Skip to content

Commit

Permalink
Add support for secp256k1 elliptic curve (#457)
Browse files Browse the repository at this point in the history
The change adds support for secp256k1 elliptic curve (required by ACCP).
We use the generic |EC_GFp_mont_method| for the new curve.

The largest part of the change is adding tests to cover as much as
possible the potential use of the curve. We have added EC, ECDH, and
ECDSA tests. In all three cases we generate the test vectors by newly
added Go scripts. The standard Go library doesn't have support for
secp256k1, and moreover, we can't instantiate the curve on our own
because Go's implementation assumes a curve given by y^2 = x^3 + ax + b
has a = -3, which is not the case for secp256k1. We work around this
issue by using the most widely used secp256k1 Go implementation,
Ethereum's go-ethereum/crypto/secp256k1 module. Also, EVP Wycheproof
tests specific to secp256k1 were added.

A small issue with FIPS service indicator test for ECDH is also fixed.
The test assumed in one case that the indicator should always return
APPROVED, when in reality the indicator status should depened on which
elliptic curve is used in the protocol. For example, when a non FIPS
approved curve like secp256k1 is used, we expect the indicator to
return NOT_APPROVED.

Co-authored-by: Dusan Kostic <[email protected]>
  • Loading branch information
dkostic and Dusan Kostic authored Apr 13, 2022
1 parent fcd770f commit 98da1e3
Show file tree
Hide file tree
Showing 20 changed files with 9,567 additions and 175 deletions.
3 changes: 3 additions & 0 deletions crypto/ecdh_extra/ecdh_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ static bssl::UniquePtr<EC_GROUP> GetCurve(FileTest *t, const char *key) {
if (curve_name == "P-521") {
return bssl::UniquePtr<EC_GROUP>(EC_GROUP_new_by_curve_name(NID_secp521r1));
}
if (curve_name == "secp256k1") {
return bssl::UniquePtr<EC_GROUP>(EC_GROUP_new_by_curve_name(NID_secp256k1));
}

t->PrintLine("Unknown curve '%s'", curve_name.c_str());
return nullptr;
Expand Down
204 changes: 204 additions & 0 deletions crypto/ecdh_extra/ecdh_tests.txt
Original file line number Diff line number Diff line change
Expand Up @@ -802,3 +802,207 @@ Y = 01cf0874f204b0363f020864672fadbf87c8811eb147758b254b74b14fae742159f0f671a018
PeerX = 01a32099b02c0bd85371f60b0dd20890e6c7af048c8179890fda308b359dbbc2b7a832bb8c6526c4af99a7ea3f0b3cb96ae1eb7684132795c478ad6f962e4a6f446d
PeerY = 017627357b39e9d7632a1370b3e93c1afb5c851b910eb4ead0c9d387df67cde85003e0e427552f1cd09059aad0262e235cce5fba8cedc4fdc1463da76dcd4b6d1a46
Z = 01aaf24e5d47e4080c18c55ea35581cd8da30f1a079565045d2008d51b12d0abb4411cda7a0785b15d149ed301a3697062f42da237aa7f07e0af3fd00eb1800d9c41

# Test vectors for secp256k1 curve were produced by
# the |make_secp256k1_test_vectors.go| script.

Curve = secp256k1
Private = 921ecaecf887ccbe55f65c61f1315a7ea89874330367784273a9142cfe9dd2a5
X = 4f5feb61b1fe370996843f72982f5d85514746aa8f78144c6129783e147effa9
Y = 915f63ff4935eab3db230187000ae150e6707bd80872f58dfae829cc45290b93
PeerX = 92b37f4c19163d737e36c56f58b0e63fc10c4b47142059bb8a63eedb32e6827c
PeerY = c65cc4436fa94319b22ca20c0b44504878ef680153ba6cced413ab51f49a613b
Z = 01a9f1f12624e63eeea7b56b6d5250ada0b47cdf1ef60c3d4a63f8b53acb115d

Curve = secp256k1
Private = 8778dd1b3f7f29d567303ac127edaa39000069e52941d2b9755b97971a826957
X = 501e96b508cd2c49313161db9867db981481b3a4e0d14cf4c5c364107f8b0a19
Y = 0b8d0f6a50276982df4cbea720d78237eb249d6f5221a593c5869c6463b85407
PeerX = cdf6d740df75ef3a23e22f6b57c0d2d2b2f9466e6c367056e04bbd9ab0258dc0
PeerY = 4b3ac8877da955b156c16b2f698ee6d92f1505485471d8f3c66229337d30099c
Z = 07af603d99965a725d2979ca621ed969dfc998b3c9bf083e9a7433ac41b0040a

