static void Main(string[] args)
{
using (var rijndael = new RijndaelManaged())
using (var hmacsha256 = new HMACSHA256())
{
rijndael.GenerateKey();
hmacsha256.Initialize();
Console.WriteLine(template, new SoapHexBinary(rijndael.Key), new SoapHexBinary(hmacsha256.Key));
}
Console.WriteLine("press any key to exit...");
Console.ReadKey();
}
static void Main()
{
String secretAccessKey = "mykey";
String data = "my data";
byte[] secretKey = Encoding.UTF8.GetBytes(secretAccessKey);
HMACSHA256 hmac = new HMACSHA256(secretKey);
hmac.Initialize();
byte[] bytes = Encoding.UTF8.GetBytes(data);
byte[] rawHmac = hmac.ComputeHash(bytes);
Console.WriteLine(Convert.ToBase64String(rawHmac));
}
private void button1_Click(object sender, EventArgs e)
{
var timestamp = System.DateTime.UtcNow.ToFileTimeUtc().ToString();
using (var hmacsha256 = new HMACSHA256(GetKey()))
{
hmacsha256.Initialize();
var hash = hmacsha256.ComputeHash(Encoding.UTF8.GetBytes(textBox1.Text));
var ed25519 = new Rebex.Security.Cryptography.Ed25519();
ed25519.FromSeed(hash);
label1.Text = $@"Key:{ByteToString( ed25519.GetPrivateKey())} Hash:{ByteToString(hash)}";
}
}
public string CreateTokenUser(string email, string pass, string seretKey)
{
Random random = new Random();
int value = random.Next(100001, 999999);
String token = email + pass + value;
byte[] secretKey = Encoding.ASCII.GetBytes(seretKey);
HMACSHA256 hmac = new HMACSHA256(secretKey);
hmac.Initialize();
byte[] bytes = Encoding.ASCII.GetBytes(token);
byte[] rawHmac = hmac.ComputeHash(bytes);
return("" + Convert.ToBase64String(rawHmac) + "");
}
/**
* Builds the authorization string that will sent as part of the Request Header
* @param data
* @return
* @throws Exception
*/
private string getMacValue(Dictionary <string, string> data)
{
//Mac mac=Mac.getInstance("HmacSHA256");
string apiSecret = data[APIResourceConstants.SecurityConstants.APISECRET];
//SecretKeySpec secret_key = new SecretKeySpec(apiSecret.getBytes(), "HmacSHA256");
byte[] secret_key = Encoding.UTF8.GetBytes(apiSecret);
HMACSHA256 hmac = new HMACSHA256(secret_key);
hmac.Initialize();
//foreach (var key in data)
//{
// var ss = data[key.Key]
//}
//byte[] bytes = Encoding.UTF8.GetBytes(data.);
//byte[] rawHmac = hmac.ComputeHash(bytes);
//Console.WriteLine(Convert.ToBase64String(rawHmac));
//mac.init(secret_key);
string apikey = data[APIResourceConstants.SecurityConstants.APIKEY];
string nonce = data[APIResourceConstants.SecurityConstants.NONCE];
//String timeStamp = data.get(APIResourceConstants.SecurityConstants.TIMESTAMP);
string token = data[APIResourceConstants.SecurityConstants.TOKEN];
string payload = data[APIResourceConstants.SecurityConstants.PAYLOAD];
StringBuilder buff = new StringBuilder();
buff.Append(apikey);
//.append(nonce)
//.append(timeStamp);
if (token != null)
{
buff.Append(token);
}
if (payload != null)
{
buff.Append(payload);
}
string bufferData = buff.ToString();
//MessageLogger.logMessage(String.format(bufferData));
//byte[] macHash = mac.doFinal(bufferData.get("UTF-8"));
var macHash = Encoding.UTF8.GetBytes(bufferData);
//MessageLogger.logMessage(Integer.toString(macHash.length));
//MessageLogger.logMessage(String.format("MacHAsh:{}" , macHash));
string authorizeString = Convert.ToBase64String(macHash);
// MessageLogger.logMessage(String.format("Authorize:{}" , authorizeString));
