2
votes

I have this php code which generate a HMAC (and not a simple message digest):

<?php 
$key = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF";
$binkey = pack("H*", $key); 
echo strtoupper(hash_hmac('sha512', "ABC", $binkey)); 
?>

And with ABC input its output is:

100A6A016A4B21AE120851D51C93B293D95B7D8A44B16ACBEFC2D1C9DF02B6F54FA3C2D6802E52FED5DF8652DDD244788A204682D2D1CE861FDA4E67F2792643

And I need to clone it in java.

So here is my current java clone :

private String generateHMAC( String datas )
    {

        //                final Charset asciiCs = Charset.forName( "utf-8" );
        Mac mac;
        String result = "";
        try
        {
            byte[] bytesKey = PayboxConstants.KEY.getBytes( );
            final SecretKeySpec secretKey = new SecretKeySpec( bytesKey, "HmacSHA512" );
            mac = Mac.getInstance( "HmacSHA512" );
            mac.init( secretKey );
            final byte[] macData = mac.doFinal( datas.getBytes( ) );
            byte[] hex = new Hex( ).encode( macData );
            result = new String( hex, "ISO-8859-1" );
        }
        catch ( final NoSuchAlgorithmException e )
        {
            AppLogService.error( e );
        }
        catch ( final InvalidKeyException e )
        {
            AppLogService.error( e );
        }
        catch ( UnsupportedEncodingException e )
        {
            AppLogService.error( e );
        }

        return result.toUpperCase( );

    }

But it does not makes the job because for same input (ABC) its ouput is:

AA6492987D7A7AC81109E877315414806F1973CC47B897ECE713171A25A11B279329B1BFF39EA72A5EFB7EDCD71D1F34D5AAC49999A780BD13F019ED99685B80

I've tries a lot of other java code but none of them was an exact clone of php version.

What did I do wrong?

3

3 Answers

7
votes

You simply forgot to mimic pack()'s behavior in your Java code (whatever you need that for).

Use

final SecretKeySpec secretKey = new SecretKeySpec( DatatypeConverter.parseHexBinary(PayboxConstants.KEY), "HmacSHA512" );

In your Java Code.

Where DatatypeConverter.parseHexBinary() is from the JAXB API.

Alternatively, if you don't want to include JAXB just for the purpose of converting HEX strings to bytes, you might want to use the code posted here.

-1
votes

I use this for SHA 512 in Java. It might help:

public static String sha512 ( String str )
    {
        try
        {
            return sha512 ( str.getBytes ( "UTF-8" ) );
        }
        catch ( UnsupportedEncodingException e )
        {
            e.printStackTrace ( );
            return "";
        }
    }

public static String sha512 ( byte[] array )
{
    try
    {
        MessageDigest m = MessageDigest.getInstance ( "SHA-512" );
        m.update ( array );
        String hash = new BigInteger ( 1, m.digest ( ) ).toString ( 16 );
        while ( hash.length ( ) < 32 )
        {
            hash = "0" + hash;
        }
        return hash;
    }
    catch ( NoSuchAlgorithmException e )
    {
        e.printStackTrace ( );
        return "";
    }
}

I also remember that there is detailed answer about MD-5 in a post in stackoverflow (just the algorythm is different)

-1
votes

try that :

private String generateHMAC( String datas )
{
    MessageDigest md = MessageDigest.getInstance("SHA-512");

    md.update(datas.getBytes("UTF-8")); // Change this to "UTF-16" if needed
    byte[] digest = md.digest();

    StringBuffer hexString = new StringBuffer();
    for (int i=0;i<digest.length;i++) {
        hexString.append(Integer.toHexString(0xFF & digest[i]));
    }

    return  hexString.toString();
}