Sign in to follow this  
Followers 0
JoshDB

HMAC SHA512 hash not yielding 'correct' values

7 posts in this topic

Hi all, I need to generate an HMAC hash using SHA512 according to a certain API's specs and the only HMAC example I've seen () does not work as I need it do, even adapting it from a 64-bit blocksize to 512 and adding Ward's_SHA512 UDF.

I've tried the following:

Func _HashHMAC512($key, $message)
$key = _StringRepeat("0", 512 - StringLen($key)) & $key ; keys shorter than blocksize are zero-padded ('?' is concatenation)

$o_key_pad = BitXOR(0x5c * 512, $key) ; Where blocksize is that of the underlying hash function
$i_key_pad = BitXOR(0x36 * 512, $key) ; Where ? is exclusive or (XOR)

Return _SHA512($o_key_pad & _SHA512($i_key_pad & $message))
EndFunc

But, of course, it doesn't work (I suspect I'm doing something very blatantly wrong, but as I lack fundamental understanding about binary and hex number formats I can't see what's the issue right off the top of my head.)

Note: in my case $key will always by 68 characters long so it will always prepend the leading zeroes.

As a litmus test, I need to hash the message 1239348906120181 with the key ba63a816f030cefeea4803cd593569ce23f3815d0cc8c56d9194df6226dca2f0f48239698bc68991cfac387449b07b0f722f6f3df761dbc1fe8894dd65ff00b2 and receive 2610740031eeab61bbe6cd3f08daa6186ff0d59f5ec045dbb0e194fea8998b4f3d1da9aae0f718f8c126d6418302e081d68a82f0576eb266b68f26dc3459b62f as the output.

I've been working on this for the past 4-odd hours now, to no avail. I really, really don't want to have to restart my project in python or php or somesuch... or, for that matter, write the hash function in js, python, or php and somehow bootleg that single function's results into my au3 project. I would greatly appreciate any help from ye wise ents, even if it's just a nudge in the right direction.


Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite

Share this post


Link to post
Share on other sites

I believe that thread stated you needed to pad the string with Chr(0), not the number 0.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Ah, I've fiddled around along that train of thought and don't see any results, sorry. Maybe I'm doing it wrong, but then again that post also says to not to use Chr() but rather to stick with binary values. That's how the accepted solution does it, I just don't see why it's not working with the blocksize increased to 512 and the Call() replaced with straight _SHA512 calls.

e.g.

Func _HashHMAC512($key, $message)
    Local $blocksize = 512
    Local $a_opad[$blocksize], $a_ipad[$blocksize]
    Local Const $oconst = 0x5C, $iconst = 0x36
    Local $opad = Binary(''), $ipad = Binary('')
    $key = Binary($key)
    If BinaryLen($key) > $blocksize Then $key = _SHA512($key)
    For $i = 1 To BinaryLen($key)
        $a_ipad[$i-1] = Number(BinaryMid($key, $i, 1))
        $a_opad[$i-1] = Number(BinaryMid($key, $i, 1))
    Next
    For $i = 0 To $blocksize - 1
        $a_opad[$i] = BitXOR($a_opad[$i], $oconst)
        $a_ipad[$i] = BitXOR($a_ipad[$i], $iconst)
    Next
    For $i = 0 To $blocksize - 1
        $ipad &= Binary('0x' & Hex($a_ipad[$i],2))
        $opad &= Binary('0x' & Hex($a_opad[$i],2))
    Next
    Return _SHA512($$opad & _SHA512($$ipad & Binary($message)))
EndFunc

Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite

Share this post


Link to post
Share on other sites

What the thread said was to not use the character 0, which is not saying don't use Chr(0), it's saying don't use the number 0. Chr(0) IS the binary zero, 00000000 in binary, 0x00000000 in hex and Chr(0) are all equivalent.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

I'm sorry, but your advice just isn't helping me. I don't understand what you're trying to get at, because I've tried padded with Chr(0) to no avail. Would I need to couple padding Chr(0)s with Binary($key), as well? Why didn't the accepted solution use this method or, indeed, pad at all? I haven't used AutoIt for an intensive task like this since about 2007, just lightweight automation, so am a bit rusty.


Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite

Share this post


Link to post
Share on other sites

Did you ever figure this one out?

Share this post


Link to post
Share on other sites

JoshDB,

Are you sure about your input (text data and hex key)? I ask because HashCalc doesn't give the result you expect either.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • AlwaysLearning
      By AlwaysLearning
      Hello,
      I have been struggling with this for nearly 20 hours, and I just cannot seem to figure out the formatting for the header request.
      To test this, you will need to use this api key I set up for your testing purposes. (note, I sent tracexx a direct message about this as I didn't realize I could limit API restrictions until just now, so I am now hoping on of you may have the answer on hand)
      I need to be able to GET balance and POST orders.
      Right now, I can't get past the 401/403 errors on my own.
      I believe the Content is formatted for JSON, but using the JSON format didn't work for me ( although that may be because I'm an idiot and formatted something wrong).
      I want to get:
      GET balance page POST delete order page Here is a temporary API key + Secret API key with only the "View Balance Page" and "Delete Order" functions enabled:
      Access-key: tq6GeUrEvfxyF-LG
      Secret Access-Key: cZlz75K1wb8-Ed67pRaXvUWTPW6RTH9q

      Here is the site's API guide (I followed this closely and doubt the error is there): https://coincheck.com/documents/exchange/api#libraries
       
      And here is running source code (needs those keys inputted) which will hash the above keys to the required HMAC SHA256:
      #include <Crypt.au3> #include<WinHttp.au3> Global Const $CALG_SHA_256 = 0x0000800c ;; ===== $api = "/api/accounts/balance" $accessNonCE = _TimeGetStamp() $url = "https://coincheck.com/api/accounts/balance" $body = "" WinHTTP($url, $body) Func WinHTTP($sUrl, $sBody) Local $hOpen = _WinHttpOpen() Local $hConnect = _WinHttpConnect($hOpen, "https://coincheck.com/api/accounts/balance") ; Specify the reguest: ;Local $hRequest = _WinHttpOpenRequest($hConnect, Default, $sApi) $accessKey = "" ;; Add the key from above $secretKey = "" ;; Add the secret key from above $message = $accessNonCE & $sUrl $BinarySignature = HMAC($secretKey, $message) $signature = _Base64Encode($BinarySignature) ;Encode signature Local $hRequest = _WinHttpOpenRequest($hConnect, "GET") _WinHttpAddRequestHeaders($hRequest, 'ACCESS-KEY: '&$accessKey) _WinHttpAddRequestHeaders($hRequest, 'ACCESS-NONCE: '&$accessNonCE) _WinHttpAddRequestHeaders($hRequest, 'ACCESS-SIGNATURE: '&$signature) ; Send request _WinHttpSendRequest($hRequest) ; Wait for the response _WinHttpReceiveResponse($hRequest) Local $sHeader = _WinHttpQueryHeaders($hRequest) ; ...get full header Local $sData = _WinHttpReadData($hRequest) ; Clean _WinHttpCloseHandle($hRequest) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) ; Display retrieved data MsgBox(0, "Data", $sData) EndFunc Func sha256($message) Return _Crypt_HashData($message, $CALG_SHA_256) EndFunc Func HMAC($key, $message, $hash="sha256") Local $blocksize = 64 Local $a_opad[$blocksize], $a_ipad[$blocksize] Local Const $oconst = 0x5C, $iconst = 0x36 Local $opad = Binary(''), $ipad = Binary('') $key = Binary($key) If BinaryLen($key) > $blocksize Then $key = Call($hash, $key) For $i = 1 To BinaryLen($key) $a_ipad[$i-1] = Number(BinaryMid($key, $i, 1)) $a_opad[$i-1] = Number(BinaryMid($key, $i, 1)) Next For $i = 0 To $blocksize - 1 $a_opad[$i] = BitXOR($a_opad[$i], $oconst) $a_ipad[$i] = BitXOR($a_ipad[$i], $iconst) Next For $i = 0 To $blocksize - 1 $ipad &= Binary('0x' & Hex($a_ipad[$i],2)) $opad &= Binary('0x' & Hex($a_opad[$i],2)) Next Return Call($hash, $opad & Call($hash, $ipad & Binary($message))) EndFunc Func _TimeGetStamp() Local $av_Time $av_Time = DllCall('CrtDll.dll', 'long:cdecl', 'time', 'ptr', 0) If @error Then SetError(99) Return False EndIf Return $av_Time[0] EndFunc Func _Base64Encode($input) $input = Binary($input) Local $struct = DllStructCreate("byte[" & BinaryLen($input) & "]") DllStructSetData($struct, 1, $input) Local $strc = DllStructCreate("int") Local $a_Call = DllCall("Crypt32.dll", "int", "CryptBinaryToString", _ "ptr", DllStructGetPtr($struct), _ "int", DllStructGetSize($struct), _ "int", 1, _ "ptr", 0, _ "ptr", DllStructGetPtr($strc)) If @error Or Not $a_Call[0] Then Return SetError(1, 0, "") ; error calculating the length of the buffer needed EndIf Local $a = DllStructCreate("char[" & DllStructGetData($strc, 1) & "]") $a_Call = DllCall("Crypt32.dll", "int", "CryptBinaryToString", _ "ptr", DllStructGetPtr($struct), _ "int", DllStructGetSize($struct), _ "int", 1, _ "ptr", DllStructGetPtr($a), _ "ptr", DllStructGetPtr($strc)) If @error Or Not $a_Call[0] Then Return SetError(2, 0, ""); error encoding EndIf Return DllStructGetData($a, 1) EndFunc ;==>_Base64Encode
       
