Your Digital Media Has Never Looked So Good

 
wshirley
Topic Author
Posts: 11
Joined: Tue Jul 16, 2019 8:13 am

Stuck using HMAC

Fri Sep 06, 2019 9:58 am

I'm debugging code by working through an Amazon AWS S3 "Put" example.  I'm at a step where I need to run an HMAC SHA256 hash.  In the AWS example, they express it as:

HMAC-SHA256("AWS4" + "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY","20130524")

and the result, in HEX format should be:

969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d

I'm using the following code (to no avail):


  HMAC = createobject("roHMAC")
  ba = createobject("roByteArray")
  ba.FromAsciiString("AWS" + "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY")  'this is the "key" that AWS uses in the example
  if HMAC.Setup("sha256", ba) = 0  'this if group of code is based on the example code in Rokus documentation
    message1 = CreateObject("roByteArray")
    message2 = CreateObject("roByteArray")    
    messageStr1 = "AWS4" + "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
    message1.fromAsciiString(messageStr1)
    HMAC.Update(message1)
    message2.FromAsciiString("20130524")
    HMAC.Update(message2)
    DateKey = HMAC.final()
? DateKey.ToHexString()


I'm getting this result:
8AE94D64B5C24455E4C0508F2AD8AA036BAE46B6469DCE6599F035B2AFFD11CB

Can anyone point me in the right direction?  I've tried running the code with only message2, (wondering if the "setup" command might be seeding the function with the key?) but that doesn't work either.

Help?!

Thanks
 
renojim
** Valued Community Member **
Posts: 3492
Joined: Mon Feb 15, 2010 1:35 pm

Re: Stuck using HMAC

Fri Sep 06, 2019 1:58 pm

I think you have multiple problems.  First of all, you're prepending your key string with "AWS" instead of "AWS4".  Second, if I search for 969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d I find this example from AWS that shows that result from a different key and date string.  This online calculator verifies the result for these values:
secret key = AWS4wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY
string = 20120215

Note that the key is different from yours by one character.

BRS code:
keystr = "AWS4wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"
dateStamp = "20120215"
sha256 = CreateObject("roHMAC")
bakey = CreateObject("roByteArray")
bamsg = CreateObject("roByteArray")
bakey.FromAsciiString(keystr)
bamsg.FromAsciiString(dateStamp)
if sha256.Setup("sha256",bakey) = 0 then
   hash = sha256.Process(bamsg).ToHexString()
   print "Hash:  ";hash
else
   print "Failure"
end if

Results in:
Hash:  969FBB94FEB542B71EDE6F87FE4D5FA29C789342B0F407474670F0C2489E0A0D

Do you have a link to the example you're using?  It appears to be wrong.

-JT
 
wshirley
Topic Author
Posts: 11
Joined: Tue Jul 16, 2019 8:13 am

Re: Stuck using HMAC

Fri Sep 06, 2019 2:49 pm

SOLVED!  Thank you , thank you, thank you!  Your code worked.

My bad for not seeing the typos, especially the AWS vs AWS4.  Sometimes you stare at code so long, you don't really even "see" it anymore.

I started with an example here:  https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html

But it condensed four hash calculations into one nested command and doesn't show the intermediate values, which prevented me from determining if I was executing the HMAC steps correctly.  

Then I found this troubleshooting example here:  https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-common-coding-mistakes,which i thought uses the same "key" value, but doesn't, and I failed to note the different date value that the latter example uses (my second bad).

I'm pretty sure I can get to the final signature now -- then it's off to the maze of addheader and postfromstring commands to see if I can actually "PUT" a file to AWS!

Thanks again.

Who is online

Users browsing this forum: No registered users and 3 guests