return(authorizeString);
}
private String HMAC256EncryptBase64UrlEncode(String str, String accessKey)
{
byte[]
key = Encoding.UTF8.GetBytes(accessKey);
byte[]
strBytes = Encoding.UTF8.GetBytes(str);
HMACSHA256 hmac = new HMACSHA256(key);
hmac.Initialize();
byte[] rawHmac = hmac.ComputeHash(strBytes);
string b64Str = Convert.ToBase64String(rawHmac);
return(b64Str.TrimEnd(padding).Replace('/', '_').Replace('+', '-').Replace("[", "").Replace("=", "").Replace("]", ""));
}
private string GetAuthenticationSignature(string method, string path, string contentType, string dateString)
{
var signature = method + "\n\n"
+ contentType + "\n"
+ dateString + "\n"
+ BolDateHeader.ToLower() + ":" + dateString + "\n"
+ path;
using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(_config.PrivateKey)))
{
hmac.Initialize();
var result = hmac.ComputeHash(Encoding.UTF8.GetBytes(signature));
return(Convert.ToBase64String(result));
}
}
public static byte[] hash(byte[] key, string msg)
{
try
{
HMACSHA256 hmac = new HMACSHA256(key);
hmac.Initialize();
byte[] bytes = Encoding.UTF8.GetBytes(msg);
byte[] rawHmac = hmac.ComputeHash(bytes);
return(rawHmac);
}
catch (Exception e)
{
throw e;
}
}
private string Digest(string message)
{
var binKey = HexStringToByteArray(this.key);
var buffer = System.Text.Encoding.UTF8.GetBytes(message);
using (var hmac = new HMACSHA256(binKey))
{
hmac.Initialize();
var signed = hmac.ComputeHash(buffer);
var hex = BitConverter.ToString(signed)
.Replace("-", string.Empty)
.ToLowerInvariant();
return(hex);
}
}
public static string GetWCHMAC(byte[] data, byte[] key, byte[] iv)
{
// HMAC-SHA256
using (var hmac = new HMACSHA256(key))
{
hmac.Initialize();
byte[] toSign = new byte[iv.Length + data.Length];
//copy our 2 array into one
Buffer.BlockCopy(data, 0, toSign, 0, data.Length);
Buffer.BlockCopy(iv, 0, toSign, data.Length, iv.Length);
var sig = hmac.ComputeHash(toSign);
return(sig.ToHexString());
}
}
/// <summary>
/// HMAC_SHA256
/// </summary>
/// <param name="str">The string to be encrypted</param>
/// <param name="key">encrypte key</param>
/// <param name="encoding">字符编码</param>
/// <returns></returns>
public static string HMACSHA256(string str, string key, Encoding encoding)
{
byte[] secrectKey = encoding.GetBytes(key);
using (HMACSHA256 hmac = new HMACSHA256(secrectKey))
{
hmac.Initialize();
byte[] bytes_hmac_in = encoding.GetBytes(str);
byte[] bytes_hamc_out = hmac.ComputeHash(bytes_hmac_in);
string str_hamc_out = BitConverter.ToString(bytes_hamc_out);
str_hamc_out = str_hamc_out.Replace("-", "");
return(str_hamc_out);
}
}
private static void PBKDF2_SHA256(HMACSHA256 mac, byte[] password, byte[] salt, int saltLength, long iterationCount, byte[] derivedKey, int derivedKeyLength)
{
TR.Enter();
if (derivedKeyLength > (Math.Pow(2, 32) - 1) * 32)
{
TR.Exit();
throw new ArgumentException("Requested key length too long");
}
var U = new byte[32];
var T = new byte[32];
var saltBuffer = new byte[saltLength + 4];
var blockCount = (int)Math.Ceiling((double)derivedKeyLength / 32);
var r = derivedKeyLength - (blockCount - 1) * 32;
Buffer.BlockCopy(salt, 0, saltBuffer, 0, saltLength);
using (var incrementalHasher = IncrementalHash.CreateHMAC(HashAlgorithmName.SHA256, mac.Key))
{
for (int i = 1; i <= blockCount; i++)
{
