/// <inheritdoc/>
public override byte[] Hash(byte[] password, byte[] salt, int iterations)
{
var config = new Argon2Config {
Type = (IArgon2.Argon2Type)Type,
Version = (IArgon2.Argon2Version)Version,
Password = password,
Salt = salt,
TimeCost = iterations,
Lanes = Parallelism,
Threads = Parallelism,
HashLength = HashLength,
MemoryCost = MemorySize * 1024,
};
using var argon2 = new Argon2(config);
using var result = argon2.Hash();
Debug.Assert(result.Buffer.Length == HashLength, "Unexpected hash length.");
return((byte[])result.Buffer.Clone());
}
public byte[] RecoverPrivateKey(string argon2mode, string walletPassword)
{
try
{
byte[] salt = Hex.Decode(Crypto.KdfParams.Salt);
Argon2 arg = Utils.Crypto.GetArgon2FromType(argon2mode, walletPassword);
//mpiva get from wallet not from config
arg.DegreeOfParallelism = Crypto.KdfParams.Parallelism; //_config.Parallelism;
arg.Iterations = Crypto.KdfParams.OpsLimit; //_config.OpsLimit;
arg.MemorySize = Crypto.KdfParams.MemLimitKib; //_config.MemLimitKIB;
arg.Salt = salt;
byte[] rawHash = arg.GetBytes(32);
// extract nonce
byte[] nonce = Hex.Decode(Crypto.CipherParams.Nonce);
// extract cipertext
byte[] ciphertext = Hex.Decode(Crypto.CipherText);
// recover private key
byte[] decrypted = null;
try
{
decrypted = SecretBox.Open(ciphertext, nonce, rawHash);
}
// ReSharper disable once EmptyGeneralCatchClause
catch
{
}
if (decrypted == null)
{
throw new AException("Error recovering privateKey: wrong password.");
}
return(decrypted);
}
catch (Exception e)
{
throw new AException("Error recovering privateKey: wrong password.", e);
}
}
/// <summary>
/// Test <see cref="Argon2"/>.
/// </summary>
/// <returns>
/// The result text.
/// </returns>
public static string TestArgon2ThreadsDontMatter()
{
var password = "******";
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
var configA = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
Password = passwordBytes,
TimeCost = 3,
MemoryCost = 32,
Lanes = 4,
Threads = 3,
};
var configB = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
Password = passwordBytes,
TimeCost = 3,
MemoryCost = 32,
Lanes = 4,
Threads = 1,
};
using (var argon2A = new Argon2(configA))
using (var argon2B = new Argon2(configB))
using (var hashA = argon2A.Hash())
using (var hashB = argon2B.Hash())
{
var hashTextA = configA.EncodeString(hashA.Buffer);
var hashTextB = configB.EncodeString(hashB.Buffer);
var res = string.Compare(hashTextA, hashTextB, StringComparison.Ordinal) == 0
? "ThreadsDontMatter Passed"
: "ThreadsDontMatter FAILED";
Console.WriteLine(res);
return(res);
}
}
/// <summary>
/// Given a password, salt and hash strategy, calculate the hash
/// </summary>
/// <param name="plainPassword"></param>
/// <param name="salt"></param>
/// <param name="hashStrategy"></param>
public SecuredPassword(string plainPassword, byte[] salt, HashStrategyKind hashStrategy)
{
_salt = salt;
SetHashStrategy(hashStrategy);
switch (hashStrategy)
{
case HashStrategyKind.Pbkdf210001Iterations:
var numberOfIterations = (int)_hashingParameter;
if (numberOfIterations <= 10000)
{
throw new ArgumentException("Iterations must be greater than 10000");
}
using (var deriveBytes = new Rfc2898DeriveBytes(plainPassword, salt, numberOfIterations, HashAlgorithmName.SHA256))
{
_hash = deriveBytes.GetBytes(_saltSize);
}
break;
case HashStrategyKind.Argon2WorkCost:
byte[] passwordBytes = Encoding.UTF8.GetBytes(plainPassword);
var config = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
