0

I am trying to sign a hash, create a copy of that hash (specifically client/server related), then verify the signature using the copy of the hash. I don't understand how or why when I have two variables, hash and hashCopy, with the exact same content, that verification can only work on one of the two depending on which one was signed.

The below code shows what I am talking about.

int main()
{
    EC_KEY* myecc = NULL;
    EVP_PKEY* pkey_ = NULL;

    myecc = EC_KEY_new_by_curve_name(NID_secp256k1);
    EC_KEY_generate_key(myecc);
    pkey_ = EVP_PKEY_new();
    EVP_PKEY_assign_EC_KEY(pkey_, myecc);
    myecc = EVP_PKEY_get1_EC_KEY(pkey_);
    const EC_GROUP* ecgrp = EC_KEY_get0_group(myecc);

    std::string hash = "126420fb81d58bbb7d86c98e1818f4c9d44acf216471e196ed403a608954cf1d";
    std::string hashCopy = hash;

    std::vector<unsigned char> signature;
    unsigned char pchSig[10000];
    unsigned int nSize = 0;

    ECDSA_sign(0, (unsigned char*)&hash, sizeof(hash), pchSig, &nSize, myecc);
    signature.resize(nSize);
    memcpy(&signature[0], pchSig, nSize);

    if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &signature[0], signature.size(), myecc) == 1)
    {
        std::cout << "Original hash variable verify success\n\n";
    }
    else
    {
        std::cout << "Original hash variable verify fail\n\n";
    }
    if (ECDSA_verify(0, (unsigned char*)&hashCopy, sizeof(hashCopy), &signature[0], signature.size(), myecc) == 1)
    {
        std::cout << "Hash copy variable verify success\n\n";
    }
    else
    {
        std::cout << "Hash copy variable verify fail\n\n";
    }
}

This outputs:

Original hash variable verify success

Hash copy variable verify fail

Why does verifying using hashCopy fail given that it's the exact same? This variable basically represents the variable on the client side, whereas the original hash variable represents the variable on the server side.

Also, if I just pass through a string literal "1264..." which is the exact same as hash that does not work either.

I also tried this using a copy of the signature variable, that made no difference as I would expect.

How do I get the verification of both hash and hashCopy to work without needing to sign both?

random5999
  • 1
  • 2

0 Answers0