GB35114---聊聊SM2签名格式
公司原計(jì)劃是年后讓我直接去公安一所過(guò)35114的認(rèn)證,但是突發(fā)疫情,導(dǎo)致上班時(shí)間一推再推,最后也只能遠(yuǎn)程用升級(jí)包的方式給檢測(cè)員進(jìn)行認(rèn)證。
前幾次的嘗試,服務(wù)器一直回復(fù)401,讓我百思不得其解,甚至開(kāi)始讓我產(chǎn)生對(duì)算法的懷疑。現(xiàn)在回過(guò)頭來(lái)看,其實(shí)SM2簽名格式不理解是導(dǎo)致一直驗(yàn)簽失敗的主要原因。
按照國(guó)密的規(guī)范,SM2簽名結(jié)果r||s長(zhǎng)度應(yīng)該是(r:32字節(jié))+(s:32字節(jié))64字節(jié),就算加個(gè)04頭字節(jié),也是65個(gè)字節(jié)。但是,我參考網(wǎng)上有限的資料發(fā)現(xiàn)sign1簽名MEQCIC24h6tnaKcOnxNZe93rtLFrKEqM9R3yG8/Ba2+tyE+3AiBTG46yfxJziYDlaH1WZjrCfRloIuMnfx5oyEVuwgbV0A==長(zhǎng)度為96字節(jié),這一看就是base64加密數(shù)據(jù),源簽名長(zhǎng)度96/4*3=72字節(jié)。
SM2簽名結(jié)果長(zhǎng)度為64字節(jié),為什么出來(lái)的是72字節(jié)?我咨詢過(guò)好幾個(gè)過(guò)35114的博客主,回復(fù)都是,我們是硬加密。/(ㄒoㄒ)/~~
其實(shí),SM2簽名結(jié)果數(shù)據(jù)是要經(jīng)過(guò)asn.1(der格式)編碼的。
編碼結(jié)果長(zhǎng)度在70-72變化。
我們來(lái)看openssl內(nèi)通過(guò)
int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
函數(shù)來(lái)進(jìn)行對(duì)ECDSA_SIG格式與asn.1編碼相互轉(zhuǎn)化的。
最后附上注冊(cè)數(shù)據(jù)包
REGISTER sip:34020000002000000001@192.168.1.81:5060 SIP/2.0 Via: SIP/2.0/UDP 192.168.1.198:5060;rport;branch=z9hG4bKPjxp5SsGzh.j3U8MYfe.5RmOV-H483DWnt Max-Forwards: 70 From: <sip:34020000001320000001@192.168.1.81>;tag=vRq11dVmXG7i5AqD26oyX.mQM-tjGsLT To: <sip:34020000001320000001@192.168.1.81> Call-ID: 151959520 CSeq: 1 REGISTER Expires: 3600 Authorization: Capability algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2",keyversion="1970-8-16T19:54:35" Contact: <sip:34020000001320000001@192.168.1.198:5060> Content-Length: 0SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 192.168.1.198:5060;rport=5060;branch=z9hG4bKPjxp5SsGzh.j3U8MYfe.5RmOV-H483DWnt From: <sip:34020000001320000001@192.168.1.81>;tag=vRq11dVmXG7i5AqD26oyX.mQM-tjGsLT To: <sip:34020000001320000001@192.168.1.81>;tag=894209716 Call-ID: 151959520 CSeq: 1 REGISTER User-Agent: eXosip/4.1.0 Expires: 3600 Date: 2020-03-09T15:24:47.054 WWW-Authenticate: Bidirection algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2", random1="iqxeFEd+zXOwlgxERVI6RQ==" Content-Length: 0REGISTER sip:34020000002000000001@192.168.1.81:5060 SIP/2.0 Via: SIP/2.0/UDP 192.168.1.198:5060;rport;branch=z9hG4bKPj4BWBr8Ul2sCtikHC6SUB4UqMzghmUY5q Max-Forwards: 70 From: <sip:34020000001320000001@192.168.1.81>;tag=vRq11dVmXG7i5AqD26oyX.mQM-tjGsLT To: <sip:34020000001320000001@192.168.1.81>;tag=894209716 Call-ID: 151959520 CSeq: 2 REGISTER Contact: <sip:34020000001320000001@192.168.1.198:5060> Expires: 3600 Authorization: Bidirection random1="iqxeFEd+zXOwlgxERVI6RQ==",random2="skFXTJAlP98cbUkeeCSx7w==",serverid="34020000002000000001",sign1="MEQCIC24h6tnaKcOnxNZe93rtLFrKEqM9R3yG8/Ba2+tyE+3AiBTG46yfxJziYDlaH1WZjrCfRloIuMnfx5oyEVuwgbV0A==",algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2" Content-Length: 0SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.198:5060;rport=5060;branch=z9hG4bKPj4BWBr8Ul2sCtikHC6SUB4UqMzghmUY5q From: <sip:34020000001320000001@192.168.1.81>;tag=vRq11dVmXG7i5AqD26oyX.mQM-tjGsLT To: <sip:34020000001320000001@192.168.1.81>;tag=894209716 Call-ID: 151959520 CSeq: 2 REGISTER User-Agent: eXosip/4.1.0 Expires: 3600 Date: 2020-03-09T15:24:47.267 SecurityInfo: Bidirection algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2",random1="iqxeFEd+zXOwlgxERVI6RQ==",random2="skFXTJAlP98cbUkeeCSx7w==",deviceid="34020000001320000001",cryptkey="MHoCIQC8G0MLIbZfce7F2voDAN+FCpJf/oY/2SRPCJRos1i4NQIhAJq2pNkZBF4Zrvt9Pq9UaWstOYRANhBZ0PHj5XkkzxFRBCCrEsniIp5VqgY1b9wHspo2kmjZFhvN7ctrN5gex9SyUQQQeoRLl5cPoCPf0Z5oNeflGw==",sign2="MEUCIG3sSFbbCXelzhNxrTsZsHYdJv2Oy0WHHKTJpksxJVvxAiEA6ADKoX970RmZS+5NTaMiUsg0S4H3uaqO+Jy1tKvSIaQ=" Content-Length: 0有錯(cuò)誤請(qǐng)留言,謝謝
---bob? 2020/3/17
總結(jié)
以上是生活随笔為你收集整理的GB35114---聊聊SM2签名格式的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 国土空间基础信息平台与时空大数据平台的区
- 下一篇: Delphi开发Android用虚拟摇杆