PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

Any example of ECDSA sign/verify ? (and its generated size code)

Sep 26, 2017 15:45

Haven't found any examples of it in mbedtls_selftest and mbedtls_benchmarks examples.

I've tried RSA one's and the code generated overflows flash program memory of the micro (128kB).

So haven't tried ECDSA (and I have very little of cryptography methods in general), do you think ECDSA could be an alternative to RSA or it probably occupies same or more space?


Sep 27, 2017 08:11
Ron Eldor

Hi m,
You can see in the benchmark example how the ECDSA write signature and read signature are used. These functions wrap the mbedtls_ecdsa_sign and mbedtls_ecdsa_verify, encoding\decoding the signature to ASN1 notation.
Note that ECDSA uses smaller keys than the RSA, so it should have smaller RAM than RSA.
You can look at the KB article for more information how to fine tune the ECC usage.
Mbed TLS Team member

Sep 27, 2017 10:32

Hi Ron thanks for your reply! I miserably missed that example >_<''

I have tried with the following code (almost the same as the example) and all the returns are ok.

mbedtls_ecdsa_context ecdsa;
const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(MBEDTLS_ECP_DP_SECP256R1);
size_t sig_len;
unsigned char tmp[200];

memset(buf, 0x2A, sizeof(buf));
strcpy((char *)buf, "hello world"); //just fill with something other than 0x2A


int ret_genkey = mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL);
int ret_write_sign = mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, tmp, &sig_len, myrand, NULL);

printf("ret_genkey = %d\n", ret_genkey);
printf("ret_write_sign = %d\n", ret_write_sign);


int ret_verify = mbedtls_ecdsa_read_signature(&ecdsa, buf, curve_info->bit_size, tmp, sig_len);
printf("ret_verify = %d\n", ret_verify);

As you can see I'm using MBEDTLS_ECP_DP_SECP256R1 curve, however when I'm debugging it if I check the value of tmp signature buffer, in the position tmp[120] I find this:

position 120----↓

"<chars> \0\0\0ECDSA-secp192r1\0/\0\0\0\001\0\0 <chars>"

I guess it has to do with ASN1 notation, but does it mean that is using a ECDSA-secp192r1 curve instead of the one I've selected?


Sep 27, 2017 13:27
Ron Eldor

Hi m,
I have tried your example and didn't get your result.
Also, the you should check the value of sig_len, it should be smaller than 120.
Signature for SECp256R1 should be 64 bytes size, adding the ASN1 notation should add few more bytes.
I believe the value you are seeing at position 120 is residue from previous operation.
Mbed TLS Team member

Sep 27, 2017 13:57

Just checked again and I don't see that string and the function returns are ok. So it's all fine. Thanks.