search

kmackay / micro-ecc

ECDH and ECDSA for 8-bit, 32-bit, and 64-bit processors.
BSD 2-Clause "Simplified" License
1.26k stars 460 forks source link

Problem validating C509 test vectors -- ECC signature does not validate #192

Closed derekatkins closed 2 years ago

derekatkins commented 2 years ago

Hi, I am trying to implement CBOR.509 Certificates and I am trying to validate the test certificate in Appendix A.1.2 using the keys in A.1.3. The public key is compressed, but I've already verified that the decompression matches what uECC creates using uECC_compute_public_key(). However, I still can't get the validation to work properly. When I compute the SHA256 of the message in the test-vector I get: b5bca215e1d1478d2fe7728a54089f2032a4a1a245fafb5bd21d9eeb9d076aed However the verification still does not succeed:

  uint8_t msg[] = {  0x00,
  0x43, 0x01, 0xF5, 0x0D,
  0x6B, 0x52, 0x46, 0x43, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41,
  0x1A, 0x5E, 0x0B, 0xE1, 0x00,
  0x1A, 0x60, 0x18, 0x96, 0x00,
  0x46, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB,
  0x01,
  0x58, 0x21, 0x02, 0xB1, 0x21, 0x6A, 0xB9, 0x6E, 0x5B, 0x3B, 0x33, 0x40,
  0xF5, 0xBD, 0xF0, 0x2E, 0x69, 0x3F, 0x16, 0x21, 0x3A, 0x04, 0x52,
  0x5E, 0xD4, 0x44, 0x50, 0xB1, 0x01, 0x9C, 0x2D, 0xFD, 0x38, 0x38, 0xAB,
  0x01,
  0x00 };
  uint8_t test_issuerPublicKey[] = {
  0x02, 0xAE, 0x4C, 0xDB, 0x01, 0xF6, 0x14, 0xDE, 0xFC, 0x71, 0x21, 0x28,
  0x5F, 0xDC, 0x7F, 0x5C, 0x6D, 0x1D, 0x42, 0xC9, 0x56, 0x47, 0xF0,
  0x61, 0xBA, 0x00, 0x80, 0xDF, 0x67, 0x88, 0x67, 0x84, 0x5E
  };
  uint8_t test_issuerSignature[] = {
    0xB2, 0x7A, 0x0B, 0x78, 0x14, 0x55, 0xF7, 0x1B, 0x68, 0x29, 0x0F,
    0x6C, 0x2E, 0xC9, 0xA8, 0x97, 0xF1, 0x8F, 0xDE, 0x9B, 0x6C, 0x59,
    0x57, 0x59, 0x53, 0xBC, 0x67, 0x26, 0x8A, 0xB0, 0xE4, 0xDD, 0xE9,
    0x9D, 0x27, 0x3E, 0x04, 0xE4, 0x71, 0x53, 0x83, 0xAB, 0x22, 0x57,
    0xC6, 0xAA, 0xA3, 0x52, 0x84, 0xE5, 0xED, 0x18, 0xBD, 0xB9, 0x12,
    0x47, 0xE9, 0xF2, 0xC4, 0x33, 0x13, 0x64, 0x80, 0xB9 };
  uint8_t pubkey[64];
  uint8_t hash[32];
  SHA256Context hash_ctx;

  uECC_decompress(test_issuerPublicKey, pubkey, uECC_secp256r1());
  SHA256Reset(&hash_ctx);
  SHA256Input(&hash_ctx, msg, sizeof(msg));
  SHA256Result(&hash_ctx, hash);
  // this results in hash = { 0xb5, 0xbc, 0xa2, 0x15, 0xe1, 0xd1, 0x47, 0x8d, 0x2f, 0xe7, 0x72, 0x8a, 0x54, 0x08, 0x9f, 0x20, 0x32, 0xa4, 0xa1, 0xa2, 0x45, 0xfa, 0xfb, 0x5b, 0xd2, 0x1d, 0x9e, 0xeb, 0x9d, 0x07, 0x6a, 0xed };

  TEST_ASSERT_EQUAL(1, uECC_verify(pubkey, hash, sizeof(hash),
                      test_issuerSignature,
                      uECC_secp256r1()));

I'm at a loss for what's going on? I have reached out to the authors to validate the SHA256 to ensure I'm getting the right result.

derekatkins commented 2 years ago

For the record, the test vector was wrong. Once replaced with a valid test vector, the validation succeeded. So I am closing this.