Unable to verify ECDSA Signature, always returning EC signature verification failed

Privacy & Security General
GeethaDev OP
Created Aug ’20
Replies 8
Boosts 0
Views 2.3k
Participants 2
Quinn, Im trying to validate ECDSA signature but failing always - 
Algorithm which used for signing - ECDSA Signature with SHA 256

Process -
let hash = CryptoUtility.hashSHA256(for: signedData)
let statusSignatureVerify = SecKeyVerifySignature(publicKey, .ecdsaSignatureDigestX962SHA256, hash as! CFData, signature as CFData, &error)

Error - 
"Optional(Swift.Unmanaged<_C.CFErrorRef>(value: Error Domain=NSOSStatusErrorDomain Code=-67808 \"EC signature verification failed (ccerr -1)\" UserInfo={NSDescription=EC signature verification failed (ccerr -1)}))"

Could you help me understand why I'm facing this issue
Replies  8
Boosts  0
Views  2.3k
Participants  2
DTS Engineer OP
Apple
Aug ’20
Can you post a specific example that includes:

  • The data you’re trying to verify (signedData)

  • The signature you’re trying to verify (signature)

  • The raw bits of the public key (run publicKey through SecKeyCopyExternalRepresentation)

As this is binary data, you’ll need to post a hex dump. I recommend writing the data to a file and then dumping that using xxd.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
GeethaDev OP
Aug ’20
Sure, I will share the details with you.
0
GeethaDev OP
Aug ’20
Quinn, I dropped an email with the details. Let me know if any thing else required.
0
DTS Engineer OP
Apple
Aug ’20

I dropped an email with the details.

Thanks.

Looking at your signature it’s clear that this is not an X9.62 signature. Consider this code:

Code Block  
let privateKey = SecKeyCreateRandomKey([
		kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
		kSecAttrKeySizeInBits: 256
] as NSDictionary, nil)!
let dataToSign = Data("Hello Cruel World!".utf8)
let signature = SecKeyCreateSignature(privateKey, .ecdsaSignatureMessageX962SHA256, dataToSign as NSData, nil)! as Data
try! signature.write(to: URL(fileURLWithPath: "signature.asn1"))


If a dump the resulting signature.asn1 file, I get this:

Code Block  
% xxd signature.asn1	
00000000: 3046 0221 00b3 2efb 7005 9b07 1021 ce01	0F.!....p....!..
00000010: 83db 3241 1f43 a694 2517 9e02 63c0 c008	..2A.C..%...c...
00000020: f596 dd1d 9c02 2100 e000 4bd7 f02e a96d	......!...K....m
00000030: d855 1229 4fca 8d1c 8c76 1701 f980 afd5	.U.)O....v......
00000040: 58bc dbba 1675 bd63											X....u.c
% dumpasn1 signature.asn1 
	0	70: SEQUENCE {
	2	33:	 INTEGER
			 :		 00 B3 2E FB 70 05 9B 07 10 21 CE 01 83 DB 32 41
			 :		 1F 43 A6 94 25 17 9E 02 63 C0 C0 08 F5 96 DD 1D
			 :		 9C
 37	33:	 INTEGER
			 :		 00 E0 00 4B D7 F0 2E A9 6D D8 55 12 29 4F CA 8D
			 :		 1C 8C 76 17 01 F9 80 AF D5 58 BC DB BA 16 75 BD
			 :		 63
			 :	 }
0 warnings, 0 errors.


This is what I’d expect. An X9.62 signature consists of R and S INTEGER values inside a SEQUENCE container.

In contrast, if I dump the signature you sent me, I see this:

Code Block  
% xxd signature.dat 
00000000: 3a03 4873 1db0 36e1 2578 9be0 6b39 8db3	:.Hs..6.%x..k9..
00000010: dbd4 1bc2 3603 af62 22b2 6c20 0dd6 9d77	....6..b".l ...w
00000020: 5a96 1028 b6d7 cc64 99ba 1758 268b e5e7	Z..(...d...X&...
00000030: 24f0 fc76 2d0c 7705 7b54 98b0 fb0c 2d6f	$..v-.w.{T....-o


I’m not sure what format this is, but it’s definitely not X9.62.

I recommend that you ask the folks who generated the signature for clarification as to its format. I suspect it’s in RFC 4754 format (.ecdsaSignatureRFC4754) but only the folks who generated it can tell you for sure.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
GeethaDev OP
Aug ’20
Quinn, I have encoded my original signature to ASN1 using ECPublicKey class. Dropped an email with the signature.

Now I have verified using the below method but still some thing wrong, could you let me know why I am unable to validate. Also how I can provide padding as None. Below is the code snippet using for verification.
 
        let asn1Signature = EcdsaAsn1Signature.encode(signature)
        self.saveSignature(data: asn1Signature)
        let sha = messageData.sha256()
        var shaBytes = [UInt8]
        sha.copyBytes(to: &shaBytes, count: sha.count)
        var signatureBytes = [UInt8]

        asn1Signature.copyBytes(to: &signatureBytes, count: asn1Signature.count)

        let status = SecKeyRawVerify(key, .PKCS1SHA256, &shaBytes, shaBytes.count, &signatureBytes, signatureBytes.count)
        guard status == errSecSuccess else {
            throw Error.osstatus(status)
        }
   
0
DTS Engineer OP
Apple
Aug ’20
SecKeyRawVerify is pretty much never the right answer.

As as I mentioned in my earlier reply, it looks like your signature is in RFC 4754 format (.ecdsaSignatureRFC4754). Did you try that?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
GeethaDev OP
Aug ’20
I tried with .ecdsaSignatureRFC4754, it returned me false.
0
DTS Engineer OP
Apple
Aug ’20

I tried with .ecdsaSignatureRFC4754, it returned me false.

That’s the end of my list of ‘obvious’ suggestions. My recommendation is that you talk to the folks who created the signature to find out what format they’re using.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
Unable to verify ECDSA Signature, always returning EC signature verification failed
First post date Last post date
 
 
Q