Bash sha1 with hex input

Question

I found this solution to build hash-values:

echo -n wicked | shasum | awk '{print $1}'

But this works only with string input. I don't know how to hanlde input as hex, for example if i want to build sha1-value of sha1-value.

upd: I just found out there is option -b for shasum but it produces wrong output. Does it expect bytes with reversed endianness?

upd2: for example: I do the following input:

echo -n 9e38cc8bf3cb7c147302f3e620528002e9dcae82 | shasum -b | awk '{print $1}'

The output is bed846bb1621d915d08eb1df257c2274953b1ad9 but according to the hash calculator the ouput should be 9d371d148d9c13050057105296c32a1368821717

upd3: the -b option seems not to work at all. There is no difference whether I apply this parameter or not, i get the same result.

upd4: the whole script lookes as follows. It doesn't work because the null-byte gets removed as i either assign or concatenate .

password="wicked"
scrumble="4d~k|OS7T%YqMkR;pA6("

stage1_hash=$(echo -n $password| shasum | awk '{print $1}')
stage2_hash=$(echo $(echo -n $stage1_hash | xxd -r -p | shasum | awk '{print $1}') | xxd -r -p)

token=$(./xor.sh $(echo -n $scrumble$(echo 9d371d148d9c13050057105296c32a1368821717 | xxd -r -p) | shasum | awk '{print $1}') $stage1_hash)

echo $token

Answer 1

You can use xxd -r -p to convert hexadecimal to binary:

echo -n 9e38cc8bf3cb7c147302f3e620528002e9dcae82 | xxd -r -p | shasum -b | awk '{print $1}'

Note that the output of this is 9d371d148d9c13050057105296c32a1368821717; this matches what I get from hashing 9e38cc8bf3cb7c147302f3e620528002e9dcae82 using hash calculator. It appears that the value you got from bash calculator was a results of a copy-paste error, specifically leaving off the final "2" in the hex string.

UPDATE: I'm not sure exactly what the entire script is supposed to do, but I can point out several problems with it:

• Shell variables, command arguments, and c strings in general cannot contain null bytes. There are also situations where trailing linefeeds get trimmed, and IIRC some early versions of bash couldn't handle delete characters (hex 7F)... Basically, don't try to store binary data (as in stage2_hash) or pass it as arguments (as in ./xor.sh) in the shell. Pipes, on the other hand, can pass raw binary just fine. So store it in hex, then convert to binary with xxd -r -p and pipe it directly to its destination.
• When you expand a shell variable ($password) or use a command substitution ($(somecommand)) without wrapping it in double-quotes, the shell does some additional parsing on it (things like turning spaces into word breaks, expanding wildcards to lists of matching filenames, etc). This is almost never what you want, so always wrap things like variable references in double-quotes.
• Don't use echo for anything nontrivial and expect it to behave consistently. Depending on which version of echo you have and/or what the password is, echo -n "$password" might print the password without a linefeed after it, or might print it with "-n " before it and a linefeed after, might do something with any backslash sequences in the password, or (if the password starts with "-") interpret the password itself as more options to the echo command. Use printf "%s" "$password" instead.
• Don't use echo $(somecommand) (or even printf "%s" "$(somecommand)"). The echo and $() are mostly canceling each other here, but creating opportunities for problems in between. Just use the command directly.

Clean those up, and if it doesn't work after the cleanup try posting a separate question.

Answer 2

openssl command may help you. see HMAC-SHA1 in bash like:

 echo -n wicked | openssl dgst -sha1