HMAC算法--asp源码
作者:cjj 来源:经典论坛 时间:2009-08-28 12:51:00
hmac主要应用在身份验证中,它的使用方法是这样的:
1. 客户端发出登录请求(假设是浏览器的GET请求)
2. 服务器返回一个随机值,并在会话中记录这个随机值
3. 客户端将该随机值作为密钥,用户密码进行hmac运算,然后提交给服务器
4. 服务器读取用户数据库中的用户密码和步骤2中发送的随机值做与客户端一样的hmac运算,然后与用户发送的结果比较,如果结果一致则验证用户合法
在这个过程中,可能遭到安全攻击的是服务器发送的随机值和用户发送的hmac结果,而对于截获了这两个值的黑客而言这两个值是没有意义的,绝无获取用户密码的可能性,随机值的引入使hmac只在当前会话中有效,大大增强了安全性和实用性。大多数的语言都实现了hmac算法,比如php的mhash、python的hmac.py、java的MessageDigest类,在web验证中使用hmac也是可行的,用js进行md5运算的速度也是比较快的。
HMAC算法asp源码
THMAC.asp
<%
'/**
'* RFC 2104 HMAC implementation for asp
'*
'* @Author : [BI]CJJ http://www.imcjj.com
'* @Version : 0.1.0 build 20070708
'*/
Class THMAC
' Private Sub Class_Initialize() End Sub
private function SHL(lValue, iShiftBits)
if iShiftBits = 0 then
SHL = lValue
Exit Function
elseif iShiftBits = 31 then
if lValue And 1 then
SHL = &H80000000
else
SHL = 0
end if
Exit Function
elseif iShiftBits < 0 Or iShiftBits > 31 then
Err.Raise 6
end if
if (lValue And 2^(31 - iShiftBits)) then
SHL = ((lValue And (2^(31 - iShiftBits)-1)) * (2^iShiftBits)) Or &H80000000
else
SHL = (lValue And (2^(32 - iShiftBits)-1)) * 2^iShiftBits
end if
end function
private function SHR(lValue, iShiftBits)
if iShiftBits = 0 then
SHR = lValue
Exit Function
elseif iShiftBits = 31 then
if lValue And &H80000000 then
SHR = 1
else
SHR = 0
end if
Exit Function
elseif iShiftBits < 0 Or iShiftBits > 31 then
Err.Raise 6
end if
SHR = (lValue And &H7FFFFFFE) \ (2^iShiftBits)
if (lValue And &H80000000) then
iShiftBits=iShiftBits-1
SHR = SHR Or (&H40000000 \ (2^iShiftBits ))
end if
end function
Private Function bytarray2binl (barray)
Dim nblk,blks(),i
nblk = SHR(ubound(barray) + 9, 6) + 1
ReDim blks((nblk * 16)-1)
For i = 0 To UBound(blks)
blks(i) = 0
Next
For i = 0 To UBound(barray)
blks(SHR(i,2)) = blks(SHR(i,2)) OR (SHL(barray(i) AND &HFF, ((i mod 4)*8)))
Next
blks(SHR(i,2)) = blks(SHR(i,2)) OR (SHL(&H80, ((i mod 4)*8)))
blks(nblk*16-2) = (ubound(barray)+1) * 8
bytarray2binl = blks
end function
Private Function binl2byt(binarray)
Dim hex_tab,bytarray(),i
ReDim bytarray(((UBound(binarray)+1)*4)-1)
For i = 0 To ((UBound(binarray) +1) * 4) -1
bytarray(i) = SHL((SHR(binarray(SHR(i,2)),(((i mod 4)*8)+4)) AND &H0f) ,4) OR (SHR(binarray(SHR(i,2)),((i mod 4)*8)) AND &H0f)
Next
binl2byt = bytarray
end function
private Function binl2hex(binarray)
Dim str,i
For i = 0 to ((UBound(binarray) +1) * 4) -1
str = str & LCase(hex(SHR(binarray(SHR(i,2)),((i mod 4)*8) + 4) AND &Hf)) & lcase(hex(SHR(binarray(SHR(i, 2)), ((i mod 4) * 8)) AND &Hf))
Next
binl2hex = str
end function
Public Function Encrypt(ByRef a_oObj, key, text)
Dim ipad(63),opad(63),idata(),odata(79)
ReDim idata(63 + len(text))
Dim i, innerhashout, hkey
Dim sName
Encrypt=null
sName=TypeName(a_oObj)
If sName<>"TMD5" And sName<>"TSHA1" AND sName<>"TSHA256" Then Exit Function End If
hkey = key
if Len(key) > 64 then hkey = a_oObj.Encrypt(key) end if
For i = 0 to 63
ipad(i) = &H36
idata(i) = &H36
odata(i) = &H5C
opad(i) = &H5C
Next
For i = 0 To len(hkey)-1
ipad(i) = ipad(i) XOR asc(mid(hkey,i+1,1))
opad(i) = opad(i) XOR asc(mid(hkey,i+1,1))
idata(i) = ipad(i) AND &HFF
odata(i) = opad(i) AND &HFF
Next
For i = 0 To Len(text) -1
idata(64 + i) = asc(mid(text,i+1,1)) AND &HFF
Next
innerhashout = binl2byt(a_oObj.EncryptArray(bytarray2binl(idata)))
For i = 0 To 15
odata(64+i) = innerhashout(i)
Next
Encrypt = binl2hex(a_oObj.EncryptArray(bytarray2binl(odata)))
end function
End Class
%>