У продаји СХА256 хасх генератор

There seems to be a problem with getting deterministic hash values for the POI XLSX format, with MessageDigest SHA-256 implementation, even for empty ByteArray streams. This happens randomly, after several hundreds or even only thousands of iterations.

The relevant code snippets used to reproduce the problem:

// TestNG FileTest:@Test(enabled = true) // indeterminism at random iterations, such as 400 or 1290public void emptyXLSXTest() throws IOException, NoSuchAlgorithmException {    final Hasher hasher = new HasherImpl();    boolean differentSHA256Hash = false;    for (int i = 0; i < 10000; i++) {        final ByteArrayOutputStream excelAdHoc1 = BusinessPlanInMemory.getEmptyExcel("xlsx");        final ByteArrayOutputStream excelAdHoc2 = BusinessPlanInMemory.getEmptyExcel("xlsx");        byte[] expectedByteArray = excelAdHoc1.toByteArray();String expectedSha256 = hasher.sha256(expectedByteArray);byte[] actualByteArray = excelAdHoc2.toByteArray();String actualSha256 = hasher.sha256(actualByteArray);if (!expectedSha256.equals(actualSha256)) {            differentSHA256Hash = true;            System.out.println("ITERATION: " + i);            System.out.println("EXPECTED HASH: " + expectedSha256);            System.out.println("ACTUAL HASH: " + actualSha256);            break;        }    }    Assert.assertTrue(differentSHA256Hash, "Indeterminism did not occur");}

Referenced Hasher and POI code:

// HasherImpl class:public String sha256(final InputStream stream) throws IOException, NoSuchAlgorithmException {    final MessageDigest digest = MessageDigest.getInstance("SHA-256");    final byte[] bytesBuffer = new byte[300000];     int bytesRead = -1;    while ((bytesRead = stream.read(bytesBuffer)) != -1) {        digest.update(bytesBuffer, 0, bytesRead);    }    final byte[] hashedBytes = digest.digest();    return bytesToHex(hashedBytes);}

Tried to eliminate indeterminism due to meta data like creation time, to no avail:

// POI BusinessPlanInMemory helper class:public static ByteArrayOutputStream getEmptyExcel(final String fileextension) throws IOException {    Workbook wb;    if (fileextension.equals("xls")) {        wb = new HSSFWorkbook();    }    else {        wb = new XSSFWorkbook();        final POIXMLProperties props = ((XSSFWorkbook) wb).getProperties();        final POIXMLProperties.CoreProperties coreProp = props.getCoreProperties();        coreProp.setCreated("");        coreProp.setIdentifier("1");        coreProp.setModified("");    }    wb.createSheet();    final ByteArrayOutputStream excelStream = new ByteArrayOutputStream();    wb.write(excelStream);    wb.close();    return excelStream;}

The HSSF / XLS format seems not to be affected by the problem described.Does anybody have a clue, what could be causing this, if not a bug in POI itself? Basically, the code above refers to https://poi.apache.org/spreadsheet/examples.htmlBusinessPlan example

Thanks for your input!

When using the JavaX HMAC/SHA256 hashing libraries, if I right pad my secret key with non-zero bytes, the hash for the same message is different; as expected.

hmacSHA256digest(  "secret".getBytes("UTF-8"), msg) = "244d9c89069406d40803722ec6a793e5e04c55234d9ca03039a7b505cb3f8f00"hmacSHA256digest("secret\1".getBytes("UTF-8"), msg) = "4f94305c91ca9d8dec13ffcff7e455d6f0c49373e1bbc4035da2b500b11063fb" 

However, if I right-pad the secret key with an arbitrary number of \0 bytes, the hash comes back as the same for different byte arrays like:

• "secret"
• "secret\0"
• "secret\0\0"

So, JavaX HMAC SHA256 is returning the same hash, even though the byte[] array returned from getBytes("UTF-8") for the secret just has a few additional zeros at the end (so it's not a UTF-8 issue):

hmacSHA256digest(   "secret".getBytes("UTF-8"), msg) = "244d9c89069406d40803722ec6a793e5e04c55234d9ca03039a7b505cb3f8f00"hmacSHA256digest(   "secret\0".getBytes("UTF-8"), msg) = "244d9c89069406d40803722ec6a793e5e04c55234d9ca03039a7b505cb3f8f00"hmacSHA256digest(   "secret\0\0".getBytes("UTF-8"), msg) = "244d9c89069406d40803722ec6a793e5e04c55234d9ca03039a7b505cb3f8f00"

Calls to other JavaX methods for MD5 and plain SHA256 do not return the same hash when extra \0 s are appended to the secret, so they pass our security test case for hash uniqueness across different secrets. Is the failure of this zero-padded-secrets case with MAC/SHA256 a possible attack vector?

