codinux
/
fints4k
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implemented hashing login password with scrypt (but still using a static salt; CryptoSwift has accidentally already been commit with last commit)

This commit is contained in:
dankito 2020-10-14 02:16:26 +02:00
parent acf0345aaf
commit b1c027b608
1 changed files with 47 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
ui/BankingiOSApp/BankingiOSApp/Security/AuthenticationService.swift
View File

@ -1,5 +1,6 @@
import SwiftUI import SwiftUI
import LocalAuthentication import LocalAuthentication
import CryptoSwift
import BankingUiSwift import BankingUiSwift
@ -95,13 +96,18 @@ class AuthenticationService {
} }
func authenticateUserWithPassword(_ enteredPassword: String, _ authenticationResult: @escaping (Bool, String?) -> Void) { func authenticateUserWithPassword(_ enteredPassword: String, _ authenticationResult: @escaping (Bool, String?) -> Void) {
if retrieveLoginPassword() == enteredPassword { if let storedHash = readLoginPasswordHash() {
let decryptDatabaseResult = openDatabase(false, enteredPassword) if let hashOfEnteredPassword = hashLoginPassword(enteredPassword) {
authenticationResult(decryptDatabaseResult, nil) if storedHash == hashOfEnteredPassword {
} let decryptDatabaseResult = openDatabase(false, enteredPassword)
else { authenticationResult(decryptDatabaseResult, nil)
authenticationResult(false, "Incorrect password entered".localize())
return
}
}
} }
authenticationResult(false, "Incorrect password entered".localize())
} }
@discardableResult @discardableResult
@ -291,11 +297,13 @@ class AuthenticationService {
@discardableResult @discardableResult
private func setLoginPassword(_ newPassword: String) -> Bool { private func setLoginPassword(_ newPassword: String) -> Bool {
do { do {
let passwordItem = createUserLoginPasswordKeychainItem() if let passwordHash = hashLoginPassword(newPassword) {
let passwordItem = createUserLoginPasswordKeychainItem()
try passwordItem.savePassword(newPassword)
try passwordItem.savePassword(passwordHash)
return true
return true
}
} catch { } catch {
NSLog("Could not save login password: \(error)") NSLog("Could not save login password: \(error)")
} }
@ -303,6 +311,18 @@ class AuthenticationService {
return false return false
} }
private func readLoginPasswordHash() -> String? {
do {
let passwordItem = createUserLoginPasswordKeychainItem()
return try passwordItem.readPassword()
} catch {
NSLog("Could not read login password: \(error)")
}
return nil
}
@discardableResult @discardableResult
private func deleteLoginPassword() -> Bool { private func deleteLoginPassword() -> Bool {
do { do {
@ -318,18 +338,6 @@ class AuthenticationService {
return false return false
} }
private func retrieveLoginPassword() -> String? {
do {
let passwordItem = createUserLoginPasswordKeychainItem()
return try passwordItem.readPassword()
} catch {
NSLog("Could not read login password: \(error)")
}
return nil
}
private func createUserLoginPasswordKeychainItem() -> KeychainPasswordItem { private func createUserLoginPasswordKeychainItem() -> KeychainPasswordItem {
return KeychainPasswordItem(Self.UserLoginPasswordKeychainAccountName) return KeychainPasswordItem(Self.UserLoginPasswordKeychainAccountName)
} }
@ -352,6 +360,22 @@ class AuthenticationService {
} }
private func hashLoginPassword(_ loginPassword: String) -> String? {
do {
let password = Array(loginPassword.utf8)
//let salt = Array(generateRandomPassword(8).utf8)
let salt = Array("aaaaaaaa".utf8)
let bytes = try Scrypt(password: password, salt: salt, dkLen: 64, N: 256, r: 8, p: 1).calculate()
return bytes.toBase64()
} catch {
NSLog("Could not create hash for login password: \(error)")
}
return nil
}
private func concatPasswords(_ loginPassword: String, _ defaultPassword: String) -> String { private func concatPasswords(_ loginPassword: String, _ defaultPassword: String) -> String {
return loginPassword + "_" + defaultPassword return loginPassword + "_" + defaultPassword
} }