static string calcHmac( string data )
{
byte[] key = Encoding.ASCII.GetBytes(AUTH_TOKEN);
HMACSHA256 myhmacsha256 = new HMACSHA256(key);
byte[] byteArray = Encoding.ASCII.GetBytes(data);
MemoryStream stream = new MemoryStream(byteArray);
string result = myhmacsha256.ComputeHash(stream).Aggregate("", (s, e) => s + String.Format("{0:x2}",e), s => s );
Console.WriteLine(result);
return result;
}
static void Main()
{
var data = "testtesttest";
var secretKey = "secretkey";
// Initialize the keyed hash object using the secret key as the key
HMACSHA256 hashObject = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey));
// Computes the signature by hashing the salt with the secret key as the key
var signature = hashObject.ComputeHash(Encoding.UTF8.GetBytes(data));
// Base 64 Encode
var encodedSignature = Convert.ToBase64String(signature);
// URLEncode
// encodedSignature = System.Web.HttpUtility.UrlEncode(encodedSignature);
Console.WriteLine("Voila! A signature: " + encodedSignature);
Console.ReadKey();
}
public static string HMACSHA256Encode(string input, string key)
{
byte[] k = Encoding.ASCII.GetBytes (key);
HMACSHA256 myhmacsha256 = new HMACSHA256 (k);
byte[] byteArray = Encoding.ASCII.GetBytes (input);
using (MemoryStream stream = new MemoryStream (byteArray)){
return byteToHex(myhmacsha256.ComputeHash (stream));
}
}
string container = "ogp"; //Storage container created on azure portal called "test"
#endregion Fields
#region Methods
private static String SignThis(String StringToSign, string Key, string Account)
{
String signature = string.Empty;
byte[] unicodeKey = Convert.FromBase64String(Key);
using (HMACSHA256 hmacSha256 = new HMACSHA256(unicodeKey))
{
Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(StringToSign);
signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
}
String authorizationHeader = String.Format(
CultureInfo.InvariantCulture,
"{0} {1}:{2}",
"SharedKeyLite",
Account,
signature);
return authorizationHeader;
}
public static string getHashSha256(string text, string mail)
{
byte[] key = Encoding.UTF8.GetBytes(mail);
byte[] bytes = Encoding.UTF8.GetBytes(text);
HMACSHA256 hashstring = new HMACSHA256(key);
byte[] hash = hashstring.ComputeHash(bytes);
string hashString = string.Empty;
foreach (byte x in hash)
{
hashString += String.Format("{0:x2}", x);
}
return hashString;
}
public Crypto(Guid sessionId, byte[] cipherKey, byte[] cipherNonce, byte[] macKey)
{
if (cipherKey.Length != 16) {
throw new System.ArgumentException("Chipher Key must be 16 bytes");
}
if (cipherNonce.Length != 8) {
throw new System.ArgumentException("Chipher Nonce must be 8 bytes");
}
if (macKey.Length != 32) {
throw new System.ArgumentException("Mac Key must be 32 bytes");
}
_sequence = 0;
_sessionId = TransposeGuidBytes(sessionId.ToByteArray());
_cipherKey = cipherKey;
_cipherNonce = cipherNonce;
_cipherCounter = new byte[_cipherNonce.Length + sizeof(uint) + sizeof(uint)];
_macKey = macKey;
if (_sessionId.Length != 16) {
throw new System.ArgumentException("Session ID must be 16 bytes");
}
if (_cipherCounter.Length != 16) {
throw new System.ArgumentException("Chipher Counter must be 16 bytes");
}
// aes-128-ecb
Aes aes = Aes.Create();
aes.Mode = CipherMode.ECB;
aes.Key = _cipherKey;
_cryptoAlgorithm = aes.CreateEncryptor();
_hashAlgorithm = new HMACSHA256(_macKey);
_hashLength = _hashAlgorithm.HashSize / 8;
_sharedSecret = new byte[_cipherKey.Length + _cipherNonce.Length + _macKey.Length];
if (_hashLength != 32) {
throw new System.ArgumentException("Hash must be 32 bytes");
}
if (_sharedSecret.Length != 56) {
throw new System.ArgumentException("Shared Secret must be 56 bytes");
}
// copy _chipherKey to _sharedSecret
Buffer.BlockCopy(_cipherKey, 0, _sharedSecret, 0, _cipherKey.Length);
// copy _cipherNonce to _sharedSecret
Buffer.BlockCopy(_cipherNonce, 0, _sharedSecret, _cipherKey.Length, cipherNonce.Length);
// copy _macKey to _sharedSecret
Buffer.BlockCopy(_macKey, 0, _sharedSecret, _cipherKey.Length + _cipherNonce.Length, _macKey.Length);
// copy _cipherNonce to _cihperCounter
Buffer.BlockCopy(_cipherNonce, 0, _cipherCounter, 0, _cipherNonce.Length);
}
static void Main(string[] args)
{
using (var rijndael = new RijndaelManaged())
using (var hmacsha256 = new HMACSHA256())
{
rijndael.GenerateKey();
hmacsha256.Initialize();
Console.WriteLine(template, new SoapHexBinary(rijndael.Key), new SoapHexBinary(hmacsha256.Key));
}
Console.WriteLine("press any key to exit...");
Console.ReadKey();
}
/// <summary>
/// Code for generating of SAS token for authorization with Service Bus
/// </summary>
/// <param name="resourceUri"></param>
/// <param name="keyName"></param>
/// <param name="key"></param>
/// <returns></returns>
private static string createToken(string resourceUri, string keyName, string key)
{
TimeSpan sinceEpoch = DateTime.UtcNow - new DateTime(1970, 1, 1);
var expiry = Convert.ToString((int)sinceEpoch.TotalSeconds + 3600); //EXPIRES in 1h
string stringToSign = HttpUtility.UrlEncode(resourceUri) + "\n" + expiry;
HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));
var signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
var sasToken = String.Format(CultureInfo.InvariantCulture,
"SharedAccessSignature sr={0}&sig={1}&se={2}&skn={3}",
HttpUtility.UrlEncode(resourceUri), HttpUtility.UrlEncode(signature), expiry, keyName);
return sasToken;
}
// Use this for initialization
void Start () {
Rfc2898DeriveBytes PBKDF2_hash = new Rfc2898DeriveBytes("qwerty", Encoding.ASCII.GetBytes("rm4fSDh0sofK"), 20000);
HMACSHA256 HMACSHA256_hash = new HMACSHA256();
//System.Text.Encoding.UTF8.GetString(bytes);
string hPassword = Convert.ToBase64String(PBKDF2_hash.GetBytes(32));
Debug.Log("Hash = " + hPassword);
//Debug.Log("Password hash" + Encoding.ASCII.GetString(PBKDF2.GetBytes(256)));
//PBKDF2.Salt =
/*string password = "******";
string hPassword = ComputeHash(password, new SHA256CryptoServiceProvider());
Debug.Log("Hash from: " + password + " = " + hPassword);*/
