mirror of
https://github.com/aaronpo97/the-biergarten-app.git
synced 2026-07-16 17:47:22 +00:00
code style cleanup
This commit is contained in:
@@ -5,7 +5,7 @@ using Konscious.Security.Cryptography;
|
||||
namespace Infrastructure.PasswordHashing;
|
||||
|
||||
/// <summary>
|
||||
/// Hashes and verifies passwords using the Argon2id algorithm via Konscious.Security.Cryptography.
|
||||
/// Hashes and verifies passwords using the Argon2id algorithm via Konscious.Security.Cryptography.
|
||||
/// </summary>
|
||||
public class Argon2Infrastructure : IPasswordInfrastructure
|
||||
{
|
||||
@@ -15,67 +15,67 @@ public class Argon2Infrastructure : IPasswordInfrastructure
|
||||
private const int ArgonMemoryKb = 65536; // 64MB
|
||||
|
||||
/// <summary>
|
||||
/// Hashes a plaintext password using Argon2id with a newly generated 128-bit cryptographically
|
||||
/// random salt, 4 iterations, 64MB of memory, and a degree of parallelism equal to the number of
|
||||
/// available processors (minimum 1).
|
||||
/// Hashes a plaintext password using Argon2id with a newly generated 128-bit cryptographically
|
||||
/// random salt, 4 iterations, 64MB of memory, and a degree of parallelism equal to the number of
|
||||
/// available processors (minimum 1).
|
||||
/// </summary>
|
||||
/// <param name="password">The plaintext password to hash.</param>
|
||||
/// <returns>
|
||||
/// A string of the form <c>"{base64Salt}:{base64Hash}"</c> containing the salt and the resulting
|
||||
/// 256-bit hash, suitable for storage and later verification.
|
||||
/// A string of the form <c>"{base64Salt}:{base64Hash}"</c> containing the salt and the resulting
|
||||
/// 256-bit hash, suitable for storage and later verification.
|
||||
/// </returns>
|
||||
public string Hash(string password)
|
||||
{
|
||||
var salt = RandomNumberGenerator.GetBytes(SaltSize);
|
||||
var argon2 = new Argon2id(Encoding.UTF8.GetBytes(password))
|
||||
byte[] salt = RandomNumberGenerator.GetBytes(SaltSize);
|
||||
Argon2id argon2 = new(Encoding.UTF8.GetBytes(password))
|
||||
{
|
||||
Salt = salt,
|
||||
DegreeOfParallelism = Math.Max(Environment.ProcessorCount, 1),
|
||||
MemorySize = ArgonMemoryKb,
|
||||
Iterations = ArgonIterations,
|
||||
Iterations = ArgonIterations
|
||||
};
|
||||
|
||||
var hash = argon2.GetBytes(HashSize);
|
||||
byte[] hash = argon2.GetBytes(HashSize);
|
||||
return $"{Convert.ToBase64String(salt)}:{Convert.ToBase64String(hash)}";
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Verifies a plaintext password against a stored salt/hash string by recomputing the Argon2id
|
||||
/// hash with the extracted salt and comparing it to the stored hash using a fixed-time comparison
|
||||
/// to mitigate timing attacks.
|
||||
/// Verifies a plaintext password against a stored salt/hash string by recomputing the Argon2id
|
||||
/// hash with the extracted salt and comparing it to the stored hash using a fixed-time comparison
|
||||
/// to mitigate timing attacks.
|
||||
/// </summary>
|
||||
/// <param name="password">The plaintext password to verify.</param>
|
||||
/// <param name="stored">
|
||||
/// The stored string of the form <c>"{base64Salt}:{base64Hash}"</c> previously produced by <see cref="Hash"/>.
|
||||
/// The stored string of the form <c>"{base64Salt}:{base64Hash}"</c> previously produced by <see cref="Hash" />.
|
||||
/// </param>
|
||||
/// <returns>
|
||||
/// <c>true</c> if the password matches the stored hash; <c>false</c> if it does not match, the stored
|
||||
/// string is malformed (e.g. not in the expected two-part format, or not valid base64), or any other
|
||||
/// error occurs while verifying.
