public void RotateSendKey() { (byte[] newChainingKey, byte[] newSendKey) = HmacSha256.ComputeHashes(ChainingKey, SendEncryptionKey); ChainingKey = newChainingKey; SendEncryptionKey = newSendKey; SendNonce.Reset(); }
void HandleAuthContinuedSessionCallback(AuthContinuedSession authSession, SQLResult result) { if (result.IsEmpty()) { SendAuthResponseError(BattlenetRpcErrorCode.Denied); CloseSocket(); return; } ConnectToKey key = new ConnectToKey(); _key = key.Raw = authSession.Key; uint accountId = key.AccountId; string login = result.Read <string>(0); _sessionKey = result.Read <string>(1).ToByteArray(); HmacSha256 hmac = new HmacSha256(_sessionKey); hmac.Process(BitConverter.GetBytes(authSession.Key), 8); hmac.Process(authSession.LocalChallenge, authSession.LocalChallenge.Length); hmac.Process(_serverChallenge, 16); hmac.Finish(ContinuedSessionSeed, 16); if (!hmac.Digest.Compare(authSession.Digest)) { Log.outError(LogFilter.Network, "WorldSocket.HandleAuthContinuedSession: Authentication failed for account: {0} ('{1}') address: {2}", accountId, login, GetRemoteIpAddress()); CloseSocket(); return; } SendPacket(new EnableEncryption()); }
public void RotateReceiveKey() { (byte[] newChainingKey, byte[] newReceiveKey) = HmacSha256.ComputeHashes(ChainingKey, ReceiveDecryptionKey); ChainingKey = newChainingKey; ReceiveDecryptionKey = newReceiveKey; ReceiveNonce.Reset(); }
private static byte[] HKDF(byte[] salt, byte[] prk, byte[] info, int length) { var hmac = new HmacSha256(salt); var key = hmac.ComputeHash(prk); return(HKDFSecondStep(key, info, length)); }
/// <summary> /// <see cref="IDisposable.Dispose"/> /// </summary> public void Dispose() { if (!(this.algorithm is null)) { this.algorithm.Dispose(); this.algorithm = null; } }
/// <summary> /// <see cref="IDisposable.Dispose"/> /// </summary> public void Dispose() { if (this.algorithm != null) { this.algorithm.Dispose(); this.algorithm = null; } }
public void Constructor_ExceptionTest() { Assert.Throws <ArgumentNullException>(() => new HmacSha256(null)); HmacSha256 hmac = new HmacSha256(); Assert.Throws <ArgumentNullException>(() => hmac.Key = null); }
public void ComputeHash_Empty_WithKey_Test(byte[] key, byte[] data) { using var sysHmac = new System.Security.Cryptography.HMACSHA256(key); byte[] expected = sysHmac.ComputeHash(data); using HmacSha256 hmac = new HmacSha256(); byte[] actual = hmac.ComputeHash(data, key); Assert.Equal(expected, actual); }
public override void Write() { HmacSha256 hash = new HmacSha256(EncryptionKey); hash.Process(BitConverter.GetBytes(Enabled), 1); hash.Finish(EnableEncryptionSeed, 16); _worldPacket.WriteBytes(RsaCrypt.RSA.SignHash(hash.Digest, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1).Reverse().ToArray()); _worldPacket.WriteBit(Enabled); _worldPacket.FlushBits(); }
public static void Properties() { var a = new HmacSha256(); Assert.Equal(32, a.MinKeySize); Assert.Equal(32, a.DefaultKeySize); Assert.Equal(int.MaxValue, a.MaxKeySize); Assert.Equal(16, a.MinMacSize); Assert.Equal(32, a.DefaultMacSize); Assert.Equal(32, a.MaxMacSize); }
public void ComputeHash_NIST_CtorKey_Test(byte[] msg, byte[] key, byte[] expected, int len, bool truncate) { using HmacSha256 hmac = new HmacSha256(key); byte[] actual = hmac.ComputeHash(msg); if (truncate) { byte[] temp = new byte[len]; Buffer.BlockCopy(actual, 0, temp, 0, len); actual = temp; } Assert.Equal(expected, actual); }
