cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
The Discovery Summit 2025 Call for Content is open! Submit an abstract today to present at our premier analytics conference.
Get the free JMP Student Edition for qualified students and instructors at degree granting institutions.
Choose Language Hide Translation Bar
View Original Published Thread

How do I generate HMAC-SHA256 hashes in JSL

pauldeen
pauldeen
Level VI
Created: Jan 26, 2022 09:29 AM  |  Last Modified: Jun 9, 2023 11:09 AM 2484 views

For querrying a REST API I need to authenticate with HMAC-SHA256. Does anybody know of a way to do this in JSL? We might even use another REST API or webscraper to do it. For example this website: https://www.devglan.com/online-tools/hmac-sha256-online can calculate the hash but how do I make it work?

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Craige_Hales
Super User Craige_Hales
Super User
Solution


Re: How do I generate HMAC-SHA256 hashes in JSL

Created: Jan 26, 2022 06:03 PM  |  Last Modified: Jan 26, 2022 5:24 PM (2459 views)  |  Posted in reply to message from pauldeen 01-26-2022

certutil on windows. openssl on mac. (But I think you might not need to, see final sentence below.)

 

A long time ago in 7 things to know about Twitter  I needed a SHA1. "certutil" is already installed on windows and will apparently do SHA256 as well. You might start with the code in the .zip AUTH.jsl file which uses runprogram and parses the output.

 

You'll get a bunch of choices of varying quality with this search https://www.google.com/search?q=windows+hmac+sha256+certutil

 

The HMAC part is described https://en.wikipedia.org/wiki/HMAC and there appears to be a related function in the AUTH.jsl file. It's been a long time since I thought about it. edit: I probably used the Wikipedia example when the JSL was written. Wikipedia also provides some test cases if you write your own.

 

I think this may be built in to JMP's httpRequest/oauth2 functions as well @Paul_Nelson  @bryan_boone  but I've not studied them yet.

 

Craige

View solution in original post

0 Kudos
6 REPLIES 6
Craige_Hales
Super User Craige_Hales
Super User
Solution


Re: How do I generate HMAC-SHA256 hashes in JSL

Created: Jan 26, 2022 06:03 PM  |  Last Modified: Jan 26, 2022 5:24 PM (2460 views)  |  Posted in reply to message from pauldeen 01-26-2022

certutil on windows. openssl on mac. (But I think you might not need to, see final sentence below.)

 

A long time ago in 7 things to know about Twitter  I needed a SHA1. "certutil" is already installed on windows and will apparently do SHA256 as well. You might start with the code in the .zip AUTH.jsl file which uses runprogram and parses the output.

 

You'll get a bunch of choices of varying quality with this search https://www.google.com/search?q=windows+hmac+sha256+certutil

 

The HMAC part is described https://en.wikipedia.org/wiki/HMAC and there appears to be a related function in the AUTH.jsl file. It's been a long time since I thought about it. edit: I probably used the Wikipedia example when the JSL was written. Wikipedia also provides some test cases if you write your own.

 

I think this may be built in to JMP's httpRequest/oauth2 functions as well @Paul_Nelson  @bryan_boone  but I've not studied them yet.

 

Craige
0 Kudos
pauldeen
pauldeen
Level VI

Re: How do I generate HMAC-SHA256 hashes in JSL

Created: Jan 27, 2022 03:14 AM  |  Last Modified: Jan 27, 2022 6:55 AM (2445 views)  |  Posted in reply to message from Craige_Hales 01-26-2022

Definetly interested in the built in solution but in the meantime your solution also works! I replaced SHA1 with SHA256 in line 9 of your auth.jsl file, thanks!

pauldeen
pauldeen
Level VI


Re: How do I generate HMAC-SHA256 hashes in JSL

Created: Jan 27, 2022 09:24 AM  |  Last Modified: Jan 27, 2022 6:56 AM (2420 views)  |  Posted in reply to message from pauldeen 01-27-2022

@Craige_Hales for some reason I got it to work earlier today, then saved it and now it won't work anymore. Can you see my mistake? BITS.jsl and AUTH.jsl from your twitterpackage are also attached for reference.