TimeCost = 10,
MemoryCost = (int)_hashingParameter,
Lanes = 5,
Threads = Environment.ProcessorCount,
Password = passwordBytes,
Salt = _salt,
HashLength = 20 // >= 4
};
var argon2A = new Argon2(config);
using (SecureArray <byte> hashArgon = argon2A.Hash())
{
_hash = Encoding.ASCII.GetBytes(config.EncodeString(hashArgon.Buffer));
}
break;
}
IsValid = true;
}
public async Task <AuthResult> Register(string login, string password)
{
if (string.IsNullOrEmpty(password) ||
string.IsNullOrEmpty(login) ||
await _credentialsRepository.CheckLoginExistsAsync(login))
{
return(new AuthResult
{
Succeed = false
});
}
var passwordHash = Argon2.Hash(password);
var credentials = await _credentialsRepository.CreateCredentialsAsync(login, passwordHash);
return(new AuthResult
{
Succeed = true,
Credentials = credentials
});
}
public async Task <AuthenticateResponse> Authenticate(AuthenticateRequest authenticate)
{
try
{
Admin admin = await applicationDb.Admins.FirstOrDefaultAsync(a => a.Email.Equals(authenticate.Email));
if (admin is null)
{
return(null);
}
if (!Argon2.Verify(admin.Password, authenticate.Password))
{
return(null);
}
string token = GenerateJwtToken(admin);
return(new AuthenticateResponse(admin, token));
}catch (Exception e)
{
throw e;
}
}
private void registerButton_Click(object sender, EventArgs e)
{
if (!String.IsNullOrWhiteSpace(nameBox.Text) && !String.IsNullOrWhiteSpace(passwordBox.Text) &&
!String.IsNullOrWhiteSpace(applicationBox.Text) && !String.IsNullOrWhiteSpace(commentBox.Text))
{
RegistratrionFormConstruct registratrionFormConstruct = new RegistratrionFormConstruct(nameBox.Text, passwordBox.Text, applicationBox.Text, commentBox.Text);
AesEcnryption ecnryption = new AesEcnryption();
registratrionFormConstruct.password = ecnryption.PasswordEncryption(registratrionFormConstruct.password);
// MessageBox.Show($"encrypted :{registratrionFormConstruct.password}");
// ecnryption.PasswordDecryption(Convert.FromBase64String(registratrionFormConstruct.password));
// MessageBox.Show($"Decrypted :{ecnryption.PasswordDecryption(Convert.FromBase64String(registratrionFormConstruct.password))}");
Argon2 argon2 = new Argon2();
registratrionFormConstruct = argon2.PassowrdHashing(registratrionFormConstruct);
FileSystemUtility fileSystemUtility = new FileSystemUtility();
fileSystemUtility.RegistrationAndEncryption(registratrionFormConstruct);
}
else
{
MessageBox.Show("Please Fill out the form properly");
}
}
public string HashPassword(string password)
{
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException(password);
}
byte[] salt = new byte[32];
Argon2Config argon2Config = _argon2Config;
argon2Config.Password = Encoding.UTF8.GetBytes(password);
argon2Config.Salt = salt;
_randomNumberGenerator.GetBytes(salt);
var argon2 = new Argon2(argon2Config);
using SecureArray <byte> secureArray = argon2.Hash();
argon2.Dispose();
return(argon2Config.EncodeString(secureArray.Buffer));
}
public static byte[] Hash(byte[] input)
{
//
// Summary:
// Hashes the input using Dynamic's Argon2d parameters
// Memory Cost = 500
// Lanes (degree of parallelism) = 8
// Time Cost = 2
// Threads = 1 (changing this parameter does not change the resulting hash but increasing slows it down)
// Salt = input
// Password = input
// Hash length = 32 bytes
// See https://github.com/duality-solutions/Dynamic/blob/master/src/hash.h
// inline int Argon2d_Phase1_Hash()
// Parameters:
// input:
// input bytes to hash.
