Search code examples
c#php.netsecuritysha

C# HMACSHA256 gives different result than PHP hash_hmac


I have the following code in php: demo

function generateHash($hashSecret,$postData) {
    ksort($postData);

        $message="";
        $appendAmp=0;
    foreach($postData as $key => $value) {
            if (strlen($value) > 0) {
                if ($appendAmp == 0) {
                    $message .= $key . '=' . $value;
                    $appendAmp = 1;
                } else {
                    $message .= '&' . $key . "=" . $value;
                }
            }
        }

    $secret = pack('H*', $hashSecret);

    return hash_hmac('sha256', $message, $secret);
}

$postData = array(
    "cardNum" =>  "5123456789012346",
    "cardExp" =>  2105,
    "cardCVC" =>  123,
    "holderName" => "John Doe",
    "mobileNumber" => "20100000000000"
);

$secureHash= 'C0DF9A7B3819968807A9D4E48D0E65C6';

$hashSecret = generateHash($secureHash,$postData);

echo $hashSecret;

//output 6975f8f502e5972722a6d8760cc558e7867f36a312a5d336c4ba983dcfb81691 //and the following demo in c#

public static void Main()
{
    Console.Write(CreateToken("cardCVC=123&cardExp=2105&cardNum=5123456789012346&holderName=John Doe&mobileNumber=20100000000000","C0DF9A7B3819968807A9D4E48D0E65C6"));
}

 private static string CreateToken(string message, string secret)
{
  var encoding = new System.Text.UTF8Encoding();
  byte[] keyByte = encoding.GetBytes(secret);
  byte[] messageBytes = encoding.GetBytes(message);
  using (var hmacsha256 = new HMACSHA256(keyByte))
  {
    byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
    return BitConverter.ToString(hashmessage).Replace("-","");
  }
}

//output: 26FFE2E29513304F96D444CB69210657B4E44E837B7C8E8947C667B344594F18 demo I need to modify my c# code to match the value generated from php

Update: I have tried online sha generators and it give my the c# result


Solution

  • After many trials I have found that the PHP pack('H*', $hashSecret) making the result differ so I have added the below method:

    public static byte[] Pack(string key)
    {
        key = key.Replace("-", "");
        byte[] raw = new byte[key.Length / 2];
        for (int i = 0; i < raw.Length; i++)
        {
            raw[i] = Convert.ToByte(key.Substring(i * 2, 2), 16);
        }
        return raw;
    }