首页 / 技术问答 / Php问答列表 / 问答详情

为什么 ECDSA 384 签名验证在 GO 中失败,但在 PHP 中却没有

我面临着一个问题,我必须验证智能卡产生的签名.签名在ECDSA 384中,使用的消息是SHA-384散列字符串的两个字节数组(连接在一起).我有一个用PHP编写的样例代码来执行签名验证,它可以正常工作.然而,当我试图在围棋中重现相同类型的验证时,无论我如何try ,我都无法验证签名.

我相信在GO中散列的原始消息有问题,它没有验证它,但我找不出我做错了什么.也许有人能指出真正的原因是什么?我将把带有样本数据的PHP和GO代码样本放在这里进行验证:

以下是用于验证PHP ECDSA 384签名的代码:

<?php

function p1363_to_asn1(string $p1363): string {
    // P1363 format: r followed by s.

    // ASN.1 format: 0x30 b1 0x02 b2 r 0x02 b3 s.
    //
    // r and s must be prefixed with 0x00 if their first byte is > 0x7f.
    //
    // b1 = length of contents.
    // b2 = length of r after being prefixed if necessary.
    // b3 = length of s after being prefixed if necessary.

    $asn1  = '';                        // ASN.1 contents.
    $len   = 0;                         // Length of ASN.1 contents.
    $c_len = intdiv(strlen($p1363), 2); // Length of each P1363 component.

    // Separate P1363 signature into its two equally sized components.
    foreach (str_split($p1363, $c_len) as $c) {
        // 0x02 prefix before each component.
        $asn1 .= "\x02";

        if (unpack('C', $c)[1] > 0x7f) {
            // Add 0x00 because first byte of component > 0x7f.
            // Length of component = ($c_len + 1).
            $asn1 .= pack('C', $c_len + 1) . "\x00";
            $len += 2 + ($c_len + 1);
        } else {
            $asn1 .= pack('C', $c_len);
            $len += 2 + $c_len;
        }

        // Append formatted component to ASN.1 contents.
        $asn1 .= $c;
    }

    // 0x30 b1, then contents.
    return "\x30" . pack('C', $len) . $asn1;
}

$public_key_pem = "-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJ4dnbrsp2Ee8HstJ3ubDDzJuf5E2+N7J
H36jxJtX568mL7hGYo/U/ooUqtcZLd5pS6kLBFkLWeP58BlVxxru+n225WTp0PiI
kJudSFwdmHR16+WTbxJSyOaQAoyM6xWA
-----END PUBLIC KEY-----";
$public_key = openssl_pkey_get_public($public_key_pem);

$signature = "QfXwpqkDtL95mmcTA2BknDY32Ds6i+NdLPRqlbi2+niQOLgsSJMRVVALLQ7b50LQXRsRiPfiYi+m9WXAJxCE3aO20feTQWcVR1SP+LYXQUIZKqrijm3VW/GHtGMhjlqv";
$nounce = "MPAeifrL7Z/dFPZcAukaTWxsZ+h4E7jtWsKzltx3YujjJuOOWw8dgzgKfm3a";
$origin = "https://192.168.1.3:8441";

$origin_digest = openssl_digest($origin, "sha384", true);
$nounce_digest = openssl_digest($nounce, "sha384", true);

$result = openssl_verify($origin_digest.$nounce_digest, p1363_to_asn1(base64_decode($signature)), $public_key, OPENSSL_ALGO_SHA384);

if ($result == 1) {
    echo "signature is valid for given data.";
} elseif ($result == 0) {
    echo "signature is invalid for given data.";
} else {
    echo "Error: ".openssl_error_string();
}

以下是我在围棋中try 验证ECDSA 384签名的代码:

package main

import (
    "crypto/ecdsa"
    "crypto/sha512"
    "crypto/x509"
    "encoding/base64"
    "encoding/pem"
    "fmt"
    "math/big"
)

func main() {

    idCardPublicKey := []byte(LoadIDCardPublicPem())
    nonce := "MPAeifrL7Z/dFPZcAukaTWxsZ+h4E7jtWsKzltx3YujjJuOOWw8dgzgKfm3a"
    origin := "https://192.168.1.3:8441"
    webeidSig := "QfXwpqkDtL95mmcTA2BknDY32Ds6i+NdLPRqlbi2+niQOLgsSJMRVVALLQ7b50LQXRsRiPfiYi+m9WXAJxCE3aO20feTQWcVR1SP+LYXQUIZKqrijm3VW/GHtGMhjlqv"
    sigVerified := VerifySignature(idCardPublicKey, nonce, origin, webeidSig)
    fmt.Println("SIG VERIFIED: ", sigVerified)

