Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Verify Signature for RSA256 using PSS [iOS Client] [C++]
87 views
Skip to first unread message
bdoy...@gmail.com
Sep 19, 2017, 6:16:12 AM9/19/17
to
Hello,
Has anybody successfully used PSS and has a moment to look over my client side implementation?
I'm working with a server that has recently implemented RSASSA_PSS using BouncyCastle.
Using the following settings.
In my iOS client I am trying to use OpenSSL to verify the signature.
I've written a method for this but seems to fail at the
status = RSA_verify_PKCS1_PSS(pRsaKey, pDigest, EVP_sha256(), decrypted, -2 /* salt length recovered from signature*/);
as the return code(status) is always 0.
It may be something I've done wrong earlier as I'm not proficient with the C language so it is likely simple mistakes could have been made.
- (BOOL)verifySignatureRSAPPS_SHA256:(NSData *)signedData signature:(NSData *)serverSignature
{
RSA* pRsaKey = NULL;
unsigned char pDigest[32];
size_t uDigestLen = 32;
char* pcData = (char*) [signedData bytes];
int iLength = (int)[signedData length];
char * sig = (char*)[serverSignature bytes];
int sigLength = (int)[serverSignature length];
char * decrypted = malloc(sigLength);
#if OPENSSL_VERSION_NUMBER >= 0x10100001L
EVP_MD_CTX *md_ctx;
#else
EVP_MD_CTX md_ctx;
#endif
pRsaKey = RSA_generate_key(1024, 0x010001, NULL, NULL);
#if OPENSSL_VERSION_NUMBER >= 0x10100001L
md_ctx = EVP_MD_CTX_new();
EVP_DigestInit(md_ctx, EVP_sha256());
EVP_DigestUpdate(md_ctx, pcData, iLength);
EVP_DigestFinal(md_ctx, pDigest, &uDigestLen);
EVP_MD_CTX_free(md_ctx);
#else
EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_sha256());
EVP_DigestUpdate(&md_ctx, pcData, iLength);
EVP_DigestFinal(&md_ctx, pDigest, (unsigned int *)&uDigestLen);
EVP_MD_CTX_cleanup(&md_ctx);
#endif
int status = RSA_public_decrypt(RSA_size(pRsaKey), sig, decrypted, pRsaKey, RSA_NO_PADDING);
// status always seems to get returned as 128
if (status == -1)
{
NSLog(@"RSA_public_decrypt failed with error %s ",ERR_error_string(ERR_get_error(), NULL));
}
status = RSA_verify_PKCS1_PSS(pRsaKey, pDigest, EVP_sha256(), decrypted, -2 /* salt length recovered from signature*/);
// status is always 0
if (status == 1)
{
NSLog(@"Signature verification successfull!");
return true;
}
else
{
NSLog(@"RSA_verify_PKCS1_PSS failed with error %s", ERR_error_string(ERR_get_error(), NULL));
}
if (status != noErr)
{
NSString * errorString = [DeviceAuthenticatorException createStringWithErrorCode:status];
[DeviceAuthenticatorException raise:RAISE_CRYPTO_OP_FAILED format:@"%@%@%@", @" --- ", RSA_SIGNATURE_FAILED, errorString];
}
return false;
}
Thanks,
BS
Has anybody successfully used PSS and has a moment to look over my client side implementation?
I'm working with a server that has recently implemented RSASSA_PSS using BouncyCastle.
Using the following settings.
In my iOS client I am trying to use OpenSSL to verify the signature.
I've written a method for this but seems to fail at the
status = RSA_verify_PKCS1_PSS(pRsaKey, pDigest, EVP_sha256(), decrypted, -2 /* salt length recovered from signature*/);
as the return code(status) is always 0.
It may be something I've done wrong earlier as I'm not proficient with the C language so it is likely simple mistakes could have been made.
- (BOOL)verifySignatureRSAPPS_SHA256:(NSData *)signedData signature:(NSData *)serverSignature
{
RSA* pRsaKey = NULL;
unsigned char pDigest[32];
size_t uDigestLen = 32;
char* pcData = (char*) [signedData bytes];
int iLength = (int)[signedData length];
char * sig = (char*)[serverSignature bytes];
int sigLength = (int)[serverSignature length];
char * decrypted = malloc(sigLength);
#if OPENSSL_VERSION_NUMBER >= 0x10100001L
EVP_MD_CTX *md_ctx;
#else
EVP_MD_CTX md_ctx;
#endif
pRsaKey = RSA_generate_key(1024, 0x010001, NULL, NULL);
#if OPENSSL_VERSION_NUMBER >= 0x10100001L
md_ctx = EVP_MD_CTX_new();
EVP_DigestInit(md_ctx, EVP_sha256());
EVP_DigestUpdate(md_ctx, pcData, iLength);
EVP_DigestFinal(md_ctx, pDigest, &uDigestLen);
EVP_MD_CTX_free(md_ctx);
#else
EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_sha256());
EVP_DigestUpdate(&md_ctx, pcData, iLength);
EVP_DigestFinal(&md_ctx, pDigest, (unsigned int *)&uDigestLen);
EVP_MD_CTX_cleanup(&md_ctx);
#endif
int status = RSA_public_decrypt(RSA_size(pRsaKey), sig, decrypted, pRsaKey, RSA_NO_PADDING);
// status always seems to get returned as 128
if (status == -1)
{
NSLog(@"RSA_public_decrypt failed with error %s ",ERR_error_string(ERR_get_error(), NULL));
}
status = RSA_verify_PKCS1_PSS(pRsaKey, pDigest, EVP_sha256(), decrypted, -2 /* salt length recovered from signature*/);
// status is always 0
if (status == 1)
{
NSLog(@"Signature verification successfull!");
return true;
}
else
{
NSLog(@"RSA_verify_PKCS1_PSS failed with error %s", ERR_error_string(ERR_get_error(), NULL));
}
if (status != noErr)
{
NSString * errorString = [DeviceAuthenticatorException createStringWithErrorCode:status];
[DeviceAuthenticatorException raise:RAISE_CRYPTO_OP_FAILED format:@"%@%@%@", @" --- ", RSA_SIGNATURE_FAILED, errorString];
}
return false;
}
Thanks,
BS
Robert Rodriguez
Jul 19, 2023, 7:20:03 AM7/19/23
to
The company will carefully remove the broken spring https://garagedoorrepairhampton.com/garage-door-replacement/, thoroughly inspect it and then install a replacement spring.
0 new messages