j2objc: java.security.Signature.verify method call failing with EXC_BAD_ACCESS error
I’m using version 1.3.1 of the J2ObjC library. I’m attempting to verify a SHA256WithRSA signature with the java.security.Signature class as follows:
BigInteger publicExponent = new BigInteger(PUBLIC_EXPONENT_BYTES);
BigInteger modulus = new BigInteger(MODULUS_BYTES);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
KeySpec keySpec = new RSAPublicKeySpec(modulus, publicExponent);
PublicKey publicKey = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance("SHA256WithRSA");
signature.initVerify(publicKey);
signature.update(dataBytes);
boolean signatureValid = signature.verify(signatureBytes);
I’ve verified the Java code and it runs okay. The translated code however falls over on the last line above with a EXC_BAD_ACCESS error. I have tried it both in the Simulator as well as on a real device.
I’m guessing that the code should run okay since it has translated from Java to Objective-C without issues. Is this a bug in the J2ObjC library or should I refrain from doing SHA256WithRSA signature verification in the translated code?
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 15 (7 by maintainers)
Commits related to this issue
- Issue #858 (not fixed): throw exception when RSA native key is not available for signature signing and verification. Change on 2017/05/24 by tball <tball@google.com> ------------- Created by MOE: h... — committed to google/j2objc by tomball 7 years ago
- Issue #858: implemented RSA signature verification. Change on 2017/06/01 by tball <tball@google.com> ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=157751896 — committed to google/j2objc by tomball 7 years ago
- Automated g4 rollback of changelist 157751896. *** Reason for rollback *** Breaks building with older MacOS SDKs. *** Original change description *** Issue #858: implemented RSA signature verifica... — committed to google/j2objc by aragos 7 years ago
- Automated g4 rollback of changelist 157830695. *** Reason for rollback *** Updated RSA verification to build on older macOS SDKs. *** Original change description *** Automated g4 rollback of chang... — committed to google/j2objc by tomball 7 years ago
- Issue #858: extract RSA public key from PKCS #12 formats. Change on 2017/06/14 by tball <tball@google.com> ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=159013750 — committed to google/j2objc by tomball 7 years ago
Argh! Creating a public key using your instructions failed to decode using your Gist. It looks like the issue is that RSA public keys can be encoded using DER in multiple legal ways. So hard-wiring the byte offsets to specific sequence patterns will work for certificates from one source and may fail from others.
I’m going to try what’s hopefully an easier and more robust solution: decode the certificate using sun.security.util.DerInputStream https://github.com/google/j2objc/blob/master/jre_emul/android/platform/libcore/ojluni/src/main/java/sun/security/util/DerInputStream.java, then create the secKey using a RSAPublicKeySpec with the modulus and exponent values from decoding. Wish me luck!
On Wed, Jun 7, 2017 at 7:58 AM Adil Hussain notifications@github.com wrote:
Fixed in current source, thanks for your help!
Thanks! I was most of the way toward a similar solution last night (we may have started from a similar StackOverflow question), but your code works and is simpler and easier to read. I’ll keep this code RSA-specific for now by calling it in IosRSAKey.IosRSAPublicKey(RSAPublicKeySpec). One thing that needs to be added is determining the key size from the RSAPublicKeySpec, which should be simple thanks to this answer. As a sanity test, is the size of your test key the size of its modulus (publicKey.getModulus().bitLength())?