Re: Bug in ECDSA_do_sign?

Mon, 12 Oct 2009 15:31:51 -0700 

Hi,
In order to be able to sign a digest with ECDSA, the bit length of the digest value must be lesser than or equal to the bit size of field used in the elliptic curve. So, if you want to sign an SHA-256 digest, you must use an elliptic curve defined over a field with a bit size greater than 256. 


The sample code you modified is using the |wap-wsg-idm-ecid-wtls8 curve 
which is defined over a 112 bits prime field. Thus, it is normal that 
ECDSA_do_sign fail because the input size (256 bit) is greater than 112.
You have two possible solutions here: either use another curve with a 
bigger field (like ||secp256k1 or ||secp384r1) or truncate the digest 
value to be lesser than or equal to 14 bytes (equivalent to 112 bits)


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
|

Kirk81 wrote:

Actually I'm looking for the EVP interface and I found out that 'The EVP
interface should almost always be used in preference to the low level
interfaces. This is because the code then becomes transparent to the

algorithm used and much more flexible'. It might be true but... 


...I would like to know, how can I use the low level functions for the
example that I posted?! What am I missing? Anyone can help me?



Dr. Stephen Henson wrote:

  

On Fri, Oct 09, 2009, Kirk81 wrote:


    

Hello,

I found your example of ECDSA_do_sign/verify very uselful.

Now I'm trying to modify the code and I would like to use an SHA-256's
message digest in your sign function. Something like:

unsigned char obuf[32];

SHA-256(data, len, obuf);

// now, in obuf there's the message digest (calculated using the SHA-256
function).

but I have an error in the ECDSA_do_sign function when I pass the message
digest in this way:
sig = ECDSA_do_sign(obuf, 32, pkey);


what's wrong? 


Problably I'm missing the conversion between data types: I mean,
something
used to convert the output of the SHA to an integer. In this case: which
function should I use and how?


      

I'd suggest you try OpenSSL 1.0.0 and the EVP interface instead. 


Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org



    



  


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to