public static string HMACSign(string data, System.Security.SecureString key, KeyedHashAlgorithm algorithm)
#endif
{
#if UNITY
if (String.IsNullOrEmpty(key))
#else
if (null == key)
#endif
{
throw new ArgumentNullException("key", "The AWS Secret Access Key specified is NULL!");
}
if (String.IsNullOrEmpty(data))
{
throw new ArgumentNullException("data", "Please specify data to sign.");
}
if (null == algorithm)
{
throw new ArgumentNullException("algorithm", "Please specify a KeyedHashAlgorithm to use.");
}
#if UNITY
try
{
algorithm.Key = Encoding.UTF8.GetBytes(key);
return Convert.ToBase64String(algorithm.ComputeHash(
Encoding.UTF8.GetBytes(data.ToCharArray()))
);
}
finally
{
algorithm.Clear();
}
#else
// pointer to hold unmanaged reference to SecureString instance
IntPtr bstr = IntPtr.Zero;
char[] charArray = new char[key.Length];
try
{
// Marshal SecureString into byte array
bstr = Marshal.SecureStringToBSTR(key);
Marshal.Copy(bstr, charArray, 0, charArray.Length);
algorithm.Key = Encoding.UTF8.GetBytes(charArray);
return Convert.ToBase64String(algorithm.ComputeHash(
Encoding.UTF8.GetBytes(data.ToCharArray()))
);
}
finally
{
// Make sure that the clear text data is zeroed out
Marshal.ZeroFreeBSTR(bstr);
algorithm.Clear();
Array.Clear(charArray, 0, charArray.Length);
}
#endif
}
static string GetStringHash (KeyedHashAlgorithm kha, string str)
{
if (String.IsNullOrEmpty (str))
return String.Empty;
string result;
Dictionary <string, string> cache = StringHashCache;
if (cache.TryGetValue (str, out result))
return result;
result = Convert.ToBase64String (kha.ComputeHash (Encoding.UTF8.GetBytes (str)));
cache.Add (str, result);
return result;
}
/// <summary>
/// Computes RFC 2104-compliant HMAC signature
/// </summary>
/// <param name="data">The data to be signed</param>
/// <param name="key">The secret signing key</param>
/// <param name="algorithm">The algorithm to sign the data with</param>
/// <exception cref="T:System.ArgumentNullException"/>
/// <returns>A string representing the HMAC signature</returns>
public static string HMACSign(byte[] data, string key, KeyedHashAlgorithm algorithm)
{
if (String.IsNullOrEmpty(key))
{
throw new ArgumentNullException("key", "Please specify a Secret Signing Key.");
}
if (data == null || data.Length == 0)
{
throw new ArgumentNullException("data", "Please specify data to sign.");
}
if (null == algorithm)
{
throw new ArgumentNullException("algorithm", "Please specify a KeyedHashAlgorithm to use.");
}
try
{
algorithm.Key = Encoding.UTF8.GetBytes(key);
byte[] bytes = algorithm.ComputeHash(data);
return Convert.ToBase64String(bytes);
}
finally
{
algorithm.Clear();
}
}
public MFTestResults HmacTest_Test1()
{
bool testResult = false;
try
{
string dataToSign = "This is a simple message to be encrypted";
byte[] data = System.Text.UTF8Encoding.UTF8.GetBytes(dataToSign);
Mechanism mech = new Mechanism(MechanismType.SHA_1_HMAC);
using (Session openSession = new Session("", mech.Type))
{
using (KeyedHashAlgorithm hmacOpenSSL = new KeyedHashAlgorithm(KeyedHashAlgorithmType.HMACSHA1, openSession))
{
byte[] hmac1 = hmacOpenSSL.ComputeHash(data);
byte[] hmac2 = hmacOpenSSL.ComputeHash(data);
data[3] = (byte)((data[3] & 1) == 0 ? data[3] + 1 : data[3] - 1);
byte[] hmac3 = hmacOpenSSL.ComputeHash(data);
testResult = true;
bool difFound = false;
for (int i = 0; i < hmac1.Length; i++)
{
if (hmac1[i] != hmac2[i])
{
testResult = false;
break;
}
if (hmac1[i] != hmac1[3])
{
difFound = true;
}
}
testResult &= difFound;
}
}
}
catch (Exception ex)
{
