PKCS11 - SHA1HMAC yields a different SHA1HMAC result

267 views Asked by At

I am following the below steps to compute the HMAC using SHA1 algorithm using two different API and both the outputs are not matching.

1) I first compute HMAC for a given data and key using SHA1 algorithm through BouncyCastle API.

2) We compute HMAC for the data and key inside the HSM(Thales) using PKCS11 API(Pkcs11Interop).

When we compared the results of 1 and 2 the data does not match.

Bouncy Castle code:

        HMAC hmac = HMACSHA1.Create();

        String key = "BC55B4580589775F887890A7ACA5E624";

        hmac.Key = Util.HexStringToByteArray(key);

        byte[] modInput = Util.HexStringToByteArray("000000000000000000000006000080012b0601040181e438010102041603");

        String ki = Util.ByteArrayToHexString(hmac.ComputeHash(modInput));

PKCS11 code:

       ObjectHandle k = FindObjectByLabel(keyLabel);//same key as above

       Mechanism m = new Mechanism(CKM.CKM_SHA_1_HMAC);

      **//We have verified that both key and data value are the same**
      return mSession.Connection.Sign(m, k, data);

Can anyone please help on this?

0

There are 0 answers