[英]How to get the same output in C and php via PKCS5_PBKDF2_HMAC and hash_hmac
I'm trying to duplicate a hashing function in C to be used on an existing database of hashes and salts. 我正在尝试在C中复制一个哈希函数,以在现有的哈希和盐数据库上使用。 However once I reduced how PHP gets a sha256 hash and how c gets one, I can't get the same hashes. 但是,一旦我减少了PHP如何获取sha256哈希值以及c如何获取一个哈希值,就无法获得相同的哈希值。
I have looked though quite a few methods of getting the same hashes in C, but I can't quite figure out what's wrong the C code. 我已经看过很多在C中获得相同哈希值的方法,但是我不太清楚C代码有什么问题。 The C code works, but the output is not the same. C代码有效,但输出不相同。
Here is the base of my PHP code, it takes password and uses a single space as a salt, the rest of the code is just to visualize and see the output: 这是我的PHP代码的基础,它使用密码并使用一个空格作为空格,其余代码仅用于可视化并查看输出:
<?php
$salt = ' ';
$password = 'password';
$temp1 = hash_hmac('sha256', $salt, $password, true);
echo "======================\r\n<br>";
echo "password [${password}]\r\n<br>";
echo "salt [${salt}]\r\n<br>";
echo "======================\r\n<br>";
echo gettype($temp1) . "\r\n<br>";
echo "each char as dechex(ord(x))\r\n<br>";
for ($i = 0; $i < strlen($temp1); ++$i) {
$x = dechex(ord($temp1[$i]));
echo "[$x] ";
}
echo "-------------------------\r\n<br>";
echo "base64_encode\r\n<br>";
echo base64_encode($temp1)."\r\n<br>"; ?>
and the output 和输出
======================
password [password]
salt [ ]
======================
string
each char as dechex(ord(x))
[52] [33] [c] [6b] [2f] [b6] [22] [cd] [bb] [73] [93] [c2] [5c] [be] [6c] [f4] [d3] [a6] [26] [cc] [ef] [aa] [9] [5e] [e0] [93] [33] [8] [83] [8d] [9] [63] -------------------------
base64_encode
UjMMay+2Is27c5PCXL5s9NOmJszvqgle4JMzCIONCWM=
The C I'm using, this is the simplest of examples I could find. 我正在使用的C,这是我能找到的最简单的示例。 I am only looking to get the same hash output. 我只是想获得相同的哈希输出。 It does not have to use this method. 它不必使用此方法。 I also included the base64 include function I'm using just in case: 我还包括了我正在使用的base64 include函数,以防万一:
#include <string.h>
#include <stdio.h>
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
#define PBKDF2_DIGEST_LENGTH SHA256_DIGEST_LENGTH
#define PBKDF2_SALT_PREFIX ""
#define PBKDF2_SALT_PREFIX_LENGTH strlen(PBKDF2_SALT_PREFIX)
#define PBKDF2_PRF_ALGORITHM_OLD EVP_sha512()
#define PBKDF2_DIGEST_LENGTH_OLD SHA512_DIGEST_LENGTH
#define PBKDF2_SALT_LENGTH 32
#define PBKDF2_RESULT_LENGTH PBKDF2_SALT_PREFIX_LENGTH + (2 * PBKDF2_DIGEST_LENGTH) + PBKDF2_SALT_LENGTH + 2
#define PBKDF2_ROUNDS 1000
#define PBKDF2_PRF_ALGORITHM EVP_sha256()
char *base64encode (const void *b64_encode_this, int encode_this_many_bytes){
BIO *b64_bio, *mem_bio; //Declares two OpenSSL BIOs: a base64 filter and a memory BIO.
BUF_MEM *mem_bio_mem_ptr; //Pointer to a "memory BIO" structure holding our base64 data.
b64_bio = BIO_new(BIO_f_base64()); //Initialize our base64 filter BIO.
mem_bio = BIO_new(BIO_s_mem()); //Initialize our memory sink BIO.
BIO_push(b64_bio, mem_bio); //Link the BIOs by creating a filter-sink BIO chain.
BIO_set_flags(b64_bio, BIO_FLAGS_BASE64_NO_NL); //No newlines every 64 characters or less.
BIO_write(b64_bio, b64_encode_this, encode_this_many_bytes); //Records base64 encoded data.
