private static void CheckSignature(HttpRequestData request, IdentityProvider idp, IOptions options) { // Can't use the query string params as found in HttpReqeustData // because they are already unescaped and we need the exact format // of the original data. var rawQueryStringParams = request.Url.Query.TrimStart('?').Split('&').Select(qp => qp.Split('=')) .ToDictionary(kv => kv[0], kv => kv[1]); var msgParam = ""; string msg; if (rawQueryStringParams.TryGetValue("SAMLRequest", out msg)) { msgParam = "SAMLRequest=" + msg; } else { msgParam = "SAMLResponse=" + rawQueryStringParams["SAMLResponse"]; } var relayStateParam = ""; string relayState; if (rawQueryStringParams.TryGetValue("RelayState", out relayState)) { relayStateParam = "&RelayState=" + relayState; } var signedString = string.Format(CultureInfo.InvariantCulture, "{0}{1}&SigAlg={2}", msgParam, relayStateParam, rawQueryStringParams["SigAlg"]); var sigAlg = request.QueryString["SigAlg"].Single(); XmlHelpers.ValidateSignatureMethodStrength(options.SPOptions.MinIncomingSigningAlgorithm, sigAlg); var signatureDescription = (SignatureDescription)CryptographyExtensions.CreateAlgorithmFromName(sigAlg); var hashAlg = signatureDescription.CreateDigest(); hashAlg.ComputeHash(Encoding.UTF8.GetBytes(signedString)); var signature = Convert.FromBase64String(request.QueryString["Signature"].Single()); if (!idp.SigningKeys.Any(kic => signatureDescription .CreateDeformatter(((AsymmetricSecurityKey)kic.CreateKey()).GetAsymmetricAlgorithm(sigAlg, false)) .VerifySignature(hashAlg, signature))) { throw new InvalidSignatureException(string.Format(CultureInfo.InvariantCulture, "Message from {0} failed signature verification", idp.EntityId.Id)); } }
public static string SignAndEncryptData <T>( T model, string apiSigningKey, string bankKey) where T : class { // Sign data with api private key using (var rsa = RSA.Create()) { RsaExtensions.FromXmlString(rsa, apiSigningKey); var aesParams = CryptographyExtensions.GenerateKey(); var key = Convert.FromBase64String(aesParams[0]); var iv = Convert.FromBase64String(aesParams[1]); var serializedModel = JsonConvert.SerializeObject(model); var dataObject = new { Model = serializedModel, Timestamp = DateTime.UtcNow }; var data = JsonConvert.SerializeObject(dataObject); var signature = Convert.ToBase64String(rsa .SignData(Encoding.UTF8.GetBytes(data), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); // Encrypt with bank public key string encryptedKey; string encryptedIv; using (var encryptionRsa = RSA.Create()) { RsaExtensions.FromXmlString(encryptionRsa, bankKey); encryptedKey = Convert.ToBase64String(encryptionRsa.Encrypt(key, RSAEncryptionPadding.Pkcs1)); encryptedIv = Convert.ToBase64String(encryptionRsa.Encrypt(iv, RSAEncryptionPadding.Pkcs1)); } var encryptedData = Convert.ToBase64String(CryptographyExtensions.Encrypt(data, key, iv)); var json = new { EncryptedKey = encryptedKey, EncryptedIv = encryptedIv, Data = encryptedData, Signature = signature }; var serializedJson = JsonConvert.SerializeObject(json); var request = Convert.ToBase64String(Encoding.UTF8.GetBytes(serializedJson)); return(request); } }
private string SignAndEncryptData(CentralApiSubmitTransferDto model) { using (var rsa = RSA.Create()) { RsaExtensions.FromXmlString(rsa, this.bankConfiguration.Key); var aesParams = CryptographyExtensions.GenerateKey(); var key = Convert.FromBase64String(aesParams[0]); var iv = Convert.FromBase64String(aesParams[1]); var serializedModel = JsonConvert.SerializeObject(model); var dataObject = new { Model = serializedModel, Timestamp = DateTime.UtcNow }; var data = JsonConvert.SerializeObject(dataObject); var signature = Convert.ToBase64String(rsa .SignData(Encoding.UTF8.GetBytes(data), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); string encryptedKey; string encryptedIv; using (var encryptionRsa = RSA.Create()) { RsaExtensions.FromXmlString(encryptionRsa, this.bankConfiguration.CentralApiPublicKey); encryptedKey = Convert.ToBase64String(encryptionRsa.Encrypt(key, RSAEncryptionPadding.Pkcs1)); encryptedIv = Convert.ToBase64String(encryptionRsa.Encrypt(iv, RSAEncryptionPadding.Pkcs1)); } var encryptedData = Convert.ToBase64String(CryptographyExtensions.Encrypt(data, key, iv)); var json = new { BankName = this.bankConfiguration.BankName, BankSwiftCode = this.bankConfiguration.UniqueIdentifier, BankCountry = this.bankConfiguration.Country, EncryptedKey = encryptedKey, EncryptedIv = encryptedIv, Data = encryptedData, Signature = signature }; var jsonRequest = JsonConvert.SerializeObject(json); var encryptedRequest = Convert.ToBase64String(Encoding.UTF8.GetBytes(jsonRequest)); return(encryptedRequest); } }