saltBuffer[saltLength + 0] = (byte)(i >> 24);
saltBuffer[saltLength + 1] = (byte)(i >> 16);
saltBuffer[saltLength + 2] = (byte)(i >> 8);
saltBuffer[saltLength + 3] = (byte)(i);
mac.Initialize();
incrementalHasher.AppendData(saltBuffer, 0, saltBuffer.Length);
Buffer.BlockCopy(incrementalHasher.GetHashAndReset(), 0, U, 0, U.Length);
Buffer.BlockCopy(U, 0, T, 0, 32);
for (long j = 1; j < iterationCount; j++)
{
incrementalHasher.AppendData(U, 0, U.Length);
Buffer.BlockCopy(incrementalHasher.GetHashAndReset(), 0, U, 0, U.Length);
for (int k = 0; k < 32; k++)
{
T[k] ^= U[k];
}
}
Buffer.BlockCopy(T, 0, derivedKey, (i - 1) * 32, (i == blockCount ? r : 32));
}
}
TR.Exit();
}
public void CanStretchKeysUsingBCL()
{
var ekeypair1 = EphemeralKeyPair.Generate("P-256");
var ekeypair2 = EphemeralKeyPair.Generate("P-256");
var secret1 = ekeypair1.GenerateSharedKey(ekeypair2.PublicKey);
var secret2 = ekeypair2.GenerateSharedKey(ekeypair1.PublicKey);
var stretched1 = StretchedKeys.Generate("AES-256", "SHA256", secret1);
var stretched2 = StretchedKeys.Generate("AES-256", "SHA256", secret2);
var raw = Encoding.UTF8.GetBytes("Hello world, this should be encrypted.");
byte[] encoded = null;
byte[] decoded = null;
using (var aes = Aes.Create())
{
aes.KeySize = 256;
aes.Padding = PaddingMode.PKCS7;
aes.Mode = CipherMode.CBC;
using (var encryptor = aes.CreateEncryptor(stretched1.Item1.CipherKey, stretched1.Item1.IV))
using (var mac = new HMACSHA256())
{
mac.Initialize();
mac.Key = stretched1.Item1.MacKey;
var data = encryptor.TransformFinalBlock(raw, 0, raw.Length);
encoded = data
.Concat(mac.ComputeHash(data, 0, data.Length))
.ToArray();
}
using (var decryptor = aes.CreateDecryptor(stretched2.Item1.CipherKey, stretched2.Item1.IV))
using (var mac = new HMACSHA256())
{
mac.Initialize();
mac.Key = stretched2.Item1.MacKey;
var mark = encoded.Length - (mac.HashSize / 8);
var digest = encoded.Skip(mark).ToArray();
Assert.Equal(mac.ComputeHash(encoded, 0, mark), digest);
decoded = decryptor.TransformFinalBlock(encoded, 0, mark);
}
}
Assert.Equal(Encoding.UTF8.GetString(decoded), Encoding.UTF8.GetString(raw));
}
private void ValidateBody(byte[] body, IEnumerable <IRequestHeader> requestHeaders)
{
string signature = ExtractHeaderValue(requestHeaders, "X-GCS-Signature");
string keyId = ExtractHeaderValue(requestHeaders, "X-GCS-KeyId");
using (var mac = new HMACSHA256(StringUtils.Encoding.GetBytes(_secretKeyStore.GetSecretKey(keyId))))
{
mac.Initialize();
byte[] unencodedResult = mac.ComputeHash(body);
var expectedSignature = Convert.ToBase64String(unencodedResult);
bool isValid = signature.CompareWithoutTimingLeak(expectedSignature);
if (!isValid)
{
throw new SignatureValidationException("failed to validate signature '" + signature + "'");
}
}
}
// Where endpoint like "/prices/spot?currency=USD"
private SignatureHeaders GetSignature(string endpoint, string method = "GET")
{
var unixTimestamp = (Int32)(DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds;
//var currency = "USD";
//var message = string.Format("{0}GET/v2/prices/spot?currency={1}", unixTimestamp.ToString(), currency);
var message = string.Format("{0}{1}/v2/{2}", unixTimestamp.ToString(), method, endpoint);
byte[] secretKey = Encoding.UTF8.GetBytes(ApiSecret);
HMACSHA256 hmac = new HMACSHA256(secretKey);
