All geek questions in one place

Different HMAC_SHA256 functions in classic ASP give different results

Somehow I need to create a hash in classic ASP, which is equivalent to PHP after the function exits:

$hash = hash_hmac('SHA256', $message, pack('H*', $secret));

where $message = 'stackoverflow'; $secret = '1234567890ABCDEF';. I tried quite a few approaches on the Internet, but none match the PHP result:

bcb3452cd48c0f9048e64258ca24d0f3399563971d4a5dcdc531a7806b059e36

Method 1: Using dvim_brix_crypto-js-master_VB.asp online (using CrytoJS)

Function mac256(ent, key) 
    Dim encWA
    Set encWA = ConvertUtf8StrToWordArray(ent)
    Dim keyWA
    Set keyWA = ConvertUtf8StrToWordArray(key)
    Dim resWA
    Set resWA = CryptoJS.HmacSHA256(encWA, key)
    Set mac256 = resWA
End Function

Function ConvertUtf8StrToWordArray(data)
    If (typename(data) = "String") Then
        Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data)
    Elseif (typename(data) = "JScriptTypeInfo") Then
        On error resume next
        'Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data.toString(CryptoJS.enc.Utf8)) 
        Set ConvertUtf8StrToWordArray = CryptoJS.lib.WordArray.create().concat(data) 'Just assert that data is WordArray
        If Err.number>0 Then
            Set ConvertUtf8StrToWordArray = Nothing
        End if
        On error goto 0
    Else
        Set ConvertUtf8StrToWordArray = Nothing
    End if
End Function

The script can be found here . This method gives:

c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c

Method 2: Pure Classic ASP Approach

Public Function HMAC_SHA256(prmKey, prmData)
    Dim theKey : theKey = prmKey
    Dim Block_Size, O_Pad, I_Pad
    Block_Size = 64
    O_Pad = 92 'HEX: 5c'
    I_Pad = 54 'HEX: 36'

    Dim iter, iter2
    If Len(theKey) < Block_Size Then
        For iter = 1 to Block_Size - Len(theKey)
            theKey = theKey & chr(0)
        Next
    ElseIf Len(theKey) > Block_Size Then
        theKey = SHA256(theKey)
    End If

    Dim o_key_pad : o_key_pad = ""
    Dim i_key_pad : i_key_pad = ""
    For iter = 1 to Block_Size
        o_key_pad = o_key_pad & Chr(Asc(Mid(theKey,iter,1)) xor O_Pad)
        i_key_pad = i_key_pad & Chr(Asc(Mid(theKey,iter,1)) xor I_Pad)
    Next

    HMAC_SHA256 = SHA256(o_key_pad & SHA256(i_key_pad & prmData))
End Function
result = HMAC_SHA256(secret, message)

This method gives:

bc0511316791176484c7d80bc8faaecd8388b75fb97516181ba6b361fd032531

Method 3: Use Amazon AWS sha256.wsc (using CrytoJS)

Dim sha
Set sha = GetObject( "script:" & Server.MapPath("sha256.wsc") )
sha.hexcase = 0
result = sha.b64_hmac_sha256(secret, message)

WSC can be found here . This method gives (the same result as method 1):

c8375cf0c0db721ecc9c9b3a034284117d778ee8594285196c41d5020917f78c

, - pack(), . pack() ASP:

Dim key2, hexarr, binstr
key2 = "12 34 56 78 90 AB CD EF"
hexarr = Split(key2)
ReDim binarr(UBound(hexarr))

For i = 0 To UBound(hexarr)
  binarr(i) = Chr(CInt("&h" & hexarr(i)))
Next

binstr = Join(binarr, "")

key2 - , 2 . secret binstr, :

Method 1: 8ab9e595eab259acb10aa18df7fdf0ecc5ec593f97572d3a4e09f05fdd3aeb8f
Method 2: d23fcafb41d7b581fdae8c2a4a65bc3b19276a4bd367eda9e8e3de43b6a4d355
Method 3: 8ab9e595eab259acb10aa18df7fdf0ecc5ec593f97572d3a4e09f05fdd3aeb8f

PHP. ?

+4
2

.

Microsoft.Net Framework 2.0 ( Windows Server 2003 R2) Com Interops.

, .

