up

src/StellaOps.Cryptography/Argon2idPasswordHasher.Sodium.cs

@@ -0,0 +1,30 @@
+#if STELLAOPS_CRYPTO_SODIUM
+using System;
+using System.Text;
+using Konscious.Security.Cryptography;
+
+namespace StellaOps.Cryptography;
+
+/// <summary>
+/// Placeholder for libsodium-backed Argon2id implementation.
+/// Falls back to the managed Konscious variant until native bindings land.
+/// </summary>
+public sealed partial class Argon2idPasswordHasher
+{
+    private static partial byte[] DeriveHashCore(string password, ReadOnlySpan<byte> salt, PasswordHashOptions options)
+    {
+        // TODO(SEC1.B follow-up): replace with libsodium/core bindings and managed pinning logic.
+        var passwordBytes = Encoding.UTF8.GetBytes(password);
+
+        using var argon2 = new Argon2id(passwordBytes)
+        {
+            Salt = salt.ToArray(),
+            DegreeOfParallelism = options.Parallelism,
+            Iterations = options.Iterations,
+            MemorySize = options.MemorySizeInKib
+        };
+
+        return argon2.GetBytes(HashLengthBytes);
+    }
+}
+#endif