CRYS_ECDSA_Sign signature encoding?

Turns out I was doing the conversion correctly, after calling CRYS_ECDSA_Sign with the "CRYS_ECPKI_AFTER_HASH_SHA256_mode" hash mode and feeding in its SHA256 hash instead of the message, it worked and MbedTLS has verified it properly. 

Well, still not sure why it didn' work with "CRYS_ECPKI_HASH_SHA256_mode", but at least I got it working now

Turns out I was doing the conversion correctly, after calling CRYS_ECDSA_Sign with the "CRYS_ECPKI_AFTER_HASH_SHA256_mode" hash mode and feeding in its SHA256 hash instead of the message, it worked and MbedTLS has verified it properly. 

Well, still not sure why it didn' work with "CRYS_ECPKI_HASH_SHA256_mode", but at least I got it working now

Hi Dadas,

can you please tell me what is the output format of the Sign algorithm/how do yo convert the signature to DER format?

I am stuck on this as well, and couldn't figure it out from your answer.

Thanks in advance!

Hello, I ended up using ecdsa_signature_to_asn1 from mbedtls

CRYS_ECDSA_Sign(&rndCtx,&signtmp,&Priv,HASHMODE,(uint8_t*)hash,hlen,hwsig,&hwsiglen);

- output is written to the hwsig buffer, first half is the R parameter and second half is the S parameter, so I read these numbers into mbedtls MPI format and then call ecdsa_signature_to_asn1

mbedtls_mpi r, s;
mbedtls_mpi_init( &r );
mbedtls_mpi_init( &s );

mbedtls_mpi_read_binary(&r,hwsig,keysize);
mbedtls_mpi_read_binary(&s,hwsig+keysize,keysize);

ecdsa_signature_to_asn1(&r,&s,sig,slen);

Hope this helps, have a nice day

It does, thnaks a lot.