我将字符串编码到base64,并用这个base64字符串生成HMAC SHA256。我将HMAC(char字节)的结果编码为base64。不同的结果在C++和PHP中的HMAC SHA-256
我使用C++:openssl库。
,并得到了不同的结果,在PHP和C++:
C++:
JSON: {"req_hash":"someUniqCodeHash","answer":true}
BASE64: eyJyZXFfaGFzaCI6InNvbWVVbmlxQ29kZUhhc2giLCJhbnN3ZXIiOnRydWV9
HMAC: P/p2YlxL8xdhmn+QIAlVLFDS50ai4JE/l1pMMrKZKrE=
PHP:
JSON: {"req_hash":"someUniqCodeHash","answer":true}
BASE64: eyJyZXFfaGFzaCI6InNvbWVVbmlxQ29kZUhhc2giLCJhbnN3ZXIiOnRydWV9
HMAC: P/p2YlxL8xdhmn+QIAlVLFDS50ai4JE/l1pMMrKZKrE=
如果你能看到,HMAC相同的结果!
c++: P/p2YlxL8xdhmn+QIAlVLFDS50ai4JE/l1pMMrKZKrE=
php: P/p2YlxL8xdhmn+QIAlVLFDS50ai4JE/l1pMMrKZKrE=
但是,当我改变JSON像这样(改变true
到false
):
JSON: {"req_hash":"someUniqCodeHash","answer":false}
我得到这个:
C++:
JSON: {"req_hash":"someUniqCodeHash","answer":false}
BASE64: eyJyZXFfaGFzaCI6InNvbWVVbmlxQ29kZUhhc2giLCJhbnN3ZXIiOmZhbHNlfQ==
HMAC: znUOWS2MMLpjIBSpq2GfSNivaL8IUDcZXZs24D0=
PHP:
JSON: {"req_hash":"someUniqCodeHash","answer":false}
BASE64: eyJyZXFfaGFzaCI6InNvbWVVbmlxQ29kZUhhc2giLCJhbnN3ZXIiOmZhbHNlfQ==
HMAC: znUOWS2MMLpjIBSpq2GfSNivaL8IUDcZXZs24D0AHZA=
为什么HMAC结果是不同的?
你可以看到:
C++: znUOWS2MMLpjIBSpq2GfSNivaL8IUDcZXZs24D0=
PHP: znUOWS2MMLpjIBSpq2GfSNivaL8IUDcZXZs24D0AHZA=
在PHP HMAC字符串添加了一些字符:...AHZA=
。 这是什么?
而且我PHP代码:
<?php
$b = base64_encode('{"req_hash":"someUniqCodeHash","answer":false}');
$hmac =$b.".".base64_encode(hash_hmac('sha256',$b,'eyJhZGRyZXNzX3RvIjp7JzEnOidjbGll',true));
我C++代码:
std::string sfjson = "{\"req_hash\":\"someUniqCodeHash\",\"answer\":false}";
std::cout << "JSON: " << sfjson << "\n";
std::string fencoded_data = base64_encode_str(sfjson);
std::cout << "BASE64: " << fencoded_data << "\n";
unsigned char* digest;
std::string key = "eyJhZGRyZXNzX3RvIjp7JzEnOidjbGll";
digest = HMAC(EVP_sha256(), reinterpret_cast<const unsigned char*>(key.c_str()), key.length(), reinterpret_cast<const unsigned char*>(fencoded_data.c_str()), fencoded_data.length(), NULL, NULL);
std::string sName(reinterpret_cast<char*>(digest));
std::string hmac_data = base64_encode_str(sName);
std::cout << "HMAC: " << hmac_data << "\n";
从那里Base64编码:https://gist.github.com/rustem-art/5f6b510c65bbbfd279386225b978f960
基于差异只是尾部的事实,我假设PHP和C++正在使用不同的填充。不知道它有什么不同,但我认为这是看待的方向。 – apokryfos