}
public byte[] Decrypt(byte[] payload)
{
byte[] payloadToSign = _ByteSlice(payload, 0, payload.Length - _hashLength);
byte[] serverHmac = _ByteSlice(payload, payload.Length - _hashLength, payload.Length);
HMACSHA256 hashAlgorithm = new HMACSHA256(_macKey);
byte[] clientHmac = hashAlgorithm.ComputeHash(payloadToSign);
if (!ByteEqual(serverHmac, clientHmac)) {
throw new System.ArgumentException("Bad Signature");
}
byte[] eBytes = _ByteSlice(payload, SEQ_LEN, payload.Length - _hashLength);
byte[] dBytes = new byte[eBytes.Length];
// seq is always 0 from server
uint seq = 0;
_Ctr(seq, eBytes, dBytes, 0);
return dBytes;
}
/// <summary>
/// Computes the Client Assertion portion of the JWT
/// </summary>
/// <param name="header">The JSON Web Token header</param>
/// <param name="claimSet">The JSON Web Token claim set</param>
/// <param name="clientSecret">The client's secret</param>
/// <returns>The assertion</returns>
public string BuildAssertion(JWTHeader header, JWTClaimSet claimSet, string clientSecret)
{
// Serialize the header and claimSet
string serializedHeader = JsonConvert.SerializeObject(header);
string serializedClaimSet = JsonConvert.SerializeObject(claimSet);
// Base64Encode the header and claimSet
string encodedHeader = Convert.ToBase64String(UTF8Encoding.UTF8.GetBytes(serializedHeader));
string encodedClaimSet = Convert.ToBase64String(UTF8Encoding.UTF8.GetBytes(serializedClaimSet));
// Concatenate the header and the claims separated with a '.': [header].[claims]
string message = string.Join(".", encodedHeader, encodedClaimSet);
// Apply an HMAC/SHA-256 hash* to the concatenated content using the Client Secret as the key
HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(clientSecret));
byte[] hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
// Base64Encode the result of the hash
string signature = Convert.ToBase64String(hash);
// Combine the encoded elements as follows [header].[claims].[hash]
string assertion = string.Join(".", encodedHeader, encodedClaimSet, signature);
return assertion;
}
public byte[] Encrypt(byte[] payload)
{
_sequence++;
byte[] seqBytes = BitConverter.GetBytes(IPAddress.NetworkToHostOrder((int)_sequence));
byte[] cipherBytes = new byte[payload.Length];
byte[] outpacket = new byte[cipherBytes.Length + SEQ_LEN + _hashLength];
_Ctr(_sequence, payload, cipherBytes, 0);
Buffer.BlockCopy(seqBytes, 0, outpacket, 0, SEQ_LEN);
Buffer.BlockCopy(cipherBytes, 0, outpacket, SEQ_LEN, cipherBytes.Length);
byte[] payloadToSign = _ByteSlice(outpacket, 0, outpacket.Length - _hashLength);
HMACSHA256 hashAlgorithm = new HMACSHA256(_macKey);
byte[] hmac = hashAlgorithm.ComputeHash(payloadToSign);
Buffer.BlockCopy(hmac, 0, outpacket, outpacket.Length - _hashLength, _hashLength);
byte[] epacket = new byte[_sessionId.Length + SEQ_LEN + outpacket.Length];
Buffer.BlockCopy(_sessionId, 0, epacket, 0, _sessionId.Length);
Buffer.BlockCopy(seqBytes, 0, epacket, _sessionId.Length, SEQ_LEN);
Buffer.BlockCopy(outpacket, 0, epacket, _sessionId.Length + SEQ_LEN, outpacket.Length);
return epacket;
}
public void init()
{
System.Net.ServicePointManager.DefaultConnectionLimit = 1000;
secure = secret_key.Length > 0;
subscriptions = new Hashtable();
origin = (ssl?"https://":"http://") + origin;
if(secure) {
sha256 = new HMACSHA256( System.Text.Encoding.UTF8.GetBytes(secret_key) );
}
pubnub.init(this);
initialized = true;
}
private SimpleWebToken CreateToken(ClaimCollection claims, string issuerName, string appliesTo)
{
appliesTo = appliesTo.ToLower();
var sKey = ConfigurationManager.AppSettings[appliesTo];
if (String.IsNullOrEmpty(sKey))
{
//check if appliesTo failed to find the key because it's missing a trailing slash,
//or because it has a trailing slash which shouldn't be there
//and act accordingly (and try again):
if (!appliesTo.EndsWith("/"))
appliesTo += "/";
else
appliesTo = VirtualPathUtility.RemoveTrailingSlash(appliesTo);
sKey = ConfigurationManager.AppSettings[appliesTo];
if (String.IsNullOrEmpty(sKey))
throw new ConfigurationException(String.Format("Missing symmetric key for \"{0}\".", appliesTo));
}
var key = this.HexToByte(sKey);
var sb = new StringBuilder();
foreach (var c in claims)
sb.AppendFormat("{0}={1}&", HttpUtility.UrlEncode(c.ClaimType), HttpUtility.UrlEncode(c.Value));
double lifeTimeInSeconds = 3600;
sb
.AppendFormat("TokenId={0}&", HttpUtility.UrlEncode(Guid.NewGuid().ToString()))
.AppendFormat("Issuer={0}&", HttpUtility.UrlEncode(issuerName))
.AppendFormat("Audience={0}&", HttpUtility.UrlEncode(appliesTo))
.AppendFormat("ExpiresOn={0:0}", (DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds + lifeTimeInSeconds);
var unsignedToken = sb.ToString();
var hmac = new HMACSHA256(key);
var sig = hmac.ComputeHash(Encoding.ASCII.GetBytes(unsignedToken));
string signedToken = String.Format("{0}&HMACSHA256={1}",
unsignedToken,
HttpUtility.UrlEncode(Convert.ToBase64String(sig)));
return new SimpleWebToken(signedToken);
}
/**
* Computes RFC 2104-compliant HMAC signature for request parameters
* Implements AWS Signature, as per following spec:
*
* If Signature Version is 2, string to sign is based on following:
*
* 1. The HTTP Request Method followed by an ASCII newline (%0A)
* 2. The HTTP Host header in the form of lowercase host, followed by an ASCII newline.
* 3. The URL encoded HTTP absolute path component of the URI
* (up to but not including the query string parameters);
* if this is empty use a forward '/'. This parameter is followed by an ASCII newline.
* 4. The concatenation of all query string components (names and values)
* as UTF-8 characters which are URL encoded as per RFC 3986
* (hex characters MUST be uppercase), sorted using lexicographic byte ordering.
* Parameter names are separated from their values by the '=' character
* (ASCII character 61), even if the value is empty.
* Pairs of parameter and values are separated by the '&' character (ASCII code 38).
