CryptoJS (HMAC Sha256) giving incorrect output?

StackOverflow https://stackoverflow.com/questions/17929107

  •  04-06-2022
  •  | 
  •  

문제

Let me start by saying I'm no expert in cryptography algorithms...

I am trying to build a method which formats an HTTP header for Windows Azure - and this header requires part of its message to be encrypted via HMAC with SHA256 (and then also base64 encoded).

I chose to use CryptoJS because it's got an active user community.

First, my code:

_encodeAuthHeader : function (url, params, date) {
    //http://msdn.microsoft.com/en-us/library/windowsazure/dd179428
    var canonicalizedResource = '/' + this.getAccountName() + url;

    /*
     StringToSign = Date + "\n" + CanonicalizedResource
     */
    var stringToSign = date + '\n' + canonicalizedResource;
    console.log('stringToSign >> ' + stringToSign)

    var encodedBits = CryptoJS.HmacSHA256(stringToSign, this.getAccessKey());
    console.log('encodedBits >> ' + encodedBits);

    var base64Bits = CryptoJS.enc.Base64.stringify(encodedBits);
    console.log('base64Bits >> ' + base64Bits);

    var signature = 'SharedKeyLite ' + this.getAccountName() + ':' + base64Bits;
    console.log('signature >> ' + signature);

    return signature;
},

The method successfully returns a "signature" with the appropriate piece encrypted/encoded. However, Azure complains that it's not formatted correctly.

Some example output:

stringToSign >> Mon, 29 Jul 2013 16:04:20 GMT\n/senchaazurestorage/Tables

encodedBits >> 6723ace2ec7b0348e1270ccbaab802bfa5c1bbdddd108aece88c739051a8a767

base64Bits >> ZyOs4ux7A0jhJwzLqrgCv6XBu93dEIrs6IxzkFGop2c=

signature >> SharedKeyLite senchaazurestorage:ZyOs4ux7A0jhJwzLqrgCv6XBu93dEIrs6IxzkFGop2c=

Doing some debugging, I am noticing that CryptoJS is not returning the same value (HMAC with SHA256) as alternative implementations. For example, the string "Mon, 29 Jul 2013 16:04:20 GMT\n/senchaazurestorage/Tables" appears as:

  • "6723ace2ec7b0348e1270ccbaab802bfa5c1bbdddd108aece88c739051a8a767" via CryptoJS
  • "faa89f45ef029c63d04b8522d07c54024ae711924822c402b2d387d05398fc9f" via PHP hash_hmac('sha256', ... )

Digging even deeper, I'm seeing that most HMAC/SHA265 algorithms return data which matches the output from PHP... am I missing something in CryptoJS? Or is there a legitimate difference?

도움이 되었습니까?

해결책

As I mentioned in my first comment, the newline ("\n") was causing problems. Escaping that ("\ \n", without the space inbetween) seems to have fixed the inconsistency in HMAC/SHA256 output.

I'm still having problems with the Azure HTTP "Authorization" header, but that's another issue.

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top