C# Online Compiler | .NET Fiddle

<no name> by Anonymous

using System.Security.Cryptography;
using System.Text;
using System.Runtime.CompilerServices;
using System;

var operation = "generate-key";

switch  (operation) 
{
    case "generate-key":
        var key = GenerateKey();
        Console.WriteLine(key);
        break;
    case "compute-hash":
        var hash = ComputeHash(args[1], args[2]);
        Console.WriteLine(hash);
        break;
    case "compare":
        var isMatch = Compare(args[1], args[2], args[3]);
        Console.WriteLine(isMatch);
        break;
    case "compare-framework":
        var isMatchDotNet = CompareFramework(args[1], args[2], args[3]);
        Console.WriteLine(isMatchDotNet);
        break;
    default:
        Console.WriteLine("Invalid command");
        break;
}

static string GenerateKey() 
{
    byte[] randomNumber = new Byte[64];
    
    using (var randomNumberGenerator = RandomNumberGenerator.Create())
    {
        randomNumberGenerator.GetBytes(randomNumber);
        return Convert.ToBase64String(randomNumber);
    }
}

static string ComputeHash(string key, string message) 
{
    using (HMACSHA256 hmac = new HMACSHA256(Convert.FromBase64String(key))) {
        var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
        return Convert.ToBase64String(hash);
    }
}

static bool Compare(string key, string message, string expectedHash) {
    var computedHash = ComputeHash(key, message);
    var computedHashBytes = Convert.FromBase64String(computedHash);
    var expectedHashBytes = Convert.FromBase64String(expectedHash);

    // FixedTimeEquals used to protect against timing attacks
    return CryptographicOperations.FixedTimeEquals(computedHashBytes, expectedHashBytes);
}

static bool CompareFramework(string key, string message, string expectedHash) {
    var computedHash = ComputeHash(key, message);

    // .net framework doesn't provide compare functions that result in the same execution time
    // regardless of result, therefore one needs to be written to protect against timing attacks
    return ConstantTimeStringComapre(computedHash, expectedHash);
}


[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
static bool ConstantTimeStringComapre(string str1, string str2)
{
    if (str1.Length != str2.Length)
        return false;

    int result = 0;

    // ensure all characters are compared regardless of an early mismatch being found such that
    // execution time is as near constant as possible in all scenarios.
    for (int index = 0; index < str1.Length; ++index) {
        // xor the characters in the string to work out if they are equal
        // or the result with the previous character to ensure that any characters that are not equal result in a non-0 result
        // use boolean logic rather than branching, as branching has timing implications
        result |= str1[index] ^ str2[index];
    }
    
    return result == 0;
}

​x
 
using System.Security.Cryptography;
using System.Text;
using System.Runtime.CompilerServices;
using System;
​
var operation = "generate-key";
​
switch  (operation) 
{
    case "generate-key":
        var key = GenerateKey();
        Console.WriteLine(key);
        break;
    case "compute-hash":
        var hash = ComputeHash(args[1], args[2]);
        Console.WriteLine(hash);
        break;
    case "compare":
        var isMatch = Compare(args[1], args[2], args[3]);
        Console.WriteLine(isMatch);
        break;
    case "compare-framework":
        var isMatchDotNet = CompareFramework(args[1], args[2], args[3]);
        Console.WriteLine(isMatchDotNet);
        break;
    default:
        Console.WriteLine("Invalid command");
        break;
}
​
static string GenerateKey() 
{
    byte[] randomNumber = new Byte[64];
    
    using (var randomNumberGenerator = RandomNumberGenerator.Create())
    {
        randomNumberGenerator.GetBytes(randomNumber);
        return Convert.ToBase64String(randomNumber);
    }
}
​
static string ComputeHash(string key, string message) 
{
    using (HMACSHA256 hmac = new HMACSHA256(Convert.FromBase64String(key))) {
        var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
        return Convert.ToBase64String(hash);
    }
}
​
static bool Compare(string key, string message, string expectedHash) {
    var computedHash = ComputeHash(key, message);
    var computedHashBytes = Convert.FromBase64String(computedHash);
    var expectedHashBytes = Convert.FromBase64String(expectedHash);
​
    // FixedTimeEquals used to protect against timing attacks
    return CryptographicOperations.FixedTimeEquals(computedHashBytes, expectedHashBytes);
}
​
static bool CompareFramework(string key, string message, string expectedHash) {
    var computedHash = ComputeHash(key, message);
​
    // .net framework doesn't provide compare functions that result in the same execution time
    // regardless of result, therefore one needs to be written to protect against timing attacks
    return ConstantTimeStringComapre(computedHash, expectedHash);
}
​
​
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
static bool ConstantTimeStringComapre(string str1, string str2)
{
    if (str1.Length != str2.Length)
        return false;
​
    int result = 0;
​
    // ensure all characters are compared regardless of an early mismatch being found such that
    // execution time is as near constant as possible in all scenarios.
    for (int index = 0; index < str1.Length; ++index) {
        // xor the characters in the string to work out if they are equal
        // or the result with the previous character to ensure that any characters that are not equal result in a non-0 result
        // use boolean logic rather than branching, as branching has timing implications
        result |= str1[index] ^ str2[index];
    }
    
    return result == 0;
}

Ingrese la cantidad de garrafones a comprar :

Cached Result
Last Run:	1:43:18 am
Compile:	0.11s
Execute:	0s
Memory:	32kb
CPU:	0s

View IL Code