BIO_flush(b64_bio); //Flush data. Necessary for b64 encoding, because of pad characters.
BIO_get_mem_ptr(mem_bio, &mem_bio_mem_ptr); //Store address of mem_bio's memory structure.
BIO_set_close(mem_bio, BIO_NOCLOSE); //Permit access to mem_ptr after BIOs are destroyed.
BIO_free_all(b64_bio); //Destroys all BIOs in chain, starting with b64 (i.e. the 1st one).
BUF_MEM_grow(mem_bio_mem_ptr, (*mem_bio_mem_ptr).length + 1); //Makes space for end null.
(*mem_bio_mem_ptr).data[(*mem_bio_mem_ptr).length] = '\0'; //Adds null-terminator to tail.
return (*mem_bio_mem_ptr).data; //Returns base-64 encoded data. (See: "buf_mem_st" struct).
}
int main(void)
{
static unsigned char hb[PBKDF2_DIGEST_LENGTH];
static unsigned char hashBlock[PBKDF2_DIGEST_LENGTH];
char *password = "password";
char *salt = " ";
int passes = 1;
PKCS5_PBKDF2_HMAC(password, strlen(password), salt, strlen(salt) , passes, PBKDF2_PRF_ALGORITHM, PBKDF2_DIGEST_LENGTH, hb);
unsigned int i = 0;
printf("printf hex\n");
while(i<32)
{
printf("[%x] ", hb[i]);
++i;
}
printf("\n\n");
printf("base-64 encode\n");
printf("%s \n", base64encode(hb, 32));
return 0;
}
The output that C produces, basically to visualize the output: C产生的输出,基本上是将输出可视化:
./pbkdf2_hack
printf hex
[f8] [8b] [fe] [58] [64] [f8] [a] [ef] [c0] [da] [b2] [97] [42] [ce] [b3] [83] [67] [85] [a5] [f2] [c8] [94] [7b] [2d] [82] [5d] [8a] [a5] [c0] [46] [9a] [24]
base-64 encode
+Iv+WGT4Cu/A2rKXQs6zg2eFpfLIlHstgl2KpcBGmiQ=
Compiling, in case something needs to be different here: 进行编译,以防此处需要有所不同:
gcc pbkdf2_example.c -lcrypto -o pbkdf2_example
By trying various combinations I found the proper way of updating the hash. 通过尝试各种组合,我找到了更新哈希的正确方法。 I didn't really search for documentation so its probably my fault. 我并不是真正地寻找文档,所以这可能是我的错。 I am posting this so someone hopefully doesn't have the same frustration I've had. 我发布此消息是为了希望有人不会像以前那样感到沮丧。
#include <string.h>
#include <stdio.h>
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
#define PBKDF2_DIGEST_LENGTH SHA256_DIGEST_LENGTH
#define PBKDF2_DIGEST_LENGTH_OLD SHA512_DIGEST_LENGTH
#define PBKDF2_ROUNDS 1000
#define PBKDF2_PRF_ALGORITHM EVP_sha256()
void PBKDF2_HMAC_SHA_256(const char* pass, const unsigned char* salt, int iterations, unsigned char outputbytes, char* HexResult)
{
unsigned int i;
unsigned char digest[outputbytes];
PKCS5_PBKDF2_HMAC(pass, strlen(pass), salt, strlen(salt), 1, EVP_sha256(), outputbytes, digest);
for (i = 0; i < sizeof(digest); i++)
sprintf(HexResult + (i * 2), "%02x", 255 & digest[i]);
}
char *base64encode (const void *b64_encode_this, int encode_this_many_bytes){
BIO *b64_bio, *mem_bio; //Declares two OpenSSL BIOs: a base64 filter and a memory BIO.
BUF_MEM *mem_bio_mem_ptr; //Pointer to a "memory BIO" structure holding our base64 data.
b64_bio = BIO_new(BIO_f_base64()); //Initialize our base64 filter BIO.
mem_bio = BIO_new(BIO_s_mem()); //Initialize our memory sink BIO.
BIO_push(b64_bio, mem_bio); //Link the BIOs by creating a filter-sink BIO chain.
BIO_set_flags(b64_bio, BIO_FLAGS_BASE64_NO_NL); //No newlines every 64 characters or less.
BIO_write(b64_bio, b64_encode_this, encode_this_many_bytes); //Records base64 encoded data.
BIO_flush(b64_bio); //Flush data. Necessary for b64 encoding, because of pad characters.
BIO_get_mem_ptr(mem_bio, &mem_bio_mem_ptr); //Store address of mem_bio's memory structure.
BIO_set_close(mem_bio, BIO_NOCLOSE); //Permit access to mem_ptr after BIOs are destroyed.
BIO_free_all(b64_bio); //Destroys all BIOs in chain, starting with b64 (i.e. the 1st one).
BUF_MEM_grow(mem_bio_mem_ptr, (*mem_bio_mem_ptr).length + 1); //Makes space for end null.
(*mem_bio_mem_ptr).data[(*mem_bio_mem_ptr).length] = '\0'; //Adds null-terminator to tail.
return (*mem_bio_mem_ptr).data; //Returns base-64 encoded data. (See: "buf_mem_st" struct).
}
/*
const * , not changing the value or pointer
*/
void DisplayItem(const unsigned char *hb, const char *title) {
unsigned int i = 0;
printf("printf hex\n");
while(i<32)
{
printf("[%x] ", hb[i]);
++i;
}
printf("base-64 encode %s\n", title);
printf("%s \n", base64encode(hb, 32));
printf("\n\n");
}
int main(void)
{
static unsigned char hb[PBKDF2_DIGEST_LENGTH];
static unsigned char hashBlock[PBKDF2_DIGEST_LENGTH];
unsigned char finalBlock[PBKDF2_DIGEST_LENGTH];
SHA256_CTX ctx;
HMAC_CTX hmac_ctx;
char* title = "";
unsigned char *password = "password";
unsigned char *salt = " ";
int passes = 1;
memset(hb, 0, PBKDF2_DIGEST_LENGTH);
HMAC_Init(&hmac_ctx, password, strlen(password), PBKDF2_PRF_ALGORITHM);
HMAC_Update(&hmac_ctx, salt, strlen(salt));
HMAC_Final(&hmac_ctx, hb, NULL);
DisplayItem(hb, "HMAC_CTX pass salt - correct working setup");
memset(hb, 0, PBKDF2_DIGEST_LENGTH);
SHA256_Init(&ctx);
SHA256_Update(&ctx, salt, strlen(salt));
SHA256_Update(&ctx, password, strlen(password));
SHA256_Final(hb, &ctx);
DisplayItem(hb, "SHA256_CTX salt pass");
memset(hb, 0, PBKDF2_DIGEST_LENGTH);
SHA256_Init(&ctx);
SHA256_Update(&ctx, password, strlen(password));
SHA256_Update(&ctx, salt, strlen(salt));
SHA256_Final(hb, &ctx);
DisplayItem(hb, "SHA256_CTX pass salt");
memset(hb, 0, PBKDF2_DIGEST_LENGTH);
HMAC_Init(&hmac_ctx, salt, strlen(salt), PBKDF2_PRF_ALGORITHM);
HMAC_Update(&hmac_ctx, password, strlen(password));
HMAC_Final(&hmac_ctx, hb, NULL);
DisplayItem(hb, "HMAC_CTX salt pass");
memset(hb, 0, PBKDF2_DIGEST_LENGTH);
PKCS5_PBKDF2_HMAC(password, strlen(password), salt, strlen(salt), 1, PBKDF2_PRF_ALGORITHM, PBKDF2_DIGEST_LENGTH, hb);
DisplayItem(hb, "PKCS5_PBKDF2_HMAC pass salt");
memset(hb, 0, PBKDF2_DIGEST_LENGTH);
PKCS5_PBKDF2_HMAC(salt, strlen(salt), password, strlen(password), 1, PBKDF2_PRF_ALGORITHM, PBKDF2_DIGEST_LENGTH, hb);
DisplayItem(hb, "PKCS5_PBKDF2_HMAC salt pass");
/*
char *outputfoo[PBKDF2_DIGEST_LENGTH];
memset(outputfoo, 0, PBKDF2_DIGEST_LENGTH);
PBKDF2_HMAC_SHA_256(password, salt, 1, hb, outputfoo);
printf("xxxxxx %s \n", outputfoo);
*/
return 0;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.