-
Notifications
You must be signed in to change notification settings - Fork 0
/
PasswordHash.fs
84 lines (72 loc) · 2.91 KB
/
PasswordHash.fs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
//
// PasswordHash
//
// Authors:
// Juraj Skripsky <[email protected]>
//
// Copyright 2011 HotFeet GmbH (http://www.hotfeet.ch)
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
open System
open System.Text
open System.Security.Cryptography
open HotFeet.Text
open HotFeet.FSharp
namespace HotFeet.Security.Cryptography
type public PasswordHash () =
(* input/ouput character encoding *)
let enc = Encoding.UTF8
let toBytes (s: string) = enc.GetBytes (s)
let toString (bs: byte[]) = enc.GetString (bs)
(* Crypto primitives *)
let hashAlgoName = "SHA512"
let hashBitLen = 512 //(len % 8 = 0)
let saltBitLen = 96 //(len % 8 = 0)
(* Hash Algorithm *)
let (hashAlgo, hashAlgoLock) = (HashAlgorithm.Create (hashAlgoName), new obj())
let calcHash bs =
let calcHashImperative =
let (_, hash) = (hashAlgo.TransformFinalBlock (bs, 0, bs.Length), hashAlgo.Hash)
hashAlgo.Clear()
hash
lock hashAlgoLock (fun _ -> calcHashImperative)
(* Random Number Generator *)
let (randGen, randGenLock) = (RandomNumberGenerator.Create (), new obj())
let randomImperative (bs : byte[]) =
lock randGenLock (fun _ -> randGen.GetBytes (bs))
bs
let randomBytes len =
let mutable (bs : byte[]) = Array.zeroCreate len
randomImperative bs
(* crypted password format *)
let format = sprintf "$6$%s$%s"
let cryptedPasswordRegex =
let base64Group bitLen = sprintf "(.{%d})" (bitLen |> Base64.getStringLen)
let pattern = format (base64Group saltBitLen) (base64Group hashBitLen)
regex (pattern.Replace ("$", @"\$"))
(* input / output *)
let compose salt hash = format (salt |> Base64.toString) (hash |> Base64.toString)
let decompose s =
match s with
| Match cryptedPasswordRegex [salt; hash] -> (salt |> Base64.ofString, hash |> Base64.ofString)
| _ -> failwith "Invalid hash format."
(* main methods *)
let saltPassword password salt = salt @ password @ salt (* concatenation *)
let crypt password =
let salt = randomBytes (saltBitLen >>> 3)
(salt, (password, salt) ||> saltPassword |> calcHash)
let verify password (salt, hash) = ((password, salt) ||> saltPassword |> calcHash) = hash
interface IPasswordHash with
member x.Crypt password = password |> toBytes |> crypt ||> compose
member x.Verify (password, cryptedPassword) = (password |> toBytes, cryptedPassword |> decompose) ||> verify