Indy IdHMACSHA1 different results in Delphi 2007 and Delphi 2009

Hello newsgroup

A test of the IdHMACSHA1 encryption method shows different results, and 
I am not sure if there is an error in my code or in the Indy code 
shipped with Delphi 2009.

The Delphi 2007 version works in an application which communicates with 
Amazon Web Services and so it seems to be the correct one.

Any suggestions are very welcome, maybe I just need to download a newer 
version of Indy?


program Test;

{$APPTYPE CONSOLE}

uses
   IdHMACSHA1, IdCoderMIME, IdGlobal, SysUtils;

function Base64Encode(const Input: string): string;
begin
   Result := TIdEncoderMIME.EncodeString(Input);
end;

function EncryptHMACSha1(Input, AKey: string): string;
begin
   with TIdHMACSHA1.Create do
   try
     Key := ToBytes(AKey);
     Result := BytesToString(HashValue(ToBytes(Input)));
   finally
     Free;
   end;
end;

begin

   WriteLn(Base64Encode(EncryptHMACSha1('Test Data', 
'D1AK1CzlmbUFGNd9Xh0KHNLGgKMEroMXQkHPMmaH')));
   ReadLn;

end.


Results
   in Delphi 2007: dJn4XDX4uY0LKL19ICSkHUfaEOI=
   in Delphi 2009: dBl4XDV4OQ0LKD19ICQkHUdaEGI=

-- 
Michael Justin
SCJP, SCJA
betasoft - Software for Delphi™ and for the Java™ platform
http://www.mikejustin.com - http://www.betabeans.de
0
Michael
11/9/2008 7:23:52 PM
embarcadero.delphi.tools 5366 articles. 2 followers. Follow

9 Replies
1799 Views

Similar Articles

[PageSpeed] 23

Michael Justin wrote:
> Results
>    in Delphi 2007: dJn4XDX4uY0LKL19ICSkHUfaEOI=
>    in Delphi 2009: dBl4XDV4OQ0LKD19ICQkHUdaEGI=

You can tell by looking at these values that they differ only in some 
individual octets. This makes it likely that everything works exactly 
the same up to the point where the output bytes from the HashValue 
method are returned. The two result strings would have been completely 
different had the error occurred prior to the HashValue call.


 >      Result := BytesToString(HashValue(ToBytes(Input)));

The problem is in the IdGlobal.BytesToString call. The D2007 version of 
Indy10 will simply copy the bytes onto an AnsiString. The D2008 version 
defaults to using the 7-bit ASCII encoding, which probably is what is 
causing the issue.
0
Utf
11/9/2008 10:14:13 PM
"Henrick Hellström" <henrick@streamsec.se> wrote in message 
news:41360@forums.codegear.com...

> You can tell by looking at these values that they differ only in some
> individual octets. This makes it likely that everything works exactly
> the same up to the point where the output bytes from the HashValue
> method are returned. The two result strings would have been completely
> different had the error occurred prior to the HashValue call.

Does HashValue() return the same bytes in both versions, at least?  If not, 
then there is a bug in the underlying algorithm implementation.

-- 
Remy Lebeau (TeamB)
0
Remy
11/10/2008 8:28:12 AM
Remy Lebeau (TeamB) wrote:
> "Henrick Hellström" <henrick@streamsec.se> wrote in message 
> news:41360@forums.codegear.com...
> 
>> You can tell by looking at these values that they differ only in some
>> individual octets. This makes it likely that everything works exactly
>> the same up to the point where the output bytes from the HashValue
>> method are returned. The two result strings would have been completely
>> different had the error occurred prior to the HashValue call.
> 
> Does HashValue() return the same bytes in both versions, at least?  If not, 
> then there is a bug in the underlying algorithm implementation.

In this case, that is extremely unlikely. If the results Michael Justin 
see were in fact caused by a bug in TIdHMACSHA1.HashValue, it would have 
to be a bug put there on purpose by someone. I'm not saying that because 
I think the Indy crew are infallible (I know you aren't <g>), but 
because a typical accidental bug in either TIdSHA1 or TIdHMAC 
necessarily would propagate and cause a total discrepancy.

I go out on a limb and say it's a string encoding issue for sure. :)
0
Utf
11/10/2008 2:37:53 PM
Henrick Hellström wrote:

> The problem is in the IdGlobal.BytesToString call. The D2007 version of 
> Indy10 will simply copy the bytes onto an AnsiString. The D2008 version 
> defaults to using the 7-bit ASCII encoding, which probably is what is 
> causing the issue.

