Arm Mbed OS support forum

Restartable version of 'mbedtls_ecdsa_verify' or convert signature from r+s to DER/PEM?

Hi guys,

I’m currently using “mbedtls_ecdsa_verify” as suggested here for ecdsa verification because my signature is encoded as ‘r+s’ (binary data 64 bytes for the MBEDTLS_ECP_DP_SECP256R1 curve).

The problem is that this function takes too long to process and this triggers a watchdog reset on my single thread embedded device (no RTOS used).

I saw that “mbedtls_ecdsa_read_signature_restartable” was added in the library to solve this issue but it doesn’t work for me because of the format of my signature.

Is there a “restartable” version of “mbedtls_ecdsa_verify” ?

Or, alternatively, is there a way I can convert my signature from RAW into DER or PEM so I can use “mbedtls_ecdsa_read_signature_restartable” ?

Currently I load my signature in raw format using ‘mbedtls_mpi_read_binary’ for ‘r’ and ‘s’ and then call ‘mbedtls_ecdsa_verify’.

Sergio Soares - ON Semiconductor