Closed ghost closed 5 years ago
In your code sample, try to use ConfigureAwait(false) on the awaited task that you have there (This will replicate the non-Async version of GetBytes() as of the latest version.
That is, change:
byte[] h = await a.GetBytesAsync(64);
to
byte[] h = await a.GetBytesAsync(64).ConfigureAwait(false);
Also, if you're using the latest version, you should be able to just call .GetBytes
which just does the same thing.
If that doesn't do it, I'd be interested in knowing what parameters you're using. Namely DegreeOfParallelism, Iterations, and MemorySize. In your post, the last example you have appears to show that the hash is in fact being calculated, but it might just be taking a really long time. And if you tune these numbers correctly, you can set it up so that calculating your hash will take longer than the years either of us have left on earth. So it's possible that of all your attempts, the last one actually worked, but you're just generating an extraordinarily expensive hash.
Hi @kmaragon,
Thanks for your replies. I actually checked one of my methods that does that hashing and I did as you suggested in your first comment, adding the .ConfigureAwait(false)
, but this still does not compute the hash: Id = 90, Status = WaitingForActivation, Method = "{null}", Result = "{Not yet computed}"
I tried using GetBytes before, and although it did work with my ASP.NET MVC application, it did not work when I connected my application to IIS, as it gave me a NullReferenceException
so I thought the solution was to switch over to the asynchronous method.
I'm still testing my application, so I set the parameters to pretty much the lowest just so that I could ensure that it hashes the password in its input fine. The values are listed below:
DegreeOfParallelism = 1 Iterations = 1 *MemorySize = 8
I also tried it with these values which still yields the same error:
DegreeOfParallelism = 2 Iterations = 40 *MemorySize = 8192
NullReferenceException. Wow. Can you post the exception backtrace on that?
Sure thing:
System.AggregateException
HResult=0x80131500
Message=One or more errors occurred.
Source=MVCApp
StackTrace:
at MVCApp.Security.Password.Test(Byte[] password) in c:\users\danoded\source\repos\MVCApp\MVCApp\Security\Password.cs:line 181
at MVCApp.Security.Password.PasswordToBytes(String password, String& PASSWORDSALT, String& SALT, String& UUID) in c:\users\danoded\source\repos\MVCApp\MVCApp\Security\Password.cs:line 133
at MVCApp.Controllers.UserAccountController.SignUpNewCustomer(Customer signUp) in c:\users\danoded\source\repos\MVCApp\MVCApp\Controllers\UserAccountController.cs:line 381
at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__11_0()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_1.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
Inner Exception 1:
NullReferenceException: Object reference not set to an instance of an object.
Is it possible to catch that Aggregate exception and rethrow the inner exception via:
ExceptionDispatchInfo.Capture(e.InnerExceptions[0]).Throw();
I'm hoping the lack of stack trace there is something about the logger and not that the NullReferenceException was thrown from inside of some unmanaged IIS code with no .NET stack (which seems like wouldn't be able to throw an exception).
Yeah sure here:
System.NullReferenceException
HResult=0x80004003
Message=Object reference not set to an instance of an object.
Source=mscorlib
StackTrace:
at System.Security.Cryptography.HMAC.get_Key()
at Konscious.Security.Cryptography.HMACBlake2B.get_Key()
at Konscious.Security.Cryptography.HMACBlake2B.Initialize()
at Konscious.Security.Cryptography.Argon2Core.Initialize(Byte[] password)
at Konscious.Security.Cryptography.Argon2Core.<InitializeLanes>d__32.MoveNext()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Konscious.Security.Cryptography.Argon2Core.<Hash>d__27.MoveNext()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Konscious.Security.Cryptography.Argon2.<>c__DisplayClass2_0.<<GetBytes>b__0>d.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at MVCApp.Security.Password.Test(Byte[] password) in C:\Users\danoded\source\repos\MVCApp\MVCApp\Security\Password.cs:line 182
at MVCApp.Security.Password.PasswordToBytes(String password, String& PASSWORDSALT, String& SALT, String& UUID) in C:\Users\danoded\source\repos\MVCApp\MVCApp\Security\Password.cs:line 134
at MVCApp.Controllers.UserAccountController.SignUpNewCustomer(Customer signUp) in C:\Users\danoded\source\repos\MVCApp\MVCApp\Controllers\UserAccountController.cs:line 381
at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__11_0()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_1.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
There we go... This is probably un related to any of the threading issues. Did you construct the Hash with a non-null password? Either way, getting that in an aggregate exception is crappy. I'll update to throw that exception early in the GetBytes call without the async context so that it's not so hidden and cryptic.
Yeah my password is definitely not null, hashed perfectly fine with the built in SHA function (just used as a test to see if the password would hash).
Ok - I went through the reference source at https://referencesource.microsoft.com/#mscorlib/system/security/cryptography/hmac.cs,574972c57157be33
I assume this is .NET non-Core? Looking at .NET 4.x code, I can see how this can happen. I'll try a fix right now.
Yeah this is just .NET Framework 4.6.1.
Ok - I'm waiting for nuget to re-index. See if Argon2 1.1.3 + Blake2 1.0.8 fix the NullReferenceException when you can get them. (Actually Argon2 has no real fixes, I just cleaned up how exceptions are thrown so that if there is something wrong it doesn't land in an AggregateException and is just reported upfront).
Sure thing, thanks again for your help.
Just updated the package and tried the .GetBytes()
method and it worked perfectly, thanks again. If anything else somehow manages to come up I'll reopen the issue.
Woot! Looks like it's been a bug in the pre .NET core implementation all along.
Thanks for helping me debug that. I have no access to a Windows machine and don't have the incentive to use the money, disk space, and time to install it since 100% of my work both public and private is on Linux... Using .NET core when applicable.
No problem, thanks for the amazing library.
I'm having a very troubling issue trying to get the asynchronous task of Argon2 to work, as the synchronous task does not work on IIS.
I've followed all the advice and code given in this issue : https://github.com/kmaragon/Konscious.Security.Cryptography/issues/22
but the asynchronous task still will not complete, with this message:
Id = 74, Status = WaitingForActivation, Method = "{null}", Result = "{Not yet computed}"
The link provided shows all the code I've tested which has still resulted in exceptions thrown or asynchronous tasks not completing:
https://forums.asp.net/p/2146399/6227943.aspx?p=True&t=636715616764988597