Hi,
I am building a Hardware Security Module (HSM from Microchip) based application which uses the mbedtls library. In the application I need to verify an ECDSA signature that is generated by HSM, below mentioned are the execution steps followed:
1: A mbedtls context is created.
code:
mbedtls_pk_context pkey;
2: The context is setup by the HSM based on the ECC keys:
code:
atca_mbedtls_pk_init(&pkey, 0);
3: Signing of a hash is performed by the HSM
code:
atcab_sign(0, hash, buf);
Signature output:
(625) TEST: ba 6d b4 fd e9 74 ac f9 3f 70 fa 81 12 ce 1e ca
I (625) TEST: fc 3a 1a 4e ea 91 b7 3e 3a 44 0c e8 43 d6 a7 c4
I (635) TEST: ef f6 fa 62 75 1f 46 07 4b 1e f6 6f 9b 63 21 83
I (635) TEST: c6 b0 45 3a a4 c1 6c 7e e5 0b fd 01 7b fd a8 4a
I (645) TEST: 0a 00 00 00 01 00 00 00 08 d0 0e 80 f0 64 fb 3f
I (645) TEST: 89 08 00 00 34 f0 fa 3f c8 f1 fa 3f f0 64 fb 3f
I (655) TEST: 0a 00 00 00 e2 31 40 3f 24 67 fb 3f 00 ff 00 00
I (665) TEST: 0f 00 00 00 00 00 00 ff b4 47 0f 80 00 68 fb 3f
I (665) TEST: c8 31 40 3f 9c 6a fb 3f 5c 26 08 40 f0 bf 00 40
I (675) TEST: 30 03 06 00 39 93 08 80 bd 01 00 00 b4 47 08 40
I (685) TEST: 1c 31 40 3f 19 73 08 80 60 00 00 00 00 00 00 00
I (685) TEST: 03 00 00 00 c4 7b fb 3f 28 7c fb 3f 01 00 00 00
I (695) TEST: 00 00 00 00 b4 47 08 80 a0 65 fb 3f dc 00 f0 3f
I (705) TEST: 01 00 00 00 d4 13 fb 3f 00 00 00 00 00 00 00 00
I (705) TEST: 00 00 00 00 1e 00 00 00 ff ff ff ff f0 bf 00 40
I (715) TEST: 30 01 06 00 39 93 08 80 5c 26 08 40 b4 47 08 40
I (725) TEST: 30 03 06 00 19 73 08 80 5c 26 08 40 f0 bf 00 40
I (725) TEST: 30 01 06 00 39 93 08 80 5c 26 08 40 b4 47 08 40
I (735) TEST: 30 03 06 00 19 73 08 80 5c 26 08 40 f0 bf 00 40
I (745) TEST: 30 0f 06 00 39 93 08 80 5c 26 08 40 b4 47 08 40
I (745) TEST: 30 01 06 00 19 73 08 80 60 66 fb 3f 00 00 00 00
I (755) TEST: ff ff ff ff c4 7b fb 3f 28 7c fb 3f 01 00 00 00
I (765) TEST: 00 00 00 00 b4 47 08 80 40 66 fb 3f dc 00 f0 3f
I (765) TEST: 01 00 00 00 d4 13 fb 3f 00 00 00 00 00 00 00 00
I (775) TEST: 00 00 00 00 1e 00 00 00 ff ff ff ff 66 28 08 40
I (775) TEST: e0 c2 00 40 f6 c2 00 40 ff ff ff ff 66 28 08 40
I (785) TEST: 00 00 00 00 22 65 08 40 cc 99 fa 3f 00 00 00 00
I (795) TEST: 00 00 00 00 00 00 00 00 ff ff 3f b3 00 00 00 00
I (795) TEST: 00 00 00 00 00 00 00 00 00 34 34 35 16 32 40 3f
I (805) TEST: 1f 00 00 00 00 68 fb 3f 7e 00 00 00 60 66 fb 3f
I (815) TEST: b8 26 fb 3f ff ff ff ff 2d 89 0d 80 80 66 fb 3f
I (815) TEST: 78 7b fb 3f d0 66 fb 3f c4 7b fb 3f 28 7c fb 3f
I (825) TEST: 01 00 00 00 00 00 00 00 8d 66 0d 80 34 66 fb 3f
I (835) TEST: 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00
