568154 - Wrong HMAC generated from iPhone client

Status: RESOLVED FIXED

(Cloud Services Graveyard :: Firefox Home, defect)

Description

[Ed Lee :Mardak]

I wrote a simple objective c to see what's going on with the iphone client.

On Firefox the expected HMAC is:

Components.utils.import("resource://weave/util.js"); prompt('',Utils.sha256HMAC("hello", Svc.KeyFactory.keyFromString(Components.interfaces.nsIKeyObject.HMAC, "world")))

3cfa76ef14937c1c0ea519f8fc057a80fcd04a7420f8e8bcd0a7567c272e007b

My objective c code is:

#import <stdio.h>
#import <CommonCrypto/CommonHMAC.h>

int main() {
  unsigned char cHMAC[CC_SHA256_DIGEST_LENGTH];
  CCHmac(kCCHmacAlgSHA256, "world", 5, "hello", 5, cHMAC);
  int i;
  for (i = 0; i <= 32; i++)
    printf("%02x", cHMAC[i]);
  printf("\n");
  return 0;
}

3cfa76ef14937c1c0ea519f8fc057a80fcd04a7420f8e8bcd0a7567c272e007b

So this seems to be doing the "right thing" except that it's kinda reverse of what I would have expected. I'm printing out from cHMAC[0] first to get the most-significant bit of the Firefox version.

Comment 1

[Ed Lee :Mardak]

Is there another version of the code somewhere Dan?

The current one checked in is doing..

NSData* HMAC = [self generateHmacSha256FromBytes:[ciphertext base64Encoding] andKey:[theKey base64Encoding]];
[payload setObject:[HMAC base16Encoding] forKey:@"hmac"];

It needs to pass in the data is the ciphertext value not additionally base64 encoded. The key is the decrypted base64 encoding of the symmetric key.

Comment 2

[Dan Walkowski]

I was running the hmac over the b64 data and using the the binary key.  it turns out both need to be in b64 format to match what the firefox sync client is doing

Comment 3

[Dan Walkowski]

fixed in:
http://hg.mozilla.org/labs/weaveclient-iphone/rev/2889a6755e88

Comment 4

[Tony Chung [:tchung]]

how does one verify this fix in the client?  please list how to test.

Comment 5

[Tony Chung [:tchung]]

Moving FFHome-related bugs to new component -> Firefox Home