所以我一直在查看维基百科的 HMAC 伪代码,它看起来相对简单;如果您的 key 大小已经是块大小,则伪代码可归结为 3 行:
o_key_pad ← key xor [0x5c * blockSize] // Outer padded key
i_key_pad ← key xor [0x36 * blockSize] // Inner padded key
return hash(o_key_pad ∥ hash(i_key_pad ∥ message))
ik = bytes([0x36 ^ b for b in k])
ok = bytes([0x5c ^ b for b in k])
print(hashlib.sha256(ok + bytearray.fromhex(hashlib.sha256(ik+msg).hexdigest())).hexdigest())
p = bytes("password", encoding='utf8')
k = bytearray.fromhex("eae1f9b8c78d0e0dbaeb3bc49fea3f0be9e9dc580c0b0ba09bcf5104713fda80")
x = hmac.new(k, digestmod='sha256')
x.update(p)
print(x.hexdigest())
ik = bytes([0x36 ^ b for b in k])
ok = bytes([0x5c ^ b for b in k])
print(hashlib.sha256(ok + bytearray.fromhex(hashlib.sha256(ik+p).hexdigest())).hexdigest())
1b96a6d3473698c3592a99d752934b875f82cdd623230abc534f92e7b70cc251
57dcbe4ada890bcc8d3cc2e6072874e0d1a0d6d3f73ceb1ced8dad4f07b56e33
为什么?
最佳答案
在自定义实现中,缺少块大小键的填充,参见 here :
Keys shorter than blockSize are padded to blockSize by padding with zeros on the right
SHA256的块大小为64字节,见here .
以下 ptyhon 代码产生预期结果:
import hmac
import hashlib
p = bytes("password", encoding='utf8')
k = bytearray.fromhex("eae1f9b8c78d0e0dbaeb3bc49fea3f0be9e9dc580c0b0ba09bcf5104713fda80")
x = hmac.new(k, digestmod='sha256')
x.update(p)
print(x.hexdigest())
k = bytearray.fromhex("eae1f9b8c78d0e0dbaeb3bc49fea3f0be9e9dc580c0b0ba09bcf5104713fda80".ljust(128,'0')) # pad with zeros
ik = bytes([0x36 ^ b for b in k])
ok = bytes([0x5c ^ b for b in k])
print(hashlib.sha256(ok + bytearray.fromhex(hashlib.sha256(ik+p).hexdigest())).hexdigest())
1b96a6d3473698c3592a99d752934b875f82cdd623230abc534f92e7b70cc251
1b96a6d3473698c3592a99d752934b875f82cdd623230abc534f92e7b70cc251
关于python - Python : HMAC Library vs Hashlib Produces Different Results 中的 HMAC SHA256,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64073659/