added salting to the hashes.

made marking of entities queryable explicit and forced.

Author: ddjerqq

README.md

@@ -15,7 +15,7 @@ When you need to store sensitive data in your database, you may want to encrypt
 encrypt data, it becomes impossible to query it by EF-core, which is not really convenient if you want to encrypt, for example, email addresses, or SSNs
 AND then filter entities by them.
 
-This library has support for hashing the sensitive data and storing their (sha256) hashes in a shadow property alongside the encrypted data.
+This library has support for hashing the salted sensitive data and storing their (Hmac Sha256) hashes in a shadow property alongside the encrypted data.
 This allows you to query for the encrypted properties without decrypting them first. using `QueryableExt.WherePdEquals`
 
 # Disclaimer
@@ -83,6 +83,11 @@ builder.Services.AddDataProtectionServices()
     .PersistKeysToFileSystem(keyDirectory);
 ```
 
+> [!WARNING]
+> If you want to query for encrypted properties, along with marking your properties as queryable, you **MUST** set 
+> `EFCORE_DATA_PROTECTION__HASHING_SALT` in the environment. I could suggest you setting it to a random guid, or a very long string.
+> This was implemented to prevent rainbow attacks on sensitive data.
+
 > [!TIP]
 > See the [Microsoft documentation](https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview) for more
 > information on **how to configure the data protection** services, and how to store your encryption keys securely.
@@ -110,17 +115,21 @@ Using the EncryptedAttribute:
 ```csharp
 class User
 {
-  [Encrypt(IsQueryable = true, IsUnique = true)]
+  [Encrypt(isQueryable: true, isUnique: true)]
   public string SocialSecurityNumber { get; set; }
 