}

func VerifySignature(publicKeyByte []byte, nounce string, origin string, signatureBase64 string) bool {
    block, _ := pem.Decode(publicKeyByte)
    parseResultPublicKey, err := x509.ParsePKIXPublicKey(block.Bytes)
    fmt.Println("PARSE ERR: ", err)
    publicKey := parseResultPublicKey.(*ecdsa.PublicKey)

    originHash := sha512.New384()
    _, err2 := originHash.Write([]byte(origin))
    if err2 != nil {
        panic(err2)
    }
    originHashSum := originHash.Sum(nil)

    nounceHash := sha512.New384()
    _, err2 = nounceHash.Write([]byte(nounce))
    if err2 != nil {
        panic(err2)
    }
    nounceHashSum := nounceHash.Sum(nil)

    originHashSum = append(originHashSum, nounceHashSum...)

    signature := []byte(Base64Decoding(signatureBase64))
    rByte, sByte := signature[:len(signature)/2], signature[len(signature)/2:]
    r := new(big.Int)
    r.SetBytes(rByte)
    s := new(big.Int)
    s.SetBytes(sByte)

    valid := ecdsa.Verify(publicKey, originHashSum[:], r, s)
    return valid
}

func LoadIDCardPublicPem() []byte {
    return []byte(`-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJ4dnbrsp2Ee8HstJ3ubDDzJuf5E2+N7J
H36jxJtX568mL7hGYo/U/ooUqtcZLd5pS6kLBFkLWeP58BlVxxru+n225WTp0PiI
kJudSFwdmHR16+WTbxJSyOaQAoyM6xWA
-----END PUBLIC KEY-----`)
}

func Base64Decoding(input string) []byte {
    data, err := base64.StdEncoding.DecodeString(input)
    if err != nil {
        return data
    }
    return data
}

推荐答案

openssl_verify()个哈希隐含,ecdsa.Verify()个不隐含.即在GO代码中缺少originHashSum的散列:

...
originHashSum = append(originHashSum, nounceHashSum...)

// Fix: Explicit hashing
finalHash := sha512.New384()
_, err2 = finalHash.Write([]byte(originHashSum))
if err2 != nil {
    panic(err2)
}
finalHashSum := finalHash.Sum(nil)
    
...
    
valid := ecdsa.Verify(publicKey, finalHashSum[:], r, s)
...

Php相关问答推荐

条纹 checkout :订阅试用版和额外付款(add_invoice_items)错误

添加自定义Metabox到WooCommerce管理订单,启用HPOS

从WooCommerce邮箱通知中的订单详细信息中删除产品列表

基于验证动态更改输入字段类(名称密码)&

如何使用ms graph php sdk v2列出具有已知路径的DriveItem的子项

PHP原始数据读取引发max_input_vars错误

如何删除Foreach语句中的重复值?

WooCommerce我的帐户:从帖子作者处获取自定义帖子类型帖子ID

在WooCommerce中设置带有国家/地区和年份前缀的顺序序号

用于计算付款费用的WooCommerce管理编辑产品中的自定义复选框

如何使用php一次更新两个数据库中的MySQL表

打折时更改 Woocommerce 产品名称

如何处理 Null 上的 array_shift() ?

如何判断php中wordpress路径之外的文件夹是否存在?

加载 Xdebug PHP 7.4.0 失败

如何使用不同的方法编写嵌套连接查询并将两列连接成一列在 laravel 查询生成器中

在WooCommerce我的账户单个订单页面中添加订单商品部分和按钮

NetBeans 不显示中文内容

用于多态服务的 Symfony setter 注入

根据数组中的文本文件编号显示星级

实用课程推荐
相关教程推荐
休闲君评测 |  TOOLFK工具网 |  古诗文网 |  良许Linux教程网 |  Python之禅 |  红色石头 |  入党申请书 | 

© 2020 Hi LearnFk 意见反馈 免责声明 关于我们 桂ICP备11002319号-3 友链&广告位+QQ: 1963612630