Many thanks for looking into this!

I have tried to reimplement the BytesToString and found that the problem 
actually is in the next step, the Base64 encoding with TIdEncoderMIME.

This code gives different results in Delphi 2007 and 2009 and I do not 
see an easy way to fix it:


WriteLn(TIdEncoderMIME.EncodeString(AnsiChar(116) + AnsiChar(153)));

Delphi 2007: dJk=
Delphi 2009: dCI=

Best Regards
-- 
Michael Justin
SCJP, SCJA
betasoft - Software for Delphi™ and for the Java™ platform
http://www.mikejustin.com - http://www.betabeans.de
0
Michael
11/10/2008 7:26:53 PM
Michael Justin wrote:
> I have tried to reimplement the BytesToString and found that the problem 
> actually is in the next step, the Base64 encoding with TIdEncoderMIME.

In such case the solution ought to be trivial:

function Base64Encode(const Input: TIdBytes): string;
begin
    Result := TIdEncoderMIME.EncodeBytes(Input);
end;

function EncryptHMACSha1(Input, AKey; string): TIdBytes;
begin
    with TIdHMACSHA1.Create do
    try
      Key := ToBytes(AKey);
      Result := HashValue(ToBytes(Input));
    finally
      Free;
    end;
end;
0
Utf
11/10/2008 9:42:08 PM
"Henrick Hellström" <henrick@streamsec.se> wrote in message 
news:41596@forums.codegear.com...

> In this case, that is extremely unlikely. If the results Michael Justin
> see were in fact caused by a bug in TIdHMACSHA1.HashValue,
> it would have to be a bug put there on purpose by someone. I'm
> not saying that because I think the Indy crew are infallible (I know
> you aren't <g>), but because a typical accidental bug in either
> TIdSHA1 or TIdHMAC necessarily would propagate and cause
> a total discrepancy.

I ask because I did make changes to the hash components' interfaces awhile 
back ago, and I don't know if they ever stablized yet.

-- 
Remy Lebeau (TeamB)
0
Remy
11/11/2008 3:53:40 AM
"Michael Justin" <michael.justin@nospam.gmx.net> wrote in message 
news:41723@forums.codegear.com...

> This code gives different results in Delphi 2007 and 2009

In 2009, EncodeString() takes a UnicodeString as input, not an AnsiString. 
AnsiString(116)+AnsiString(153) does not produce 
UnicodeString(116)+UnicodeString(153) when converted from Ansi to Unicode. 
It produces UnicodeString(116)+UnicodeString(8482) instead.  Ansi 153 is 
codepage-specific.  In codepage 1252 (Windows-1252, which most English 
systems use), it is the trademark character, but in other codepages it is a 
lead byte or undefined instead.  Ansi 153 is not a trademark character in 
Unicode (in fact, 153 is not a Unicode character at all - it is an undefined 
control character).  Unicode codepoint 8482 is the only official trademark 
character in Unicode.  When Ansi 153 in codepage 1252 is converted to UTF-16 
(which UnicodeString uses), it maps to codepoint 8482.  That conversion 
occurs before Indy sees the data, so this is not an Indy issue.

-- 
Remy Lebeau (TeamB)
0
Remy
11/11/2008 8:06:48 AM
Henrick Hellström wrote:
> Michael Justin wrote:
>> I have tried to reimplement the BytesToString and found that the problem 
>> actually is in the next step, the Base64 encoding with TIdEncoderMIME.
> 
> In such case the solution ought to be trivial:
> 
> function Base64Encode(const Input: TIdBytes): string;
> begin
>     Result := TIdEncoderMIME.EncodeBytes(Input);
> end;
> 
> function EncryptHMACSha1(Input, AKey; string): TIdBytes;
> begin
>     with TIdHMACSHA1.Create do
>     try
>       Key := ToBytes(AKey);
>       Result := HashValue(ToBytes(Input));
>     finally
>       Free;
>     end;
> end;

Excellent, this works! It seems to be a very new method, available in 
Delphi 2009 only. So I use {$IF RtlVersion < 20} to enable the old 
solution in versions belwo 2009. I will also perform some tests on 
Base64 encoding which is neccessary because the Amazon Simple Queue 
Service does not support UTF8 as message encoding (this is strange)...

