Hi all Can anyone please tell me what I might be doing wrong when trying to verify a signature using openssl. We are using the same digest, signature and certificate in Java and then it verifies ok. But it fails on (errorcode 0) in openssl. I am including the code as well as the signature, digest and certificate i use. Please feel free to flame anything I did:
int Signature::checkSignature(char * certificateName, char * digest, int
digestLength, char * signature, int signatureLength)
{
int status = status_ok;
const unsigned char * tempDigest = (unsigned char *)digest;
const unsigned char * tempSignature = (unsigned char *)signature;
EC_KEY * ecKey = NULL;
status = getPublicKey(certificateName, &ecKey);
if(status == status_ok) {
if(ecKey == NULL) {
logError();
status = invalid_public_key;
} else {
int keyValid = EC_KEY_check_key(ecKey);
if(keyValid == 1) {
ImageDecoder::writeToFile("lastdigest.dat",(char *)tempDigest,
digestLength);
ImageDecoder::writeToFile("lastsign.dat",(char *)tempSignature,
signatureLength);
digestLength = 0;
keyValid = ECDSA_verify(0, tempDigest,
digestLength, tempSignature, signatureLength, ecKey);
if(keyValid == 0) {
status = signature_failed;
} else {
}
} else if(keyValid == -1) {
logError();
status = invalid_public_key;
}
EC_KEY_free(ecKey);
}
}
return status;
}
//////////////////////////////////////////////////////////////////////
int Signature::getPublicKey(char * fileName, EC_KEY ** ecKey) {
int status = status_ok;
X509 * x509 = NULL;
FILE * file = fopen(fileName, "rb");
if(file != NULL) {
x509 = d2i_X509_fp(file, NULL);
if(x509 != NULL) {
EVP_PKEY * evpKey = X509_get_pubkey(x509);
if(evpKey != NULL) {
(*ecKey) = EVP_PKEY_get1_EC_KEY(evpKey);
} else {
logError();
status = invalid_public_key;
}
EVP_PKEY_free(evpKey);
} else {
logError();
status = invalid_idcard_cert;
}
fclose(file);
} else {
logError();
status = idcard_cert_not_found;
}
return status;
}
//////////////////////////////////////////////////////////////////////
void Signature::logError(){
long errorCode = 0;
FILE * fp = fopen("VerifErr.txt", "a");
if(fp != NULL) {
ERR_load_crypto_strings();
while((errorCode = ERR_get_error()) != 0) {
const char * lib = ERR_lib_error_string(errorCode);
fwrite("Library: ", sizeof(char), 9, fp);
fwrite(lib, sizeof(char), strlen(lib), fp);
fwrite(", Function: ", sizeof(char), 12, fp);
const char * func =
ERR_func_error_string(errorCode);
fwrite(func, sizeof(char), strlen(func), fp);
fwrite(", Reason: ", sizeof(char), 10, fp);
const char * reason =
ERR_reason_error_string(errorCode);
fwrite(reason, sizeof(char), strlen(reason), fp);
fwrite("\n", sizeof(char), 1, fp);
}
ERR_free_strings();
fclose(fp);
}
}
//////////////////////////////////////////////////////////////////////
signature.dat
Description: Binary data
digest.dat
Description: Binary data
IDCard.x509
Description: Binary data