*
*/
private static String SignParameters(IDictionary<String, String> parameters, String key)
{
String signatureVersion = "2";
KeyedHashAlgorithm algorithm = new HMACSHA256();
String stringToSign = null;
if ("2".Equals(signatureVersion))
{
String signatureMethod = "HmacSHA256";
algorithm = KeyedHashAlgorithm.Create(signatureMethod.ToUpper());
stringToSign = CalculateStringToSignV2(parameters);
}
else
{
throw new Exception("Invalid Signature Version specified");
}
return Sign(stringToSign, key, algorithm);
}
public string GetSignature(string secretAccessKey, string host = "ecs.amazonaws.jp", string path = "/onca/xml")
{
var queryStr = this.ToQueryString();
var strToSign = string.Format("GET\n{0}\n{1}\n{2}", host, path, queryStr);
var toSign = Encoding.UTF8.GetBytes(strToSign);
var signer = new HMACSHA256(Encoding.UTF8.GetBytes(secretAccessKey));
var sigBytes = signer.ComputeHash(toSign);
var signature = CustomUrlEncode(Convert.ToBase64String(sigBytes));
return signature;
}
/// <summary>
/// Singature mapping which corresponds to php's 'hash_hmac'
/// </summary>
/// <param name="message"></param>
/// <returns></returns>
private string GetSignature(string message)
{
var secretKeyBytes = encoding.GetBytes(ApiSecret);
//using the bytemap
using (var hmacsha256 = new HMACSHA256(secretKeyBytes))
{
hmacsha256.ComputeHash(encoding.GetBytes(message));
//Return the corresponding string for the signature request.
return hmacsha256.Hash.Aggregate(string.Empty, (current, b) => current + b.ToString("X2")).ToLower();
}
}
public static byte[] GetHmacSignatureInBytes(byte[] data, byte[] sharedSecret)
{
HMACSHA256 hash = new HMACSHA256();
hash.Key = sharedSecret;
byte[] hashedValue = hash.ComputeHash(data);
return hashedValue;
}
public static byte[] Generate(byte[] password, byte[] salt, int iterationCount, int byteCount)
{
if (iterationCount <= 0)
{
throw new ArgumentOutOfRangeException("iterationCount", "Iteration count should be positive");
}
if (byteCount < 0)
{
throw new ArgumentOutOfRangeException("byteCount", "Byte count should be nonnegative");
}
using (var hmac = new HMACSHA256())
{
hmac.Key = password;
// Prepare hash input (salt + block index)
var hashInputSize = salt.Length + 4;
var hashInput = new byte[hashInputSize];
salt.CopyTo(hashInput, 0);
hashInput[hashInputSize - 4] = 0;
hashInput[hashInputSize - 3] = 0;
hashInput[hashInputSize - 2] = 0;
hashInput[hashInputSize - 1] = 0;
var bytes = new byte[byteCount];
var hashSize = hmac.HashSize / 8;
var blockCount = (byteCount + hashSize - 1) / hashSize;
for (var i = 0; i < blockCount; ++i)
{
// Increase 32-bit big-endian block index at the end of the hash input buffer
if (++hashInput[hashInputSize - 1] == 0)
{
if (++hashInput[hashInputSize - 2] == 0)
{
if (++hashInput[hashInputSize - 3] == 0)
{
++hashInput[hashInputSize - 4];
}
}
}
var hashed = hmac.ComputeHash(hashInput);
var block = hashed;
for (var j = 1; j < iterationCount; ++j)
{
hashed = hmac.ComputeHash(hashed);
for (var k = 0; k < hashed.Length; ++k)
{
block[k] ^= hashed[k];
}
}
var offset = i * hashSize;
var size = Math.Min(hashSize, byteCount - offset);
Array.Copy(block, 0, bytes, offset, size);
}
return(bytes);
}
}
private static byte[] HashHMAC(byte[] key, byte[] message)
{
var hash = new HMACSHA256(key);
return(hash.ComputeHash(message));
}
private byte[] HashHMAC(byte[] decodedToken, byte[] secretKey)
{
var hash = new HMACSHA256(secretKey);
return(hash.ComputeHash(decodedToken));
}
private static byte[] Sign(byte[] key, byte[] data)
{
HMACSHA256 sha256 = new HMACSHA256(data);
return(sha256.ComputeHash(key));
}
public byte[] GenerateHmacHash(string input, string key)
{
var hmacsha256 = new HMACSHA256(utf8Converter.ConvertToBytes(key));
return(hmacsha256.ComputeHash(utf8Converter.ConvertToBytes(input)));
}
static byte[] applyHMACwithSHA256(byte[] byteInput, byte[] key)
{
HMACSHA256 hmacSHA256 = new HMACSHA256(key);
byte[] result = hmacSHA256.ComputeHash(byteInput);
return result;
}
public static byte[] HashStringToBytes(string str_to_hash)
{
HMACSHA256 hs256 = new HMACSHA256(Encoding.ASCII.GetBytes(ConfigurationManager.AppSettings["UserSalt"]));
return hs256.ComputeHash(StringToBytes(str_to_hash));
}
public void DeleteMultipleBlobs(List <string> blobs)
{
if (blobs.Count == 0)
{
return;
}
if (_hasSasToken)
{
// Multi-Delete isn't supported when using a SAS token
// https://issues.hibernatingrhinos.com/issue/RavenDB-14936
// https://github.com/Azure/azure-sdk-for-net/issues/11762
DeleteBlobsWithSasToken(blobs);
return;
}
const string xMsDate = "x-ms-date";
const string xMsClientRequestId = "x-ms-client-request-id";
const string xMsReturnClientRequestId = "x-ms-return-client-request-id";
var now = SystemTime.UtcNow.ToString("R");
var url = GetUrl(_serverUrlForAccountName, "comp=batch");
var requestMessage = new HttpRequestMessage(HttpMethods.Post, url)
{
Headers =
{
{ xMsDate, now }, { "x-ms-version", AzureStorageVersion }
}
};
var batchContent = new MultipartContent("mixed", $"batch_{Guid.NewGuid()}");
requestMessage.Content = batchContent;
var blobsWithIds = new Dictionary <string, string>();
for (var i = 0; i < blobs.Count; i++)
{
using var ms = new MemoryStream();
using var writer = new StreamWriter(ms);
var clientRequestId = Guid.NewGuid().ToString();
blobsWithIds[clientRequestId] = blobs[i];
writer.WriteLine($"{HttpMethods.Delete} /{_containerName}/{blobs[i]} HTTP/1.1");
writer.WriteLine($"{xMsDate}: {now}");
writer.WriteLine($"{xMsClientRequestId}: {clientRequestId}");
writer.WriteLine($"{xMsReturnClientRequestId}: true");
using (var hash = new HMACSHA256(_accountKey))
{
var uri = new Uri($"{_serverUrlForContainer}/{blobs[i]}", UriKind.Absolute);
var hashStr =
$"{HttpMethods.Delete}\n\n\n\n\n\n\n\n\n\n\n\n{xMsClientRequestId}:{clientRequestId}\n{xMsDate}:{now}\n{xMsReturnClientRequestId}:true\n/{_accountName}{uri.AbsolutePath}";
writer.WriteLine($"Authorization: SharedKey {_accountName}:{Convert.ToBase64String(hash.ComputeHash(Encoding.UTF8.GetBytes(hashStr)))}");
}
writer.WriteLine("Content-Length: 0");
writer.Flush();
batchContent.Add(new ByteArrayContent(ms.ToArray())
{
Headers =
{
{ "Content-Type", "application/http" },
{ "Content-Transfer-Encoding", "binary" },
{ "Content-ID", $"{i}" }
}
});
}
var client = GetClient();
if (batchContent.Headers.ContentLength.HasValue == false)
{
// we need the ContentLength to CalculateAuthorizationHeaderValue
// the ContentLength is calculated on the fly, it gets added to Headers only when we try to access it.
