utf8 on in dancer but not script

倖福魔咒の 提交于 2019-12-11 14:28:55

问题


This is a follow up to my previous question on showing unicode string differences. As it turns out the strings appear to be the same, however in one of them the UTF8 flag is on.

SV = PVMG(0x4cca750) at 0x4b3fc90
 REFCNT = 1
 FLAGS = (PADMY,POK,pPOK,UTF8)
 IV = 0
 NV = 0
 PV = 0x1eda410 "flurbe"\0 [UTF8 "flurbe"]
 CUR = 6
 LEN = 16

vs

SV = PV(0xf28090) at 0xf4b6a0
 REFCNT = 1
 FLAGS = (PADMY,POK,pPOK)
 PV = 0xf37b90 "flurbe"\0
 CUR = 6
 LEN = 16

This appears to make a difference between the resulting sha512 hashes when I encrypt the string. Dancer is what is causing the first result to have utf8 as far as I can tell, my other script is simply a command line one, without using dancer in that how can I force it to behave in the same way?


回答1:


(This is more of a comment than an answer, but it's too big.)

I just ran this program:

#!/usr/bin/perl -w

use warnings;
use strict;

use Devel::Peek ();
use Digest::SHA ();

my $x = 'flurbe';

Devel::Peek::Dump $x;

print Digest::SHA::sha512_hex($x), "\n\n";

utf8::upgrade $x;

Devel::Peek::Dump $x;

print Digest::SHA::sha512_hex($x), "\n";

__END__

and it gave this output:

SV = PV(0x10441040) at 0x10491638
  REFCNT = 1
  FLAGS = (PADMY,POK,pPOK)
  PV = 0x10449ca0 "flurbe"\0
  CUR = 6
  LEN = 8
1cd2e71e55653caeb6c9bffa47a66ff1c9b526bbb732dcff28412090601e9b5e34d36be6a0267527347cd94039b383d4bc45653d786d1041debe7faa0716bdf1

SV = PV(0x10441040) at 0x10491638
  REFCNT = 1
  FLAGS = (PADMY,POK,pPOK,UTF8)
  PV = 0x10449ca0 "flurbe"\0 [UTF8 "flurbe"]
  CUR = 6
  LEN = 8
1cd2e71e55653caeb6c9bffa47a66ff1c9b526bbb732dcff28412090601e9b5e34d36be6a0267527347cd94039b383d4bc45653d786d1041debe7faa0716bdf1

As you can see, Devel::Peek::Dump correctly identifies that the string has been upgraded to UTF-8, but this doesn't affect the SHA-512 hash computed by Digest::SHA.

Edited to add: In a comment above, you mention that your "hashes are random salted". Can these salts include bytes outside the ASCII range? If so, concatenation with a UTF-8-upgraded string can affect their contents. I just ran this modified program:

#!/usr/bin/perl -w

use warnings;
use strict;

use Devel::Peek ();
use Digest::SHA ();

my $x = 'flurbe';
my $y = "\xA0";      # a single byte, hex 00A0
my $z = "\xC2\xA0";  # UTF-8 representation of U+00A0, as a byte-string

Devel::Peek::Dump "$x$y";
print Digest::SHA::sha512_hex("$x$y"), "\n\n";

Devel::Peek::Dump "$x$z";
print Digest::SHA::sha512_hex("$x$z"), "\n\n";

utf8::upgrade $x;

Devel::Peek::Dump "$x$y";

print Digest::SHA::sha512_hex("$x$y"), "\n";

__END__

and it gave this output:

SV = PV(0x104410e8) at 0x104d68d8
  REFCNT = 1
  FLAGS = (PADTMP,POK,pPOK)
  PV = 0x10449ca0 "flurbe\240"\0
  CUR = 7
  LEN = 8
1901f989ed76143697ecc6683fd03ec793bc126d51cdbee0a72241933136c144f2e602828abddc7e4843df5542a099be92313fa5874d1d2dc54ecdd1ff308c5e

SV = PV(0x104d80b8) at 0x104ec098
  REFCNT = 1
  FLAGS = (PADTMP,POK,pPOK)
  PV = 0x10489170 "flurbe\302\240"\0
  CUR = 8
  LEN = 12
072f7b54c80fa8062ca1d17727a88c9ff4815f83c1166471331c6398b9140a06812eff341c98453f4c51356926dbe9694cbcbebfe4cda7e77cf68008ab838c6d

SV = PV(0x104d80a8) at 0x104f0f98
  REFCNT = 1
  FLAGS = (PADTMP,POK,pPOK,UTF8)
  PV = 0x104896c8 "flurbe\302\240"\0 [UTF8 "flurbe\x{a0}"]
  CUR = 8
  LEN = 12
072f7b54c80fa8062ca1d17727a88c9ff4815f83c1166471331c6398b9140a06812eff341c98453f4c51356926dbe9694cbcbebfe4cda7e77cf68008ab838c6d

As you can see, the SHA-512 hash of "$x$y" depends on whether $x was UTF-8-upgraded. "$x$y" with a UTF-8-upgraded $x gives the same SHA-512 hash as does "$x$z" with a non-UTF-8-upgraded $x. This is because SHA-512 operates on bytes, not characters, and the concatenation of a UTF-8-upgraded string with a byte-string causes the byte-string to be UTF-8-upgraded.




回答2:


You have an encoding problem, namely the lack thereof. The digest functions operate on octets. You give it characters, which is wrong.

Course of action: encode your characters into octets. UTF-8 is a suitable encoding.

my $octets = Encode::encode('UTF-8', $characters, Encode::FB_CROAK);
# add salt to octets
# produce digest


来源:https://stackoverflow.com/questions/9780780/utf8-on-in-dancer-but-not-script

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!