I (835) TEST: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
I (845) TEST: f4 7b fb 3f 00 00 00 00 03 00 00 00 01 00 00 00
I (855) TEST: 01 00 00 00 00 00 00 00 e0 67 fb 3f c0 67 fb 3f
I (855) TEST: 18 00 00 00 03 00 00 00 3c 66 fb 3f 00 00 00 00
I (865) TEST: 34 f0 fa 3f 16 32 40 3f 9c 6a fb 3f 7e 00 00 00
I (875) TEST: 00 00 00 00 03 00 00 00 73 00 00 00 16 32 40 3f
I (875) TEST: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I (885) TEST: db 00 00 00 01 00 00 00 7e 00 00 00 00 00 00 00
I (895) TEST: 00 00 00 00 b0 ce 40 3f 00 00 00 00 00 00 00 00
I (895) TEST: 00 00 00 00 00 00 00 00 40 67 fb 3f e4 66 fb 3f
I (905) TEST: 00 00 00 00 00 00 00 00 01 00 00 00 50 66 fb 3f
I (915) TEST: db 00 00 00 50 66 fb 3f 68 b6 08 80 80 67 fb 3f
I (915) TEST: dc cf 0e 40 1c 31 40 3f e0 67 fb 3f c0 67 fb 3f
I (925) TEST: 0c 00 00 00 0b 00 00 00 c0 67 fb 3f 0c 00 00 00
I (925) TEST: 28 00 00 00 00 67 fb 3f 84 52 0d 80 b0 67 fb 3f
I (935) TEST: 03 00 00 00 1c 31 40 3f e0 67 fb 3f c0 67 fb 3f
I (945) TEST: 0c 00 00 00 03 00 00 00 e4 31 40 3f e0 67 fb 3f
I (945) TEST: c0 67 fb 3f 0c 00 00 00 28 55 0d 80 00 68 fb 3f
I (955) TEST: 2c 30 fb 3f 00 00 00 00 e0 67 fb 3f c0 67 fb 3f
I (965) TEST: 0c 00 00 00 b0 ce 40 3f 00 00 00 00 00 00 00 00
I (965) TEST: 00 00 00 00 bd 01 00 00 1c 31 40 3f 00 68 fb 3f
I (975) TEST: ff c8 fc 89 f9 10 06 3e e4 31 40 3f bd 01 00 00
I (985) TEST: 1c 31 40 3f 00 68 fb 3f 5a 55 0d 80 b0 68 fb 3f
I (985) TEST: 00 00 00 00 e4 24 fb 3f 4d 46 6b 77 45 77 59 48
I (995) TEST: 4b 6f 5a 49 7a 6a 30 43 41 51 59 49 4b 6f 5a 49
I (1005) TEST: 7a 6a 30 44 41 51 63 44 51 67 41 45 71 73 65 36
I (1005) TEST: 63 63 47 73 6c 65 47 56 2b 39 6c 6b 62 39 71 67
I (1015) TEST: 4c 45 66 79 74 4c 6d 35 0d 0a 68 6d 43 5a 58 68
I (1025) TEST: 75 4f 6f 76 39 52 51 46 4b 78 39 47 45 72 46 5a
I (1025) TEST: 42 51 34 48 71 59 6a 30 66 70 54 76 64 43 65 2f
4: Verification of a signature is done through the mbedtls function, which failed with an error code: 0x4fe0. Which I am not able to find in the list of error codes.
Code:
ret = mbedtls_pk_verify(&pkey, MBEDTLS_MD_SHA256, hash, 0, buf, olen);
Verification output:
output
failed ! mbedtls_pk_verify returned 0x4fe0
Please Note:
- The key generation in the HSM is performed successfully, we are able to read the public keys from the HSM
Public key output:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqse6ccGsleGV+9lkb9qgLEfytLm5
hmCZXhuOov9RQFKx9GErFZBQ4HqYj0fpTvdCe//I/In5EAY+JLPbc63kZQ==
-----END PUBLIC KEY-----
- We are able to verify the signature with the HSM, but not able to verify it using mbedtls stack.