1. 首頁
  2. 問答
  3. iOS上的SecKeyRawVerify收到假錯誤

iOS上的SecKeyRawVerify收到假錯誤

2016-01-13 87 views
0

我正在用RSASHA-256對JWT進行簽名,並試圖在iOS SDK上對其進行驗證。iOS上的SecKeyRawVerify收到假錯誤

發送完整數據時,驗證通過。

但是,當篡改收到的數據時,我仍然收到誤報。

添加代碼在這裏:

// 
// NSData+VerifySignature.m 
// InsertFramework 
// 
// Created by yaniv1 on 1/13/16. 
// Copyright © 2016 Insert. All rights reserved. 
// 

#import "NSData+VerifySignature.h" 
#import "IIOStringEncoder.h" 
#import "IIOLog.h" 
#import "IIORSA.h" 

@implementation NSData (VerifySignature) 

-(NSArray *)createComponents{ 
    NSString *data =[[NSString alloc] initWithData:self encoding:NSUTF8StringEncoding]; 
NSArray *components = [data componentsSeparatedByString:@"."]; 
if (!components || [components count] != 3) { 
    IIOErrorLog(@"Invalid JWT received for verification"); 
    return nil; 
} 

return components; 
} 

-(NSData *)verifySignature:(NSHTTPURLResponse *)urlResponse { 

//Getting response header content-type and checking if it is jwt 
NSString *contentType = [[[urlResponse allHeaderFields][@"Content-Type"] componentsSeparatedByString:@";"] objectAtIndex:0]; 

if (![contentType isEqualToString:@"insert/jwt"]) 
{ 
    return nil; 
} 

NSArray *signatureComponents = [self createComponents]; 
if (!signatureComponents) { 
    return nil; 
} 

//JWT is seperated into his 3 components 
NSString *header = signatureComponents[0]; 
NSString *payload = signatureComponents[1]; 
NSString *signature = signatureComponents[2]; 

//Turining signature received in base64 to base64UrlEncoded 
NSData *base64UrlEncodedSig = [IIOStringEncoder dataWithBase64UrlEncodedString:signature]; 

SecKeyRef pKey = [IIORSA addPublicKey]; 
if (!pKey) { 
    IIOErrorLog(@"Failed to create public key, which results in verification failure"); 
    return nil; 
} 

//Creating the data to verify the signature, meaning the header.payload 
NSString *headerAndPayload = [[header stringByAppendingString:@"."] stringByAppendingString:payload]; 
NSData *dataHeaderAndPayload = [headerAndPayload dataUsingEncoding:NSUTF8StringEncoding]; 

//Verify the signature. For further details, go to 
BOOL status = SecKeyRawVerify (pKey, 
         kSecPaddingPKCS1SHA1, 
         (const uint8_t *)[dataHeaderAndPayload bytes], 
         (size_t)[dataHeaderAndPayload length], 
         (const uint8_t *)[base64UrlEncodedSig bytes], 
         (size_t)[base64UrlEncodedSig length] 
        ); 

if (!status) { 
    IIOErrorLog(@"Failed to verify signature"); 
    return nil; 
} 

NSData *payloadDecodedData = [[NSData alloc] initWithBase64EncodedString:payload options:0]; 

    return payloadDecodedData; 
} 

@end

可有人請指教?

來源

2016-01-13 YanivH

回答

1

該方法不返回BOOL。看到reference

OSStatus SecKeyRawVerify(SecKeyRef key, 
    SecPadding padding, 
    const uint8_t *signedData, 
    size_t signedDataLen, 
    const uint8_t *sig, 
    size_t sigLen);

來源

2016-01-13 10:20:06 trojanfoe

+1

有人比我快:) – SmokeDispenser

相關問題

 相關問題