hmac.Initialize();
byte[] bytes = Encoding.UTF8.GetBytes(message);
byte[] rawHmac = hmac.ComputeHash(bytes);
var signature = rawHmac.ByteArrayToHexString();
return(new SignatureHeaders(signature, unixTimestamp));
}
private static (byte, byte[]) EncryptData(Stream inStream, Stream outStream, byte[] internalKey, byte[] iv, int bufferSize)
{
var lastDataReadSize = 0; // File size modulo 16 in least significant byte positions
using (var cipher = CreateAes(internalKey, iv))
using (var ms = new MemoryStream())
using (var cryptoStream = new CryptoStream(ms, cipher.CreateEncryptor(), CryptoStreamMode.Write))
{
int bytesRead;
var buffer = new byte[bufferSize];
while ((bytesRead = inStream.Read(buffer, 0, buffer.Length)) > 0)
{
cryptoStream.Write(buffer, 0, bytesRead);
if (bytesRead < bufferSize)
{
lastDataReadSize = bytesRead % AesBlockSize;
if (lastDataReadSize != 0)
{
var padLen = 16 - bytesRead % AesBlockSize;
var padding = new byte[padLen];
padding.Fill((byte)padLen);
cryptoStream.Write(padding, 0, padding.Length);
}
}
}
cryptoStream.FlushFinalBlock();
ms.Position = 0;
using (var hmac0 = new HMACSHA256(internalKey))
{
hmac0.Initialize();
while ((bytesRead = ms.Read(buffer, 0, buffer.Length)) > 0)
{
outStream.Write(buffer, 0, bytesRead);
hmac0.TransformBlock(buffer, 0, bytesRead, null, 0);
}
hmac0.TransformFinalBlock(Array.Empty <byte>(), 0, 0);
return((byte)lastDataReadSize, hmac0.Hash);
}
}
}
internal string sign(string[] list)
{
if (connectionInformation.key == "")
{
return("");
}
else
{
hmac.Initialize();
foreach (var s in list)
{
transformPart(s);
}
hmac.TransformFinalBlock(new byte[] { }, 0, 0);
return(BitConverter.ToString(hmac.Hash).Replace("-", "").ToLower());
}
}
protected void EncodeInternal(byte[] buffer, int offset, ushort count)
{
byte[] header = new byte[PREFIX_SIZE];
byte[] size = BitConverter.GetBytes(count);
byte[] counter = BitConverter.GetBytes(_outCounter++);
_encryptor.TransformBlock(size, 0, size.Length, header, HMAC_SIZE);
_encryptor.TransformBlock(buffer, offset, count, buffer, offset);
_signer.TransformBlock(counter, 0, counter.Length, null, 0);
_signer.TransformBlock(header, HMAC_SIZE, size.Length, null, 0);
_signer.TransformFinalBlock(buffer, offset, count);
Buffer.BlockCopy(_signer.Hash, 0, header, 0, HMAC_SIZE);
_signer.Initialize();
OnDataEncoded(buffer, offset, count, header);
}
public Tuple <Container.Types.MessageType, Any, uint, uint> Unpack(byte[] data)
{
var container = Container.Parser.ParseFrom(data);
_sha256.Initialize();
var hash = _sha256.ComputeHash(container.Payload.Value.ToByteArray());
if (!StructuralComparisons.StructuralEqualityComparer.Equals(hash, container.Signature.ToByteArray()))
{
throw new InvalidDataException("invalid signature.");
}
return(new Tuple <Container.Types.MessageType, Any, uint, uint>(
container.MessageType,
container.Payload,
container.SequenceNumber,
container.LifeTimeMilliSeconds
));
}
private void OnBufferReady(byte[] buffer)
{
if (!_secure)
{
ProcessFrame(buffer, _offset, _bytesToBuffer);
return;
}
if (_bytesToBuffer == PREFIX_SIZE)
{
byte[] size = new byte[2];
_decryptor.TransformBlock(_buffer, _offset + HMAC_SIZE, 2, size, 0);
_bytesToBuffer += BitConverter.ToUInt16(size, 0);
}
else
{
byte[] counter = BitConverter.GetBytes(_inCounter++);
_verifier.TransformBlock(counter, 0, counter.Length, null, 0);
