Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Compatibility of ECDSA signatures from OpenSSL with Intel SGX

Daniel_ˢᵍˣ
New Contributor I
1,018 Views

Hello,

I'm using SGX on the client, but not on the server, which uses OpenSSL for cryptographic operations.

When I sign data using OpenSSL's libcrypto I get a ECDSA/SHA256 signature in ASN.1 which contains two parameters, an R and an S. These two parameters appear to be the normal output of an ECDSA signature (I'm not a cryptographer). Yet The signature structure of SGX has an X and a Y. I need to send this output, the R and the S, to the client, which is using Intel SGX. Basically I'll have to place this R S into sgx_ec256_signature_t on the client side.

How do I go about to convert from OpenSSL's R S to SGX's X Y?

Daniel

0 Kudos
3 Replies
you_w_
New Contributor III
1,018 Views

Hi Danie :

Have you transform the Key to little  endian, when using it in SGX ? I haven't try this but openssl use big-endian while it's little-endian in SGX.

Regards 

you

0 Kudos
Daniel_ˢᵍˣ
New Contributor I
1,018 Views

you w. wrote:

Have you transform the Key to little  endian, when using it in SGX ? I haven't try this but openssl use big-endian while it's little-endian in SGX.

Hi, thank you for the reply. I managed to solve the issue.

The ASN.1 structure contains two BIGNUM so I had to convert from that. The R S in OpenSSL are the X Y in Intel SGX's data structures.

0 Kudos
Yaron_Y_1
Beginner
1,018 Views

Hi Daniel,

Can you share the code? How did you convert?

Thanks!

Yaron.

 

0 Kudos
Reply