public int ZJ_Hmac_SM3(string key, string secret, string unix_timestamp, string request_body, out string value)
{
try
{
var stringToSign = $"{unix_timestamp}\n{ request_body}";
byte[] msg1 = Encoding.UTF8.GetBytes(stringToSign);
byte[] key1 = Encoding.UTF8.GetBytes(secret);
Org.BouncyCastle.Crypto.Parameters.KeyParameter keyParameter = new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key1);
Org.BouncyCastle.Crypto.Digests.SM3Digest sm3 = new Org.BouncyCastle.Crypto.Digests.SM3Digest();
Org.BouncyCastle.Crypto.Macs.HMac mac = new Org.BouncyCastle.Crypto.Macs.HMac(sm3);//带密钥的杂凑算法
mac.Init(keyParameter);
mac.BlockUpdate(msg1, 0, msg1.Length);
byte[] result = new byte[mac.GetMacSize()];
mac.DoFinal(result, 0);
value = new UTF8Encoding().GetString(Org.BouncyCastle.Utilities.Encoders.Hex.Encode(result));
return(0);
}
catch (Exception ex)
{
value = ex.Message;
return(1);
}
}
/// <summary>
///
/// </summary>
/// <param name="key"></param>
/// <param name="data"></param>
/// <returns></returns>
public static byte[] HMACSHA256(byte[] key, byte[] data)
{
var mac = new Org.BouncyCastle.Crypto.Macs.HMac(new Org.BouncyCastle.Crypto.Digests.Sha256Digest());
mac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key));
mac.BlockUpdate(data, 0, data.Length);
byte[] result = new byte[mac.GetMacSize()];
mac.DoFinal(result, 0);
return(result);
}
public static byte[] HmacSha512(string text, string key)
{
byte[] bytes = System.Text.Encoding.UTF8.GetBytes(text);
Org.BouncyCastle.Crypto.Macs.HMac hmac = new Org.BouncyCastle.Crypto.Macs.HMac(new Org.BouncyCastle.Crypto.Digests.Sha512Digest());
hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(System.Text.Encoding.UTF8.GetBytes(key)));
byte[] result = new byte[hmac.GetMacSize()];
hmac.BlockUpdate(bytes, 0, bytes.Length);
hmac.DoFinal(result, 0);
return(result);
}
/// <summary>
/// 哈希计算
/// </summary>
/// <param name="data">输入字符串</param>
/// <param name="key">密钥KEY</param>
/// <param name="digest"></param>
/// <returns>哈希值</returns>
public static byte[] Compute(string data, byte[] key, IDigest digest)
{
if (string.IsNullOrEmpty(data))
{
throw new ArgumentNullException(nameof(data));
}
var keyParameter = new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key);
var input = Encoding.UTF8.GetBytes(data);
IMac mac = new Org.BouncyCastle.Crypto.Macs.HMac(digest);
mac.Init(keyParameter);
mac.BlockUpdate(input, 0, input.Length);
return(MacUtilities.DoFinal(mac));
}
/// <summary>
/// Creates a signature value given a signature base and the consumer secret and a known token secret.
/// </summary>
/// <a href="http://oauth.net/core/1.0#rfc.section.9.2"/>
/// <param name="signatureMethod">The hashing method</param>
/// <param name="signatureTreatment">The treatment to use on a signature value</param>
/// <param name="signatureBase">The signature base</param>
/// <param name="consumerSecret">The consumer secret</param>
/// <param name="tokenSecret">The token secret</param>
/// <returns></returns>
public static string GetSignature(OAuthSignatureMethod signatureMethod,
OAuthSignatureTreatment signatureTreatment,
string signatureBase,
string consumerSecret,
string tokenSecret)
{
if (string.IsNullOrEmpty(tokenSecret))
{
tokenSecret = String.Empty;
}
consumerSecret = UrlEncodeRelaxed(consumerSecret);
tokenSecret = UrlEncodeRelaxed(tokenSecret);
var key = string.Format("{0}&{1}", consumerSecret, tokenSecret);
string signature;
switch (signatureMethod)
{
case OAuthSignatureMethod.HmacSha1:
{
var keyData = _encoding.GetBytes(key);
#if USE_BOUNCYCASTLE
var digest = new Org.BouncyCastle.Crypto.Digests.Sha1Digest();
var crypto = new Org.BouncyCastle.Crypto.Macs.HMac(digest);
crypto.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(keyData));
signature = signatureBase.HashWith(crypto);
#else
using (var digest = new System.Security.Cryptography.HMACSHA1(keyData))
signature = signatureBase.HashWith(digest);
#endif
break;
}
case OAuthSignatureMethod.PlainText:
{
signature = key;
break;
}
default:
throw new NotImplementedException("Only HMAC-SHA1 is currently supported.");
}
var result = signatureTreatment == OAuthSignatureTreatment.Escaped
? UrlEncodeRelaxed(signature)
: signature;
return(result);
}
// http://crypto.stackexchange.com/questions/5646/what-are-the-differences-between-a-digital-signature-a-mac-and-a-hash
// Integrity: Can the recipient be confident that the message has not been accidentally modified?
