Last active
July 20, 2020 18:31
-
-
Save bshambaugh/6f0fe5a63f96b0e0a95b404cc103e9c4 to your computer and use it in GitHub Desktop.
Test the P256 curve with ATECC508A
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| start with a public key generated in: | |
| https://github.com/sparkfun/SparkFun_ATECCX08a_Arduino_Library/blob/master/examples/Example1_Configuration/Example1_Configuration.ino | |
| uint8_t publicKeyExternal[64] = { | |
| 0xF9, 0xC3, 0x6F, 0x89, 0x64, 0x62, 0x33, 0x78, 0xBD, 0xC0, 0x68, 0xD4, 0xBC, 0xE0, 0x7E, 0xD1, | |
| 0x7C, 0x8F, 0xA4, 0x86, 0xF9, 0xAC, 0x0C, 0x26, 0x13, 0xCA, 0x3C, 0x8C, 0x30, 0x6D, 0x7B, 0xB6, | |
| 0x1C, 0xD3, 0x67, 0x17, 0xB8, 0xAC, 0x5E, 0x4F, 0xEA, 0x8A, 0xD2, 0x3D, 0xC8, 0xD0, 0x78, 0x3C, | |
| 0x23, 0x18, 0xEE, 0x4A, 0xD7, 0xA8, 0x0D, 0xB6, 0xE0, 0x02, 0x6A, 0xD0, 0xB0, 0x72, 0xA2, 0x4F | |
| }; | |
| ===> compress and split into 32 bit parts. | |
| ['f9c36f8964623378bdc068d4bce07ed17c8fa486f9acc2613ca3c8c306d7bb6', '1cd36717b8ac5e4fea8ad23dc8d0783c2318ee4ad7a8db6e026ad0b072a24f'] | |
| === > convert to int | |
| ----------------- the int x,y -------------- | |
| 7060700267049620596356235336501166570879242195065472674169415375238145604534 | |
| 50930765665627190067685409014485724477345323970126409943904502612080370255 | |
| ==> feed points into the fastecdsa library to create an encoded public key | |
| ---------------------- | |
| import fastecdsa as fec | |
| import binascii | |
| from binascii import hexlify, unhexlify | |
| from fastecdsa.curve import P256 | |
| from fastecdsa.encoding.sec1 import InvalidSEC1PublicKey, SEC1Encoder | |
| from fastecdsa.point import Point | |
| SEC1Encoder.encode_public_key(Point(7060700267049620596356235336501166570879242195065472674169415375238145604534,50930765665627190067685409014485724477345323970126409943904502612080370255,curve=P256),True) | |
| ------- | |
| output: | |
| ------- | |
| python3 testecdsa6.py | |
| Traceback (most recent call last): | |
| File "testecdsa6.py", line 17, in <module> | |
| SEC1Encoder.encode_public_key(Point(7060700267049620596356235336501166570879242195065472674169415375238145604534,50930765665627190067685409014485724477345323970126409943904502612080370255,curve=P256),True) | |
| File "/home/ubuntu/.local/lib/python3.6/site-packages/fastecdsa/point.py", line 34, in __init__ | |
| 'coordinates are not on curve <{}>\n\tx={:x}\n\ty={:x}'.format(curve.name, x, y)) | |
| ValueError: coordinates are not on curve <P256> | |
| x=f9c36f8964623378bdc068d4bce07ed17c8fa486f9acc2613ca3c8c306d7bb6 | |
| y=1cd36717b8ac5e4fea8ad23dc8d0783c2318ee4ad7a8db6e026ad0b072a24f | |
| ----------- | |
| About the curves: | |
| <! Actually it seems the same> | |
| <!-- curve uses a different seed and the wieserstrauss curve:> | |
| https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-186-draft.pdf (page 13) | |
| <compare to> | |
| https://csrc.nist.gov/csrc/media/publications/fips/186/3/archive/2009-06-25/documents/fips_186-3.pdf | |
| ==================== | |
| For each Weierstrass curve, 505 E : y2≡x3 +ax +b (modp) | |
| ---------- | |
| The check is done by evaluating the curve equation :math:`y^2 \equiv x^3 + ax + b \pmod{p}` | |
| at the given point :math:`(x,y)` with this curve's domain parameters :math:`(a, b, p)`. If | |
| the congruence holds, then the point lies on this curve. | |
| note: I also tried other public keys: | |
| (from the other crypto chip) | |
| uint8_t publicKey[64] = { | |
| 0x39, 0xE6, 0x20, 0xFF, 0xF1, 0x5E, 0x20, 0xD6, 0x75, 0x2D, 0xEA, 0x9F, 0xFB, 0xA1, 0xD0, 0x6C, | |
| 0x07, 0x3A, 0x9F, 0x7F, 0xC8, 0xA5, 0xC0, 0x5A, 0x33, 0xA8, 0x61, 0x19, 0x5B, 0x32, 0xAD, 0xF1, | |
| 0x8D, 0xAC, 0x82, 0x91, 0x04, 0x0B, 0x72, 0x95, 0xE7, 0xFE, 0x23, 0xF3, 0x0F, 0x06, 0xE2, 0xAD, | |
| 0x47, 0x9F, 0x4E, 0xC6, 0x65, 0xC1, 0xD4, 0xC7, 0x5A, 0x58, 0x30, 0x5A, 0x81, 0x65, 0x03, 0xDD | |
| }; | |
| (from the SparkFun Example) | |
| https://learn.sparkfun.com/tutorials/cryptographic-co-processor-atecc508a-qwiic-hookup-guide/example-3-verify |
replicating writeup from fastecdsa (AntonKueltz/fastecdsa#57):
"This involves importing a public key from the cryptographic chip ATECC508A into the library. I found I had a public key that was generated using the p-256 according to the chip documentation, yet the fastecdsa library tells me that the point is not on the curve.
I created a gist to describe my procedure:
https://gist.github.com/bshambaugh/6f0fe5a63f96b0e0a95b404cc103e9c4
As well as my broader (newbie) exploration:
https://raptorlicious.blogspot.com/2020/07/bringing-together-last-3-cryptography.html
If this is out of scope, is there a better place for this question? Thanks for your time."
Here is a github issue for a library called cryptoauthlib which is made by the manufacturer of the ATECC508A. It talks about the format of the public key. Maybe I could use the public keys mentioned in here to get something that might work:
(MicrochipTech/cryptoauthlib#11)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The public key here works:
https://stackoverflow.com/a/30455259
Maybe the cryptographic authentication chip is producing public keys that are not on the curve. Why?