ECDsaCng 在 Windows 上通过 C# 验证来自 Android WebAuthn 的数据椭圆曲线签名
ECDsaCng Verify Data Elliptical Curve signature from Android WebAuthn via C# on Windows
无论我做什么,我都无法将 C# ECDsaCng VerifyData 方法设置为 return true。类似的代码适用于来自 Windows 的 RSA 签名和数据 你好,但是来自 Android/Samsung 的 EC 加密让我感到困惑。
assertion.Signature : - MEYCIQDi0OGHK2CRFpel6RWq26IjyWmJCfJnnaYvGWL/NBC6awIhANzNweSdj5uzFxDkvHeNgYcKaEuzgjEykiVJGfF/SNyd
assertion.ClientDataJSON :- {"type":"webauthn.get","challenge":"ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmxlSEFpT2pFMk1UVTVOak14TWpBc0ltbHpjeUk2SWxSbGMzUXVZMjl0SWl3aVlYVmtJam9pVkdWemRDNWpiMjBpZlEuNXRLR3RlR1dBcEpjNFZpYjRHdGNHS01mS1VPUkFXWFl0bDBRd1BkQUxJVQ","origin":"https://localhost:3000","androidPackageName" :"com.android.chrome"}
pubKey.x :- CeE16bdD0ga/oiy/zFL1c70Cp/9me+HZzggzlTooWzU=
pubKey.y :- N5l+MynIqzxgut+phBUNIOcI7DIv2uRXHkLCesK90Cg=
这里是代码段:-
byte[] data = new byte[authData.Length + hashValClientData.Length];
Buffer.BlockCopy(authData, 0, data, 0, authData.Length);
Buffer.BlockCopy(hashValClientData, 0, data, authData.Length, hashValClientData.Length);
byte[] sig = Convert.FromBase64String(assertion.Signature);
if (pubKey.kty == "EC")
{
byte[] ECDsaSig = convertFromASN1(sig);
var keyType = new byte[] { 0x45, 0x43, 0x53, 0x31 }; // BCRYPT_ECDSA_PUBLIC_P256_MAGIC {E, C, S, 1}
var keyLength = new byte[] { 0x20, 0x00, 0x00, 0x00 }; // Key length 32
byte[] keyImport = new byte [72];
Buffer.BlockCopy(keyType, 0, keyImport, 0, keyType.Length);
Buffer.BlockCopy(keyLength, 0, keyImport, keyType.Length, keyLength.Length);
Buffer.BlockCopy(Convert.FromBase64String(pubKey.x), 0, keyImport, 8, 32);
Buffer.BlockCopy(Convert.FromBase64String(pubKey.y), 0, keyImport, 40, 32);
try
{
using (ECDsaCng dsa = new ECDsaCng(CngKey.Import(keyImport, CngKeyBlobFormat.EccPublicBlob)))
{
dsa.HashAlgorithm = CngAlgorithm.Sha256;
if (dsa.VerifyData(data, ECDsaSig))
{
Console.WriteLine("The signature is valid.");
}
else
{
Console.WriteLine("The signature is not valid.");
return FAIL_STATUS;
}
}
}
catch (Exception e)
{
return FAIL_STATUS;
}
}
阅读 后,我意识到我必须将 ASN.1 签名转换为 ECDsa 友好格式,所以我这样做了:-
internal byte[] convertFromASN1(byte[] sig)
{
const int DER = 48;
const int LENGTH_MARKER = 2;
if (sig.Length < 6 || sig[0] != DER || sig[1] != sig.Length - 2 || sig[2] != LENGTH_MARKER || sig[sig[3] + 4] != LENGTH_MARKER)
throw new ArgumentException("Invalid signature format.", "sig");
int rLen = sig[3];
int sLen = sig[rLen + 5];
byte[] newSig = new byte[rLen + sLen];
Buffer.BlockCopy(sig, 4, newSig, 0, rLen);
Buffer.BlockCopy(sig, 6 + rLen, newSig, rLen, sLen);
return newSig;
}
但仍然不开心:-(我做错了什么?请帮忙。(使用 SHA256 散列的 ClientData)
像这样的东西应该可以工作:
if (pubKey.kty == "EC")
{
byte[] ecDsaSig = convertFromASN1(sig);
var point = new ECPoint
{
X = Convert.FromBase64String(pubKey.x),
Y = Convert.FromBase64String(pubKey.y),
};
var ecparams = new ECParameters
{
Q = point,
Curve = ECCurve.NamedCurves.nistP256
};
try
{
using (ECDsa ecdsa = ECDsa.Create(ecparams))
{
if (ecdsa.VerifyData(data, ecDsaSig, HashAlgorithmName.SHA256)
{
Console.WriteLine("The signature is valid.");
}
else
{
Console.WriteLine("The signature is not valid.");
return FAIL_STATUS;
}
}
}
catch (Exception e)
{
return FAIL_STATUS;
}
}
将 ASN.1 转换为 .NET 需要的 IEEE P-1363 格式可能非常棘手。一些指导 and here.