Best Regards - thank you very much
-- 
Michael Justin
SCJP, SCJA
betasoft - Software for Delphi™ and for the Java™ platform
http://www.mikejustin.com - http://www.betabeans.de
0
Michael
11/11/2008 9:05:47 AM
Remy Lebeau (TeamB) wrote:
> I ask because I did make changes to the hash components' interfaces awhile 
> back ago, and I don't know if they ever stablized yet.

I appreciate that. Vice versa, I replied the way I did because the kind 
of instabilities that are likely to sneak in for such reasons will 
almost exclusively result in much greater discrepancies. With the 
exception of string encoding issues, it is extremely hard to get a HMAC 
to produce values that are *that* similar, unless you had done something 
really nasty deliberately, and I don't think you would. :)
0
Utf
11/11/2008 9:45:43 AM
Reply:

Similar Artilces:

Converting Delphi 2007 Indy 10.2.3 to Delphi 2009 Indy 10.5.5 [Edit]
Hello, I am currently attempting to port over a Delphi 2007 project that uses Indy 10.2.3 (very successfully) to Delphi 2009 and Indy 10.5.5 (I just got the latest development build this morning). I think I am running into an encoding issue, but am not sure. Specifically, IDHTTP with SSL calls an old CGI and the CGI returns a .zip file and I then save it to the disk. In 2007 and before this worked perfectly. In 2009, it is not. Here is the examples of the 2 different results (though cut way short in the post) I am getting back: 2007: 'PK'#3#4#$14#0#0#0#8#0'rLQ9žrPb€'#0...

is there a Delphi 2007
Would be nice to have a bundle of the latest Delphi packages. Gilbert Padilla wrote: > Would be nice to have a bundle of the latest Delphi packages. > I expect Delphi 2007 will only be on sale until the full RAD Studio 2009 edition is published, including Delphi 2009.net. W ...

Delphi 2009 alongside Delphi 2007
Hi all, I am about to install Delphi 2009 on the same development system as Delphi 2007, before I embark is there anything I should be aware of so as to not break my Delphi 2007 installation and projects ? Thanks JT John Taylor wrote: > Hi all, > > I am about to install Delphi 2009 on the same development system > as Delphi 2007, before I embark is there anything I should be aware > of so as to not break my Delphi 2007 installation and projects ? As long as you install into a separate folder there is no problem with the two versions getting into each other...

Delphi 2007 to Delphi 2009 Conversion
CharArrayPtr = ^CharArray; CharArray = array[0..MaxInt-1] of Char; How to convert to Delphi 2009? Bill Bill Miller wrote: > CharArrayPtr = ^CharArray; > CharArray = array[0..MaxInt-1] of Char; > > How to convert to Delphi 2009? > > Bill it depends heavelly on how it is used fearther down in your project and what you want to convert it to. I you want to simple convert the declarations ignoring UNicode altogether then the only think you have to change is the CharArray declaratin from a Char to an AnsiChar eg CharArrayPtr = ^CharArray; CharArray =...

Different result between Delphi 2009 and 2007
I'm still using Turbopower's OnGuard for some basic protection, which generates a unique modifier for each PC. I'm getting a different modifier with Delphi 2009 than with any other version, and I've tracked it down to the following code, but am not sure what, if anything I can do about it. Any advice welcomed. If you run the following code, with the two versions, then the buffer (buf) resulting from the registry call is different, albeit the actual string at the front is the same (but the Onguard code uses [with lots of other things] the entire buffer, maybe in...

Code Porting
Hi people, Basically, I am moving an app from Delphi 5 to Delphi 2009 which is all great (yeah right!) and I am having a couple of issues with some thirdparty components that we have the source code for. Being that I wanted to make the task as easy as possible, I was able to download the component in Delphi 2007 format. I have now managed to port that to 2009 so it compiles only with warnings and no errors. So all is good at this moment. Now I am trying to install the component into the IDE by using the install menu option from the project manager. This is where I run into errors. ...

Can I update my Delphi 2007 lincense to Delphi 2009?
Hi all!! I have 12 lincense of Delphi 2007. When I bought these licenses to your partner told us that we could update to Delphi 2009 free. But, now I try to do that and I can't do. Are there any reason for that? Can I update my version of Delphi? > {quote:title=Oscar Estevez wrote:}{quote} > Hi all!! > > I have 12 lincense of Delphi 2007. When I bought these licenses to your partner told us that we could update to Delphi 2009 free. But, now I try to do that and I can't do. > Are there any reason for that? > > Can I update my version of Delphi? ...

