public string GetToken( [FromRoute] string userId, [FromRoute] string challengeId) { using (var hash = SHA256.Create()) { var seed = hash.ComputeHash(Encoding.ASCII.GetBytes(userId + challengeId + "GetEncryptedToken")); var plainText = Encoding.ASCII.GetBytes(TokenHelper.GetSecretTokenUser(seed)); //#Q_ if (challengeId == PaddingOracleController.debugFlag) { plainText = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, }; } var plainTextWithMac = this.paddingOracleManger.ApplyMac( plainText, seed); // change seed to make independant encryption key seed[0] ^= 255; var ciphertext = this.paddingOracleManger.EncryptCbc( plainTextWithMac, seed, true); return(HexHelper.HexFromByteArray(ciphertext)); } }
public string ComputeMac([FromRoute] string userId, [FromRoute] string challengeId) { if (!Regex.IsMatch(userId, UserIdPattern)) { return("Invalid userId. UserId should contains only alphabetical and numerical symbols!"); } var key = this.GetSecretKey(userId, challengeId); var message = Encoding.ASCII.GetBytes($"user={userId};"); var mac = SHA1.Create().ComputeHash(key.Concat(message).ToArray()); return(HexHelper.HexFromByteArray(mac)); }