tmthrgd/mpw-js

CryptoJS.HmacSHA256 does not return the same as window.crypto.subtle.sign?

vralfy opened this issue · 1 comments

I tried use you implementation with CryptoJS instead of Node.js, but I noticed that CryptoJS.HmacSHA256 returns a different seed than the java application or the Crypto API approach.

Am I wrong or is it a bug? I added some debug messages to my modified code so whats going on:

login: user
password: abcd
site: www
iteration: 1
type: long
context: null

Masterkey:

calculated:

[247, 144, 234, 90, 87, 71, 215, 49, 224, 176, 204, 216, 100, 65, 61, 169, 104, 166, 203, 94, 51, 90, 40, 95, 84, 99, 120, 106, 140, 15, 166, 214, 204, 111, 253, 85, 5, 68, 179, 30, 148, 74, 28, 147, 76, 161, 35, 235, 160, 181, 184, 47, 76, 114, 51, 142, 203, 58, 44, 96, 143, 231, 62, 39]

should be:

[247, 144, 234, 90, 87, 71, 215, 49, 224, 176, 204, 216, 100, 65, 61, 169, 104, 166, 203, 94, 51, 90, 40, 95, 84, 99, 120, 106, 140, 15, 166, 214, 204, 111, 253, 85, 5, 68, 179, 30, 148, 74, 28, 147, 76, 161, 35, 235, 160, 181, 184, 47, 76, 114, 51, 142, 203, 58, 44, 96, 143, 231, 62, 39]

Unencrypted seed:

calculated:

[99, 111, 109, 46, 108, 121, 110, 100, 105, 114, 46, 109, 97, 115, 116, 101, 114, 112, 97, 115, 115, 119, 111, 114, 100, 0, 0, 0, 3, 119, 119, 119, 0, 0, 0, 1]

should be:

[99, 111, 109, 46, 108, 121, 110, 100, 105, 114, 46, 109, 97, 115, 116, 101, 114, 112, 97, 115, 115, 119, 111, 114, 100, 0, 0, 0, 3, 119, 119, 119, 0, 0, 0, 1]

Hash (CryptoJS.HmacSHA256(seed, key) and converted to Uint8)

calculated:

[172, 9, 71, 217, 45, 14, 176, 66, 243, 41, 170, 151, 16, 207, 128, 156, 44, 38, 16, 151, 255, 47, 151, 248, 222, 200, 250, 191, 186, 150, 174, 123]

should be:

[105, 65, 252, 82, 190, 241, 208, 187, 127, 233, 36, 194, 187, 139, 94, 166, 178, 184, 227, 10, 187, 191, 213, 0, 113, 238, 51, 83, 119, 115, 79, 141]

Ok found a solution:

include crypto-js.js, hmac-sha256.js AND lib-typedarrays.js to make it work (CryptJS v3.1.6 https://github.com/brix/crypto-js/tree/3.1.6)