KRL:使用HMAC_SHA1签署请求
[英]KRL: Signing requests with HMAC_SHA1
问题描述
I made a test suite for math:hmac_* KRL functions. 
我为数学创建了一个测试套件:hmac_ * KRL函数。 I compare the KRL results with Python results. 我将KRL结果与Python结果进行比较。 KRL gives me different results. KRL给了我不同的结果。
code: https://gist.github.com/980788 results: http://ktest.heroku.com/a421x68 代码: https : //gist.github.com/980788结果: http : //ktest.heroku.com/a421x68
How can I get valid signatures from KRL? 如何从KRL获得有效签名? I'm assuming that they Python results are correct. 我假设他们的Python结果是正确的。
UPDATE: It works fine unless you want newline characters in the message. 更新:除非您想在邮件中添加换行符,否则它可以正常工作。 How do I sign a string that includes newline characters? 如何签署包含换行符的字符串?
1 个解决方案
解决方案1
2 已采纳 2011-05-20 00:59:33
I suspect that your python SHA library returns a different encoding than is expected by the b64encode library. 我怀疑你的python SHA库返回的编码与b64encode库所期望的编码不同。 My library does both the SHA and base64 in one call so I to do some extra work to check the results. 我的库在一次调用中同时执行SHA和base64,所以我要做一些额外的工作来检查结果。
As you show in your KRL, the correct syntax is: 正如您在KRL中显示的那样,正确的语法是:
math:hmac_sha1_base64(raw_string,key); 数学:hmac_sha1_base64(raw_string,键);
math:hmac_sha256_base64(raw_string,key); 数学:hmac_sha256_base64(raw_string,键);
These use the same libraries that I use for the Amazon module which is testing fine right now. 这些库使用的是我用于亚马逊模块的相同库,它现在正在进行测试。
To test those routines specifically, I used the test vectors from the RFC ( sha1 , sha256 ). 为了具体测试这些例程,我使用了RFC( sha1 , sha256 )中的测试向量。 We don't support Hexadecimal natively, so I wasn't able to use all of the test vectors, but I was able to use a simple one: 我们原生不支持十六进制,所以我无法使用所有测试向量,但我能够使用一个简单的:
HMAC SHA1 HMAC SHA1
test_case = 2
key = "Jefe"
key_len = 4
data = "what do ya want for nothing?"
data_len = 28
digest = 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79
HMAC SHA256 HMAC SHA256
Key = 4a656665 ("Jefe")
Data = 7768617420646f2079612077616e7420666f72206e6f7468696e673f ("what do ya want for nothing?")
HMAC-SHA-256 = 5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843
Here is my code: 这是我的代码:
global {
raw_string = "what do ya want for nothing?";
mkey = "Jefe";
}
rule first_rule {
select when pageview ".*" setting ()
pre {
hmac_sha1 = math:hmac_sha1_hex(raw_string,mkey);
hmac_sha1_64 = math:hmac_sha1_base64(raw_string,mkey);
bhs256c = math:hmac_sha256_hex(raw_string,mkey);
bhs256c64 = math:hmac_sha256_base64(raw_string,mkey);
}
{
notify("HMAC sha1", "#{hmac_sha1}") with sticky = true;
notify("hmac sha1 base 64", "#{hmac_sha1_64}") with sticky = true;
notify("hmac sha256", "#{bhs256c}") with sticky = true;
notify("hmac sha256 base 64", "#{bhs256c64}") with sticky = true;
}
}
var hmac_sha1 = 'effcdf6ae5eb2fa2d27416d5f184df9c259a7c79';
var hmac_sha1_64 = '7/zfauXrL6LSdBbV8YTfnCWafHk';
var bhs256c = '5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843';
var bhs256c64 = 'W9zBRr9gdU5qBCQmCJV1x1oAPwidJzmDnexYuWTsOEM';
The HEX results for SHA1 and SHA256 match the test vectors of the simple case. SHA1和SHA256的HEX结果与简单情况的测试向量匹配。
I tested the base64 results by decoding the HEX results and putting them through the base64 encoder here 我通过解码HEX结果并将它们通过base64编码器来测试base64结果
My results were: 我的结果是:
7/zfauXrL6LSdBbV8YTfnCWafHk=
W9zBRr9gdU5qBCQmCJV1x1oAPwidJzmDnexYuWTsOEM=
Which match my calculations for HMAC SHA1 base64 and HMAC SHA256 base64 respectively. 这与我对HMAC SHA1 base64和HMAC SHA256 base64的计算分别相符。
If you are still having problems, could you provide me the base64 and SHA results from python separately so I can identify the disconnect? 如果你仍然遇到问题,你可以单独向我提供python的base64和SHA结果,这样我就可以识别断开连接吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.