Page 1 of 1

HMAC Hash Code

Posted: Thu Apr 21, 2022 3:02 pm
by imaxeman69
I'm trying to use your tool to generate an SHA256 Hash Code. I'm trying to compare what I'm getting from the program to what's coming out of Postman to do a POST to a Web Server. I know what's going in is the same, but what's coming out is not. I set up a proc/PI to pass the data and secret key to the sub-procedure.
dcl-proc calculateHMAC EXPORT;
dcl-pi calculateHMAC char(64);
data char(256) const;
key char(32);
end-pi;
I replaced the code in the example with this:
//data to hash
//from37 = 'stringtobehashed';
from37 = data;
mySalt = key;

Am I close?

Re: HMAC Hash Code

Posted: Thu Apr 21, 2022 3:44 pm
by Scott Klement
Sorry, I'm not following you.

Please provide a link to the SHA256 HMAC example you are referring to. I guess I may have written an HMAC SHA256 example at some point over the years, but I don't remember anything -- so if you can give a link, it'd help a lot.

Also, can you provide the actual data, key, and salt you are using, what you're getting, and what you're expecting to get? (Use test data, salt, and password that you don't plan to ever use in production since this is a public site.)

Unfortunately, with absolutely no idea what code you are running, what problem you're having, or what your data looks like it's basically impossible to tell you if you are close.

Re: HMAC Hash Code

Posted: Thu Apr 21, 2022 3:59 pm
by imaxeman69
Thanks Scott,

Here is the URL from which I got the code: https://www.ibm.com/support/pages/qc3ca ... pi-example
Here is the dataToHash:/feed/catrequest?app_id=3fc84179&TIMESTAMP=2022-04-21T14:29:01Z
Here is the secret key (Salt): 6ea4d3eb30a63c11bfe93161411d99ac (this is test, not a problem)
This is what I get: B9CE6D6CD31217B36602195872029B3B020C9241D6951F6023E058C504E7C9E0
This is what Postman returns: e5a04c4f6cc82fa08e88e1096d0293f1d0722cce597392832b46d23f744b2941

The Postman Hash allows the request to process properly.

Re: HMAC Hash Code

Posted: Thu Apr 21, 2022 4:59 pm
by jonboy49
I think you need to go back and check your code.

I just compiled the exact source you referenced and changed the data to hash and the key to the values you supplied. When I run the code I get the same answer as postman does.

Re: HMAC Hash Code

Posted: Thu Apr 21, 2022 5:04 pm
by imaxeman69
Which fields in the program did you actually change to the provided values?

Re: HMAC Hash Code

Posted: Thu Apr 21, 2022 5:25 pm
by jonboy49
First one was

Code: Select all

//data to hash
       from37
         = '/feed/catrequest?app_id=3fc84179&TIMESTAMP=2022-04-21T14:29:01Z';
and the second

Code: Select all

       //encode the hash key per API doc
       //The minimum length for an SHA-256 HMAC key is 32 bytes
       from37 = '6ea4d3eb30a63c11bfe93161411d99ac';
That was all I changed in the logic. I did convert to free-form data declarations but that makes no difference.

Re: HMAC Hash Code

Posted: Thu Apr 21, 2022 5:38 pm
by imaxeman69
Ah, I see. Ok. Thanks allot. I know what I did wrong.

Re: HMAC Hash Code

Posted: Fri Apr 22, 2022 11:41 am
by imaxeman69
Ok, the Hash Code is calculating properly, thanks to Jonboy, but, needs to be Base 64 encoded. I'm using Mr. Klement's Base64R4. Postman is using CryptoJS.enc.Base64.stringify() to encode the hash string. The results are different. Is this an EBCDIC vs ASCII thing?

Re: HMAC Hash Code

Posted: Fri Apr 22, 2022 3:19 pm
by Scott Klement
If the binary value of the string is the same, the base64 output should be the same.

You wouldn't normally make a hex dump of a hash and then base64-encode the hex dump, though. You'd just base64-encode the original binary hash. Could that be the problem?

Re: HMAC Hash Code

Posted: Fri Apr 22, 2022 3:25 pm
by imaxeman69
I believe it could be. Thank you.