C#System.Security.Cryptography.HMACSHA1.ComputeHash()未返回预期结果
我正在尝试基于RFC 4226在C#中实现OTP解决方案: 我发现了一个示例实现,它如下所示:C#System.Security.Cryptography.HMACSHA1.ComputeHash()未返回预期结果,c#,.net,cryptography,C#,.net,Cryptography,我正在尝试基于RFC 4226在C#中实现OTP解决方案: 我发现了一个示例实现,它如下所示: using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Security.Cryptography; namespace OTP { class Program { static void Main(string[] args)
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography;
namespace OTP
{
class Program
{
static void Main(string[] args)
{
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
byte[] secretKey = encoding.GetBytes("12345678901234567890");
byte[] counter = encoding.GetBytes("1");
Console.WriteLine(CalculateHotp(secretKey, counter));
Console.ReadKey();
}
public static int CalculateHotp(byte[] key, byte[] counter)
{
var hmacsha1 = new HMACSHA1(key);
byte[] hmac_result = hmacsha1.ComputeHash(counter);
int offset = hmac_result[19] & 0x0f;
int bin_code = (hmac_result[offset] & 0x7f) << 24
| (hmac_result[offset + 1] & 0xff) << 16
| (hmac_result[offset + 2] & 0xff) << 8
| (hmac_result[offset + 3] & 0xff);
int hotp = bin_code % 1000000;
return hotp;
}
}
}
From the RFC 4226, Appendix D:
The following test data uses the ASCII string
"12345678901234567890" for the secret:
Secret = 0x3132333435363738393031323334353637383930
Table 1 details for each count, the intermediate HMAC value.
Count Hexadecimal HMAC-SHA-1(secret, count)
0 cc93cf18508d94934c64b65d8ba7667fb7cde4b0
1 75a48a19d4cbe100644e8ac1397eea747a2d33ab
2 0bacb7fa082fef30782211938bc1c5e70416ff44
3 66c28227d03a2d5529262ff016a1e6ef76557ece
4 a904c900a64b35909874b33e61c5938a8e15ed1c
<snip>
Table 2 details for each count the truncated values (both in
hexadecimal and decimal) and then the HOTP value.
Truncated
Count Hexadecimal Decimal HOTP
0 4c93cf18 1284755224 755224
1 41397eea 1094287082 287082
2 82fef30 137359152 359152
3 66ef7655 1726969429 969429
4 61c5938a 1640338314 338314
<snip>
:
以下测试数据使用ASCII字符串
“123456789001234567890”的秘密:
机密=0x31323334353637393933031323334353637383939330
表1各计数的详细信息,中间HMAC值。
计数十六进制HMAC-SHA-1(机密,计数)
0 cc93cf18508d94934c64b65d8ba7667fb7cde4b0
1 75a48a19d4cbe100644e8ac1397eea747a2d33ab
2 0BACB7FA082FE3078211938BC1C5E70416FF44
3 66c28227d03a2d5529262ff016a1e6ef76557ece
4 a904c900a64b35909874b33e61c5938a8e15ed1c
表2各计数截断值的详细信息(在
十六进制和十进制),然后是HOTP值。
截断的
计数十六进制HOTP
0 4c93cf18 1284755224 755224
141397EEA 1094287082 287082
2 82fef30 137359152 359152
366EF7655 172696429 969429
4 61c5938a 1640338314 338314
我真的看不出我做错了什么,有没有人使用HMACSHA1类成功地在C#中实现了基于计数器的OTP?您错误地使用了计数器。计数器不应是ASCII字符串,而应是以大端为单位的数字(长)值 使用 对于此测试,您的代码将返回正确的OTP
From the RFC 4226, Appendix D:
The following test data uses the ASCII string
"12345678901234567890" for the secret:
Secret = 0x3132333435363738393031323334353637383930
Table 1 details for each count, the intermediate HMAC value.
Count Hexadecimal HMAC-SHA-1(secret, count)
0 cc93cf18508d94934c64b65d8ba7667fb7cde4b0
1 75a48a19d4cbe100644e8ac1397eea747a2d33ab
2 0bacb7fa082fef30782211938bc1c5e70416ff44
3 66c28227d03a2d5529262ff016a1e6ef76557ece
4 a904c900a64b35909874b33e61c5938a8e15ed1c
<snip>
Table 2 details for each count the truncated values (both in
hexadecimal and decimal) and then the HOTP value.
Truncated
Count Hexadecimal Decimal HOTP
0 4c93cf18 1284755224 755224
1 41397eea 1094287082 287082
2 82fef30 137359152 359152
3 66ef7655 1726969429 969429
4 61c5938a 1640338314 338314
<snip>
var counter = new byte[] { 0, 0, 0, 0, 0, 0, 0, 1 };