无法匹配 php hash_hmac() 和 coldfusion hmac() 的结果
Unable to match results of php hash_hmac() and coldfusion hmac()
我正在加密 URL 并将工作脚本从 PHP 转换为 ColdFusion。我已经完成了 95% 的工作,但在尝试了 Whosebug 上可用的许多解决方案后,我仍然停留在这一点上。我的结果仍然不匹配。我确认 saltBin 和 keyBin 值在两个脚本中是相同的。请看一下。
PHP版本
$saltBin = R�k��E�x^ �O<�-�7J=S�z��� �;
$keyBin = �;B��|� �0U,��h�NS+��.��G���
res = hash_hmac('sha256', $saltBin, $keyBin);
result
39ddcd6156a30fdcebc9fbf5dd59a0ef4f47e27841bbc12ce72b64a0a63c0324
冷融合版
<cfset res = hmac(saltBin,keyBin,"HMACSHA256")>
result
30A658BEB3965C2D7D27A3F717FB6C13B05ED44E8B2A5A7FEBB9B57887CF57A0
我尝试了以下解决方案
ColdFusion equivalent to PHP hash_hmac
coldfusion hashing and difference between hmacSHA256 and SHA256
更新:
以下是 PHP version
的缩写版本
$key = '943b421c9eb07c830af81030552c86009268de4e532ba2ee2eab8247c6da0881';
$salt = '520f986b998545b4785e0defbc4f3c1203f22de2374a3d53cb7a7fe9fea309c5';
$keyBin = pack("H*" , $key);
$saltBin = pack("H*" , $salt);
$path = "/rs:fill:300:300:1/g:no/aHR0cDovL2ltZy5leGFtcGxlLmNvbS9wcmV0dHkvaW1hZ2UuanBn.png";
echo hash_hmac('sha256', $saltBin.$path, $keyBin);
结果:7062c2b5786c82de963767de4b0cdbc4e7ed7db2ce7466708bf8a28d8572888b
<cfset key = '943b421c9eb07c830af81030552c86009268de4e532ba2ee2eab8247c6da0881'>
<cfset salt = '520f986b998545b4785e0defbc4f3c1203f22de2374a3d53cb7a7fe9fea309c5'>
<cfset keyBin = binaryDecode(key, 'hex')>
<cfset keyBin = toString(keyBin)>
<cfset saltBin = binaryDecode(salt, 'hex')>
<cfset saltBin = toString(saltBin)>
<cfset path = "/rs:fill:300:300:1/g:no/aHR0cDovL2ltZy5leGFtcGxlLmNvbS9wcmV0dHkvaW1hZ2UuanBn.png">
<cfset result = hmac(saltBin&path,keyBin,"HMACSHA256")>
<cfoutput>#result#</cfoutput>
结果:FFA7A526BB464CA1470F309605F1ED63832342B704F8475BFAF26CCD1092603B
任何人都可以在这方面帮助我吗?
谢谢。
saltBin and keyBin values are the same on both scripts
是的,这些值是相同的,但被散列的 data 不同。这就是结果不匹配的原因。
php 代码对 salt 和路径变量的串联 binary 进行哈希处理。为了说明使用一个简单的值:
Data
Value
Binary
Base64
Salt
ab
[-85]
qw==
Path
123
[49,50,51]
MTIz
Salt + Path
n/a
[-85,49,50,51]
qzEyMw==
而 CF 代码使用串联的 字符串 盐和路径的二进制文件,经过一些非常……可疑的 re-encoding 和 ToString()。如您所见,生成的二进制文件与 php:
使用的二进制文件非常不同
Data
Value
Binary
Base64
Salt
�
[-17,-65,-67]
77+9
Path
123
[49,50,51]
MTIz
Salt + Path
�123
[-17,-65,-67,49,50,51]
77+9MTIz
CF代码需要拼接两个变量的binary。然后将该二进制文件传递给 hmac() 函数:
CF(参见runnable example)
<cfscript>
key = '943b421c9eb07c830af81030552c86009268de4e532ba2ee2eab8247c6da0881';
salt = '520f986b998545b4785e0defbc4f3c1203f22de2374a3d53cb7a7fe9fea309c5';
keyBin = binaryDecode(key, "hex");
saltBin = binaryDecode(salt, "hex");
path = "/rs:fill:300:300:1/g:no/aHR0cDovL2ltZy5leGFtcGxlLmNvbS9wcmV0dHkvaW1hZ2UuanBn.png";
pathBin = charsetDecode(path, "utf-8");
// merge binary of salt and path
combined = [];
combined.append(saltBin, true);
combined.append(pathBin, true);
result = lcase(hmac( javacast("byte[]", combined),keyBin,"HMACSHA256"));
writeDump(result);
</cfscript>
结果: 7062c2b5786c82de963767de4b0cdbc4e7ed7db2ce7466708bf8a28d8572888b
PHP(参见runnable example)
<?php
$key = '943b421c9eb07c830af81030552c86009268de4e532ba2ee2eab8247c6da0881';
$salt = '520f986b998545b4785e0defbc4f3c1203f22de2374a3d53cb7a7fe9fea309c5';
$keyBin = pack("H*" , $key);
$saltBin = pack("H*" , $salt);
$path = "/rs:fill:300:300:1/g:no/aHR0cDovL2ltZy5leGFtcGxlLmNvbS9wcmV0dHkvaW1hZ2UuanBn.png";
echo hash_hmac('sha256', $saltBin.$path, $keyBin);
结果: 7062c2b5786c82de963767de4b0cdbc4e7ed7db2ce7466708bf8a28d8572888b
