Password hashing initial version.

Author: unknown

HashingTest/.gitignore

@@ -0,0 +1,2 @@
+
+*.suo

HashingTest/HashingTest.csproj

@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">x86</Platform>
+    <ProductVersion>8.0.30703</ProductVersion>
+    <SchemaVersion>2.0</SchemaVersion>
+    <ProjectGuid>{8C7D752C-532D-4D12-88B0-048DBF97F9B1}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>HashingTest</RootNamespace>
+    <AssemblyName>HashingTest</AssemblyName>
+    <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
+    <TargetFrameworkProfile>Client</TargetFrameworkProfile>
+    <FileAlignment>512</FileAlignment>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|x86' ">
+    <PlatformTarget>x86</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|x86' ">
+    <PlatformTarget>x86</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="PBKDF1.cs" />
+    <Compile Include="PBKDF2.cs" />
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>

HashingTest/HashingTest.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 11.00
+# Visual Studio 2010
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HashingTest", "HashingTest.csproj", "{8C7D752C-532D-4D12-88B0-048DBF97F9B1}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x86 = Debug|x86
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{8C7D752C-532D-4D12-88B0-048DBF97F9B1}.Debug|x86.ActiveCfg = Debug|x86
+		{8C7D752C-532D-4D12-88B0-048DBF97F9B1}.Debug|x86.Build.0 = Debug|x86
+		{8C7D752C-532D-4D12-88B0-048DBF97F9B1}.Release|x86.ActiveCfg = Release|x86
+		{8C7D752C-532D-4D12-88B0-048DBF97F9B1}.Release|x86.Build.0 = Release|x86
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

HashingTest/PBKDF1.cs

@@ -0,0 +1,61 @@
+/*
+ PBKDF1 Implementation of http://www.ietf.org/rfc/rfc2898.txt
+ Dror Gluska 2012
+ 
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Security.Cryptography;
+
+namespace HashingTest
+{
+    /// <summary>
+    /// PBKDF1 key derivation 
+    /// <para>http://www.ietf.org/rfc/rfc2898.txt</para>
+    /// </summary>
+    public class PBKDF1
+    {
+        /// <summary>
+        /// Retrieves MD5 hashed PBKDF1 
+        /// </summary>
+        public static byte[] MD5GetBytes(byte[] password,
+            byte[] salt, int iterations, int howManyBytes)
+        {
+            return ComputePBKDF1(new MD5CryptoServiceProvider(), password, salt, iterations, howManyBytes);
+        }
+
+        /// <summary>
+        /// Retrieves SHA1 hashed PBKDF1
+        /// </summary>
+        public static byte[] SHA1GetBytes(byte[] password,
+            byte[] salt, int iterations, int howManyBytes)
+        {
+            return ComputePBKDF1(new SHA1Managed(), password, salt, iterations, howManyBytes);
+        }
+
+        /// <summary>
+        /// Computes password + salt hashed by hashAlgo for a number of iterations and retrieve howManyBytes from the resulting hash.
+        /// </summary>
+        private static byte[] ComputePBKDF1(HashAlgorithm hashAlgo, byte[] password, byte[] salt, int iterations, int howManyBytes)
+        {
+            if (howManyBytes > (hashAlgo.HashSize/8))
+                throw new ArgumentOutOfRangeException("howManyBytes should be smaller than " + (hashAlgo.HashSize/8).ToString());
+             
+            byte[] passandsalt = new byte[password.Length + salt.Length];
+            Array.Copy(password, 0, passandsalt, 0, password.Length);
+            Array.Copy(salt, 0, passandsalt, password.Length, salt.Length);
+
+            var hash = hashAlgo.ComputeHash(passandsalt);
+
+            for (int i = 1; i < iterations; i++)
+                hash = hashAlgo.ComputeHash(hash);
+
+            byte[] hashsubset = new byte[howManyBytes];
+            Array.Copy(hash, hashsubset, howManyBytes);
+            return hashsubset;
+        }
+    }
+}