This is the example code:

import javax.crypto.Mac;import javax.crypto.spec.SecretKeySpec;import java.security.InvalidKeyException;import java.security.MessageDigest;import java.security.NoSuchAlgorithmException;import java.util.Arrays;static void testRightZeroPaddedSecretsHaveDifferentHashes() {    try {        byte[] msg = "msg".getBytes("UTF-8");        // HMAC SHA256        byte[] b3 = hmacSHA256digest(msg, "secret".getBytes("UTF-8"));        byte[] b4 = hmacSHA256digest(msg, "secret\0".getBytes("UTF-8"));        // Plain SHA256        byte[] b5 = SHA256digest(msg, "secret".getBytes("UTF-8"));        byte[] b6 = SHA256digest(msg, "secret\0".getBytes("UTF-8"));        boolean same34 = Arrays.equals(b3, b4);        boolean same56 = Arrays.equals(b5, b6);        System.out.println(                "\n" + Arrays.toString(b3) +                "\n" + Arrays.toString(b4) +                "\nHMAC SHA256 - identical hash results? = " + same34 +                "\n" +                "\n" + Arrays.toString(b5) +                "\n" + Arrays.toString(b6) +                "\nPlain SHA256 - identical hash results? = " + same56        );    } catch (Throwable e) {        e.printStackTrace();    }}static byte[] hmacSHA256digest(byte[] msg, byte[] secret) {    try {        SecretKeySpec keySpec = new SecretKeySpec(secret, "HmacSHA256");        Mac mac = Mac.getInstance("HmacSHA256");        mac.init(keySpec);        byte[] hmac = mac.doFinal(msg);        return hmac;    } catch (NoSuchAlgorithmException e) {        e.printStackTrace();    } catch (InvalidKeyException e) {        e.printStackTrace();    }    return null;}static byte[] SHA256digest(byte[] msg, byte[] secret) {    try {        MessageDigest digest = MessageDigest.getInstance("SHA-256");        digest.update(msg);        byte[] hash = digest.digest(secret);        return hash;    } catch (NoSuchAlgorithmException e) {        e.printStackTrace();    }    return null;}

And sample output:

[-2, 79, -100, 65, -113, 104, 63, 3, 79, 106, -7, 13, 29, -43, -72, 106, -64, 53, 93, -39, 99, 50, -59, -100, -57, 69, -104, -48, 115, 97, 7, -10] [-2, 79, -100, 65, -113, 104, 63, 3, 79, 106, -7, 13, 29, -43, -72, 106, -64, 53, 93, -39, 99, 50, -59, -100, -57, 69, -104, -48, 115, 97, 7, -10] HMAC SHA256 - identical hash results? = true[-88, 92, 89, -29, -65, -48, -127, 51, 125, -120, 78, -38, 25, 57, -91, 91, -50, 111, -33, 40, -3, 0, -95, 89, -50, -88, 39, 118, 101, -56, 91, 126] [-40, 39, 49, -64, 58, 40, 124, 64, 110, -100, 50, 115, -32, 114, -107, 24, -73, -17, -37, 11, 67, -26, -48, -65, 109, -24, 119, 45, 74, -31, -81, 119]Plain SHA256 - identical hash results? = false

Since JavaX HMAC SHA256 failed this zero-padded-secrets test case that passed for the plain SHA256/MD5 algorithms mentioned above, can anyone explain the difference in the behavior and if this can be exploited?

I'm building a Facebook Page app in Classic ASP. I've been unable to match the signature that Facebook passes into the app as the first part of the POSTed signed_request.

Because there are few libraries for cryptography in VBScript, I'm using server side Javascript and the crypto-js library from https://code.google.com/archive/p/crypto-js/

I've tried to translate the PHP code example from Facebook's docs at https://developers.facebook.com/docs/games/gamesonfacebook/login#parsingsr into Javascript. I can generate an HMAC SHA256 hash of the signed_request payload but that doesn't match the signed_request signature.

I think the problem is that Facebook's signature is in a different format. It looks to be binary (~1抚Ö.....) while the HMAC SHA256 hash I'm generating is a hexadecimal string (7f7e8f5f.....). In Facebook's PHP example the hash_hmac function uses the raw binary parameter. So I think I need to either convert Facebook's signature to hexadecimal or my signature to binary in order to do an "apples-to-apples" comparison and get a match.

