10

I have to generate string representation of CryptoJS.HmacSHA256 in digest (bytes representation).

I need it because i have to duplicate python code which generate such digest in javascript:

print hmac.new("secret", "test", hashlib.sha256).digest()

')�kb��>�y+������:�o��H�   '

The goal is to duplicate behaviour of code above in javascript.

Could you please suggest me how to do this?

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
Andriy Ivaneyko
  • 20,639
  • 6
  • 60
  • 82

2 Answers2

46

You can't simply send bytes to JavaScript. You need to convert this to a textual representation for it to be comparable. Hex encoding is supported by both python's hmac module and CryptoJS.

CryptoJS:

CryptoJS.HmacSHA256("test", "secret").toString(CryptoJS.enc.Hex)

Python2:

hmac.new("secret", "test", hashlib.sha256).hexdigest()

Python3:

hmac.new("secret".encode("utf-8"), "test".encode("utf-8"), hashlib.sha256).hexdigest()

Note the difference in the argument ordering.

All produce

0329a06b62cd16b33eb6792be8c60b158d89a2ee3a876fce9a881ebb488c0914
Artjom B.
  • 61,146
  • 24
  • 125
  • 222
  • Fun fact, if you're using Shopify's liquid hmac_sha256 string filter, it also outputs the Hex value. – Mark Cooper Nov 06 '17 at 20:33
  • In the case of Python - you cannot pass String to `hmac.new()` method. If I pass string I am receiving this error: `TypeError: key: expected bytes or bytearray, but got 'str'` – Slick Slime Jan 04 '21 at 07:43
  • 1
    @SlickSlime Yes, this answer was written for Python 2. You would have to encode the (Unicode) string first – Artjom B. Jan 04 '21 at 18:14
5

If you need raw bytes then CryptoJS does not seem to supply code for it. It is mentioned that this is because of lack of cross browser compatibility for Uint8Array and friends.

However, after searching, I did find some conversion code created by Vincenzo Ciancia:

CryptoJS.enc.u8array = {
    /**
     * Converts a word array to a Uint8Array.
     *
     * @param {WordArray} wordArray The word array.
     *
     * @return {Uint8Array} The Uint8Array.
     *
     * @static
     *
     * @example
     *
     *     var u8arr = CryptoJS.enc.u8array.stringify(wordArray);
     */
    stringify: function (wordArray) {
        // Shortcuts
        var words = wordArray.words;
        var sigBytes = wordArray.sigBytes;

        // Convert
        var u8 = new Uint8Array(sigBytes);
        for (var i = 0; i < sigBytes; i++) {
            var byte = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
            u8[i]=byte;
        }

        return u8;
    },

    /**
     * Converts a Uint8Array to a word array.
     *
     * @param {string} u8Str The Uint8Array.
     *
     * @return {WordArray} The word array.
     *
     * @static
     *
     * @example
     *
     *     var wordArray = CryptoJS.enc.u8array.parse(u8arr);
     */
    parse: function (u8arr) {
        // Shortcut
        var len = u8arr.length;

        // Convert
        var words = [];
        for (var i = 0; i < len; i++) {
            words[i >>> 2] |= (u8arr[i] & 0xff) << (24 - (i % 4) * 8);
        }

        return CryptoJS.lib.WordArray.create(words, len);
    }
};

Note of course that bytes don't translate directly to characters; you cannot use a text compare to compare against ')�kb��>�y+������:�o��H� ' generated by python. For that you do need an encoder such as hexadecimals or base 64. In that case please look at the answer from Artjom instead.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • 1
    Note: I haven't tested the code above. There were a few people out there that seemed happy with it. I would recommend writing some tests around it though. – Maarten Bodewes Apr 03 '15 at 13:24
  • I haven't found the original source of the code, so I used a link to your post from [this answer](http://stackoverflow.com/a/29449521). Can you provide one? – Artjom B. Apr 04 '15 at 17:44