FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32 Crypto library, performing signing on a message file data not match with openssl data

PGhat.2
Associate

‎2022-04-09 06:27 AM

I am working on STM32 crypto library and using STM32L433RC controller,

I am facing the issue of signature mismatching.

i have followed below steps

Step -1 Key generation using openssl tool for ECC256 curve

openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem

openssl ec -in private-key.pem -pubout -out public-key.pem

read EC key

writing EC key

openssl ec -in private-key.pem -text -noout

read EC key

Private-Key: (256 bit)

priv:

  cd:3d:64:7d:dd:33:d1:d3:db:91:f5:99:be:0e:b8:

  6b:16:8e:b2:20:b7:1d:c8:16:db:81:d0:57:07:4e:

  04:58

pub:

  04:5a:bc:6d:ab:e3:38:64:25:86:79:2a:17:d8:8d:

  09:ce:43:36:f6:a1:ba:2d:db:25:d6:6d:42:f6:7e:

  a0:ea:3f:ba:85:fd:a4:10:08:15:ee:06:0e:d9:e4:

  e7:44:50:82:4a:87:ea:46:74:8d:3e:33:a3:55:53:

  6f:32:60:80:81

ASN1 OID: prime256v1

NIST CURVE: P-256

Step -2

Hash computation, sign and verify message file using openssl tool

Result is verify ok

Step -3

Importing private and public keys in STM32 project - Okay

Step -4 computation of hash and signing using library functions

cmox_hash_compute(CMOX_SHA256_ALGO,     

             Message, sizeof(Message),

             Computed_Hash,      

``            CMOX_SHA256_SIZE,     

             &computed_size);

cmox_ecdsa_sign(&Ecc_Ctx,                 

            CMOX_ECC_CURVE_SECP256R1,        

            Known_Random, sizeof(Known_Random),    

            Private_Key, sizeof(Private_Key),     

            Computed_Hash, CMOX_SHA256_SIZE,      

            Computed_Signature, &computed_size);

The generated signature is differ from the signature generated using openssl.

how i can see content of generated signature in openssl

I am using the command of openssl "asn1parse -inform=der -in signature.txt" to see signatures in hex.

I am unable to understand why both data are not matching.

Labels:
0 Kudos
3 REPLIES 3
Jocelyn RICARD
ST Employee

‎2022-04-20 12:03 PM

Hello @PGhat.2​ ,

As you can see, ECDSA signature take a random number as input.

I guess openSSL is not providing a way to provide this random number and uses PC random.

So, the only way to check everything is ok is to check if signature is OK using public key

Best regards

Jocelyn

0 Kudos
Tesla DeLorean
Guru
In response to Jocelyn RICARD

‎2022-04-20 12:22 PM

>>So, the only way to check everything is ok is to check if signature is OK using public key

Exactly, I don't think there's any guarantee that the signature will be the same for any instantiation, just that the out-n-back test where you check the integrity using the public key, and that authenticates the validity/viability on any system.

Also, I seem to recall a private key can have many viable public ones, for similar reasons.

The OP should get the OPENSSL to generate several signatures, and see if they are always the same, or not. If the random number generation is working, I'd expect each to be unique.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Jocelyn RICARD
ST Employee
In response to Tesla DeLorean

‎2022-04-21 09:35 AM

Hello @Community member​ ,

I'm far from being a crypto expert, but from my understanding:

1) ECC private key is a random value

2) ECC public key is the multiplication of this random value by the ECC curve generator

So, I guess we can have only one possible public key associated to a private key.

Best regards

Jocelyn

0 Kudos
Top