throw new ArgumentException($"{nameof(MultipartContent)} should have content length");
}
SetAuthorizationHeader(client, HttpMethods.Post, url, requestMessage.Headers, batchContent.Headers);
var response = client.SendAsync(requestMessage).Result;
if (response.IsSuccessStatusCode == false)
{
throw StorageException.FromResponseMessage(response);
}
using var stream = response.Content.ReadAsStreamAsync().Result;
using var reader = new StreamReader(stream);
const string statusCode = "StatusCode";
const string status = "Status";
var responseBoundary = $"--{response.Content.Headers.ContentType.Parameters.First().Value}";
var result = new Dictionary <string, Dictionary <string, string> >();
while (reader.Peek() >= 0)
{
var line = reader.ReadLine();
// read batch response
if (line != responseBoundary && line != $"{responseBoundary}--")
{
throw new InvalidDataException("Got invalid response from server.");
}
while (string.IsNullOrEmpty(line) == false)
{
line = reader.ReadLine();
}
line = reader.ReadLine();
// read sub-response block
if (string.IsNullOrEmpty(line))
{
break;
}
string[] res = line.Split(" ");
var responseDictionary = new Dictionary <string, string>
{
{ statusCode, res[1] },
{ status, res[1] == "202" ? res[res.Length - 1] : string.Join(" ", res, 2, res.Length - 2) }
};
line = reader.ReadLine();
while (string.IsNullOrEmpty(line) == false)
{
var r = line.Split(": ");
responseDictionary[r.First()] = r.Last();
line = reader.ReadLine();
}
result[blobsWithIds[responseDictionary["x-ms-client-request-id"]]] = responseDictionary;
if (responseDictionary.TryGetValue("x-ms-error-code", out _))
{
// read the error message body
line = reader.ReadLine();
if (line.StartsWith("<?xml"))
{
while (line.EndsWith("</Error>") == false)
{
line = reader.ReadLine();
}
}
else
{
while (string.IsNullOrEmpty(line) == false)
{
line = reader.ReadLine();
}
}
}
}
var errors = result.Keys.Where(key => result[key][status] != "Accepted").ToDictionary(key => key, key => result[key][status]);
var canLog = _logger != null && _logger.IsInfoEnabled;
if (errors.Count == 0)
{
if (canLog)
{
_logger.Info($"Successfully deleted {result.Count} blob{Pluralize(result.Count)} from container: {_containerName}.");
}
return;
}
var reasons = errors.Values.Distinct().ToArray();
var failedToDeleteReasons = reasons.Aggregate(string.Empty, (current, r) =>
current + $"Reason: {r} Blobs ({errors.Count(x => x.Value == r)}): {string.Join(", ", errors.Where(x => x.Value == r).Select(y => y.Key))}. ");
var message = $"Failed to delete {errors.Count} blob{Pluralize(errors.Count)} from container: {_containerName}. Successfully deleted {result.Count - errors.Count} blob{Pluralize(result.Count - errors.Count)}. {failedToDeleteReasons}";
if (canLog)
{
_logger.Info(message);
}
string Pluralize(int num)
{
return(num == 0 || num > 1 ? "s" : string.Empty);
}
throw new InvalidOperationException(message);
}
/// <summary>
/// Generates a hash for the given plain text value and returns a
/// base64-encoded result. Before the hash is computed, a random salt
/// is generated and appended to the plain text. This salt is stored at
/// the end of the hash value, so it can be used later for hash
/// verification.
/// </summary>
/// <param name="byteData">
/// Plaintext value to be hashed.
/// </param>
/// <param name="hashAlgorithm">
/// Name of the hash algorithm. Allowed values are: "MD5", "SHA1",
/// "SHA256", "SHA384", "SHA512", "HMACMD5", "HMACSHA1", "HMACSHA256",
/// "HMACSHA512" (if any other value is specified MD5 will be used).
///
/// HMAC algorithms uses Hash-based Message Authentication Code.
/// The HMAC process mixes a secret key with the message data, hashes
/// the result with the hash function, mixes that hash value with
/// the secret key again, and then applies the hash function
/// a second time. HMAC hashes are fixed lenght and generally
/// much longer than non-HMAC hashes of the same type.
///
/// https://msdn.microsoft.com/en-us/library/system.security.cryptography.hmacsha256(v=vs.110).aspx
///
/// This value is case-insensitive.
/// </param>
/// <param name="saltBytes">
/// Optional but recommended salt bytes to apply to the hash. If not passed the
/// raw encoding is used. If salt is nullthe raw algorithm is used (useful for
/// file hashes etc.) HMAC versions REQUIRE that salt is passed.
/// </param>
/// <param name="useBinHex">if true returns the data as BinHex byte pair string. Otherwise Base64 is returned.</param>
/// <returns>
/// Hash value formatted as a base64-encoded or BinHex stringstring.
/// </returns>
public static string ComputeHash(byte[] byteData,
string hashAlgorithm,
byte[] saltBytes,
bool useBinHex = false)
{
if (byteData == null)
{
return(null);
}
// Convert plain text into a byte array.
byte[] plainTextWithSaltBytes;
if (saltBytes != null && !hashAlgorithm.StartsWith("HMAC"))
{
// Allocate array, which will hold plain text and salt.
plainTextWithSaltBytes =
new byte[byteData.Length + saltBytes.Length];
// Copy plain text bytes into resulting array.
for (int i = 0; i < byteData.Length; i++)
{
plainTextWithSaltBytes[i] = byteData[i];
}
// Append salt bytes to the resulting array.
for (int i = 0; i < saltBytes.Length; i++)
{
plainTextWithSaltBytes[byteData.Length + i] = saltBytes[i];
}
}
else
{
plainTextWithSaltBytes = byteData;
}
HashAlgorithm hash;
// Make sure hashing algorithm name is specified.
if (hashAlgorithm == null)
{
hashAlgorithm = "";
}
// Initialize appropriate hashing algorithm class.
switch (hashAlgorithm.ToUpper())
{
case "SHA1":
hash = new SHA1Managed();
break;
case "SHA256":
hash = new SHA256Managed();
break;
case "SHA384":
hash = new SHA384Managed();
break;
case "SHA512":
hash = new SHA512Managed();
break;
case "HMACMD5":
hash = new HMACMD5(saltBytes);
break;
case "HMACSHA1":
hash = new HMACSHA1(saltBytes);
break;
case "HMACSHA256":
hash = new HMACSHA256(saltBytes);
break;
case "HMACSHA512":
hash = new HMACSHA512(saltBytes);
break;
default:
// default to MD5
hash = new MD5CryptoServiceProvider();
break;
}
byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);
hash.Dispose();
if (useBinHex)
{
return(BinaryToBinHex(hashBytes));
}
return(Convert.ToBase64String(hashBytes));
}
/* This method returns value for paramter Signature which is then passed to Signature header
* paramter 'Signature' is calucated based on below key values and then signed with SECRET KEY -
* host: Sandbox (apitest.cybersource.com) or Production (api.cybersource.com) hostname
* date: "HTTP-date" format as defined by RFC7231.
* (request-target): Should be in format of httpMethod: path
* Example: "post /pts/v2/payments"
* Digest: Only needed for POST calls.