Restore Delphi 2007 dbxpress after testing Delphi 2009
Over on another thread I mentioned that I was having problems with dbxpress after testing Delphi 2009. It started that I noticed that Delphi 2007 was compiling against the newer version of dbxpress drivers (dbxmys.dll, rather than dbxmys30.dll). This was spotted after testing an application on a colleagues machine that had the older driver, but not the newer. The application was "pure" 2007. This continued after uninstalling Delphi 2009. It was suggested that Delphi 2009 had overwritten my +dbxdrivers.ini+ file - and looking at it that looks like the problem. It was also...

can i use delphi 2007 bpls in delphi 2009
can i use delphi 2007 bpls in delphi 2009 ? "Gaetan SIRY" skrev i meddelelsen news:8703@forums.codegear.com... > can i use delphi 2007 bpls in delphi 2009 ? No. -- Finn Tolderlund The compatiblity between D2006 and D2007 was unique. Normaly they can't be compatible because new version enhance/change the API. And D2009 defines String = Unicode where older version has String = Ansistring so D200x/Dx-BPL are 200% incompatible with D2009. ...

Delphi 5 To Delphi 2009
I upgraded to Delphi 2009 from D5. The install says I can install Delphi and/or C++. Delphi installed OK but I see nothing of C++. What am I missing or does my upgrade not include C++? Thanks It depends on what you bought. If you bought Delphi 2009 only, that's what you get. If you bought Delphi 2009 and C++ Builder 2009 you get both. My guess is you got Delphi 2009 only. The simplest way to verify is look your invoice - it should say I would think. You could also go to members.embarcadero.com, login, then click on my registered products. There will be a textual description of...

Delphi 4 to Delphi 2009
Hello, Thanks to all who answered my previous question. That was a great help. And atlast our client agreed to upgrade our delphi version from 4 to Delphi 2009. *Sigh*. But before that, I need to give the estimation and cost regarding the migration to delphi 2009. Can anyone tell me is there any tool to migrate from delphi 4 to delphi 2009 or just I need to compile our Delphi 4 application in Delphi 2009. I have read from the delphi 2009 feature matrix that Delphi 1 through Delphi 2007 import is possible in delphi 2009. But i am not that sure considering the size of our application. ...

Delphi 4 to Delphi 2007
Hello, I will have to port a D4 application (with source) to D2007. what kind of problem could I face ? I will have to go to customer site tommorow to analyse its source code to quote the work, what should I care of to hestimate the porting time ? Thanks John Terry wrote: > Hello, > I will have to port a D4 application (with source) to D2007. > what kind of problem could I face ? > I will have to go to customer site tommorow to analyse its source code > to quote the work, what should I care of to hestimate the porting time ? You can probably do it by just changi...

Delphi 2007 to Delphi 7
I've written a class in Delphi 2007 that is not supported in Delphi 7. What would be the best way to achive what I've done in Delphi 2007 in Delphi 7? Thanks, Tom type BondConstants = class { Bond Types } type BondType = record const TREASURY = 3; AGENCY = 0; CORP = 1; MUNI = 2; SBA = 5; MBS = 4; CMO = 6; end; { Day Count Methods } type DayCount = record const ACTUAL_360 = 2; ACTUAL_365 = 1; ACTUAL_ACTUAL = 1; d30_360 = 0; ...

Best Place to get help on converting Delphi 2007 string to Delphi 2009
Where is the best place to get help on converting Delphi 2007 strings to Delphi 2009? The most common problem getting Delphi 7-Delphi 2007 components to compile seems to be caused by the new Unicode strings in Delphi 2009. It would be great if there was some place to go to get help with this. Maybe there should be a new group for String conversion where developers could ask short questions about conversion. For example: Delphi 7 - Delphi 2007 CharArrayPtr = ^CharArray; CharArray = array[0..MaxInt-1] of Char; Compiles Delphi 2009 CharArrayPtr = ^CharArray; CharArray ...

Web resources about - Indy IdHMACSHA1 different results in Delphi 2007 and Delphi 2009 - embarcadero.delphi.tools

Resources last updated: 11/27/2015 4:02:20 AM