Doubt in generate a Signature isong ECDSA brainpool method about libecc HOT 7 CLOSED

Hi @Pablo-Jean,

Thanks for your interest in libecc. In order to sign a buffer with SHA256, you will first have to import your private key and compute the public key in an internal ec_key_pair structure using the ec_key_pair_import_from_priv_key_buf API (with the buffer you extracted from the PEM file and the ec_params corresponding to brainpool256r1). You have examples of how to properly import the ec_params in the src/tests/ec_self_tests_core.c source file line 595, and the parameters are imported using import_params(&params, c->ec_str_p); above where you will have to replace the c->ec_str_p by &brainpoolp256r1_str_params in your case (this is a reference to the library abstract representation of this specific brainpool parameter).

Then, once the key pair is imported (please check the return value to ensure that the operation was successful), you will be able to use the abstract API for signature ec_sign with your ec_key_pair, with the proper ec_alg_type (ECDSA in your case) and hash_alg_type (SHA256 in your case). The other parameters are the message to be signed, its length, the signature to be produced, its length (a buffer of 64 bytes in your case), and no additional data (adata to NULL and its length to zero). No need to precise the curve here as it is inherently deduced from the key pair object.

Hoping that the explanations are clear enough!
Regards,

from libecc.

Hi @Pablo-Jean,

Thanks for your interest in libecc. In order to sign a buffer with SHA256, you will first have to import your private key and compute the public key in an internal ec_key_pair structure using the ec_key_pair_import_from_priv_key_buf API (with the buffer you extracted from the PEM file and the ec_params corresponding to brainpool256r1). You have examples of how to properly import the ec_params in the src/tests/ec_self_tests_core.c source file line 595, and the parameters are imported using import_params(&params, c->ec_str_p); above where you will have to replace the c->ec_str_p by &brainpoolp256r1_str_params in your case (this is a reference to the library abstract representation of this specific brainpool parameter).

Then, once the key pair is imported (please check the return value to ensure that the operation was successful), you will be able to use the abstract API for signature ec_sign with your ec_key_pair, with the proper ec_alg_type (ECDSA in your case) and hash_alg_type (SHA256 in your case). The other parameters are the message to be signed, its length, the signature to be produced, its length (a buffer of 64 bytes in your case), and no additional data (adata to NULL and its length to zero). No need to precise the curve here as it is inherently deduced from the key pair object.

Hoping that the explanations are clear enough! Regards,

Hi rb-anssi.

It's much clear now how to work with the library. But de generated signature isn't working. The code is to generate a signature for firmware, and, when de device downloads the binary from FOTA, then the device check if the signature matches.

I have an example in C# with .net that works perfectly, I will post the code that I have implemented based on your reply.

The private key comes from a .pem file, and the offset on the array is to go to the position where begins the private and the public key.

Sorry if boring you, but the ecdsa had some complexity do understand.

from libecc.

Hi,

It is not clear from your description how the signature is verified: is it with libecc or with another library (i.e. what do you mean by "the signature isn't working")? Please note that libecc handles raw binary signatures, while many other libraries use some PEM (ASN.1) encoding. The C# example you provide seem to point to raw binary though (signature buffer of 64).

Also, I see that the private key buffer is 128 bytes and I can't see the value of keyLen: it should be 32 bytes for a brainpool256 ECDSA signature (please confirm this). I suspect that the private key buffer is not really what you expect here.

Regards,

from libecc.

Hi,

It is not clear from your description how the signature is verified: is it with libecc or with another library (i.e. what do you mean by "the signature isn't working")? Please note that libecc handles raw binary signatures, while many other libraries use some PEM (ASN.1) encoding. The C# example you provide seem to point to raw binary though (signature buffer of 64).

Also, I see that the private key buffer is 128 bytes and I can't see the value of keyLen: it should be 32 bytes for a brainpool256 ECDSA signature (please confirm this). I suspect that the private key buffer is not really what you expect here.

Regards,

It's marked by another library, internal of the microcontroller (it's a CC2642, that implements some hardware accelerations).
Yes, the data is encoded with ASN.1, I have checked the raw data and matches with the hex value printed from openssl command (openssl ec -in .\privateKey.pem -noout -text ).

priv_key buffer has this 128-byte length, but I only use the 32 bytes (good point, I will fix this to reduce ram consumption). But I will make a double-check.

And, I have found a little (one byte, seriously) on other logic that will never match the verification of the ecdsa signature. So, I running another test, and I will tell will the result, something tells me that now will work.

from libecc.

Hi,

It is not clear from your description how the signature is verified: is it with libecc or with another library (i.e. what do you mean by "the signature isn't working")? Please note that libecc handles raw binary signatures, while many other libraries use some PEM (ASN.1) encoding. The C# example you provide seem to point to raw binary though (signature buffer of 64).

Also, I see that the private key buffer is 128 bytes and I can't see the value of keyLen: it should be 32 bytes for a brainpool256 ECDSA signature (please confirm this). I suspect that the private key buffer is not really what you expect here.

Regards,

So, worked! My fault (i knew it).
But worked :D nicely, it's only a byte at the beginning of the message, that I haven't correctly offset to insert the signature, then, when the microcontroller tries to run the ECDSA, one byte is wrong, and the key won't match.

Thank your @rb-anssi for all the support!

from libecc.

Great news if this works :-)

No problem or the support, with pleasure. By the way, some word of advice regarding manually parsing PEM / ASN.1 format: there might/will be some issues with leading zeroes and the way big numbers are encoded (sometimes longer than 32 bytes, sometimes shorter because their representation is compact). Anyways, beware of the fact that a signature working once does not mean it will always work because of this potential PEM big number parsing issue.

Regards,

from libecc.

Thank you for the advice, I will be careful with these file types.

Thanks man!!

from libecc.