I have a piece of irule code:when HTTP_REQUEST_DATA {set data [findstr [HTTP::payload] "Data" 9 \" ]log local0. "raw data = $data"set hash_data [CRYPTO::hash -alg sha256 $data ]log local0. "hashsing data = $hash_data"set enc_data [CRYPTO::encrypt -alg rsa-priv -key $pri_key $hash_data]log local0. "encrypted data = $enc_data"When transmitting data segment{"Data": "eyJVc2VyTmFtZSI6ImVjdXN0"}log returned in var/log/ltm has the form:<HTTP_REQUEST_DATA>: raw data = yJVc2VyTmFtZSI6ImVjdXN0<HTTP_REQUEST_DATA>: hashsing data = Ù<¥.)m¿]F² ÅªôN3Z}9½® 5<HTTP_REQUEST_DATA>: encrypted data = G$©!s(© C³> Ã ±3vÜOÍQà ÍWô@▒ · Ò t3|ß+r`å{¾SæäÀÄ `¸ñ5¹ etP íc«: ;TæM>À+Cå"Ls:ÑkÕ Ï ¯Ñ5 êAU2Ñ/çèî(Dl²Gw_¿ Nô Ð0/^F/W³èýÀI have tried online hashing tools,input: eyJVc2VyTmFtZSI6ImVjdXN0output: ee4afdbe5ed669d6e751ecbccde4a75e19ad7540514ba8f32d5d8c64409df250Is there a way for my CRYPTO::hash function and CRYPTO::encrypt function to return the same value as the online hasher outputAny and all help is appreciated. Thanks you

Hi quangtran, you need to represent the binary string as a string of hex digits in your code: when RULE_INIT { set data "hello, world" log local0. "raw data = $data" set hash_data [CRYPTO::hash -alg sha256 $data ] log local0. "hashing data = $hash_data" binary scan $hash_data H* hash_data_hex log local0. "hashing data as string = $hash_data_hex" } This results in my log file as: Feb 2 17:51:16 ltm3.test.local info tmm[115055]: Rule /Common/hash_example <RULE_INIT>: raw data = hello, world Feb 2 17:51:16 ltm3.test.local info tmm[115055]: Rule /Common/hash_example <RULE_INIT>: hashing data = Ê~NªnéÇÒaq)HdMßº|¿¼L6 [ Feb 2 17:51:16 ltm3.test.local info tmm[115055]: Rule /Common/hash_example <RULE_INIT>: hashing data as string = 09ca7e4eaa6e8ae9c7d261167129184883644d07dfba7cbfbc4c8a2e08360d5b And you can see that that string matches the online generated hash as well:

Forum Discussion

quangtran

Cirrus

Feb 01, 2023

What is the output of crypto::hash

I have a piece of irule code:

when HTTP_REQUEST_DATA {
set data [findstr [HTTP::payload] "Data" 9 \" ]
log local0. "raw data = $data"
set hash_data [CRYPTO::hash -alg sha256 $data ]
log local0. "hashsing data = $hash_data"
set enc_data [CRYPTO::encrypt -alg rsa-priv -key $pri_key $hash_data]
log local0. "encrypted data = $enc_data"

When transmitting data segment

{
"Data": "eyJVc2VyTmFtZSI6ImVjdXN0"
}

log returned in var/log/ltm has the form:

<HTTP_REQUEST_DATA>: raw data = yJVc2VyTmFtZSI6ImVjdXN0
<HTTP_REQUEST_DATA>: hashsing data = Ù<¥.)m¿]F² ÅªôN3Z}9½® 5
<HTTP_REQUEST_DATA>: encrypted data = G
$©!s(© C³> Ã ±3vÜOÍQà ÍWô@▒ · Ò t3|ß
+r`å{¾SæäÀÄ `¸ñ5¹ etP íc«: ;TæM>À+Cå"Ls:ÑkÕ Ï ¯Ñ5 êAU2Ñ/çèî(Dl²Gw_¿ Nô Ð0/^F/W³èýÀ

I have tried online hashing tools,

input: eyJVc2VyTmFtZSI6ImVjdXN0
output: ee4afdbe5ed669d6e751ecbccde4a75e19ad7540514ba8f32d5d8c64409df250

Is there a way for my CRYPTO::hash function and CRYPTO::encrypt function to return the same value as the online hasher output

Any and all help is appreciated. Thanks you

security

JRahm

Feb 02, 2023

Hi quangtran, you need to represent the binary string as a string of hex digits in your code:

    when RULE_INIT {
        set data "hello, world"
        log local0. "raw data = $data"
        set hash_data [CRYPTO::hash -alg sha256 $data ]
        log local0. "hashing data = $hash_data"
        binary scan $hash_data H* hash_data_hex
        log local0. "hashing data as string = $hash_data_hex"
    }

This results in my log file as:

Feb  2 17:51:16 ltm3.test.local info tmm[115055]: Rule /Common/hash_example <RULE_INIT>: raw data = hello, world
Feb  2 17:51:16 ltm3.test.local info tmm[115055]: Rule /Common/hash_example <RULE_INIT>: hashing data =         Ê~NªnéÇÒaq)HdMßº|¿¼L6 [
Feb  2 17:51:16 ltm3.test.local info tmm[115055]: Rule /Common/hash_example <RULE_INIT>: hashing data as string = 09ca7e4eaa6e8ae9c7d261167129184883644d07dfba7cbfbc4c8a2e08360d5b

And you can see that that string matches the online generated hash as well:

JRahm

Admin

Feb 02, 2023

Hi quangtran, you need to represent the binary string as a string of hex digits in your code:

    when RULE_INIT {
        set data "hello, world"
        log local0. "raw data = $data"
        set hash_data [CRYPTO::hash -alg sha256 $data ]
        log local0. "hashing data = $hash_data"
        binary scan $hash_data H* hash_data_hex
        log local0. "hashing data as string = $hash_data_hex"
    }

This results in my log file as:

Feb  2 17:51:16 ltm3.test.local info tmm[115055]: Rule /Common/hash_example <RULE_INIT>: raw data = hello, world
Feb  2 17:51:16 ltm3.test.local info tmm[115055]: Rule /Common/hash_example <RULE_INIT>: hashing data =         Ê~NªnéÇÒaq)HdMßº|¿¼L6 [
Feb  2 17:51:16 ltm3.test.local info tmm[115055]: Rule /Common/hash_example <RULE_INIT>: hashing data as string = 09ca7e4eaa6e8ae9c7d261167129184883644d07dfba7cbfbc4c8a2e08360d5b

And you can see that that string matches the online generated hash as well:

quangtran
Cirrus
Feb 03, 2023
this is exactly what I needed. Many thanks!

Leslie_Hubertus
Ret. Employee
Feb 02, 2023
Hey quangtran - I see nobody has answered you yet, so I'll ask a colleague to help.
- quangtran
  Cirrus
  Feb 03, 2023
  thank you
JRahm
Admin
Feb 03, 2023
Sweet! Glad it helped.