Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There is no way to perform ECDSA with raw OpenSSL::BN pairs #427

Open
rickmark opened this issue Mar 30, 2021 · 2 comments
Open

There is no way to perform ECDSA with raw OpenSSL::BN pairs #427

rickmark opened this issue Mar 30, 2021 · 2 comments

Comments

@rickmark
Copy link
Contributor

Marshaling back and forth from ASN1 is difficult as the handling of BN integers requires it have a non leading 1 to prevent the number being read as negative.

We should add OpenSSL::PKey::EC#dsa_sign(hash: String, k: , r:) => [ r: OpenSSL:BN, s: OpenSSL:BN ] and OpenSSL::PKey::EC#dsa_verify(r: OpenSSL:BN, s: OpenSSL:BN) => bool to support these operations.

The native methods would be ECDSA_do_sign_ex and ECDSA_do_verify
@rickmark
Copy link
Contributor Author

Because this API should support deterministic K values, placing work on this as dependent on resolving #426 first

@rickmark
Copy link
Contributor Author

rickmark commented Apr 2, 2021

The simple implementation might be to parse the ASN1 and return the two BN values as a helper method as this is a stable OpenSSL API surface. Will implement as a pure Ruby convenance method now that a deterministic k implementation is complete.

Conversely a verify that takes r and s as OpenSSL::BN and then calls the ASN1 function by encoding a signature is the opposite of that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rickmark