admin管理员组

文章数量:1404923

We can calculate a hmac with CryptoJS.HmacSHA256(message, key)

But I want to implement it with the formula Sha256( concat ( key xor opad, Sha256( concat( key xor ipad, message ) )

I did the following

const key   = "e9058ab198f6908f702111b0c0fb5b36f99d00554521886c40e2891b349dc7a1";
const ipad  = "3636363636363636363636363636363636363636363636363636363636363636";
const opad  = "5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c";
const mess  = "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824";

const alpha = "b559d6edc4aaccd32c7d4dec9ca7076aa5c15c09197dd4301cbed54768c19bfd"; // key xor opad
const beta  = "df33bc87aec0a6b946172786f6cd6d00cfab36637317be5a76d4bf2d02abf197"; // key xor ipad

const hmac  = CryptoJS.SHA256( alpha + String ( CryptoJS.SHA256( ( beta + mess ) ) ) ) ;

But it doesnt work, any help ?

for example, with the code below I found
hmac = "594b7b8b1dea8dd016c1702c5b2d8b75ba20d744423b08e8897f02454000abad"

but the real one is : "fc7e0b4417a84790035480f97f9a792d8328a497039ae483b4b85197c008669e" and it's calculated with CryptoJS.HmacSHA256(CryptoJS.enc.Hex.parse(mess), key))

We can calculate a hmac with CryptoJS.HmacSHA256(message, key)

But I want to implement it with the formula Sha256( concat ( key xor opad, Sha256( concat( key xor ipad, message ) )

I did the following

const key   = "e9058ab198f6908f702111b0c0fb5b36f99d00554521886c40e2891b349dc7a1";
const ipad  = "3636363636363636363636363636363636363636363636363636363636363636";
const opad  = "5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c";
const mess  = "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824";

const alpha = "b559d6edc4aaccd32c7d4dec9ca7076aa5c15c09197dd4301cbed54768c19bfd"; // key xor opad
const beta  = "df33bc87aec0a6b946172786f6cd6d00cfab36637317be5a76d4bf2d02abf197"; // key xor ipad

const hmac  = CryptoJS.SHA256( alpha + String ( CryptoJS.SHA256( ( beta + mess ) ) ) ) ;

But it doesnt work, any help ?

for example, with the code below I found
hmac = "594b7b8b1dea8dd016c1702c5b2d8b75ba20d744423b08e8897f02454000abad"

but the real one is : "fc7e0b4417a84790035480f97f9a792d8328a497039ae483b4b85197c008669e" and it's calculated with CryptoJS.HmacSHA256(CryptoJS.enc.Hex.parse(mess), key))

  • javascript
  • node.js
  • cryptography
  • cryptojs
Share Improve this question edited Apr 6, 2022 at 11:25 Topaco 49.8k4 gold badges45 silver badges80 bronze badges asked Apr 5, 2022 at 5:51 besbessadbesbessad 131 gold badge1 silver badge3 bronze badges 2
  • Why do you want to implement the HMAC yourself, existing implementations are usually more secure. Or is this a homework/out of interest? Then a look at the CryptoJS implementation of HMAC might help (since you seem to want to use CryptoJS). – Topaco Commented Apr 5, 2022 at 6:51
  • I dont necessary have to use CryptoJS. I wanted to implement HMAC to see how it works really. – besbessad Commented Apr 5, 2022 at 8:02
Add a ment  | 

1 Answer 1

Reset to default 0

The reference implementation CryptoJS.HmacSHA256(CryptoJS.enc.Hex.parse(mess), key)) generates an HMAC using the SHA256 digest. Thereby the message is hex decoded and the key UTF8 encoded. The UTF8 encoding results in a key of 64 bytes, which is exactly the block size of SHA256. Therefore neither padding with 0x00 values to 64 bytes nor hashing with SHA256 is necessary.

In your code I mean to see the following problems: Nowhere are the different encodings taken into account, which are crucial for the result. Also, it seems to me that the block size of SHA256 has not been considered properly or at all. And as for the XOR operation, it can be easily done with CryptoJS, no other tool is needed.

The calculation of HMAC can be performed in three steps:

  1. determination of (K xor opad) and (K xor ipad).
  2. determination of P = H( (K xor ipad) || M )
  3. determination of HMAC = H( (K xor opad) || P ), which corresponds to the final result.

All steps can be done with CryptoJS. Thereby crypto-js/src/hmac.js is a helpful blueprint. Note that CryptoJS works internally with WordArrays. Regarding the XOR operation, this means that words are processed, i.e. iterated over 64/4 = 16 words.

A possible implementation is:

// Key is UTF8 encoded 64 bytes -> no padding / no hashing required
const key = "e9058ab198f6908f702111b0c0fb5b36f99d00554521886c40e2891b349dc7a1"
const mess  = "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824";

// Step 1: determine K xor opad (oKeyWA), K xor ipad (iKeyWA)
//
var hasherBlockSizeBytes = 64; // in bytes
var hasherBlockSize = hasherBlockSizeBytes/4; // in words
var keyWA = CryptoJS.enc.Utf8.parse(key);
var oKeyWA = keyWA.clone();
var iKeyWA = keyWA.clone();
var oKeyWords = oKeyWA.words;
var iKeyWords = iKeyWA.words;
for (var i = 0; i < hasherBlockSize; i++) {
    oKeyWords[i] ^= 0x5c5c5c5c;
    iKeyWords[i] ^= 0x36363636;
}

// Step 2: determine P = H( (K xor ipad) || M )
//
var messWA = CryptoJS.enc.Hex.parse(mess); 
var iKeyMessWA = iKeyWA.concat(messWA); 
var iKeyMessHashWA = CryptoJS.SHA256(iKeyMessWA);

// Step 3: determine HMAC = H ( (K xor opad) || P) 
// 
var oKeyiKeyMessHashWA = oKeyWA.concat(iKeyMessHashWA);
var hmacWA = CryptoJS.SHA256(oKeyiKeyMessHashWA);
document.getElementById("hmac").innerHTML = hmacWA.toString(CryptoJS.enc.Hex);

// Comparison with built-in function
var hmacDirectWA = CryptoJS.HmacSHA256(messWA, keyWA);
document.getElementById("hmacDir").innerHTML = hmacDirectWA.toString(CryptoJS.enc.Hex);
<script src="https://cdnjs.cloudflare./ajax/libs/crypto-js/4.1.1/crypto-js.min.js">
</script>
<p style="font-family:'Courier New', monospace;" id="hmac"></p>
<p style="font-family:'Courier New', monospace;" id="hmacDir"></p>

本文标签: javascriptHow to implement hmacSHA256 with Javascipt using CryptoJSStack Overflow

版权声明:本文标题:javascript - How to implement hmacSHA256 with Javascipt using CryptoJS - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744866545a2629377.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。