stackoom
  简体   繁体   中英

KRL: Signing requests with HMAC_SHA1

 原文  2011-05-19 17:02:19       krl

Question

I made a test suite for math:hmac_* KRL functions. I compare the KRL results with Python results. KRL gives me different results.

code: https://gist.github.com/980788 results: http://ktest.heroku.com/a421x68

How can I get valid signatures from KRL? I'm assuming that they Python results are correct.

UPDATE: It works fine unless you want newline characters in the message. How do I sign a string that includes newline characters?

1 answers

solution1
 2 ACCPTED  2011-05-20 00:59:33

I suspect that your python SHA library returns a different encoding than is expected by the b64encode library. My library does both the SHA and base64 in one call so I to do some extra work to check the results.

As you show in your KRL, the correct syntax is:
math:hmac_sha1_base64(raw_string,key);
math:hmac_sha256_base64(raw_string,key);

These use the same libraries that I use for the Amazon module which is testing fine right now.

To test those routines specifically, I used the test vectors from the RFC ( sha1 , sha256 ). We don't support Hexadecimal natively, so I wasn't able to use all of the test vectors, but I was able to use a simple one:

HMAC SHA1

test_case = 2
key = "Jefe"
key_len = 4
data = "what do ya want for nothing?"
data_len = 28
digest = 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79

HMAC SHA256

Key = 4a656665 ("Jefe")
Data = 7768617420646f2079612077616e7420666f72206e6f7468696e673f ("what do ya want for nothing?")
HMAC-SHA-256 = 5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843

Here is my code: 

global {  
        raw_string = "what do ya want for nothing?";  
        mkey = "Jefe";  
    }

rule first_rule {
        select when pageview ".*" setting ()
        pre {
            hmac_sha1 = math:hmac_sha1_hex(raw_string,mkey);
            hmac_sha1_64 = math:hmac_sha1_base64(raw_string,mkey);
            bhs256c = math:hmac_sha256_hex(raw_string,mkey);
            bhs256c64 = math:hmac_sha256_base64(raw_string,mkey);

        }
        {
        notify("HMAC sha1", "#{hmac_sha1}") with sticky = true;
        notify("hmac sha1 base 64", "#{hmac_sha1_64}") with sticky = true;
            notify("hmac sha256", "#{bhs256c}") with sticky = true;
            notify("hmac sha256 base 64", "#{bhs256c64}") with sticky = true;
        }
}

var hmac_sha1 = 'effcdf6ae5eb2fa2d27416d5f184df9c259a7c79';
var hmac_sha1_64 = '7/zfauXrL6LSdBbV8YTfnCWafHk';
var bhs256c = '5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843';
var bhs256c64 = 'W9zBRr9gdU5qBCQmCJV1x1oAPwidJzmDnexYuWTsOEM';

The HEX results for SHA1 and SHA256 match the test vectors of the simple case.

I tested the base64 results by decoding the HEX results and putting them through the base64 encoder here

My results were:

7/zfauXrL6LSdBbV8YTfnCWafHk=
W9zBRr9gdU5qBCQmCJV1x1oAPwidJzmDnexYuWTsOEM=

Which match my calculations for HMAC SHA1 base64 and HMAC SHA256 base64 respectively.

If you are still having problems, could you provide me the base64 and SHA results from python separately so I can identify the disconnect?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Computing an HMAC-SHA signature KRL: Truncating a string Using “seen” on a trail in KRL Generating a GUID/UUID in KRL KRL email handler How to set up predicates in KRL? JavaScript setTimeout being cleared on Facebook in KRL app Debugging tools and tips for dual execution environment of KRL Passing variables to an event from the “twilio:gather_start” command in KRL When I use a KRL module do I get the deployed version?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM