ricmoo / gmellipticcurvecrypto Goto Github PK

`#ifdef LTC_ECC256
{
32,
"ECC-256",
"FFFFFFFF00000001 0000000000000000 00000000FFFFFFFF FFFFFFFFFFFFFFFF",//p

}`
definfe in libtomcrytp ;

`// secp256r1
static uint64_t Curve_p_256[4] = {0xFFFFFFFFFFFFFFFFull, 0x00000000FFFFFFFFull, 0x 0000000000000000 ull, 0x FFFFFFFF00000001 ull};

definfe in GMEllipticCurveCrypto.m

they desc?

Hi,

I`m trying to verify a signature generate in Java using:

- (BOOL)hashSHA256AndVerifyEncodedSignature: (NSData*)encodedSignature forData: (NSData*)data

But,

NSData *derDecodeSignature(NSData *der, int keySize)

always returns nil.

I'm using GMEllipticCurveSecp256r1 and my encoded signature size is 88 bytes.

Could you help me?

Add deterministic signing to the easy-dcc library.

Or, if upgrading to micro-dcc, wait until that migration?

Hi all ,

I am getting nil values when accessing publicKeyXBase64 and publicKeyYBase64 of the generateKeyPair. See below code example for reference.

only after I access publicKeyBase64 once I am able to then retrieve publicKeyXBase64 and publicKeyYBase64, Seems to be a bit weird is there a dependency between accessing publicKeyBase64 and generating publicKeyXBase64 and publicKeyYBase64 values ? . Please help and suggest.

        let testEC = GMEllipticCurveCrypto.generateKeyPair(for: GMEllipticCurveSecp256r1)
        testEC?.compressedPublicKey = false
        
        print(testEC?.publicKeyXBase64) // nil
        print(testEC?.publicKeyYBase64) // nil
        
        print(testEC?.privateKeyBase64) // Optional("A91MmkAlqO3CQYYUujwxpn0fSCH4vFX1bMcUgAQ7aB4=")
        let publicKeyBase64 = testEC?.publicKeyBase64 // only after accessing publicKeyBase64 once I get below x and y values
        
        print(testEC?.publicKeyXBase64) // Optional("GsKdKK0HUN8MhaNZtZwB3hdSOizpPlwkUF2h8uppiZQ=")
        print(testEC?.publicKeyYBase64) // Optional("RAq/+6/L7q/JqTO3QRO+Kft5xuku0dTKYE3gdDYvxOA=")

        

Thanks
Deepesh

A lot of things are exceptions that really do not need to be.

Replace them with interesting NSLog statements and return nil.

Add the GMEllipticCurveCrypto library to CocoaPods.

Make sure the required frameworks are included.

Is there a way to get the public key in JWE format something like:

{
"x":"nOb2yqCIrGDb4P2OosrYG8zn1xlCQIIBwOqHBN87KCk",
"crv":"P-256",
"y":"hil489nCqENDRW2w36MJj2EAtbHfDI-gzBfI5aqKgBo",
"kty":"EC"
}

Thanks.

Hi,

I want to use the generated public and private key in Bouncy Castle java.
When i get crypto.publicKeyBase64 the returned data is too small to generate publickey in bouncy castle.

When I generate EC keypair in bc and then use it as publicKey.getEncoded() it returns 75bytes.
I use also secp192r1 curve in bc.

In your library it gives me 24bytes which is 192bits. However it is not encoded the way bouncy castle encodes it.

My question is how can i syncronize those two systems?

Add methods for accepting DER encoded signatures during the verification process.

verifyEncodedSignature:forHash:
hashSHA256AndVerifyEncodedSignature:forData:
hashSHA384AndVerifyEncodedSignature:forData:

I'm using ecdsa secp256r1. The signature and key pairs are generated using Java. I try to verify the signature. However, it looks like verifySignature function only accept signature with length equals to 64 bytes (it throws exception "Signature must be twice the length of its curve"). But there are some overhead like ASN.1 encoding in my signature and this makes the signature length to be 71 bytes. So how to verify this signature?

Hi, I'm looking for CSR with ecdsawithsha256 and I followed this library this is only for signature from EC so could you help me that how can I generate CSR (PEM format) certificate via using this library?

i`m neet to crypto message using this lib，but not find secp521 curve type for init ,could you add secp521 support to this lib，think you very much .

