[openssl-users] i2d and d2i fucntions
dthompson at prinpay.com
Fri Feb 13 19:54:36 UTC 2015
> From: openssl-users On Behalf Of Rajeswari K
> Sent: Friday, February 13, 2015 09:48
> As part of [ECDSA] signature verification, we first take lenght_of_signature received
> and compare with double the size of number_of_bytes from curve parameter.
> Have converted the ECDSA_SIG to unsigned char * using the function i2d_ECDSA_SIG().
> Length returned by i2d_ECDSA_SIG() is 103.
> Whereas, the number_of_bytes value from curve parameter is 48.
An EDCSA signature, like a DSA signature, and as the 'i2d' should clue you in,
is an ASN1 DER-encoded value. Specifically it is a SEQUENCE of two INTEGERs.
That means it consists of:
2 octets tag and length for the sequence -- OR 3 if the components together
exceed 127 octets, which will occur almost always if the curve size exceeds
496 bits and sometimes for slightly smaller curves, see below.
For each integer, 2 octets tag and length then N octets value, as long as the
curve size does not exceed 1015 bits (and none currently come even close).
Remember DER INTEGERs are two's complement, and the R and S values
are positive numbers that are for practical purposes uniform random up to
the curve order which is usually chosen to be nearly a power of two that
is a multiple of 8 (like 192, 256, 384) and thus require an extra sign octet.
Thus for a 384-bit curve, the encoded signature will be 6+2*48=102
roughly 25% of the time, 6+48+49 about 50% and 6+49*2 about 25%.
More information about the openssl-users