//
// Returns:
// The resulting hash byte array.
//
Argon2Config config = new Argon2Config();
config.MemoryCost = MEMORY_COST;
config.Lanes = NUMBER_LANES;
config.TimeCost = TIME_COST;
config.Threads = NUMBER_THREADS;
config.Salt = input;
config.Password = input;
config.HashLength = OUTPUT_BYTES;
config.Type = Argon2Type.DataDependentAddressing; // DataDependentAddressing = Argon2d. DataIndependentAddressing = Argon2i.
config.Version = Argon2Version.Nineteen; // not sure about this parameter.
config.Secret = null;
config.AssociatedData = null;
string strHash = Argon2.Hash(config);
return(Encoding.ASCII.GetBytes(strHash));
}
public static string EncryptPassword(string plainText, string salt)
{
byte[] passwordBytes = Encoding.UTF8.GetBytes(plainText);
byte[] saltBytes = Encoding.UTF8.GetBytes(salt + "12345678");
var config = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
TimeCost = 10,
MemoryCost = 32768,
Lanes = 5,
Threads = Environment.ProcessorCount,
Password = passwordBytes,
Salt = saltBytes, // >= 8 bytes if not null
HashLength = 20 // >= 4
};
var argon2A = new Argon2(config);
using (SecureArray <byte> hashA = argon2A.Hash())
{
return(config.EncodeString(hashA.Buffer));
}
}
public dynamic Login(LoginRequest request)
{
//ISession session = _httpContextAccessor.HttpContext.Session;
if (string.IsNullOrEmpty(request.username) || string.IsNullOrEmpty(request.password))
{
throw new Exception("Username or Password cannot be empty");
}
//search from db if any user with the given username exist or not
Userdetail user = _dbContext.Userdetails.Where(x => x.Username == request.username).Include(x => x.Timezone).FirstOrDefault();
if (user != null)
{
if (!Argon2.Verify(user.Userpassword, request.password))
{
throw new Exception("The password is incorrect");
}
else
{
AuthenticationResponse response = new AuthenticationResponse();
response.data = CreateToken(user: user);
response.success = true;
//byte[] userId = Encoding.ASCII.GetBytes(user.Userdetailid.ToString());
//session.Set("UserdetailId",userId);
return(response);
}
}
else
{
throw new Exception("This user does not exist");
}
}
public void TestArgon2ThreadsDontMatter()
{
var password = "******";
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
var configA = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
Password = passwordBytes,
TimeCost = 3,
MemoryCost = 32,
Lanes = 4,
Threads = 3,
};
var configB = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
Version = Argon2Version.Nineteen,
Password = passwordBytes,
TimeCost = 3,
MemoryCost = 32,
Lanes = 4,
Threads = 1,
};
using (var argon2A = new Argon2(configA))
using (var argon2B = new Argon2(configB))
using (var hashA = argon2A.Hash())
using (var hashB = argon2B.Hash())
{
var hashTextA = configA.EncodeString(hashA.Buffer);
var hashTextB = configB.EncodeString(hashB.Buffer);
Assert.Equal(hashTextA, hashTextB);
}
}
private string GetPasswordHash(string password)
{
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
byte[] salt = new byte[8];
RandomNumberGenerator Rng = RandomNumberGenerator.Create();
