search

dmazzella / ucryptography

Lightweight porting of pyca/cryptography to Micropython based on ARM Mbed TLS
MIT License
7 stars 0 forks source link

ECDSA Signature Verification Fails #6

Closed orbison closed 2 weeks ago

orbison commented 2 weeks ago

Hi there,

ucryptography is an incredibly useful piece of software—thank you for that! When porting my Python code, I found that signature verification using elliptic curves fails with MicroPython + ucryptography, while the same code works with Python + cryptography. So far, I've been testing only the Unix port with the latest versions of both MicroPython and ucryptography.

Looking further into it, I noticed that the serialization unit test fails as well:

$ ./micropython/ports/unix/build-standard/micropython \
    micropython/usercmodule/ucryptography/tests/cryptography/serialization.py
public_key.curve secp256r1
[...]
public_key.public_numbers.x 29583689448130623549461599781746453699482826879078938126643502770938790226114
public_key.public_numbers.y 82136719613346909890578322550509883175409280878753479486152615526666878310478
len 71 signature b'0E\x02!\x00\xbd\xaf\xbc\x86\xff\x07\t\xa6[\xfd\xd1\x91m\xc6\xd7N\x81[\xb8\xe5\xf6\xdc*1\x8c\xc0\xf5\x0b~g\xd7\xd8\x02 \x1a\xf0\x1b~\x0131\x8b*\x81\x8b`\xa9\x8f\xb7\xafSpr\x0eP\xbbg\t\x99\x12*\x0b\x1b0\xde[' msg_hash b'\xa6\xd9\xd0\n\xff\xd9\xda6\x9b\xe0x\x96\xc5\x80\xfek\xfe\xe5V\xa5\x96\x14d\xeeo\xbd\xb7\xa5\x02|\xf5\x97'
Traceback (most recent call last):
  File "micropython/usercmodule/ucryptography/tests/cryptography/serialization.py", line 271, in <module>
  File "micropython/usercmodule/ucryptography/tests/cryptography/serialization.py", line 266, in main
  File "micropython/usercmodule/ucryptography/tests/cryptography/serialization.py", line 177, in ec_serialization
InvalidSignature: -19968
$ ./micropython/ports/unix/build-coverage/micropython \
    micropython/usercmodule/ucryptography/tests/cryptography/serialization.py
public_key.curve secp256r1
[...]
public_key.public_numbers.x 29583689448130623549461599781746453699482826879078938126643502770938790226114
public_key.public_numbers.y 82136719613346909890578322550509883175409280878753479486152615526666878310478
len 70 signature b'0D\x02 \x12\xfdVEK\xeb\xc5>\xdf\xc3\x1d\xb3\xa3<\x02R\xa3.]\xd4J\xabQa\xccO\x1ch@Sb\x8d\x02 \x10P\xed\xf7]9\x84\xdaQ\x1d\x16\x0c\xeb|\xebg\xc3\x89\xbe~\x89\xb3\xf6y~e*q\x93\xa7I7' msg_hash b'\xa6\xd9\xd0\n\xff\xd9\xda6\x9b\xe0x\x96\xc5\x80\xfek\xfe\xe5V\xa5\x96\x14d\xeeo\xbd\xb7\xa5\x02|\xf5\x97'
Traceback (most recent call last):
  File "micropython/usercmodule/ucryptography/tests/cryptography/serialization.py", line 271, in <module>
  File "micropython/usercmodule/ucryptography/tests/cryptography/serialization.py", line 266, in main
  File "micropython/usercmodule/ucryptography/tests/cryptography/serialization.py", line 177, in ec_serialization
InvalidSignature: -19968

The -19968 error corresponds to MBEDTLS_ERR_ECP_VERIFY_FAILED:

micropython/lib/mbedtls/include/mbedtls/ecp.h:#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00

Could you please look into this?

Many thanks, Rostislav

dmazzella commented 2 weeks ago

thanks for reporting the problem, fixed in the last commit 1c0e4290e3279ba4308759c6722b8d5e8d6a5d0b

please try and let me know if everything is ok

orbison commented 2 weeks ago

Excellent! It works now; thank you!