'Returns Byte(), UTF-8 bytes of unicode string
Function Utf8Bytes(text)
    With Server.CreateObject("System.Text.UTF8Encoding")
        Utf8Bytes = .GetBytes_4(text)
    End With
End Function

'Returns String, sequential hexadecimal digits per byte
'data As Byte()
Function BinToHex(data)
    With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
        .dataType = "bin.hex"
        .nodeTypedValue = data
        BinToHex = .text
    End With
End Function

'Returns Byte(), a keyed hash generated using SHA256 method
'data As String, key As Byte()
Function HashHmacSha256(data, key)
    With Server.CreateObject("System.Security.Cryptography.HMACSHA256")
        .Key = key
        HashHmacSha256 = .ComputeHash_2(UTF8Bytes(data))
    End With
End Function

'Returns Byte(), of a packed hexadecimal string
'instead of PHP pack('H*'
Function HexToBin(data)
    With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
        .dataType = "bin.hex"
        .text = data
        HexToBin = .nodeTypedValue
    End With
End Function

packed_secret = HexToBin("1234567890ABCDEF")
message = "stackoverflow"
binary_hash = HashHmacSha256(message, packed_secret)
string_hash = BinToHex(binary_hash)

Response.Write string_hash
+4

, , HMAC MD5, SHA1, SHA256, SHA384 SHA512 System.Security.Cryptography asp hex, base64, . .

javascript PHP, , PHP. , HMAC ASP:

'// HMAC FUNCTIONS 

'// To compute a HMAC using a secret key, call:
'// hash_hmac("secret", "message", "hashing algorithm", outputType)

'// Hashing algorithms supported are MD5 / SHA1 / SHA256 / SHA384 / SHA512

'// The output types are:
'// 1 = hexadecimal string
'// 2 = base64 string
'// 3 = byte array
'// 4 = raw bytes

'// response.write hash_hmac("the shared secret key here", "the message to hash here", "SHA256", 1)

'// EXPECTED: 4643978965ffcec6e6d73b36a39ae43ceb15f7ef8131b8307862ebc560e7f988
'// RETURNED: 4643978965ffcec6e6d73b36a39ae43ceb15f7ef8131b8307862ebc560e7f988

'// response.write hash_hmac("the shared secret key here", "the message to hash here", "SHA256", 2)

'// EXPECTED: RkOXiWX/zsbm1zs2o5rkPOsV9++BMbgweGLrxWDn+Yg=
'// RETURNED: RkOXiWX/zsbm1zs2o5rkPOsV9++BMbgweGLrxWDn+Yg=

function get_hmac_obj(ByVal alg)

    select case uCase(alg)

        case "MD5"
            get_hmac_obj = "HMACMD5"
        case "SHA1","SHA128"
            get_hmac_obj = "HMACSHA1"
        case "SHA3","SHA384"
            get_hmac_obj = "HMACSHA384"
        case "SHA2","SHA256"
            get_hmac_obj = "HMACSHA256"
        case "SHA5","SHA512"
            get_hmac_obj = "HMACSHA512"
        case else
            get_hmac_obj = "HMACSHA1"

    end select

end function

function stringToUTFBytes(ByVal aString) 

    Dim UTF8 : Set UTF8 = CreateObject("System.Text.UTF8Encoding") 
        stringToUTFBytes = UTF8.GetBytes_4(aString) 
    set UTF8 = nothing

end function

function hash_hmac(ByVal secret, ByVal message, ByVal alg, ByVal outputType)

    if vartype(secret) = 8 then secret = stringToUTFBytes(secret)
    if vartype(message) = 8 then message = stringToUTFBytes(message)

    Dim hAlg, hb64, hBytes, pos

    Set hAlg = CreateObject("System.Security.Cryptography." & get_hmac_obj(alg))

        hAlg.Initialize() 
        hAlg.key = secret

        hBytes = hAlg.ComputeHash_2((message))  

        select case outputType

            case 1

                '// Output a hexadecimal string

                For pos = 1 To Lenb(hBytes)
                    hash_hmac = hash_hmac & LCase(Right("0" & Hex(Ascb(Midb(hBytes,pos,1))),2))
                Next

            case 2

                '// Output a base64 string

                Set hb64 = CreateObject("MSXML2.DomDocument").CreateElement("b64")

                    hb64.dataType = "bin.base64"
                    hb64.nodeTypedValue = hBytes
                    hash_hmac = hb64.Text 

                Set hb64 = nothing

            case 3

                '// Output a byte array

                For pos = 1 To Lenb(hBytes)
                    hash_hmac = hash_hmac & Ascb(Midb(hBytes,pos,1))
                    if NOT pos = Lenb(hBytes) then hash_hmac = hash_hmac & ","
                Next

                hash_hmac = split(hash_hmac,",")

            case 4

                '// Output the raw bytes

                hash_hmac = hBytes

        end select

    set hAlg = nothing

end function
-1

Source: https://habr.com/ru/post/1660744/

More articles:


All Articles