HMAC<Sha256> 的结果与另一个实现不同
The result of HMAC<Sha256> differs from another implementation
我正在尝试使用 SHA256 与 API 交互来实现 HMAC 验证。我找到了 hmac and sha2 个箱子,根据它们的示例,它们可以完美地满足我的目的。
我有这个代码:
extern crate hmac;
extern crate sha2;
use hmac::{Hmac, Mac};
use sha2::{Digest, Sha256};
pub fn verify(message: &[u8], code: &[u8], key: &[u8]) -> bool {
type HmacSha256 = Hmac<Sha256>;
let mut mac = HmacSha256::new_varkey(key).unwrap();
mac.input(message);
let result = mac.result().code();
return result == code;
}
#[cfg(test)]
mod tests {
use verify;
#[test]
fn should_work() {
assert!(verify(
b"code=0907a61c0c8d55e99db179b68161bc00&shop=some-shop.myshopify.com×tamp=1337178173",
b"4712bf92ffc2917d15a2f5a273e39f0116667419aa4b6ac0b3baaf26fa3c4d20",
b"hush"
), "Returned false with correct parameters!");
}
#[test]
fn shouldnt_work() {
assert!(
!verify(
b"things=things&stuff=this_is_pod_racing",
b"3b3f62798a09c78hjbjsakbycut^%9n29ddeb8f6862b42c7eb6fa65cf2a8cade",
b"mysecu)reAn111eecretB"
),
"Returned true with incorrect parameters!"
);
}
}
cargo test 应该显示有效的 HMAC 验证和无效的验证。
不幸的是,verify 函数给出的结果与在线 HMAC 生成器的结果不一致。例如,对于消息 code=0907a61c0c8d55e99db179b68161bc00&shop=some-shop.myshopify.com×tamp=1337178173 和密钥 hush,此 online HMAC 生成器指示散列应为 4712bf92ffc2917d15a2f5a273e39f0116667419aa4b6ac0b3baaf26fa3c4d20,但这会导致我的测试失败,并打印出来结果确认散列不正确。
我已经确认我的字节串文字的结果确实是它们的 ASCII 等价物,否则我执行的这个过程几乎与示例演示的完全一样。
由于侧信道攻击,我不会在最终版本中使用 result == code,这只是为了让我的调试工作更轻松一些。
Cargo.toml
[package]
name = "crypto"
version = "0.1.0"
[dependencies]
hmac = "0.6.2"
sha2 = "0.7.1"
4712bf92ffc2917d15a2f5a273e39f0116667419aa4b6ac0b3baaf26fa3c4d20
不应将其视为 ASCII 字节串。这是将原始字节 十六进制编码 转换为易于人类阅读的格式。您需要正确匹配编码:
extern crate hmac;
extern crate sha2;
extern crate hex;
use hmac::{Hmac, Mac};
use sha2::Sha256;
pub fn verify(message: &[u8], code: &str, key: &[u8]) -> bool {
type HmacSha256 = Hmac<Sha256>;
let mut mac = HmacSha256::new_varkey(key).unwrap();
mac.input(message);
let result = mac.result().code();
let r2 = hex::encode(&result);
r2 == code
}
#[test]
fn should_work() {
assert!(verify(
b"code=0907a61c0c8d55e99db179b68161bc00&shop=some-shop.myshopify.com×tamp=1337178173",
"4712bf92ffc2917d15a2f5a273e39f0116667419aa4b6ac0b3baaf26fa3c4d20",
b"hush"
), "Returned false with correct parameters!");
}
#[test]
fn shouldnt_work() {
assert!(
!verify(
b"things=things&stuff=this_is_pod_racing",
"3b3f62798a09c78hjbjsakbycut^%9n29ddeb8f6862b42c7eb6fa65cf2a8cade",
b"mysecu)reAn111eecretB"
),
"Returned true with incorrect parameters!"
