SDTP鉴权请求使用于鉴别源用户的一个消息。它使用加密算法(MD5和SHA256哈希)计算鉴权信息生成摘要(Digest)放在鉴权请求消息中传输。
在移动的大部分接口规范中都会使用到SDTP协议,但是各个接口规范中计算摘要的方法不一致,常见的有三种:MD5/LOGINID/SECRET/TIME,MD5/LOGINID/SECRET/TIME/RAND和SHA256/LOGINID/SECRET/TIME/RAND。
本文将详细说明上面三种计算摘要(Digest)的方法,并且使用Python编写计算摘要的代码进行验证。
MD5/LOGINID/SECRET/TIME/RAND(双向)
参考文档:《中国移动上网日志留存系统三期规范-数据合成服务器接口规范》
使用MD5加密算法,计算方法:
请求消息: ReqDigest = MD5(LoginID + MD5(sharedsecret) + Timestamp + “rand=” + RAND)
响应消息:RespDigest =MD5(LoginID + MD5(shared secret) + “rand=” + RAND + Timestamp)
其中:
shared secret为LoginID的账号密码,由认证双方事先商定。
LoginID为消息带的LoginID字段,12个字节,不足12字节以空格填充。
Timestamp为本消息带的Timestamp字段数值,单位为秒(time_t)
示例说明:
客户端:
LoginID=“user “
Sharedsecret=”passwd”
Timestamp=1289959463
RAND=99
则:
MD5(sharedsecret)=76a2173be6393254e72ffa4d6df1030a
请求:加密前字符串为:
“user 76a2173be6393254e72ffa4d6df1030a1289959463rand=99”
响应:加密前字符串为:
“user 76a2173be6393254e72ffa4d6df1030arand=991289959463”
MD5加密:
请求:MD5(“user 76a2173be6393254e72ffa4d6df1030a1289959463rand=99”)
响应:MD5(“user 76a2173be6393254e72ffa4d6df1030arand=991289959463”)
Digest结果:
请求:Digest=0860fe6ef69b9d5a5c89d2af38c65467
响应:digest =4b055789912b098cb713e63b1fe2c9ba
Python代码:
import hashlib
def linkauthdigestmd5(loginid,sharedsecret, time, rand, isreq):
if isreq:
print "*** linkauth digest rand request ***:"
else:
print "*** linkauth digest rand response ***:"
print " shared secret =%s" % sharedsecret
sharedsecretstr = hashlib.md5(sharedsecret).hexdigest()
print " shared secret md5 =%s" % sharedsecretstr
print " loginid = %s" %loginid
print " time = %s" % time
print " rand = %s" %rand
if isreq:
str = "%s%s%srand=%s" % (loginid, sharedsecretstr, time, rand)
else:
str = "%s%srand=%s%s" % (loginid, sharedsecretstr, rand, time)
print " digest string =%s" % str
digest = hashlib.md5(str).hexdigest()
print " digest = %s" %digest
return digest
digest = linkauthdigestmd5("user ", "passwd", 1289959463,99, 0)
digest = linkauthdigestmd5("user ", "passwd", 1289959463,99, 1)
SHA256/LOGINID/SECRET/TIME/RAND(双向)
参考文档:《中国移动上网日志留存系统数据合成服务器接口规范(CS域)》
使用SHA256加密算法,计算方法:
请求消息:ReqDigest = SHA256(LoginID + SHA256(shared secret) + Timestamp + “rand=”+ RAND)
响应消息:RespDigest = SHA256(LoginID +SHA256(shared secret) + “rand=” + RAND + Timestamp)
其中:
shared secret为LoginID的账号密码,由认证双方事先商定。
LoginID为消息带的LoginID字段,12个字节,不足12字节以空格填充。
Timestamp为本消息带的Timestamp字段数值,单位为秒(time_t)
示例说明:
客户端:
LoginID=“user “
Sharedsecret=”passwd”
Timestamp=1289959463
RAND=99
则:
SHA256(shared secret)= 0d6be69b 264717f2 dd33652e 212b173104b4a647 b7c11ae7 2e9885f1 1cd312fb (64位)
请求:加密前字符串为:
“user 0d6be69b264717f2dd33652e212b173104b4a647b7c11ae72e9885f11cd312fb1289959463rand=99”
响应:加密前字符串为:
“user 0d6be69b264717f2dd33652e212b173104b4a647b7c11ae72e9885f11cd312fbrand=991289959463”
MD5加密:
请求:SHA256 (“user 0d6be69b264717f2dd33652e212b173104b4a647b7c11ae72e9885f11cd312fb1289959463rand=99”)
响应:SHA256 (“user 0d6be69b264717f2dd33652e212b173104b4a647b7c11ae72e9885f11cd312fbrand=991289959463”)
Digest结果:
请求Digest: dc8ba5e9a25c2ec0d31302a4bda2380eb746e8c987cd2b787d6753d068e5984a
响应Digest:07edad5be1eed7ace6b2bb30c368d803dfe0bfe9d47e4c8e705e91270207013b
Python代码:
import hashlib
def linkauthdigestsha256(loginid, sharedsecret,time, rand, isreq):
if isreq:
print "*** linkauth digest rand request ***:"
else:
print "*** linkauth digest rand response ***:"
print " shared secret =%s" % sharedsecret
sharedsecretstr = hashlib.sha256(sharedsecret).hexdigest()
print " shared secret sha256= %s" % sharedsecretstr
print " loginid = %s" %loginid
print " time = %s" %time
print " rand = %s" %rand
if isreq:
str = "%s%s%srand=%s" % (loginid, sharedsecretstr, time, rand)
else:
str = "%s%srand=%s%s" % (loginid, sharedsecretstr, rand, time)
print " digest string =%s" % str
digest = hashlib.sha256(str).hexdigest()
print " digest = %s" %digest
return digest
digest =linkauthdigestsha256("user ", "passwd", 1289959463, 99, 0)
digest =linkauthdigestsha256("user ", "passwd", 1289959463, 99, 1)
MD5/LOGINID/SECRET/TIME(单向)
参考文档:《中国移动信令监测系统接口规范-信令采集网关分册v2.0.0》
使用MD5加密算法计算,计算方法:
Digest= MD5(LoginID+9 字节的0 +MD5(shared secret)+ Timestamp)
其中:
“9字节的0”中的0为字符0(0x30)
Shared secret为与LoginID对应的账户密码,由认证双方实体事先商定;
Timestamp为本消息带的Timestamp字段数值,单位为秒。
示例说明:
SCG=200075500001
shared secret=passwd
Timestamp=1289959463
则:
MD5(shared secret)= 76a2173be6393254e72ffa4d6df1030a;
Digest=MD5(20007550000100000000076a2173be6393254e72ffa4d6df1030a1289959463);
Digest的结果为:4015a3686cedbd118dcb2bbb09ccc0f9
Python代码:
importhashlib
def linkauthdigest(loginid, sharedsecret,time):
print "*** linkauth digest ***:"
print " shared secret =%s" % sharedsecret
sharedsecretstr = hashlib.md5(sharedsecret).hexdigest()
print " shared secret md5 =%s" % sharedsecretstr
print " loginid = %s" %loginid
print " time = %s" %time
str = "%s000000000%s%s" % (loginid, sharedsecretstr, time)
print " digest string =%s" % str
digest = hashlib.md5(str).hexdigest()
print " digest = %s" %digest
return digest
digest =linkauthdigest("200075500001", "passwd", 1289959463)