Giters

Caligatio / jsSHA

A JavaScript/TypeScript implementation of the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC.

Home Page:https://caligatio.github.io/jsSHA/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Upgrade path from older version

gurnard123 opened this issue · comments

commented

Hello.
I have some code that references an older version of jsSHA that has differences in the input format.
I am not sure what version the old one is there is no version number in the file but is dated Copyright Brian Turek 2008-2012.

The way the old code calls jsSHA is thus:

var shaObj = new jsSHA(secret, 'ASCII');
var sha1Hex = shaObj.getHash("SHA-1", "HEX");
var hmacObj = new jsSHA(time, 'HEX');
var hmac = hmacObj.getHMAC(sha1Hex, 'HEX', 'SHA-1', "HEX");

Note that the type is ASCII, not TEXT, what should be used in the place of ASCII?

I have changed the constructor calls to the below, but I don't think this is correct as the results are different.

let shaObj = new jssha("SHA-1", "TEXT");
shaObj.update(secret);
let sha1Hex = shaObj.getHash("HEX");
var hmacObj = new jssha("SHA-1","HEX");
hmacObj.setHMACKey(sha1Hex,"HEX");
hmacObj.update(timeOrHash,"TEXT");
var hmac = hmacObj.getHMAC("HEX");

Any hints to upgrade to the new version or should I use the old library, do you think?

commented

Are you using those exact code blobs? If so, you're interpreting time as a HEX string in the top example and interpreting timeOrHash as TEXT in the bottom example.

commented

Hello. Thanks for the response. Yeah the data is the same in both I changed the variable name in the latter version. It is ok I got it working using 1.6 version of the library so I will stick with that one.
So I guess you made a major change between that old version and the latest seems like a lot of people on the internet are stuck to that version so I saw after googling a bit yesterday.

commented

The API definitely changed between v1 and v2 but the same inputs should be yielding the same outputs. I would expect the code above to give different outputs given how your "casting" your inputs. If your using something like UNIX timestamps as your time and saying it's HEX encoded the first time but TEXT in the second instance, that is very different.

If you're​ using everything correctly and it's giving you wrong hashes, that is something I need to address.

commented

Happy to work on this but I need more details to do anything. Feel free to respond and reopen if you're still having issues.

commented

No problem. I have left it on 1.6 and it works with that version. Thanks for looking.