* digestString = BASE64( HMAC-SHA256 ( Payload ));
* Digest: “SHA-256=“ + digestString;
* v-c-merchant-id: set value to Cybersource Merchant ID
* This ID can be found on EBC portal*/
static StringBuilder GenerateSignature(String request, String digest, String keyid, String gmtDateTime, String method, string resource)
{
StringBuilder signatureHeaderValue = new StringBuilder();
String algorithm = "HmacSHA256";
String postHeaders = "host date (request-target) digest v-c-merchant-id";
String getHeaders = "host date (request-target) v-c-merchant-id";
String url = "https://" + requestHost + resource;
String getRequestTarget = method + " " + resource;
String postRequestTarget = method + " " + resource;
try
{
// Generate the Signature
StringBuilder signatureString = new StringBuilder();
signatureString.Append('\n');
signatureString.Append("host");
signatureString.Append(": ");
signatureString.Append(requestHost);
signatureString.Append('\n');
signatureString.Append("date");
signatureString.Append(": ");
signatureString.Append(gmtDateTime);
signatureString.Append('\n');
signatureString.Append("(request-target)");
signatureString.Append(": ");
if (method.Equals("post"))
{
signatureString.Append(postRequestTarget);
signatureString.Append('\n');
signatureString.Append("digest");
signatureString.Append(": ");
signatureString.Append(digest);
}
else
{
signatureString.Append(getRequestTarget);
}
signatureString.Append('\n');
signatureString.Append("v-c-merchant-id");
signatureString.Append(": ");
signatureString.Append(merchantID);
signatureString.Remove(0, 1);
byte[] signatureByteString = System.Text.Encoding.UTF8.GetBytes(signatureString.ToString());
byte[] decodedKey = Convert.FromBase64String(merchantsecretKey);
HMACSHA256 aKeyId = new HMACSHA256(decodedKey);
byte[] hashmessage = aKeyId.ComputeHash(signatureByteString);
String base64EncodedSignature = Convert.ToBase64String(hashmessage);
signatureHeaderValue.Append("keyid=\"" + merchantKeyId + "\"");
signatureHeaderValue.Append(", algorithm=\"" + algorithm + "\"");
if (method.Equals("post"))
{
signatureHeaderValue.Append(", headers=\"" + postHeaders + "\"");
}
else if (method.Equals("get"))
{
signatureHeaderValue.Append(", headers=\"" + getHeaders + "\"");
}
signatureHeaderValue.Append(", signature=\"" + base64EncodedSignature + "\"");
// Writing Generated Token to file.
File.WriteAllText("..\\signatureHeaderValue.txt", signatureHeaderValue.ToString());
}
catch (Exception ex)
{
Console.WriteLine("Oops : " + ex.ToString());
}
return(signatureHeaderValue);
}
private static string GenerateKeyAuthorizationCore(
string verb,
string resourceId,
string resourceType,
INameValueCollection headers,
string key,
out MemoryStream payload,
bool bUseUtcNowForMissingXDate = false)
{
string authorizationToken;
// resourceId can be null for feed-read of /dbs
if (string.IsNullOrEmpty(verb))
{
throw new ArgumentException(RMResources.StringArgumentNullOrEmpty, nameof(verb));
}
if (resourceType == null)
{
throw new ArgumentNullException(nameof(resourceType)); // can be empty
}
if (string.IsNullOrEmpty(key))
{
throw new ArgumentException(RMResources.StringArgumentNullOrEmpty, nameof(key));
}
if (headers == null)
{
throw new ArgumentNullException(nameof(headers));
}
byte[] keyBytes = Convert.FromBase64String(key);
using (HMACSHA256 hmacSha256 = new HMACSHA256(keyBytes))
{
// Order of the values included in the message payload is a protocol that clients/BE need to follow exactly.
// More headers can be added in the future.
// If any of the value is optional, it should still have the placeholder value of ""
// OperationType -> ResourceType -> ResourceId/OwnerId -> XDate -> Date
string verbInput = verb ?? string.Empty;
string resourceIdInput = resourceId ?? string.Empty;
string resourceTypeInput = resourceType ?? string.Empty;
string authResourceId = AuthorizationHelper.GetAuthorizationResourceIdOrFullName(resourceTypeInput, resourceIdInput);
int memoryStreamCapacity = AuthorizationHelper.ComputeMemoryCapacity(verbInput, authResourceId, resourceTypeInput);
payload = new MemoryStream(memoryStreamCapacity);
AuthorizationHelper.SerializeMessagePayload(
payload,
verbInput,
authResourceId,
resourceTypeInput,
headers,
bUseUtcNowForMissingXDate);
payload.Position = 0;
byte[] hashPayLoad = hmacSha256.ComputeHash(payload);
authorizationToken = Convert.ToBase64String(hashPayLoad);
payload.Position = 0;
}
return(authorizationToken);
}
public string CreateSignature(string nonce, string username, string key, string secret)
{
byte[] bites = new HMACSHA256(Encoding.UTF8.GetBytes(secret)).ComputeHash(Encoding.UTF8.GetBytes(nonce + username + key));
return(BitConverter.ToString(bites).ToUpper().Replace("-", string.Empty));;
}
/// <summary>
/// Returns the SHA256 HMAC of the given <paramref name="prefix"/>, the given <paramref name="request"/>'s
/// body, and the given <paramref name="suffix"/> (in that order).
/// </summary>
/// <param name="request">The current <see cref="HttpRequest"/>.</param>
/// <param name="secret">The key data used to initialize the <see cref="HMACSHA256"/>.</param>
/// <param name="prefix">
/// If non-<see langword="null"/> and non-empty, additional <c>byte</c>s to include in the hashed content
/// before the <paramref name="request"/>'s body.
/// </param>
/// <param name="suffix">
/// If non-<see langword="null"/> and non-empty, additional <c>byte</c>s to include in the hashed content
/// after the <paramref name="request"/>'s body.
/// </param>
/// <returns>
/// A <see cref="Task"/> that on completion provides a <see cref="byte"/> array containing the SHA256 HMAC of
/// the <paramref name="prefix"/>, the <paramref name="request"/>'s body, and the <paramref name="suffix"/>
/// (in that order).
/// </returns>
protected virtual async Task <byte[]> ComputeRequestBodySha256HashAsync(
HttpRequest request,
byte[] secret,
byte[] prefix,
byte[] suffix)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (secret == null)
{
throw new ArgumentNullException(nameof(secret));
}
if (secret.Length == 0)
{
throw new ArgumentException(Resources.General_ArgumentCannotBeNullOrEmpty, nameof(secret));
}
await WebHookHttpRequestUtilities.PrepareRequestBody(request);
using (var hasher = new HMACSHA256(secret))
{
try
{
if (prefix != null && prefix.Length > 0)
{
hasher.TransformBlock(
inputBuffer: prefix,
inputOffset: 0,
inputCount: prefix.Length,
outputBuffer: null,
outputOffset: 0);
}
// Split body into 4K chunks.
var buffer = new byte[4096];
var inputStream = request.Body;
int bytesRead;
while ((bytesRead = await inputStream.ReadAsync(buffer, 0, buffer.Length)) > 0)
{
hasher.TransformBlock(
buffer,
inputOffset: 0,
inputCount: bytesRead,
outputBuffer: null,
outputOffset: 0);
}
if (suffix != null && suffix.Length > 0)
{
hasher.TransformBlock(
suffix,
inputOffset: 0,
inputCount: suffix.Length,
outputBuffer: null,
outputOffset: 0);
}
hasher.TransformFinalBlock(Array.Empty <byte>(), inputOffset: 0, inputCount: 0);
return(hasher.Hash);
}
finally
{
// Reset Position because JsonInputFormatter et cetera always start from current position.
