我正在尝试验证从下面的 NIST 下载的样本的签名。但我收到以下错误:
retval=0 err='error:0407006A:lib(4):func(112):reason(106)' - 这是 RSA_padding_check_PKCS1_type_1:block type is not 01
签名验证应该根据我提供的数据输入通过。我不明白我在代码中哪里做错了。任何帮助表示赞赏。
Openssl 版本 0.9.8L 这里是测试代码(请复制粘贴到记事本查看完整):
/*
VECTOR SOURCE: csrc.nist.gov/groups/STM/cavp/documents/dss/RSAVS.pdf
B.1.3 SigVerRSA.req., it's "Result = P" as per B.3.3 SigVerRSA.rsp
# CAVS 3.2
# "SigVer RSA (X9.31)" information for "testshas"
# Mod sizes selected: 1024 1536
# SHA Algorithm selected:SHA1 SHA256 SHA384 SHA512
# Generated on Wed Apr 28 08:35:11 2004
[mod = 1024]
n =
9ec4d483330916b69eee4e9b7614eafc4fbf60e74b5127a3ff5bd9d48c7ecf8418d94d1e60388bb68546f8bc92deb1974b9def6748fbb4ec93029ea8b7bea36f61c5c6aeedfd512a0f765846fad5edacb08c3d75cf1d43b48b394c94323c3f3e9ba6612f93fe2900134217433afb088b5ca33fc4e6b270194df077d2b6592743
SHAAlg = SHA1
e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003
Msg =
b915e774b083e8cec80929cfbc89d87bd046f65cb43e5e78acba0380ee23794a4b17b78112bc1b9c3254ae0c9e12aabaf62c39b063328016c39edc6106ac6bc7d76ccff67f152e05079c7dab9d85ffaf3afa089f811a07c5e993c3571e73e5eea53bb739bf352bf391081f12818adf42e3d5ec91d59dfc6c67c141ca001feea7
S =
1c886e8041a0bfa57320c2033ac37eb2f8d8a96d42f3187b0f9164f37a0ce270ba35602a1e27c96fb6e2fdcfb25b00da1cceeb146f6a3320de97594d6de8664d3055142d408fc28c47dd380847d92450fad37535d366aabced070cc1fff6a6e023e2ce64e9e1914e82f384688c63beada87dd0ab7117b5d4c1129e39b40d2440
*/
int verfiysignature (void)
{
int retval;
EVP_PKEY pkey;
EVP_MD_CTX ctx;
RSA *rsa;
char testbuffer[512];
unsigned char testN[128] = {0x9e,0xc4,0xd4,0x83,0x33,0x09,0x16,0xb6,0x9e,0xee,0x4e,0x9b,0x76,0x14,0xea,0xfc,0x4f,0xbf,0x60,0xe7,0x4b,0x51,0x27,0xa3,0xff,0x5b,0xd9,0xd4,0x8c,0x7e,0xcf,0x84,0x18,0xd9,0x4d,0x1e,0x60,0x38,0x8b,0xb6,0x85,0x46,0xf8,0xbc,0x92,0xde,0xb1,0x97,0x4b,0x9d,0xef,0x67,0x48,0xfb,0xb4,0xec,0x93,0x02,0x9e,0xa8,0xb7,0xbe,0xa3,0x6f,0x61,0xc5,0xc6,0xae,0xed,0xfd,0x51,0x2a,0x0f,0x76,0x58,0x46,0xfa,0xd5,0xed,0xac,0xb0,0x8c,0x3d,0x75,0xcf,0x1d,0x43,0xb4,0x8b,0x39,0x4c,0x94,0x32,0x3c,0x3f,0x3e,0x9b,0xa6,0x61,0x2f,0x93,0xfe,0x29,0x00,0x13,0x42,0x17,0x43,0x3a,0xfb,0x08,0x8b,0x5c,0xa3,0x3f,0xc4,0xe6,0xb2,0x70,0x19,0x4d,0xf0,0x77,0xd2,0xb6,0x59,0x27,0x43};