);
}
另请参阅:
- How do I convert a string to hex in Rust?
我正在尝试使用 SHA256 与 API 交互来实现 HMAC 验证。我找到了 hmac and sha2 个箱子,根据它们的示例,它们可以完美地满足我的目的。
我有这个代码:
extern crate hmac;
extern crate sha2;
use hmac::{Hmac, Mac};
use sha2::{Digest, Sha256};
pub fn verify(message: &[u8], code: &[u8], key: &[u8]) -> bool {
type HmacSha256 = Hmac<Sha256>;
let mut mac = HmacSha256::new_varkey(key).unwrap();
mac.input(message);
let result = mac.result().code();
return result == code;
}
#[cfg(test)]
mod tests {
use verify;
#[test]
fn should_work() {
assert!(verify(
b"code=0907a61c0c8d55e99db179b68161bc00&shop=some-shop.myshopify.com×tamp=1337178173",
b"4712bf92ffc2917d15a2f5a273e39f0116667419aa4b6ac0b3baaf26fa3c4d20",
b"hush"
), "Returned false with correct parameters!");
}
#[test]
fn shouldnt_work() {
assert!(
!verify(
b"things=things&stuff=this_is_pod_racing",
b"3b3f62798a09c78hjbjsakbycut^%9n29ddeb8f6862b42c7eb6fa65cf2a8cade",
b"mysecu)reAn111eecretB"
),
"Returned true with incorrect parameters!"
);
}
}
cargo test 应该显示有效的 HMAC 验证和无效的验证。
不幸的是,verify 函数给出的结果与在线 HMAC 生成器的结果不一致。例如,对于消息 code=0907a61c0c8d55e99db179b68161bc00&shop=some-shop.myshopify.com×tamp=1337178173 和密钥 hush,此 online HMAC 生成器指示散列应为 4712bf92ffc2917d15a2f5a273e39f0116667419aa4b6ac0b3baaf26fa3c4d20,但这会导致我的测试失败,并打印出来结果确认散列不正确。
我已经确认我的字节串文字的结果确实是它们的 ASCII 等价物,否则我执行的这个过程几乎与示例演示的完全一样。
由于侧信道攻击,我不会在最终版本中使用 result == code,这只是为了让我的调试工作更轻松一些。
Cargo.toml
[package]
name = "crypto"
version = "0.1.0"
[dependencies]
hmac = "0.6.2"
sha2 = "0.7.1"
4712bf92ffc2917d15a2f5a273e39f0116667419aa4b6ac0b3baaf26fa3c4d20
不应将其视为 ASCII 字节串。这是将原始字节 十六进制编码 转换为易于人类阅读的格式。您需要正确匹配编码:
extern crate hmac;
extern crate sha2;
extern crate hex;
use hmac::{Hmac, Mac};
use sha2::Sha256;
pub fn verify(message: &[u8], code: &str, key: &[u8]) -> bool {
type HmacSha256 = Hmac<Sha256>;
let mut mac = HmacSha256::new_varkey(key).unwrap();
mac.input(message);
let result = mac.result().code();
let r2 = hex::encode(&result);
r2 == code
}
#[test]
fn should_work() {
assert!(verify(
b"code=0907a61c0c8d55e99db179b68161bc00&shop=some-shop.myshopify.com×tamp=1337178173",
"4712bf92ffc2917d15a2f5a273e39f0116667419aa4b6ac0b3baaf26fa3c4d20",
b"hush"
), "Returned false with correct parameters!");
}
#[test]
fn shouldnt_work() {
assert!(
!verify(
b"things=things&stuff=this_is_pod_racing",
"3b3f62798a09c78hjbjsakbycut^%9n29ddeb8f6862b42c7eb6fa65cf2a8cade",
b"mysecu)reAn111eecretB"
),
"Returned true with incorrect parameters!"
);
}
另请参阅:
- How do I convert a string to hex in Rust?