* * *

Author Topic: [SOLVED] GEt a keyed SHA256 hash from string  (Read 1843 times)

torbente

  • Full Member
  • ***
  • Posts: 225
[SOLVED] GEt a keyed SHA256 hash from string
« on: June 01, 2018, 08:08:03 pm »
Sometime ago, getmem gracefully help me a lot in this topic:
https://forum.lazarus.freepascal.org/index.php/topic,39821.msg274338.html#msg274338

Now, i need the same, but using SHA256, so this is what im doing: (using dcpcrypt2)

Code: Pascal  [Select]
  1. function GetSignature(const AText, AKey: String): String;
  2. var
  3.   SHA256: TDCP_sha256;
  4.   AB: array[0..31] of byte;
  5.   I: Integer;
  6. begin
  7.   Result := '';
  8.   SHA256 := TDCP_sha256.Create(nil);
  9.   try
  10.     SHA256.Init;
  11.     SHA256.UpdateStr(AText + AKey);
  12.     SHA256.Final(AB);
  13.     for I := 0 to 31 do
  14.       Result := Result + IntToHex(AB[i], 2);
  15.   finally
  16.     SHA256.Free;
  17.   end;
  18. end;

But im receiving the "Signature for this request is not valid." message ALWAYS.

I used this page to test my code:
https://www.freeformatter.com/hmac-generator.html

And im getting different hashes. Any idea?
« Last Edit: June 20, 2018, 03:09:08 am by torbente »

Gammatester

  • Jr. Member
  • **
  • Posts: 54
Re: GEt a keyed SHA256 hash from string
« Reply #1 on: June 01, 2018, 08:49:59 pm »
You are not using a valid HMAC construction: HMAC is not HASH(Text+Key).

Actually it is HMAC(key,text) = hash((const1 xor key) || hash((const2 xor key) || text)) , see http://www.wolfgang-ehrhardt.de/hash_intro.html.

Xor-el

  • Full Member
  • ***
  • Posts: 150
Re: GEt a keyed SHA256 hash from string
« Reply #2 on: June 01, 2018, 08:59:57 pm »
If you want to calculate hmac, you can use HashLib4Pascal
https://github.com/Xor-el/HashLib4Pascal

Gammatester

  • Jr. Member
  • **
  • Posts: 54
Re: GEt a keyed SHA256 hash from string
« Reply #3 on: June 01, 2018, 10:08:06 pm »
Here is a complete test program for HMAC compiled with http://www.wolfgang-ehrhardt.de/crc_hash_2018-01-01.zip
Code: Pascal  [Select]
  1. uses
  2.   hash,hmac,hmacsha2,mem_util;
  3. const
  4.   akey = 'Key';
  5. const
  6.   atext: ansistring = 'Message';
  7. var
  8.   ctx: THMAC_Context;
  9.   mac: TSHA256Digest;
  10. begin
  11.   hmac_SHA256_inits(ctx, akey);
  12.   hmac_SHA256_updateXL(ctx, @atext[1], length(atext));
  13.   hmac_SHA256_final(ctx,mac);
  14.   writeln(HexStr(@mac, sizeof(mac)));
  15. end.
Code: [Select]
D:\Work\CRC_HASH>D:\FPC304\bin\i386-win32\fpc.exe -b THMACSHA.PAS
Free Pascal Compiler version 3.0.4 [2017/10/06] for i386
Copyright (c) 1993-2017 by Florian Klaempfl and others
Target OS: Win32 for i386
Compiling THMACSHA.PAS
Linking THMACSHA.exe
14 lines compiled, 0.1 sec, 30848 bytes code, 1764 bytes data

D:\Work\CRC_HASH>THMACSHA.exe
507285548137b5424eb5572c46496631b7ade8e88ac323c529fa142def26ffa1

and verified with your online-calculator.

torbente

  • Full Member
  • ***
  • Posts: 225
Re: GEt a keyed SHA256 hash from string
« Reply #4 on: June 01, 2018, 11:54:10 pm »
I used it and worked

Code: Pascal  [Select]
  1. function getsha256signature(StringToSign , mykey:string):string;
  2. var
  3.   LHMAC: IHMAC;
  4. begin
  5. LHMAC := THashFactory.THMAC.CreateHMAC(THashFactory.TCrypto.CreateSHA2_256);
  6. LHMAC.Key := TConverters.ConvertStringToBytes(MyKey, TEncoding.UTF8);
  7. getsha256signature := LHMAC.ComputeString(StringToSign, TEncoding.UTF8).ToString();
  8. end;


 but my app start crashing, probably due to this previous function i had:

Code: Pascal  [Select]
  1. function GetTimestamp():string;
  2. Begin
  3. GetTimestamp := inttostr(Trunc((Now - EncodeDate(1970, 1 ,1)) * 24 * 60 * 60));
  4. end;

ANy idea if this can be done with dcpcrypt?