request.Body.Seek(0L, SeekOrigin.Begin);
}
}
}
public void PreAuthenticate(IRequest req, IResponse res)
{
if (req.OperationName != null && IgnoreForOperationTypes.Contains(req.OperationName))
{
return;
}
var bearerToken = req.GetBearerToken()
?? req.GetCookieValue(Keywords.TokenCookie);
if (bearerToken != null)
{
var parts = bearerToken.Split('.');
if (parts.Length == 3)
{
if (RequireSecureConnection && !req.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection);
}
var header = parts[0];
var payload = parts[1];
var signatureBytes = parts[2].FromBase64UrlSafe();
var headerJson = header.FromBase64UrlSafe().FromUtf8Bytes();
var payloadBytes = payload.FromBase64UrlSafe();
var headerData = headerJson.FromJson <Dictionary <string, string> >();
var bytesToSign = string.Concat(header, ".", payload).ToUtf8Bytes();
var algorithm = headerData["alg"];
//Potential Security Risk for relying on user-specified algorithm: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
if (RequireHashAlgorithm && algorithm != HashAlgorithm)
{
throw new NotSupportedException("Invalid algoritm '{0}', expected '{1}'".Fmt(algorithm, HashAlgorithm));
}
if (!VerifyPayload(algorithm, bytesToSign, signatureBytes))
{
return;
}
var payloadJson = payloadBytes.FromUtf8Bytes();
var jwtPayload = JsonObject.Parse(payloadJson);
var session = CreateSessionFromPayload(req, jwtPayload);
req.Items[Keywords.Session] = session;
}
else if (parts.Length == 5) //Encrypted JWE Token
{
if (RequireSecureConnection && !req.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection);
}
if (PrivateKey == null || PublicKey == null)
{
throw new NotSupportedException("PrivateKey is required to DecryptPayload");
}
var jweHeaderBase64Url = parts[0];
var jweEncKeyBase64Url = parts[1];
var ivBase64Url = parts[2];
var cipherTextBase64Url = parts[3];
var tagBase64Url = parts[4];
var sentTag = tagBase64Url.FromBase64UrlSafe();
var aadBytes = (jweHeaderBase64Url + "." + jweEncKeyBase64Url).ToUtf8Bytes();
var iv = ivBase64Url.FromBase64UrlSafe();
var cipherText = cipherTextBase64Url.FromBase64UrlSafe();
var jweEncKey = jweEncKeyBase64Url.FromBase64UrlSafe();
var cryptAuthKeys256 = RsaUtils.Decrypt(jweEncKey, PrivateKey.Value, UseRsaKeyLength);
var authKey = new byte[128 / 8];
var cryptKey = new byte[128 / 8];
Buffer.BlockCopy(cryptAuthKeys256, 0, authKey, 0, authKey.Length);
Buffer.BlockCopy(cryptAuthKeys256, authKey.Length, cryptKey, 0, cryptKey.Length);
using (var hmac = new HMACSHA256(authKey))
using (var encryptedStream = new MemoryStream())
{
using (var writer = new BinaryWriter(encryptedStream))
{
writer.Write(aadBytes);
writer.Write(iv);
writer.Write(cipherText);
writer.Flush();
var calcTag = hmac.ComputeHash(encryptedStream.ToArray());
if (!calcTag.EquivalentTo(sentTag))
{
return;
}
}
}
JsonObject jwtPayload;
using (var aes = new AesManaged
{
KeySize = 128,
BlockSize = 128,
Mode = CipherMode.CBC,
Padding = PaddingMode.PKCS7
})
using (var decryptor = aes.CreateDecryptor(cryptKey, iv))
using (var ms = MemoryStreamFactory.GetStream(cipherText))
using (var cryptStream = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
{
var jwtPayloadBytes = cryptStream.ReadFully();
jwtPayload = JsonObject.Parse(jwtPayloadBytes.FromUtf8Bytes());
}
var session = CreateSessionFromPayload(req, jwtPayload);
req.Items[Keywords.Session] = session;
}
}
}
public static byte[] SimpleDecrypt(byte[] encryptedMessage, byte[] cryptKey, byte[] authKey, int nonSecretPayloadLength = 0)
{
//Basic Usage Error Checks
if (cryptKey == null || cryptKey.Length != KeyBitSize / 8)
{
throw new ArgumentException(String.Format("CryptKey needs to be {0} bit!", KeyBitSize), "cryptKey");
}
if (authKey == null || authKey.Length != KeyBitSize / 8)
{
throw new ArgumentException(String.Format("AuthKey needs to be {0} bit!", KeyBitSize), "authKey");
}
if (encryptedMessage == null || encryptedMessage.Length == 0)
{
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
}
using (var hmac = new HMACSHA256(authKey))
{
var sentTag = new byte[hmac.HashSize / 8];
//Calculate Tag
var calcTag = hmac.ComputeHash(encryptedMessage, 0, encryptedMessage.Length - sentTag.Length);
var ivLength = (BlockBitSize / 8);
//if message length is to small just return null
if (encryptedMessage.Length < sentTag.Length + nonSecretPayloadLength + ivLength)
{
return(null);
}
//Grab Sent Tag
Array.Copy(encryptedMessage, encryptedMessage.Length - sentTag.Length, sentTag, 0, sentTag.Length);
//Compare Tag with constant time comparison
var compare = 0;
for (var i = 0; i < sentTag.Length; i++)
{
compare |= sentTag[i] ^ calcTag[i];
}
//if message doesn't authenticate return null
if (compare != 0)
{
return(null);
}
using (var aes = new AesManaged
{
KeySize = KeyBitSize,
BlockSize = BlockBitSize,
Mode = CipherMode.CBC,
Padding = PaddingMode.PKCS7
})
{
//Grab IV from message
var iv = new byte[ivLength];
Array.Copy(encryptedMessage, nonSecretPayloadLength, iv, 0, iv.Length);
using (var decrypter = aes.CreateDecryptor(cryptKey, iv))
using (var plainTextStream = new MemoryStream())
{
using (var decrypterStream = new CryptoStream(plainTextStream, decrypter, CryptoStreamMode.Write))
using (var binaryWriter = new BinaryWriter(decrypterStream))
{
//Decrypt Cipher Text from Message
binaryWriter.Write(
encryptedMessage,
nonSecretPayloadLength + iv.Length,
encryptedMessage.Length - nonSecretPayloadLength - iv.Length - sentTag.Length
);
}
//Return Plain Text
return(plainTextStream.ToArray());
}
}
}
}
/// <summary>
/// Generate HMAC256 hash.
/// </summary>
/// <param name="key">Byte array key.</param>
/// <param name="value">String value to hash.</param>
/// <returns>Byte array hash.</returns>
public static byte[] HMAC256(byte[] key, string value)
{
HMACSHA256 hmac = new HMACSHA256(key);
return(hmac.ComputeHash(ToBytes(value)));
}
private static byte[] HmacSha256(byte[] key, string data)
{
var hashAlgorithm = new HMACSHA256(key);
return(hashAlgorithm.ComputeHash(Encoding.UTF8.GetBytes(data)));
}
public byte[] GenerateHmacHash(byte[] input, byte[] key)
{
var hmacsha256 = new HMACSHA256(key);
return(hmacsha256.ComputeHash(input));
}
public static byte[] ComputeHMAC(byte[] data, byte[] key)
{
HMACSHA256 SessionHmac = new HMACSHA256(key);
return(SessionHmac.ComputeHash(data));
}
/// <summary>
/// Calculates a SHA-256 hash signature.