_verifier.TransformFinalBlock(_buffer, _offset + HMAC_SIZE, _bytesToBuffer - HMAC_SIZE);
if (!CompareBytes(_verifier.Hash, 0, _buffer, _offset, HMAC_SIZE))
{
OnExceptionThrown(new InvalidDataException("Invalid record signature."));
return;
}
_verifier.Initialize();
_decryptor.TransformBlock(_buffer, _offset + PREFIX_SIZE, _bytesToBuffer - PREFIX_SIZE, _buffer, _offset + PREFIX_SIZE);
if (_state == FrameState.Established)
{
OnDataDecoded(buffer, _offset + PREFIX_SIZE, _bytesToBuffer - PREFIX_SIZE);
_bufferPosition = 0;
_bytesToBuffer = PREFIX_SIZE;
}
else
{
ProcessFrame(buffer, _offset + PREFIX_SIZE, _bytesToBuffer - PREFIX_SIZE);
}
}
}
/// <summary>
/// HMAC_SHA256
/// </summary>
/// <param name="srcString">The string to be encrypted</param>
/// <param name="key">encrypte key</param>
/// <returns></returns>
public static string HMACSHA256(string srcString, string key)
{
Check.Argument.IsNotEmpty(srcString, nameof(srcString));
Check.Argument.IsNotEmpty(key, nameof(key));
byte[] secrectKey = Encoding.UTF8.GetBytes(key);
using (HMACSHA256 hmac = new HMACSHA256(secrectKey))
{
hmac.Initialize();
byte[] bytes_hmac_in = Encoding.UTF8.GetBytes(srcString);
byte[] bytes_hamc_out = hmac.ComputeHash(bytes_hmac_in);
string str_hamc_out = BitConverter.ToString(bytes_hamc_out);
str_hamc_out = str_hamc_out.Replace("-", "");
return(str_hamc_out);
}
}
/// <summary>
///
/// </summary>
/// <param name="clientKey">Client API key.</param>
/// <param name="clientSecret">Client secret.</param>
/// <param name="resourcePath">Relative path to the resource.</param>
/// <param name="host">Host name.</param>
/// <param name="port">Port number.</param>
/// <param name="httpMethod">HTTP method.</param>
/// <param name="payload">Payload.</param>
/// <param name="nonce">Unique nonce.</param>
/// <param name="ts">Timestamp.</param>
/// <returns></returns>
private string GenerateMacHeader(string clientKey, string clientSecret, string resourcePath, string host, int port, string httpMethod, string payload, string nonce, string ts)
{
//create crypto using client secret
var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(clientSecret));
hmac.Initialize();
//body hash generation
byte[] rawBodyHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(payload));
string bodyHash = Convert.ToBase64String(rawBodyHash);
//create signature
string signature = string.Format(SIGNATURE_FORMAT, ts, nonce, httpMethod, resourcePath, host, port, bodyHash);
byte[] signatureBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(signature));
string signatureString = Convert.ToBase64String(signatureBytes);
return(string.Format(AUTH_HEADER_FORMAT, clientKey, ts, nonce, bodyHash, signatureString));
}
private static void HmacEval(byte[] pbKey, byte[] pbMsg,
byte[] pbExpc)
{
using var h = new HMACSHA256(pbKey);
h.TransformBlock(pbMsg, 0, pbMsg.Length, pbMsg, 0);
h.TransformFinalBlock(new byte[0], 0, 0);
var pbHash = h.Hash;
Assert.That(MemUtil.ArraysEqual(pbHash, pbExpc), Is.True);
// Reuse the object
h.Initialize();
h.TransformBlock(pbMsg, 0, pbMsg.Length, pbMsg, 0);
h.TransformFinalBlock(new byte[0], 0, 0);
pbHash = h.Hash;
Assert.That(MemUtil.ArraysEqual(pbHash, pbExpc), Is.True);
}
/// <summary>
/// Compute PBKDF2 using HMAC-SHA256 as the PRF, and write the output to derivedKey.
