根据原始r和s创建DER格式的ECDSA签名 [英] Creating a DER formatted ECDSA signature from raw r and s

问题描述

我有一个原始的ECDSA签名:R和S值.我需要签名的DER编码版本.是否有使用c接口在openssl中执行此操作的简单方法?

I have a raw ECDSA signature: R and S values. I need a DER-encoded version of the signature. Is there a straightforward way to do this in openssl using the c interface?

我当前的尝试是使用i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp)填充ECDSA_SIG*.该调用返回非零值，但目标缓冲区似乎未更改.

My current attempt is to use i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp) to populate an ECDSA_SIG*. The call returns non-zero but the target buffer doesn't seem to be changed.

我正在用r和s值填充我的ECDSA_SIG.我没有看到任何错误.手册页上说，当我调用ECDSA_SIG_new

I'm intiailly filling my ECDSA_SIG wtih r and s values. I don't see any errors. The man page says r and s should be allocated when I call ECDSA_SIG_new

ECDSA_SIG* ec_sig = ECDSA_SIG_new();

if (NULL == BN_bin2bn(sig, 32, (ec_sig->r))) {
  dumpOpenSslErrors();
 }
DBG("post r  :%s\n", BN_bn2hex(ec_sig->r));

if (NULL == BN_bin2bn(sig + 32, 32, (ec_sig->s))) {
  dumpOpenSslErrors();
 }
DBG("post s  :%s\n", BN_bn2hex(ec_sig->s));

现在已设置

S和R:

S and R are now set:

post r :397116930C282D1FCB71166A2D06728120CF2EE5CF6CCD4E2D822E8E0AE24A30 post s :9E997D4718A7603942834FBDD22A4B856FC4083704EDE62033CF1A77CB9822A9

现在进行编码签名.

int sig_size = i2d_ECDSA_SIG(ec_sig, NULL);
if (sig_size > 255) {
  DBG("signature is too large wants %d\n", sig_size);
 }
DBG("post i2d:%s\n", BN_bn2hex(ec_sig->s));

s没变:

post i2d:9E997D4718A7603942834FBDD22A4B856FC4083704EDE62033CF1A77CB9822A9

这时我已经准备好了足够多的字节，并且将目标设置为全6，因此很容易看到发生了什么变化.

At this point I have more than enough bytes ready and I set the target to all 6s so it's easy to see what changes.

unsigned char* sig_bytes = new unsigned char[256];
memset(sig_bytes, 6, 256);

sig_size = i2d_ECDSA_SIG(ec_sig, (&sig_bytes));
DBG("New size %d\n", sig_size);
DBG("post i2d:%s\n", BN_bn2hex(ec_sig->s));

hexDump("Sig ", (const byte*)sig_bytes, sig_size);

新尺寸为71 New size 71和s iis stiill相同:

The new size is 71 New size 71 and s iis stiill the same:

  `post i2d:9E997D4718A7603942834FBDD22A4B856FC4083704EDE62033CF1A77CB9822A9`

十六进制转储全为6.

The hex dump is all 6s.

  --Sig --  
  0x06:   0x06:   0x06:   0x06:   0x06:   0x06:   0x06:   0x06: 
  0x06:   ...

即使调用未返回0，转储仍然是6s.我对DER编码此原始签名有什么遗漏?

The dump is still all 6s even though the call didn't return 0. What am I missing tying to DER encode this raw signature?

推荐答案

i2d_ECDSA_SIG修改其第二个参数，并增加签名的大小.来自ecdsa.h:

i2d_ECDSA_SIG modifies its second argument, increasing it by the size of the signature. From ecdsa.h:

/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
 *  (*pp += length of the DER encoded signature)).
 *  \param  sig  pointer to the ECDSA_SIG object
 *  \param  pp   pointer to a unsigned char pointer for the output or NULL
 *  \return the length of the DER encoded ECDSA_SIG object or 0
 */
int   i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);

因此，您在调用i2d_ECDSA_SIG时需要跟踪sig_bytes的原始值:

So you need to keep track of the original value of sig_bytes when you call i2d_ECDSA_SIG:

int sig_size = i2d_ECDSA_SIG(ec_sig, NULL);
unsigned char *sig_bytes = malloc(sig_size);
unsigned char *p;
memset(sig_bytes, 6, sig_size);

p = sig_bytes;
new_sig_size = i2d_ECDSA_SIG(_sig, &p);

// The value of p is now sig_bytes + sig_size, and the signature resides at sig_bytes

输出:

30 45 02 20 39 71 16 93 0C 28 2D 1F CB 71 16 6A
2D 06 72 81 20 CF 2E E5 CF 6C CD 4E 2D 82 2E 8E
0A E2 4A 30 02 21 00 9E 99 7D 47 18 A7 60 39 42
83 4F BD D2 2A 4B 85 6F C4 08 37 04 ED E6 20 33
CF 1A 77 CB 98 22 A9

这篇关于根据原始r和s创建DER格式的ECDSA签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！