search

brix / crypto-js

JavaScript library of crypto standards.
Other
15.74k stars 2.38k forks source link

hmac256 result mismatch #265

Open dimankiev opened 4 years ago

dimankiev commented 4 years ago

When I tried to implement Telegram Login Widget to my web-service, I've experienced interesting issue:

HMAC SHA256 result hash mismatches the hash, given by Telegram's API, after completing all the instructions.

I tried to do the same operation (to receive this result hash) in Cryptii, and got the right hash ! But crypto-js HMAC function is still giving the wrong result

I tried to do that:

Using Cryptii HMAC

Message: a
Secret: 18a52de7b5a1bc2b046237a58a5b745b2b8dbe2b6634179c21b4f6782afd6582
Algo: sha256
Result: dd908e21c6e54bd8a9f964323a2e299875600dcc4491e6a274b47f7f35c3450c

Using crypto-js HMAC

Message: a
Secret: 18a52de7b5a1bc2b046237a58a5b745b2b8dbe2b6634179c21b4f6782afd6582
Algo: sha256
Result: d22a7fb6b6b655d68c0b217994d0738172323034e9f1a72f2bbd3b0c9a412b8e

And I've got confused. What's wrong ?

image image

dimankiev commented 4 years ago

The same in native node.js crypto module

dimankiev commented 4 years ago

When I tried to use <Buffer 18 a5 2d e7 b5 a1 bc 2b 04 62 37 a5 8a 5b 74 5b 2b 8d be 2b 66 34 17 9c 21 b4 f6 78 2a fd 65 82> (Didn't make hash conversion to string) as secret, via crypto module, I've got the right hash.

Is there something wrong, or it's just lack of experience in using crypto-js ? :)

yamanlutfi commented 4 years ago

Mantap