Here's my code:

/* Use the libraries from https://code.google.com/archive/p/crypto-js/crypto-js/crypto-js.min.jscrypto-js/hmac-sha256.min.jscrypto-js/enc-base64.min.js*/var signedRequest = Request.queryString("signed_request")var FB_APP_SECRET = "459f038.....";var arSR = signedRequest.split(".");var encodedSig = arSR[0];var encodedPayload = arSR[1];var payload = base64UrlDecode(encodedPayload);var sig = base64UrlDecode(encodedSig);var expectedSig;expectedSig = CryptoJS.HmacSHA256(encodedPayload, FB_APP_SECRET); // Unaltered payload string; no matchexpectedSig = CryptoJS.HmacSHA256(payload, FB_APP_SECRET); // base64-decoded payload string; no matchif (sig == expectedSig) {    Response.write(payload);} else {    Response.write("Bad signature");}function base64UrlDecode(input) {    // Replace characters and convert from base64.    return Base64.decode(input.replace("-", "+").replace("_", "/"));}

I'm trying to develop some sort of PKI management too with PHP, and I'm finding many issues (partially due documentation) using PHP Openssl.

For example, I learnt via hard way (try-and-error) that PHP openssl doesn't check really for OPENSSL_CONF environment variable, the only real way to use a different config file is to use the $configArray('config' => file_path) argument.

Currently I'm stuck trying to generate a CSR using SHA256 hash method. For the tests I'm using this minimal (but working) openssl.conf configuration:

distinguished_name  = req_distinguished_name[req]default_md          = sha256[req_distinguished_name][end_req_ext]keyUsage                = digitalSignature,keyEnciphermentextendedKeyUsage        = serverAuth,clientAuth

(note that the 'default_md' setting is overriden by the $configArray['digest_alg'] parameter.

I use this code for testing:

$config = array(    'digest_alg' => "sha256",    'private_key_bits' => 384,    'config'    => "/tmp/opensslmy.conf");$dn = array(    "countryName" => "UK",    "stateOrProvinceName" => "Somerset",    "localityName" => "Glastonbury",    "organizationName" => "The Brain Room Limited",    "organizationalUnitName" => "PHP Documentation Team",    "commonName" => "Wez Furlong");$key = openssl_pkey_new($config);if (!$key) {    print "Error on PKEY_NEW: ".openssl_error_string()."\n";    exit(1);}$csr = openssl_csr_new ( $dn , $key, $config );$pem = "";if (openssl_csr_export($csr, $pem)) {    print $pem."\n";} else {    print "Error on CSR_NEW: ".openssl_error_string()."\n";}

It fails:

PHP Warning:  openssl_csr_new(): Error signing request in /home/mark/Desktop/ssltest.php on line 25PHP Warning:  openssl_csr_export() expects parameter 1 to be resource, boolean given in /home/mark/Desktop/ssltest.php on line 27Error on CSR_NEW: error:0E06D06C:configuration file routines:NCONF_get_string:no value

If set the initial $config array 'digest_alg' to either md5 or sha1 it works like a charm and succsfully generates a CSR with the given hash algorithm.

I also tried to remove that 'digest_alg' key from the config array and specify it exclusively in the config file (as for my experience I know even for the openssl req -new command, the -sha256 doesn't work and that is the only way to generate sha256 CSRs)

I'm currently using PHP 5.5.9 and OpenSSL 1.0.1f.

I'm doing something wrong?Too old PHP versions?

I am taking message and key from this URL

import hmacimport hashlibimport base64my = "/api/embedded_dashboard?data=%7B%22dashboard%22%3A7863%2C%22embed%22%3A%22v2%22%2C%22filters%22%3A%5B%7B%22name%22%3A%22Filter1%22%2C%22value%22%3A%22value1%22%7D%2C%7B%22name%22%3A%22Filter2%22%2C%22value%22%3A%221234%22%7D%5D%7D"key = "e179017a-62b0-4996-8a38-e91aa9f1"print(hashlib.sha256(my + key).hexdigest())

I am getting this result:

2df1d58a56198b2a9267a9955c31291cd454bdb3089a7c42f5d439bbacfb3b88

Expecting result:

adcb671e8e24572464c31e8f9ffc5f638ab302a0b673f72554d3cff96a692740