public string GetToken(
[FromRoute] string userId,
[FromRoute] string challengeId)
{
using (var hash = SHA256.Create())
{
var seed = hash.ComputeHash(Encoding.ASCII.GetBytes(userId + challengeId + "GetEncryptedToken"));
var plainText = Encoding.ASCII.GetBytes(TokenHelper.GetSecretTokenUser(seed));
//#Q_
if (challengeId == PaddingOracleController.debugFlag)
{
plainText = new byte[]
{
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
};
}
var plainTextWithMac = this.paddingOracleManger.ApplyMac(
plainText,
seed);
// change seed to make independant encryption key
seed[0] ^= 255;
var ciphertext = this.paddingOracleManger.EncryptCbc(
plainTextWithMac,
seed,
true);
return(HexHelper.HexFromByteArray(ciphertext));
}
}
public string ComputeMac([FromRoute] string userId, [FromRoute] string challengeId)
{
if (!Regex.IsMatch(userId, UserIdPattern))
{
return("Invalid userId. UserId should contains only alphabetical and numerical symbols!");
}
var key = this.GetSecretKey(userId, challengeId);
var message = Encoding.ASCII.GetBytes($"user={userId};");
var mac = SHA1.Create().ComputeHash(key.Concat(message).ToArray());
return(HexHelper.HexFromByteArray(mac));
}
