[Cryptech Tech] Plan for ECDSA core (review, please)

[Russ Housley]

Will ECDSA be used to sign firmware?  If so, then the module will need to be able to do a verify to accept new firmware.

Russ


On May 28, 2015, at 9:11 AM, Rob Austein wrote:

> One of my action items this week is helping to specify what it is that
> we meant when we asked Pavel to go off and write us an ECDSA core.
> 
> Here's what I have so far:
> 
> - We probably don't need the core to do ECDSA verification, only
>  signing.
> 
> - We probably only care about two named curves: P-256 and P-384.
> 
> The real specification appears to be X9.62.  ECDSA is also included in
> several NIST documents (186-[234]) but NIST refers to X9.62 as the
> primary specification.
> 
> NIST has test vectors.  The relevant ones are probably:
> 
>    http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-3ecdsatestvectors.zip
> 
> We're probably only interested in the P-256/SHA-256 and P-384/SHA-384 cases.
> 
> There are of course various software implementations, including
> Cryptlib, and including a pure Python implementation (named "ecdsa" of
> all things).
> 
> Pavel has requested that we give him a slightly lower-level spec than
> this, in terms of expected inputs, expected outputs, and samples of
> each, which is entirely reasonable, but before going there I wanted to
> make sure we have agreement that this is what we want.
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech