subject:"How to extract ECC signature bytes from EVP

Re: How to extract ECC signature bytes from EVP_DigestSignFinal's signature

2014-03-19 Thread axisofevil

I dug into source - it's in DER format so a sleezy hacked function is this: (
I use curve NID_X9_62_prime256v1 )
ECDSA_SIG * sig
BIGNUM * r;
BIGNUM * s;

/* A correct DER-encoded signature has the following form:

0x30: a header byte indicating a compound structure.
A 1-byte length descriptor for all what follows.
0x02: a header byte indicating an integer.
A 1-byte length descriptor for the R value
The R coordinate, as a big-endian integer.
0x02: a header byte indicating an integer.
A 1-byte length descriptor for the S value.
The S coordinate, as a big-endian integer.
*/

r = BN_bin2bn( src+ 4, 32, NULL ); // create new bn here
s = BN_bin2bn( src+ 4 +32 + 2, 32, NULL );

if(!BN_copy(sig-r, r)) goto err;
if(!BN_copy(sig-s, s)) goto err;





--
View this message in context: 
http://openssl.6102.n7.nabble.com/How-to-extract-ECC-signature-bytes-from-EVP-DigestSignFinal-s-signature-tp48878p4.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: How to extract ECC signature bytes from EVP_DigestSignFinal's signature

2014-03-19 Thread Dr. Stephen Henson

On Tue, Mar 18, 2014, axisofevil wrote:

 I dug into source - it's in DER format so a sleezy hacked function is this: (
 I use curve NID_X9_62_prime256v1 )
 ECDSA_SIG * sig
 BIGNUM * r;
   BIGNUM * s;
 
   /* A correct DER-encoded signature has the following form:
 
   0x30: a header byte indicating a compound structure.
   A 1-byte length descriptor for all what follows.
   0x02: a header byte indicating an integer.
   A 1-byte length descriptor for the R value
   The R coordinate, as a big-endian integer.
   0x02: a header byte indicating an integer.
   A 1-byte length descriptor for the S value.
   The S coordinate, as a big-endian integer.
   */
 
   r = BN_bin2bn( src+ 4, 32, NULL ); // create new bn here
   s = BN_bin2bn( src+ 4 +32 + 2, 32, NULL );
 
   if(!BN_copy(sig-r, r)) goto err;
   if(!BN_copy(sig-s, s)) goto err;
 
 

That wont always work because the number of octets in the ASN1 Integer isn't
always the same. The ASN1 function d2i_ECDSA_SIG will corerectly parse the
output.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: How to extract ECC signature bytes from EVP_DigestSignFinal's signature

2014-03-19 Thread Jeffrey Walton

On Tue, Mar 18, 2014 at 1:02 PM, axisofevil douglas.b...@ceiva.com wrote:
 I dug into source - it's in DER format so a sleezy hacked function is this: (
 I use curve NID_X9_62_prime256v1 )
 ECDSA_SIG * sig
 BIGNUM * r;
 BIGNUM * s;

 /* A correct DER-encoded signature has the following form:

 0x30: a header byte indicating a compound structure.
 A 1-byte length descriptor for all what follows.
 0x02: a header byte indicating an integer.
 A 1-byte length descriptor for the R value
 The R coordinate, as a big-endian integer.
 0x02: a header byte indicating an integer.
 A 1-byte length descriptor for the S value.
 The S coordinate, as a big-endian integer.
 */

 r = BN_bin2bn( src+ 4, 32, NULL ); // create new bn here
 s = BN_bin2bn( src+ 4 +32 + 2, 32, NULL );

 if(!BN_copy(sig-r, r)) goto err;
 if(!BN_copy(sig-s, s)) goto err;
Be aware you can have one of two formats depending on your platform
and they dont interop on their own.

First is the signature format of IEEE P1363, which is a simple
concatenation of {r,s}. If the has is 20 bytes, then the signature is
40 bytes. Its used by OpenPGP, Crypto++, etc.

Second is the DER encoding:

SEQUENCE ::= {
  r INTEGER,
  s INTEGER }

It is used by OpenSSL, Java, etc.

Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

How to extract ECC signature bytes from EVP_DigestSignFinal's signature

2014-03-17 Thread axisofevil

I had been using the lower level ECDSA_do_sign for EC signing but had to
migrate to EVP functions. 

If I get signature from EVP_DigestSignFinal(), what format is the signature,
and how can I extract the 'real' bytes? I'd expect 32 bytes each for r and
s.  I need the 'real bytes' for compatibility. 

Thanks, dB



--
View this message in context: 
http://openssl.6102.n7.nabble.com/How-to-extract-ECC-signature-bytes-from-EVP-DigestSignFinal-s-signature-tp48878.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: How to extract ECC signature bytes from EVP_DigestSignFinal's signature

Re: How to extract ECC signature bytes from EVP_DigestSignFinal's signature

Re: How to extract ECC signature bytes from EVP_DigestSignFinal's signature

How to extract ECC signature bytes from EVP_DigestSignFinal's signature

4 matches

Site Navigation

Mail list logo

Footer information