在iOS中的SecKeyRawVerify上收到误报

时间:2016-01-13 10:13:18

标签: ios objective-c

我正在使用RSASHA-256签署JWT并尝试在我的iOS SDK上验证它。

发送完整数据时,验证通过。

但是,在篡改收到的数据时,我仍然会收到误报。

在此处添加代码:

//
//  NSData+VerifySignature.m
//  InsertFramework
//
//  Created by yaniv1 on 1/13/16.
//  Copyright © 2016 Insert. All rights reserved.
//

#import "NSData+VerifySignature.h"
#import "IIOStringEncoder.h"
#import "IIOLog.h"
#import "IIORSA.h"

@implementation NSData (VerifySignature)

-(NSArray *)createComponents{
    NSString *data =[[NSString alloc] initWithData:self    encoding:NSUTF8StringEncoding];
NSArray *components = [data componentsSeparatedByString:@"."];
if (!components || [components count] != 3) {
    IIOErrorLog(@"Invalid JWT received for verification");
    return nil;
}

return components;
}

-(NSData *)verifySignature:(NSHTTPURLResponse *)urlResponse {

//Getting response header content-type and checking if it is jwt
NSString *contentType = [[[urlResponse allHeaderFields][@"Content-Type"] componentsSeparatedByString:@";"] objectAtIndex:0];

if (![contentType isEqualToString:@"insert/jwt"])
{
    return nil;
}

NSArray *signatureComponents = [self createComponents];
if (!signatureComponents) {
    return nil;
}

//JWT is seperated into his 3 components
NSString *header = signatureComponents[0];
NSString *payload = signatureComponents[1];
NSString *signature = signatureComponents[2];

//Turining signature received in base64 to base64UrlEncoded
NSData *base64UrlEncodedSig = [IIOStringEncoder dataWithBase64UrlEncodedString:signature];

SecKeyRef pKey = [IIORSA addPublicKey];
if (!pKey) {
    IIOErrorLog(@"Failed to create public key, which results in verification failure");
    return nil;
}

//Creating the data to verify the signature, meaning the header.payload
NSString *headerAndPayload = [[header stringByAppendingString:@"."] stringByAppendingString:payload];
NSData *dataHeaderAndPayload = [headerAndPayload dataUsingEncoding:NSUTF8StringEncoding];

//Verify the signature. For further details, go to
BOOL status = SecKeyRawVerify (pKey,
                      kSecPaddingPKCS1SHA1,
                      (const uint8_t *)[dataHeaderAndPayload bytes],
                      (size_t)[dataHeaderAndPayload length],
                      (const uint8_t *)[base64UrlEncodedSig bytes],
                      (size_t)[base64UrlEncodedSig length]
                      );

if (!status) {
    IIOErrorLog(@"Failed to verify signature");
    return nil;
}

NSData *payloadDecodedData = [[NSData alloc]   initWithBase64EncodedString:payload options:0];

    return payloadDecodedData;
}

@end

有人可以提出建议吗?

1 个答案:

答案 0 :(得分:1)

该方法不会返回BOOL。请参阅reference

OSStatus SecKeyRawVerify(SecKeyRef key,
    SecPadding padding,
    const uint8_t *signedData,
    size_t signedDataLen,
    const uint8_t *sig,
    size_t sigLen);
相关问题
最新问题