OStack程序员社区-中国程序员成长平台

标题: ios - SecKeyRawVerify 与 iOS 4.3 和 iOS 5.0 是否存在任何已知的不兼容性 [打印本页]

作者: 菜鸟教程小白    时间: 2022-12-12 10:55
标题: ios - SecKeyRawVerify 与 iOS 4.3 和 iOS 5.0 是否存在任何已知的不兼容性

我正在尝试使用 http://blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios/ 中提到的确切方法使用公钥验证数据。 .

我使用模拟器 iOS 6.1、iOS 4.3 和 iOS 5.0 测试了我的代码。它适用于 iOS 6.1,但不适用于 iOS 4.3 和 iOS 5.0。在 iOS 4.3 和 iOS 5.0 上,SecKeyRawVerify 失败,错误代码为 -50(其中一个输入参数错误)。

有人知道这里出了什么问题吗?

下面是我正在使用的验证功能的代码。使用的函数的定义请看 here

代码:

+ (SecKeyRef)getPublicKeyRefNSString*)key
{
    NSString* tag = @"com.publickey";

    NSString *s_key = [NSString string];
    NSArray  *a_key = [key componentsSeparatedByString"\n"];
    BOOL     f_key  = FALSE;

    for (NSString *a_line in a_key) {
        if ([a_line isEqualToString"-----BEGIN PUBLIC KEY-----"]) {
            f_key = TRUE;
        }
        else if ([a_line isEqualToString"-----END PUBLIC KEY-----"]) {
            f_key = FALSE;
        }
        else if (f_key) {
            s_key = [s_key stringByAppendingString:a_line];
        }
    }
    if (s_key.length == 0) return(FALSE);

    // This will be base64 encoded, decode it.
    NSData *d_key = [Base64 decode:s_key];//[NSData dataFromBase64String:s_key];
    d_key = [CryptoUtil stripPublicKeyHeader:d_key];
    if (d_key == nil) return(FALSE);

    NSData *d_tag = [NSData dataWithBytes:[tag UTF8String] length:[tag length]];

    // Delete any old lingering key with the same tag
    NSMutableDictionary *publicKey = [[NSMutableDictionary alloc] init];
    [publicKey setObjectid) kSecClassKey forKeyid)kSecClass];
    [publicKey setObjectid) kSecAttrKeyTypeRSA forKeyid)kSecAttrKeyType];
    [publicKey setObject:d_tag forKeyid)kSecAttrApplicationTag];
    SecItemDelete((CFDictionaryRef)publicKey);

    CFTypeRef persistKey = nil;

    // Add persistent version of the key to system keychain
    [publicKey setObject:d_key forKeyid)kSecValueData];
    [publicKey setObjectid) kSecAttrKeyClassPublic forKeyid)kSecAttrKeyClass];
    [publicKey setObject:[NSNumber numberWithBool:YES] forKeyid)kSecReturnPersistentRef];

    OSStatus secStatus = SecItemAdd((CFDictionaryRef)publicKey, &persistKey);
    if (persistKey != nil) CFRelease(persistKey);

    if ((secStatus != noErr) && (secStatus != errSecDuplicateItem)) {
        [publicKey release];
        return(FALSE);
    }

    // Now fetch the SecKeyRef version of the key
    SecKeyRef keyRef = nil;

    [publicKey removeObjectForKey:(id)kSecValueData];
    [publicKey removeObjectForKey:(id)kSecReturnPersistentRef];
    [publicKey setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnRef];
    [publicKey setObject:(id) kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType];
    secStatus = SecItemCopyMatching((CFDictionaryRef)publicKey,(CFTypeRef *)&keyRef);

    [publicKey release];

    if (keyRef == nil) return(FALSE);

    return keyRef;
}

+ (BOOL)verifyMessage:(NSString *)msg forSignature:(NSString*)signature forPublicKey:(NSString*)publicKey
{
    // Search for the two sections: Data and a signature.
    NSString *s_data = msg, *s_signature = signature;

    if ((s_data.length == 0) || (s_signature.length == 0)) return(FALSE);

    // These will be base64 encoded, decode them.
    NSData *d_data = [s_data dataUsingEncoding:NSUTF8StringEncoding];
    if (d_data == nil) return(FALSE);

    NSData *d_signature = [Base64 decode:s_signature];
    if (d_signature == nil) return(FALSE);

    // Make SHA-256 hash of the data
    uint8_t h_data[CC_SHA256_DIGEST_LENGTH];
    CC_SHA256(d_data.bytes, d_data.length, h_data);
    NSData* d_hash = [NSData dataWithBytes:h_data length:CC_SHA256_DIGEST_LENGTH];

    // The signature is generated against the binary form of the data, validate
    //it.
    BOOL valid = FALSE;

    OSStatus secStatus = SecKeyRawVerify([CryptoUtil getPublicKeyRef:publicKey],
                                     kSecPaddingPKCS1SHA256,
                                     d_hash.bytes, d_hash.length,
                                     d_signature.bytes,
                                     d_signature.length);
    if (secStatus == errSecSuccess) {
        valid = TRUE;
    }

    return(valid);
}

错误代码: SecKeyRawVerify 在 iOS 5.0 和 iOS 4.3 上失败,错误代码为 -50(输入参数之一错误),但在 iOS 6.1 上调用成功。

提前致谢。



Best Answer-推荐答案


找到不工作的原因,kSecPaddingPKCS1SHA256 只支持iOS 6.0 以上。 http://developer.apple.com/library/ios/#releasenotes/General/iOS60APIDiffs/index.html

关于ios - SecKeyRawVerify 与 iOS 4.3 和 iOS 5.0 是否存在任何已知的不兼容性,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16503961/






欢迎光临 OStack程序员社区-中国程序员成长平台 (https://ostack.cn/) Powered by Discuz! X3.4