/// </summary>
private static void PBKDF2_SHA256(HMACSHA256 mac, byte[] password, byte[] salt, int saltLength, long iterationCount, byte[] derivedKey, int derivedKeyLength)
{
if (derivedKeyLength > (Math.Pow(2, 32) - 1) * 32)
{
throw new ArgumentException("Requested key length too long");
}
var U = new byte[32];
var T = new byte[32];
var saltBuffer = new byte[saltLength + 4];
var blockCount = (int)Math.Ceiling((double)derivedKeyLength / 32);
var r = derivedKeyLength - (blockCount - 1) * 32;
Buffer.BlockCopy(salt, 0, saltBuffer, 0, saltLength);
for (int i = 1; i <= blockCount; i++)
{
saltBuffer[saltLength + 0] = (byte)(i >> 24);
saltBuffer[saltLength + 1] = (byte)(i >> 16);
saltBuffer[saltLength + 2] = (byte)(i >> 8);
saltBuffer[saltLength + 3] = (byte)(i);
mac.Initialize();
mac.TransformFinalBlock(saltBuffer, 0, saltBuffer.Length);
Buffer.BlockCopy(mac.Hash, 0, U, 0, U.Length);
Buffer.BlockCopy(U, 0, T, 0, 32);
for (long j = 1; j < iterationCount; j++)
{
mac.TransformFinalBlock(U, 0, U.Length);
Buffer.BlockCopy(mac.Hash, 0, U, 0, U.Length);
for (int k = 0; k < 32; k++)
{
T[k] ^= U[k];
}
}
Buffer.BlockCopy(T, 0, derivedKey, (i - 1) * 32, (i == blockCount ? r : 32));
}
}
private static bool verify(String consumerSecret, String encodedPayload, String encodedSignature)
{
if (consumerSecret == null || consumerSecret.Trim().Length == 0)
{
throw new System.ArgumentException("secret is null, did you set your environment variable CANVAS_CONSUMER_SECRET?");
}
try {
byte[] key = Encoding.UTF8.GetBytes(consumerSecret);
HMACSHA256 hmacKey = new HMACSHA256(key);
hmacKey.Initialize();
byte[] algorithmBytes = Encoding.UTF8.GetBytes(encodedPayload);
byte[] rawHmac = hmacKey.ComputeHash(algorithmBytes);
string result = Convert.ToBase64String(rawHmac);
return((result == Uri.UnescapeDataString(encodedSignature)) ? true : false);
} catch (System.Exception e) {
throw new System.Exception("Verify failed.", e.InnerException);
}
}
/// <summary>
/// 微信支付新接口均使用了 HMAC-SHA256 签名算法
/// </summary>
/// <param name="dict">请求的参数对</param>
/// <param name="key">微信支付商户后台设置的密钥</param>
/// <returns>HMACSHA256 计算得到的签名值</returns>
public static string Sign(Dictionary <string, string> dict, string key)
{
var q = from kv in dict
where string.IsNullOrEmpty(kv.Value) == false
orderby kv.Key
select string.Join("=", kv.Key, kv.Value);
var str = string.Join("&", q);
str = $"{str}&key={key}";
using (var sha = new HMACSHA256(Encoding.UTF8.GetBytes(key)))
{
sha.Initialize();
var hash = BitConverter.ToString(sha.ComputeHash(Encoding.UTF8.GetBytes(str))).Replace("-", null);
return(hash);
}
}
private static string GenerateSaSToken(string uri)
{
var targetUri = WebUtility.UrlEncode(uri.ToLower())?.ToLower();
var expiresOnDate = Convert.ToInt64(DateTime.UtcNow.Subtract
(new DateTime(1970, 1, 1, 0, 0, 0)).TotalSeconds) + 60 * 60;
var toSign = targetUri + "\n" + expiresOnDate;
var keyBytes = Encoding.UTF8.GetBytes(SasKeyValue);
var mac = new HMACSHA256(keyBytes);
mac.Initialize();
var rawHmac = mac.ComputeHash(Encoding.UTF8.GetBytes(toSign));
var signature = WebUtility.UrlEncode(Convert.ToBase64String(rawHmac));
var token = "SharedAccessSignature sr=" + targetUri + "&sig="
