2024-05-29 04:05:18 +03:00
|
|
|
|
using Konscious.Security.Cryptography;
|
|
|
|
|
using System;
|
2024-05-29 04:04:02 +03:00
|
|
|
|
using System.Text;
|
|
|
|
|
|
2024-05-29 04:11:04 +03:00
|
|
|
|
namespace Mirea.Api.Security.Services;
|
2024-05-29 04:04:02 +03:00
|
|
|
|
|
|
|
|
|
public class PasswordHashService
|
|
|
|
|
{
|
|
|
|
|
public int SaltSize { private get; init; }
|
|
|
|
|
public int HashSize { private get; init; }
|
|
|
|
|
public int Iterations { private get; init; }
|
|
|
|
|
public int Memory { private get; init; }
|
|
|
|
|
public int Parallelism { private get; init; }
|
|
|
|
|
public string? Secret { private get; init; }
|
|
|
|
|
|
|
|
|
|
private ReadOnlySpan<byte> HashPassword(string password, ReadOnlySpan<byte> salt)
|
|
|
|
|
{
|
|
|
|
|
var argon2 = new Argon2id(Encoding.UTF8.GetBytes(password))
|
|
|
|
|
{
|
|
|
|
|
Iterations = Iterations,
|
|
|
|
|
MemorySize = Memory,
|
|
|
|
|
DegreeOfParallelism = Parallelism,
|
|
|
|
|
Salt = salt.ToArray()
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
if (!string.IsNullOrEmpty(Secret))
|
|
|
|
|
argon2.KnownSecret = Convert.FromBase64String(Secret);
|
|
|
|
|
|
|
|
|
|
return argon2.GetBytes(HashSize);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private static bool ConstantTimeComparison(ReadOnlySpan<byte> a, ReadOnlySpan<byte> b)
|
|
|
|
|
{
|
|
|
|
|
if (a.Length != b.Length)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
int result = 0;
|
|
|
|
|
for (int i = 0; i < a.Length; i++)
|
|
|
|
|
result |= a[i] ^ b[i];
|
|
|
|
|
return result == 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public (string Salt, string Hash) HashPassword(string password)
|
|
|
|
|
{
|
2024-05-29 04:48:37 +03:00
|
|
|
|
var salt = GeneratorKey.GenerateBytes(SaltSize);
|
2024-05-29 04:04:02 +03:00
|
|
|
|
var hash = HashPassword(password, salt);
|
|
|
|
|
|
|
|
|
|
return (Convert.ToBase64String(salt), Convert.ToBase64String(hash));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public bool VerifyPassword(string password, ReadOnlySpan<byte> salt, ReadOnlySpan<byte> hash) =>
|
|
|
|
|
ConstantTimeComparison(HashPassword(password, salt), hash);
|
|
|
|
|
|
|
|
|
|
public bool VerifyPassword(string password, string saltBase64, string hashBase64) =>
|
|
|
|
|
VerifyPassword(password, Convert.FromBase64String(saltBase64), Convert.FromBase64String(hashBase64));
|
|
|
|
|
}
|