7

I am using digital certificates to sign data files in my App. The code fragment below fails when the call to SecKeyRawVerify returns with -9809. This is running on an iPhone. I can't even identify exactly what this error code means

The prior Security Framework calls to load and create the SecTrustRef from which the public key is obtained seem fine - no errors. The only slight issue is that the call to SecTrustEvaluate returns a kSecTrustResultUnspecified, but I assume that is because the policy I am using is the boilerplate one returned by the SecPolicyCreateBasicX509 call.

Any assistance or insight would be very much appreciated.

Thanks

SecKeyRef keyRef = SecTrustCopyPublicKey (trustRef);

fileURL = [[NSBundle mainBundle] URLForResource:@"data" withExtension:@"txt"];
NSData *data = [NSData dataWithContentsOfURL:fileURL];

fileURL = [[NSBundle mainBundle] URLForResource:@"data" withExtension:@"sgn"];
NSData *signature = [NSData dataWithContentsOfURL:fileURL];

NSLog(@"Hash block size = %zu",SecKeyGetBlockSize(keyRef));

status = SecKeyRawVerify (keyRef,
                          kSecPaddingPKCS1SHA1,
                          (const uint8_t *)[data bytes],
                          (size_t)[data length],
                          (const uint8_t *)[signature bytes],
                          (size_t)[signature length]
                          );
jww
  • 97,681
  • 90
  • 411
  • 885
drew
  • 2,371
  • 2
  • 19
  • 27

2 Answers2

3

That error is defined (along with other related ones) in /System/Library/Frameworks/Security.framework/Headers/SecureTransport.h as errSSLCrypto. The comment there calls it "underlying cryptographic error", which is not a particularly descriptive description.

One thought: kSecTrustResultUnspecified means that the trust level is equal to the default system policy. Are all the certificates in the chain trusted?

Andrew Schleifer
  • 389
  • 2
  • 6
  • I'm not 100% certain. The root cert for the chain is self signed and the signing certificate is signed by that root, so the chain itself is good, although at a system level there is no trust in the root. The certs are not loaded into the keychain - the trustRef is created dynamically using the certs loaded from a pkcs12 blob – drew May 26 '12 at 07:03
2

I've discovered what's happening. The SecKeyRawVerify call takes the digest of your data as the input, not the data itself. The code below works - and incidentally, if the signature is not verified because the underlying data has changed, then the status return is -9809.

Thanks 

CC_SHA1((const void *)[data bytes], [data length], (unsigned char *)hash);

status = SecKeyRawVerify (keyRef,
                          kSecPaddingPKCS1SHA1,
                          hash,
                          20,
                          (const uint8_t *)[signature bytes],
                          SecKeyGetBlockSize(keyRef)
                          );
drew
  • 2,371
  • 2
  • 19
  • 27
  • 1
    It's not that `SecKeyRawVerify` expects the hash of your data. It's that whatever you used to generate the signature in the first place created a signature based on the hash of your data. – Greg May 22 '14 at 20:05