Rng.GetBytes(salt);
var config = new Argon2Config
{
Type = Argon2Type.DataIndependentAddressing,
TimeCost = 5,
MemoryCost = 16384,
Password = passwordBytes,
Salt = salt
};
var argon2A = new Argon2(config);
using (SecureArray <byte> hashA = argon2A.Hash())
{
return(config.EncodeString(hashA.Buffer));
}
}
public async Task <string> AddAdmin(Admin admin)
{
try
{
Admin a = await applicationDb.Admins
.Where(a => a.Email.Equals(admin.Email))
.FirstOrDefaultAsync();
if (a != null)
{
return("Email already exist");
}
admin.Password = Argon2.Hash(admin.Password);
await applicationDb.AddAsync(admin);
await applicationDb.SaveChangesAsync();
return("Add admin success");
}
catch (Exception e)
{
throw e;
}
}
public bool Verify(string encoded, string password)
{
return(Argon2.Verify(encoded, password));
}
public OutputSocketMessageWithUsers Execute(object val, string myLogin, Guid actId)
{
#region Тестовые данные
/* {
* "execFun": "ChangeUserInfo",
* "data": {
* "name":"String",
* "photo":"String",
* "about":"String",
* "changePass":"******",
* "oldPass":"******",
* "newPass":"******"
* }
* }
*/
#endregion
OutputSocketMessage output = new OutputSocketMessage("changeUserInfo", actId, true, "", new { });
OutputSocketMessage outputForOther = new OutputSocketMessage("changeUserInfo", Guid.Empty, true, "", new { });
OutputSocketMessageWithUsers rez = new OutputSocketMessageWithUsers();
DTO.ChangeUserInfo info = DeserializeObject.ParseJSON <DTO.ChangeUserInfo>(val, output, out rez);
if (info == null)
{
return(rez);
}
using (var db = new RaidaContext())
{
Members owner = db.Members.Include(m => m.MemberInGroup).FirstOrDefault(it => it.login.Equals(myLogin));
owner.nick_name = info.Name;
owner.photo_fragment = info.Photo;
owner.description_fragment = info.About;
if (info.ChangePass)
{
if (Argon2.Verify(owner.pass, info.OldPass, null))
{
if (info.NewPass.Trim().Length > 5)
{
owner.pass = Argon2.Hash(info.NewPass, 1, 512, 8);
}
else
{
output.success = false;
output.msgError = "Minimum length of password is 6 chars";
}
}
else
{
output.success = false;
output.msgError = "Current password is not valid";
}
}
db.SaveChanges();
var user = new UserInfo(owner.login, owner.nick_name, owner.photo_fragment, owner.online);
output.data = new
{
itself = true,
user
};
outputForOther.data = new
{
itself = false,
user
};
rez.forUserLogin = DeserializeObject.GetMyReferenceUser(db, owner);
}
rez.msgForOwner = output;
rez.msgForOther = outputForOther;
return(rez);
}
public static string HashPassword(string raw)
{
return(Argon2.Hash(raw));
}
/// <summary>
/// Validates the specified hash.
/// </summary>
/// <param name="hash">The hash.</param>
/// <param name="text">The text.</param>
/// <returns></returns>
public static bool Validate(string hash, string text)
{
return(Argon2.Verify(hash, text));
}
public static bool VerifyPassword(string hash, string raw)
{
return(Argon2.Verify(hash, raw));
}
public bool Verify(string dbPassword, string incomingPassword)
{
return(Argon2.Verify(dbPassword, incomingPassword));
}
/// <summary>
/// Gets the hash.