-  [Encrypt(IsQueryable = false, IsUnique = false)]
+  [Encrypt(isQueryable: false, isUnique: false)]
   public byte[] IdPicture { get; set; }
 }
 ```
 
 > [!TIP]
-> By default `IsQueryable` and `IsUnique` are set to `true`, you can omit them if you want to use the default values.
-> If you have a property that is marked as `IsQueryable = true` and you want to query it, you **MUST** call `AddDataProtectionInterceptors` in your `DbContext` configuration.
+> `isQueryable` marks a property as queryable (this will generate a shadow hash) <br/>
+> `isUnique` marks a property as unique, and adds a unique index on the property. An index is added by default, even if the property is not marked as unique. However, that default index is not Unique. 
+
+> [!WARNING]
+> If you have a property that is marked as queryable, you **MUST** call `AddDataProtectionInterceptors` in your `DbContext` configuration.
+> And you **MUST** set `EFCORE_DATA_PROTECTION__HASHING_SALT` in the environment. Otherwise, an exception will be thrown while trying to save the entity. 
 
 Using the FluentApi (in your `DbContext.OnModelCreating` method):
 ```csharp
@@ -148,7 +157,7 @@ var foo = await DbContext.Users
 ```
 
 > [!WARNING]
-> The `QueryableExt.WherePdEquals` method is only available for properties that are marked as Queryable using the `[Encrypt(IsQueryable = true)]` attribute or the
+> The `QueryableExt.WherePdEquals` method is only available for properties that are marked as Queryable using the `[Encrypt(isQueryable: true)]` attribute or the
 > `IsEncryptedQueryable()` method.
 
 > [!CAUTION]
@@ -157,7 +166,7 @@ var foo = await DbContext.Users
 
 > [!NOTE]
 > The `WherePdEquals` extension method generates an expression like this one under the hood:<br/>
-> `Where(e => EF.Property<string>(e, $"{propertyName}ShadowHash") == value.Sha256Hash())`
+> `Where(e => EF.Property<string>(e, $"{propertyName}ShadowHash") == value.HmacSha256Hash())`
 
 ### Profit!
 

src/Klean.EntityFrameworkCore.DataProtection/EncryptAttribute.cs

@@ -15,10 +15,25 @@ public sealed class EncryptAttribute : Attribute
     /// Gets a boolean value indicating if this property can be queried from the database.
     /// Because of how data protection in this library is implemented, if you want your protected property to be queryable, you must ensure that the property is a string or byte[].
     /// </summary>
-    public bool IsQueryable { get; init; } = true;
+    internal bool IsQueryable { get; init; }
 
     /// <summary>
     /// Gets a boolean value indicating if this property should have a unique index.
     /// </summary>
-    public bool IsUnique { get; init; } = true;
+    internal bool IsUnique { get; init; }
+
+    /// <summary>
+    /// Marks a property as encrypted.
+    /// Optionally choose if you want your property to be queryable or not.
+    /// Optionally choose if you want your properties to have a Unique Index or not.
+    /// </summary>
+    /// <remarks>
+    /// Because of how data protection in this library is implemented, if you want your protected property to be queryable, you must ensure that the property is a string or byte[].
+    /// Please note, you must set `EFCORE_DATA_PROTECTION__HASHING_SALT` in the environment to be able to query for data.
+    /// </remarks>
+    public EncryptAttribute(bool isQueryable, bool isUnique)
+    {
+        IsQueryable = isQueryable;
+        IsUnique = isUnique;
+    }
 }

src/Klean.EntityFrameworkCore.DataProtection/Extensions/QueryableExt.cs

@@ -66,7 +66,7 @@ public static IQueryable<T> WherePdEquals<T>(this IQueryable<T> query, string pr
             parameter,
             Expression.Constant(shadowPropertyName));
 
-        var comp = Expression.Equal(property, Expression.Constant(value.Sha256Hash()));
+        var comp = Expression.Equal(property, Expression.Constant(value.HmacSha256Hash()));
         var lambda = Expression.Lambda<Func<T, bool>>(comp, parameter);
 
         return query.Where(lambda);

src/Klean.EntityFrameworkCore.DataProtection/Extensions/StringExt.cs

@@ -8,10 +8,17 @@ namespace EntityFrameworkCore.DataProtection.Extensions;
 /// </summary>
 internal static class StringExt
 {
-    internal static string Sha256Hash(this string value)
+    internal const string EnvKey = "EFCORE_DATA_PROTECTION__HASHING_SALT";
+
+    internal static string HmacSha256Hash(this string value)
     {
-        var bytes = Encoding.UTF8.GetBytes(value);
-        var hash = SHA256.HashData(bytes);
+        var salt =
+            Environment.GetEnvironmentVariable(EnvKey)
+            ?? throw new InvalidOperationException($"{EnvKey} is not present in the environment, please set it to a strong value and keep it safe, otherwise querying will not work.");
+
+        var saltBytes = Encoding.UTF8.GetBytes(salt);
+        var payloadBytes = Encoding.UTF8.GetBytes(value);
+        var hash = HMACSHA256.HashData(saltBytes, payloadBytes);
         var hexDigest = Convert.ToHexString(hash);
         return hexDigest.ToLower();
     }

src/Klean.EntityFrameworkCore.DataProtection/Interceptors/ShadowHashSynchronizingSaveChangesInterceptor.cs

@@ -62,7 +62,7 @@ from prop in entityType.GetProperties()
             var shadowProperty = entityType.FindProperty(shadowPropertyName);
 
             if (!string.IsNullOrWhiteSpace(originalValue) && shadowProperty is not null)
-                entry.Property(shadowPropertyName).CurrentValue = originalValue.Sha256Hash();
+                entry.Property(shadowPropertyName).CurrentValue = originalValue.HmacSha256Hash();
         }
     }
 }

src/Klean.EntityFrameworkCore.DataProtection/Klean.EntityFrameworkCore.DataProtection.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <Version>1.1.0</Version>
+        <Version>1.2.0</Version>
         <TargetFrameworks>net6.0;net7.0;net8.0;net9.0</TargetFrameworks>
         <ImplicitUsings>enable</ImplicitUsings>
         <Nullable>enable</Nullable>

test/Klean.EntityFrameworkCore.DataProtection.Test/Data/User.cs

@@ -9,7 +9,7 @@ internal sealed class User
 
     public required string Name { get; init; }
 
-    [Encrypt]
+    [Encrypt(true, true)]
     public required string SocialSecurityNumber { get; init; }
 
     /// <summary>
@@ -19,7 +19,7 @@ internal sealed class User
 
     public required AddressData Address { get; init; }
 
-    [Encrypt(IsQueryable = false, IsUnique = false)]
+    [Encrypt(false, false)]
     public required byte[] IdPicture { get; init; }
 
     public static User CreateRandom()

test/Klean.EntityFrameworkCore.DataProtection.Test/DbContext.Test.cs

@@ -7,6 +7,13 @@ namespace Klean.EntityFrameworkCore.DataProtection.Test;
 
 internal sealed class DbContextTests
 {
+    [OneTimeSetUp]
+    public void InitializeEnv()
+    {
+        var value = Environment.GetEnvironmentVariable(StringExt.EnvKey);
+        Environment.SetEnvironmentVariable(StringExt.EnvKey, value ?? Guid.NewGuid().ToString());
+    }
+
     [Test]
     public void Test_CreationWorks()
     {

test/Klean.EntityFrameworkCore.DataProtection.Test/ExceptionHandling.Test.cs

@@ -66,7 +66,7 @@ protected override void OnModelCreating(ModelBuilder modelBuilder)
 
     class BadEntity
     {
-        [Encrypt]
+        [Encrypt(true, true)]
         public Guid Id { get; set; }
     }
 }

test/Klean.EntityFrameworkCore.DataProtection.Test/StringExt.Test.cs

@@ -0,0 +1,28 @@
+using EntityFrameworkCore.DataProtection.Extensions;
+using FluentAssertions;
+
+namespace Klean.EntityFrameworkCore.DataProtection.Test;
+
+internal sealed class StringExtTests
+{
+    [OneTimeSetUp]
+    public void InitializeEnv()
+    {
+        var value = Environment.GetEnvironmentVariable(StringExt.EnvKey);
+        Environment.SetEnvironmentVariable(StringExt.EnvKey, value ?? Guid.NewGuid().ToString());
+    }
+
+    [Test]
+    public void Test_HmacSha256_Is_Deterministic()
+    {
+        var payload = "hello world";
+
+        var hash = payload.HmacSha256Hash();
+        Console.WriteLine(hash);
+
+        var hash2 = payload.HmacSha256Hash();
+        Console.WriteLine(hash2);
+
+        hash.Should().BeEquivalentTo(hash2);
+    }
+}