+ signature + "&se=" + expiresOnDate + "&skn=" + SasKeyName;
return(token);
}
/// <summary>
/// Sign
/// </summary>
/// <param name="data"></param>
/// <param name="secreteKey"></param>
/// <returns></returns>
private static string Sign(string data, string secreteKey)
{
if (data == null || secreteKey == null)
{
throw new Exception("ArgumentNullException");
}
//data = data.ToUpper();
byte[] secretKeyBytes = CharacterEncoding.GetBytes(secreteKey);
HMACSHA256 hmac = new HMACSHA256(secretKeyBytes);
hmac.Initialize();
byte[] bytes = CharacterEncoding.GetBytes(data);
byte[] rawHmac = hmac.ComputeHash(bytes);
//foreach (var raw in rawHmac)
//{
// Console.Write($"{raw:X}"); Console.Write(" ");
//}
//Console.WriteLine(Convert.ToBase64String(rawHmac));
return(Convert.ToBase64String(rawHmac));
}
/// <summary>
/// HMAC_SHA256
/// </summary>
/// <param name="source">The string to be encrypted</param>
/// <param name="key">encrypte key</param>
/// <returns></returns>
public static string A256(string source, string key)
{
if (string.IsNullOrEmpty(source))
{
throw new ArgumentNullException(nameof(source), "");
}
if (string.IsNullOrEmpty(key))
{
throw new ArgumentNullException(nameof(key), "");
}
using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key)))
{
hmac.Initialize();
var strHmacOut = BitConverter.ToString(hmac.ComputeHash(Encoding.UTF8.GetBytes(source)));
strHmacOut = strHmacOut.Replace("-", "");
return(strHmacOut);
}
}
protected string ComputeHmacToken(string stringForSigning, string signature)
{
if (string.IsNullOrWhiteSpace(signature))
{
throw new ArgumentNullException("The signature cannot be null");
}
byte[] secretKey = Encoding.UTF8.GetBytes(signature);
using (HMACSHA256 hmac = new HMACSHA256(secretKey))
{
hmac.Initialize();
byte[] bytes = Encoding.UTF8.GetBytes(stringForSigning);
byte[] rawHmac = hmac.ComputeHash(bytes);
string base64hmac = Convert.ToBase64String(rawHmac);
return(base64hmac);
}
}
private void ValidateBody(byte[] body, IEnumerable <IRequestHeader> requestHeaders)
{
var numberOfSignatureHeaders = requestHeaders.Count(SignaturePredicate);
if (numberOfSignatureHeaders == 0)
{
throw new SignatureValidationException("Missing X-GCS-Signature header");
}
if (numberOfSignatureHeaders != 1)
{
throw new SignatureValidationException("Duplicate X-GCS-Signature header");
}
var numberOfKeyIdHeaders = requestHeaders.Count(KeyIdPredicate);
if (numberOfKeyIdHeaders == 0)
{
throw new SignatureValidationException("Missing X-GCS-KeyId header");
}
if (numberOfKeyIdHeaders != 1)
{
throw new SignatureValidationException("Duplicate X-GCS-KeyId header");
}
var signature = requestHeaders.SingleOrDefault(SignaturePredicate)?.Value;
var keyId = requestHeaders.SingleOrDefault(KeyIdPredicate)?.Value;
using (var mac = new HMACSHA256(StringUtils.Encoding.GetBytes(_secretKeyStore.GetSecretKey(keyId))))
{
mac.Initialize();
byte[] unencodedResult = mac.ComputeHash(body);
var expectedSignature = Convert.ToBase64String(unencodedResult);
bool isValid = signature.CompareWithoutTimingLeak(expectedSignature);
if (!isValid)
{
throw new SignatureValidationException("failed to validate signature '" + signature + "'");
}
}
}
