添加hash验证

2025-11-03 11:55:22 +08:00 · 2025-11-03 11:55:22 +08:00 · 0963b55fe9
commit 0963b55fe9
parent 8e3d97365f
2 changed files with 48 additions and 5 deletions
--- a/PrivateBox/EncryptionService.cs
+++ b/PrivateBox/EncryptionService.cs
@ -1,4 +1,5 @@
 using System.Security.Cryptography;
+using System.Text;

 /// <summary>
 /// 加密解密服务接口
@ -76,9 +77,8 @@ public class AesEncryptionService:IEncryptionService
        byte[] result = new byte[encryptedData.Length + SaltSize];
        Array.Copy(encryptedData,0,result,0,encryptedData.Length);
        Array.Copy(salt,0,result,encryptedData.Length,SaltSize);
-
-        // 转换为Base64返回
-        return Convert.ToBase64String(result);
+        var (base64, hash) = GetHash(result);
+        return $"{base64}${hash}";
    }

    public string Decrypt(string cipherText,string key) {
@ -88,6 +88,20 @@ public class AesEncryptionService:IEncryptionService
        if(string.IsNullOrEmpty(key))
            throw new ArgumentException("密钥不能为空",nameof(key));

+        var result = new StringBuilder();
+        if(!cipherText.Contains("$")) {
+            result.AppendLine("加密值不包含验证");
+        }
+        if(cipherText.Contains("$")) {
+            var sp = cipherText.Split("$");
+            cipherText = sp[0];
+            if(sp.Length < 2 || string.IsNullOrEmpty(sp[1])) {
+                result.AppendLine("存在验证，但是验证码错误！");
+            }
+            if(!ValidateBase64(sp[0],sp[1])) {
+                result.AppendLine("加密验证失败！信息可能被篡改！");
+            }
+        }
        // 1. 转换Base64为字节数组
        byte[] fullData;
        try {
@ -130,9 +144,10 @@ public class AesEncryptionService:IEncryptionService
            using(MemoryStream msDecrypt = new MemoryStream(encryptedData,16,encryptedData.Length - 16))
            using(CryptoStream csDecrypt = new CryptoStream(msDecrypt,decryptor,CryptoStreamMode.Read))
            using(StreamReader srDecrypt = new StreamReader(csDecrypt)) {
-                return srDecrypt.ReadToEnd();
+                result.AppendLine(srDecrypt.ReadToEnd());
            }
        }
+        return result.ToString();
    }

    /// <summary>
@ -147,4 +162,32 @@ public class AesEncryptionService:IEncryptionService
            return deriveBytes.GetBytes(KeySize);
        }
    }
+
+    /// <summary>
+    /// 用于hash验证的key，不可以修改，修改会导致验证失败
+    /// </summary>
+    private readonly string hashKey = "694699FF-7157-4DF2-ACD9-E60CCFCC6007";
+
+    private (string base64, string hash) GetHash(byte[] bytes) {
+        var hk = Encoding.UTF8.GetBytes(hashKey);
+        using var sha256 = new HMACSHA256(hk);
+        byte[] hmacBytes = sha256.ComputeHash(bytes);
+        string hmacStr = BitConverter.ToString(hmacBytes).Replace("-","").ToLower();
+        string base64 = Convert.ToBase64String(bytes);
+        return (base64, hmacStr);
+    }
+
+    private bool ValidateBase64(string base64String,string hash) {
+        try {
+            byte[] decodedData = Convert.FromBase64String(base64String);
+            var hk = Encoding.UTF8.GetBytes(hashKey);
+            using var sha256 = new HMACSHA256(hk);
+            byte[] actualHashBytes = sha256.ComputeHash(decodedData);
+            string actualHash = BitConverter.ToString(actualHashBytes).Replace("-","").ToLower();
+            return actualHash == hash;
+        }
+        catch(FormatException) {
+            return false;
+        }
+    }
 }