Log.Exception("Unexpected Exception", ex);
}
return (testResult ? MFTestResults.Pass : MFTestResults.Fail);
}
public MFTestResults HmacTest_Compare()
{
bool testResult = false;
if (!m_isEmulator) return MFTestResults.Skip;
try
{
CryptokiAttribute[] secretKey = new CryptokiAttribute[]
{
new CryptokiAttribute(CryptokiAttribute.CryptokiType.Class , new byte[] { 4, 0, 0, 0}),
new CryptokiAttribute(CryptokiAttribute.CryptokiType.KeyType, new byte[] { 0x10, 0, 0, 0}),
new CryptokiAttribute(CryptokiAttribute.CryptokiType.Value , new byte[20])
};
Mechanism mech = new Mechanism(MechanismType.SHA_1_HMAC);
using (Session openSession = new Session("", mech.Type))
{
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(openSession))
{
rng.GetBytes(secretKey[2].Value);
}
using (CryptoKey keyOpen = CryptoKey.LoadKey(openSession, secretKey))
{
string dataToSign = "This is a simple message to be encrypted";
byte[] data = System.Text.UTF8Encoding.UTF8.GetBytes(dataToSign);
using (KeyedHashAlgorithm hmacOpenSSL = new KeyedHashAlgorithm(KeyedHashAlgorithmType.HMACSHA1, keyOpen))
{
byte[] hmac1 = hmacOpenSSL.ComputeHash(data);
using (Session emuSession = new Session("Emulator_Crypto", mech.Type))
{
using (CryptoKey keyEmu = CryptoKey.LoadKey(emuSession, secretKey))
{
using (KeyedHashAlgorithm hmacEmu = new KeyedHashAlgorithm(KeyedHashAlgorithmType.HMACSHA1, keyEmu))
{
byte[] hmac2 = hmacEmu.ComputeHash(data);
testResult = true;
for (int i = 0; i < hmac1.Length; i++)
{
if (hmac1[i] != hmac2[i])
{
testResult = false;
break;
}
}
}
}
}
}
}
}
}
catch (Exception ex)
{
Log.Exception("Unexpected Exception", ex);
}
return (testResult ? MFTestResults.Pass : MFTestResults.Fail);
}
public void ComputeSignature (KeyedHashAlgorithm macAlg)
{
if (macAlg == null)
throw new ArgumentNullException ("macAlg");
string method = null;
if (macAlg is HMACSHA1) {
method = XmlDsigHMACSHA1Url;
} else if (macAlg is HMACSHA256) {
method = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
} else if (macAlg is HMACSHA384) {
method = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
} else if (macAlg is HMACSHA512) {
method = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
} else if (macAlg is HMACRIPEMD160) {
method = "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
}
if (method == null)
throw new CryptographicException ("unsupported algorithm");
DigestReferences ();
m_signature.SignedInfo.SignatureMethod = method;
m_signature.SignatureValue = macAlg.ComputeHash (SignedInfoTransformed ());
}
public bool CheckSignature (KeyedHashAlgorithm macAlg)
{
if (macAlg == null)
throw new ArgumentNullException ("macAlg");
pkEnumerator = null;
// Is the signature (over SignedInfo) valid ?
Stream s = SignedInfoTransformed ();
if (s == null)
return false;
byte[] actual = macAlg.ComputeHash (s);
// HMAC signature may be partial and specified by <HMACOutputLength>
if (m_signature.SignedInfo.SignatureLength != null) {
int length = Int32.Parse (m_signature.SignedInfo.SignatureLength);
// we only support signatures with a multiple of 8 bits
// and the value must match the signature length
if ((length & 7) != 0)
throw new CryptographicException ("Signature length must be a multiple of 8 bits.");
// SignatureLength is in bits (and we works on bytes, only in multiple of 8 bits)
// and both values must match for a signature to be valid
length >>= 3;
if (length != m_signature.SignatureValue.Length)
throw new CryptographicException ("Invalid signature length.");
// is the length "big" enough to make the signature meaningful ?
