Isn't the the REXX program missing a
call EBCDIC_to_ASCII ;
statement before this one?
hmg_text = text_ASCII ;
Bill
On Thu, 16 Sep 2021 15:40:57 -0300, Isabel wrote:
>Hello again and thanks Eric and the others for all the answers, but we
>still have problems. :(
>
>Here is what we did in REXX.
>
>First we imported the "secret key" and then we calculated the HMAC.
>We converted the secret key to ASCII ( " ABCabcABCabcABC12345678901234567")
>The text to ASCII ("Hola Mundo")
>and also the output to ASCII
>
>but we still get different results. In this case we expected
>1e8f4f6cba07b91e3e2ad9853a2965ba7d85d126a8e77950d8caa4bbea6d833e as a result
>
>Thanks agian, and we appreciate any help.
>Regards
>
>/* rexx */
>signal on novalue;
>/*---------------------------------------------------*/
>/* CSNBSKI2 */
>/*---------------------------------------------------*/
>SKI2_rc = 'FFFFFFFF'x ;
>SKI2_rs = 'FFFFFFFF'x ;
>SKI2_exit_data_length = '00000000'x ;
>SKI2_exit_data = '';
>SKI2_rule_array_count = '00000003'x ;
>SKI2_rule_array = 'HMAC ' ||,
> 'OP ' ||,
> 'MAC ';
>SKI2_ckey_bit_len = '00000080'x ;
>text_EBCDIC = 'ABCabcABCabcABC12345678901234567' ;
>text_EBCDIC_len = '00000020'x ;
>call EBCDIC_to_ASCII ;
>SKI2_ckey_val = text_ASCII;
>SKI2_key_name_length = '00000000'x ;
>SKI2_key_name = '' ;
>SKI2_associated_data_length = '00000000'x ;
>SKI2_associated_data = '' ;
>SKI2_encrypting_key_identifier_length = '00000000'x ;
>SKI2_encrypting_key_identifier = '' ;
>SKI2_key_ident_len = '00000080'x ;
>SKI2_key_ident = copies('00'x,c2d(SKI2_key_ident_len)) ;
>/* call CSNBSKI2 */
>ADDRESS LINKPGM 'CSNBSKI2' ,
> 'SKI2_rc' ,
> 'SKI2_rs' ,
> 'SKI2_exit_data_length' ,
> 'SKI2_exit_data' ,
> 'SKI2_rule_array_count' ,
> 'SKI2_rule_array' ,
> 'SKI2_ckey_bit_len' ,
> 'SKI2_ckey_val' ,
> 'SKI2_key_name_length' ,
> 'SKI2_key_name' ,
> 'SKI2_associated_data_length',
> 'SKI2_associated_data',
> 'SKI2_encrypting_key_identifier_length',
> 'SKI2_encrypting_key_identifier',
> 'SKI2_key_ident_len',
> 'SKI2_key_ident';
>IF (SKI2_rc /= '00000000'x) THEN
> DO ;
> SAY 'SKI2 failed: rc =' c2x(SKI2_rc) 'rs =' c2x(SKI2_rs) ;
> EXIT ;
> END ;
>ELSE
> DO ;
> SAY 'SKI2: rc =' c2x(SKI2_rc) 'rs =' c2x(SKI2_rs) ;
> clear_key = substr(SKI2_key_ident,1,c2d(SKI2_key_ident_len));
> END ;
> /*CSNBHMG--------------------------------------------*/
> hmg_rc = 'FFFFFFFF'x ;
> hmg_rs = 'FFFFFFFF'x ;
> hmg_exit_length = '00000000'x;
> hmg_exit_data = '';
> hmg_rule_count = '00000003'x;
> hmg_rule_array = 'HMAC ' ||,
> 'SHA-256 ' ||,
> 'ONLY ';
> hmg_key_id_len = SKI2_key_ident_len ;
> hmg_key_id = SKI2_key_ident ;
> hmg_text_length = '0000000A'x;
> text_EBCDIC = 'Hola Mundo' ;
> text_EBCDIC_len = hmg_text_length ;
> hmg_text = text_ASCII ;
> hmg_chain_vector_length = '00000080'x;
> hmg_chain_vector = copies('00'x,128);
> hmg_hmac_length = '00000020'x;
> hmg_hmac = copies('00'x,c2d(hmg_hmac_Length));
> address linkpgm 'CSNBHMG',
> 'hmg_rc' 'hmg_rs' ,
> 'hmg_exit_length' 'hmg_exit_data' ,
> 'hmg_rule_count' 'hmg_rule_array' ,
> 'hmg_key_id_len' 'hmg_key_id' ,
> 'hmg_text_length' 'hmg_text' ,
> 'hmg_chain_vector_length' 'hmg_chain_vector' ,
> 'hmg_hmac_length' 'hmg_hmac' ;
>if (hmg_rc /= '00000000'x) Then
> do;
> say 'HMG Failed (rc=' c2x(hmg_rc)' rs='c2x(hmg_rs)')' ;
> signal ExitScript;
> end;
>say "HMAC : " hmg_hmac
>sqy "HMAC hexa: " c2x(hmg_hmac);
>/*---------------------------------------------------*/
>/* CSNBXEA */
>/*---------------------------------------------------*/
>/* EBCDIC to ASCII */
>EBCDIC_to_ASCII:
>xea_return_code = '00000000'x ;
>xea_reason_code = '00000000'x ;
>xea_exit_data_length = '00000000'x ;
>xea_exit_data = '';
>xea_text_length = text_EBCDIC_len ;
>xea_source_text = text_EBCDIC ;
>xea_target_text = copies('00'x,c2d(text_EBCDIC_len));
>xea_code_table = '';
>ADDRESS LINKPGM 'CSNBXEA' ,
> 'xea_return_code',
> 'xea_reason_code',
> 'xea_exit_data_length',
> 'xea_exit_data',
> 'xea_text_length',
> 'xea_source_text',
> 'xea_target_text',
> 'xea_code_table' ;
>text_ASCII = xea_target_text ;
>return;
>Exit;
>
>On Wed, Sep 15, 2021 at 3:24 PM Eric D Rossman <[email protected]> wrote:
>
>> Confirmed. When I treat both as ASCII, I get the same answer:
>>
>> /* "ABCabcAB12345678" */
>> Key =,
>> '41424361626341423132333435363738'X;
>>
>> /* "Hola Mundo" */
>> Msg =,
>> '486f6c61204d756e646f'X;
>>
>> expected_Mac =,
>> '7483f0f47d20c89256805b69936ebdc31e62d99a40f6640b334c6b5a8d83df5e'X;
>>
>> Eric Rossman, CISSPĀ®
>> ICSF Cryptographic Security Development
>> z/OS Enabling Technologies
>> [email protected]
>>
>> "IBM Mainframe Discussion List" <[email protected]> wrote on
>> 09/15/2021 02:18:25 PM:
>>
>> > From: "Charles Mills" <[email protected]>
>> > To: [email protected]
>> > Date: 09/15/2021 02:18 PM
>> > Subject: [EXTERNAL] Re: ICSF Hash with a certain seed (Key)
>> > Sent by: "IBM Mainframe Discussion List" <[email protected]>
>> >
>> > Actually, as I think more, perhaps the Web site is computing the
>> > hash on the ASCII value of ABCabcAB12345678 which would be
>> > X'41424361626341423132333435363738' while the mainframe tool is
>> > perhaps taking ABCabcAB12345678 as hex? Try taking the mainframe
>> > hash of the hex string above and see if it is the same as what the
>> > Web site gives you.
>> >
>> > Charles
>>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
