当尝试生成HMAC + SHA256签名时,对于某些有效负载,我从openssl命令行获得的结果与openssl lib有所不同。
这是为了尝试为AWS生成v4签名。 我能够成功使用bash / curl做到这一点。 该代码显示了每个步骤的每个签名,除了服务(s3)的签名与通过openssl命令行生成的签名不同之外,所有其他签名都匹配
int i;
char data[1024] = "";
char hashString[SHA256_DIGEST_LENGTH*2];
unsigned char *bytearray=malloc(SHA256_DIGEST_LENGTH);
unsigned char *digest=malloc(SHA256_DIGEST_LENGTH);
printf("echo -n us-east-1|openssl dgst -sha256 -mac HMAC -macopt hexkey:b098ff9a24e0573d9e0f952963d0725c4e9c7566ebb3713bf8e0707d43146822\n");
strcpy(hashString,"b098ff9a24e0573d9e0f952963d0725c4e9c7566ebb3713bf8e0707d43146822\0");
strcpy(data, "us-east-1");
//This works
for (i = 0; i < strlen(hashString)/2 ; i++)
sscanf(hashString + 2*i, "%02x", (unsigned int *) &bytearray[i]);
digest = HMAC(EVP_sha256(), bytearray, strlen((const char *)bytearray), (unsigned char*)data, strlen(data), NULL, NULL);
printf(" should be: e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf\n");
printf("HMAC digest: ");
for(i = 0; i < SHA256_DIGEST_LENGTH; i++)
printf("%02x",(unsigned int)digest[i]);
printf("\n");
//This doesn't
printf("echo -n s3|openssl dgst -sha256 -mac HMAC -macopt hexkey:e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf\n");
strcpy(hashString,"e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf");
strcpy(data, "s3");
for (i = 0; i < strlen(hashString)/2 ; i++)
sscanf(hashString + 2*i, "%02x", (unsigned int *) &bytearray[i]);
digest = HMAC(EVP_sha256(), bytearray, strlen((const char *)bytearray), (unsigned char*)data, strlen(data), NULL, NULL);
printf(" should be: f405cc5d87cd57f8130decb58108ac0ae5a0bccb97e40729f9ace287d4ee054d\n");
printf("HMAC digest: ");
for(i = 0; i < SHA256_DIGEST_LENGTH; i++)
printf("%02x",(unsigned int)digest[i]);
printf("\n");
答案 0 :(得分:2)
这是一个经过清理的版本,可避免原始版本中所有未定义的行为和内存泄漏,从而生成预期的哈希值:
#include <assert.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void print_hmac(const char *hexkey, const char *data) {
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digest_len;
int hexkey_len = strlen(hexkey);
assert(hexkey_len % 2 == 0); // Must be even
int key_len = hexkey_len / 2;
unsigned char *key = malloc(key_len);
assert(key != NULL);
for (int i = 0; i < key_len; i++) {
int n = sscanf(hexkey + 2 * i, "%2hhx", key + i);
assert(n == 1);
}
HMAC(EVP_sha256(), key, key_len, (const unsigned char *)data, strlen(data),
digest, &digest_len);
fputs("HMAC digest: ", stdout);
for (unsigned int i = 0; i < digest_len; i++) {
printf("%02hhx", digest[i]);
}
putchar('\n');
free(key);
}
int main(void) {
char hashString[100];
puts("echo -n us-east-1|openssl dgst -sha256 -mac HMAC -macopt "
"hexkey:"
"b098ff9a24e0573d9e0f952963d0725c4e9c7566ebb3713bf8e0707d43146822");
puts(" should be: "
"e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf");
strcpy(hashString,
"b098ff9a24e0573d9e0f952963d0725c4e9c7566ebb3713bf8e0707d43146822");
print_hmac(hashString, "us-east-1");
puts("echo -n s3|openssl dgst -sha256 -mac HMAC -macopt "
"hexkey:"
"e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf");
puts(" should be: "
"f405cc5d87cd57f8130decb58108ac0ae5a0bccb97e40729f9ace287d4ee054d");
strcpy(hashString,
"e811cc78009ad7918504aca1ff987199285352a6fabd1063d6d1a938ac673dbf");
print_hmac(hashString, "s3");
return 0;
}