问题描述
如何正确使用以下功能。 签名过程好像还可以(我在https://jwt.io/上测试过)jwt的签名可以通过网站上的公钥验证。 在我的代码 (verfiy) 中,验证过程始终返回错误代码。 用于测试的全局变量是:
uint8_t oBuf[5000];
uint8_t digest[32];
char base64Signature[600];
我的签名代码按预期工作:
char base64Header[100];
const char header[] = "{\"alg\":\"RS256\",\"typ\":\"JWT\"}";
base64url_encode(
(unsigned char *) header,// Data to encode.
strlen(header),// Length of data to encode.
base64Header); // Base64 encoded data.
time_t Now;
time(&Now);
uint32_t iat = Now; // Set the time Now.
uint32_t exp = iat + 60 * 60; // Set the expiry time.
char payload[100];
char base64Payload[100];
base64url_encode(
(unsigned char *) payload,// Data to encode.
strlen(payload),// Length of data to encode.
base64Payload); // Base64 encoded data.
uint8_t headerAndPayload[800];
sprintf((char *) headerAndPayload,"%s.%s",base64Header,base64Payload);
mbedtls_pk_context pk_context;
mbedtls_pk_init(&pk_context);
int rc = mbedtls_pk_parse_key(&pk_context,privateKey,privateKeySize,NULL,0);
if (rc != 0) {
printf("Failed to mbedtls_pk_parse_key: %d (-0x%x): %s\n",rc,-rc,mbedtlsError(rc));
return nullptr;
}
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
const char *pers = "MyEntropy";
mbedtls_ctr_drbg_seed(
&ctr_drbg,mbedtls_entropy_func,&entropy,(const unsigned char *) pers,strlen(pers));
rc = mbedtls_md(mbedtls_md_info_from_type(MbedTLS_MD_SHA256),headerAndPayload,strlen((char *) headerAndPayload),digest);
if (rc != 0) {
printf("Failed to mbedtls_md: %d (-0x%x): %s\n",mbedtlsError(rc));
return nullptr;
}
size_t retSize;
rc = mbedtls_pk_sign(&pk_context,MbedTLS_MD_SHA256,digest,sizeof(digest),oBuf,&retSize,mbedtls_ctr_drbg_random,&ctr_drbg);
if (rc != 0) {
printf("Failed to mbedtls_pk_sign: %d (-0x%x): %s\n",mbedtlsError(rc));
return nullptr;
}
base64url_encode((unsigned char *) oBuf,retSize,base64Signature);
char *retData = (char *) malloc(strlen((char *) headerAndPayload) + 1 + strlen((char *) base64Signature) + 1);
sprintf(retData,base64Signature);
mbedtls_pk_free(&pk_context);
我的验证码::
int ret = 0;
ESP_LOGI(LOG_TAG,"Verfiy Test");
mbedtls_pk_context pk_context;
mbedtls_pk_init(&pk_context);
int rc = mbedtls_pk_parse_public_key(&pk_context,publicKey,publicKeySize);
if (rc != 0) {
printf("Failed to mbedtls_pk_parse_key: %d (-0x%x): %s\n",mbedtlsError(rc));
return 1;
}
mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk_context),// RSA context to be set
MbedTLS_RSA_PKCS_V15,// Padding scheme (MbedTLS_RSA_PKCS_V21 or MbedTLS_RSA_PKCS_V15)
MbedTLS_MD_SHA256);
ret = mbedtls_pk_verify(&pk_context,// PK context to use
MbedTLS_MD_SHA256,// Hash algorithm used
digest,// Hash of the message to verify signature for
sizeof(digest),// hash length (0 -> use length associated with the Hash algorithm)
oBuf,// Signature to verify
sizeof(oBuf));
if (ret != 0) {
mbedtls_printf(" Failed\n ! mbedtls_pk_verify returned %d\n\n",ret);
return 1;
}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)