/// </summary>
/// <param name="text">The text.</param>
/// <returns></returns>
public static string GetHash(string text)
{
return(Argon2.Hash(text));
}
public static string CalcArgon2(string password, string salt)
{
// defaults
int iterations = 3;
int memoryCost = 1024;
int parallelism = 2;
int hashLength = 20;
string justSalt = salt;
Argon2 argon2 = null;
// check if salt has settings encoded in it
if (salt.StartsWith("$argon2"))
{
// apparently has settings encoded in it - use these
if (salt.StartsWith("$argon2i"))
{
argon2 = new Argon2i(Encoding.UTF8.GetBytes(password));
}
String[] saltComponents = salt.Split('$');
if (saltComponents.Length == 5)
{
// make sure Base64 encoded salt length is a multiple of 4 - if not pad
justSalt = Encoding.UTF8.GetString(DecodeBase64(saltComponents[4]));
String[] saltParams = saltComponents[3].Split(',');
foreach (string saltParam in saltParams)
{
String[] saltParamValues = saltParam.Split('=');
switch (saltParamValues[0])
{
case "t":
if (!int.TryParse(saltParamValues[1], out iterations))
{
iterations = 3;
}
break;
case "m":
if (!int.TryParse(saltParamValues[1], out memoryCost))
{
memoryCost = 1024;
}
break;
case "p":
if (!int.TryParse(saltParamValues[1], out parallelism))
{
parallelism = 2;
}
break;
case "l":
if (!int.TryParse(saltParamValues[1], out hashLength))
{
hashLength = 20;
}
break;
}
}
}
}
if (argon2 == null)
{
argon2 = new Argon2d(Encoding.UTF8.GetBytes(password));
}
argon2.DegreeOfParallelism = parallelism;
argon2.MemorySize = memoryCost;
argon2.Iterations = iterations;
argon2.Salt = Encoding.UTF8.GetBytes(justSalt);
var bytes = argon2.GetBytes(hashLength);
var result = BitConverter.ToString(bytes).Replace("-", "").ToLower();
return(result);
}
public string HashPassword(string password)
{
return(Argon2.Hash(password));
}
private static string ComputeHash(string user, string password)
{
var hash = Argon2.Hash(user + password);
return(hash);
}
private static bool CheckValidAuthorizedUser(string user, string password, string userHash)
{
return(Argon2.Verify(userHash, user + password));
}
public void Start()
{
_timer = new Stopwatch();
_timer.Start();
EventBasedNetListener listener = new EventBasedNetListener();
_netManager = new NetManager(listener)
{
UnsyncedEvents = true,
NatPunchEnabled = true,
};
_netManager.Start(3075);
listener.NetworkErrorEvent += (point, code) => Logger.Log(LogLevel.Debug, $"{point.Address}: Error {code}");
listener.ConnectionRequestEvent += request => request.AcceptIfKey("aetheria-cc65a44d");
listener.PeerConnectedEvent += peer =>
{
Logger.Log(LogLevel.Debug, $"User Connected: {peer.EndPoint}"); // Show peer ip
_users[peer.Id] = new User {
Peer = peer
};
};
listener.PeerDisconnectedEvent += (peer, info) =>
{
Logger.Log(LogLevel.Debug, $"User Disconnected: {peer.EndPoint}"); // Show peer ip
// foreach (var verifiedUser in _users.Values.Where(IsVerified))
// verifiedUser.Peer.Send("PlayerLeft", SessionData(verifiedUser.Peer).Username);
_users.Remove(peer.Id);
};
listener.NetworkLatencyUpdateEvent += (peer, latency) =>
{
// Logger($"Received Ping: {latency}");
_users[peer.Id].Latency = latency;
};
listener.NetworkReceiveEvent += (peer, reader, method) =>
{
var bytes = reader.GetRemainingBytes();
var message = MessagePackSerializer.Deserialize <Message>(bytes);
Logger.Log(LogLevel.Information, $"Received message: {MessagePackSerializer.ConvertToJson(new ReadOnlyMemory<byte>(bytes))}");
if (message == null)
{
return;
}
message.Peer = peer;
var user = _users[peer.Id];
var type = message.GetType();
if (type == typeof(LoginMessage) || type == typeof(RegisterMessage) || type == typeof(VerifyMessage))
{
if (IsVerified(user))
{
peer.Send(new LoginSuccessMessage {
Session = _users[peer.Id].SessionGuid
