public static byte[] ToRawArgon2(byte[] data, byte[] salt, uint iterations, uint memorySizeKiB, uint parallelism, Argon2Variant variant = Argon2Variant.Argon2id, uint derivedKeyLength = Argon2DerivedKeyLength)
{
switch (variant)
{
case Argon2Variant.Argon2d:
Argon2d argon2d = new Argon2d(data);
argon2d.Salt = salt;
argon2d.Iterations = (int)iterations;
argon2d.MemorySize = (int)memorySizeKiB;
argon2d.DegreeOfParallelism = (int)parallelism;
return(argon2d.GetBytes((int)derivedKeyLength));
case Argon2Variant.Argon2i:
Argon2i argon2i = new Argon2i(data);
argon2i.Salt = salt;
argon2i.Iterations = (int)iterations;
argon2i.MemorySize = (int)memorySizeKiB;
argon2i.DegreeOfParallelism = (int)parallelism;
return(argon2i.GetBytes((int)derivedKeyLength));
case Argon2Variant.Argon2id:
Argon2id argon2id = new Argon2id(data);
argon2id.Salt = salt;
argon2id.Iterations = (int)iterations;
argon2id.MemorySize = (int)memorySizeKiB;
argon2id.DegreeOfParallelism = (int)parallelism;
return(argon2id.GetBytes((int)derivedKeyLength));
default:
throw new Exception("Invalid Argon2 variant");
}
}
public static byte[] HashPasswordArgon2(byte[] password, byte[] salt, byte[] associatedData = null, byte[] knownSecret = null, Argon2Algorithm algorithm = Argon2Algorithm.i, int degreeOfParallelism = 2, int memorySize = 5120, int iterations = 10, int resultLength = 256)
{
Argon2 argon2;
switch (algorithm)
{
case Argon2Algorithm.i:
argon2 = new Argon2i(password);
break;
case Argon2Algorithm.d:
argon2 = new Argon2d(password);
break;
case Argon2Algorithm.id:
default:
throw new NotSupportedException();
}
argon2.DegreeOfParallelism = degreeOfParallelism;
argon2.MemorySize = memorySize;
argon2.Iterations = iterations;
argon2.Salt = salt;
argon2.AssociatedData = associatedData;
argon2.KnownSecret = knownSecret;
var hash = argon2.GetBytes(resultLength);
argon2.Dispose();
return(hash);
}
private void CreatePasswordHash(string password, out string hash, out string metadata)
{
byte[] salt = new byte[32];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(salt);
}
var metadataObject = new
{
HashType = "Argon2d",
DegreeOfParallelism = 2,
MemorySize = 65536,
Iterations = 10,
Salt = salt
};
metadata = JsonConvert.SerializeObject(metadataObject);
var passwordBytes = Encoding.UTF8.GetBytes(password);
var argon = new Argon2d(passwordBytes)
{
DegreeOfParallelism = metadataObject.DegreeOfParallelism,
MemorySize = metadataObject.MemorySize,
Iterations = metadataObject.Iterations,
Salt = metadataObject.Salt
};
var hashBytes = argon.GetBytes(64);
hash = Convert.ToBase64String(hashBytes);
}
private bool VerifyPasswordHash(string password, string storedHash, string metadata)
{
try
{
var obj = JsonConvert.DeserializeObject(metadata);
if (obj == null)
{
return(false);
}
dynamic metadataObject = obj;
if (metadataObject.HashType != "Argon2d")
{
return(false);
}
var passwordBytes = Encoding.UTF8.GetBytes(password);
var argon = new Argon2d(passwordBytes)
{
DegreeOfParallelism = metadataObject.DegreeOfParallelism,
MemorySize = metadataObject.MemorySize,
Iterations = metadataObject.Iterations,
Salt = metadataObject.Salt
};
var hashBytes = argon.GetBytes(64);
var storedHashBytes = Convert.FromBase64String(storedHash);
return(CompareSlowly(hashBytes, storedHashBytes));
}
catch (Exception)
{
return(false);
}
}
/// <summary>
/// Method for Argon2 algorythm
/// </summary>
/// <param name="pw"></param>
/// <param name="salt"></param>
/// <returns> returns enrypted bytes</returns>
private byte[] HashPasswordWithSalt(byte[] pw, byte[] salt)
{
var argon2 = new Argon2d(pw);
argon2.DegreeOfParallelism = 16;
argon2.MemorySize = 8192;
argon2.Iterations = 4;
argon2.Salt = salt;
return(argon2.GetBytes(128));
}
public string GetEncryptedPasswordAsString()
{
var argon2 = new Argon2d(Encoding.UTF8.GetBytes(plainPassword))
{
Salt = Encoding.UTF8.GetBytes(salt.ToString()),
KnownSecret = Encoding.UTF8.GetBytes(Resource.String.pepper.ToString()),
DegreeOfParallelism = 16,
Iterations = 40,
MemorySize = 8 * 1024
};
return(Encoding.UTF8.GetString(argon2.GetBytes(16)));
}
public byte[] Derive(byte[] password, byte[] salt)
{
// TODO: Move this to Crypto?
var argon2d = new Argon2d(password)
{
Salt = salt,
MemorySize = MemoryCost,
Iterations = TimeCost,
DegreeOfParallelism = Parallelism,
};
return(argon2d.GetBytes(32));
}
private static string GenerateHash(string password, Guid id)
{
var argon2 = new Argon2d(Encoding.UTF8.GetBytes(password))
{
DegreeOfParallelism = 1,
MemorySize = 256,
Iterations = 2,
Salt = Encoding.UTF8.GetBytes(id.ToString())
};
var hash = argon2.GetBytes(128);
var hashedString = Convert.ToBase64String(hash);
return(hashedString);
}
private static string CreateHashedPassword(string password, string salt)
{
byte[] passwordBytesTable = Encoding.ASCII.GetBytes(password);
byte[] saltBytesTable = Encoding.ASCII.GetBytes(salt);
Argon2 hashedPassword = new Argon2d(passwordBytesTable)
{
Salt = saltBytesTable,
Iterations = 6,
MemorySize = 258,
DegreeOfParallelism = 8
};
byte[] bytesHashedPassword = hashedPassword.GetBytes(128);
return(Encoding.UTF8.GetString(bytesHashedPassword));
}
internal static byte[] DeriveMasterKeyArgon2(byte[] compositeMasterKey, Dictionary <string, object> parameters)
{
InternalErrorException MakeError(string name) =>
new InternalErrorException($"Argon2 KDF parameter '{name}' not found or it is of incorrect type");
if (!(parameters.GetOrDefault("S", null) is byte[] salt))
{
throw MakeError("S");
}
if (!(parameters.GetOrDefault("I", null) is ulong iterations))
{
throw MakeError("I");
}
if (!(parameters.GetOrDefault("M", null) is ulong memoryCost))
{
throw MakeError("M");
}
if (!(parameters.GetOrDefault("P", null) is uint parallelism))
{
throw MakeError("P");
}
// TODO: Do we need to support "K" and "A"?
using var argon2d = new Argon2d(compositeMasterKey)
{
Salt = salt,
MemorySize = (int)(memoryCost / 1024),
Iterations = (int)iterations,
DegreeOfParallelism = (int)parallelism,
};
return(argon2d.GetBytes(32));
}
