An issue with the verification of ECDSA

Algorithm School

Moderator: UNKNwYSHSA

Posts: 1
Joined: Sat Sep 23, 2017 3:43 am
Points :14

An issue with the verification of ECDSA

Post by Norbert78 » Sat Sep 23, 2017 4:01 am

Hi forum,
since I started working with Java Cards, I got a lot of valuable information from the discussions in this forum here. After a few weeks of playing around with some code in a simulator and in one of my last steps before finishing up the project, I'm now stuck since a few days. In this situation, I hope for some suggestions on how to proceed with debugging some annoying error.

I'm trying to calculate a signature based on the NIST P-192 curve. This works pretty well but now I'm trying to validate the signature. And when I try to init the ecdsa object for the purpose of verification, I'm getting an error (ILLEGAL_VALUE). The interesting aspect is that initialization works fine for the purpose of creating a signature and that the error only occurs in MODE_VERIFY. My best guess is that is has something to do with the public key but I cannot find any reason....

I copied the relevant parts of my code below. I hope that this is enough code to get an actual overview.

Any suggestions/ideas would be highly appreciated.


- N

Code: Select all

private void ecc_verify(APDU apdu) {

      byte[] buffer = apdu.getBuffer();


      short lenOfMessage = (short)(LEN_OF_MESSAGE - SIGNATURE_LEN);
      ECPublicKey testkey = (ECPublicKey)eccKey.getPublic();
      try {
         //This is where the error is thrown. Error is 01, ILLEGAL_VALUE
         ecdsa.init(eccKey.getPublic(), Signature.MODE_VERIFY);

      catch (CryptoException e) {

         short reason = e.getReason();
         ISOException.throwIt((short) ((short) 0x6B00 | reason));

      //Verify the signature of input data against the passed in ECC signature.

      boolean ret = ecdsa.verify(buffer, (short)ISO7816.OFFSET_CDATA, lenOfMessage, buffer, (short)(ISO7816.OFFSET_CDATA + lenOfMessage), (short)SIGNATURE_LEN);
      buffer[(short)0] = ret ? (byte)1 : (byte)0;
      apdu.setOutgoingAndSend((short)0, (short)1);
   private void GenEccKeyPair() {

      byte[] tempBuffer = JCSystem.makeTransientByteArray((short)256, JCSystem.CLEAR_ON_DESELECT);

      if (eccKeyInitialized)

      //Create a ECC(ALG_ECDSA_SHA) object instance
      ecdsa = Signature.getInstance(Signature.ALG_ECDSA_SHA, false);

      //Constructs a KeyPair instance for the specified algorithm and keylength;
      eccKey = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_192);

      // prepare an ANSI X9.62 uncompressed EC point representation for G
      byte[] auxBuffer = JCSystem.makeTransientByteArray(((short)(EC192_FP_G_X.length + EC192_FP_G_Y.length + 1)), JCSystem.CLEAR_ON_DESELECT);

      short gSize = (short) 1;
      gSize += (short) EC192_FP_G_X.length;
      gSize += (short) EC192_FP_G_Y.length;
      auxBuffer[0] = 0x04;
      short off = 1;
      off = Util.arrayCopyNonAtomic(EC192_FP_G_X, (short) 0, auxBuffer, off, (short) EC192_FP_G_X.length);
      Util.arrayCopyNonAtomic(EC192_FP_G_Y, (short) 0, auxBuffer, off, (short) EC192_FP_G_Y.length);

      ((ECPrivateKey)eccKey.getPrivate()).setFieldFP(EC192_FP_P, (short)0, (short)EC192_FP_P.length);
      ((ECPrivateKey)eccKey.getPrivate()).setA(EC192_FP_A, (short)0, (short)EC192_FP_A.length);
      ((ECPrivateKey)eccKey.getPrivate()).setB(EC192_FP_B, (short)0, (short)EC192_FP_B.length);
      ((ECPrivateKey)eccKey.getPrivate()).setG(auxBuffer, (short)0, gSize);
      ((ECPrivateKey)eccKey.getPrivate()).setR(EC192_FP_R, (short)0, (short)EC192_FP_R.length);

      ((ECPublicKey)eccKey.getPublic()).setFieldFP(EC192_FP_P, (short)0, (short)EC192_FP_P.length);
      ((ECPublicKey)eccKey.getPublic()).setA(EC192_FP_A, (short)0, (short)EC192_FP_A.length);
      ((ECPublicKey)eccKey.getPublic()).setB(EC192_FP_B, (short)0, (short)EC192_FP_B.length);
      ((ECPublicKey)eccKey.getPublic()).setG(auxBuffer, (short)0, gSize);
      ((ECPublicKey)eccKey.getPublic()).setR(EC192_FP_R, (short)0, (short)EC192_FP_R.length);


      eccKeyInitialized = true;

      private byte[] ecc_sign(byte[] dtbs) {
      byte[] signature;
      signature = JCSystem.makeTransientByteArray((short)SIGNATURE_LEN, JCSystem.CLEAR_ON_DESELECT);

      ecdsa.init(eccKey.getPrivate(), Signature.MODE_SIGN);

      short lenTmp = ecdsa.sign(dtbs, (short)0, (short)dtbs.length, signature, (short)0);

      return signature;

User avatar
Posts: 237
Joined: Mon May 18, 2015 3:09 am
Points :1697

Re: An issue with the verification of ECDSA

Post by mabel » Wed Sep 27, 2017 12:16 am

If convenient, would you show us your whole project in order to let us confirm where is the problem?

User avatar
Posts: 55
Joined: Fri Jul 31, 2015 9:09 pm
Points :358

Re: An issue with the verification of ECDSA

Post by lostsiwonlw » Thu Sep 28, 2017 11:18 pm

Just cut your applet to a small applet which only includes ECC function. Of course, make sure that this small applet can run w/o any problem.
Searching for meaning...

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 1 guest

JavaCard OS : Disclaimer