// we use a minimum of 80 bits (10 bytes) or half the HMAC normal output length
// e.g. HMACMD5 output 128 bits but our minimum is 80 bits (not 64 bits)
int minimum = Math.Max (10, actual.Length / 2);
if (length < minimum)
throw new CryptographicException ("HMAC signature is too small");
if (length < actual.Length) {
byte[] trunked = new byte [length];
Buffer.BlockCopy (actual, 0, trunked, 0, length);
actual = trunked;
}
}
if (Compare (m_signature.SignatureValue, actual)) {
// some parts may need to be downloaded
// so where doing it last
return CheckReferenceIntegrity (m_signature.SignedInfo.References);
}
return false;
}
static Boolean Test(Session session)
{
Boolean bRes = true;
Byte[] abKey1 = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
Byte[] abData1 = (new System.Text.UTF8Encoding()).GetBytes("Hi There");
Byte[] abDigest1 = { 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, 0xf1, 0x46, 0xbe, 0x00 };
Byte[] abKey2 = (new System.Text.UTF8Encoding()).GetBytes("Jefe");
Byte[] abData2 = (new System.Text.UTF8Encoding()).GetBytes("what do ya want for nothing?");
Byte[] abDigest2 = { 0xef, 0xfc, 0xdf, 0x6a, 0xe5, 0xeb, 0x2f, 0xa2, 0xd2, 0x74, 0x16, 0xd5, 0xf1, 0x84, 0xdf, 0x9c, 0x25, 0x9a, 0x7c, 0x79 };
CryptoKey key1 = CryptoKey.LoadKey(session, new CryptokiAttribute[] {
new CryptokiAttribute(CryptokiAttribute.CryptokiType.Class , Utility.ConvertToBytes((int)CryptokiClass.SECRET_KEY)),
new CryptokiAttribute(CryptokiAttribute.CryptokiType.KeyType, Utility.ConvertToBytes((int)CryptoKey.KeyType.GENERIC_SECRET)),
new CryptokiAttribute(CryptokiAttribute.CryptokiType.Value , abKey1)
});
CryptoKey key2 = CryptoKey.LoadKey(session, new CryptokiAttribute[] {
new CryptokiAttribute(CryptokiAttribute.CryptokiType.Class , Utility.ConvertToBytes((int)CryptokiClass.SECRET_KEY)),
new CryptokiAttribute(CryptokiAttribute.CryptokiType.KeyType, Utility.ConvertToBytes((int)CryptoKey.KeyType.GENERIC_SECRET)),
new CryptokiAttribute(CryptokiAttribute.CryptokiType.Value , abKey2)
});
Log.Comment("Testing rc21 hash...");
using(KeyedHashAlgorithm rc21 = new KeyedHashAlgorithm(KeyedHashAlgorithmType.HMACSHA1, key1))
using (KeyedHashAlgorithm rc22 = new KeyedHashAlgorithm(KeyedHashAlgorithmType.HMACSHA1, key2))
{
rc21.ComputeHash(abData1);
rc22.ComputeHash(abData2);
Log.Comment("The computed hash #1 is : ");
PrintByteArray(rc21.Hash);
Log.Comment("The correct hash #1 is : ");
PrintByteArray(abDigest1);
if (Compare(rc21.Hash, abDigest1))
{
Log.Comment("CORRECT");
}
else
{
Log.Comment("INCORRECT");
bRes = false;
}
Log.Comment("The computed hash #2 is : ");
PrintByteArray(rc22.Hash);
Log.Comment("The correct hash #2 is : ");
PrintByteArray(abDigest2);
if (Compare(rc22.Hash, abDigest2))
{
Log.Comment("CORRECT");
}
else
{
Log.Comment("INCORRECT");
bRes = false;
}
}
return bRes;
}
public static bool RunTest(KeyedHashAlgorithm hmac, TestVectorInfo[] vectors)
{
byte[] computedHash = null;
byte[] computedHashTruncated = null;
foreach (TestVectorInfo vector in vectors)
{
CryptoKey key = CryptoKey.LoadKey(hmac.Session, new CryptokiAttribute[] {
new CryptokiAttribute(CryptokiAttribute.CryptokiType.Class , Utility.ConvertToBytes((int)CryptokiClass.SECRET_KEY)),
new CryptokiAttribute(CryptokiAttribute.CryptokiType.KeyType, Utility.ConvertToBytes((int)CryptoKey.KeyType.GENERIC_SECRET)),
new CryptokiAttribute(CryptokiAttribute.CryptokiType.Value , vector.key)
});
hmac.Key = key;
computedHash = hmac.ComputeHash(vector.data);
if (vector.truncation > 0)
{
computedHashTruncated = new byte[vector.truncation / 8];
Array.Copy(computedHash, computedHashTruncated, vector.truncation / 8);
}
else
{
computedHashTruncated = computedHash;
}
if (!CompareBytes(computedHashTruncated, vector.value))
{
Log.Comment("Error - HMAC value miscomparison");
Log.Comment("Data: " + ByteArrayToString(vector.data));
Log.Comment("Key: " + ByteArrayToString(vector.key));
Log.Comment("Actual Result: " + ByteArrayToString(computedHash));
Log.Comment("Expected Result: " + ByteArrayToString(vector.value));
return false;
}
}
return true;
}
public static string HMACSign(string data, SecureString key, KeyedHashAlgorithm algorithm)