private static byte[] HKDFSecondStep(byte[] key, byte[] info, int length) { var hmac = new HmacSha256(key); var infoAndOne = info.Concat(new byte[] { 0x01 }).ToArray(); var result = hmac.ComputeHash(infoAndOne); if (result.Length > length) { Array.Resize(ref result, length); } return(result); }
public static String GetSASToken(String baseAddress, String SASKeyName, String SASKeyValue) { TimeSpan fromEpochStart = DateTime.UtcNow - new DateTime(1970, 1, 1); String expiry = Convert.ToString((Int32)fromEpochStart.TotalSeconds + 3600); String stringToSign = WebUtility.UrlEncode(baseAddress) + "\n" + expiry; HmacSha256 hmac = new HmacSha256(Encoding.UTF8.GetBytes(SASKeyValue)); String signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign))); String sasToken = String.Format(CultureInfo.InvariantCulture, "SharedAccessSignature sr={0}&sig={1}&se={2}&skn={3}", WebUtility.UrlEncode(baseAddress), WebUtility.UrlEncode(signature), expiry, SASKeyName); return(sasToken); }
/// <inheritdoc/> public void Dispose() { if (!isDisposed) { if (!(HmacK is null)) { HmacK.Dispose(); } HmacK = null; isDisposed = true; } }
public void GenerateHashesTest() { String salt = "2640f52eebcd9e882958951c794250eedb28002c05d7dc2ea0f195406042caf1"; String data = "1e2fb3c8fe8fb9f262f649f64d26ecf0f2c0a805a767cf02dc2d77a6ef1fdcc3"; (byte[] output1, byte[] output2) = HmacSha256.ComputeHashes(salt.HexToByteArray(), data.HexToByteArray()); String output1Expected = "b61ec1191326fa240decc9564369dbb3ae2b34341d1e11ad64ed89f89180582f"; String output2Expected = "e68f69b7f096d7917245f5e5cf8ae1595febe4d4644333c99f9c4a1282031c9f"; Assert.Equal(output1Expected, output1.ToHex()); Assert.Equal(output2Expected, output2.ToHex()); }
public void ComputeHash_WithKey_ExceptionTest() { HmacSha256 hmac = new HmacSha256(); Exception ex = Assert.Throws <ArgumentNullException>(() => hmac.ComputeHash(null, new byte[1])); Assert.Contains("Data can not be null", ex.Message); ex = Assert.Throws <ArgumentNullException>(() => hmac.ComputeHash(new byte[1], null)); Assert.Contains("Key can not be null", ex.Message); hmac.Dispose(); ex = Assert.Throws <ObjectDisposedException>(() => hmac.ComputeHash(new byte[1], new byte[1])); }
public static void Test(string key, string msg, string mac) { var a = new HmacSha256(); using (var k = Key.Import(a, key.DecodeHex(), KeyBlobFormat.RawSymmetricKey)) { var m = msg.DecodeHex(); var expected = mac.DecodeHex(); var actual = a.Sign(k, m, expected.Length); Assert.Equal(expected, actual); Assert.True(a.TryVerify(k, m, expected)); } }
/// <summary> /// This method handles when the user press the Register button /// </summary> /// <param name="sender"></param> /// <param name="e"></param> async void btnRegister_Clicked(object sender, EventArgs e) { Activity.IsRunning = true; //We check if fields are entered properly if (String.IsNullOrEmpty(email.Text) && String.IsNullOrEmpty(username.Text) && String.IsNullOrEmpty(password.Text)) { await DisplayAlert("Oops", "Please fill in the fields", "OK"); } //We are using EmailValidatorBehavior to check if the email entered is correct using Regex [changes to red when wrong] //Display Alert if email is wrong else if (email.TextColor == Color.Red) { await DisplayAlert("Oops", "Invalid Email address", "OK"); } else { //Initialising........Storing text/data