Skip to content
This repository was archived by the owner on Jan 22, 2025. It is now read-only.
This repository was archived by the owner on Jan 22, 2025. It is now read-only.

HMAC.finalize( word_array ) doesn't appear to update properly? #62

Description

@ramses0
       const triplesec = require('triplesec');
       const HMAC = triplesec.HMAC;
        ...snip...
        getSecretKey() {
                let secret_key = new triplesec.WordArray( this.secret );
                let plaintext = new triplesec.WordArray(
                        this.id + "|" + this.name
                );
                console.log( 'secret_key: ', secret_key );
                console.log( 'plaintext: ', plaintext );

                let hm = new HMAC( secret_key );
                console.log( 'hm: ', hm );

                let out = hm.finalize( plaintext );
                console.log( 'out: ', out );
                return out.to_hex().substring( 0, 10 );
        }

let x = new module.exports( "one", "two", "three" );
console.log( x );
console.log( x.getSecretKey() );

console.log( '-----------------------------------------' );

let y = new module.exports( "four", "five", "six" );
console.log( y );
console.log( y.getSecretKey() );

Maybe this is a real dumb issue, but I'm finding it impossible to get the above code to work (simple HMAC signing).

{ id: 'one', name: 'two', secret: 'three' }
secret_key:  WordArray { words: 'three', sigBytes: 20 }
plaintext:  WordArray { words: 'one|two', sigBytes: 28 }
hm:  HMAC {
  key: WordArray { words: 'three', sigBytes: 20 },
  hasher:
   SHA512 {
     _data: WordArray { words: [], sigBytes: 0 },
     _nDataBytes: 128,
     _hash: X64WordArray { sigBytes: 64, words: [Array] } },
  hasherBlockSize: 32,
  hasherBlockSizeBytes: 128,
  _oKey: WordArray { words: 'three', sigBytes: 128 },
  _iKey: WordArray { words: 'three', sigBytes: 128 } }
out:  WordArray {
  words:
   [ 1547129211,
     439626697,
     306711733,
     2734092130,
     -1219207254,
     357078697,
     -1089194041,
     580722509,
     -157960372,
     4031738300,
     1144976117,
     79357941,
     1308807098,
     4134728090,
     446849896,
     -2016523090 ],
  sigBytes: 64 }
5c37517b1a
-----------------------------------------
{ id: 'four', name: 'five', secret: 'six' }
secret_key:  WordArray { words: 'six', sigBytes: 12 }
plaintext:  WordArray { words: 'four|five', sigBytes: 36 }
hm:  HMAC {
  key: WordArray { words: 'six', sigBytes: 12 },
  hasher:
   SHA512 {
     _data: WordArray { words: [], sigBytes: 0 },
     _nDataBytes: 128,
     _hash: X64WordArray { sigBytes: 64, words: [Array] } },
  hasherBlockSize: 32,
  hasherBlockSizeBytes: 128,
  _oKey: WordArray { words: 'six', sigBytes: 128 },
  _iKey: WordArray { words: 'six', sigBytes: 128 } }
out:  WordArray {
  words:
   [ 1547129211,
     439626697,
     306711733,
     2734092130,
     -1219207254,
     357078697,
     -1089194041,
     580722509,
     -157960372,
     4031738300,
     1144976117,
     79357941,
     1308807098,
     4134728090,
     446849896,
     -2016523090 ],
  sigBytes: 64 }
5c37517b1a

I've been through the project README's, the CODA docs, the hmac.iced code, etc. and am able to get EXACTLY the same thing working via node's built-in crypto (which unfortunately doesn't work in the browser). I'm smart enough about crypto that I know I should be using HMAC for digest validation (not MD5/SHA) but what is going on here? Why isn't "triplesec" working the way I think it should? I've already got it working it working with triplesec.encrypt, triplesec.decrypt, new triplesec.Buffer( key / ciphertext ), etc. but I am going mad trying to figure out how I'm incorrectly calling this HMAC function!!?

$ yarn list | grep triple
warning package.json: No license field
warning No license field
├─ triplesec@3.0.26
        const crypto = require('crypto');
        // server side only!!! :_(
        getSecretKeyNodeServer() {
                const hmac = crypto.createHmac( 'sha256', this.secret );
                hmac.update( this.id + "|" + this.name );
                let out = hmac.digest('hex').substring(0,10);
                return out;
        }

let z = new module.exports( "one", "two", "three" );
console.log( z );
console.log( z.getSecretKeyNodeServer() );

console.log( '-----------------------------------------' );

let a = new module.exports( "four", "five", "six" );
console.log( a );
console.log( a.getSecretKeyNodeServer() );

...and the "somewhat proper" output I'm expecting for use of crypto / HMAC / signing.

{ id: 'one', name: 'two', secret: 'three' }
8aaa5db897
-----------------------------------------
{ id: 'four', name: 'five', secret: 'six' }
7a395acafe
```

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions