1 Topic by cxdinter (edited by cxdinter 2016-11-11 03:10:53)

  • Registered: 2016-08-14
  • Posts: 47

Topic: [SOLVED] wc_ecc_verify_hash_ex() can't verify BrainpoolP256R1 sig

Hi,
   When I try to verify one signature which generated by ECC BrainpoolP256R1 curve, I meet trouble.
   Problem is : wc_ecc_verify_hash_ex() function always return fail. Because &v and r not matched.
   Any idea?

   Below code show details:

 /* does v == r */
   if (err == MP_OKAY) {
       if (mp_cmp(&v, r) == MP_EQ)/*here failed*/
           *stat = 1;

   I remember, V3.9.8 release note said wolfSSL already support BrainpoolP256R1 curve. Now, I am using V3.9.10 .
   on the other hand, I can't find the macro "HAVE_ECC_BRAINPOOL" definition in setting.h, I just add this definition in ecc.h, is it OK?

   Below is the private key, you can try to use it generate one signature and verify it. I think you will meet same problem with me.  (Note, private key is generated by openSSL, but signature is generated by wolfSSL function wc_SignatureGenerate())

    related private key

-----BEGIN EC PARAMETERS-----
BgkrJAMDAggBAQc=
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHgCAQEEIJyDj/+OyFULqczpz/ZNI3m5gxFl+Dw2o6/B0ljwYQC3oAsGCSskAwMC
CAEBB6FEA0IABCjxYfsLLiHZyIiwD3VaPg2qdpR5PLJJbVol6SBZnp++D60GBEOM
1pGaG/IcGY+rDSnNP9Y8RIimrIggqaMb9iU=
-----END EC PRIVATE KEY-----

Share

  • Registered: 2015-10-07
  • Posts: 415

Re: [SOLVED] wc_ecc_verify_hash_ex() can't verify BrainpoolP256R1 sig

Hi Cxdinter,

If you define HAVE_ECC_BRAINPOOL then it will enable the Brainpool curves, however you must create the ECC key using wc_ecc_make_key_ex to tell the ECC layer you want to use that curve type:

ecc_key key;
ret = wc_ecc_init(&key);
ret = wc_ecc_make_key_ex(rng, 32, &key, ECC_BRAINPOOLP256R1);

Then you can call wc_SignatureGenerate.

The best way to add defines if not using ./configure is to globally define WOLFSSL_USER_SETTINGS (like in your CFLAGS) and add a new user_settings.h file somewhere in your include path.

There is a good user_settings.h example here:
https://github.com/wolfSSL/wolfssl/blob … settings.h

Also, if you haven't seen it there is a great signature/verify example here:
https://github.com/wolfSSL/wolfssl-exam … /signature
Although its missing the custom ECC curve example above, so I'm going to add that soon.

Thanks,
David Garske, wolfSSL

Share

3 Reply by cxdinter (edited by cxdinter 2016-11-14 02:06:57)

  • Registered: 2016-08-14
  • Posts: 47

Re: [SOLVED] wc_ecc_verify_hash_ex() can't verify BrainpoolP256R1 sig

Hi dgarske,
    You means, currently it is impossible to import one ECC Brainpool curve key which generated by openSSL ?
    I am using below two APIs for import ecc keys. They can import SECP curve keys and verify signature successfully, but meet problem when the key curve is Brainpool.
   
    wolfSSL_KeyPemToDer()
    wc_EccPrivateKeyDecode()

    Finally, I found the reason, in wc_ecc_import_x963() function, always set the ECC curve id as the default "ECC_CURVE_DEF". Then in function wc_ecc_set_curve(), when variable curve_id equal as ECC_CURVE_DEF, it will check variable keysize with ecc_sets[].size. But, after enable macro "HAVE_ECC_BRAINPOOL", the logic become error.

   So, do you have any other suggestion? how to import a exist ECC private key?

Share

  • Registered: 2015-10-07
  • Posts: 415

Re: [SOLVED] wc_ecc_verify_hash_ex() can't verify BrainpoolP256R1 sig

Hi Cxdinter,

Good find. It looks like the wc_EccPrivateKeyDecode doesn't support importing a custom key and passing the OID to the "wc_ecc_import_private_key" function. I did the implementation for the custom curve ECC support, but missed this import path. I've pushed changes to support this to pull-request 631.
https://github.com/wolfSSL/wolfssl/pull/631

I tested it using the following:

ecc_key key;
byte der[4096];
byte buf[4096];
word32 idx = 0;
FILE* derFile;
size_t sz;

RNG rng;

wc_InitRng(&rng);
wc_ecc_init(&key);

if (wc_ecc_make_key_ex(&rng, 32, &key, ECC_BRAINPOOLP256R1) != 0) {
    printf("error making ecc key\n");
    return -1;
}

/* write private key */
if (wc_EccKeyToDer(&key, der, sizeof(der)) < 0) {
    printf("error in ecc to der\n");
    return -1;
}
printf("writing private key to ecc-key.der\n");
derFile = fopen("ecc-key.der", "w");
if (!derFile) {
    printf("error loading file\n");
    return -1;
}

sz = fwrite(der, 1, 4096, derFile);
fclose(derFile);
wc_ecc_free(&key);


/* open and read from der file */
printf("reading in private key\n");
derFile = fopen("ecc-key.der", "rb");
if (!derFile) {
    printf("error reading from file\n");
    return -1;
}

sz = fread(buf, 1, 4096, derFile);
fclose(derFile);

/* load private ecc key */
printf("storing private key in ecc struct\n");
wc_ecc_init(&key);
if (wc_EccPrivateKeyDecode(buf, &idx, &key, (word32)sz) != 0) {
    printf("error decoding private key\n");
    return -1;
}
wc_ecc_free(&key);

wc_FreeRng(&rng);

Please give it a try and let me know how it goes.

Thanks,
David Garske, wolfSSL

Share

  • Registered: 2016-08-14
  • Posts: 47

Re: [SOLVED] wc_ecc_verify_hash_ex() can't verify BrainpoolP256R1 sig

Hi  dgarske,
     After add your new patch. I can import ECC key successfully.
     Thanks a lot.

     By the way, I have a doubt :   In ecc_sets[] array, why not include 25519 curve? and wolfSSL have the special APIs for 25519 curve. Why separate it with other curves?
     Sorry, I am not familiar with 25519 curve, just ask the story.

Share

  • Registered: 2015-10-07
  • Posts: 415

Re: [SOLVED] wc_ecc_verify_hash_ex() can't verify BrainpoolP256R1 sig

Hi Cxdinter,

The underlying math used for our Ed/Curve implementation is not the same and is highly optimized for that curve. That is the reason Ed/Curve 25519 is not in the ecc_sets table. However I think it would be good to have it in there optionally for those who want to keep the code size down. I'm adding it to our feature list. Thanks for the idea and your reports. Let me know if there is anything else.

Thanks,
David Garske, wolfSSL

Share

  • Registered: 2016-08-14
  • Posts: 47

Re: [SOLVED] wc_ecc_verify_hash_ex() can't verify BrainpoolP256R1 sig

Hi dgarske,
    Nothing else.
    This topic can be closed. Thanks a lot.

Share