from the Entry fields string newEmail = email.Text; string newUser = username.Text; //Initailizing data to begin our HmacSHA256 encryption on the password //Our private key byte[] shaKey = Encoding.UTF8.GetBytes("test"); //Encode password.... //We first have to convert password to byte format byte[] newPassword = Encoding.UTF8.GetBytes(password.Text); //Encode password to sha256 HmacSha256 newHash256 = new HmacSha256(newPassword); byte[] newHashPassword = newHash256.ComputeHash(newPassword); //Read our password as a string this allows us to add it to our JSON file string newStringHashPassword = BitConverter.ToString(newHashPassword); //Creates a new user object and uses the data from the user and creates a JSON formatted data structure User NewUser = User.CreateUserFromJson("{\"Username\":\"" + newUser + "\", \"Email\":\"" + newEmail + "\", \"Password\":\"" + newStringHashPassword + "\"}"); /* Passes NewUser object with our JSON format to the RegisterJson object * RegisterJson object contains the method Save() which contacts the server */ ServerJson userjson = new ServerJson(); userjson.Save(NewUser); //Registration finished pop up await DisplayAlert("Alert", "User Registered", "OK"); await Navigation.PushModalAsync(new LoginPage()); } Activity.IsRunning = false; }
/// <summary> /// Releases the resources used by the <see cref="Rfc6979"/> class. /// </summary> /// <param name="disposing"> /// True to release both managed and unmanaged resources; false to release only unmanaged resources. /// </param> protected virtual void Dispose(bool disposing) { if (!isDisposed) { if (disposing) { if (!(HmacK is null)) { HmacK.Dispose(); } HmacK = null; } isDisposed = true; } }
public void ComputeHash_Reuse_Test(byte[] key1, byte[] data1_1, byte[] exp1_1, byte[] data1_2, byte[] exp1_2, byte[] key2, byte[] data2_1, byte[] exp2_1, byte[] data2_2, byte[] exp2_2) { using HmacSha256 hmac = new HmacSha256(); byte[] actual1_1 = hmac.ComputeHash(data1_1, key1); Assert.Equal(exp1_1, actual1_1); byte[] actual2_1 = hmac.ComputeHash(data2_1, key2); // use different key on each call Assert.Equal(exp2_1, actual2_1); byte[] actual1_2 = hmac.ComputeHash(data1_2, key1); Assert.Equal(exp1_2, actual1_2); byte[] actual2_2 = hmac.ComputeHash(data2_2, key2); Assert.Equal(exp2_2, actual2_2); }
/// <summary> /// This method handles when the users press the login button /// </summary> /// <param name="sender"></param> /// <param name="e"></param> async void btnLogin_Clicked(object sender, EventArgs e) { //Acitvity indicator Activity.IsRunning = true; ServerJson checkUser = new ServerJson(); //Checking for empty fields Debug.WriteLine("Check for Empty fields"); if (String.IsNullOrWhiteSpace(username.Text) || (String.IsNullOrWhiteSpace(password.Text))) { await DisplayAlert("Oops", "Please fill in the fields", "OK"); } else { //Initailizing data to begin our HmacSHA256 encryption on the password //Our private key byte[] shaKey = Encoding.UTF8.GetBytes("test"); //Encode password.... //We first have to convert password to byte format byte[] newPassword = Encoding.UTF8.GetBytes(password.Text); //Encode password to sha256 HmacSha256 newHash256 = new HmacSha256(newPassword); byte[] newHashPassword = newHash256.ComputeHash(newPassword); //Read our password as a string this allows us to add it to our JSON file string newStringHashPassword = BitConverter.ToString(newHashPassword); //Check if user password and username match Method is called in ServerJson.cs Debug.WriteLine("Check true of false for matching username and password"); bool result = await checkUser.CheckUserPasswordAsync(username.Text, newStringHashPassword); if (result == true) { //If result is true we log the user in and store it's username in data Application.Current.Properties["LoggedInUser"] = username.Text; await Application.Current.SavePropertiesAsync(); //Push user to mainpage after login await Navigation.PushModalAsync(new MainPage()); } if (result == false) { await DisplayAlert("Oops", "Invalid Login Credentials", "Ok"); } } Activity.IsRunning = false; }
public void ComputeHash_CtorKey_ReuseTest(byte[] key1, byte[] data1_1, byte[] exp1_1, byte[] data1_2, byte[] exp1_2, byte[] key2, byte[] data2_1, byte[] exp2_1, byte[] data2_2, byte[] exp2_2) { using HmacSha256 hmac = new HmacSha256(key1); byte[] actual1_1 = hmac.ComputeHash(data1_1); Assert.Equal(exp1_1, actual1_1); byte[] actual1_2 = hmac.ComputeHash(data1_2); Assert.Equal(exp1_2, actual1_2); // change key hmac.Key = key2; byte[] actual2_1 = hmac.ComputeHash(data2_1); Assert.Equal(exp2_1, actual2_1); byte[] actual2_2 = hmac.ComputeHash(data2_2); Assert.Equal(exp2_2, actual2_2); }
public static void Properties() { var a = new HmacSha256(); Assert.Equal(32, HmacSha256.MinKeySize); Assert.Equal(32, HmacSha256.MaxKeySize); Assert.Equal(16, HmacSha256.MinMacSize); Assert.Equal(32, HmacSha256.MaxMacSize); Assert.Equal(32, a.KeySize); Assert.Equal(32, a.MacSize); Assert.Equal(32, MacAlgorithm.HmacSha256_128.KeySize); Assert.Equal(16, MacAlgorithm.HmacSha256_128.MacSize); Assert.Equal(32, MacAlgorithm.HmacSha256.KeySize); Assert.Equal(32, MacAlgorithm.HmacSha256.MacSize); }
public void ComputeHash_ExceptionTest() { HmacSha256 hmac = new HmacSha256(); Exception ex = Assert.Throws <ArgumentNullException>(() => hmac.ComputeHash(null)); Assert.Contains("Data can not be null", ex.Message); ex = Assert.Throws <ArgumentNullException>(() => hmac.ComputeHash(new byte[1])); Assert.Contains("Key must be set before calling this function", ex.Message); hmac.Key = new byte[1]; ex = Assert.Throws <ArgumentNullException>(() => hmac.ComputeHash(null)); Assert.Contains("Data can not be null", ex.Message); hmac.Dispose(); ex = Assert.Throws <ObjectDisposedException>(() => hmac.ComputeHash(new byte[1])); }
void HandleAuthContinuedSessionCallback(AuthContinuedSession authSession, SQLResult result) { if (result.IsEmpty()) { SendAuthResponseError(BattlenetRpcErrorCode.Denied); CloseSocket(); return; } ConnectToKey key = new ConnectToKey(); _key = key.Raw = authSession.Key; uint accountId = key.AccountId; string login = result.Read <string>(0); _sessionKey = result.Read <byte[]>(1); HmacSha256 hmac = new HmacSha256(_sessionKey); hmac.Process(BitConverter.GetBytes(authSession.Key), 8); hmac.Process(authSession.LocalChallenge, authSession.LocalChallenge.Length); hmac.Process(_serverChallenge, 16); hmac.Finish(ContinuedSessionSeed, 16); if (!hmac.Digest.Compare(authSession.Digest)) { Log.outError(LogFilter.Network, "WorldSocket.HandleAuthContinuedSession: Authentication failed for account: {0} ('{1}') address: {2}", accountId, login, GetRemoteIpAddress()); CloseSocket(); return; } HmacSha256 encryptKeyGen = new HmacSha256(_sessionKey); encryptKeyGen.Process(authSession.LocalChallenge, authSession.LocalChallenge.Length); encryptKeyGen.Process(_serverChallenge, 16); encryptKeyGen.Finish(EncryptionKeySeed, 16); // only first 16 bytes of the hmac are used Buffer.BlockCopy(encryptKeyGen.Digest, 0, _encryptKey, 0, 16); SendPacket(new EnterEncryptedMode(_encryptKey, true)); AsyncRead(); }
