SecKeyRawVerify在mac上验证但在iOS上使用-9809失败

时间:2015-06-12 15:39:44

标签: ios macos ssl cryptography commoncrypto

我需要在mac上对某些数据进行数字签名,然后在iOS上进行验证。所以我用开放的ssl生成了用于DER格式的公钥的RSA密钥对和证书(尝试使用SecKeyGeneratePair进行生成,但是将公钥导入iOS并且SecKeyRawVerify仍然不能使用相同的结果),并签署了我的Mac应用程序上的数据。然后,如果我在iOS验证中验证此数据失败并带有-9809错误代码,但如果在mac验证上执行相同的代码验证成功。

以下是我的验证码:

NSString* certPath = [[NSBundle mainBundle] pathForResource: @"Public" ofType:@"der"];
NSData* certificateData = [NSData dataWithContentsOfFile: certPath];

SecCertificateRef certificateFromFile = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData); // load the certificate

SecPolicyRef secPolicy = SecPolicyCreateBasicX509();

SecTrustRef trust;
OSStatus statusTrust = SecTrustCreateWithCertificates( certificateFromFile, secPolicy, &trust);
SecTrustResultType resultType;
OSStatus statusTrustEval =  SecTrustEvaluate(trust, &resultType);
SecKeyRef publicKey = SecTrustCopyPublicKey(trust);

NSString* licensingPolicyString = @"ZKL3YXtqtFcIeWRqSekNuCmtu/nvy3ApsbJ+8xad6cO/E8smLHGfDrTQ3h/38d0IMJcUThsVMyX8qtqILmPeTnBpZgJetBjb8kAfuPznzxOrIcYd27/50ThWv6guLqZL7j1apnfRZHAdMiozvEYH62sma1Q9qTl+W7qxEAxWs2AXDTQcF7nGciEM6MEohs8u879VNIE1VcPW8ahMoe25wf8pvBvrzE0z0MR4UFE3ZSWIeeQsiaUPYFwHbfQAOifaw/qIisjL5Su6WURoaSupWTMdQh3ZNyqZuYJaT70u8S7NgF3BzG8uBiYOUYsf6UayvkABmF0UuMdcvhPQefyhuXsiYWxsb3dFeGNoYW5nZSI6dHJ1ZSwiYWxsb3dTaGFmZXIiOnRydWUsInBvbGljeSBuYW1lIjp0cnVlfQ==";

size_t signedHashBytesSize  = SecKeyGetBlockSize(publicKey);

NSData* messageData = [[NSData alloc] initWithBase64EncodedData:[licensingPolicyString dataUsingEncoding: NSUTF8StringEncoding] options:0];

NSData* signatureData = [messageData subdataWithRange:NSMakeRange(0, signedHashBytesSize)];
NSData* rawMessageData = [messageData subdataWithRange: NSMakeRange(signedHashBytesSize, messageData.length - signedHashBytesSize)];


uint8_t sha1HashDigest[CC_SHA1_DIGEST_LENGTH];
CC_SHA1([rawMessageData bytes], (CC_LONG)[rawMessageData length], sha1HashDigest);

OSStatus verficationResult = SecKeyRawVerify(publicKey,  kSecPaddingPKCS1SHA1, sha1HashDigest, CC_SHA1_DIGEST_LENGTH, [signatureData bytes], [signatureData length]);
CFRelease(publicKey);
CFRelease(trust);
CFRelease(secPolicy);
CFRelease(certificateFromFile);
if (verficationResult == errSecSuccess) NSLog(@"Verified");

Mac和iOS的数字签名验证有什么不同吗?我没有在Apple的文档中找到任何关于它的信息。

1 个答案:

答案 0 :(得分:0)

经过一些标志/验证试验后,我发现从kSecPaddingPKCS1SHA1到kSecPaddingPKCS1更改填充协议到SecKeyRawVerify / SecKeyRawSign,解决了我的问题。不知道为什么它不能与kSecPaddingPKCS1SHA1一起使用,Apple的文档中没有描述弃用。另外,我没有尝试在iOS上使用此代码而不是8.3,所以可能是iOs8.3问题。

相关问题
最新问题