{
string str;
if (key == null)
{
throw new ArgumentNullException("key", "Please specify a Secret Signing Key.");
}
if (string.IsNullOrEmpty(data))
{
throw new ArgumentNullException("data", "Please specify data to sign.");
}
if (algorithm == null)
{
throw new ArgumentNullException("algorithm", "Please specify a KeyedHashAlgorithm to use.");
}
IntPtr zero = IntPtr.Zero;
char[] destination = new char[key.Length];
try
{
zero = Marshal.SecureStringToBSTR(key);
Marshal.Copy(zero, destination, 0, destination.Length);
algorithm.Key = Encoding.UTF8.GetBytes(destination);
str = Convert.ToBase64String(algorithm.ComputeHash(Encoding.UTF8.GetBytes(data.ToCharArray())));
}
finally
{
Marshal.ZeroFreeBSTR(zero);
algorithm.Clear();
Array.Clear(destination, 0, destination.Length);
}
return str;
}
private static byte[] HashDataUsingKeyedAlgorithm(KeyedHashAlgorithm hashAlgo, byte[] buf, byte[] modifier, int start, int length, byte[] validationKey)
{
int num = length + ((modifier != null) ? modifier.Length : 0);
byte[] dst = new byte[num];
Buffer.BlockCopy(buf, start, dst, 0, length);
if (modifier != null)
{
Buffer.BlockCopy(modifier, 0, dst, length, modifier.Length);
}
hashAlgo.Key = validationKey;
return hashAlgo.ComputeHash(dst);
}
public static string HMACSign(string data, string key, KeyedHashAlgorithm algorithm)
{
string str;
if (string.IsNullOrEmpty(key))
{
throw new ArgumentNullException("key", "Please specify a Secret Signing Key.");
}
if (string.IsNullOrEmpty(data))
{
throw new ArgumentNullException("data", "Please specify data to sign.");
}
if (algorithm == null)
{
throw new ArgumentNullException("algorithm", "Please specify a KeyedHashAlgorithm to use.");
}
try
{
algorithm.Key = Encoding.UTF8.GetBytes(key);
str = Convert.ToBase64String(algorithm.ComputeHash(Encoding.UTF8.GetBytes(data)));
}
finally
{
algorithm.Clear();
}
return str;
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
private static byte[] HashDataUsingKeyedAlgorithm(KeyedHashAlgorithm hashAlgo, byte[] buf, byte[] modifier,
int start, int length, byte[] validationKey)
{
int totalLength = length + ((modifier != null) ? modifier.Length : 0);
byte [] bAll = new byte[totalLength];
Buffer.BlockCopy(buf, start, bAll, 0, length);
if (modifier != null) {
Buffer.BlockCopy(modifier, 0, bAll, length, modifier.Length);
}
hashAlgo.Key = validationKey;
return hashAlgo.ComputeHash(bAll);
}
static string GetStringHash (KeyedHashAlgorithm kha, string str)
{
if (String.IsNullOrEmpty (str))
return String.Empty;
string result;
try {
_stringHashCacheLock.EnterUpgradeableReadLock ();
if (stringHashCache.TryGetValue (str, out result))
return result;
try {
_stringHashCacheLock.EnterWriteLock ();
if (stringHashCache.TryGetValue (str, out result))
return result;
result = Convert.ToBase64String (kha.ComputeHash (Encoding.UTF8.GetBytes (str)));
stringHashCache.Add (str, result);
} finally {
_stringHashCacheLock.ExitWriteLock ();
}
} finally {
_stringHashCacheLock.ExitUpgradeableReadLock ();
}
return result;
}
/**
* Computes RFC 2104-compliant HMAC signature.
*/
private String Sign(String data, String key, KeyedHashAlgorithm algorithm)
{
Encoding encoding = new UTF8Encoding();
algorithm.Key = encoding.GetBytes(key);
return Convert.ToBase64String(algorithm.ComputeHash(
encoding.GetBytes(data.ToCharArray())));
}
/// <summary>
/// Generate a HA1 hash
/// </summary>
/// <param name="realm">Realm that the user want to authenticate in</param>
/// <param name="userName">User Name</param>
/// <param name="password">Password</param>
/// /// <para>
/// A HA1 hash is simply a Md5 encoded string: "UserName:Realm:Password". The quotes should
/// not be included. Realm is the currently requested Host (as in <c>Request.Headers["host"]</c>).
/// </para>
/// <returns></returns>
private string Encode(string realm, string userName, string password)
{
string toHash = String.Concat(userName, ":", realm, ":", password);
KeyedHashAlgorithm crypto = new KeyedHashAlgorithm(KeyedHashAlgorithmType.HMACMD5);
byte[] value = crypto.ComputeHash(Encoding.UTF8.GetBytes(toHash));
return ByteUtility.GetString(value);
}
