search

jerson / flutter-rsa

RSA for flutter made with golang for fast performance with support for android, ios, macos, linux, windows, web and hover
https://pub.dev/packages/fast_rsa
MIT License
72 stars 23 forks source link

Signature Verification Failure, can not do RSA.verifyPSS if change device #60

Open cwangfr opened 1 year ago

cwangfr commented 1 year ago

Title: Signature Verification Failure Issue

Description: Background: I encountered an issue while using your library. I'm developing an application that involves data signing using fast_rsa.

Steps to Reproduce:

  1. Sign data Y using key X.private on Device A, generating signature Z.
  2. Copy the application from Device A to Device B.
  3. Attempt to verify signature Z as the signature of data Y using the same key X.public on Device B.

Expected Result: I expect the signature Z to be successfully verified on Device B, just like it is on Device A.

Actual Result: However, on Device B, the verification of signature Z fails.

Device and Environment Information:

Attempted Solutions: I have tried regenerating the key pair and reinstalling the library, but the issue persists.

Code: Future sign(String value) async { var signature = await RSA.signPSS( value, Hash.SHA512, SaltLength.AUTO, pkcs12KeyPair.privateKey); var result = signature.replaceAll("+", "-").replaceAll("/", ""); return result; }

Future verifySign(String value, String sign) async { sign = sign.replaceAll("-", "+").replaceAll("_", "/"); try { await RSA.verifyPSS( sign, value, Hash.SHA512, SaltLength.AUTO, _pkcs12KeyPair.publicKey); } on RSAException catch (error, stackTrace) { debugPrint(error.cause); debugPrintStack(stackTrace: stackTrace); return false; } return true; }

Exception I/flutter (13473): crypto/rsa: verification error I/flutter (13473): #0 RSA._boolResponse fast_rsa.dart:71 I/flutter (13473): I/flutter (13473): #1 RSA.verifyPSS fast_rsa.dart:374 I/flutter (13473):

Expected Result: I hope to achieve successful signature verification on Device B, similar to the behavior on Device A.

Actual Result: However, the signature verification fails on Device B.

flutter doctor -v [√] Flutter (Channel stable, 3.10.6, on Microsoft Windows [版本 10.0.22621.2134], locale fr-FR) • Flutter version 3.10.6 on channel stable at C:\flutter • Upstream repository https://github.com/flutter/flutter.git • Framework revision f468f3366c (6 weeks ago), 2023-07-12 15:19:05 -0700 • Engine revision cdbeda788a • Dart version 3.0.6 • DevTools version 2.23.1

[√] Windows Version (Installed version of Windows is version 10 or higher)

[√] Android toolchain - develop for Android devices (Android SDK version 33.0.2) • Android SDK at C:\Users\cc\AppData\Local\Android\sdk • Platform android-33-ext5, build-tools 33.0.2 • Java binary at: C:\Program Files\Android\Android Studio\jbr\bin\java • Java version openjdk version "17.0.6" 2023-01-17 • All Android licenses accepted.

[√] Chrome - develop for the web • Chrome at C:\Program Files\Google\Chrome\Application\chrome.exe

[√] Visual Studio - develop for Windows (Visual Studio Community 2022 17.5.4) • Visual Studio at C:\Program Files\Microsoft Visual Studio\2022\Community • Visual Studio Community 2022 version 17.5.33530.505 • Windows 10 SDK version 10.0.19041.0

[√] Android Studio (version 2022.2) • Android Studio at C:\Program Files\Android\Android Studio • Flutter plugin can be installed from: https://plugins.jetbrains.com/plugin/9212-flutter • Dart plugin can be installed from: https://plugins.jetbrains.com/plugin/6351-dart • Java version openjdk version "17.0.6" 2023-01-17

[√] VS Code (version 1.81.1) • VS Code at C:\Users\cc\AppData\Local\Programs\Microsoft VS Code • Flutter extension version 3.70.0

[√] Connected device (4 available) • Android SDK built for x86 (mobile) • emulator-5554 • android-x86 • Android 11 (API 30) (emulator) • Windows (desktop) • windows • windows-x64 • Microsoft Windows [版本 10.0.22621.2134] • Chrome (web) • chrome • web-javascript • Google Chrome 115.0.5790.171 • Edge (web) • edge • web-javascript • Microsoft Edge 116.0.1938.54

[√] Network resources • All expected network resources are available.

• No issues found!

jerson commented 1 year ago

Hi @cwangfr thanks for this

could you review those lines

var result = signature.replaceAll("+", "-").replaceAll("/", "");

and 

sign = sign.replaceAll("-", "+").replaceAll("_", "/");

it seems on the first part should be

var result = signature.replaceAll("+", "-").replaceAll("/", "_");

could you try that way please

cwangfr commented 1 year ago

Thank u for the reponse, This line is a copy mistake. The code in my project is right. image

cwangfr commented 1 year ago

I redid some tests and found the following. I prepared three devices. Device A, Android Phone (arm64) Device B, Android Emulator - Nexus_10_API_30 (x86) Device C, Window 11 x64

Test 1, signed using device A, verified on device A, verification passed. Test 2, signed using device B, verified on device B, verification passed. Test 3, signed using device C, verified on device C, verification passed.

Test 3, signed using device A, verified on device B, verification failed. Test 4, signed using device A, verified on device C, verification passed.

Test 5, signed using device B, verified on device A, verification failed. Test 6, signed using device B, verified on device C, verification failed.

Test 7, signed using device C, verified on device A, verification passed. Test 8, signed using device C, verified on device B, verification failed.