3

I have to make a hmac_whirlpool hash algorithm but I do something wrong because I get the worng result. For my unit test I took the results from this site https://quickhash.com/. I just tryed to write down the pseudocode from wikipedia(https://en.wikipedia.org/wiki/Hash-based_message_authentication_code). 

import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;

import org.apache.commons.codec.binary.Hex;

import jonelo.jacksum.JacksumAPI;
import jonelo.jacksum.algorithm.AbstractChecksum;
    private void createMac() throws NoSuchAlgorithmException, MessageOrKeyEmptyException{

        if((_formattedKey!=null) && (_message != null)){

            byte _MesStringByte[] = _message.getBytes();
            byte[] o_pad = new byte[64];
            Arrays.fill( o_pad, (byte) 0x5c);
            byte[] o_key_pad =new byte[64];
            for(int i = 0;i<64;i++){

                o_key_pad[i] = (byte) (_formattedKey[i] ^ o_pad[i]);
            }

            byte[] i_pad = new byte[64];
            Arrays.fill( i_pad, (byte) 0x36);
            byte[] i_key_pad =new byte[64];
            for(int i = 0;i<64;i++){
                i_key_pad[i] = (byte) (_formattedKey[i] ^ i_pad[i]);
            }   

            byte[] tempByteArray1 = new byte[i_key_pad.length + _MesStringByte.length];

            System.arraycopy(i_key_pad, 0, tempByteArray1, 0, i_key_pad.length);
            System.arraycopy(_MesStringByte, 0, tempByteArray1, i_key_pad.length, _MesStringByte.length);   

            AbstractChecksum _HmacWhirlInstance = JacksumAPI.getChecksumInstance("whirlpool");

            _HmacWhirlInstance.update(tempByteArray1);
            byte[] tempByteArray2 = _HmacWhirlInstance.getByteArray();


            byte[] tempByteArray3 = new byte[tempByteArray2.length + o_key_pad.length];
            System.arraycopy(o_key_pad, 0, tempByteArray3, 0, o_key_pad.length);
            System.arraycopy(tempByteArray2, 0, tempByteArray3, o_key_pad.length, tempByteArray2.length);


            _HmacWhirlInstance.update(tempByteArray3);

            _result = _HmacWhirlInstance.getByteArray();

To get the _formattedKey I just hashed the key. That works correct. The whirlpool hash from "#!Mein Geheimnis!#" is correct.

private void makeKey() throws NoSuchAlgorithmException{
        _KeyStringByte = _key.getBytes();

            AbstractChecksum _pruefSumme = JacksumAPI.getChecksumInstance("whirlpool");
            _pruefSumme.update(_KeyStringByte);

            _formattedKey = _pruefSumme.getByteArray();

    }

My Unit test:

public class TestHMACWhirlpool {

    @Test
    public void TestHMACWhirlpoolAlgorithm() throws Exception{
        //TODO Testdaten richtig einbinen
        HMACWhirlpool _HMACWhirlpoolInstance = new HMACWhirlpool();
        _HMACWhirlpoolInstance.setKey("#!Mein Geheimnis!#");
        _HMACWhirlpoolInstance.setMessage("12345678910");
        assertEquals("HMAC-Whirlpool","f108cc1d682905748cd94d32965f21ab783d3bece718aee5dff860a4cb340696e0e17478524678a918e74cc3670067f06e0c4fa11343acc52427da25f23e14c6",Hex.encodeHexString(_HMACWhirlpoolInstance.getEncryptedMessage()));

    }

}

Maybe I do something wrong with the binarys and the byte array. I can't find my mistake.

Kindly Regards!

EDIT:

I get "ce1075b6aeb5dc3854e71f748a3160f5f7b40f829a2c915e07f0b95a108225d6d610c1c47352c4997c8878d723063476b7e4e4aab9bc88e5b36e469f1facdb44" instead of "f108cc1d682905748cd94d32965f21ab783d3bece718aee5dff860a4cb340696e0e17478524678a918e74cc3670067f06e0c4fa11343acc52427da25f23e14c6"

vojta
  • 5,591
  • 2
  • 24
  • 64
SamuelTJackson
  • 1,357
  • 3
  • 19
  • 40
  • @vojta I edit my post! – SamuelTJackson May 11 '16 at 13:26
  • Why do you check it with "f108cc..."? Both [this](http://hash.online-convert.com/whirlpool-generator) and [this](https://quickhash.com/) converter says `5c163dc0a61452cc8d9e2953297f2e37ed48ea4f589d7e4bdb6aba42a3a722a6f9603096652bc7fa969ef1e85b5c77a9790cb69b01ecb1da5271b214a6a3082c` for input "12345678910" and key "#!Mein Geheimnis!#"... – vojta May 11 '16 at 13:28
  • @vojta Hey you have to hash "#!Mein Geheimnis!#" with whrilpool before you can use it (_formattedKey). So if you use the online hash you need to use "b882d2834d61ac9bb2ba9995492a3ebd6c0856733fd4e60bdc11f192e75f67a12f00cc61c193e01bbc7a8492c54a882989d037255c480b9326737f1dfb7ac88b" as a key :) – SamuelTJackson May 11 '16 at 13:31
  • Are you sure online converters don't hash the inserted password automatically? – vojta May 11 '16 at 13:36
  • @vojta If you look at the code in wiki: if (length(key) > blocksize) then key = hash(key) // keys longer than blocksize are shortened end if if (length(key) < blocksize) then // keys shorter than blocksize are zero-padded (where ∥ is concatenation) key = key ∥ [0x00 * (blocksize - length(key))] // Where * is repetition. end if they only hash it if the size of the is to big. So if you hash the key its the correct size and you dont need to add zeros or hash it again. – SamuelTJackson May 11 '16 at 13:40
  • Perhaps you should specify encoding for String.getBytes(). It does not always have to be UTF-8 by default. Use getBytes("UTF-8") instead. See http://stackoverflow.com/a/12659462/3899583 – vojta May 11 '16 at 13:42
  • @vojta didnt change the result. Still the same :( – SamuelTJackson May 11 '16 at 13:46
  • Why do you hash this key? It is definitely shorter than 64 bytes... "#!Mein Geheimnis!#" is 18 bytes long only in UTF-8, so there is no reason for hashing it... – vojta May 11 '16 at 13:55
  • 1
    @vojta well I have to do it because people want me to do it. I guess it should work even with the hash. – SamuelTJackson May 11 '16 at 13:58

1 Answers1

1

I didnt reset my _HmacWhirlInstance!

SamuelTJackson
  • 1,357
  • 3
  • 19
  • 40