Here are my private keys and public keys

prv1: D7530AB9D444ABB5B16AA45EE8169009E69E03E205F53BF8C05CBE74D67D35A0
pub1: 0413AC625843EA89D3D8B80A1885CE0667061150987788BAA589CB33186440C83A1E80EE7B11B48B3F3DE0EFC1320ABB966EECC2CB597CF61F7E8A33D390E4252F

prv2: 293F03DE5E01277563DC1F91896097CB3E13DA250788BC48B69D77CFE2862E0C
pub2: 0431ED7C796FA3CAF480557A274A621DC183D2BE508551EE018BA307DF82D678FCAAD36E11999DC85499270DC48DEA698BC322715A6FDDF79B79C74B9F171D94C6

Here is my code snippet

BTCKey* ecKey1 = [[BTCKey alloc] initWithPrivateKey:[Utility hexStringToBytes: @"d7530ab9d444abb5b16aa45ee8169009e69e03e205f53bf8c05cbe74d67d35a0"]];
BTCKey* ecKey2 = [[BTCKey alloc] initWithPrivateKey:[Utility hexStringToBytes: @"293f03de5e01277563dc1f91896097cb3e13da250788bc48b69d77cfe2862e0c"]];

GMEllipticCurveCrypto* ecc1 = [GMEllipticCurveCrypto cryptoForKey:ecKey1.privateKey];
NSData* shareScrect1 = [ecc1 sharedSecretForPublicKey:ecKey2.compressedPublicKey];
// shareScrect1 ==> 7E0D7CE5EC530853F65C23A2A92832A489D5D9771E4B87C1F5E64614201F8170

GMEllipticCurveCrypto* ecc2 = [GMEllipticCurveCrypto cryptoForKey:ecKey2.privateKey];
NSData* shareScrect2 = [ecc2 sharedSecretForPublicKey:ecKey1.compressedPublicKey];
// shareScrect2 ==> 861B25E187E384564DE5D2BD8D1609F0F05DA5E94D4E98FD56831356BF7BA3E8

What happened? Did I do anything wrong?
A compressed public key seems like the only choice for 'sharedSecretForPublicKey:'. Is this the reason?

Thanks.

Hi,

Im trying to get up and running in a swift project. Im trying to generate a new keypair, but it doesnt seem to be generating anything.

Any help would be much appreciated :)

if let gmec = GMEllipticCurveCrypto(curve: GMEllipticCurveSecp128r1) {
    print("PRIVATE\n")
    print(gmec.privateKeyBase64)  // empty string
    print("\n\nPUBLIC\n")
    print(gmec.publicKeyBase64) // empty string
    let publicKey = gmec.publicKey // nil
    let privateKey = gmec.privateKey // nil
}

Hi,
Great library and I have been able to seamlessly generate the Keys.
How would I now be able to generate a Derived Key as mentioned here:
https://tools.ietf.org/html/rfc7518#section-4.6

Thanks

Pull the secp160r1 curve from https://github.com/kmackay/micro-ecc (will require some re-working of the vli_* functions, but should be fairly straight forward).

Add support for the secp256k1 curve, popular for Bitcoin.

Adding this will likely need to deprecate the automatic curveForKey: selectors, as there will then be multiple (ambiguous) options for a given key.

This might be a good time to switch to the micro-ecc library, which is newer and still maintained (by the same author as easy-ecc, kmackay).

A lot of people use Java on their server side, which stores keys DER encoded.

It should be fairly simple to add ASN.1 identifiers and bit strings to the DER decoder. I do need to research what various identifiers Java will use to specify the payload though.

This is my EC publicKey:
cardOrganization.publicKey = [[NSData alloc]initWithBase64EncodedString:@"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYktbLuAv0v52erE5LPscomKaOmQsvevxzOyn9k4sF1hqpBc5kUygzxA9Jl0R/2dTuk8ka7UCujk36xeUsLVpWA==" options:0 ]
(bytes length:91)
NSData *sharedSecretKey = [privateCrypto sharedSecretForPublicKey:cardOrganization.publicKey];

• (NSData*)sharedSecretForPublicKey: (NSData*)otherPublicKey {
  if ([otherPublicKey length] != _bytes + 1) {
  [NSException raise:@"Invalid Key" format:@"Public key %@ is invalid", otherPublicKey];<< run this crash
  }
  }
  help!![

Hi Team,

I am getting this error while "signing" the "signature data" with "private key". This is the error "These are not the droids you are looking for."

let curve = GMEllipticCurveCrypto.curve(forKeyBase64: ) is not supporting some private key values. The output curve tell us rawValue 0 and when this line executes GMEllipticCurveCrypto.crypto(for: curve) app crashes and gives reason "These are not the droids you are looking for."

Hi,
Is there a way to get coordinates (X and Y) of publickey like android ECPublic->ECPoint ?

If not could you add that support?

