[英]Why does HMAC+EVP_sha256 return a different value than openssl for some hashes
當嘗試生成HMAC + SHA256簽名時,對於某些負載,我從openssl命令行得到的結果與openssl lib不同。
這是為了嘗試為AWS生成v4簽名。 我能夠成功使用bash / curl做到這一點。 該代碼顯示了每個步驟的每個簽名,除了服務(s3)的簽名與通過openssl命令行生成的簽名不同之外,其他所有簽名均匹配
int i;
char data[1024] = "";
char hashString[SHA256_DIGEST_LENGTH*2];
unsigned char *bytearray=malloc(SHA256_DIGEST_LENGTH);
unsigned char *digest=malloc(SHA256_DIGEST_LENGTH);
printf("echo -n us-east-1|openssl dgst -sha256 -mac HMAC -macopt hexkey:b098ff9a24e0573d9e0f952963d0725c4e9c7566ebb3713bf8e0707d43146822\n");
strcpy(hashString,"b098ff9a24e0573d9e0f952963d0725c4e9c7566ebb3713bf8e0707d43146822\0");
strcpy(data, "us-east-1");
//This works
for (i = 0; i < strlen(hashString)/2 ; i++)
sscanf(hashString + 2*i, "%02x", (unsigned int *) &bytearray[i]);
digest = HMAC(EVP_sha256(), bytearray, strlen((const char *)bytearray), (unsigned char*)data, strlen(data), NULL, NULL);
printf(" should be: e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf\n");
printf("HMAC digest: ");
for(i = 0; i < SHA256_DIGEST_LENGTH; i++)
printf("%02x",(unsigned int)digest[i]);
printf("\n");
//This doesn't
printf("echo -n s3|openssl dgst -sha256 -mac HMAC -macopt hexkey:e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf\n");
strcpy(hashString,"e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf");
strcpy(data, "s3");
for (i = 0; i < strlen(hashString)/2 ; i++)
sscanf(hashString + 2*i, "%02x", (unsigned int *) &bytearray[i]);
digest = HMAC(EVP_sha256(), bytearray, strlen((const char *)bytearray), (unsigned char*)data, strlen(data), NULL, NULL);
printf(" should be: f405cc5d87cd57f8130decb58108ac0ae5a0bccb97e40729f9ace287d4ee054d\n");
printf("HMAC digest: ");
for(i = 0; i < SHA256_DIGEST_LENGTH; i++)
printf("%02x",(unsigned int)digest[i]);
printf("\n");
這是一個清理后的版本,可避免原始版本中所有未定義的行為和內存泄漏,從而生成預期的哈希值:
#include <assert.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void print_hmac(const char *hexkey, const char *data) {
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digest_len;
int hexkey_len = strlen(hexkey);
assert(hexkey_len % 2 == 0); // Must be even
int key_len = hexkey_len / 2;
unsigned char *key = malloc(key_len);
assert(key != NULL);
for (int i = 0; i < key_len; i++) {
int n = sscanf(hexkey + 2 * i, "%2hhx", key + i);
assert(n == 1);
}
HMAC(EVP_sha256(), key, key_len, (const unsigned char *)data, strlen(data),
digest, &digest_len);
fputs("HMAC digest: ", stdout);
for (unsigned int i = 0; i < digest_len; i++) {
printf("%02hhx", digest[i]);
}
putchar('\n');
free(key);
}
int main(void) {
char hashString[100];
puts("echo -n us-east-1|openssl dgst -sha256 -mac HMAC -macopt "
"hexkey:"
"b098ff9a24e0573d9e0f952963d0725c4e9c7566ebb3713bf8e0707d43146822");
puts(" should be: "
"e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf");
strcpy(hashString,
"b098ff9a24e0573d9e0f952963d0725c4e9c7566ebb3713bf8e0707d43146822");
print_hmac(hashString, "us-east-1");
puts("echo -n s3|openssl dgst -sha256 -mac HMAC -macopt "
"hexkey:"
"e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf");
puts(" should be: "
"f405cc5d87cd57f8130decb58108ac0ae5a0bccb97e40729f9ace287d4ee054d");
strcpy(hashString,
"e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf");
print_hmac(hashString, "s3");
return 0;
}
C 中的 HMAC-SHA256 與 OpenSSL - 如何獲得正確的 output
[英]HMAC-SHA256 in C with OpenSSL - how to get a correct output
如何使用OpenSSL計算SHA512 / 224和SHA512 / 256哈希?
[英]How to calculate SHA512/224 and SHA512/256 hashes using OpenSSL?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.