A C# .Net HMAC implementation from a node.js method

So I need to create a HMAC validation method in C# but the example I've been given is in node.js.

My initial attempts have not worked. Can anyone help?

Here's the node.js example given:

function verifyAuthorizationTokenHTTP(messageBody, expectedAuthToken) {
    const tokenKey= "e1uTy /blki9cNQPblQMBQ=="; //base64 encoded Guid
    const tokenKeyBinary = Buffer.from(tokenKey, 'base64');

    const hmac = crypto.createHmac('sha256', tokenKeyBinary);
    hmac.update(messageBody);
    const hashInBase64 = hmac.digest('base64');

    return hashInBase64 === expectedAuthToken;
}

And here's my C# equivalent:

public bool VerifyAuthorizationTokenHTTP(string msgBody, string expectedAuthToken)
{
    string tokenKey = "e1uTy /blki9cNQPblQMBQ==";
    var tokenKeyBinary = Encoding.UTF8.GetBytes(tokenKey);
    
    using HMAC hmac = new HMACSHA256(tokenKeyBinary);
    var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(msgBody));
    var hashInBase64 = Convert.ToBase64String(hash);
    
    return hashInBase64 == expectedAuthToken;
}

What am I doing wrong?

TIA

Update

Test data:

string AuthenticationToken = "e1uTyu/blki9cNQPblQMBQ==";
string expectedAuthToken = "ZYP5sZmXqqO9Qj3rAIh/vkOiKwGHcrHubTDPXaQiKZk=";
string messageBody = @"{""siteId"":""NOOlxt3rRruQuEciW6DyCg"",""type"":""HEARTBEAT"",""time"":""2023-11-04T09:08:03.539Z""}";

Test result

hashInBase64 = "maiNj4i24SdSudX1olun6vhww6Q6S7HJYIK6eWOz48k="

NOTES

expectedAuthToken is generated by a third party (the creators of the node.js example function that is scant on detail along with the rest of their documentation). They generate the authtoken using hmac using the messageBody, based on a key from AuthenticationToken, which we send to them. I've taken the test values from the Auth header of an incoming webhook request.

CodePudding user response：

As nodejs version uses bas64 for key encoding your C# version should be like this:

static void Main(string[] args)
    {
        string tokenKey = "e1uTy /blki9cNQPblQMBQ==";
        byte[] tokenKeyBinary = Convert.FromBase64String(tokenKey);
        using var hmac = new HMACSHA256(tokenKeyBinary);
        var hash = hmac.ComputeHash( System.Text.Encoding.UTF8.GetBytes(@"{""siteId"":""NOOlxt3rRruQuEciW6DyCg"",""type"":""HEARTBEAT"",""time"":""2023-11-04T09:08:03.539Z""}"));
        var hashInBase64 = Convert.ToBase64String(hash);
        hashInBase64.Dump();
    }

DotnetFiddle

StackBlitz

CodePudding user response：

Maybe expectedAuthToken is not base64(maybe it is hex),ensure that the type of expectedauth and hashInbase64 are same If you want to use hmac in c# try this snipt:

 private string GetHMAC(string text, string key)
{
    var bytekey = Encoding.UTF8.GetBytes(key);

    using (var hmacsha256 = new HMACSHA256(bytekey))
    {
        var hash = hmacsha256.ComputeHash(Encoding.UTF8.GetBytes(text));
        return BitConverter.ToString(hash).Replace("-", "");
    }

}

At final the result is hex of hash, but if you wanna the base64 change the return to Convert.ToBase64String(hash);