HashingTest/PBKDF2.cs

@@ -0,0 +1,137 @@
+/*
+ PBKDF2 key derivation
+ implementation of PKCS#5 v2.0
+ Password Based Key Derivation Function 2
+ http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html
+ For the HMAC function, see RFC 2104
+ http://www.ietf.org/rfc/rfc2104.txt
+ Keith Brown
+ 
+ Change log:
+ 2004 Keith Brown - initial version
+ 2012-09-01 Dror Gluska - change to SHA1 instead of SHA256 and add ability to pass the hashing function to the main function.
+ 
+ 
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Security.Cryptography;
+
+namespace HashingTest
+{
+    /// <summary>
+    /// PBKDF2 Password-Based Key Derivation Function 2 
+    /// </summary>
+    class PBKDF2
+    {
+        // SHA-256 has a 512-bit block size and gives a 256-bit output
+        const int BLOCK_SIZE_IN_BYTES = 64;
+        const byte IPAD = 0x36;
+        const byte OPAD = 0x5C;
+
+        public static byte[] SHA1GetBytes(byte[] password, byte[] salt, int iterations, int howManyBytes)
+        {
+            return GetBytes(new SHA1Managed(), password, salt, iterations, howManyBytes);
+        }
+
+        public static byte[] GetBytes(HashAlgorithm hashAlgo, byte[] password,
+            byte[] salt, int iterations, int howManyBytes)
+        {
+            HashAlgorithm innerHash = hashAlgo;
+            HashAlgorithm outerHash = hashAlgo;
+
+            var HASH_SIZE_IN_BYTES = (innerHash.HashSize/8);
+
+            // round up
+            uint cBlocks = (uint)((howManyBytes +
+                HASH_SIZE_IN_BYTES - 1) / HASH_SIZE_IN_BYTES);
+
+            // seed for the pseudo-random fcn: salt + block index
+            byte[] saltAndIndex = new byte[salt.Length + 4];
+            Array.Copy(salt, 0, saltAndIndex, 0, salt.Length);
+
+            byte[] output = new byte[cBlocks * HASH_SIZE_IN_BYTES];
+            int outputOffset = 0;
+
+            
+
+            // HMAC says the key must be hashed or padded with zeros
+            // so it fits into a single block of the hash in use
+            if (password.Length > BLOCK_SIZE_IN_BYTES)
+            {
+                password = innerHash.ComputeHash(password);
+            }
+            byte[] key = new byte[BLOCK_SIZE_IN_BYTES];
+            Array.Copy(password, 0, key, 0, password.Length);
+
+            byte[] InnerKey = new byte[BLOCK_SIZE_IN_BYTES];
+            byte[] OuterKey = new byte[BLOCK_SIZE_IN_BYTES];
+            for (int i = 0; i < BLOCK_SIZE_IN_BYTES; ++i)
+            {
+                InnerKey[i] = (byte)(key[i] ^ IPAD);
+                OuterKey[i] = (byte)(key[i] ^ OPAD);
+            }
+
+            // for each block of desired output
+            for (int iBlock = 0; iBlock < cBlocks; ++iBlock)
+            {
+                // seed HMAC with salt & block index
+                _incrementBigEndianIndex(saltAndIndex, salt.Length);
+                byte[] U = saltAndIndex;
+
+                for (int i = 0; i < iterations; ++i)
+                {
+                    // simple implementation of HMAC-SHA-256
+                    innerHash.Initialize();
+                    innerHash.TransformBlock(InnerKey, 0,
+                        BLOCK_SIZE_IN_BYTES, InnerKey, 0);
+                    innerHash.TransformFinalBlock(U, 0, U.Length);
+
+                    byte[] temp = innerHash.Hash;
+
+                    outerHash.Initialize();
+                    outerHash.TransformBlock(OuterKey, 0,
+                        BLOCK_SIZE_IN_BYTES, OuterKey, 0);
+                    outerHash.TransformFinalBlock(temp, 0, temp.Length);
+
+                    U = outerHash.Hash; // U = result of HMAC
+
+                    // xor result into output buffer
+                    _xorByteArray(U, 0, HASH_SIZE_IN_BYTES,
+                        output, outputOffset);
+                }
+                outputOffset += HASH_SIZE_IN_BYTES;
+            }
+            byte[] result = new byte[howManyBytes];
+            Array.Copy(output, 0, result, 0, howManyBytes);
+            return result;
+        }
+        // treat the four bytes starting at buf[offset]
+        // as a big endian integer, and increment it
+        static void _incrementBigEndianIndex(byte[] buf, int offset)
+        {
+            unchecked
+            {
+                if (0 == ++buf[offset + 3])
+                    if (0 == ++buf[offset + 2])
+                        if (0 == ++buf[offset + 1])
+                            if (0 == ++buf[offset + 0])
+                                throw new OverflowException();
+            }
+        }
+        static void _xorByteArray(byte[] src,
+            int srcOffset, int cb, byte[] dest, int destOffset)
+        {
+            int end = checked(srcOffset + cb);
+            while (srcOffset != end)
+            {
+                dest[destOffset] ^= src[srcOffset];
+                ++srcOffset;
+                ++destOffset;
+            }
+        }
+    }
+}