Client implementations SHOULD implement our deterministic length signature algorithm and why it works.
TLDR:
ECDSA signatures can be one of three lengths. The thing that changes the length is whether the Y value is negative, positive, or zero. It is relatively unlikely that the value will be zero. Because all curves are symmetric on the Y axis, the signature is still valid if we negate the Y value.
We have defined the expected length for each signature algorithm (P256: 71, P384: 103) as the length with one of the non-zero Y values (tbh I forget which).
We do not alter the signature algorithm at all. Instead, we calculate a signature using the pre-hashed value representing the message. If the length is not what we want, we unpack the signature, negate the Y value, and re-pack the signature. If the length is still not what we want, we just calculate a new signature and try again.
In practice, this usually only requires us to calculate the signature once.
Client implementations SHOULD implement our deterministic length signature algorithm and why it works.
TLDR:
ECDSA signatures can be one of three lengths. The thing that changes the length is whether the Y value is negative, positive, or zero. It is relatively unlikely that the value will be zero. Because all curves are symmetric on the Y axis, the signature is still valid if we negate the Y value.
We have defined the expected length for each signature algorithm (P256: 71, P384: 103) as the length with one of the non-zero Y values (tbh I forget which).
We do not alter the signature algorithm at all. Instead, we calculate a signature using the pre-hashed value representing the message. If the length is not what we want, we unpack the signature, negate the Y value, and re-pack the signature. If the length is still not what we want, we just calculate a new signature and try again.
In practice, this usually only requires us to calculate the signature once.
ex:
https://github.com/aws/aws-encryption-sdk-python/blob/c9619992085d3fcaddf3addb369957b74621d705/src/aws_encryption_sdk/internal/crypto/elliptic_curve.py#L55-L82