I am verifying the signature through the kernel, using the kernel module crypto。kernel version:6.1.0-3-generic. The following is the data used, which can pass the test in user mode,but it cannot pass validation in the kernel.
who can point out the mistakes or what I missed. any assistance would be greatly appreciated
test data in [plain.txt]:
123
private key in [private_key.pem]:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRsIZXv8uNvrIi
p+cZppdLKWwX8AcaJgCXGPmyi4FOJrt8++M6Mr7sUkU2YZGe89QTjCuarpI6UlBX
CnbyzCPd4bsk/khMAea4ff7nXvBN9L+691qfRwB7QUKJH9qpCcKQrJXc7+FkEayH
Fb9QynXLkcEJSeM+hCfyjBr/Vb3VTlQejhwXjMs/MUEUnYpIm43m/weJDYrLmN9M
B3dbWkLCIPhXInDoizfMlp0KRoEN3tQEVICVcNzvFPZbmLcnUN6e3aEAJK/8pQIy
A7UIBf0H3bC4Iio5W/fABQgy50qsQQxBtVclfDs6lY59t20k8jLUve2knKF9OChJ
a/Kq8dp/AgMBAAECggEBAMWufXhMQEIo/Rbe42ezPf6F1nnat1dXbEcGLKC+E/Dx
Yt+5N8auAIAaL1XNNdN8WvryskjpOsHwx/zGyMys10Neg2eksdO2FyTm42CMiE91
5SsF9lEiRrnsFCXh+epSYTKzAbWAECSe5N+VCP/JXrPDfRCcr7dIL8DhhLIiywxD
TsaYZTz/uSgcRCbOjXQXVQ4xs7AEu67nkYAGZHaLftM45ws4GR6bIJFpwhASdzHY
9qR96sU4rwHtNetDTXBCV3cTqS7eViGPdZQXLES5fuKjI8RdxweQCNPuhLelxjuj
ApmeOzrXguJH8dZhEHmBXJCtvr/iiGGr8iMujir/JYECgYEA7z/DZ1AmwGhf/fTX
kHbGXymmphPxb/PPFa+ZKu1mhBY2FIoiAtD5pEEXYuvJ77etw+BsnB5IgBpQZh0N
R66VjA2CqBScyBmavAjszYSvVGjdhmAp8MljGta17UCaob2DN2vOCQCitbP/ziZ+
6ny83IAcmeCqZK0YMMkiaaNRE1cCgYEA4F7xxX8EOyLV/BNl5WPDLbjomUVoj7Tv
vXKQ0eUeUUGUqcZxJcThbsPnoMUieaa9cRMlt04jvNDwODwvpXzXzC5Ugei/mz/u
GiAnLauwRnQZXUK3LKdENMUD0vUKVw1D9FcCssaqZRmM4kH+ga9k0BLjfhJeVMtm
Y9TgnfkFYRkCgYBuuej6mJrGs8exZi6Z+o6GnmU1Ocek04bE95cAygyHFyyCRwfE
m+jdvw5OxueXnT+7htNdUZqmRwdsqwdpZIBr6BjPJ3MEHO2DFvJZj44Bl+LmfP0M
JnhKhJKAMkUek/H1pVweyH+Fbr/2LdTRO1fBCT2zbcoOfBnVAlF96IruUwKBgQC2
ZBgP3vf2hpQCzVYIyjdQhL74UZb1MzWsAGS/a4xgq3oJJRq3hDtpinFRnM8wqx3W
vKTtROUCSartW+ezlC/seEEUNbsEnkyVCkwu8SFjtF8mE+TJtNNaPkmkhLO6Hjt+
dfjokVzUwJdpGhKlI4pFJwWtZ4stTQdX4iYR5Ou9iQKBgC+CL+SaB7BLBean13Vm
IqpFj2rkhqWgFKxFytFWtDQoz24HkyP51HJbZPiYZ6kS+mgZ5eVAlTy6Ofa3/oRE
h9yy30GHORFBPduqIqB57XjfP4q9bI7LDBH5gidSHEWmjEsK3p4AXnxlOQyAHAXr
YTUtrRIA6QsHlUJzeZsE8n53
-----END PRIVATE KEY-----
Obtain the signature through the following command
openssl dgst -sha256 -sign private_key.pem -out signature.sig plain.txt
signature in file [signature.sig], convert to readable hexadecimal format through od:
