1

我正在尝试在我们较旧的 PHP 5.6 后端实现 WebAuthn 身份验证。但是通过检查的最终验证openssl_verify()给我带来了问题。我收到以下 asn1 错误:

0D0680A8:asn1 编码例程:ASN1_CHECK_TLEN:错误标签

有谁知道这意味着什么?公钥有什么问题?密钥具有有效资源。

还是该OPENSSL_ALGO_SHA256算法不支持源编码“ECDSA w/ SHA-256”?

代码示例:

$strData = '31341cd167aa4f6c63124ba7c8fd2ceb';
$strSignature = 'MEUCIQDTRfjvdX7CEBvWo29m+hngqO4HwNvpofEOUKvoy4ycewIgCTlGFUGk+0Xq+ejw/GoKRhafFJl02ZWLM9h/6R68uM4=';
$strPublicKey = 
'-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0iqlixe2nziH6sEv2eq0psxDlVnC
eLTM/GTwRzWdK4D9+8qbzXH6q5X9rYUuIWPxZoqY5hImjFIdJi7IjOvZJg==
-----END PUBLIC KEY-----';

$intCheckPublicKey = openssl_pkey_get_public($strCheckPublicKey);

// verify which should succeed
$alg        = OPENSSL_ALGO_SHA256;
$intSuccess = openssl_verify($strData, strSignature, $intCheckPublicKey, $alg);

if ($intSuccess === -1) {
    echo "openssl_verify() failed with error.  " . openssl_error_string() . "\n";
} elseif ($intSuccess === 1) {
    echo "Signature verification was successful!\n";
} else {
    echo "Signature verification failed.  Incorrect key or data has been tampered with\n";
}
4

1 回答 1

0

身份验证器返回的签名使用另一种格式,而不是 OpenSSL 所需的格式(DER 格式)。必须先将签名转换为 DER 格式。

以下是一个工作示例(适用于 PHP5.x

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2020 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace Jose\Component\Core\Util;

use InvalidArgumentException;
use const STR_PAD_LEFT;

/**
 * @internal
 */
final class ECSignature
{
    private const ASN1_SEQUENCE = '30';
    private const ASN1_INTEGER = '02';
    private const ASN1_MAX_SINGLE_BYTE = 128;
    private const ASN1_LENGTH_2BYTES = '81';
    private const ASN1_BIG_INTEGER_LIMIT = '7f';
    private const ASN1_NEGATIVE_INTEGER = '00';
    private const BYTE_SIZE = 2;

    /**
     * @throws InvalidArgumentException if the length of the signature is invalid
     */
    public static function toAsn1(string $signature, int $length): string
    {
        $signature = bin2hex($signature);

        if (self::octetLength($signature) !== $length) {
            throw new InvalidArgumentException('Invalid signature length.');
        }

        $pointR = self::preparePositiveInteger(mb_substr($signature, 0, $length, '8bit'));
        $pointS = self::preparePositiveInteger(mb_substr($signature, $length, null, '8bit'));

        $lengthR = self::octetLength($pointR);
        $lengthS = self::octetLength($pointS);

        $totalLength = $lengthR + $lengthS + self::BYTE_SIZE + self::BYTE_SIZE;
        $lengthPrefix = $totalLength > self::ASN1_MAX_SINGLE_BYTE ? self::ASN1_LENGTH_2BYTES : '';

        return hex2bin(
            self::ASN1_SEQUENCE
            .$lengthPrefix.dechex($totalLength)
            .self::ASN1_INTEGER.dechex($lengthR).$pointR
            .self::ASN1_INTEGER.dechex($lengthS).$pointS
        );
    }

    /**
     * @throws InvalidArgumentException if the signature is not an ASN.1 sequence
     */
    public static function fromAsn1(string $signature, int $length): string
    {
        $message = bin2hex($signature);
        $position = 0;

        if (self::ASN1_SEQUENCE !== self::readAsn1Content($message, $position, self::BYTE_SIZE)) {
            throw new InvalidArgumentException('Invalid data. Should start with a sequence.');
        }

        if (self::ASN1_LENGTH_2BYTES === self::readAsn1Content($message, $position, self::BYTE_SIZE)) {
            $position += self::BYTE_SIZE;
        }

        $pointR = self::retrievePositiveInteger(self::readAsn1Integer($message, $position));
        $pointS = self::retrievePositiveInteger(self::readAsn1Integer($message, $position));

        return hex2bin(str_pad($pointR, $length, '0', STR_PAD_LEFT).str_pad($pointS, $length, '0', STR_PAD_LEFT));
    }

    private static function octetLength(string $data): int
    {
        return (int) (mb_strlen($data, '8bit') / self::BYTE_SIZE);
    }

    private static function preparePositiveInteger(string $data): string
    {
        if (mb_substr($data, 0, self::BYTE_SIZE, '8bit') > self::ASN1_BIG_INTEGER_LIMIT) {
            return self::ASN1_NEGATIVE_INTEGER.$data;
        }

        while (0 === mb_strpos($data, self::ASN1_NEGATIVE_INTEGER, 0, '8bit')
            && mb_substr($data, 2, self::BYTE_SIZE, '8bit') <= self::ASN1_BIG_INTEGER_LIMIT) {
            $data = mb_substr($data, 2, null, '8bit');
        }

        return $data;
    }

    private static function readAsn1Content(string $message, int &$position, int $length): string
    {
        $content = mb_substr($message, $position, $length, '8bit');
        $position += $length;

        return $content;
    }

    /**
     * @throws InvalidArgumentException if the data is not an integer
     */
    private static function readAsn1Integer(string $message, int &$position): string
    {
        if (self::ASN1_INTEGER !== self::readAsn1Content($message, $position, self::BYTE_SIZE)) {
            throw new InvalidArgumentException('Invalid data. Should contain an integer.');
        }

        $length = (int) hexdec(self::readAsn1Content($message, $position, self::BYTE_SIZE));

        return self::readAsn1Content($message, $position, $length * self::BYTE_SIZE);
    }

    private static function retrievePositiveInteger(string $data): string
    {
        while (0 === mb_strpos($data, self::ASN1_NEGATIVE_INTEGER, 0, '8bit')
            && mb_substr($data, 2, self::BYTE_SIZE, '8bit') > self::ASN1_BIG_INTEGER_LIMIT) {
            $data = mb_substr($data, 2, null, '8bit');
        }

        return $data;
    }
}
于 2020-09-24T09:18:34.160 回答