AS3 HMAC SHA-256 for Adobe AIR (desktop)

3
votes

in Actionscript 3 i need to compute data (a string, utf-8), using a secret key (a string, utf-8).

  1. This is the data (string) "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000&timestamp=1499827319559"

  2. This is the secret key (string) "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j"

  3. This is the result it must come out (string) "c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71"

Can someone solve this? (the result is correct, but i don't know the code to arrive at the result).

This is what i have tried so far:

// THE DATA
var dataToEncode:String = "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000&timestamp=1499827319559";
var byteArrayOfDataToEncode:ByteArray = new ByteArray();
byteArrayOfDataToEncode.writeUTF(dataToEncode); // we write the string into the ByteArray
                    
// THE SECRET KEY
var secretKey:String = "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j";
var byteArrayOfSecretKey:ByteArray = new ByteArray();
byteArrayOfSecretKey.writeUTF(secretKey); // we write the secret key into the ByteArray
                    
// WE COMPUTE THE SIGNATURE
var HMAC_SHA256:HMAC = new HMAC(new SHA256());
var byteArrayOfResultSignature:ByteArray = HMAC_SHA256.compute(byteArrayOfSecretKey, byteArrayOfDataToEncode);                  
var resultSignature:String = byteArrayOfResultSignature.readUTF();
                    
// WE SHOW THE RESULT SIGNATURE
trace("The result signature is: "+resultSignature);

This HMAC class is created using this library (AS3Crypto): https://github.com/Atmosphere/ActionScript/blob/master/src/com/hurlant/crypto/hash/HMAC.as

1
actionscript-3sha256hmac
Unfortunately I've been about decade since I've used actionscript commercially. I do recommend you post a minimal version of your attempt as well. Hopefully other can pickup potential issues (e.g. integer type overflows, etc.). I would also think about alternative libraries. Does this need to run in a browser or can it be executed via the Adobe Integrated Runtime (AIR) ? (If so, it might be worth checking native extensions such as cryptopp-ane)George Profenza
Thanks George for the comment. How can i use the cryptopp-ane?Simone Pinto
It's for AIR (Desktop). No browser, a standalone application for the desktop.Simone Pinto
If you haven't used AIR before I'd recommend doing first simple tutorial first to get the hang of the basics. Next try to load / use a simple ANE extension. (Doing a quick search I found this tutorial: hopefully there are better ones available). Regarding cryptopp-ane, the precompiled .ane file lives in the release folder. Additionally the tester folder contains a basic sample app. If you don't have Gradle on your system you can hopefully still re-use the Main.as file as a starting point without preferred setup.George Profenza
You're reading the result signature as an UTF string instead of reading it as an array of bytes into a hexstring, so you get some garbage symbols instead of a sequence of hex digits. Check this stackoverflow.com/questions/24974043/… for some sort of remedy.Vesper

1 Answers

2
votes

I found, thanks to the commentors, the asnwer to this.

The solution is com.adobe.crypto .

There is a class in the As3corelib (that you can download here https://code.google.com/archive/p/as3corelib/downloads). You have to import those folders by going to "File-> Actionscript settings", and the click on the source path and then add the "com" folder there.

You will also need to download the Adobe Flex SDK (because some classes in As3corelib use some utility classes in the Flex SDK), unzip it, and then include the framework.swc file (search in the folders of adobe flex, it is in the frameworks/libs folder), going to "File-> Actionscript settings", and the click on the library path and then add the framework.swf there.

Now you are ready to do it, like this:

import com.adobe.crypto.*; // import this, to have access to the classes we need.

// then this code where you need it
var message:String = "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000&timestamp=1499827319559";
var secretKey:String = "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j";
                    
var signature:String = HMAC.hash(secretKey, message, SHA256) ;
                    
trace("The signature is: "+signature);

Hope it helps, have a beautiful day!