/// </summary>
/// <param name="input">The message for which a signature will be generated</param>
/// <param name="key">The secret key to use to sign the message</param>
/// <returns>The HMAC signature.</returns>
public static byte[] HMACSHA256(byte[] input, byte[] key)
{
using HMACSHA256 hmac = new HMACSHA256(key);
return(hmac.ComputeHash(input));
}
private void _listener_ReceivedPeerInfo(IPEndPoint peerEP, byte[] challenge, BinaryID recvHMAC, bool isReply)
{
if (PeerDiscovered != null)
{
BinaryID foundNetworkID = null;
lock (_trackedNetworkIDs)
{
foreach (BinaryID networkID in _trackedNetworkIDs)
{
using (HMACSHA256 hmacSHA256 = new HMACSHA256(networkID.ID))
{
BinaryID computedHmac = new BinaryID(hmacSHA256.ComputeHash(challenge));
if (computedHmac.Equals(recvHMAC))
{
foundNetworkID = networkID;
break;
}
}
}
}
if (foundNetworkID != null)
{
PeerInfo peerInfo = new PeerInfo(peerEP, foundNetworkID);
bool peerInCache;
if (_peerInfoCache.Contains(peerInfo))
{
PeerInfo existingPeerInfo = _peerInfoCache[_peerInfoCache.IndexOf(peerInfo)];
if (existingPeerInfo.IsExpired())
{
peerInCache = false;
_peerInfoCache.Remove(existingPeerInfo);
}
else
{
peerInCache = true;
}
}
else
{
peerInCache = false;
}
if (!peerInCache)
{
_peerInfoCache.Add(peerInfo);
PeerDiscovered(this, peerEP, foundNetworkID);
}
if (!isReply)
{
ThreadPool.QueueUserWorkItem(AnnounceAsync, new object[] { foundNetworkID, new IPAddress[] { peerEP.Address }, 1, true });
}
}
}
}
public static byte[] SignHMACSHA256(String key, byte[] data)
{
HMACSHA256 hashMaker = new HMACSHA256(Encoding.ASCII.GetBytes(key));
return(hashMaker.ComputeHash(data));
}
/// <summary>
/// Creates a signature value given a signature base and the consumer secret and a known token secret.
/// </summary>
/// <param name="signatureMethod">The hashing method</param>
/// <param name="signatureTreatment">The treatment to use on a signature value</param>
/// <param name="signatureBase">The signature base</param>
/// <param name="consumerSecret">The consumer secret</param>
/// <param name="tokenSecret">The token secret</param>
/// <returns></returns>
public static string GetSignature(OAuthSignatureMethod signatureMethod,
OAuthSignatureTreatment signatureTreatment,
string signatureBase, string consumerSecret, string tokenSecret)
{
if (tokenSecret.IsNullOrBlank())
{
tokenSecret = string.Empty;
}
var unencodedConsumerSecret = consumerSecret;
consumerSecret = Uri.EscapeDataString(consumerSecret);
tokenSecret = Uri.EscapeDataString(tokenSecret);
string signature;
switch (signatureMethod)
{
case OAuthSignatureMethod.HmacSha1:
{
var crypto = new HMACSHA1();
var key = "{0}&{1}".FormatWith(consumerSecret, tokenSecret);
crypto.Key = encoding.GetBytes(key);
signature = signatureBase.HashWith(crypto);
break;
}
case OAuthSignatureMethod.HmacSha256:
{
var crypto = new HMACSHA256();
var key = "{0}&{1}".FormatWith(consumerSecret, tokenSecret);
crypto.Key = encoding.GetBytes(key);
signature = signatureBase.HashWith(crypto);
break;
}
case OAuthSignatureMethod.RsaSha1:
{
using (var provider = new RSACryptoServiceProvider {
PersistKeyInCsp = false
})
{
provider.FromXmlString2(unencodedConsumerSecret);
SHA1Managed hasher = new SHA1Managed();
byte[] hash = hasher.ComputeHash(encoding.GetBytes(signatureBase));
signature = Convert.ToBase64String(provider.SignHash(hash, CryptoConfig.MapNameToOID("SHA1")));
}
break;
}
case OAuthSignatureMethod.PlainText:
{
signature = "{0}&{1}".FormatWith(consumerSecret, tokenSecret);
break;
}
default:
throw new NotImplementedException("Only HMAC-SHA1, HMAC-SHA256, and RSA-SHA1 are currently supported.");
}
var result = signatureTreatment == OAuthSignatureTreatment.Escaped
? UrlEncodeRelaxed(signature)
: signature;
return(result);
}
private static byte[] HMACDigest([NotNull] string key, [NotNull] string content)
{
using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key))) {
return(hmac.ComputeHash(Encoding.UTF8.GetBytes(content)));
}
}
public static byte[] SimpleEncrypt(byte[] secretMessage, byte[] cryptKey, byte[] authKey, byte[] nonSecretPayload = null)
{
if (cryptKey == null || cryptKey.Length != KeyBitSize / (double)8)
{
throw new ArgumentException(string.Format("Key needs to be {0} bit!", KeyBitSize), "cryptKey");
}
if (authKey == null || authKey.Length != KeyBitSize / (double)8)
{
throw new ArgumentException(string.Format("Key needs to be {0} bit!", KeyBitSize), "authKey");
}
if (secretMessage == null || secretMessage.Length < 1)
{
throw new ArgumentException("Secret Message Required!", "secretMessage");
}
nonSecretPayload = nonSecretPayload ?? new byte[] { };
byte[] cipherText;
byte[] iv;
using (var aes = new AesManaged()
{
KeySize = KeyBitSize, BlockSize = BlockBitSize, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7
})
{
aes.GenerateIV();
iv = aes.IV;
using (var encrypter = aes.CreateEncryptor(cryptKey, iv))
{
using (var cipherStream = new MemoryStream())
{
using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
{
using (var binaryWriter = new BinaryWriter(cryptoStream))
{
binaryWriter.Write(secretMessage);
}
}
cipherText = cipherStream.ToArray();
}
}
}
using (var hmac = new HMACSHA256(authKey))
{
using (var encryptedStream = new MemoryStream())
{
using (var binaryWriter = new BinaryWriter(encryptedStream))
{
binaryWriter.Write(nonSecretPayload);
binaryWriter.Write(iv);
binaryWriter.Write(cipherText);
binaryWriter.Flush();
var tag = hmac.ComputeHash(encryptedStream.ToArray());
binaryWriter.Write(tag);
}
return(encryptedStream.ToArray());
}
}
}
public byte[] computeMAC(byte[] text, byte[] key)
{
helper = new HMACSHA256(key);
return(helper.ComputeHash(text));
}
public static byte[] SimpleDecrypt(byte[] encryptedMessage, byte[] cryptKey, byte[] authKey, int nonSecretPayloadLength = 0)
{
if (cryptKey == null || cryptKey.Length != KeyBitSize / (double)8)
{
throw new ArgumentException(string.Format("CryptKey needs to be {0} bit!", KeyBitSize), "cryptKey");
}
if (authKey == null || authKey.Length != KeyBitSize / (double)8)
{
throw new ArgumentException(string.Format("AuthKey needs to be {0} bit!", KeyBitSize), "authKey");
}
if (encryptedMessage == null || encryptedMessage.Length == 0)
{
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
}
using (var hmac = new HMACSHA256(authKey))
{
var sentTag = new byte[hmac.HashSize / 8 - 1 + 1];
var calcTag = hmac.ComputeHash(encryptedMessage, 0, encryptedMessage.Length - sentTag.Length);
