Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HASH out value differnet on same file? #206

Open
InspireSemi opened this issue Mar 15, 2023 · 6 comments
Open

HASH out value differnet on same file? #206

InspireSemi opened this issue Mar 15, 2023 · 6 comments

Comments

@InspireSemi
Copy link

Using : const struct uECC_Curve_t *curve = uECC_secp256k1();

We are using it this way:
uECC_sign(APPPRIVKEY, sha256_output, sizeof(sha256_output), signature, curve);

This is generating a different signature each time we run the same file through this.
Is this expected?
I assumed that the signature would be the same for the same binary file?

@utzig
Copy link

utzig commented Mar 15, 2023

I assumed that the signature would be the same for the same binary file?

It's not unless RFC-6979 is implemented, which is not for uECC_sign. The library has a function which does a simplified deterministic signature generation, use uECC_sign_deterministic.

@InspireSemi
Copy link
Author

InspireSemi commented Mar 15, 2023 via email

@uc-mani
Copy link

uc-mani commented Mar 16, 2023

I think as long as the signature created using uECC_sign() is verified by the uECC_verify() function, we are good.

@InspireSemi
Copy link
Author

InspireSemi commented Mar 16, 2023 via email

@uc-mani
Copy link

uc-mani commented Mar 17, 2023

We plan on using the first api on a PC to sign the binaries and the second api on the device to authenticate so we should be ok. Marc Karasek Principal Software Engineer M: 678.770.3788 @.***

Hey marc, my suggestion is after uECC_sign api. Use the verify uECC api on PC as just an additional step for your signature verification.
I am following the same approach for Firmware Update.

@InspireSemi
Copy link
Author

InspireSemi commented Mar 17, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants