public KeyDerivationParameters(KeyDerivationPrf derivationFunction, IterationCount iterationCount,
SaltLength saltLength, KeyLength keyLength)
{
DerivationFunction = derivationFunction;
IterationCount = iterationCount;
SaltLength = saltLength;
KeyLength = keyLength;
}
private byte[] GenerateSaltBytes(SaltLength length = SaltLength.SaltLong)
{
var salt = length == SaltLength.SaltLong
? PasswordHash.ScryptGenerateSalt()
: PasswordHash.ArgonGenerateSalt();
return(salt);
}
/// <summary>
/// GenerateSalt - Creating salt of hashing message
/// </summary>
/// <param name="length">Length of hash possible: SaltLong - 32, SaltShort - 16</param>
/// <returns>Salt as string</returns>
public string GenerateSalt(SaltLength length = SaltLength.SaltLong)
{
var salt = length == SaltLength.SaltLong
? PasswordHash.ScryptGenerateSalt()
: PasswordHash.ArgonGenerateSalt();
return(salt.EncodeByteArray());
}
public void GenerateHashAndSalt_ThenCheckingOtherPassword_ReturnsFalse()
{
// Arrange
var iterationCount = 10_000;
var saltLength = 16;
var keyLength = 64;
var parameters = new KeyDerivationParameters(KeyDerivationPrf.HMACSHA512,
IterationCount.From(iterationCount), SaltLength.From(saltLength), KeyLength.From(keyLength));
var rng = Substitute.For <ICryptoRng>();
rng.GetRandomBytes(Arg.Any <int>()).Returns(args => new byte[args.Arg <int>()]);
var service = new PasswordService(parameters, rng);
var password = PlaintextPassword.From("somePass");
var otherPass = PlaintextPassword.From("otherPass");
// Act
var hash = service.GeneratePasswordHashAndSalt(password);
var checkResult = service.CheckIfPasswordMatchesHash(otherPass, hash);
// Assert
Assert.IsFalse(checkResult);
}
public void GenerateHashAndSalt_ReturnsHash_WithNumberOfBytesEqualToKeyLengthParameter()
{
// Arrange
var iterationCount = 10_000;
var saltLength = 16;
var keyLength = 64;
var parameters = new KeyDerivationParameters(KeyDerivationPrf.HMACSHA512,
IterationCount.From(iterationCount), SaltLength.From(saltLength), KeyLength.From(keyLength));
var rng = Substitute.For <ICryptoRng>();
rng.GetRandomBytes(Arg.Any <int>()).Returns(args => new byte[args.Arg <int>()]);
var service = new PasswordService(parameters, rng);
// Act
var hash = service.GeneratePasswordHashAndSalt(PlaintextPassword.From("somePassword"));
// Assert
Assert.AreEqual(keyLength, Convert.FromBase64String(hash.Base64PasswordHash.Value).Length);
}
