我將字符串編碼到base64,並用這個base64字符串生成HMAC SHA256。我將HMAC(char字節)的結果編碼爲base64。不同的結果在C++和PHP中的HMAC SHA-256
我使用C++:openssl庫。
,並得到了不同的結果,在PHP和C++:
C++:
JSON: {"req_hash":"someUniqCodeHash","answer":true}
BASE64: eyJyZXFfaGFzaCI6InNvbWVVbmlxQ29kZUhhc2giLCJhbnN3ZXIiOnRydWV9
HMAC: P/p2YlxL8xdhmn+QIAlVLFDS50ai4JE/l1pMMrKZKrE=
PHP:
JSON: {"req_hash":"someUniqCodeHash","answer":true}
BASE64: eyJyZXFfaGFzaCI6InNvbWVVbmlxQ29kZUhhc2giLCJhbnN3ZXIiOnRydWV9
HMAC: P/p2YlxL8xdhmn+QIAlVLFDS50ai4JE/l1pMMrKZKrE=
如果你能看到,HMAC相同的結果!
c++: P/p2YlxL8xdhmn+QIAlVLFDS50ai4JE/l1pMMrKZKrE=
php: P/p2YlxL8xdhmn+QIAlVLFDS50ai4JE/l1pMMrKZKrE=
但是,當我改變JSON像這樣(改變true
到false
):
JSON: {"req_hash":"someUniqCodeHash","answer":false}
我得到這個:
C++:
JSON: {"req_hash":"someUniqCodeHash","answer":false}
BASE64: eyJyZXFfaGFzaCI6InNvbWVVbmlxQ29kZUhhc2giLCJhbnN3ZXIiOmZhbHNlfQ==
HMAC: znUOWS2MMLpjIBSpq2GfSNivaL8IUDcZXZs24D0=
PHP:
JSON: {"req_hash":"someUniqCodeHash","answer":false}
BASE64: eyJyZXFfaGFzaCI6InNvbWVVbmlxQ29kZUhhc2giLCJhbnN3ZXIiOmZhbHNlfQ==
HMAC: znUOWS2MMLpjIBSpq2GfSNivaL8IUDcZXZs24D0AHZA=
爲什麼HMAC結果是不同的?
你可以看到:
C++: znUOWS2MMLpjIBSpq2GfSNivaL8IUDcZXZs24D0=
PHP: znUOWS2MMLpjIBSpq2GfSNivaL8IUDcZXZs24D0AHZA=
在PHP HMAC字符串添加了一些字符:...AHZA=
。 這是什麼?
而且我PHP代碼:
<?php
$b = base64_encode('{"req_hash":"someUniqCodeHash","answer":false}');
$hmac =$b.".".base64_encode(hash_hmac('sha256',$b,'eyJhZGRyZXNzX3RvIjp7JzEnOidjbGll',true));
我C++代碼:
std::string sfjson = "{\"req_hash\":\"someUniqCodeHash\",\"answer\":false}";
std::cout << "JSON: " << sfjson << "\n";
std::string fencoded_data = base64_encode_str(sfjson);
std::cout << "BASE64: " << fencoded_data << "\n";
unsigned char* digest;
std::string key = "eyJhZGRyZXNzX3RvIjp7JzEnOidjbGll";
digest = HMAC(EVP_sha256(), reinterpret_cast<const unsigned char*>(key.c_str()), key.length(), reinterpret_cast<const unsigned char*>(fencoded_data.c_str()), fencoded_data.length(), NULL, NULL);
std::string sName(reinterpret_cast<char*>(digest));
std::string hmac_data = base64_encode_str(sName);
std::cout << "HMAC: " << hmac_data << "\n";
從那裏Base64編碼:https://gist.github.com/rustem-art/5f6b510c65bbbfd279386225b978f960
基於差異只是尾部的事實,我假設PHP和C++正在使用不同的填充。不知道它有什麼不同,但我認爲這是看待的方向。 – apokryfos