8.8 ECC Keysizes
With ECC if you try to sign a hash that is bigger than your ECC key
you can run into problems. The math will still work, and in effect the
signature will still work. With ECC keys the strength of the signature
is limited by the size of the hash, or the size of they key, whichever is
smaller. For example, if you sign with SHA256 and an ECC-192 key,
you in effect have 96–bits of security.
The library will not warn you if you make this mistake, so it is
important to check yourself before using the signatures.
Though I still consider this as a bug, since the signature will not be valid according to ECDSA specs, only TomCrypt can validate it.
Thanks,
Rudolfs