private string GenerateAppSecretProof(string accessToken) { var key = Encoding.ASCII.GetBytes(Options.AppSecret); var tokenBytes = Encoding.ASCII.GetBytes(accessToken); var hash = HMACSHA256.HashData(key, tokenBytes); var builder = new StringBuilder(); for (int i = 0; i < hash.Length; i++) { builder.Append(hash[i].ToString("x2", CultureInfo.InvariantCulture)); } return(builder.ToString()); }
SignatureByteSize; // Signature tag public static string Encrypt(string plainText, string passPhrase) { // Salt is randomly generated each time, but is prepended to encrypted cipher text // so that the same Salt value can be used when decrypting. byte[] iv = SecureRandom.Instance.GetBytes(AesBlockByteSize); byte[] encryptionKeySalt = SecureRandom.Instance.GetBytes(PasswordSaltByteSize); byte[] encryptionKey = DerivateKey(passPhrase, encryptionKeySalt); // Encrypt the plain text. using var aes = CreateAES(encryptionKey); byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText); byte[] cipherTextBytes = aes.EncryptCbc(plainTextBytes, iv); // Authenticate. byte[] authKeySalt = SecureRandom.Instance.GetBytes(PasswordSaltByteSize); byte[] authKey = DerivateKey(passPhrase, authKeySalt); byte[] result = MergeArrays(additionalCapacity: SignatureByteSize, encryptionKeySalt, iv, authKeySalt, cipherTextBytes); byte[] authCode = HMACSHA256.HashData(authKey, result[..^ SignatureByteSize]);
protected override int HashDataOneShot(ReadOnlySpan <byte> key, ReadOnlySpan <byte> source, Span <byte> destination) => HMACSHA256.HashData(key, source, destination);
protected override byte[] HashDataOneShot(ReadOnlySpan <byte> key, ReadOnlySpan <byte> source) => HMACSHA256.HashData(key, source);
protected override byte[] HashDataOneShot(byte[] key, byte[] source) => HMACSHA256.HashData(key, source);