我正在加密 URL 并将工作脚本从 PHP 转换为 ColdFusion。我已经完成了 95% 的工作,但在尝试了 Whosebug 上可用的许多解决方案后,我仍然停留在这一点上。我的结果仍然不匹配。我确认 saltBin 和 keyBin 值在两个脚本中是相同的。请看一下。
PHP版本
$saltBin = R�k��E�x^ �O<�-�7J=S�z��� �;
$keyBin = �;B��|� �0U,��h�NS+��.��G���
res = hash_hmac('sha256', $saltBin, $keyBin);
result
39ddcd6156a30fdcebc9fbf5dd59a0ef4f47e27841bbc12ce72b64a0a63c0324
冷融合版
<cfset res = hmac(saltBin,keyBin,"HMACSHA256")>
result
30A658BEB3965C2D7D27A3F717FB6C13B05ED44E8B2A5A7FEBB9B57887CF57A0
我尝试了以下解决方案
ColdFusion equivalent to PHP hash_hmac
coldfusion hashing and difference between hmacSHA256 and SHA256
更新:
以下是 PHP version
的缩写版本$key = '943b421c9eb07c830af81030552c86009268de4e532ba2ee2eab8247c6da0881';
$salt = '520f986b998545b4785e0defbc4f3c1203f22de2374a3d53cb7a7fe9fea309c5';
$keyBin = pack("H*" , $key);
$saltBin = pack("H*" , $salt);
$path = "/rs:fill:300:300:1/g:no/aHR0cDovL2ltZy5leGFtcGxlLmNvbS9wcmV0dHkvaW1hZ2UuanBn.png";
echo hash_hmac('sha256', $saltBin.$path, $keyBin);
结果:7062c2b5786c82de963767de4b0cdbc4e7ed7db2ce7466708bf8a28d8572888b
<cfset key = '943b421c9eb07c830af81030552c86009268de4e532ba2ee2eab8247c6da0881'>
<cfset salt = '520f986b998545b4785e0defbc4f3c1203f22de2374a3d53cb7a7fe9fea309c5'>
<cfset keyBin = binaryDecode(key, 'hex')>
<cfset keyBin = toString(keyBin)>
<cfset saltBin = binaryDecode(salt, 'hex')>
<cfset saltBin = toString(saltBin)>
<cfset path = "/rs:fill:300:300:1/g:no/aHR0cDovL2ltZy5leGFtcGxlLmNvbS9wcmV0dHkvaW1hZ2UuanBn.png">
<cfset result = hmac(saltBin&path,keyBin,"HMACSHA256")>
<cfoutput>#result#</cfoutput>
结果:FFA7A526BB464CA1470F309605F1ED63832342B704F8475BFAF26CCD1092603B
任何人都可以在这方面帮助我吗?
谢谢。
saltBin and keyBin values are the same on both scripts
是的,这些值是相同的,但被散列的 data 不同。这就是结果不匹配的原因。
php 代码对 salt 和路径变量的串联 binary 进行哈希处理。为了说明使用一个简单的值:
| Data | Value | Binary | Base64 |
|---|---|---|---|
| Salt | ab | [-85] | qw== |
| Path | 123 | [49,50,51] | MTIz |
| Salt + Path | n/a | [-85,49,50,51] | qzEyMw== |
而 CF 代码使用串联的 字符串 盐和路径的二进制文件,经过一些非常……可疑的 re-encoding 和 ToString()。如您所见,生成的二进制文件与 php:
使用的二进制文件非常不同| Data | Value | Binary | Base64 |
|---|---|---|---|
| Salt | � | [-17,-65,-67] | 77+9 |
| Path | 123 | [49,50,51] | MTIz |
| Salt + Path | �123 | [-17,-65,-67,49,50,51] | 77+9MTIz |
CF代码需要拼接两个变量的binary。然后将该二进制文件传递给 hmac() 函数:
CF(参见runnable example)
<cfscript>
key = '943b421c9eb07c830af81030552c86009268de4e532ba2ee2eab8247c6da0881';
salt = '520f986b998545b4785e0defbc4f3c1203f22de2374a3d53cb7a7fe9fea309c5';
keyBin = binaryDecode(key, "hex");
saltBin = binaryDecode(salt, "hex");
path = "/rs:fill:300:300:1/g:no/aHR0cDovL2ltZy5leGFtcGxlLmNvbS9wcmV0dHkvaW1hZ2UuanBn.png";
pathBin = charsetDecode(path, "utf-8");
// merge binary of salt and path
combined = [];
combined.append(saltBin, true);
combined.append(pathBin, true);
result = lcase(hmac( javacast("byte[]", combined),keyBin,"HMACSHA256"));
writeDump(result);
</cfscript>
结果: 7062c2b5786c82de963767de4b0cdbc4e7ed7db2ce7466708bf8a28d8572888b
PHP(参见runnable example)
<?php
$key = '943b421c9eb07c830af81030552c86009268de4e532ba2ee2eab8247c6da0881';
$salt = '520f986b998545b4785e0defbc4f3c1203f22de2374a3d53cb7a7fe9fea309c5';
$keyBin = pack("H*" , $key);
$saltBin = pack("H*" , $salt);
$path = "/rs:fill:300:300:1/g:no/aHR0cDovL2ltZy5leGFtcGxlLmNvbS9wcmV0dHkvaW1hZ2UuanBn.png";
echo hash_hmac('sha256', $saltBin.$path, $keyBin);
结果: 7062c2b5786c82de963767de4b0cdbc4e7ed7db2ce7466708bf8a28d8572888b