Merge pull request #1 from p-kaczynski/develop

Solved problems with CPU and RAM usage
p-kaczynski · Oct 15, 2017 · dbf2452 · dbf2452
2 parents 45e1d70 + 61a999d
commit dbf2452
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 62 deletions.
diff --git a/SecretSanta.Common/Interface/IEncryptionProvider.cs b/SecretSanta.Common/Interface/IEncryptionProvider.cs
@@ -6,7 +6,6 @@ public interface IEncryptionProvider
     {
         void Decrypt<T>(T theModel) where T : ModelBase;
         void Encrypt<T>(T theModel) where T : ModelBase;
-        byte[] NewSalt();
         byte[] CalculatePasswordHash(string password, byte[] associatedData = null);
         bool VerifyPasswordHash(string password, byte[] storedHash);
         string GetEmailVerificationToken(SantaUser user);

diff --git a/SecretSanta.Data/EncryptionProvider.cs b/SecretSanta.Data/EncryptionProvider.cs
@@ -6,9 +6,8 @@
 using System.Reflection;
 using System.Security.Cryptography;
 using System.Text;
-using Isopoh.Cryptography.Argon2;
-using Isopoh.Cryptography.SecureArray;
 using JetBrains.Annotations;
+using Scrypt;
 using SecretSanta.Common.Helpers;
 using SecretSanta.Common.Interface;
 using SecretSanta.Domain.Models;
@@ -71,64 +70,20 @@ public void Decrypt<T>(T theModel) where T : ModelBase
                 (model, property, decryptor) => property.SetValue(model,
                     DecryptValue(decryptor, property.GetValue(model) as string)), decrypt: true);
 
-        public byte[] NewSalt()
-        {
-            var result = new byte[_saltLength];
-            _rngProvider.GetBytes(result);
-            return result;
-        }
-
         public byte[] CalculatePasswordHash(string password, byte[] associatedData = null)
         {
-            var passwordBytes = Encoding.UTF8.GetBytes(password);
-            var salt = new byte[16];
-            _rngProvider.GetBytes(salt);
-            var config = new Argon2Config
-            {
-                Type = Argon2Type.DataDependentAddressing,
-                Version = Argon2Version.Nineteen,
-                TimeCost = 10,
-                MemoryCost = 65536,
-                Lanes = 5,
-                Threads = Environment.ProcessorCount,
-                Password = passwordBytes,
-                Salt = salt, // >= 8 bytes if not null
-                Secret = _secret, // from config
-                AssociatedData = associatedData, // from item
-                HashLength = 32 // >= 4
-            };
-            var argon2A = new Argon2(config);
-            using (var hashA = argon2A.Hash())
-            {
-                return Encoding.UTF8.GetBytes(config.EncodeString(hashA.Buffer));
-            }
+            var encoder = new ScryptEncoder();
+            var hash = encoder.Encode(password);
+
+            return Encoding.UTF8.GetBytes(hash);
         }
 
         public bool VerifyPasswordHash(string password, byte[] storedHash)
         {
-            var passwordBytes = Encoding.UTF8.GetBytes(password);
-            var argonString = Encoding.UTF8.GetString(storedHash);
-            var configOfPasswordToVerify = new Argon2Config
-            {
-                Password = passwordBytes,
-                Secret = _secret,
-                Threads = 1
-            };
-            SecureArray<byte> hashB = null;
-            try
-            {
-                if (configOfPasswordToVerify.DecodeString(argonString, out hashB) && hashB != null)
-                {
-                    var argon2ToVerify = new Argon2(configOfPasswordToVerify);
-                    using (var hashToVerify = argon2ToVerify.Hash())
-                        return !hashB.Buffer.Where((b, i) => b != hashToVerify[i]).Any();
-                }
-            }
-            finally
-            {
-                hashB?.Dispose();
-            }
-            return false;
+            var hashString = Encoding.UTF8.GetString(storedHash);
+
+            var encoder = new ScryptEncoder();
+            return encoder.Compare(password, hashString);
         }
 
