我面临一个问题,我必须验证智能卡生成的签名。签名位于 ECDSA 384 中,所使用的消息是 SHA-384 哈希字符串的两个字节数组(连接在一起)。我有一个用 PHP 编写的示例代码来执行签名验证,它按预期工作。但是,当我尝试在 GO 中重现相同类型的验证时,无论我如何尝试,我都无法验证签名。
我相信 GO 中的原始消息散列有问题,它没有验证它,但我无法弄清楚我做错了什么。也许有人可以指出实际原因是什么?我会把 PHP 和 GO 代码示例和示例数据放在这里进行验证:
这是PHP ECDSA 384签名验证的代码:
<?php
function p1363_to_asn1(string $p1363): string {
// P1363 format: r followed by s.
// ASN.1 format: 0x30 b1 0x02 b2 r 0x02 b3 s.
//
// r and s must be prefixed with 0x00 if their first byte is > 0x7f.
//
// b1 = length of contents.
// b2 = length of r after being prefixed if necessary.
// b3 = length of s after being prefixed if necessary.
$asn1 = ''; // ASN.1 contents.
$len = 0; // Length of ASN.1 contents.
$c_len = intdiv(strlen($p1363), 2); // Length of each P1363 component.
// Separate P1363 signature into its two equally sized components.
foreach (str_split($p1363, $c_len) as $c) {
// 0x02 prefix before each component.
$asn1 .= "\x02";
if (unpack('C', $c)[1] > 0x7f) {
// Add 0x00 because first byte of component > 0x7f.
// Length of component = ($c_len + 1).
$asn1 .= pack('C', $c_len + 1) . "\x00";
$len += 2 + ($c_len + 1);
} else {
$asn1 .= pack('C', $c_len);
$len += 2 + $c_len;
}
// Append formatted component to ASN.1 contents.
$asn1 .= $c;
}
// 0x30 b1, then contents.
return "\x30" . pack('C', $len) . $asn1;
}
$public_key_pem = "-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJ4dnbrsp2Ee8HstJ3ubDDzJuf5E2+N7J
H36jxJtX568mL7hGYo/U/ooUqtcZLd5pS6kLBFkLWeP58BlVxxru+n225WTp0PiI
kJudSFwdmHR16+WTbxJSyOaQAoyM6xWA
-----END PUBLIC KEY-----";
$public_key = openssl_pkey_get_public($public_key_pem);
$signature = "QfXwpqkDtL95mmcTA2BknDY32Ds6i+NdLPRqlbi2+niQOLgsSJMRVVALLQ7b50LQXRsRiPfiYi+m9WXAJxCE3aO20feTQWcVR1SP+LYXQUIZKqrijm3VW/GHtGMhjlqv";
$nounce = "MPAeifrL7Z/dFPZcAukaTWxsZ+h4E7jtWsKzltx3YujjJuOOWw8dgzgKfm3a";
$origin = "https://192.168.1.3:8441";
$origin_digest = openssl_digest($origin, "sha384", true);
$nounce_digest = openssl_digest($nounce, "sha384", true);
$result = openssl_verify($origin_digest.$nounce_digest, p1363_to_asn1(base64_decode($signature)), $public_key, OPENSSL_ALGO_SHA384);
if ($result == 1) {
echo "signature is valid for given data.";
} elseif ($result == 0) {
echo "signature is invalid for given data.";
} else {
echo "Error: ".openssl_error_string();
}
这是我在 GO 中用来尝试验证 ECDSA 384 签名的代码:
package main
import (
"crypto/ecdsa"
"crypto/sha512"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
"math/big"
)
func main() {
idCardPublicKey := []byte(LoadIDCardPublicPem())
nonce := "MPAeifrL7Z/dFPZcAukaTWxsZ+h4E7jtWsKzltx3YujjJuOOWw8dgzgKfm3a"
origin := "https://192.168.1.3:8441"
webeidSig := "QfXwpqkDtL95mmcTA2BknDY32Ds6i+NdLPRqlbi2+niQOLgsSJMRVVALLQ7b50LQXRsRiPfiYi+m9WXAJxCE3aO20feTQWcVR1SP+LYXQUIZKqrijm3VW/GHtGMhjlqv"
sigVerified := VerifySignature(idCardPublicKey, nonce, origin, webeidSig)
fmt.Println("SIG VERIFIED: ", sigVerified)
}
func VerifySignature(publicKeyByte []byte, nounce string, origin string, signatureBase64 string) bool {
block, _ := pem.Decode(publicKeyByte)
parseResultPublicKey, err := x509.ParsePKIXPublicKey(block.Bytes)
fmt.Println("PARSE ERR: ", err)
publicKey := parseResultPublicKey.(*ecdsa.PublicKey)
originHash := sha512.New384()
_, err2 := originHash.Write([]byte(origin))
if err2 != nil {
panic(err2)
}
originHashSum := originHash.Sum(nil)
nounceHash := sha512.New384()
_, err2 = nounceHash.Write([]byte(nounce))
if err2 != nil {
panic(err2)
}
nounceHashSum := nounceHash.Sum(nil)
originHashSum = append(originHashSum, nounceHashSum...)
signature := []byte(Base64Decoding(signatureBase64))
rByte, sByte := signature[:len(signature)/2], signature[len(signature)/2:]
r := new(big.Int)
r.SetBytes(rByte)
s := new(big.Int)
s.SetBytes(sByte)
valid := ecdsa.Verify(publicKey, originHashSum[:], r, s)
return valid
}
func LoadIDCardPublicPem() []byte {
return []byte(`-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJ4dnbrsp2Ee8HstJ3ubDDzJuf5E2+N7J
H36jxJtX568mL7hGYo/U/ooUqtcZLd5pS6kLBFkLWeP58BlVxxru+n225WTp0PiI
kJudSFwdmHR16+WTbxJSyOaQAoyM6xWA
-----END PUBLIC KEY-----`)
}
func Base64Decoding(input string) []byte {
data, err := base64.StdEncoding.DecodeString(input)
if err != nil {
return data
}
return data
}
openssl_verify()ecdsa.Verify()originHashSum...
originHashSum = append(originHashSum, nounceHashSum...)
// Fix: Explicit hashing
finalHash := sha512.New384()
_, err2 = finalHash.Write([]byte(originHashSum))
if err2 != nil {
panic(err2)
}
finalHashSum := finalHash.Sum(nil)
...
valid := ecdsa.Verify(publicKey, finalHashSum[:], r, s)
...