EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ECDSA custom curve

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#19152
Posted: 02/21/2012 10:20:01
by Spiros Poulis (Standard support level)
Joined: 02/21/2012
Posts: 11

Hi,

We are about to buy SecureBlackBox for the needs of a running project.
The most important feature we need, is the ability to create a custom ECDSA curve and then verify signatures we receive created with this custom curve. Does SecureBlackBox supports custom ECDSA curves or just standard specification curves?

Thank you in advance,
Spiros.
#19153
Posted: 02/21/2012 10:28:46
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. We support custom ECDSA curves and signatures.
However, to be sure, please specify in what standard/technology do you need these signatures, or just raw values?
#19154
Posted: 02/21/2012 10:53:03
by Spiros Poulis (Standard support level)
Joined: 02/21/2012
Posts: 11

Hi,
thank you for your reply. Our customer sends us his raw data in files (saved in a usb flash memory), signed by him with his ECDSA custom curve signature. We need to create the same curve using his EC domain parameters in order to verify his signature.

thanks again,
Spiros.
#19325
Posted: 03/07/2012 14:47:22
by Spiros Poulis (Standard support level)
Joined: 02/21/2012
Posts: 11

Hi, we are finishing our tests in order to proceed with the license purchase, but we are facing some problems with ECDSA custom curves.
We want to create a custom curve and verify a signature created with it. We do the following using SecureBlackBox, but the signature does not verify returning always "pkvrInvalidSignature":

Code

using SBPublicKeyCrypto;
using SBConstants;

string data_p = "......";
string data_a = "......";
string data_b = "......";
string data_x = "......";
string data_y = "......";
string data_r = "......";
string data_pub_x = ".......";
string data_pub_y = ".......";

BigInteger big_p = new BigInteger(data_p, 10);
byte[] p = big_p.getBytes();

BigInteger big_a = new BigInteger(data_a, 10);
byte[] a = big_a.getBytes();

BigInteger big_b = new BigInteger(data_b, 10);
byte[] b = big_b.getBytes();

BigInteger big_x = new BigInteger(data_x, 10);
byte[] x = big_x.getBytes();

BigInteger big_y = new BigInteger(data_y, 10);
byte[] y = big_y.getBytes();

BigInteger big_r = new BigInteger(data_r, 10);
byte[] r = big_r.getBytes();

BigInteger big_pub_x = new BigInteger(data_pub_x, 10);
byte[] pub_x = big_pub_x.getBytes();

BigInteger big_pub_y = new BigInteger(data_pub_y, 10);
byte[] pub_y = big_pub_y.getBytes();          


TElECKeyMaterial key_material = new TElECKeyMaterial();
key_material.P = p;
key_material.A = a;
key_material.B = b;
key_material.X = x;
key_material.Y = y;
key_material.N = r;
key_material.QX = pub_x;
key_material.QY = pub_y;
key_material.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA1;

.
.  // data and signature input from file here
.

TElECDSAPublicKeyCrypto o1 = new TElECDSAPublicKeyCrypto();
o1.KeyMaterial = key_material;
TSBPublicKeyVerificationResult les = o1.VerifyDetached(data_buff, 0, FSIZE, sig_buff, 0, 40);


Is there something missing in the above curve creation code? Is the data input to VerifyDetached just clear data, or their hash value?

Thank you in advance,
Spiros.
#19329
Posted: 03/07/2012 16:00:26
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. What is the underlying field of your curve?
Also, please show the code used for signature generation.
#19333
Posted: 03/08/2012 04:49:25
by Spiros Poulis (Standard support level)
Joined: 02/21/2012
Posts: 11

Hi,
the curve is defined over GF(p).
I tried to set TElECKeyMaterial.FieldType=SBConstants.SB_EC_FLD_TYPE_FP property, but even then verification fails, and I see in c# debuger FieldType=0x6001 (unknown field)..

I don't have the code used for signature generation. Signatures are generated by a customer with his curve, and then we have to create the same curve and verify his signature.

thanks,
spiros.
#19334
Posted: 03/08/2012 05:20:16
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Just noticed - your signature seems to be not ASN.1 encoded (it takes 40 bytes - 20 for R, and 20 for S). Please divide it to two halfs and use .EncodeSignature method of ECDSA crypto before .Verify call.

If this will not help either, please create a ticket in our helpdesk system and post your curve parameters, signature and public key there - we will check the issue on our side.
#19349
Posted: 03/08/2012 07:56:42
by Spiros Poulis (Standard support level)
Joined: 02/21/2012
Posts: 11

Thank you for your reply. I will try .EncodeSignature.
Just to confirm, is ElECKeyMaterial.N parameter the order of Base Point? (we find it as ( r ) in our bibliography).
#19353
Posted: 03/08/2012 08:19:08
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Yes, N is the base point's order. As far as I remember, such notation was taken from Certicom SEC1-SEC2 documents.
#19357
Posted: 03/08/2012 08:58:09
by Spiros Poulis (Standard support level)
Joined: 02/21/2012
Posts: 11

I divided the signature in two halfs (2x20bytes) and run .EncodeSignature with no success. The sig array returns empty and SigSize returns value '56'. I think it should be 40.
Moreover when debugging, I see that ElECKeyMaterial.FieldType returns 0x6001 (Unknown field)..

Can you please confirm if the above code seems to you to create correctly the curve according to your help file? Is it something missing?
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 2516 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!