ECDsaCng 在 Windows 上通过 C# 验证来自 Android WebAuthn 的数据椭圆曲线签名

ECDsaCng Verify Data Elliptical Curve signature from Android WebAuthn via C# on Windows

无论我做什么,我都无法将 C# ECDsaCng VerifyData 方法设置为 return true。类似的代码适用于来自 Windows 的 RSA 签名和数据 你好,但是来自 Android/Samsung 的 EC 加密让我感到困惑。

assertion.Signature : - MEYCIQDi0OGHK2CRFpel6RWq26IjyWmJCfJnnaYvGWL/NBC6awIhANzNweSdj5uzFxDkvHeNgYcKaEuzgjEykiVJGfF/SNyd

assertion.ClientDataJSON :- {"type":"webauthn.get","challenge":"ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmxlSEFpT2pFMk1UVTVOak14TWpBc0ltbHpjeUk2SWxSbGMzUXVZMjl0SWl3aVlYVmtJam9pVkdWemRDNWpiMjBpZlEuNXRLR3RlR1dBcEpjNFZpYjRHdGNHS01mS1VPUkFXWFl0bDBRd1BkQUxJVQ","origin":"https://localhost:3000","androidPackageName" :"com.android.chrome"}

pubKey.x :- CeE16bdD0ga/oiy/zFL1c70Cp/9me+HZzggzlTooWzU=

pubKey.y :- N5l+MynIqzxgut+phBUNIOcI7DIv2uRXHkLCesK90Cg=

这里是代码段:-

        byte[] data = new byte[authData.Length + hashValClientData.Length];
        Buffer.BlockCopy(authData, 0, data, 0, authData.Length);
        Buffer.BlockCopy(hashValClientData, 0, data, authData.Length, hashValClientData.Length);

        byte[] sig = Convert.FromBase64String(assertion.Signature);

        if (pubKey.kty == "EC")
        {
            byte[] ECDsaSig = convertFromASN1(sig);
            var keyType = new byte[] { 0x45, 0x43, 0x53, 0x31 }; // BCRYPT_ECDSA_PUBLIC_P256_MAGIC {E, C, S, 1}
            var keyLength = new byte[] { 0x20, 0x00, 0x00, 0x00 }; // Key length 32
            byte[] keyImport = new byte [72];
            Buffer.BlockCopy(keyType, 0, keyImport, 0, keyType.Length);
            Buffer.BlockCopy(keyLength, 0, keyImport, keyType.Length, keyLength.Length);
            Buffer.BlockCopy(Convert.FromBase64String(pubKey.x), 0, keyImport, 8, 32);
            Buffer.BlockCopy(Convert.FromBase64String(pubKey.y), 0, keyImport, 40, 32);

            try
            {
                using (ECDsaCng dsa = new ECDsaCng(CngKey.Import(keyImport, CngKeyBlobFormat.EccPublicBlob)))
                {
                    dsa.HashAlgorithm = CngAlgorithm.Sha256;
                    if (dsa.VerifyData(data, ECDsaSig))
                    {
                        Console.WriteLine("The signature is valid.");
                    }
                    else
                    {
                        Console.WriteLine("The signature is not valid.");
                        return FAIL_STATUS;
                    }
                }
            }
            catch (Exception e)
            {
                return FAIL_STATUS;
            }
        } 

阅读 后,我意识到我必须将 ASN.1 签名转换为 ECDsa 友好格式,所以我这样做了:-

    internal byte[] convertFromASN1(byte[] sig)
    {
        const int DER = 48;
        const int LENGTH_MARKER = 2;

        if (sig.Length < 6 || sig[0] != DER || sig[1] != sig.Length - 2 || sig[2] != LENGTH_MARKER || sig[sig[3] + 4] != LENGTH_MARKER)
            throw new ArgumentException("Invalid signature format.", "sig");

        int rLen = sig[3];
        int sLen = sig[rLen + 5];

        byte[] newSig = new byte[rLen + sLen];
        Buffer.BlockCopy(sig, 4, newSig, 0, rLen);
        Buffer.BlockCopy(sig, 6 + rLen, newSig, rLen, sLen);

        return newSig;
    }

但仍然不开心:-(我做错了什么?请帮忙。(使用 SHA256 散列的 ClientData)

像这样的东西应该可以工作:

if (pubKey.kty == "EC")
{
    byte[] ecDsaSig = convertFromASN1(sig);

    var point = new ECPoint
    {
        X = Convert.FromBase64String(pubKey.x),
        Y = Convert.FromBase64String(pubKey.y),
    };

    var ecparams = new ECParameters
    {
        Q = point,
        Curve = ECCurve.NamedCurves.nistP256
    };

    try
    {
        using (ECDsa ecdsa = ECDsa.Create(ecparams))
        {
            if (ecdsa.VerifyData(data, ecDsaSig, HashAlgorithmName.SHA256)
            {
                Console.WriteLine("The signature is valid.");
            }
            else
            {
                Console.WriteLine("The signature is not valid.");
                return FAIL_STATUS;
            }
        }
    }
    catch (Exception e)
    {
        return FAIL_STATUS;
    }
} 

将 ASN.1 转换为 .NET 需要的 IEEE P-1363 格式可能非常棘手。一些指导 and here.

如果你拿你的样本信号 here,你可以更好地想象细分,你的 X 从 1025 开始到 3227 结束,你的 Y 从 9987 开始到 1469 结束。

Here 我现在也是这样做的。