private void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA384()){
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
}
}
public string Encrypt(Encoding encode, string text, string key)
{
using (var sha = new System.Security.Cryptography.HMACSHA384(encode.GetBytes(key)))
{
var hash = sha.ComputeHash(encode.GetBytes(text));
return(ByteToString.Convert(hash));
}
}
public static byte[] Hash(string key, string value)
{
byte[] keyBytes = Encoding.UTF8.GetBytes(key);
byte[] data = Encoding.UTF8.GetBytes(value);
var cipher = new System.Security.Cryptography.HMACSHA384(keyBytes);
byte[] result = cipher.ComputeHash(data);
return(result);
}
private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA384(passwordSalt))
{
var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != passwordHash[i])
{
return(false);
}
}
};
return(true);
}
public void Execute()
{
ProgressChanged(0, 1);
System.Security.Cryptography.HMAC hmacAlgorithm;
switch ((HMACSettings.HashFunction)settings.SelectedHashFunction)
{
case HMACSettings.HashFunction.MD5:
hmacAlgorithm = new System.Security.Cryptography.HMACMD5();
break;
case HMACSettings.HashFunction.RIPEMD160:
hmacAlgorithm = new System.Security.Cryptography.HMACRIPEMD160();
break;
case HMACSettings.HashFunction.SHA1:
hmacAlgorithm = new System.Security.Cryptography.HMACSHA1();
break;
case HMACSettings.HashFunction.SHA256:
hmacAlgorithm = new System.Security.Cryptography.HMACSHA256();
break;
case HMACSettings.HashFunction.SHA384:
hmacAlgorithm = new System.Security.Cryptography.HMACSHA384();
break;
case HMACSettings.HashFunction.SHA512:
hmacAlgorithm = new System.Security.Cryptography.HMACSHA512();
break;
default:
GuiLogMessage("No hash algorithm for HMAC selected, using MD5.", NotificationLevel.Warning);
hmacAlgorithm = new System.Security.Cryptography.HMACMD5();
break;
}
hmacAlgorithm.Key = key;
OutputData = (inputData != null) ? hmacAlgorithm.ComputeHash(inputData.CreateReader()) : hmacAlgorithm.ComputeHash(new byte[] {});
GuiLogMessage(String.Format("HMAC computed. (using hash algorithm {0}: {1})", settings.SelectedHashFunction, hmacAlgorithm.GetType().Name), NotificationLevel.Info);
ProgressChanged(1, 1);
}
// https://api.bitfinex.com/v1/order/new
// http://bitcoin.stackexchange.com/questions/25835/bitfinex-api-call-returns-400-bad-request
public static async void GetBalance()
{
string APISECRET = "";
string APIKEY = "";
//POST data
try
{
// long nonce = System.DateTime.Now.ToUnixTimestampMS(); //returns a strictly increasing timestamp based number e.g. 1402207693893
long nonce = DateHelper.GetCurrentUnixTimestampMillis();
string uri = "https://api.bitfinex.com/v1/balances";
string paramDict = "{\"request\": \"/v1/balances\",\"nonce\": \"" + nonce + "\"}"; //ie. {"request": "/v1/balances","nonce": "1402207693893"}
string payload = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(paramDict));
//API Sign
string hexHash = null;
using (System.Security.Cryptography.HMACSHA384 hmac =
new System.Security.Cryptography.HMACSHA384(System.Text.Encoding.UTF8.GetBytes(APISECRET)))
{
byte[] hash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(payload));
hexHash = System.BitConverter.ToString(hash).Replace("-", "").ToLowerInvariant();
}
System.Collections.Generic.Dictionary <string, string> headers =
new System.Collections.Generic.Dictionary <string, string>();
headers.Add("X-BFX-APIKEY", APIKEY); //My API KEY
headers.Add("X-BFX-PAYLOAD", payload);
headers.Add("X-BFX-SIGNATURE", hexHash);
string responseContent = await libCoinBaseSharp.WebClientHelper.PostStream <string>(uri, null, headers);
}
catch (System.Exception e)
{
System.Diagnostics.Debug.WriteLine(e.Message);
throw;
}
}
// https://api.bitfinex.com/v1/order/new
// http://bitcoin.stackexchange.com/questions/25835/bitfinex-api-call-returns-400-bad-request
public static void GetBalance()
{
string APISECRET = "";
string APIKEY = "";
// long nonce = System.DateTime.Now.ToUnixTimestampMS(); //returns a strictly increasing timestamp based number e.g. 1402207693893
long nonce = DateHelper.GetCurrentUnixTimestampMillis();
string path = "https://api.bitfinex.com/v1/balances";
string paramDict = "{\"request\": \"/v1/balances\",\"nonce\": \"" + nonce + "\"}"; //ie. {"request": "/v1/balances","nonce": "1402207693893"}
string payload = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(paramDict));
//API Sign
string hexHash = null;
using (System.Security.Cryptography.HMACSHA384 hmac =
new System.Security.Cryptography.HMACSHA384(System.Text.Encoding.UTF8.GetBytes(APISECRET)))
{
byte[] hash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(payload));
hexHash = System.BitConverter.ToString(hash).Replace("-", "").ToLowerInvariant();
}
System.Collections.Specialized.NameValueCollection headers = new System.Collections.Specialized.NameValueCollection();
headers.Add("X-BFX-APIKEY", APIKEY); //My API KEY
headers.Add("X-BFX-PAYLOAD", payload);
headers.Add("X-BFX-SIGNATURE", hexHash);
//POST data
try
{
//create post request
System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.HttpWebRequest.Create(path);
request.KeepAlive = true;
request.Method = System.Net.Http.HttpMethod.Post.Method;
//add headers
request.Headers.Add(headers);
//write out payload
byte[] byteArray = System.Text.Encoding.UTF8.GetBytes(paramDict);
request.ContentLength = byteArray.Length;
using (System.IO.Stream writer = request.GetRequestStream())
{
writer.Write(byteArray, 0, byteArray.Length);
}
//read reply
using (System.Net.HttpWebResponse response = request.GetResponse() as System.Net.HttpWebResponse)
{
using (System.IO.TextReader reader = new System.IO.StreamReader(response.GetResponseStream()))
{
//get reply (JSON)
string responseContent = reader.ReadToEnd();
System.Console.WriteLine(responseContent);
}
}
}
catch (System.Exception e)
{
//always throws an exception here
System.Diagnostics.Debug.WriteLine(e.Message);
}
}
/// <summary>
/// SHA384 hash algorithm plus hmac.