/// <summary> /// Encrypts a message with this public key using Elliptic Curve Integrated Encryption Scheme (ECIES) /// with AES-128-CBC as cipher and HMAC-SHA256 as MAC. /// </summary> /// <exception cref="ArgumentNullException"/> /// <param name="message">Message to encrypt</param> /// <param name="magic"> /// [Default value = BIE1] /// A magic string added to encrypted result before computing its HMAC-SHA256 /// </param> /// <returns>Encrypted result as a base-64 encoded string</returns> public string Encrypt(string message, string magic = "BIE1") { if (message is null) { throw new ArgumentNullException(nameof(message), "Mesage can not be null."); } if (magic is null) { throw new ArgumentNullException(nameof(magic), "Magic can not be null."); } byte[] magicBytes = Encoding.UTF8.GetBytes(magic); // TODO: investigate if this can become deterministic (it can't be based on message or pubkey // otherwise the ephemeral key is revealed) using SharpRandom rng = new SharpRandom(); using PrivateKey ephemeral = new PrivateKey(rng); byte[] ecdhKey = new PublicKey(calc.Multiply(ephemeral.ToBigInt(), point)).ToByteArray(true); using Sha512 sha512 = new Sha512(); byte[] key = sha512.ComputeHash(ecdhKey); using Aes aes = new AesManaged { KeySize = 128, Key = key.SubArray(16, 16), Mode = CipherMode.CBC, IV = key.SubArray(0, 16), Padding = PaddingMode.PKCS7 }; using ICryptoTransform encryptor = aes.CreateEncryptor(); using MemoryStream encStream = new MemoryStream(); using CryptoStream cryptStream = new CryptoStream(encStream, encryptor, CryptoStreamMode.Write); using (StreamWriter swEncrypt = new StreamWriter(cryptStream)) { swEncrypt.Write(message); } byte[] encrypted = magicBytes.ConcatFast(ephemeral.ToPublicKey().ToByteArray(true)).ConcatFast(encStream.ToArray()); using HmacSha256 hmac = new HmacSha256(); byte[] mac = hmac.ComputeHash(encrypted, key.SubArray(32)); return(encrypted.ConcatFast(mac).ToBase64()); }
public byte[] ApplyActOne(ECKeyPair ephemeralKeyPair = null) { if (_state.HandshakeState != HandshakeState.Initialized) { throw new InvalidOperationException($"Invalid handshake state {_state.HandshakeState}. Must be Initialized"); } _state.EphemeralKeyPair = ephemeralKeyPair ?? Secp256K1.GenerateKeyPair(); byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(_state.EphemeralKeyPair.PublicKeyCompressed)); byte[] ss = ECDH.ComputeHashedPoint(_state.RemoteAddress.PublicKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey); (byte[] chainingKey, byte[] tempK1) = HmacSha256.ComputeHashes(_state.ChainingKey, ss); _state.ChainingKey = chainingKey; (_, byte[] tag) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK1, _state.SendNonce.GetBytes(), handshakeHash, new byte[0]); handshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(tag)); _state.HandshakeHash = handshakeHash; _state.HandshakeState = HandshakeState.Act1; return(ByteExtensions.Combine(new byte[] { 0 }, _state.EphemeralKeyPair.PublicKeyCompressed, tag)); }
