前文iOS如何保证下载资源的可靠性介绍了基于RSA的下载资源验证方案,这次详细介绍开发过程中的问题。
SecKeyRawVerify
方法对hash值、signature、公钥进行验证,如果通过则表示文件未修改。iOS平台上可以使用MiniZipArchive进行解压。
- (BOOL)unzipFile:(NSString *)file toFilePath:(NSString *)unZipFilePath overWrite:(BOOL)overWrite
{
MiniZipArchive *za = [[MiniZipArchive alloc] init];
BOOL success = NO;
if ([za UnzipOpenFile:file]) {
success = [za UnzipFileTo:unZipFilePath overWrite:overWrite];
[za UnzipCloseFile];
}
return success;
}
.der格式和.pem格式:.der格式表示二进制编码,.pem格式表示Base64编码。
iOS的公钥需要用.der格式,私钥需要用.p12格式,这个可以用openssl的指令来转换。(指令见末尾)
加载的时候先用NSData加载密钥,再用下面的:
getPrivateKeyRefWithContentsOfFile: password:
方法加载密钥;
getPublicKeyRefrenceFromeData:
方法加载公钥;
//获取私钥
- (SecKeyRef)getPrivateKeyRefWithContentsOfFile:(NSData *)p12Data password:(NSString*)password {
if (!p12Data) {
return nil;
}
SecKeyRef privateKeyRef = NULL;
NSMutableDictionary * options = [[NSMutableDictionary alloc] init];
[options setObject: password forKey:(__bridge id)kSecImportExportPassphrase];
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
OSStatus securityError = SecPKCS12Import((__bridge CFDataRef) p12Data, (__bridge CFDictionaryRef)options, &items);
if (securityError == noErr && CFArrayGetCount(items) > 0) {
CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
SecIdentityRef identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
securityError = SecIdentityCopyPrivateKey(identityApp, &privateKeyRef);
if (securityError != noErr) {
privateKeyRef = NULL;
}
}
CFRelease(items);
return privateKeyRef;
}
- (SecKeyRef)getPublicKeyRefrenceFromeData:(NSData *)certData {
SecKeyRef publicKeyRef = NULL;
CFDataRef myCertData = (__bridge CFDataRef)certData;
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef)myCertData);
if (cert == nil) {
NSLog(@"Can not read certificate ");
return nil;
}
SecPolicyRef policy = SecPolicyCreateBasicX509();
SecCertificateRef certArray[1] = {cert};
CFArrayRef myCerts = CFArrayCreate(NULL, (void *)(void *)certArray, 1, NULL);
SecTrustRef trust;
OSStatus status = SecTrustCreateWithCertificates(myCerts, policy, &trust);
if (status != noErr) {
NSLog(@"SecTrustCreateWithCertificates fail. Error Code: %d", (int)status);
CFRelease(cert);
CFRelease(policy);
CFRelease(myCerts);
return nil;
}
SecTrustResultType trustResult;
status = SecTrustEvaluate(trust, &trustResult);
if (status != noErr) {
NSLog(@"SecTrustEvaluate fail. Error Code: %d", (int)status);
CFRelease(cert);
CFRelease(policy);
CFRelease(trust);
CFRelease(myCerts);
return nil;
}
publicKeyRef = SecTrustCopyPublicKey(trust);
CFRelease(cert);
CFRelease(policy);
CFRelease(trust);
CFRelease(myCerts);
return publicKeyRef;
}
加载完公钥和私钥之后,用私钥可以对原始数据进行签名,详见PKCSSignBytesSHA256withRSA
方法,返回的是签名串;
在用zip解压出来的签名串进行验证的时候,需要用本地的公钥、原始数据和签名串进行验签,详见PKCSVerifyBytesSHA256withRSA
方法;
注意的是,因为选择的算法是kSecPaddingPKCS1SHA256
,需要对原始数据进行一次SHA256的hash。(kSecPaddingPKCS1SHA256
只能用于SecKeyRawSign/SecKeyRawVerify
)
BOOL PKCSVerifyBytesSHA256withRSA(NSData* plainData, NSData* signature, SecKeyRef publicKey)
{
if (!plainData || !signature) { // 保护
return NO;
}
size_t signedHashBytesSize = SecKeyGetBlockSize(publicKey);
const void* signedHashBytes = [signature bytes];
size_t hashBytesSize = CC_SHA256_DIGEST_LENGTH;
uint8_t* hashBytes = malloc(hashBytesSize);
if (!CC_SHA256([plainData bytes], (CC_LONG)[plainData length], hashBytes)) {
return NO;
}
OSStatus status = SecKeyRawVerify(publicKey,
kSecPaddingPKCS1SHA256,
hashBytes,
hashBytesSize,
signedHashBytes,
signedHashBytesSize);
return status == errSecSuccess;
}
NSData* PKCSSignBytesSHA256withRSA(NSData* plainData, SecKeyRef privateKey)
{
size_t signedHashBytesSize = SecKeyGetBlockSize(privateKey);
uint8_t* signedHashBytes = malloc(signedHashBytesSize);
memset(signedHashBytes, 0x0, signedHashBytesSize);
size_t hashBytesSize = CC_SHA256_DIGEST_LENGTH;
uint8_t* hashBytes = malloc(hashBytesSize);
if (!CC_SHA256([plainData bytes], (CC_LONG)[plainData length], hashBytes)) {
return nil;
}
SecKeyRawSign(privateKey,
kSecPaddingPKCS1SHA256,
hashBytes,
hashBytesSize,
signedHashBytes,
&signedHashBytesSize);
NSData* signedHash = [NSData dataWithBytes:signedHashBytes
length:(NSUInteger)signedHashBytesSize];
if (hashBytes)
free(hashBytes);
if (signedHashBytes)
free(signedHashBytes);
return signedHash;
}
签名串可以使用setxattrf
写入文件的扩展属性,保证签名串和资源的一一对应。
-(BOOL)setExtendValueWithPath:(NSString *)path key:(NSString *)key value:(NSData *)value {
ssize_t writelen = setxattr([path fileSystemRepresentation],
[key UTF8String],
[value bytes],
[value length],
0,
0);
return writelen == 0;
}
比较奇怪的是,比较写入扩展属性之后的文件大小,并没有发生较大变化。在特意查询文档之后,发现下面一句话:
Space consumed for extended attributes is counted towards the disk quotasof the file owner and file group
原来扩展属性并不是写入文件,而是由文件系统来保存。
经常遇到的问题是,配置平台的签名在iOS客户端验证不通过,可以按照下面的流程检测:
openssl的验证命令 openssl dgst -sign private_key.pem -sha256 -out sign source openssl dgst -verify rsa_public_key.pem -sha256 -signature sign source 如果验证通过会有文字提示:
Verified OK
Expecting: TRUSTED CERTIFICATE
的错误参考这些公钥和密钥的openssl生成命令
openssl genrsa -out private_key.pem 1024
openssl req -new -key private_key.pem -out rsaCertReq.csr
openssl x509 -req -days 3650 -in rsaCertReq.csr -signkey private_key.pem -out rsaCert.crt
openssl x509 -outform der -in rsaCert.crt -out public_key.der
openssl pkcs12 -export -out private_key.p12 -inkey private_key.pem -in rsaCert.crt
参考自GithubGist
Signing and Verifying on iOS using RSA