如何在 bash 脚本中异或两个十六进制数字？（异或加密）

Question

我编写了一个操作十六进制值的bash脚本，我需要在两个十六进制数字之间进行异或运算。我的问题是，当我在 bash 提示符中尝试时，它可以工作并返回正确的值，但在脚本中该值是 false。

当 XOR 变量 $ExtendAuthKey 和 $IPAD 时，结果必须为： 181ad673a5d94f0e12c8894ea26381b363636363636363636363636363636363636363636363636363636363636363636363636363 636363636363636363636

但事实上我得到这个值：3906369333256140342

我不明白这种行为，如果你有解释或解决方案，我会接受，谢谢

看我的脚本：`

#!/bin/bash

AuthID=80001f8880e9bd0c1d12667a5100000000

IPAD=0x36363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636
OPAD=0x5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c
Ext0=0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

WholeMsgIn=0x3081800201033011020420dd06a7020300ffe30401050201030431302f041180001f8880e9bd0c1d12667a5100000000020105020120040475736572040c00000000000000000000000004003035041180001f8880e9bd0c1d12667a51000000000400a11e02046b4c5ac20201000201003010300e060a2b06010201041e0105010500

line=test

#Calcule AuthKey
  AuthKey=$(snmpkey md5 $line $AuthID | grep auth | cut -d ' ' -f 2)

#Concat AuthKey + Ext0
  ExtendAuthKey=$AuthKey${Ext0:2}

#Calcule de K1 = ExtendAuthKey XOR IPAD
  K1=$(( $ExtendAuthKey ^ $IPAD ))

#Calcule de K2 = ExtendAuthKey XOR OPAD
  K2=$(( $ExtendAuthKey ^ $OPAD ))

#Concat K1 + WholeMsgIn
  Concat1=$K1$WholeMsgIn

#Calcul Hash Concat1
  echo ${Concat1:2} > tempH.hex
  cat tempH.hex | xxd -r -p > tempB.bin
  HashConcat1=$(md5sum tempB.bin | cut -d ' ' -f 1)

#Concat K2 + Concat1
  Concat2=$K2$HashConcat1

#Calcul Hash Concat1
  echo ${Concat2:2} > tempH.hex
  cat tempH.hex | xxd -r -p > tempB.bin
  HashConcat2=$(md5sum tempB.bin | cut -d ' ' -f 1)

`

Answer 1

正如其他人所说，您面临的问题是异或的输出被截断为 64 位。您仍然可以在 shell 中执行此操作，只需将算术分解为 64 位块即可。我最近这样做是为了好玩：

xor() {
  {
    echo "${1}" | # start pipeline with first parameter
      fold -w 16 | # break into 16 char lines (note: 4-bit hex char * 16 = 64 bits)
      sed 's/^/0x/' | # prepend '0x' to lines to tell shell their hex numbers
      nl # number the lines (we do this to match corresponding ones)
    echo "${2}" | # do all the same to the second parameter
      fold -w 16 | 
      sed 's/^/0x/' | 
      nl
  } | # coming into this pipe we have lines: 1,...,n,1,...,n 
  sort -n | # now sort so lines are: 1,1,...,n,n
  cut -f 2 | # cut to keep only second field (blocks), ditching the line numbers
  paste - - | # paste to join every-other line with tabs (now two-field lines)
  while read -r a b; do # read lines, assign 'a' and 'b' to the two fields 
    printf "%#0${#a}x" "$(( a ^ b ))" # do the xor and left-pad the result
  done |
  sed 's/0x//g' | # strip the leading '0x' (here for clarity instead of in the loop)
  paste -s -d '\0' - # join all the blocks back into to a big hex string
}

例子：

$ xor "0c60c80f961f0e71f3a9b524af6012062fe037a6" "e60cc942513261fd3eb76c0e617d53f6f73ebef1"
ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957

这是一种对一些大数字进行异或运算的缓慢的方式，但对于演示来说应该没问题。我在 PBKDF2 实现中使用了它，它在一分钟左右的时间内减少了 4096 轮 HMAC SHA512 的输出（与哈希同时进行）。