-1

I'm trying to debug my own implementation of the ECDSA signature. To compare the intermediate results I would like to force the OpenSSL, Crypto++ or whatever else package to use a known "random" number instead of generating it each time the signature is created. Is there a way to do so?

Since I'm working with the brainpool curves I can't use the microsoft crypto API. This doesn't support the brainpool curves in the Crypto API until Windows 10.

Another way could to be retrieve the random used after the ECDSA signature creation from one of the popular packages.

I appreciate any help

jww
  • 97,681
  • 90
  • 411
  • 885
Vic
  • 102
  • 7
  • You should pick a library instead of naming a group of security libraries. – jww May 09 '18 at 00:39
  • jww, the reason of this is obvious. Since I was opened regarding the choice of the reference library I have mentioned all of them. I've hoped the extending the scope will increase the chance for the fast response. jww, for your information, since this way is the most pragmatic one I will do the same next time. I'm really sorry if you are disagree – Vic May 09 '18 at 10:52
  • We don't know what language you are working with; and the libraries are different and lack a common API. It is not clear to me if you have a C, C++ or Java project, which should drive the requirements. All the libraries are different so we can't post code that will work for all of them. We need to know what you are using. – jww May 09 '18 at 16:02
  • The implementation which results must be validated will be written in ANSI C. As I have mentioned in the very first sentence of my question, I must implement the original customer specific securely coded cryptographic library. Since I can't validte the ECDSA signature provided by the high level calls I must know the prime used for it's computation. I can perfectly use Java, C, C++, C# and so on and don't care where the reference results come. The only thing which really matters is that I can trust those correctness. – Vic May 10 '18 at 10:55
  • Just for sake of completeness of your information and to stress the flexibility issue with programming languages, I've finally implemented the reference ECDSA signing and verfification samples for different curves including the weird ones with MAGMA (http://magma.maths.usyd.edu.au/magma) – Vic May 10 '18 at 11:03

1 Answers1

3

Yes, this is possible with OpenSSL. OpenSSL provides the ability to override the default source of random numbers. To do this use the RAND_set_rand_method() function documented here:

https://www.openssl.org/docs/man1.1.0/crypto/RAND_set_rand_method.html

This function takes as an argument a RAND_METHOD structure which contains function pointers to the implementations of the OpenSSL random capabilities. Replace the bytes element with your own implementation.

For example

RAND_METHOD myrand, *oldrand;

oldrand = RAND_get_rand_method();
myrand = *oldrand;
myrand.bytes = mybytes;
RAND_set_rand_method(myrand);

Where mybytes is defined like this:

static int mybytes(unsigned char *buf, int num)
{
    /* Replace with however you want the random function to work */
    memset(buf, 0, num);
    return 1;
}

OpenSSL's own ecdsatest code does exactly this. For example see:

https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable/test/ecdsatest.c#L65

Matt Caswell
  • 8,167
  • 25
  • 28