Comments (7)
Hi @Pablo-Jean,
Thanks for your interest in libecc
. In order to sign a buffer with SHA256, you will first have to import your private key and compute the public key in an internal ec_key_pair
structure using the ec_key_pair_import_from_priv_key_buf
API (with the buffer you extracted from the PEM file and the ec_params
corresponding to brainpool256r1
). You have examples of how to properly import the ec_params
in the src/tests/ec_self_tests_core.c
source file line 595, and the parameters are imported using import_params(¶ms, c->ec_str_p);
above where you will have to replace the c->ec_str_p
by &brainpoolp256r1_str_params
in your case (this is a reference to the library abstract representation of this specific brainpool parameter).
Then, once the key pair is imported (please check the return value to ensure that the operation was successful), you will be able to use the abstract API for signature ec_sign
with your ec_key_pair
, with the proper ec_alg_type
(ECDSA
in your case) and hash_alg_type
(SHA256
in your case). The other parameters are the message to be signed, its length, the signature to be produced, its length (a buffer of 64 bytes in your case), and no additional data (adata
to NULL and its length to zero). No need to precise the curve here as it is inherently deduced from the key pair object.
Hoping that the explanations are clear enough!
Regards,
from libecc.
Hi @Pablo-Jean,
Thanks for your interest in
libecc
. In order to sign a buffer with SHA256, you will first have to import your private key and compute the public key in an internalec_key_pair
structure using theec_key_pair_import_from_priv_key_buf
API (with the buffer you extracted from the PEM file and theec_params
corresponding tobrainpool256r1
). You have examples of how to properly import theec_params
in thesrc/tests/ec_self_tests_core.c
source file line 595, and the parameters are imported usingimport_params(¶ms, c->ec_str_p);
above where you will have to replace thec->ec_str_p
by&brainpoolp256r1_str_params
in your case (this is a reference to the library abstract representation of this specific brainpool parameter).Then, once the key pair is imported (please check the return value to ensure that the operation was successful), you will be able to use the abstract API for signature
ec_sign
with yourec_key_pair
, with the properec_alg_type
(ECDSA
in your case) andhash_alg_type
(SHA256
in your case). The other parameters are the message to be signed, its length, the signature to be produced, its length (a buffer of 64 bytes in your case), and no additional data (adata
to NULL and its length to zero). No need to precise the curve here as it is inherently deduced from the key pair object.Hoping that the explanations are clear enough! Regards,
Hi rb-anssi.
It's much clear now how to work with the library. But de generated signature isn't working. The code is to generate a signature for firmware, and, when de device downloads the binary from FOTA, then the device check if the signature matches.
I have an example in C# with .net that works perfectly, I will post the code that I have implemented based on your reply.
The private key comes from a .pem file, and the offset on the array is to go to the position where begins the private and the public key.
Sorry if boring you, but the ecdsa had some complexity do understand.
from libecc.
Hi,
It is not clear from your description how the signature is verified: is it with libecc or with another library (i.e. what do you mean by "the signature isn't working")? Please note that libecc handles raw binary signatures, while many other libraries use some PEM (ASN.1) encoding. The C# example you provide seem to point to raw binary though (signature buffer of 64).
Also, I see that the private key buffer is 128 bytes and I can't see the value of keyLen: it should be 32 bytes for a brainpool256 ECDSA signature (please confirm this). I suspect that the private key buffer is not really what you expect here.
Regards,
from libecc.
Hi,
It is not clear from your description how the signature is verified: is it with libecc or with another library (i.e. what do you mean by "the signature isn't working")? Please note that libecc handles raw binary signatures, while many other libraries use some PEM (ASN.1) encoding. The C# example you provide seem to point to raw binary though (signature buffer of 64).
Also, I see that the private key buffer is 128 bytes and I can't see the value of keyLen: it should be 32 bytes for a brainpool256 ECDSA signature (please confirm this). I suspect that the private key buffer is not really what you expect here.
Regards,
It's marked by another library, internal of the microcontroller (it's a CC2642, that implements some hardware accelerations).
Yes, the data is encoded with ASN.1, I have checked the raw data and matches with the hex value printed from openssl command (openssl ec -in .\privateKey.pem -noout -text
).
priv_key buffer has this 128-byte length, but I only use the 32 bytes (good point, I will fix this to reduce ram consumption). But I will make a double-check.
And, I have found a little (one byte, seriously) on other logic that will never match the verification of the ecdsa signature. So, I running another test, and I will tell will the result, something tells me that now will work.
from libecc.
Hi,
It is not clear from your description how the signature is verified: is it with libecc or with another library (i.e. what do you mean by "the signature isn't working")? Please note that libecc handles raw binary signatures, while many other libraries use some PEM (ASN.1) encoding. The C# example you provide seem to point to raw binary though (signature buffer of 64).
Also, I see that the private key buffer is 128 bytes and I can't see the value of keyLen: it should be 32 bytes for a brainpool256 ECDSA signature (please confirm this). I suspect that the private key buffer is not really what you expect here.
Regards,
So, worked! My fault (i knew it).
But worked :D nicely, it's only a byte at the beginning of the message, that I haven't correctly offset to insert the signature, then, when the microcontroller tries to run the ECDSA, one byte is wrong, and the key won't match.
Thank your @rb-anssi for all the support!
from libecc.
Great news if this works :-)
No problem or the support, with pleasure. By the way, some word of advice regarding manually parsing PEM / ASN.1 format: there might/will be some issues with leading zeroes and the way big numbers are encoded (sometimes longer than 32 bytes, sometimes shorter because their representation is compact). Anyways, beware of the fact that a signature working once does not mean it will always work because of this potential PEM big number parsing issue.
Regards,
from libecc.
Thank you for the advice, I will be careful with these file types.
Thanks man!!
from libecc.
Related Issues (20)
- EdDSA and new curves HOT 5
- Minerva vulnerability? HOT 6
- rand does not include Wincrypt.h HOT 1
- The second g should be a 0 HOT 1
- functions with too much stack usage HOT 5
- conversion from 'word_t' to 'u8', possible loss of data HOT 2
- ECRDSA fuzzing mode bugfix
- Signature function's "help" function is incorrect HOT 1
- secp256k1 HOT 2
- Am I allowed to include the source of this in a project with a GPLv2 license? HOT 2
- Documentation HOT 2
- Error compilation example, overflow HOT 3
- Incorrect `ec_params` during startup HOT 3
- Unable to sign file with the example code from README HOT 2
- prj_pt_monty.c is missing HOT 5
- Support generating random numbers from an entropy buffer HOT 2
- Conflicting type for size_t and ssize_t
- conflicting types for βuint64_tβ HOT 2
- How to transform 'toy' examples to production example ? HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libecc.