/// </summary>
public SHA384HMAC()
{
hmac = new System.Security.Cryptography.HMACSHA384();
}
/// <summary>
/// Register an account. Returns true if succeed, otherwise return false and write logs.
/// </summary>
/// <param name="username"></param>
/// <param name="rawPassword"></param>
/// <param name="hashType"></param>
/// <returns></returns>
public static bool RegisterUser(string username, string rawPassword, int hashType)
{
try
{
string hashSaltBase64 = null;
string passwordHashBase64 = null;
byte[] saltBytes;
System.Security.Cryptography.HMAC hmac;
switch (hashType)
{
case (int)Enums.HMAC.MD5:
hashSaltBase64 = null;
using (System.Security.Cryptography.MD5 hasher = System.Security.Cryptography.MD5.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.RIPEMD160:
hashSaltBase64 = null;
using (System.Security.Cryptography.RIPEMD160 hasher = System.Security.Cryptography.RIPEMD160.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.SHA1:
hashSaltBase64 = null;
using (System.Security.Cryptography.SHA1 hasher = System.Security.Cryptography.SHA1.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.SHA256:
hashSaltBase64 = null;
using (System.Security.Cryptography.SHA256 hasher = System.Security.Cryptography.SHA256.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.SHA384:
hashSaltBase64 = null;
using (System.Security.Cryptography.SHA384 hasher = System.Security.Cryptography.SHA384.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.SHA512:
hashSaltBase64 = null;
using (System.Security.Cryptography.SHA512 hasher = System.Security.Cryptography.SHA512.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.HMACMD5:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACMD5(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
case (int)Enums.HMAC.HMACRIPEMD160:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACRIPEMD160(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
case (int)Enums.HMAC.HMACSHA1:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACSHA1(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
case (int)Enums.HMAC.HMACSHA256:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACSHA256(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
case (int)Enums.HMAC.HMACSHA384:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACSHA384(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
case (int)Enums.HMAC.HMACSHA512:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACSHA512(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
default:
throw new NotImplementedException("Unspecified hash type.");
}
var acc = new Account()
{
Uname = username,
HashSaltBase64 = hashSaltBase64,
HashTypeId = hashType,
PasswordHashBase64 = passwordHashBase64,
IsTwoFactor = false,
TwoFactorSecretBase32 = null
};
using (AuthorizeEntities ctx = new AuthorizeEntities())
{
ctx.Accounts.Add(acc);
ctx.SaveChanges();
}
}
catch (Exception ex)
{
Log4netLogger.Error(MethodBase.GetCurrentMethod().DeclaringType, "Cannot register user", ex);
return(false);
}
return(true);
}
public static bool Login(string username, string password)
{
bool isOk = false;
byte[] saltBytes;
System.Security.Cryptography.HMAC hmac;
try
{
using (AuthorizeEntities ctx = new AuthorizeEntities())
{
var acc = ctx.Accounts.Where(x => x.Uname == username).FirstOrDefault();
if (acc != null)
{
switch (acc.HashTypeId)
{
case (int)Enums.HMAC.MD5:
using (System.Security.Cryptography.MD5 hasher = System.Security.Cryptography.MD5.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.RIPEMD160:
using (System.Security.Cryptography.RIPEMD160 hasher = System.Security.Cryptography.RIPEMD160.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.SHA1:
using (System.Security.Cryptography.SHA1 hasher = System.Security.Cryptography.SHA1.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.SHA256:
using (System.Security.Cryptography.SHA256 hasher = System.Security.Cryptography.SHA256.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.SHA384:
using (System.Security.Cryptography.SHA384 hasher = System.Security.Cryptography.SHA384.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.SHA512:
using (System.Security.Cryptography.SHA512 hasher = System.Security.Cryptography.SHA512.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.HMACMD5:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACMD5(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
case (int)Enums.HMAC.HMACRIPEMD160:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACRIPEMD160(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
case (int)Enums.HMAC.HMACSHA1:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACSHA1(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
case (int)Enums.HMAC.HMACSHA256:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACSHA256(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
case (int)Enums.HMAC.HMACSHA384:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACSHA384(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
case (int)Enums.HMAC.HMACSHA512:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACSHA512(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
default:
throw new NotImplementedException("Unspecified hash type.");
}
}
}
}
catch (Exception ex)
{
Log4netLogger.Error(MethodBase.GetCurrentMethod().DeclaringType, "Cannot login", ex);
isOk = false;
}
return(isOk);
}