});
return;
}
Guid sessionGuid;
switch (message)
{
case RegisterMessage register when !IsValidUsername(register.Name):
peer.Send(new ErrorMessage {
Error = "Username Invalid"
});
return;
case RegisterMessage register when !IsValidEmail(register.Email):
peer.Send(new ErrorMessage {
Error = "Email Invalid"
});
return;
case RegisterMessage register:
{
sessionGuid = Guid.NewGuid();
peer.Send(new LoginSuccessMessage {
Session = sessionGuid
});
var newUserData = new Player
{
ID = Guid.NewGuid(),
Email = register.Email,
Password = Argon2.Hash(register.Password, null, memoryCost: 16384),
Username = register.Name
};
_database.Add(newUserData);
_sessions[sessionGuid] = new Session {
Data = newUserData, LastUpdate = DateTime.Now
};
if (!_users.ContainsKey(peer.Id))
{
return;
}
_users[peer.Id].SessionGuid = sessionGuid;
break;
}
case VerifyMessage verify when _sessions.ContainsKey(verify.Session):
_users[peer.Id].SessionGuid = verify.Session;
peer.Send(new LoginSuccessMessage {
Session = verify.Session
});
return;
case LoginMessage login:
{
var isEmail = IsValidEmail(login.Auth);
var userData = _database.GetAll <Player>().FirstOrDefault(x =>
(isEmail ? x.Email : x.Username) == login.Auth);
if (userData == null)
{
peer.Send(new ErrorMessage {
Error = isEmail ? "Email Not Found" : "Username Not Found"
});
return;
}
if (!Argon2.Verify(userData.Password, login.Password))
{
peer.Send(new ErrorMessage {
Error = "Password Incorrect"
});
return;
}
sessionGuid = Guid.NewGuid();
peer.Send(new LoginSuccessMessage {
Session = sessionGuid
});
_sessions.Add(sessionGuid, new Session {
Data = userData, LastUpdate = DateTime.Now
});
// TODO: Intermittent: users getting disconnected before getting here, check that key exists!
if (!_users.ContainsKey(peer.Id))
{
return;
}
_users[peer.Id].SessionGuid = sessionGuid;
break;
}
}
}
else
{
if (IsVerified(user))
{
if (_messageCallbacks.ContainsKey(type))
{
typeof(ActionCollection <>).MakeGenericType(new[] { type }).GetMethod("Invoke")
.Invoke(_messageCallbacks[type], new object[] { message });
}
else
{
Logger.Log(LogLevel.Warning, $"Received {type.Name} message but no one is listening for it so I'll just leave it here ¯\\_(ツ)_/¯\n{MessagePackSerializer.ConvertToJson(new ReadOnlyMemory<byte>(bytes))}");
}
_sessions[_users[peer.Id].SessionGuid].LastUpdate = DateTime.Now;
}
else
{
peer.Send(new ErrorMessage {
Error = "User Not Verified"
});
}
}
};
AddMessageListener <ChatMessage>(message =>
{
foreach (var verifiedUser in _users.Values.Where(IsVerified))
{
verifiedUser.Peer.Send(new ChatBroadcastMessage {
User = SessionData(message.Peer).Username, Text = message.Text
});
}
});
AddMessageListener <ChangeNameMessage>(message =>
{
SessionData(message.Peer).Username = message.Name;
_database.Add(SessionData(message.Peer));
});
// Observable.Timer(DateTimeOffset.Now, TimeSpan.FromSeconds(30)).Subscribe(_ =>
// {
// foreach (var s in _sessions.ToArray())
// {
// if (DateTime.Now.Subtract(s.Value.LastUpdate).TotalSeconds > s.Value.DurationSeconds)
// _sessions.Remove(s.Key);
// }
// });
Logger.LogInformation("LiteNetLib is now open to new connections. Please be gentle.");
}
public override string Hash(string plainSecret) => Argon2.Hash(plainSecret, _maxDuration, _memoryCost, _parallelism);
public string GetPasswordHash(string password)
{
return(Argon2.Hash(password));
}
public override bool Verify(string plainSecret, string hashedSecret) => Argon2.Verify(hashedSecret, plainSecret, _parallelism);
public static bool VerifyPassword(string password, string salt, string hashPassword)
{
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
byte[] saltBytes = Encoding.UTF8.GetBytes(salt);
return(Argon2.Verify(hashPassword, passwordBytes, saltBytes));
}
