4 Replies Latest reply on May 16, 2017 6:46 PM by User16087

    HexDecode issue

    User16087

      Product and version:

      FileMaker Pro Advanced 16.0.1.162

       

      OS and version:

      OSX 10.11.6 and macOS 10.12.4

       

      Hardware:

      iMac late 2012 and MacBook Air

       

      Description:

      Inconsistent behaviour between HexDecode and HexEncode

      When trying to decode an hex key with non printable characters, HexDecode fails to decode it correctly.

      This makes impossible to use the newly introduced CryptAuthCode for processes that use hex keys, like Amazon's AWS4 signature

       

      How to replicate:

      Using the test key provided by AWS:

       

      HexEncode( HexDecode( "969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d" ) )

       

      should return the same key. It returns a completely different value instead

       

      Workaround:

      The current live process works with the BE_HMAC function from the BaseElements plugin

       

       

      Regards

      Salvatore Colangelo

        • 1. Re: HexDecode issue
          User16087

          some additional tests useful to this analysis were suggested here Re: HexDecode issue

          • 2. Re: HexDecode issue
            TSGal

            User16087:

             

            Thank you for your post.

             

            I am able to replicate the issue.  I have sent your post, along with a sample file, to our Development and Testing departments for review.  When I receive any feedback, I will let you know.

             

            TSGal

            FileMaker, Inc.

            • 3. Re: HexDecode issue
              TSGal

              User16087:

               

              Development says the hex you are decoding is not valid UTF-8 text, so HexDecode is munging the results since it thinks it is UTF-8 text.  Therefore, change the calculation to:

               

              HexEncode ( HexDecode( "969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d" ; "data.bin" ) )

               

              TSGal

              FileMaker, Inc.

              • 4. Re: HexDecode issue
                User16087

                Thanks for the prompt reply.

                 

                I had come to the conclusion about UTF-8 with my tests but I think it's good to clarify what I was trying to do:

                 

                the process to sign an Amazon Web Services request requires to generate some Hex keys and they are non UTF-8 on purpose. The process in FileMaker using the BaseElements plugin looks like

                 

                kDate = BE_HMAC ( dateStamp ;  "AWS4"&key ; BE_MessageDigestAlgorithm_SHA256  ; BE_Encoding_Hex ) ;

                kRegion = BE_HMAC ( StringToHex( regionName );  kDate; BE_MessageDigestAlgorithm_SHA256 ; BE_Encoding_Hex ; BE_Encoding_Hex ) ;

                ...

                 

                with the key generated at each step containing non-UTF8 characters

                 

                The new function CryptAuthCode is supposed to do HMAC in a similar way, but the following doesn't return the same result as above

                 

                kDate = HexEncode( CryptAuthCode ( dateStamp ; "SHA256" ; "AWS4"&key  ));

                kRegion = HexEncode(CryptAuthCode ( HexEncode( regionName ) ; "SHA256";  HexDecode( kDate ; "data.bin" ) ) ) ;

                ...

                 

                the test values provided by Amazon are

                key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
                dateStamp = '20120215'
                regionName = 'us-east-1'

                 

                and the intermediate results for testing are

                kDate = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'
                kRegion = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'