Hi All,
Having some issues verifying a signature generated from a private key with a public key. The verify is failing on step 8 in ecdsa_verify_restartable(); (MBEDTLS_ERR_ECP_VERIFY_FAILED)
What’s weird is that openssl can verify the signature okay with the command.
openssl dgst -sha256 -verify publicKey_pem.pem -signature data.sig hash.bin
Verified OK
The data.sig and hash.bin are binary files and i’ve converted those to char arrays as below in the code.
/***************/
//my hash and signature are:
unsigned char hash_bin[] = {
0x89, 0x24, 0xe5, 0xb5, 0xde, 0x65, 0xb1, 0xde, 0x9d, 0x50, 0x4b, 0x3d,
0xdc, 0x26, 0x98, 0x27, 0xaf, 0x8e, 0x5d, 0x79, 0x96, 0x5e, 0xa1, 0x86,
0xf8, 0xc5, 0x6c, 0x43, 0xb6, 0x06, 0x59, 0x76
};
unsigned int hash_bin_len = 32;
unsigned char data_sig[] = {
0x30, 0x45, 0x02, 0x20, 0x0f, 0x9e, 0xf7, 0xa8, 0x55, 0x29, 0xf9, 0x70,
0x40, 0x6d, 0xf0, 0xb5, 0xeb, 0x49, 0x69, 0xdb, 0x84, 0xdb, 0x2a, 0xdc,
0xa0, 0x18, 0x10, 0x4d, 0xe4, 0xe9, 0xcc, 0x33, 0xbe, 0xa0, 0xe9, 0x8b,
0x02, 0x21, 0x00, 0xc4, 0x6a, 0xfa, 0x2d, 0x87, 0x62, 0xcc, 0x45, 0xa1,
0xbc, 0x66, 0x6a, 0x9a, 0x7f, 0x5d, 0xa0, 0x8f, 0x52, 0x06, 0xdc, 0xa9,
0xe6, 0xf6, 0x9a, 0x89, 0x62, 0xf2, 0xeb, 0x65, 0xbb, 0x58, 0x4a
};
unsigned int data_sig_len = 71;
//publickey
unsigned char publicKey_pem[] = {
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50,
0x55, 0x42, 0x4c, 0x49, 0x43, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x0a, 0x4d, 0x46, 0x6b, 0x77, 0x45, 0x77, 0x59, 0x48, 0x4b,
0x6f, 0x5a, 0x49, 0x7a, 0x6a, 0x30, 0x43, 0x41, 0x51, 0x59, 0x49, 0x4b,
0x6f, 0x5a, 0x49, 0x7a, 0x6a, 0x30, 0x44, 0x41, 0x51, 0x63, 0x44, 0x51,
0x67, 0x41, 0x45, 0x71, 0x67, 0x30, 0x6e, 0x6e, 0x75, 0x4d, 0x63, 0x66,
0x75, 0x77, 0x36, 0x54, 0x4f, 0x35, 0x54, 0x68, 0x79, 0x64, 0x4e, 0x6f,
0x56, 0x59, 0x38, 0x6c, 0x6d, 0x70, 0x37, 0x0a, 0x43, 0x72, 0x53, 0x62,
0x34, 0x47, 0x44, 0x55, 0x68, 0x61, 0x78, 0x41, 0x36, 0x33, 0x43, 0x52,
0x6a, 0x36, 0x71, 0x55, 0x37, 0x45, 0x32, 0x52, 0x46, 0x33, 0x6a, 0x43,
0x66, 0x43, 0x37, 0x6d, 0x54, 0x71, 0x51, 0x7a, 0x39, 0x68, 0x73, 0x72,
0x64, 0x66, 0x72, 0x76, 0x56, 0x47, 0x6e, 0x67, 0x32, 0x73, 0x46, 0x72,
0x2b, 0x31, 0x46, 0x55, 0x79, 0x67, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43,
0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x00
};
unsigned int yubikeyPublicKey_pem_len = 178;
/* or
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqg0nnuMcfuw6TO5ThydNoVY8lmp7
CrSb4GDUhaxA63CRj6qU7E2RF3jCfC7mTqQz9hsrdfrvVGng2sFr+1FUyg==
-----END PUBLIC KEY-----
*/
//my code that is used for the verify is:
mbedtls_pk_context ctx;
mbedtls_pk_init(&ctx);
mbedtls_pk_parse_public_key(&ctx, (unsigned char *)publicKey_pem, strlen((const char *)publicKey_pem)+1);
ret = mbedtls_pk_verify(&ctx, MBEDTLS_MD_SHA256,
hash_bin, hash_bin_len,
data_sig, data_sig_len);
/***************/
my config.h file is:
MBEDTLS_HAVE_ASM
MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_REMOVE_ARC4_CIPHERSUITES
MBEDTLS_ECP_DP_SECP256R1_ENABLED
MBEDTLS_ECP_DP_SECP256K1_ENABLED
MBEDTLS_ECP_NIST_OPTIM
MBEDTLS_ECDSA_DETERMINISTIC
MBEDTLS_ERROR_STRERROR_DUMMY
MBEDTLS_ASN1_PARSE_C
MBEDTLS_ASN1_WRITE_C
MBEDTLS_BASE64_C
MBEDTLS_BIGNUM_C
MBEDTLS_CTR_DRBG_C
MBEDTLS_ECDSA_C
MBEDTLS_ECP_C
MBEDTLS_HMAC_DRBG_C
MBEDTLS_MD_C
MBEDTLS_OID_C
MBEDTLS_PEM_PARSE_C
MBEDTLS_PK_C
MBEDTLS_PK_PARSE_C
MBEDTLS_SHA256_C
can anyone advise what I’m missing here, i’m using mbedtls verison 2.24