Fix ECDSA signature verification (IOT-793)

Earlier Fix was not compatible with external SSL libraries because
the signed ECC point was not in correct format. This change has
been verified to be working with upstream tinyDTLS.
This change has been reviewed at
https://gerrit.iotivity.org/gerrit/#/c/3647/

Change-Id: I2bc4d01f8c1a950f9e6e6ac8eaf200c28060c5dc
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/3737
Reviewed-by: dongik Lee <dongik.lee@samsung.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>

diff --git a/extlibs/tinydtls/crypto.c b/extlibs/tinydtls/crypto.c
index 58d9899..77a8e04 100644 (file)
--- a/extlibs/tinydtls/crypto.c
+++ b/extlibs/tinydtls/crypto.c
@@ -585,8 +585,13 @@ dtls_ecdsa_create_sig_hash(const unsigned char *priv_key, size_t key_size,
         return 0;
 
     uECC_sign(priv_key, sign_hash, sign);
-    memcpy(point_r, sign, 32);
-    memcpy(point_s, sign + 32, 32);
+
+    int i;
+    for (i = 0; i < 32; i++)
+    {
+        ((uint8_t *) point_r)[i] = sign[31 - i];
+        ((uint8_t *) point_s)[i] = sign[63 - i];
+    }
 }
 
 void
@@ -631,12 +636,8 @@ dtls_ecdsa_verify_sig_hash(const unsigned char *pub_key_x,
     memcpy(publicKey + 32, pub_key_y, 32);
 
     // Copy the signature into a single buffer
-    int i;
-    for (i = 0; i < 32; i++)
-    {
-        sign[i] = result_r[31 - i];
-        sign[i + 32] = result_s[31 - i];
-    }
+    memcpy(sign, result_r, 32);
+    memcpy(sign + 32, result_s, 32);
 
     return uECC_verify(publicKey, sign_hash, sign);
 }