|
||||
/// <c>true</c> if the password matches the stored hash; <c>false</c> if it does not match, the stored
|
||||
/// string is malformed (e.g. not in the expected two-part format, or not valid base64), or any other
|
||||
/// error occurs while verifying.
|
||||
/// </returns>
|
||||
public bool Verify(string password, string stored)
|
||||
{
|
||||
try
|
||||
{
|
||||
var parts = stored.Split(
|
||||
string[] parts = stored.Split(
|
||||
':',
|
||||
StringSplitOptions.RemoveEmptyEntries
|
||||
);
|
||||
if (parts.Length != 2)
|
||||
return false;
|
||||
|
||||
var salt = Convert.FromBase64String(parts[0]);
|
||||
var expected = Convert.FromBase64String(parts[1]);
|
||||
byte[] salt = Convert.FromBase64String(parts[0]);
|
||||
byte[] expected = Convert.FromBase64String(parts[1]);
|
||||
|
||||
var argon2 = new Argon2id(Encoding.UTF8.GetBytes(password))
|
||||
Argon2id argon2 = new(Encoding.UTF8.GetBytes(password))
|
||||
{
|
||||
Salt = salt,
|
||||
DegreeOfParallelism = Math.Max(Environment.ProcessorCount, 1),
|
||||
MemorySize = ArgonMemoryKb,
|
||||
Iterations = ArgonIterations,
|
||||
Iterations = ArgonIterations
|
||||
};
|
||||
|
||||
var actual = argon2.GetBytes(expected.Length);
|
||||
byte[] actual = argon2.GetBytes(expected.Length);
|
||||
return CryptographicOperations.FixedTimeEquals(actual, expected);
|
||||
}
|
||||
catch
|
||||
@@ -83,4 +83,4 @@ public class Argon2Infrastructure : IPasswordInfrastructure
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,22 +1,22 @@
|
||||
namespace Infrastructure.PasswordHashing;
|
||||
|
||||
/// <summary>
|
||||
/// Service for hashing and verifying user passwords.
|
||||
/// Service for hashing and verifying user passwords.
|
||||
/// </summary>
|
||||
public interface IPasswordInfrastructure
|
||||
{
|
||||
/// <summary>
|
||||
/// Hashes a plaintext password, generating a new random salt.
|
||||
/// Hashes a plaintext password, generating a new random salt.
|
||||
/// </summary>
|
||||
/// <param name="password">The plaintext password to hash.</param>
|
||||
/// <returns>A string encoding both the salt and the resulting hash, suitable for storage.</returns>
|
||||
public string Hash(string password);
|
||||
|
||||
/// <summary>
|
||||
/// Verifies a plaintext password against a previously stored hash.
|
||||
/// Verifies a plaintext password against a previously stored hash.
|
||||
/// </summary>
|
||||
/// <param name="password">The plaintext password to verify.</param>
|
||||
/// <param name="stored">The stored salt/hash string previously produced by <see cref="Hash"/>.</param>
|
||||
/// <param name="stored">The stored salt/hash string previously produced by <see cref="Hash" />.</param>
|
||||
/// <returns><c>true</c> if the password matches the stored hash; otherwise <c>false</c>.</returns>
|
||||
public bool Verify(string password, string stored);
|
||||
}
|
||||
}
|
||||
@@ -1,15 +1,15 @@
|
||||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
<PropertyGroup>
|
||||
<TargetFramework>net10.0</TargetFramework>
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<Nullable>enable</Nullable>
|
||||
<RootNamespace>Infrastructure.PasswordHashing</RootNamespace>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup>
|
||||
<TargetFramework>net10.0</TargetFramework>
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<Nullable>enable</Nullable>
|
||||
<RootNamespace>Infrastructure.PasswordHashing</RootNamespace>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference
|
||||
Include="Konscious.Security.Cryptography.Argon2"
|
||||
Version="1.3.1"
|
||||
/>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference
|
||||
Include="Konscious.Security.Cryptography.Argon2"
|
||||
Version="1.3.1"
|
||||
/>
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
|
||||
Reference in New Issue
Block a user