Mbed forum

MbedTLS troubles with signature

(Milos Turicik) #1

Hi all!

I’m struggling with MBEDTLS on platform STM32F4xx. I had used this product for signing SOAP structure of XML document. So far, to create XML document, canonization (c14n) and prescribed element (tag) I’m usuing library LIBXML. Created cannonization string, HASH (“mbedtls_sha256_ret()”) and base64 (“mbedtls_base64_encode()”) is correct. The result I had comparred with another XML (correct) document.
But, I have a trouble with signature of this. I exported private key from *.p12 file by openssl to *.pem and parsing by mbedtls_pk_parse_key().
Algorithm to signing is RSA-SHA256.
String for this function (sign) after base64 encode is not the same as in correct XML document.
I’m check this key with public key in certificate by mbedtls_pk_check_pair() - with result 0.
I had tried signing by mbedtls_rsa_pkcs1_sign(), mbedtls_pk_sign(), private RSA key from the same *.p12 file - with the same wrong signature.
Questions:
Which settings of “mbedtls_config.h” affects the signature?
How to correctly sign the SOAP structure, described https://www.w3.org/TR/xmldsig-core1, by the MBEDTLS?

Thanks guys,
Milos.

(Ron Eldor) #2

HI @xmilos
Since you are using RSA signature, everytime you generate a new signature, it will be different then the previous, as there is randomness involved in PKCS#1 2.1 , for salt generation.

Is you generated signature verified correctly with the public key?

Regards,
Mbed TLS Tema member
Ron

(Milos Turicik) #3

Ron, thank you for your reply.

No, I didn’t test the signature with a public key. At the moment I found out that I did not correctly understand the SOAP structure of the signature and sign the wrong string.
I thought that the signature should always be different (since a random phenomenon enters into it), but in my case it is probably something wrong and my signature is a the same (PKCS # 1 1.5).
Thank you.
Milos.

(Ron Eldor) #4

Hi Milos,
Since you are using PKCS#1 1./5 ( It is better you use 2.1 unless your standard defines otherwise), the randomness is used only for key blinding. In fact, in mbedtls_rsa_rsassa_pkcs1_v15_sign() the f_rng parameter could be NULL.
regards,
Ron

(Milos Turicik) #5

Hi all,
the problem is solved and not related to MbedTLS, but with ignorance of the SOAP signing process.
Thanks.
Xmilos