ECPrivateKey compability with OpenSSL/LibreSSL

[Ephenodrom]

Hello,

I am facing a problem where the generated ec private keys are not accepted by LibreSSL 2.8.3

I created the private key using this library and created a PEM file out of it following the RFC 5915. After that I used the private key in the open ssl / libre ssl command to generate a CSR.

openssl req -new -key dart.key -sha256 -nodes -out dart.csr -subj "/C=DE/CN=foobar.com"

After that I try to verify the signature of the CSR.

openssl req -text -noout -verify -in dart.csr
verify failure
4413183488:error:0DFFF006:asn1 encoding routines:CRYPTO_internal:EVP lib:asn1/asn1_item.c:402:
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=DE, CN=foobar.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
                    40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
                    98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
                    7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
                    68:37:bf:51:f5
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        Attributes:
            a0:00
    Signature Algorithm: ecdsa-with-SHA256
         30:44:02:20:16:fa:32:20:6e:3e:1c:5c:07:de:65:fa:c2:63:
         38:d0:5c:a3:eb:c1:bf:a9:ae:d5:bf:b0:b7:f3:7b:11:39:87:
         02:20:1e:08:16:62:ad:a5:86:21:af:68:fb:7d:07:88:22:21:
         4e:97:03:cd:8b:58:74:3f:53:18:86:34:a8:29:31:41

I am currently stuck at finding out whats wrong. Is the key generation buggy or the convertion to PEM.

The ASN1 strukture looks good and is the same as if the key was generated using openssl/libressl.

[Ephenodrom]

The ECPoint Q was calculated in the wrong way while converting the ECPrivateKey to PEM. OpenSSL just took over the ECPoint instead of calculating it while generating the CSR. After fixing the converting to PEM, everything looks fine.

[mwcw]

Phew! I am glad it is sorted out.

I generated a set of ACVP test vectors for ECDSA signing, just for the NIST P curves for both verification and signing. Within the scope covered by those vectors the implementation passed.

I'll push them up next week I want to add a few more vector sets.

MW

[Ephenodrom]

@mwcw I also tried out a complete workflow of creating a ec private key dart, creating a csr in openssl, ordering some SMIME from DigiCert and packaging everything into a PKCS12 with OpenSSL und them using it within Thunderbird.

Everything worked as intended.