    • Danyfirex
      By Danyfirex
      Hello guys. Here is a small function to create a hash hmac  similar to hash_hmac PHP function.  
      Supported are: SHA512,SHA256,SHA1,SHA384,MD5 and RIPEMD160.
       
      Local $sSecret = "SecretKey" Local $sMessage = "AutoIt Rocks!!!" ConsoleWrite("HMAC-SHA256: " & @TAB & @TAB & _HashHMAC("SHA512", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-SHA256: " & @TAB & @TAB & _HashHMAC("SHA256", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-SHA1: " & @TAB & @TAB & _HashHMAC("SHA1", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-SHA384: " & @TAB & @TAB & _HashHMAC("SHA384", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-MD5: " & @TAB & @TAB & _HashHMAC("MD5", $sMessage, $sSecret) & @CRLF) ConsoleWrite("HMAC-RIPEMD160: " & @TAB & _HashHMAC("RIPEMD160", $sMessage, $sSecret) & @CRLF) Func _HashHMAC($sAlgorithm, $bData, $bKey, $bRaw_Output = False) Local $oHashHMACErrorHandler = ObjEvent("AutoIt.Error", "_HashHMACErrorHandler") Local $oHMAC = ObjCreate("System.Security.Cryptography.HMAC" & $sAlgorithm) If @error Then SetError(1, 0, "") $oHMAC.key = Binary($bKey) Local $bHash = $oHMAC.ComputeHash_2(Binary($bData)) Return SetError(0, 0, $bRaw_Output ? $bHash : StringLower(StringMid($bHash, 3))) EndFunc ;==>_HashHMAC Func _HashHMACErrorHandler($oError) ;Dummy Error Handler EndFunc ;==>_HashHMACErrorHandler It requires .NET Framework  2.0 or higher.
      Saludos
    • Graeme
      By Graeme
      I was looking for a way to calculate the sha512 value of files downloaded and eventually came across crypt.au3 in my include folder. It looks good but when I looked at the global constants the three values for Sha 2 are commented out. Is there a reason for that or should these be made available?