public void Test_HmacSha256() { // http://tools.ietf.org/html/rfc4868#section-2.7.1 { var key = NetworkConverter.FromHexString("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"); var value = NetworkConverter.FromHexString("4869205468657265"); using (MemoryStream stream = new MemoryStream(value)) { var s = NetworkConverter.ToHexString(HmacSha256.ComputeHash(stream, key)); } using (HMACSHA256 hmacSha256 = new HMACSHA256(key)) { var s = NetworkConverter.ToHexString(hmacSha256.ComputeHash(value)); } } var list = new List <int>(); list.Add(1); list.Add(64); list.Add(128); byte[] buffer = new byte[1024 * 32]; _random.NextBytes(buffer); for (int i = 0; i < list.Count; i++) { byte[] key = new byte[list[i]]; _random.NextBytes(key); using (MemoryStream stream1 = new MemoryStream(buffer)) using (MemoryStream stream2 = new MemoryStream(buffer)) { using (HMACSHA256 hmacSha256 = new HMACSHA256(key)) { Assert.IsTrue(Unsafe.Equals(hmacSha256.ComputeHash(stream1), HmacSha256.ComputeHash(stream2, key))); } } } }
public byte[] ApplyActTwo(ECKeyPair initiatorEphemeralKey, ECKeyPair localEphemeralKey = null) { if (_state.HandshakeState != HandshakeState.Act1) { throw new InvalidOperationException($"Invalid Handshake state {_state.HandshakeState}. Must be Act1"); } _state.EphemeralKeyPair = localEphemeralKey ?? Secp256K1.GenerateKeyPair(); byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(_state.EphemeralKeyPair.PublicKeyCompressed)); byte[] ss = ECDH.ComputeHashedPoint(initiatorEphemeralKey.PublicKeyParameters, _state.EphemeralKeyPair.PrivateKey); (byte[] chainingKey, byte[] tempK2) = HmacSha256.ComputeHashes(_state.ChainingKey, ss); (_, byte[] tag1) = ChaCha20Poly1305.EncryptWithAdditionalData(tempK2, new byte[12], handshakeHash, new byte[0]); handshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(tag1)); _state.HandshakeHash = handshakeHash; _state.ChainingKey = chainingKey; _state.TempKey2 = tempK2; _state.HandshakeState = HandshakeState.Act2; return(ByteExtensions.Combine(new byte[] { 0 }, _state.EphemeralKeyPair.PublicKeyCompressed, tag1)); }
public (byte[] tempK1, ECKeyPair ephemeralKey) ReadActOneRequest(Span <byte> message, int length) { if (_state.HandshakeState != HandshakeState.Initialized) { throw new InvalidOperationException($"Invalid handshake state {_state.HandshakeState}. Must be Initialized"); } if (length != 50) { throw new ArgumentException("ACT1_READ_FAILED"); } byte version = message.Slice(0, 1)[0]; ECKeyPair responderEphemeralKey = new ECKeyPair(message.Slice(1, 33), false); Span <byte> c = message.Slice(34, 16); if (version != 0) { throw new NotSupportedException("ACT1_BAD_VERSION"); } byte[] handshakeHash = SHA256.ComputeHash(_state.HandshakeHash.ConcatToNewArray(responderEphemeralKey.PublicKeyCompressed)); byte[] ss = ECDH.ComputeHashedPoint(responderEphemeralKey.PublicKeyParameters, _state.LocalKeyPair.PrivateKey); (byte[] chainingKey, byte[] tempK1) = HmacSha256.ComputeHashes(_state.ChainingKey, ss); _state.ChainingKey = chainingKey; (_, byte[] mac) = ChaCha20Poly1305.DecryptWithAdditionalData(tempK1, _state.ReceiveNonce.GetBytes(), handshakeHash, new byte[0]); if (!c.SequenceEqual(mac)) { throw new ArgumentException("ACT1_BAD_TAG"); } _state.ReceiveNonce.Increment(); _state.HandshakeHash = SHA256.ComputeHash(handshakeHash.ConcatToNewArray(c.ToArray())); _state.HandshakeState = HandshakeState.Act1; return(tempK1, responderEphemeralKey); }