If you want to calculate hmac, you can use HashLib4Pascal
https://github.com/Xor-el/HashLib4Pascal

@Gammatester i will try your code. Thanks!!
« Last Edit: June 02, 2018, 12:18:39 am by torbente »

Xor-el

  • Full Member
  • ***
  • Posts: 150
Re: GEt a keyed SHA256 hash from string
« Reply #5 on: June 02, 2018, 12:57:52 am »
I used it and worked

Code: Pascal  [Select]
  1. function getsha256signature(StringToSign , mykey:string):string;
  2. var
  3.   LHMAC: IHMAC;
  4. begin
  5. LHMAC := THashFactory.THMAC.CreateHMAC(THashFactory.TCrypto.CreateSHA2_256);
  6. LHMAC.Key := TConverters.ConvertStringToBytes(MyKey, TEncoding.UTF8);
  7. getsha256signature := LHMAC.ComputeString(StringToSign, TEncoding.UTF8).ToString();
  8. end;


 but my app start crashing, probably due to this previous function i had:

Code: Pascal  [Select]
  1. function GetTimestamp():string;
  2. Begin
  3. GetTimestamp := inttostr(Trunc((Now - EncodeDate(1970, 1 ,1)) * 24 * 60 * 60));
  4. end;

ANy idea if this can be done with dcpcrypt?

If you want to calculate hmac, you can use HashLib4Pascal
https://github.com/Xor-el/HashLib4Pascal

@Gammatester i will try your code. Thanks!!

don't know why your code is crashing but HashLib4Pascal is obviously not the cause.
can you upload your code so we can check the cause of the crash?

torbente

  • Full Member
  • ***
  • Posts: 225
Re: GEt a keyed SHA256 hash from string
« Reply #6 on: June 02, 2018, 07:50:02 am »
Code: Pascal  [Select]
  1. don't know why your code is crashing but HashLib4Pascal is obviously not the cause.
  2. can you upload your code so we can check the cause of the crash?
I think HashLib4Pascal is obviously the cause; i removed it from my project and i had no more troubles since then. IF your are the library developer, check why it crashes with my custom timestamp function (if i remove GetTimestamp function, then getsha256signature works and the app do not crash)
Anyway, im cleaning my code to see if something else could be wrong.
« Last Edit: June 02, 2018, 08:11:02 am by torbente »

Xor-el

  • Full Member
  • ***
  • Posts: 150
Re: GEt a keyed SHA256 hash from string
« Reply #7 on: June 02, 2018, 11:56:41 am »
Code: Pascal  [Select]
  1. don't know why your code is crashing but HashLib4Pascal is obviously not the cause.
  2. can you upload your code so we can check the cause of the crash?
I think HashLib4Pascal is obviously the cause; i removed it from my project and i had no more troubles since then. IF your are the library developer, check why it crashes with my custom timestamp function (if i remove GetTimestamp function, then getsha256signature works and the app do not crash)
Anyway, im cleaning my code to see if something else could be wrong.
Yes I am the library developer.
I suggest you upload a small reproducible project where it crashes so we can help you out.

torbente

  • Full Member
  • ***
  • Posts: 225
Re: GEt a keyed SHA256 hash from string
« Reply #8 on: June 02, 2018, 12:54:40 pm »
I could send you the entire project by private. So you coudl check if it is something with your library.

Xor-el

  • Full Member
  • ***
  • Posts: 150
Re: GEt a keyed SHA256 hash from string
« Reply #9 on: June 02, 2018, 01:02:33 pm »
I could send you the entire project by private. So you coudl check if it is something with your library.
Please Go ahead.
« Last Edit: June 02, 2018, 01:05:15 pm by Xor-el »

Landslyde

  • Full Member
  • ***
  • Posts: 158
Re: GEt a keyed SHA256 hash from string
« Reply #10 on: June 08, 2018, 07:28:55 am »
It'd be nice to know how this turned out.
Linux Mint 19
Lazarus 1.8.4
FPC 3.0.4

Xor-el

  • Full Member
  • ***
  • Posts: 150
Re: GEt a keyed SHA256 hash from string
« Reply #11 on: June 08, 2018, 10:28:03 am »
It'd be nice to know how this turned out.

So after some investigations, it was discovered that it was a bug in his own code when parsing floating points.
It was not related to HashLib4Pascal or DCPCrypt for that matter.
The bug was not even related to his custom timestamp function.
« Last Edit: June 08, 2018, 10:29:46 am by Xor-el »

torbente

  • Full Member
  • ***
  • Posts: 225
Re: GEt a keyed SHA256 hash from string
« Reply #12 on: June 20, 2018, 03:08:24 am »
Yes, it was a lack of error handlers in my code. I implemented all the necessary handlers and i had no more errors. Thanks  Xor-el for your time  :)

Xor-el

  • Full Member
  • ***
  • Posts: 150
Re: GEt a keyed SHA256 hash from string
« Reply #13 on: June 20, 2018, 09:07:33 am »
Yes, it was a lack of error handlers in my code. I implemented all the necessary handlers and i had no more errors. Thanks  Xor-el for your time  :)

You are welcome, glad you finally fixed it.

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus