I am using CVC certificates (If you haven't heard about them, pretend they are X509) with Elliptic curve signature with brainpool256r1 curve and SHA1 hash. In java with bouncycastle, I simply verify them like this:
Signature sign = Signature.getInstance("SHA1withECDSA", "BC");
sign.initVerify(key);
sign.update(certificate_data_to_be_verified);
sign.verify(signature);
And everything works fine. However, I need to verify them also in an embedded device, and I have encountered a problem, because I am supposed to use leftmost 256bits of hash to get the value of z at least according to wikipedia ECDSA article. But SHA1 has only 160bits.
How is this solved by bouncycastle, and is there some general theory on how to handle this?
You are confusing an order of base point with a key length.
Here is how Bouncy Castle code performs ECDSA digital signature verification.
private BigInteger calculateE(BigInteger n, byte[] message)
{
/* n is curve order value */
int log2n = n.bitLength();
/* and message is a hash */
int messageBitLength = message.length * 8;
BigInteger e = new BigInteger(1, message);
/* If message is longer than curve order */
if (log2n < messageBitLength)
{
/* only log2n bits are taken from the left */
e = e.shiftRight(messageBitLength - log2n);
}
return e;
}