0x1f,0x26,0x09,0xa3,0xad,0x91,0x3a,0xb1,0xd2,0x14,0x50,0x07,0x2d,0x98,0x5d,0x95,0xed,0x3f,0x02,0xd7,0x1c,0x83,0x74,0xa9,0x18,0x6a,0xe6,0x0f,0xd0,0xac,0x21,0x65,0xa9,0x78,0x1f,0x85,0x2c,0xc0,0xbe,0x5b,0xfe,0x7e,0x9a,0x7b,0x57,0xb1,0x4d,0xf6,0x0c,0x29,0xe5,0xea,0xd6,0x24,0x06,0xe5,0x6b,0x6c,0x7c,0x66,0x29,0xbd,0x9b,0x35,0x59,0x35,0xd4,0xf5,0x73,0xc0,0x7a,0xc1,0xc2,0xba,0xa5,0x43,0x2f,0xd1,0x25,0xcb,0xfe,0x32,0x91,0x5a,0x2b,0x9d,0xc2,0xa2,0x03,0x14,0x5f,0x70,0xc5,0x48,0x5f,0xb7,0xcf,0x0f,0x40,0xb2,0x8b,0xeb,0x16,0x39,0xfb,0x81,0xb5,0xb0,0xa9,0xb3,0xa7,0xf5,0x72,0x5d,0xb7,0xe1,0x24,0xa3,0xc4,0xcc,0x3e,0x7b,0x2b,0x09,0x56,0x0c,0xc5,0xc0,0xb0,0xb0,0x35,0xb4,0xff,0x74,0x58,0x6e,0xcb,0x2d,0x5b,0x4a,0x84,0x40,0x14,0xc5,0xc1,0x6a,0x69,0x0b,0xee,0x61,0x8c,0x42,0xfa,0xf3,0x5f,0xb0,0x49,0x68,0x05,0xb8,0x81,0xcc,0xf5,0x0f,0xfc,0x14,0x2b,0x1d,0x04,0x22,0xfa,0xa3,0x1c,0xfd,0x3a,0xc9,0xa3,0xe7,0xa3,0x5e,0xab,0x64,0x1c,0xac,0xd9,0x29,0x2e,0xf5,0x1c,0xc2,0x8e,0x8b,0xe4,0xb8,0xb1,0x00,0xc8,0xdd,0x8e,0x8f,0x22,0x93,0x71,0xe1,0x9d,0xe8,0x02,0x83,0x07,0x48,0x34,0x60,0x5a,0x1c,0x7c,0xa5,0x1e,0xa7,0x1c,0xfd,0xe2,0xa0,0xf7,0xc0,0xc4,0x66,0xa4,0xde,0xcd,0xda,0xf8,0xc8,0x89,0x07,0x56,0xf5,0xef,0xc6,0x12,0xd7,0xe4,0xa4,0xaa,0x18,0x70,0xeb,0x56,0xfc,0xdd,0xd6,0x0e,0x9a,0x68,0xdd,0x90,0x7b
public key der fomat in [public_key.der], convert to readable hexadecimal format through od:
0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xd1,0xb0,0x86,0x57,0xbf,0xcb,0x8d,0xbe,0xb2,0x22,0xa7,0xe7,0x19,0xa6,0x97,0x4b,0x29,0x6c,0x17,0xf0,0x07,0x1a,0x26,0x00,0x97,0x18,0xf9,0xb2,0x8b,0x81,0x4e,0x26,0xbb,0x7c,0xfb,0xe3,0x3a,0x32,0xbe,0xec,0x52,0x45,0x36,0x61,0x91,0x9e,0xf3,0xd4,0x13,0x8c,0x2b,0x9a,0xae,0x92,0x3a,0x52,0x50,0x57,0x0a,0x76,0xf2,0xcc,0x23,0xdd,0xe1,0xbb,0x24,0xfe,0x48,0x4c,0x01,0xe6,0xb8,0x7d,0xfe,0xe7,0x5e,0xf0,0x4d,0xf4,0xbf,0xba,0xf7,0x5a,0x9f,0x47,0x00,0x7b,0x41,0x42,0x89,0x1f,0xda,0xa9,0x09,0xc2,0x90,0xac,0x95,0xdc,0xef,0xe1,0x64,0x11,0xac,0x87,0x15,0xbf,0x50,0xca,0x75,0xcb,0x91,0xc1,0x09,0x49,0xe3,0x3e,0x84,0x27,0xf2,0x8c,0x1a,0xff,0x55,0xbd,0xd5,0x4e,0x54,0x1e,0x8e,0x1c,0x17,0x8c,0xcb,0x3f,0x31,0x41,0x14,0x9d,0x8a,0x48,0x9b,0x8d,0xe6,0xff,0x07,0x89,0x0d,0x8a,0xcb,0x98,0xdf,0x4c,0x07,0x77,0x5b,0x5a,0x42,0xc2,0x20,0xf8,0x57,0x22,0x70,0xe8,0x8b,0x37,0xcc,0x96,0x9d,0x0a,0x46,0x81,0x0d,0xde,0xd4,0x04,0x