Hi there,
I need to verify an ECDSA signature. I do have the public key (got that via network) and message and signature and nothing else. I do understand how to compute the message hash and everything, but I’m somehow a bit lost on how to import the public key into the mbedtls_ecdsa_context. Could anybody provide me with a brief example on how to do this? Would be greatly appreciated.
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
//Importing the public key into ctx goes here
mbedtls_sha256(message, sizeof(message), hash, 0);
int ret = mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash), sig, sizeof(sig));
Just a quick update, my code right now looks like this:
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
mbedtls_ecp_keypair key;
mbedtls_ecp_group grp;
mbedtls_ecp_group_init(&grp);
mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP192K1);
mbedtls_ecp_keypair_init(&key);
mbedtls_ecp_point_read_binary(&grp, &key.Q, sig, sizeof(sig)); // Key here instead of sig
mbedtls_ecdsa_from_keypair(&ctx, &key);
mbedtls_sha256(message, sizeof(message), hash, 0);
int ret = mbedtls_ecdsa_read_signature(&ctx, hash, sizeof(hash), sig, sizeof(sig));
This just returns -0x4FE2 which I do not even find in the docs. I have really no idea what I am doing wrong here…
Got reading a key working. The problem was that I read it from a PEM-File that had lines terminating with \n but mbedtls expects \r\n (which as far as I’m aware is mentioned absolutely nowhere).
However, now mbedtls_ecdsa_read_signature is returning -20450 which suggests a non-valid signature. My signature is MEYCIQDZNBois49jeGQqfJYdWbtK6F2Vz/UzT0hS5nJ0r6cw7QIhAJ7NtGp3UNNXK78XWDCEX0VYMQax9hJvGh8iSjLUXfJe and it’s definitely valid. Is mbedtls maybe expecting another format?
