-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathArgon2id.cs
More file actions
79 lines (65 loc) · 3.2 KB
/
Copy pathArgon2id.cs
File metadata and controls
79 lines (65 loc) · 3.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
using NetDevPack.Security.PasswordHasher.Core;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
using Sodium;
using System;
using NetDevPack.Security.PasswordHasher.Core.Utilities;
namespace NetDevPack.Security.PasswordHasher.Argon2;
/// <summary>
/// General class of the Argon2id implementation.
/// </summary>
/// <typeparam name="TUser"></typeparam>
public class Argon2Id<TUser> : IPasswordHasher<TUser> where TUser : class
{
private readonly PasswordHasher<TUser> _identityHasher;
private readonly ImprovedPasswordHasherOptions _options;
/// <summary>
/// Creates a new instance of <see cref="PasswordHasher{TUser}"/>.
/// </summary>
/// <param name="identityHasher">AspNet Identity PasswordHasher</param>
/// <param name="optionsAccessor">The options for this instance.</param>
public Argon2Id(PasswordHasher<TUser> identityHasher, IOptions<ImprovedPasswordHasherOptions> optionsAccessor = null)
{
_identityHasher = identityHasher;
_options = optionsAccessor?.Value ?? new ImprovedPasswordHasherOptions();
}
public string HashPassword(TUser user, string password)
{
ArgumentNullException.ThrowIfNull(password);
ArgumentNullException.ThrowIfNull(user);
// Unificando a lógica de hash
string hash = (_options.OpsLimit.HasValue && _options.MemLimit.HasValue)
? PasswordHash.ArgonHashString(password, _options.OpsLimit.Value, _options.MemLimit.Value)
: _options.Strength switch
{
PasswordHasherStrength.Interactive => PasswordHash.ArgonHashString(password, PasswordHash.StrengthArgon.Interactive),
PasswordHasherStrength.Moderate => PasswordHash.ArgonHashString(password, PasswordHash.StrengthArgon.Moderate),
PasswordHasherStrength.Sensitive => PasswordHash.ArgonHashString(password, PasswordHash.StrengthArgon.Sensitive),
_ => throw new ArgumentOutOfRangeException(nameof(_options.Strength), "Valor de força de hash inválido.")
};
// Remove o nulo terminal (0x00)
// TrimEnd é mais eficiente que Replace.
return hash.TrimEnd('\0');
}
public PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword)
{
ArgumentNullException.ThrowIfNull(user);
ArgumentNullException.ThrowIfNull(hashedPassword);
ArgumentNullException.ThrowIfNull(providedPassword);
var info = new HashInfo(hashedPassword);
// Support for migrating legacy ASP.NET Identity hashes (PBKDF2)
if (info.IsAspNetV2 || info.IsAspNetV3)
{
var result = _identityHasher.VerifyHashedPassword(user, hashedPassword, providedPassword);
if (result == PasswordVerificationResult.Success ||
result == PasswordVerificationResult.SuccessRehashNeeded)
{
return PasswordVerificationResult.SuccessRehashNeeded;
}
return PasswordVerificationResult.Failed;
}
return PasswordHash.ArgonHashStringVerify(hashedPassword, providedPassword)
? PasswordVerificationResult.Success
: PasswordVerificationResult.Failed;
}
}