// Authentication: Can the recipient be confident that the message originates from the sender?
// Non-repudiation: If the recipient passes the message and the proof to a third party,
// can the third party be confident that the message originated from the sender?
// Cryptographic primitive | Hash | MAC | Digital
// Security Goal | | | signature
// ------------------------+------+-----------+-------------
// Integrity | Yes | Yes | Yes
// Authentication | No | Yes | Yes
// Non-repudiation | No | No | Yes
// ------------------------+------+-----------+-------------
// Kind of keys | none | symmetric | asymmetric
// | | keys | keys
static JsonWebToken()
{
JsonSerializer = new DefaultJsonSerializer();
UnixEpoch = new System.DateTime(1970, 1, 1, 0, 0, 0, 0, System.DateTimeKind.Utc);
// https://stackoverflow.com/questions/10055158/is-there-a-json-web-token-jwt-example-in-c
// https://stackoverflow.com/questions/34403823/verifying-jwt-signed-with-the-rs256-algorithm-using-public-key-in-c-sharp
// http://codingstill.com/2016/01/verify-jwt-token-signed-with-rs256-using-the-public-key/
HashAlgorithms = new System.Collections.Generic.Dictionary <JwtHashAlgorithm, GenericHashFunction_t>
{
{ JwtHashAlgorithm.None, delegate(JwtKey key, byte[] value)
{ throw new TokenAlgorithmRefusedException(); } },
{ JwtHashAlgorithm.HS256, delegate(JwtKey key, byte[] value)
{
// using (HMACSHA256 sha = new HMACSHA256(key.MacKeyBytes)) { return sha.ComputeHash(value); }
Org.BouncyCastle.Crypto.Macs.HMac hmac =
new Org.BouncyCastle.Crypto.Macs.HMac(
new Org.BouncyCastle.Crypto.Digests.Sha256Digest()
);
hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key.MacKeyBytes));
byte[] result = new byte[hmac.GetMacSize()];
hmac.BlockUpdate(value, 0, value.Length);
hmac.DoFinal(result, 0);
return(result);
} },
// { JwtHashAlgorithm.HS384, delegate(byte[] key, byte[]value) { using (HMACSHA384 sha = new HMACSHA384(key)) { return sha.ComputeHash(value); } } },
{ JwtHashAlgorithm.HS384, delegate(JwtKey key, byte[] value)
{
// using (HMACSHA384 sha = new HMACSHA384(key.MacKeyBytes)) { return sha.ComputeHash(value); }
Org.BouncyCastle.Crypto.Macs.HMac hmac =
new Org.BouncyCastle.Crypto.Macs.HMac(
new Org.BouncyCastle.Crypto.Digests.Sha384Digest()
);
hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key.MacKeyBytes));
byte[] result = new byte[hmac.GetMacSize()];
hmac.BlockUpdate(value, 0, value.Length);
hmac.DoFinal(result, 0);
return(result);
} },
{ JwtHashAlgorithm.HS512, delegate(JwtKey key, byte[] value)
{
// using (HMACSHA512 sha = new HMACSHA512(key.MacKeyBytes)) { return sha.ComputeHash(value); }
Org.BouncyCastle.Crypto.Macs.HMac hmac =
new Org.BouncyCastle.Crypto.Macs.HMac(
new Org.BouncyCastle.Crypto.Digests.Sha512Digest()
);
hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key.MacKeyBytes));
byte[] result = new byte[hmac.GetMacSize()];
hmac.BlockUpdate(value, 0, value.Length);
hmac.DoFinal(result, 0);
return(result);
} },
{ JwtHashAlgorithm.RS256, delegate(JwtKey key, byte[] value)
{
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withRSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
} },
{ JwtHashAlgorithm.RS384, delegate(JwtKey key, byte[] value)
{
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-384withRSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
} },
{
JwtHashAlgorithm.RS512
, delegate(JwtKey key, byte[] value)
{
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-512withRSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
}
},
// https://github.com/mono/mono/tree/master/mcs/class/referencesource/System.Core/System/Security/Cryptography
// https://github.com/mono/mono/blob/master/mcs/class/referencesource/System.Core/System/Security/Cryptography/ECDsaCng.cs
// https://github.com/mono/mono/blob/master/mcs/class/referencesource/System.Core/System/Security/Cryptography/ECDsa.cs
// ECDsaCng => next generation cryptography
// Is just a wrapper around ncrypt, plus some constructors throw on mono/netstandard... in short - horrible thing
{ JwtHashAlgorithm.ES256, delegate(JwtKey key, byte[] value) {
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
} },
{ JwtHashAlgorithm.ES384, delegate(JwtKey key, byte[] value) {
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-384withECDSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
} },
{ JwtHashAlgorithm.ES512, delegate(JwtKey key, byte[] value) {
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-512withECDSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
} },
};
} // End Constructor
