Cutlery/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-07-09 03:04:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

Use static crypto rng

Browse Source
This commit is contained in:
Bond_009 2021-10-08 15:02:58 +02:00
parent 556ef5f157
commit 3b492d4af8
2 changed files with 9 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
Emby.Server.Implementations/Cryptography/CryptographyProvider.cs
View File

@ -10,8 +10,12 @@ namespace Emby.Server.Implementations.Cryptography
/// <summary> /// <summary>
/// Class providing abstractions over cryptographic functions. /// Class providing abstractions over cryptographic functions.
/// </summary> /// </summary>
public class CryptographyProvider : ICryptoProvider, IDisposable public class CryptographyProvider : ICryptoProvider
{ {
// FIXME: When we get DotNet Standard 2.1 we need to revisit how we do the crypto
// Currently supported hash methods from https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.cryptoconfig?view=netcore-2.1
// there might be a better way to autogenerate this list as dotnet updates, but I couldn't find one
// Please note the default method of PBKDF2 is not included, it cannot be used to generate hashes cleanly as it is actually a pbkdf with sha1
private static readonly HashSet<string> _supportedHashMethods = new HashSet<string>() private static readonly HashSet<string> _supportedHashMethods = new HashSet<string>()
{ {
"MD5", "MD5",
@ -30,22 +34,6 @@ namespace Emby.Server.Implementations.Cryptography
"System.Security.Cryptography.SHA512" "System.Security.Cryptography.SHA512"
}; };
private RandomNumberGenerator _randomNumberGenerator;
private bool _disposed;
/// <summary>
/// Initializes a new instance of the <see cref="CryptographyProvider"/> class.
/// </summary>
public CryptographyProvider()
{
// FIXME: When we get DotNet Standard 2.1 we need to revisit how we do the crypto
// Currently supported hash methods from https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.cryptoconfig?view=netcore-2.1
// there might be a better way to autogenerate this list as dotnet updates, but I couldn't find one
// Please note the default method of PBKDF2 is not included, it cannot be used to generate hashes cleanly as it is actually a pbkdf with sha1
_randomNumberGenerator = RandomNumberGenerator.Create();
}
/// <inheritdoc /> /// <inheritdoc />
public string DefaultHashMethod => "PBKDF2"; public string DefaultHashMethod => "PBKDF2";
@ -101,36 +89,6 @@ namespace Emby.Server.Implementations.Cryptography
/// <inheritdoc /> /// <inheritdoc />
public byte[] GenerateSalt(int length) public byte[] GenerateSalt(int length)
{ => RandomNumberGenerator.GetBytes(length);
byte[] salt = new byte[length];
_randomNumberGenerator.GetBytes(salt);
return salt;
}
/// <inheritdoc />
public void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
}
/// <summary>
/// Releases unmanaged and - optionally - managed resources.
/// </summary>
/// <param name="disposing"><c>true</c> to release both managed and unmanaged resources; <c>false</c> to release only unmanaged resources.</param>
protected virtual void Dispose(bool disposing)
{
if (_disposed)
{
return;
}
if (disposing)
{
_randomNumberGenerator.Dispose();
}
_disposed = true;
}
} }
} }

11
Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
View File

@ -93,13 +93,9 @@ namespace Jellyfin.Server.Implementations.Users
/// <inheritdoc /> /// <inheritdoc />
public async Task<ForgotPasswordResult> StartForgotPasswordProcess(User user, bool isInNetwork) public async Task<ForgotPasswordResult> StartForgotPasswordProcess(User user, bool isInNetwork)
{ {
string pin; byte[] bytes = new byte[4];
using (var cryptoRandom = RandomNumberGenerator.Create()) RandomNumberGenerator.Fill(bytes);
{ string pin = BitConverter.ToString(bytes);
byte[] bytes = new byte[4];
cryptoRandom.GetBytes(bytes);
pin = BitConverter.ToString(bytes);
}
DateTime expireTime = DateTime.UtcNow.AddMinutes(30); DateTime expireTime = DateTime.UtcNow.AddMinutes(30);
string filePath = _passwordResetFileBase + user.Id + ".json"; string filePath = _passwordResetFileBase + user.Id + ".json";
@ -114,7 +110,6 @@ namespace Jellyfin.Server.Implementations.Users
await using (FileStream fileStream = AsyncFile.OpenWrite(filePath)) await using (FileStream fileStream = AsyncFile.OpenWrite(filePath))
{ {
await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false); await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false);
await fileStream.FlushAsync().ConfigureAwait(false);
} }
user.EasyPassword = pin; user.EasyPassword = pin;