我正在使用嵌入式系统中的RSA加密。为此,我将使用polarssl代码。
我的加密工作在128位,但我遇到了签名部分的问题。 当我运行代码时,我在验证时出现填充错误(POLARSSL_ERR_RSA_INVALID_PADDING -0x4100)
以下是代码。问题代码即将结束,顶线是加密。仍然有用的背景信息。
int main()
{
size_t len;
rsa_context rsa;
unsigned char rsa_plaintext[PT_LEN];
unsigned char rsa_decrypted[PT_LEN];
unsigned char rsa_ciphertext[KEY_LEN];
unsigned char rsa_hash[PT_LEN];
unsigned char rsa_sig_out[PT_LEN];
unsigned char rsa_hash_result[PT_LEN];
rsa_init( &rsa, RSA_PKCS_V15, 0 );
rsa.len = KEY_LEN;
mpi_read_string( &rsa.N , 16, RSA_N );
mpi_read_string( &rsa.E , 16, RSA_E );
mpi_read_string( &rsa.D , 16, RSA_D );
mpi_read_string( &rsa.P , 16, RSA_P );
mpi_read_string( &rsa.Q , 16, RSA_Q );
mpi_read_string( &rsa.DP, 16, RSA_DP );
mpi_read_string( &rsa.DQ, 16, RSA_DQ );
mpi_read_string( &rsa.QP, 16, RSA_QP );
// Checking the public and private keys
if( rsa_check_pubkey( &rsa ) != 0 ||
rsa_check_privkey( &rsa ) != 0 ) {
printf( "Public/Private key error! \n" );
exit(0);
}
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
if( rsa_pkcs1_encrypt( &rsa, &myrand, NULL, RSA_PUBLIC, PT_LEN,
rsa_plaintext, rsa_ciphertext ) != 0 ) {
printf( "Encryption failed! \n" );
exit(0);
}
if( rsa_pkcs1_decrypt( &rsa, &myrand, NULL, RSA_PRIVATE, &len,
rsa_ciphertext, rsa_decrypted,
sizeof(rsa_decrypted) ) != 0 ) {
printf( "Decryption failed! \n" );
exit(0);
}
if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 ) {
printf( "Compare failed! \n" );
exit(0);
}
printf("Oh when it all falls down!\n");
// Signing and Verifying message
sha2(rsa_plaintext, len, rsa_hash, 0); //hashing the message
if (rsa_pkcs1_sign( &rsa, &myrand, NULL, RSA_PRIVATE, SIG_RSA_SHA256, 0, rsa_hash, rsa_sig_out ) != 0) {
printf( "Signing failed! \n" );
exit(0);
}
/*
if (rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC, SIG_RSA_SHA256, 0, rsa_sig_out, rsa_hash_result ) != 0) {
printf( "Verifying signature failed! \n" );
exit(0);
}
*/
printf("Error Message!:%d \n", rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
SIG_RSA_SHA256, 0, rsa_sig_out, rsa_hash_result ));
exit(0);
if( memcmp( rsa_hash, rsa_hash_result, len ) != 0 )
{
printf( "Signature not verified! \n" );
exit(0);
}
rsa_free(&rsa);
return 0;
}
任何人都知道如何解决这个问题并继续前进。请告诉我。谢谢我在用于Windows的MinGw gcc编译器上运行它。 rsa代码依赖于bignum,md和sha2。
答案 0 :(得分:2)
散列失败的原因是您在签名前未填写rsa_hash或在验证前未填写rsa_hash_result。
rsa_pkcs1_sign()和rsa_pkcs1_verify()签名并验证呈现的哈希值。由于他们不知道数据,因此不会生成哈希。 (即rsa_plaintext和rsa_ciphertext永远不会输入签名或验证功能。)
因此,在致电rsa_pkcs1_sign()之前,您应该运行sha256(rsa_plaintext, rsa_hash);或sha256(rsa_ciphertext, rsa_hash);(取决于您的'协议'如何运作)。
然后在验证之前,您运行sha256(XXX, rsa_hash_result);并将该值提供给rsa_pkcs1_verify(),以便它可以实际验证您的哈希值。