On Tue, Mar 18, 2014 at 1:02 PM, axisofevil <douglas.b...@ceiva.com> wrote:
> I dug into source - it's in DER format so a sleezy hacked function is this: (
> I use curve NID_X9_62_prime256v1 )
> ECDSA_SIG * sig
> BIGNUM * r;
> BIGNUM * s;
>
> /* A correct DER-encoded signature has the following form:
>
> 0x30: a header byte indicating a compound structure.
> A 1-byte length descriptor for all what follows.
> 0x02: a header byte indicating an integer.
> A 1-byte length descriptor for the R value
> The R coordinate, as a big-endian integer.
> 0x02: a header byte indicating an integer.
> A 1-byte length descriptor for the S value.
> The S coordinate, as a big-endian integer.
> */
>
> r = BN_bin2bn( src+ 4, 32, NULL ); // create new bn here
> s = BN_bin2bn( src+ 4 +32 + 2, 32, NULL );
>
> if(!BN_copy(sig->r, r)) goto err;
> if(!BN_copy(sig->s, s)) goto err;
Be aware you can have one of two formats depending on your platform
and they dont interop on their own.
First is the signature format of IEEE P1363, which is a simple
concatenation of {r,s}. If the has is 20 bytes, then the signature is
40 bytes. Its used by OpenPGP, Crypto++, etc.
Second is the DER encoding:
SEQUENCE ::= {
r INTEGER,
s INTEGER }
It is used by OpenSSL, Java, etc.
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