I am trying to integrate GMEllipticCurveCrypto using Swift packages and i am not able to find this package file as i can see SPM is not supported with GMEllipticCurveCrypto. Is there a plan to support this ?

I am having difficulty verifying an secp256r1 ECDSA signature that I receive from my backend. The signature is sent as a concatenated string of r and s bytes. If the r bytes are less than 64 chars, a 00 is prefixed to the r string. Similarly, if the s bytes are less than 64 chars, a 00 is prefixed to the s string.

For the case below, I have received a signature where the r bytes are less than 64 chars and a 00 is prefixed. The signature doesn't verify. Can you tell me what could be causing this and how I might be able to fix it? I am unsure how to zero pad the signature so that the verification can be a success.

`
-(void) checkSignature {

NSString *dataString = @"Abhijit2019-11-21 13:22:00a5d6cc900730d1c0aa4b750d89304e34f6caf12b659cf85dcb85a8e8f628e413f83ecf7d85b61a3fedf0a222754391f0741a9993f627127db4b5c5268853789125ce42ab9e5c0611679b238cd717abf2a7d2032fb363d16b66d54a809b248958";

NSString *publicKey = @"f83ecf7d85b61a3fedf0a222754391f0741a9993f627127db4b5c5268853789125ce42ab9e5c0611679b238cd717abf2a7d2032fb363d16b66d54a809b248958";

NSString *signature = @"002a140679dc25646dad50a28468631fcb33a0a3640a88d633a12238ddc4224f3b409883d2dd6a089412afd6f6a1452bcf137ec2e19bd5ae40324225fa7ed689";

BOOL isSignValid = [Crypto verifySignature:publicKey signature:signature forData:dataString];

if (isSignValid == YES) {
    NSLog(@"Signature valid");
}
else{
    NSLog(@"Signature is invalid!");
}

}
`

//Verify signature function, i'm prepending 04 to the key received from server.

`+(BOOL)verifySignature: (NSString *)publicKey signature: (NSString *) signature forData: (NSString *) data{

//adding 04
NSMutableData *keyDataWith04 = [[NSMutableData alloc] init];

//adding eot (end of transmission)
unsigned char *bytes[1] = {0x04};

NSLog(@"Appending key with 04");

NSData *data04 = [NSData dataWithBytes:bytes length: 1];

[keyDataWith04 appendData: data04];
//adding data
[keyDataWith04 appendData:[Crypto dataFromHexString: publicKey]];

NSLog(@"Checking Signature...");

GMEllipticCurveCrypto *verify = [GMEllipticCurveCrypto cryptoForCurve:GMEllipticCurveSecp256r1];

[verify setPublicKey: keyDataWith04];

BOOL valid = [verify hashSHA256AndVerifySignature:[Crypto dataFromHexString: signature] forData: [data dataUsingEncoding:NSUTF8StringEncoding]];

NSLog(@"Valid Signature: %@", (valid ? @"YES": @"NO"));

return valid;

}
`

Is the signature in ASN.1 DER Ecdsa-Sig-Value format?

Could you write a helper that would take a NSDictionary JWK and convert it to something this library can use?

I was wondering, is the implementation constant-time? or, is it leaking private key bits?

I am trying to create a shared secret using a private EC and public JWK EC key using GMEllipticCurveCrypto library for iOS. Currently the library supports creating shared secret using below methods and i have tried both and just crashes with same error which is invalid key. Can anyone please help me how to create a shared key using a private EC and public JWK EC key with or without use of GMEllipticCurveCrypto ?. I have seen several blogs no one has posted valid code yet below is what I am trying to do.

let ecPublicKeyJson =
            """
                    {
                        "kty":"EC",
                        "crv":"P-256",
                        "x":"2_v-MuNZccqwM7PXlakW9oHLP5XyrjMG1W9oHLP5Xy",
                        "y":"rm1ktLmFIsP2R0YyJGXtsCbaTUesUXtsCbaTUesUdf"
                    }
                    """
 let ecPublicKeyJsonData = ecPublicKeyJson.data(using: .utf8)
 let ecPublicKeyJsonBase64 = ecPublicKeyJsonData?.base64EncodedString()
 let keyPair = GMEllipticCurveCrypto.generateKeyPair(for: GMEllipticCurveSecp256r1)

 let sharedZ = keyPair.getSharedSecret(publicKeyBase64: ecPublicKeyJsonBase64!)

Error or Crash : Terminating app due to uncaught exception 'Invalid Key'

Hi

I generated a key pair of secp256r1.

and I found the length of the compressedPublicKey is 65 bytes.

this makes me confused. I think it should be 64 bytes before.