Hi,

If the format of the signature is just the concatenation of r and s (which to the best of my knowledge is the only common format other than ASN.1), then the simplest thing to do is probably to use the PSA Crypto API to verify your signature, as that is the format it accepts natively. https://armmbed.github.io/mbed-crypto/html/api/ops/sign.html#c.psa_sign_hash

If you want to stick with mbedtls_pk_verify() you'll need to transcode your signature. There's a function doing that inside Mbed TLS, however it's private: pk_ecdsa_sig_asn1_from_psa() in library/pk_wrap.c. But should be able to make a copy for use in your own code.

Hope that helps,
Manuel.
From: Deep Patel via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: 30 March 2022 01:48
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] ECDSA Help
 

 

Hello,

 

mbedTLS has ECDSA module that takes Signature with ASN1 encoding as input

mbedtls_pk_verify()

 

The Signature I receive is without ASN1 encoded.

 

Trying to find an implementation within mbedTLS that can add ASN1 to signature before I feed into the verify function.

 

Any help ?

 

 

RF IDeas

Deep Patel

Sr. Embedded Software Engineer

 

D: 

224-333-2084

 

P: 

847-870-1723 Ext 437

 

E: 

ddpatel@rfideas.com

 

A: 

425 North Martingale Road, Suite 1680, Schaumburg, IL 60173