M2Crypto: verifying DSA signatures

2019-05-23 00:10发布

问题:

I'm having trouble verifying DSA signatures using Python/M2Crypto. The signatures are generated in Java, using standard java.security.Signature class, with Sun's crypto provider and SHA1withDSA algorithm designation.

Here's some shell output:

>>> pk
<M2Crypto.DSA.DSA_pub instance at 0x20b6a28>
>>> sig = '302c02141c4bbb218215ebfec57288059ce814dc430d849502144dd0c581bf2213aff79d17eb37c939e120a97bd2'.decode('hex')
>>> data ='0501...9794'.decode('hex')
>>> pk.verify_asn1(sig, data)
------------------------------------------------------------
Traceback (most recent call last):
    ...
DSAError: wrong tag

The signature value seems OK to me, it looks like a proper ASN.1 encoded sequence of two integers (0x302c designates a 44-byte sequence, and 0x0214 designates a 20-byte integer), which is the standard encoding of DSA signatures.

Since the DSA_pub.verify_asn1 method isn't even documented, I also tried using the documented DSA_pub.verify method, but still no cigar:

>>> r = sig[4:24]
>>> s = sig[26:]
>>> md = sha1(data).digest()
>>> pk.verify(md, r, s)
------------------------------------------------------------
Traceback (most recent call last):
    ...
DSAError: encoding error

The docs state that all the parameters should be "byte strings", but the verify method somehow manages to raise an encoding error. I also tried reversing r and s, to check for potential endianness problems but that didn't help.

What am I doing wrong?

回答1:

Found a solution in the tests: http://svn.osafoundation.org/m2crypto/trunk/tests/test_dsa.py

The verify_asn1 method should be used as follows:

>>> pk.verify_asn1(sha1(data).digest(), sig)