedUserHash = _hashProvider.GetHashString(newPassword); await Xamarin.Essentials.SecureStorage.SetAsync(_passwordKey, passwordHash); return true; } + + private async Task GetHashWithSalt(string password) + { + return _hashProvider.GetHashString(password + await GetSalt()); + } + + private async Task GetSalt() + { + var salt = await Xamarin.Essentials.SecureStorage.GetAsync(_saltKey); + if (salt == null) + { + salt = Guid.NewGuid().ToString(); + await Xamarin.Essentials.SecureStorage.SetAsync(_saltKey, salt); + } + + return salt; + } } }