54,0x80,0x95,0x70,0xdc,0xef,0x14,0xf6,0x5b,0x98,0xb7,0x27,0x50,0xde,0x9e,0xdd,0xa1,0x00,0x24,0xaf,0xfc,0xa5,0x02,0x32,0x03,0xb5,0x08,0x05,0xfd,0x07,0xdd,0xb0,0xb8,0x22,0x2a,0x39,0x5b,0xf7,0xc0,0x05,0x08,0x32,0xe7,0x4a,0xac,0x41,0x0c,0x41,0xb5,0x57,0x25,0x7c,0x3b,0x3a,0x95,0x8e,0x7d,0xb7,0x6d,0x24,0xf2,0x32,0xd4,0xbd,0xed,0xa4,0x9c,0xa1,0x7d,0x38,0x28,0x49,0x6b,0xf2,0xaa,0xf1,0xda,0x7f,0x02,0x03,0x01,0x00,0x01
I use the following command to check the signature and return sucess:
openssl dgst -sha256 -verify public_key.der -signature signature.sig plain.txt
Verified OK
So far, it has been working as expected in user space, but when it reaches kernel space, it returns an error
The following is the key code for the kernel module:
static int _verify_signature_test(void) {
//public key in der format
static u8 _public_key_bytes[] = {0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xd1,0xb0,0x86,0x57,0xbf,0xcb,0x8d,0xbe,0xb2,0x22,0xa7,0xe7,0x19,0xa6,0x97,0x4b,0x29,0x6c,0x17,0xf0,0x07,0x1a,0x26,0x00,0x97,0x18,0xf9,0xb2,0x8b,0x81,0x4e,0x26,0xbb,0x7c,0xfb,0xe3,0x3a,0x32,0xbe,0xec,0x52,0x45,0x36,0x61,0x91,0x9e,0xf3,0xd4,0x13,0x8c,0x2b,0x9a,0xae,0x92,0x3a,0x52,0x50,0x57,0x0a,0x76,0xf2,0xcc,0x23,0xdd,0xe1,0xbb,0x24,0xfe,0x48,0x4c,0x01,0xe6,0xb8,0x7d,0xfe,0xe7,0x5e,0xf0,0x4d,0xf4,0xbf,0xba,0xf7,0x5a,0x9f,0x47,0x00,0x7b,0x41,0x42,0x89,0x1f,0xda,0xa9,0x09,0xc2,0x90,0xac,0x95,0xdc,0xef,0xe1,0x64,0x11,0xac,0x87,0x15,0xbf,0x50,0xca,0x75,0xcb,0x91,0xc1,0x09,0x49,0xe3,0x3e,0x84,0x27,0xf2,0x8c,0x1a,0xff,0x55,0xbd,0xd5,0x4e,0x54,0x1e,0x8e,0x1c,0x17,0x8c,0xcb,0x3f,0x31,0x41,0x14,0x9d,0x8a,0x48,0x9b,0x8d,0xe6,0xff,0x07,0x89,0x0d,0x8a,0xcb,0x98,0xdf,0x4c,0x07,0x77,0x5b,0x5a,0x42,0xc2,0x20,0xf8,0x57,0x22,0x70,0xe8,0x8b,0x37,0xcc,0x96,0x9d,0x0a,0x46,0x81,0x0d,0xde,0xd4,0x04,0x54,0x80,0x95,0x70,0xdc,0xef,0x14,0xf6,0x5b,0x98,0xb7,0x27,0x50,0xde,0x9e,0xdd,0xa1,0x00,0x24,0xaf,0xfc,0xa5,0x02,0x32,0x03,0xb5,0x08,0x05,0xfd,0x07,0xdd,0xb0,0xb8,0x22,0x2a,0x39,0x5b,0xf7,0xc0,0x05,0x08,0x32,0xe7,0x4a,0xac,0x41,0x0c,0x41,0xb5,0x57,0x25,0x7c,0x3b,0x3a,0x95,0x8e,0x7d,0xb7,0x6d,0x24,0xf2,0x32,0xd4,0xbd,0xed,0xa4,0x9c,0xa1,0x7d,0x38,0x28,0x49,0x6b,0xf2,0xaa,0xf1,0xda,0x7f,0x02,0x03,0x01,0x00,0x01};
//SHA-256 digest for the data "123"