var ivLength = (BlockBitSize / 8);
if (encryptedMessage.Length < sentTag.Length + nonSecretPayloadLength + ivLength)
{
return(null);
}
Array.Copy(encryptedMessage, encryptedMessage.Length - sentTag.Length, sentTag, 0, sentTag.Length);
var compare = 0;
var loopTo = sentTag.Length - 1;
for (var i = 0; i <= loopTo; i++)
{
compare = compare | sentTag[i] ^ calcTag[i];
}
if (compare != 0)
{
return(null);
}
using (var aes = new AesManaged()
{
KeySize = KeyBitSize, BlockSize = BlockBitSize, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7
})
{
var iv = new byte[ivLength - 1 + 1];
Array.Copy(encryptedMessage, nonSecretPayloadLength, iv, 0, iv.Length);
using (var decrypter = aes.CreateDecryptor(cryptKey, iv))
{
using (var plainTextStream = new MemoryStream())
{
using (var decrypterStream = new CryptoStream(plainTextStream, decrypter, CryptoStreamMode.Write))
{
using (var binaryWriter = new BinaryWriter(decrypterStream))
{
binaryWriter.Write(encryptedMessage, nonSecretPayloadLength + iv.Length, encryptedMessage.Length - nonSecretPayloadLength - iv.Length - sentTag.Length);
}
}
return(plainTextStream.ToArray());
}
}
}
}
}
public string ComputeSignature(string message)
{
byte[] key = SHA256.Create().ComputeHash(Encoding.UTF8.GetBytes(gateway.ClientSecret));
byte[] signatureBytes = new HMACSHA256(key).ComputeHash(Encoding.UTF8.GetBytes(message));
return(BitConverter.ToString(signatureBytes).Replace("-", "").ToLower());
}
public static string HashHmacSHA256(string body, string secretKey)
{
var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey));
return(Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(body))));
}
public static byte[] SimpleEncrypt(byte[] secretMessage, byte[] cryptKey, byte[] authKey, byte[] nonSecretPayload = null)
{
//User Error Checks
if (cryptKey == null || cryptKey.Length != KeyBitSize / 8)
{
throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "cryptKey");
}
if (authKey == null || authKey.Length != KeyBitSize / 8)
{
throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "authKey");
}
if (secretMessage == null || secretMessage.Length < 1)
{
throw new ArgumentException("Secret Message Required!", "secretMessage");
}
//non-secret payload optional
nonSecretPayload = nonSecretPayload ?? new byte[] { };
byte[] cipherText;
byte[] iv;
using (var aes = new AesManaged
{
KeySize = KeyBitSize,
BlockSize = BlockBitSize,
Mode = CipherMode.CBC,
Padding = PaddingMode.PKCS7
})
{
//Use random IV
aes.GenerateIV();
iv = aes.IV;
using (var encrypter = aes.CreateEncryptor(cryptKey, iv))
using (var cipherStream = new MemoryStream())
{
using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
using (var binaryWriter = new BinaryWriter(cryptoStream))
{
//Encrypt Data
binaryWriter.Write(secretMessage);
}
cipherText = cipherStream.ToArray();
}
}
//Assemble encrypted message and add authentication
using (var hmac = new HMACSHA256(authKey))
using (var encryptedStream = new MemoryStream())
{
using (var binaryWriter = new BinaryWriter(encryptedStream))
{
//Prepend non-secret payload if any
binaryWriter.Write(nonSecretPayload);
//Prepend IV
binaryWriter.Write(iv);
//Write Ciphertext
binaryWriter.Write(cipherText);
binaryWriter.Flush();
//Authenticate all data
var tag = hmac.ComputeHash(encryptedStream.ToArray());
//Postpend tag
binaryWriter.Write(tag);
}
return(encryptedStream.ToArray());
}
}
/// <summary>
/// Simple Authentication (HMAC) then Decryption (AES) for a secrets UTF8 Message.
/// </summary>
/// <param name="encryptedMessage">The encrypted message.</param>
/// <param name="cryptKey">The crypt key.</param>
/// <param name="authKey">The auth key.</param>
/// <param name="nonSecretPayloadLength">Length of the non secret payload.</param>
/// <returns>Decrypted Message</returns>
public static byte[] SimpleDecrypt(byte[] encryptedMessage, byte[] cryptKey, byte[] authKey, int nonSecretPayloadLength = 0)
{
//Basic Usage Error Checks
if (cryptKey == null || cryptKey.Length != KeyBitSize / 8)
{
throw new ArgumentException($"CryptKey needs to be {KeyBitSize.ToString()} bit!", nameof(cryptKey));
}
if (authKey == null || authKey.Length != KeyBitSize / 8)
{
throw new ArgumentException($"AuthKey needs to be {KeyBitSize.ToString()} bit!", nameof(authKey));
}
if (encryptedMessage == null || encryptedMessage.Length == 0)
{
throw new ArgumentException("Encrypted Message Required!", nameof(encryptedMessage));
}
using (HMACSHA256 hmac = new HMACSHA256(authKey))
{
byte[] sentTag = new byte[hmac.HashSize / 8];
//Calculate Tag
byte[] calcTag = hmac.ComputeHash(encryptedMessage, 0, encryptedMessage.Length - sentTag.Length);
int ivLength = (BlockBitSize / 8);
//if message length is to small just return null
if (encryptedMessage.Length < sentTag.Length + nonSecretPayloadLength + ivLength)
{
return(null);
}
//Grab Sent Tag
Array.Copy(encryptedMessage, encryptedMessage.Length - sentTag.Length, sentTag, 0, sentTag.Length);
//Compare Tag with constant time comparison
int compare = 0;
for (int i = 0; i < sentTag.Length; i++)
{
compare |= sentTag[i] ^ calcTag[i];
}
//if message doesn't authenticate return null
if (compare != 0)
{
return(null);
}
using (AesManaged aes = new AesManaged
{
KeySize = KeyBitSize,
BlockSize = BlockBitSize,
Mode = CipherMode.CBC,
Padding = PaddingMode.PKCS7
})
{
//Grab IV from message
byte[] iv = new byte[ivLength];
Array.Copy(encryptedMessage, nonSecretPayloadLength, iv, 0, iv.Length);
ICryptoTransform decrypter = aes.CreateDecryptor(cryptKey, iv);
MemoryStream plainTextStream = new MemoryStream();
{
CryptoStream decrypterStream = null;
try
{
decrypterStream = new CryptoStream(plainTextStream, decrypter, CryptoStreamMode.Write);
using (BinaryWriter binaryWriter = new BinaryWriter(decrypterStream))
{
decrypterStream = null;
//Decrypt Cipher Text from Message
binaryWriter.Write(encryptedMessage, nonSecretPayloadLength + iv.Length, encryptedMessage.Length - nonSecretPayloadLength - iv.Length - sentTag.Length);
binaryWriter.Flush();
}
//Return Plain Text
return(plainTextStream.ToArray());
}
catch { }
finally
{
if (decrypterStream != null)
{
decrypterStream.Dispose();
}
}
}
}
}
return(new byte[0]);
}
public static string HashString(string str_to_hash)
{
HMACSHA256 hs256 = new HMACSHA256(Encoding.ASCII.GetBytes(ConfigurationManager.AppSettings["UserSalt"]));
return BytesToHexString(hs256.ComputeHash(StringToBytes(str_to_hash))).Replace("-", "");
}
