堆栈内存溢出
  简体   繁体   English

RSA签名验证因libtomcrypt而失败

[英]RSA signature verification failing with libtomcrypt

 原文  2019-04-10 13:34:44       c/ openssl/ mbedtls/ libtomcrypt

问题描述

I was using libtomcrypt for a project, in particular hashing and signing with RSA some data. 我在项目中使用libtomcrypt,特别是使用RSA哈希和签名一些数据。 Because of memory requirements I wanted to switch to mbedtls. 由于内存需求,我想切换到mbedtls。 However I noticed an issue when trying to verify with mbedtls a signature generated by libtomcrypt. 但是,当尝试使用mbedtls验证libtomcrypt生成的签名时,我注意到一个问题。 There is a padding (PKCS#1 PSS) decoding issue. 存在填充(PKCS#1 PSS)解码问题。

Because I didn't know which of these libraries was (maybe) having a bug I used openssl to verify. 因为我不知道这些库中的哪个(也许)有错误,所以我使用openssl进行了验证。

I successfully verified a signature generated with mbedtls with openssl and I had a verification failure when verifying one generated form libtomcrypt which makes me think libtomcrypt has a bug. 我用openssl成功地验证了由mbedtls生成的签名,并且在验证一个生成的形式libtomcrypt时出现验证失败,这使我认为libtomcrypt存在错误。

However because It could be a configuration issue so I created a repo with minimal examples with the hope someone could detect an issue coming from me and not from the library itself. 但是,因为这可能是配置问题,所以我创建了一个包含最少示例的存储库,希望有人可以检测到来自我而不是库本身的问题。

The test repo is here 测试仓库在这里

Thanks for any help received ! 感谢您的帮助!

1 个解决方案

解决方案1
 2 已采纳  2019-04-11 09:46:05

There's one important part missing, you should not be signing the data, but a hash of the data. 缺少一个重要部分,您不应该对数据进行签名,而应该对数据进行哈希处理。

Adding this fixes the issue: 添加此操作可解决以下问题: 

diff --git a/test-rsa-sign-verify-libtomcrypt-openssl.c b/test-rsa-sign-verify-
libtomcrypt-openssl.c
index 758994a..25e1312 100644
--- a/test-rsa-sign-verify-libtomcrypt-openssl.c
+++ b/test-rsa-sign-verify-libtomcrypt-openssl.c
@@ -9,6 +9,7 @@
 #include "openssl/err.h"
 #include "openssl/rsa.h"

+#define ERRORe(e) printf("%d: \"%s\"\n", __LINE__, error_to_string(e));
 #define ERROR() printf("Error at line : %d\n", __LINE__);

 char *data = "This is the data which will be hashed and then signed by RSA";
@@ -57,10 +58,18 @@ int main(void)
     printf("* Random number generator registered\n");

     size_t data_length = strlen(data);
+
+    uint8_t hash[32];
+    unsigned long hash_length = sizeof(hash);
+    if ((err = hash_memory(hash_idx, data, data_length, hash, &hash_length)) != CRYPT_OK) {
+       ERRORe(err);
+       return -1;
+    }
+
     unsigned long signature_length = 256;
     unsigned char *signature = calloc(signature_length, sizeof(unsigned char));

-    err = rsa_sign_hash((const unsigned char *) data, data_length,
+    err = rsa_sign_hash((const unsigned char *) hash, hash_length,
                         signature, &signature_length,
                         NULL, prng_idx, hash_idx, 12,
                         &private_key);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 OpenSSL RSA 签名验证:散列和填充? - OpenSSL RSA signature verification: hash and padding? 如何使用 libtomcrypt 导入 RSA 公钥? - How do I use libtomcrypt to import an RSA public key? 尝试使用 libtomcrypt 库时 Contiki 节点类型创建错误(rsa 公钥生成) - Contiki mote type creation error when trying to use libtomcrypt library (rsa public key generation) 如何使用libtomcrypt库将公共密钥从二进制数组导入rsa_key类型? - How to import public key from binary array to rsa_key type using libtomcrypt library? PKCS#7签名验证 - PKCS#7 Signature Verification append RSA 签名到文本文件 - append RSA signature to a text file C中的XML签名验证库? - XML signature verification library in C? OpenSSL:RSA_verify()支持哪种RSA签名方案? - Openssl: What RSA Signature scheme is supported by RSA_verify() ? 在Polarssl C中签名和验证rsa签名 - Signing and Verifying rsa signature in polarssl c 使用RSA_PKCS1_OAEP_PADDING进行RSA签名 - to use RSA_PKCS1_OAEP_PADDING for RSA signature
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM