SecKeyRawSign给出-50(errSecParam)错误 - 即使对于琐碎的苹果示例

时间:2012-05-10 12:08:18

标签: iphone ios x509 pki

无法使SecKeySign()的基本版本工作(即将工作的OSX SecSignTransformCreate()/ SecTransformSetAttribute()/ SecTransformExecute()移植到iOS):

代码几乎与http://developer.apple.com/library/ios/#samplecode/CryptoExercise/Listings/Classes_SecKeyWrapper_m.html相同 - 尽管进一步简化了。

首先 - 设置 - 按照上面的链接。没有变化。

const char someData[] = "No one loves pain itself, but those who seek...";

NSData * blob = [NSData dataWithBytes:someData length:sizeof(someData)];
assert(blob);

SecKeyRef publicKeyRef, privateKeyRef;
int keySize = 2048;

OSStatus sanityCheck = noErr;
NSMutableDictionary * privateKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary * publicKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary * keyPairAttr = [[NSMutableDictionary alloc] init];

// attribute dictionaries for 2048 bit RSA key pair.
//
[keyPairAttr setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
[keyPairAttr setObject:[NSNumber numberWithUnsignedInteger:keySize] forKey:(__bridge id)kSecAttrKeySizeInBits];
[privateKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecAttrIsPermanent];
[publicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecAttrIsPermanent];
[keyPairAttr setObject:privateKeyAttr forKey:(__bridge id)kSecPrivateKeyAttrs];
[keyPairAttr setObject:publicKeyAttr forKey:(__bridge id)kSecPublicKeyAttrs];

实际工作从生成密钥对开始:

sanityCheck = SecKeyGeneratePair((__bridge CFDictionaryRef)keyPairAttr, &publicKeyRef, &privateKeyRef);
assert(sanityCheck == noErr);

NSLog(@"Pub/Priv: %@/%@", publicKeyRef, privateKeyRef);
在我能看到的范围内,它的作用非常出色。

麻烦在于用它们签字;或者更确切地说是签署:

// Zero-ed Buffer for the signature.
//
size_t signatureBytesSize = SecKeyGetBlockSize(privateKeyRef);
assert(signatureBytesSize == keySize / 8);

uint8_t * signatureBytes = malloc( signatureBytesSize * sizeof(uint8_t) );
memset((void *)signatureBytes, 0x0, signatureBytesSize);

// Sign the binary blob; with type 1 padding.
//
sanityCheck = SecKeyRawSign(privateKeyRef,
                            kSecPaddingPKCS1,
                            (const uint8_t *)[blob bytes], [blob length],
                            (uint8_t *)signatureBytes, &signatureBytesSize
                            );
assert(sanityCheck == noErr);

总是返回-50 / errSecParam(传递给函数的一个或多个参数无效。)。

有什么建议吗?这是在一个真正的iPhone?

谢谢,

DW传递。

2 个答案:

答案 0 :(得分:0)

只要我可以解决 - SecKeyRawSign()唯一可接受的输入是SHA_DIGEST_LEN的数据块。其他任何事情都被拒绝了。

SHA1哈希值由此函数计算 - 因此只需要传递所需的空间。

我还没有找到指定SHA2或其他哈希的方法。

了Dw

答案 1 :(得分:0)

我的Xcode iOS单元测试项目失败,所有与Keychain相关的API都返回-50。我通过创建一个新的目标“单页”应用程序并将其设置为单元测试的主机来修复它。 How to take iOS Framework testing target and run it in a dummy app?