Update, it was the blocksize, it is 64 for SHA265 I had assumed that is should be 265

 

 

include("BITS.jsl");
SHA256 = Function( {txt},
	{hash, rc, hexdata,temppath},
	try(deleteFile("$temp/deleteme.txt"));
	temppath = Save Text File( "$temp/deleteme.txt", txt );
	If( Host is( "windows" ),
		hash = RunProgram( executable( "certutil" ), options( "-hashfile "|| temppath|| " SHA256" ), readfunction( "text" ) ); // win jmp 11
		//hash = RunProgram( executable( "certutil" ), options( {"-hashfile", temppath, "SHA1"} ), readfunction( "text" ) );
		rc = Pat Match(
			hash,
			Pat Regex( "\[^.+?:\s+]\" ) + Pat Span( "0123456789abcdefABCDEF " ) >> hexdata + Pat Regex(
				"\[\s*CertUtil: -hashfile command completed successfully.\s*$]\"
			)
		);
		If( rc != 1,
			Throw( "bad hash:" || hash )
		);
		hexdata = Regex( hexdata, " ", "", GLOBALREPLACE );
	, // else MAC
		hash = RunProgram( executable( "/usr/bin/openssl" ), options( {"dgst", "-sha1", temppath} ), readfunction( "text" ) );
		hexdata =regex(hash,"=\s*([0-9a-fA-F]{40})\s*","\1");
		if( length(hexdata) != 40, throw("bad hash:" || hash));
	);
	try(deleteFile("$temp/deleteme.txt"),show("did not delete temp file??"));
	Return( Hex To Blob( hexdata ) );
);

HMACSHA256 = Function( {key, message},
    {blocksize = 64}, // Where blocksize is that of the underlying hash function
    //show(length(key));
    If(
        Length( key ) > blocksize, // keys longer than blocksize are shortened
            //print("shorten:");
            key = SHA256( key );
            //show(key,length(key));
    );
    if(
        Length( key ) < blocksize, // keys shorter than blocksize are zero-padded
            key = key || Matrix To Blob( J( (blocksize - Length( key )), 1, 0 ), "uint", 1, "big" )
    );
   //show(length(key));
    o_key_pad = BITS:XORBLOB( Matrix To Blob( J( blocksize, 1, Hex To Number( "5c" ) ), "uint", 1, "big" ), key );
    i_key_pad = BITS:XORBLOB( Matrix To Blob( J( blocksize, 1, Hex To Number( "36" ) ), "uint", 1, "big" ), key );
   
    Return( SHA256( o_key_pad || SHA256( i_key_pad || message ) ) );
);

//from https://www.devglan.com/online-tools/hmac-sha256-online
if("090a613de1a32c513f5477019dbd395fe4c6727708e945277d6af6c5cf7a6778" != hex(HMACSHA256( Char To Blob( "dbc62ec300b2624c580611858d94f2332ac63" ), Char To Blob( "Why don't we test this" ) )), throw("hmac busted"));

I checked the certutil SHA256 function and that generates correct hashes. It seems that the HMACSHA256 or in the BITS functions that it calls, where it goes wrong.

 

BITS.jsl
AUTH.jsl
0 Kudos
Craige_Hales
Super User Craige_Hales
Super User


Re: How do I generate HMAC-SHA256 hashes in JSL

Jan 27, 2022 10:35 AM (2405 views)  |  Posted in reply to message from pauldeen 01-27-2022

try uppercase() on the left-hand-side test value. Looks like it works.

Craige
0 Kudos
bryan_boone
Staff bryan_boone
Staff


Re: How do I generate HMAC-SHA256 hashes in JSL

Jan 27, 2022 04:20 PM (2394 views)  |  Posted in reply to message from Craige_Hales 01-27-2022

HMAC-SHA256 is not currently built in to HTTP Request/OAuth2.

It would have to be done the way Craige described.

pauldeen
pauldeen
Level VI

Re: How do I generate HMAC-SHA256 hashes in JSL

Jan 28, 2022 03:46 AM (2380 views)  |  Posted in reply to message from bryan_boone 01-27-2022

Thanks for confirming that

0 Kudos

Recommended Articles