Verify a previously ECDSA (256p1) signature generated and a public key ( generated by python )

  • i have tried so hard to impliment an application that read from memory ( the public key ) and verify a previously generated signature for a hash ( i hashed a binary file with a 64bite chunck using python hashlib sha256 ) .

    const unsigned char hash[] = {0x0c, 0xb0, 0x18, 0x4b, 0x64, 0xef, 0xe4, 0x22, 0x36, 0x26, 0xfa, 0x04, 0xe8, 0xdf, 0xf4, 0x13, 0x46, 0x86, 0xfa, 0x38, 0xca, 0xb6, 0xc0, 0x02, 0x30, 0x51, 0x81, 0x75, 0x2e, 0xc8, 0x3f, 0xaa};

    const unsigned char sig[] = {0x30, 0x45, 0x02, 0x20, 0x3c, 0x36, 0xda, 0xed, 0x2d, 0x0b, 0xf4, 0xed, 0x65, 0x05, 0x86, 0x9a, 0x1b, 0x8e, 0x07, 0x06, 0x9a, 0x85, 0x0d, 0x5c, 0xb9, 0xc8, 0xbd, 0xe2, 0x60, 0x3b, 0x76, 0x04, 0x4f, 0x89, 0x8e, 0x96, 0x02, 0x21, 0x00, 0x88, 0x8a, 0x60, 0x3f, 0x5c, 0xea, 0xd7, 0x0f, 0xcd, 0x8e, 0xe7, 0xf1, 0x2a, 0x5f, 0xe0, 0x62, 0xee, 0x3e, 0xa9, 0xe8, 0xa6, 0xfa, 0xcb, 0xb9, 0xe8, 0xdb, 0x40, 0x3d, 0x87, 0xd6, 0xaf, 0xa8};

    const unsigned char pkey[] = {0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x41, 0x25, 0x6f, 0xbe, 0x8b, 0x5b, 0x18, 0xfc, 0x0b, 0x02, 0x60, 0x95, 0xcf, 0x97, 0x5e, 0xc1, 0xb8, 0xef, 0x92, 0x77, 0xf2, 0xd9, 0xf7, 0x44, 0x08, 0xa5, 0x0d, 0x63, 0x85, 0x70, 0x27, 0x86, 0x12, 0xf0, 0x77, 0x7d, 0xde, 0x8d, 0x88, 0x69, 0xfd, 0xe6, 0x69, 0xad, 0xcd, 0xe8, 0x9d, 0x58, 0x59, 0xf2, 0x28, 0x14, 0x7b, 0x7a, 0x06, 0x91, 0x09, 0xca, 0x5f, 0x67, 0xd0, 0xde, 0x67, 0x9a};

    my algo :

    if( ( ret = mbedtls_pk_parse_public_key( &pk, pkey, spk ) ) == 0 )
    if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, sizehash, sig, sizesig ) ) == 0 )
    mbedtls_pk_free( &pk );


i use the STM32L4 HAL and the IAR EMWORK Compiler even i generted a pubkey , signature, hash using mbedtls ( ecdsa.c ) , every time , i get unsucess resultes ( bad signature ) . so how i can read a public key and signature and verify if this signature is OK on NO ?

mbed TLS build:
Version: 2.16.0

Compiler : IAR Compiler
Additional environment information: STM32L4_HALs

I believed I have answered your question in the github issue
Mbed TLS Team member

How char pkey[] is generated?
With mbedtls_pk_parse_public_key()should use PEM or DER format?

As mentioned in the function description, mbedtls_pk_parse_public_key() can receive both PEM or DER format. To parse PEM format, you will need to have MBEDTLS_PEM_PARSE_C configured.