unsigned char testE[1] = {0x03};
unsigned char testMsg[128] = {0xb9,0x15,0xe7,0x74,0xb0,0x83,0xe8,0xce,0xc8,0x09,0x29,0xcf,0xbc,0x89,0xd8,0x7b,0xd0,0x46,0xf6,0x5c,0xb4,0x3e,0x5e,0x78,0xac,0xba,0x03,0x80,0xee,0x23,0x79,0x4a,0x4b,0x17,0xb7,0x81,0x12,0xbc,0x1b,0x9c,0x32,0x54,0xae,0x0c,0x9e,0x12,0xaa,0xba,0xf6,0x2c,0x39,0xb0,0x63,0x32,0x80,0x16,0xc3,0x9e,0xdc,0x61,0x06,0xac,0x6b,0xc7,0xd7,0x6c,0xcf,0xf6,0x7f,0x15,0x2e,0x05,0x07,0x9c,0x7d,0xab,0x9d,0x85,0xff,0xaf,0x3a,0xfa,0x08,0x9f,0x81,0x1a,0x07,0xc5,0xe9,0x93,0xc3,0x57,0x1e,0x73,0xe5,0xee,0xa5,0x3b,0xb7,0x39,0xbf,0x35,0x2b,0xf3,0x91,0x08,0x1f,0x12,0x81,0x8a,0xdf,0x42,0xe3,0xd5,0xec,0x91,0xd5,0x9d,0xfc,0x6c,0x67,0xc1,0x41,0xca,0x00,0x1f,0xee,0xa7};
unsigned char testSig[128] = {0x1c,0x88,0x6e,0x80,0x41,0xa0,0xbf,0xa5,0x73,0x20,0xc2,0x03,0x3a,0xc3,0x7e,0xb2,0xf8,0xd8,0xa9,0x6d,0x42,0xf3,0x18,0x7b,0x0f,0x91,0x64,0xf3,0x7a,0x0c,0xe2,0x70,0xba,0x35,0x60,0x2a,0x1e,0x27,0xc9,0x6f,0xb6,0xe2,0xfd,0xcf,0xb2,0x5b,0x00,0xda,0x1c,0xce,0xeb,0x14,0x6f,0x6a,0x33,0x20,0xde,0x97,0x59,0x4d,0x6d,0xe8,0x66,0x4d,0x30,0x55,0x14,0x2d,0x40,0x8f,0xc2,0x8c,0x47,0xdd,0x38,0x08,0x47,0xd9,0x24,0x50,0xfa,0xd3,0x75,0x35,0xd3,0x66,0xaa,0xbc,0xed,0x07,0x0c,0xc1,0xff,0xf6,0xa6,0xe0,0x23,0xe2,0xce,0x64,0xe9,0xe1,0x91,0x4e,0x82,0xf3,0x84,0x68,0x8c,0x63,0xbe,0xad,0xa8,0x7d,0xd0,0xab,0x71,0x17,0xb5,0xd4,0xc1,0x12,0x9e,0x39,0xb4,0x0d,0x24,0x40};
rsa = RSA_new();
rsa->n = BN_bin2bn(testN, 128, rsa->n);
rsa->e = BN_bin2bn(testE, 1, rsa->e);
rsa->d = 0;
rsa->p = 0;
rsa->q = 0;
pkey.type = EVP_PKEY_RSA;
pkey.pkey.rsa = rsa;
EVP_MD_CTX_init (&ctx);
ctx.flags |= EVP_MD_CTX_FLAG_PAD_X931;
if (EVP_VerifyInit_ex (&ctx, EVP_sha1(), NULL))
{
if (EVP_VerifyUpdate (&ctx, testMsg, 128))
{
retval = EVP_VerifyFinal (&ctx, testSig, 128, &pkey);
memset(testbuffer,0,sizeof(testbuffer));
printf("retval=%d err='%s'", retval, ERR_error_string(ERR_get_error(), testbuffer));
}
else
{
retval = -1;
}
}
else
{
retval = -1;
}
EVP_MD_CTX_cleanup (&ctx);
RSA_free (rsa);
return retval;
}