Comments (10)
I'm not sure exactly what you mean. If you mean that the hash you are signing is only 4 bytes, then you can just pad out the hash with zeros to make it 20 bytes long. You need to do this the same way on the verifying side.
Bear in mind that if your hash is only 4 bytes long, the probability of collisions is high, and it will be fairly easy for an attacker to create a fake message that produces the same hash (and therefore the signature for the fake message would be "verified").
from micro-ecc.
Also, the signature size should be 40 bytes when using secp160r1, so you might want to check your code.
from micro-ecc.
Thanks for your quick answer.
Ok for the signature size on 40bytes with secp160r1.
I use SCV Cryptomanager software to try the signature verification with your Micro-ECC code.
I sign data (20 bytes)
11 22 33 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I have this result on 40 bytes :
27 C8 7D 3E EB 9E E8 33 39 ED 51 B0 87 C2 DA F4 D9 A4 8A F1 84 CC DE 7D CB 19 32 0A 9F EF AB 09 53 C7 4F FB E4 98 B2 03
Public Key : 7C 64 75 F5 F8 0E 01 5C A9 42 5A 91 13 D6 AC 3D 36 9C 8B A8 77 BF C8 98 D1 91 16 33 B6 29 BB 14 C4 D5 61 71 CA 1D DC A5
I use uECC_verify on Cortex M3, and all is OK
For my application, I only have 4 bytes of data (11 22 33 44) and the resulting signature (ECDSA) of 40 bytes and the public key of 40 bytes.
When I use uECC_verify with l_hash = 11 22 33 44 or 11 22 33 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 the result is wrong.
I cannot pad the data with 00, because I haven't the private key (the signing is calculated by a third party) and I just have to check the signature.
Best regards
from micro-ecc.
OK. I am assuming that SCV CryptoManager is hashing the data (probably using SHA256 or similar) and then using that (truncated to the appropriate size) for signing. You need to hash the message in exactly the same way when doing the verification, and pass the resulting hash to uECC_verify(). I don't know specifically how SCV CryptoManager works, so I can't tell you exactly how to do it.
from micro-ecc.
Hi Kenneth,
Forget about SCV CryptoManager ...
To summarize, I have to verify ECDSA signature of 4 data bytes, using secp128r1 (I know it's a bad use of ECDSA, but I'm not the issuer, and I can't change it). I have pubKey, data and signature (s,r), and curve parameters of secp128r1.
The pb is that your uECC_verify() needs a size of uECC_BYTES as input data "const uint8_t p_hash[uECC_BYTES]". I cannot pad data with 00 because data is signed with exactly 4 bytes long.
So the question is, there is a way to use you uECC_verify with data of 4 bytes long instead of uECC_BYTES long ?
Thank you in advance
Best Regards
from micro-ecc.
The data that you are verifying can be of arbitrary length.
When you sign some arbitrary-length data using ECDSA, you first hash the data using a cryptographic hash. Then you take the first n bytes of the hash, where n is the ECC key length. The ECDSA signing algorithm performs various elliptic curve operations on those n bytes (along with the private key), and produces the signature. In micro-ecc those elliptic curve operations are performed by uECC_sign() - you pass in the private key and the n bytes of the hash, and it produces the signature.
When you want to verify an ECDSA signature, you first hash your data using the exact same hashing algorithm that was used to sign it. Then you take the first n bytes of the hash, where n is the ECC key length. The ECDSA verification algorithm performs various elliptic curve operations on those n bytes along with the public key and signature, and determines whether or not the signature is valid. In micro-ecc those elliptic curve operations are performed by uECC_verify() - you pass in the public key, the n bytes of the hash, and the signature, and it returns true or false.
micro-ecc does not specify the hashing algorithm used (since there are many options). It requires you to do the hashing in your own code, and pass the resulting hash in to the uECC_sign() and uECC_verify() functions. You need to use the same hashing algorithm for both signing and verification. If you are trying to verify a signature from somebody else, you need to determine which hashing algorithm they are using and use that.
from micro-ecc.
Also, micro-ecc no longer supports secp128r1. The secp128r1 curve parameters make it difficult to implement in the same way that the other curves are implemented. Also, secp128r1 is no longer regarded as secure.
If you want to use secp128r1, you could try using the code in the "old" branch. There is documentation in the ecc.h file. You will still need to hash you data correctly in order to verify the signature.
from micro-ecc.
Sorry I made a mistake, I want to use secp160r1 ! I know secp128r1 is no longer secure.
Also, I agree with you about hashing data before passing to uECC_verify(). But the pb is that the third party I've the signature data (s and r) from, doesn't use hash alogrithm (bad thing I know), and directly use data (4 bytes long) as input value.
They have computed uECC_sign over secp160r1 curve with data (4bytes) as hash value !
And I have to verify this signature !
Is there a way to use your lib with arbitrary length data as input value (as replacement of fixed size hash value) ?
Best regards
from micro-ecc.
If the third-party signer is using the 4 byte value directly as a hash
value, you should be able to do the equivalent thing with micro-ecc. The
problem is that you need to know how they use the 4 bytes. In ECDSA, the
hash value is interpreted as a large integer which is used when
calculating/verifying the signature. Typically the hash value is
interpreted as a big-endian integer. If that is what your third party is
doing, it might make sense to prepend your 4 bytes of data with zeros (so
you would create a 20 byte array where the first 16 bytes are 0, and the
last 4 bytes are your data values) and pass that in as the hash value.
However I can't tell you if this will be correct or not; I can't really
help you further without knowing more about the third party that created
the signature.
On Thursday, February 19, 2015, hetneo [email protected] wrote:
Sorry I made a mistake, I want to use secp160r1 ! I know secp128r1 is no
longer secure.Also, I agree with you about hashing data before passing to uECC_verify().
But the pb is that the third party I've the signature data (s and r) from,
doesn't use hash alogrithm (bad thing I know), and directly use data (4
bytes long) as input value.
They have computed uECC_sign over secp160r1 curve with data (4bytes) as
hash value !
And I have to verify this signature !Is there a way to use your lib with arbitrary length data as input value
(as replacement of fixed size hash value) ?Best regards
—
Reply to this email directly or view it on GitHub
https://github.com/kmackay/micro-ecc/issues/19#issuecomment-75074321.
from micro-ecc.
Hi Kenneth,
All works well with your method !
Thank you for your help, it's perfect.
Bye
from micro-ecc.
Related Issues (20)
- Interoperability with python-ecdsa regarding the SECP160r1 curve HOT 2
- uECC_decompress() gives garbage when passed an already-decompressed key
- P-256 failing cases HOT 5
- asm_mult for uECC_PLATFORM == uECC_arm_thumb
- Arduino compatibility
- Does micro-ecc works with signature (secp256r1) where R or S is lower than 32 bytes? HOT 2
- Questions about ECDSA HOT 2
- Contact for responsible disclosure HOT 2
- Check for identity element is missing during verification
- Question about the public private key generation using secp160r1
- how to set the RNG function? HOT 2
- HASH out value differnet on same file? HOT 6
- Hard fault on cortex M0+
- With latest IAR ARM Embedded workbench version 9.32 not able to compile this code HOT 2
- Earlyclobber inline asm input registers
- easy-ecc compatability?
- secp160r1 incorrect signatures on ARM Cortex M0 HOT 2
- Expression cannot be used as a function
- Point addition of same point
- Different results on different platforms
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from micro-ecc.