search

emmansun / gmsm

ShangMi (SM) cipher suites for golang (Go语言商用密码软件)
https://emmansun.github.io/gmsm
MIT License
339 stars 62 forks source link

skf usb 签名数据 gmsm验签 小疑问 #194

Closed b1gcat closed 11 months ago

b1gcat commented 11 months ago

通过skfusb 对hello进行签名:

得到的这个结构体

SKF_ECCSignData(pKey->hCont, pHashData, ulHashDataLen, &ecc_sign);
其中 ecc_sign是输出签名结果,对应的结构体如下:

typedef struct Struct_ECCSIGNATUREBLOB{
    BYTE    r[ECC_MAX_XCOORDINATE_BITS_LEN/8]; //ECC_MAX_XCOORDINATE_BITS_LEN=512
    BYTE    s[ECC_MAX_YCOORDINATE_BITS_LEN/8];
} ECCSIGNATUREBLOB, *PECCSIGNATUREBLOB;

对应得到签名数据(bin2hex):

00000000000000000000000000000000000000000000000000000000000000000ACB92997ED263120C6E29B7F02F673D97B47D650960C28460D45413AA150F200000000000000000000000000000000000000000000000000000000000000000FA6F8488A73B1A8EC79C6551F2DD31AC4C6E306CF6A6401EED7DE5F92E14E923

然后使用gmsm验证签名

main() {
message := "hello"
//从usbkey导出的公钥
    pubkey := "040C8234FFFBC0945F575FB81667AEDA66622C1F35D06183D20923FF191D6FCD6D425E24B3D14C6AAF4CFF6BA2090FA11007E63F2EA9F1EEA059EC9D70D105DC2E"
    keypoints, _ := hex.DecodeString(pubkey)
    pubKey, _ := sm2.NewPublicKey(keypoints)

//从签名数据提取r,s的byte
    a, _ := hex.DecodeString("0ACB92997ED263120C6E29B7F02F673D97B47D650960C28460D45413AA150F20")
    b, _ := hex.DecodeString("FA6F8488A73B1A8EC79C6551F2DD31AC4C6E306CF6A6401EED7DE5F92E14E923")

    r0, s0 := new(big.Int), new(big.Int)
    r0.SetBytes(a)
    s0.SetBytes(b)

    ok := sm2.VerifyWithSM2(pubKey, nil, []byte(message), r0, s0)
//结果是false
    fmt.Println("*****:", ok)
}

不清楚我哪一步有问题,请老师帮忙看看 谢谢。

emmansun commented 11 months ago

验证代码看起来没啥问题,确认一下(密钥, 消息, 签名),这三元组是否匹配。

emmansun commented 11 months ago

你的pHashData是怎么计算的?

https://github.com/zhongtaoxie/CAPCManage/blob/3b0776114952a5989104e31036a047d6b5c671d9/ReadUKey.cpp#L1041C8-L1041C18

b1gcat commented 11 months ago

你的pHashData是怎么计算的?

https://github.com/zhongtaoxie/CAPCManage/blob/3b0776114952a5989104e31036a047d6b5c671d9/ReadUKey.cpp#L1041C8-L1041C18

提取公钥 + defaultID + msg 做sm3 defaultID 是1234567812345678

 struct HKey key = {0};
...

if (-1 == openKey(pKey, pin, NULL)) goto out;

    ulResult = SKF_ExportPublicKey(pKey->hCont, 1, (BYTE *) &ecc_pub, &ulEccPubLen);
    if (ulResult != SAR_OK) {
        Output(outputTemplate, ulResult, "无法找到公钥,请确认KEY是否正确", "-", "-", "-");
        goto out;
    }

    ulResult = SKF_DigestInit(pKey->hDev, SGD_SM3, &ecc_pub, (BYTE *) UID, UID_LEN, &hKey);
    if (ulResult != SAR_OK) {
        Output(outputTemplate, ulResult, "无法初始化签名", "-", "-", "-");
        goto out;
    }

    ulResult = SKF_Digest(hKey, (BYTE *) data, strlen(data), pHashData, &ulHashDataLen);
    if (ulResult != SAR_OK) {
        Output(outputTemplate, ulResult, "HASH错误", "-", "-", "-");
        goto out;
    }
emmansun commented 11 months ago

输出一下pHashData的hex看看。CalculateSM2Hash算出来的是bcaefdbf978d4695da727f4dc668034e5ecc5e1d17bf5abd8e19a785e3d5a12c

b1gcat commented 11 months ago

517923904401D752ADC4F8F9DD219E037639685715F9EC637D49F50388F6FB1E 不一致, 我研究研究

b1gcat commented 11 months ago

可以了 和对面确认了下发布的pubkey给错了

感谢😄