Re: [mbed-tls] Signing messages with ECDSA - mbed-tls

20 Apr 2021


      Hi Stefano,
Assuming that the key is in PEM format and that the buffers (hash, tmp)
are large enough, I don't see anything wrong in the part of the code you
posted.
You posted code without error checking. Can you confirm that all
functions return 0?
mbedtls_pk_sign produces ECDSA signatures in ASN.1 format. The size of
the signature can be up to 104 bytes, and is often a few bytes shorter
because it consists of numbers in which leading zeros are omitted. Make
sure the tmp buffer is large enough. You can use
MBEDTLS_ECDSA_MAX_SIG_LEN(384) or MBEDTLS_ECDSA_MAX_LEN (from
mbedtls/ecdsa.h) as the signature buffer size.
72 bytes is the maximum size of a signature for a 256-bit key, reached
about 25% of the time. Are you sure you're signing with the key you
intended?
People may be able to help more if you post complete code that we can
run on our machine.
Best regards,
-- 
Gilles Peskine
Mbed TLS developer

On 20/04/2021 16:49, stefano664 via mbed-tls wrote:
> Hi all,
>   I have some problems with mbedTLS during ECDSA signing process.
>
> I followed the example supplied with the source code and write this code:
>
> mbedtls_pk_init(&pk);
> mbedtls_pk_parse_key(&pk, (const unsigned char *)
> flash.flash_ver0.ecc_priv_key, strlen(flash.flash_ver0.ecc_priv_key) +
> 1, (const unsigned char *)CA_DEF_ISSUER_PWD, CA_DEF_ISSUER_PWD_LEN);
> mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), msg, msg_len,
> hash);
> mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, tmp, (size_t *)&len,
> mbedtls_ctr_drbg_random, &ctr_drbg);
>
> The private key is an ECC key with 384 bit. I have two issue:
>
> 1) In tmp variable I found the signature, but it is 72 byte, instead
> of 96 (384*2/87);
> 2) On this signature I try to make a verify, but fails.
>
> Where I'm wrong?
>
> Best regards,
> Stefano
>