Arm Mbed OS support forum

Sha256 hash signature verify with public key issues

Hi All,

Having some issues verifying a signature generated from a private key with a public key. The verify is failing on step 8 in ecdsa_verify_restartable(); (MBEDTLS_ERR_ECP_VERIFY_FAILED)
What’s weird is that openssl can verify the signature okay with the command.

openssl dgst -sha256 -verify publicKey_pem.pem -signature data.sig hash.bin
Verified OK

The data.sig and hash.bin are binary files and i’ve converted those to char arrays as below in the code.

/***************/
//my hash and signature are:
unsigned char hash_bin[] = {
  0x89, 0x24, 0xe5, 0xb5, 0xde, 0x65, 0xb1, 0xde, 0x9d, 0x50, 0x4b, 0x3d,
  0xdc, 0x26, 0x98, 0x27, 0xaf, 0x8e, 0x5d, 0x79, 0x96, 0x5e, 0xa1, 0x86,
  0xf8, 0xc5, 0x6c, 0x43, 0xb6, 0x06, 0x59, 0x76
};
unsigned int hash_bin_len = 32;

unsigned char data_sig[] = {
  0x30, 0x45, 0x02, 0x20, 0x0f, 0x9e, 0xf7, 0xa8, 0x55, 0x29, 0xf9, 0x70,
  0x40, 0x6d, 0xf0, 0xb5, 0xeb, 0x49, 0x69, 0xdb, 0x84, 0xdb, 0x2a, 0xdc,
  0xa0, 0x18, 0x10, 0x4d, 0xe4, 0xe9, 0xcc, 0x33, 0xbe, 0xa0, 0xe9, 0x8b,
  0x02, 0x21, 0x00, 0xc4, 0x6a, 0xfa, 0x2d, 0x87, 0x62, 0xcc, 0x45, 0xa1,
  0xbc, 0x66, 0x6a, 0x9a, 0x7f, 0x5d, 0xa0, 0x8f, 0x52, 0x06, 0xdc, 0xa9,
  0xe6, 0xf6, 0x9a, 0x89, 0x62, 0xf2, 0xeb, 0x65, 0xbb, 0x58, 0x4a
};
unsigned int data_sig_len = 71;

//publickey
unsigned char publicKey_pem[] = {
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50,
  0x55, 0x42, 0x4c, 0x49, 0x43, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x0a, 0x4d, 0x46, 0x6b, 0x77, 0x45, 0x77, 0x59, 0x48, 0x4b,
  0x6f, 0x5a, 0x49, 0x7a, 0x6a, 0x30, 0x43, 0x41, 0x51, 0x59, 0x49, 0x4b,
  0x6f, 0x5a, 0x49, 0x7a, 0x6a, 0x30, 0x44, 0x41, 0x51, 0x63, 0x44, 0x51,
  0x67, 0x41, 0x45, 0x71, 0x67, 0x30, 0x6e, 0x6e, 0x75, 0x4d, 0x63, 0x66,
  0x75, 0x77, 0x36, 0x54, 0x4f, 0x35, 0x54, 0x68, 0x79, 0x64, 0x4e, 0x6f,
  0x56, 0x59, 0x38, 0x6c, 0x6d, 0x70, 0x37, 0x0a, 0x43, 0x72, 0x53, 0x62,
  0x34, 0x47, 0x44, 0x55, 0x68, 0x61, 0x78, 0x41, 0x36, 0x33, 0x43, 0x52,
  0x6a, 0x36, 0x71, 0x55, 0x37, 0x45, 0x32, 0x52, 0x46, 0x33, 0x6a, 0x43,
  0x66, 0x43, 0x37, 0x6d, 0x54, 0x71, 0x51, 0x7a, 0x39, 0x68, 0x73, 0x72,
  0x64, 0x66, 0x72, 0x76, 0x56, 0x47, 0x6e, 0x67, 0x32, 0x73, 0x46, 0x72,
  0x2b, 0x31, 0x46, 0x55, 0x79, 0x67, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43,
  0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x00
};
unsigned int yubikeyPublicKey_pem_len = 178;

/* or 
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqg0nnuMcfuw6TO5ThydNoVY8lmp7
CrSb4GDUhaxA63CRj6qU7E2RF3jCfC7mTqQz9hsrdfrvVGng2sFr+1FUyg==
-----END PUBLIC KEY-----
*/

//my code that is used for the verify is:
	mbedtls_pk_context ctx;
	mbedtls_pk_init(&ctx);

	mbedtls_pk_parse_public_key(&ctx, (unsigned char *)publicKey_pem, strlen((const char *)publicKey_pem)+1);

	ret = mbedtls_pk_verify(&ctx, MBEDTLS_MD_SHA256,
			hash_bin, hash_bin_len,
			data_sig, data_sig_len);


/***************/

my config.h file is:
MBEDTLS_HAVE_ASM
MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_REMOVE_ARC4_CIPHERSUITES
MBEDTLS_ECP_DP_SECP256R1_ENABLED
MBEDTLS_ECP_DP_SECP256K1_ENABLED
MBEDTLS_ECP_NIST_OPTIM
MBEDTLS_ECDSA_DETERMINISTIC
MBEDTLS_ERROR_STRERROR_DUMMY
MBEDTLS_ASN1_PARSE_C
MBEDTLS_ASN1_WRITE_C
MBEDTLS_BASE64_C
MBEDTLS_BIGNUM_C
MBEDTLS_CTR_DRBG_C
MBEDTLS_ECDSA_C
MBEDTLS_ECP_C
MBEDTLS_HMAC_DRBG_C
MBEDTLS_MD_C
MBEDTLS_OID_C
MBEDTLS_PEM_PARSE_C
MBEDTLS_PK_C
MBEDTLS_PK_PARSE_C
MBEDTLS_SHA256_C

can anyone advise what I’m missing here, i’m using mbedtls verison 2.24

okay, the issue was due to the mbedtls_pk_verify method and the parameter mbedtls_md_type_t being set to MBEDTLS_MD_SHA256.
I expected that since i set the MBEDTLS_MD_SHA256 type, I would need to pass a sha256 hash array. but instead the verify applies sha256 to the data you pass it in the verify. I attempted to turn off this feature with MBEDTLS_MD_NONE, but if you set this value the verify method does not attempt to verify.