如果你拿你的样本信号 here,你可以更好地想象细分,你的 X 从 1025 开始到 3227 结束,你的 Y 从 9987 开始到 1469 结束。
Here 我现在也是这样做的。
无论我做什么,我都无法将 C# ECDsaCng VerifyData 方法设置为 return true。类似的代码适用于来自 Windows 的 RSA 签名和数据 你好,但是来自 Android/Samsung 的 EC 加密让我感到困惑。
assertion.Signature : - MEYCIQDi0OGHK2CRFpel6RWq26IjyWmJCfJnnaYvGWL/NBC6awIhANzNweSdj5uzFxDkvHeNgYcKaEuzgjEykiVJGfF/SNyd
assertion.ClientDataJSON :- {"type":"webauthn.get","challenge":"ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmxlSEFpT2pFMk1UVTVOak14TWpBc0ltbHpjeUk2SWxSbGMzUXVZMjl0SWl3aVlYVmtJam9pVkdWemRDNWpiMjBpZlEuNXRLR3RlR1dBcEpjNFZpYjRHdGNHS01mS1VPUkFXWFl0bDBRd1BkQUxJVQ","origin":"https://localhost:3000","androidPackageName" :"com.android.chrome"}
pubKey.x :- CeE16bdD0ga/oiy/zFL1c70Cp/9me+HZzggzlTooWzU=
pubKey.y :- N5l+MynIqzxgut+phBUNIOcI7DIv2uRXHkLCesK90Cg=
这里是代码段:-
byte[] data = new byte[authData.Length + hashValClientData.Length];
Buffer.BlockCopy(authData, 0, data, 0, authData.Length);
Buffer.BlockCopy(hashValClientData, 0, data, authData.Length, hashValClientData.Length);
byte[] sig = Convert.FromBase64String(assertion.Signature);
if (pubKey.kty == "EC")
{
byte[] ECDsaSig = convertFromASN1(sig);
var keyType = new byte[] { 0x45, 0x43, 0x53, 0x31 }; // BCRYPT_ECDSA_PUBLIC_P256_MAGIC {E, C, S, 1}
var keyLength = new byte[] { 0x20, 0x00, 0x00, 0x00 }; // Key length 32
byte[] keyImport = new byte [72];
Buffer.BlockCopy(keyType, 0, keyImport, 0, keyType.Length);
Buffer.BlockCopy(keyLength, 0, keyImport, keyType.Length, keyLength.Length);
Buffer.BlockCopy(Convert.FromBase64String(pubKey.x), 0, keyImport, 8, 32);
Buffer.BlockCopy(Convert.FromBase64String(pubKey.y), 0, keyImport, 40, 32);
try
{
using (ECDsaCng dsa = new ECDsaCng(CngKey.Import(keyImport, CngKeyBlobFormat.EccPublicBlob)))
{
dsa.HashAlgorithm = CngAlgorithm.Sha256;
if (dsa.VerifyData(data, ECDsaSig))
{
Console.WriteLine("The signature is valid.");
}
else
{
Console.WriteLine("The signature is not valid.");
return FAIL_STATUS;
}
}
}
catch (Exception e)
{
return FAIL_STATUS;
}
}
阅读
internal byte[] convertFromASN1(byte[] sig)
{
const int DER = 48;
const int LENGTH_MARKER = 2;
if (sig.Length < 6 || sig[0] != DER || sig[1] != sig.Length - 2 || sig[2] != LENGTH_MARKER || sig[sig[3] + 4] != LENGTH_MARKER)
throw new ArgumentException("Invalid signature format.", "sig");
int rLen = sig[3];
int sLen = sig[rLen + 5];
byte[] newSig = new byte[rLen + sLen];
Buffer.BlockCopy(sig, 4, newSig, 0, rLen);
Buffer.BlockCopy(sig, 6 + rLen, newSig, rLen, sLen);
return newSig;
}
但仍然不开心:-(我做错了什么?请帮忙。(使用 SHA256 散列的 ClientData)
像这样的东西应该可以工作:
if (pubKey.kty == "EC")
{
byte[] ecDsaSig = convertFromASN1(sig);
var point = new ECPoint
{
X = Convert.FromBase64String(pubKey.x),
Y = Convert.FromBase64String(pubKey.y),
};
var ecparams = new ECParameters
{
Q = point,
Curve = ECCurve.NamedCurves.nistP256
};
try
{
using (ECDsa ecdsa = ECDsa.Create(ecparams))
{
if (ecdsa.VerifyData(data, ecDsaSig, HashAlgorithmName.SHA256)
{
Console.WriteLine("The signature is valid.");
}
else
{
Console.WriteLine("The signature is not valid.");
return FAIL_STATUS;
}
}
}
catch (Exception e)
{
return FAIL_STATUS;
}
}
将 ASN.1 转换为 .NET 需要的 IEEE P-1363 格式可能非常棘手。一些指导
如果你拿你的样本信号 here,你可以更好地想象细分,你的 X 从 1025 开始到 3227 结束,你的 Y 从 9987 开始到 1469 结束。
Here 我现在也是这样做的。