static u8 _digest[] = {0xa6,0x65,0xa4,0x59,0x20,0x42,0x2f,0x9d,0x41,0x7e,0x48,0x67,0xef,0xdc,0x4f,0xb8,0xa0,0x4a,0x1f,0x3f,0xff,0x1f,0xa0,0x7e,0x99,0x8e,0x86,0xf7,0xf7,0xa2,0x7a,0xe3};
//given signature of data "123" using a private key
static u8 _sign[] = {0x1f,0x26,0x09,0xa3,0xad,0x91,0x3a,0xb1,0xd2,0x14,0x50,0x07,0x2d,0x98,0x5d,0x95,0xed,0x3f,0x02,0xd7,0x1c,0x83,0x74,0xa9,0x18,0x6a,0xe6,0x0f,0xd0,0xac,0x21,0x65,0xa9,0x78,0x1f,0x85,0x2c,0xc0,0xbe,0x5b,0xfe,0x7e,0x9a,0x7b,0x57,0xb1,0x4d,0xf6,0x0c,0x29,0xe5,0xea,0xd6,0x24,0x06,0xe5,0x6b,0x6c,0x7c,0x66,0x29,0xbd,0x9b,0x35,0x59,0x35,0xd4,0xf5,0x73,0xc0,0x7a,0xc1,0xc2,0xba,0xa5,0x43,0x2f,0xd1,0x25,0xcb,0xfe,0x32,0x91,0x5a,0x2b,0x9d,0xc2,0xa2,0x03,0x14,0x5f,0x70,0xc5,0x48,0x5f,0xb7,0xcf,0x0f,0x40,0xb2,0x8b,0xeb,0x16,0x39,0xfb,0x81,0xb5,0xb0,0xa9,0xb3,0xa7,0xf5,0x72,0x5d,0xb7,0xe1,0x24,0xa3,0xc4,0xcc,0x3e,0x7b,0x2b,0x09,0x56,0x0c,0xc5,0xc0,0xb0,0xb0,0x35,0xb4,0xff,0x74,0x58,0x6e,0xcb,0x2d,0x5b,0x4a,0x84,0x40,0x14,0xc5,0xc1,0x6a,0x69,0x0b,0xee,0x61,0x8c,0x42,0xfa,0xf3,0x5f,0xb0,0x49,0x68,0x05,0xb8,0x81,0xcc,0xf5,0x0f,0xfc,0x14,0x2b,0x1d,0x04,0x22,0xfa,0xa3,0x1c,0xfd,0x3a,0xc9,0xa3,0xe7,0xa3,0x5e,0xab,0x64,0x1c,0xac,0xd9,0x29,0x2e,0xf5,0x1c,0xc2,0x8e,0x8b,0xe4,0xb8,0xb1,0x00,0xc8,0xdd,0x8e,0x8f,0x22,0x93,0x71,0xe1,0x9d,0xe8,0x02,0x83,0x07,0x48,0x34,0x60,0x5a,0x1c,0x7c,0xa5,0x1e,0xa7,0x1c,0xfd,0xe2,0xa0,0xf7,0xc0,0xc4,0x66,0xa4,0xde,0xcd,0xda,0xf8,0xc8,0x89,0x07,0x56,0xf5,0xef,0xc6,0x12,0xd7,0xe4,0xa4,0xaa,0x18,0x70,0xeb,0x56,0xfc,0xdd,0xd6,0x0e,0x9a,0x68,0xdd,0x90,0x7b};
struct public_key rsa_pub_key = {
.key = &_public_key_bytes[0],
.keylen = (u32)(sizeof(_public_key_bytes)), //294
.pkey_algo = "rsa",
.id_type = "X509",
};
struct public_key_signature sig = {
.s = _sign,
.s_size = (u32)(sizeof(_sign)), //256
.digest = _digest,
.digest_size = (u32)(sizeof(_digest)), //32
.pkey_algo = "rsa",
.hash_algo = "sha256",
.encoding = "pkcs1",
};
int ret = public_key_verify_signature(&rsa_pub_key,&sig);
pr_alert("ret is %d",ret);
return ret;
}
public_key_verify_signature always return -74
#define EBADMSG 74 /* Not a data message */
i am not sure what the problem is,any help would be greatly appreciated.
I solved this problem myself
It is because the der file generated by the openssl command cannot be used directly, and the shell needs to be peeled to obtain an appropriate offset。