private static void SMixUnsafe(uint[] B, int Boffset, uint[] Bp, int Bpoffset, uint N, int r) { unsafe { uint Nmask = N - 1; int Bs = 16 * 2 * r; uint *scratch1 = stackalloc uint[16] /*, scratch2 = stackalloc uint[16]*/; uint *scratchX = stackalloc uint[16], scratchY = stackalloc uint[Bs]; uint *scratchZ = stackalloc uint[Bs]; uint *x = stackalloc uint[Bs]; var v = new uint[N][]; for (int i = 0; i < v.Length; i++) { v[i] = new uint[Bs]; } CopyUints(B, Boffset, x, Bs); for (uint i = 0; i < N; i++) { CopyUints(x, v[i], 0, Bs); BlockMix(x, 0, x, 0, scratchX, scratchY, scratch1, /*scratch2,*/ r); } for (uint i = 0; i < N; i++) { uint j = x[Bs - 16] & Nmask; uint[] vj = v[j]; for (int k = 0; k < Bs; k++) { scratchZ[k] = x[k] ^ vj[k]; } BlockMix(scratchZ, 0, x, 0, scratchX, scratchY, scratch1, /*scratch2,*/ r); } CopyUints(x, Bp, Bpoffset, Bs); for (int i = 0; i < v.Length; i++) { v[i].SecureWipe(); } CryptographyExtensions.WipeMemory(x, Bs); CryptographyExtensions.WipeMemory(scratchX, 16); CryptographyExtensions.WipeMemory(scratchY, Bs); CryptographyExtensions.WipeMemory(scratchZ, Bs); CryptographyExtensions.WipeMemory(scratch1, 16); //CryptographyExtensions.WipeMemory(scratch2, 16); } }
private static string AddSignature(string queryString, ISaml2Message message) { string signingAlgorithmUrl = message.SigningAlgorithm; queryString += "&SigAlg=" + Uri.EscapeDataString(signingAlgorithmUrl); var signatureDescription = (SignatureDescription)CryptographyExtensions.CreateAlgorithmFromName(signingAlgorithmUrl); HashAlgorithm hashAlg = signatureDescription.CreateDigest(); hashAlg.ComputeHash(Encoding.UTF8.GetBytes(queryString)); AsymmetricSignatureFormatter asymmetricSignatureFormatter = signatureDescription.CreateFormatter( EnvironmentHelpers.IsNetCore ? message.SigningCertificate.PrivateKey : ((RSACryptoServiceProvider)message.SigningCertificate.PrivateKey) .GetSha256EnabledRSACryptoServiceProvider()); byte[] signatureValue = asymmetricSignatureFormatter.CreateSignature(hashAlg); queryString += "&Signature=" + Uri.EscapeDataString(Convert.ToBase64String(signatureValue)); return(queryString); }
public override ProductBlockchain Create(ProductBlockchain blockchain) { var rand = new Random(); //random integer var currentTime = DateTime.Now; //current date time var word = ""; var last = GetAll().OrderByDescending(x => x.Id).FirstOrDefault(); //get last record hash if exists if (blockchain.ProductId is null) { word = $"{last?.Hash}:{blockchain.Comment}:{currentTime.ToString()}:{rand.ToString()}"; //create new blockchain record } else { word = $"{last?.Hash}:{blockchain.Comment}:{blockchain.ProductId}:{currentTime.ToString()}:{rand.ToString()}"; //forming new blockchain record } blockchain.Hash = CryptographyExtensions.GetHashSha256(word); return(base.Create(blockchain)); }
public async Task <IActionResult> LogIn(LoginModel model) { if (!ModelState.IsValid) { return(View("LogIn")); } var hashedBytes = CryptographyExtensions.HashPasswordSha512(model.Password); var isAuthenticated = await _sql.AuthenticateUser(model.Username, hashedBytes).ConfigureAwait(false); if (!isAuthenticated) { return(View("LogIn")); } var claims = new List <Claim> { new Claim(ClaimTypes.Name, model.Username) }; var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, "login")); await HttpContext.SignInAsync(principal).ConfigureAwait(false); return(Redirect("/Home/RaidEfforts")); }
public void Saml2RedirectBinding_Bind_AddsSignature() { var actual = CreateAndBindMessageWithSignature(); var queryParams = HttpUtility.ParseQueryString(actual.Location.Query); var query = actual.Location.Query.TrimStart('?'); var signedData = query.Split(new[] { "&Signature=" }, StringSplitOptions.None)[0]; var sigalg = queryParams["SigAlg"]; var signatureDescription = (SignatureDescription)CryptographyExtensions .CreateAlgorithmFromName(sigalg); var hashAlg = signatureDescription.CreateDigest(); hashAlg.ComputeHash(Encoding.UTF8.GetBytes(signedData)); var asymmetricSignatureDeformatter = signatureDescription.CreateDeformatter( SignedXmlHelper.TestCert.PublicKey.Key); asymmetricSignatureDeformatter.VerifySignature( hashAlg, Convert.FromBase64String(queryParams["Signature"])) .Should().BeTrue("signature should be valid"); }
public string CreateIv() { return(CryptographyExtensions.GenerateString(16)); }