MATLAB Answers

Goryn
0

Why the encryption doesn't work correctly? (SHA-256, HMAC-SHA-512)

Asked by Goryn
on 15 Feb 2019
Latest activity Edited by Jan
on 18 Feb 2019
Accepted Answer by Jan
1) We have determined input:
challenge = 'c100b894-1729-464d-ace1-52dbce11db42';
apiSecret = '7zxMEF5p/Z8l2p2U7Ghv6x14Af+Fx+92tPgUdVQ748FOIrEoT9bgT+bTRfXc5pz8na+hL/QdrCVG7bh9KpT0eMTm';
2) We need to receive an expected output:
signed_output = '4JEpF3ix66GA2B+ooK128Ift4XQVtc137N9yeg4Kqsn9PI0Kpzbysl9M1IeCEdjg0zl00wkVqcsnG4bmnlMb3A==';
3) Here are steps of how we should encrypt it:
  1. Hash the challenge with the SHA-256 algorithm
  2. Base64-decode your api_secret
  3. Use the result of step 2 to hash the result of step 1 with the HMAC-SHA-512 algorithm
  4. Base64-encode the result of step 3
My code:
import matlab.net.*
% 1. Hash the challenge with the SHA-256 algorithm
hash_digest = DataHash(challenge, struct('Method','SHA-256'));
% 2. Base64-decode your api_secret
secret_decoded = base64decode(apiSecret);
% 3. Use the result of step 2 to hash the result of step 1 with the HMAC-SHA-512 algorithm
hmac_digest = HMAC(secret_decoded,hash_digest,'SHA-512');
% 4. Base64-encode the result of step 3
signed_output = base64encode(hmac_digest);
I am using these functions:
The result is wrong. Could you please help me to fix it?

  3 Comments

This is not encryption , this is authentication . There is an important difference in that if it were encryption then due to the laws of the USA we would not be able to permit the discussion to take place here. The legal rules about authentication are not the same so discussion is permitted .
@Walter: You are correct and thank you for mention this again. After all these years I'm still astonished about this difference. It is legal to publish code, which creates e.g. a 128 bit Hash for a certain input. If I create a hash over a key and use the HMAC method to obtain the hash over the complete string, this is legal also. But as soon as I store the intermediate results of the hashing for each block, it is a strong encryption with a 128 bit key and the publishing of the method in executable form is prohibitted by the US export laws. This means, calculating a hash of a complete text is fine, but splitting the text to 128 bit blocks and calling hashing tool blockwise while storing the output is evil.
I'm not getting tired to mention, that e.g. the publication of the AES algorithm is allowed in printed form, e.g. as PDF, because then it is covered by the freedom of speech, see e.g. https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf . As far as I know, a discussion is legal also, as long as it does not contain executable code. But finally even executable code is allowed, as long as the owner of the web service has a written certificate from the US government. See e.g. https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/archived-crypto-projects/aes-development : Running C code for 256 bit AES encryption directly from NIST.gov .
I still believe that MathWorks must have such a certificate, because Matlab is shipped with tools needed for a strong encryption - as all browsers and mail software is also.
When I concatenate the ASCII code of 3 lines of Java code and find a prime number, which starts with these digits, would this be an illegal prime number? We have 2019. You can find the AES code in official places in the net for over 20 years now. It is time to adjust the laws.
Outputing hashes is fine under USA law, since hashes cannot be reversed to give original data.
A number of years ago someone posted a "Wheat and Chaff" process that showed that the distinction between encryption and authentication was not entirely meaningful, provided that you were willing to send N useless packets for every valid packet, but nothing changed.

Sign in to comment.

1 Answer

Answer by Jan
on 15 Feb 2019
Edited by Jan
on 18 Feb 2019
 Accepted Answer

Your call of DataHash creates the hash considering the class of the obejct. You want to get the hash for the values only.
challenge = 'c100b894-1729-464d-ace1-52dbce11db42';
Opt.Method = 'SHA-256';
Opt.Input = 'ascii'; % Use the contents only and only 8 bits
hash_digest = DataHash(challenge, Opt)
% Compare with:
DataHash(challenge, struct('Method','SHA-256'))
% Note that this considers the class and dimensions of the input also:
DataHash(challenge.', struct('Method','SHA-256'))
% ^^ other result for transposed input!!!
By the way, DataHash is an overkill here. Leaner:
Engine = java.security.MessageDigest.getInstance('SHA-256');
Engine.update(uint8(challenge(:)));
Hash = typecast(Engine.digest, 'uint8')
And for HMAC:
BlockSize = 128; % 64 for: MD5, SHA-1, SHA-256
KeySize = numel(Key);
Key = uint8(Key); % Hash it if it is longer than BlockSize
ipad(1:BlockSize) = uint8(54); % 0x36
ipad(1:KeySize) = bitxor(uint8(54), Key);
opad(1:BlockSize) = uint8(92); % 0x5c
opad(1:KeySize) = bitxor(uint8(92), Key);
Engine2 = java.security.MessageDigest.getInstance('SHA-512');
Engine2.update(ipad);
Engine2.update(uint8(Msg));
iHash = typecast(Engine2.digest, 'uint8');
Engine2.update(opad);
Engine2.update(iHash);
HMAC = typecast(Engine2.digest, 'uint8');

  2 Comments

Thank you for the answer, but this doesn't work either:
import matlab.net.*
% 1. Hash the challenge with the SHA-256 algorithm
Opt.Method = 'SHA-256';
Opt.Input = 'ascii';
hash_digest = DataHash(challenge, Opt);
% 2. Base64-decode your api_secret
secret_decoded = base64decode(apiSecret);
% 3. Use the result of step 2 to hash the result of step 1 with the HMAC-SHA-512 algorithm
hmac_digest = HMAC(secret_decoded,hash_digest,'SHA-512');
% 4. Base64-encode the result of step 3
signed_output = base64encode(hmac_digest);
@Goryn:
% 1. Hash the challenge with the SHA-256 algorithm
Opt.Method = 'SHA-256';
Opt.Input = 'ascii';
Opt.Format = 'double'; % You want the bytes, not the HEX code
hash_digest = DataHash(challenge, Opt);
secret_decoded = matlab.net.base64decode(apiSecret);
hmac_digest = HMAC(secret_decoded,hash_digest,'SHA-512');
% Again: The bytes, not the hex codes:
hmac_byte = sscanf(hmac_digest, '%2x');
signed_output = matlab.net.base64encode(hmac_bytes)
% '4JEpF3ix66GA2B+ooK128Ift4XQVtc137N9yeg4Kqsn9PI0Kpzbysl9M1IeCEdjg0zl00wkVqcsnG4bmnlMb3A=='
Do not confuse hex strings and byte values. 'E0' is something completely different than 224.

Sign in to comment.