         public string GetEmailVerificationToken(SantaUser user)
@@ -158,10 +113,12 @@ private void WithCrypto<T>(T model, Action<T,PropertyInfo,ICryptoTransform> acti
 
                 foreach (var property in properties)
                 {
-                    var transform = decrypt ? aes.CreateDecryptor(aes.Key, aes.IV) : aes.CreateEncryptor(aes.Key
-                        , aes.IV);
-                    action(model, property, transform);
+                    using (var transform = decrypt ? aes.CreateDecryptor(aes.Key, aes.IV) : aes.CreateEncryptor(aes.Key, aes.IV))
+                    {
+                        action(model, property, transform);
+                    }
                 }
+                aes.Clear();
             }
         }
 

diff --git a/SecretSanta.Data/SecretSanta.Data.csproj b/SecretSanta.Data/SecretSanta.Data.csproj
@@ -40,9 +40,6 @@
     <Reference Include="Dapper.Contrib, Version=1.50.0.0, Culture=neutral, processorArchitecture=MSIL">
       <HintPath>..\packages\Dapper.Contrib.1.50.0\lib\net45\Dapper.Contrib.dll</HintPath>
     </Reference>
-    <Reference Include="Isopoh.Cryptography.Argon2, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9014340f40f5d160, processorArchitecture=MSIL">
-      <HintPath>..\packages\Isopoh.Cryptography.Argon2.1.0.4\lib\netstandard1.3\Isopoh.Cryptography.Argon2.dll</HintPath>
-    </Reference>
     <Reference Include="Isopoh.Cryptography.Blake2b, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9014340f40f5d160, processorArchitecture=MSIL">
       <HintPath>..\packages\Isopoh.Cryptography.Blake2b.1.0.4\lib\netstandard1.3\Isopoh.Cryptography.Blake2b.dll</HintPath>
     </Reference>
@@ -58,6 +55,9 @@
     <Reference Include="Microsoft.Win32.Primitives, Version=4.0.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Win32.Primitives.4.3.0\lib\net46\Microsoft.Win32.Primitives.dll</HintPath>
     </Reference>
+    <Reference Include="Scrypt, Version=1.3.0.0, Culture=neutral, processorArchitecture=MSIL">
+      <HintPath>..\packages\Scrypt.NET.1.3.0\lib\net20\Scrypt.dll</HintPath>
+    </Reference>
     <Reference Include="System" />
     <Reference Include="System.AppContext, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <HintPath>..\packages\System.AppContext.4.3.0\lib\net46\System.AppContext.dll</HintPath>

diff --git a/SecretSanta.Data/packages.config b/SecretSanta.Data/packages.config
@@ -3,14 +3,14 @@
   <package id="AutoMapper" version="6.1.1" targetFramework="net461" />
   <package id="Dapper" version="1.50.2" targetFramework="net461" />
   <package id="Dapper.Contrib" version="1.50.0" targetFramework="net461" />
-  <package id="Isopoh.Cryptography.Argon2" version="1.0.4" targetFramework="net461" />
   <package id="Isopoh.Cryptography.Blake2b" version="1.0.4" targetFramework="net461" />
   <package id="Isopoh.Cryptography.SecureArray" version="1.0.4" targetFramework="net461" />
   <package id="JetBrains.Annotations" version="11.0.0" targetFramework="net461" />
   <package id="Microsoft.AspNet.Identity.Core" version="2.2.1" targetFramework="net461" />
   <package id="Microsoft.NETCore.Platforms" version="1.1.0" targetFramework="net461" />
   <package id="Microsoft.Win32.Primitives" version="4.3.0" targetFramework="net461" />
   <package id="NETStandard.Library" version="1.6.1" targetFramework="net461" />
+  <package id="Scrypt.NET" version="1.3.0" targetFramework="net461" />
   <package id="System.AppContext" version="4.3.0" targetFramework="net461" />
   <package id="System.Collections" version="4.3.0" targetFramework="net461" />
   <package id="System.Collections.Concurrent" version="4.3.0" targetFramework="net461" />