Curve = secp256k1
Private = 420fea7d66fd27e1912af45f810971a0c94576085f46c0a4adb9ffcacf033369
X = 80a3b55b9472087636108bd1e720035fcf82fe5467ca2877119ec4596fdb9df7
Y = e55106d8468f8f3cf67ed0eec9fcdcfbe77b8af02fe921b529385a3b904effea
PeerX = dd7d11e3cebc1565e8ae8df2dd102c9ef3a0c7b0e840bc6f8cc14dffa43eca3d
PeerY = f7c73006e695dfb3c543d9cecbd8380854b9495ecd3e87426c06d6daa7267fe4
Z = 3c5110cbb9fae99ac28deccd5d08d885b0a924b2c435d85f87de1b5022591578

Curve = secp256k1
Private = 1c24c9c0870225d66cffb258a332e96b944ad47b3b39aff0e23f756a5eb591af
X = 7be08177e2fdbb09d96abacd553bb255027c97c1748f2df41ab49857221a9f0b
Y = 0517b75cd41c09f5b70e836f8e4ba32afb8e21b8ce861283fd4b2026ab020e7c
PeerX = d886d92ab4e610abf591afa6ccc567b9975571ee56a2fa5ed26d4d5490ab075e
PeerY = 42c4de84ec4a30a9cf9f2ac461e23ef7fd70c8e148029b0bc7ac85b19565f488
Z = 03675d804009b634d97d5737f280b6195f9ab25a8d973d7f56e2595709a5ac40

Curve = secp256k1
Private = b44778072aa82fc7cb882c190362d0a7075fa364eaf9bf663a2fe3f5f772e364
X = 885a592efeae34ecbefa07d39c02da566d57883bb0cc2fcefaa037fcdac18f5e
Y = 855889f2f10402e0e6ec771fef7c2dcf821b9c69c024bf5e3ef9aec82bc7ebc1
PeerX = 0556e79ad25ed34bfd49f7807fc285e7690f29fa770f30ec8c5dde49cd648c4b
PeerY = f6c334fb4d8f6576ca2150f792b5c35c3fdf434e0b547914f3ebde2baf3efa9f
Z = c753b6cbe7b982109f97f51be6a9ce5610a24e7f8e00075af1e81bd4b9c00ff9

Curve = secp256k1
Private = e6df4170e6fe3d289de817e759b935ecbfa2feb78faac2cf12ab00177f162430
X = d91bcb339555e6a3b09c3976d849aa9105b46627dd990b5cf6e3c64a73ad1e19
Y = fb8854cdf18e275a16ad79569c84cf1cac7d77f419317a362533d1dfa5907eb5
PeerX = bf601fb8b39be36aca8b740a99b53a71afcac19751108e4ad1ef6327afa674d0
PeerY = 71dab2567144674a36645bb99ceb0241a3639b57b6809a718b18990d84975b02
Z = 6e4f17bbafb930c4535b13085cc84f7813c0b99facf72b5a74a29d1b3e13f8eb

Curve = secp256k1
Private = c3cd691e803cb67be847e8a4ac9e655279b9cb9f1bd28e71a29fc3253a38eeb7
X = 204e1e9f79df8b59efc67a67b106c78484d98487bdc839e7f770d22db6f048ff
Y = d9dbf292be2aa0931a92200fec8d1ef67e114298260e45a8230b7f510d901d6f
PeerX = 425e064e80683b45159c0eabe877166533050ea5ee72cde1f430417b7f32b711
PeerY = db1e525d6a7c69ee7eea92ab4f7d2e2993ec1b00c5f1902a2c0249bed0398b79
Z = 1ea12b01788fa99c0a5eedf69daec0f71efe5ac362a67695ed407fe5ae126318

Curve = secp256k1
Private = 657139c1ffec21cbb988905d35cd3af9b1deb4e3de2c3f12cd44479d392cfdb7
X = 1ba16298dcb5a647eacb57a57ba0bff5aecd00649dfd48083f873e54160c2821
Y = 324cf1670a0787bbd5eb6eb3bb60c7b9dd0cb8e7840eb00ab52e710de2a1894e
PeerX = 77502cb9abed11be20211f6480b223d3a7f278a10da77f16bf89ce032d16cb38
PeerY = 4b399db2afc24b5e9e3f1bcb177258cd974660fa81eae4aa533d9dcd6d296633
Z = bc979716b2c4e1c437c6daf0462daf6693e08c1fbee44f807403e907c819e63a

Curve = secp256k1
Private = 453c0b0f84e2c09fbc8fd790c8501836dd7421f179f6e46172ca02ec7735259d
X = a6ce2fa2e99d76f461feff220e78dd884f55ceda03527add5f81a999c8b4f865
Y = 1826348841e55ab29d44f05047bf580a57484e226505c25e4f3d9a88c1c7aaa5
PeerX = 8db71212552de578d1322e97005f83716bc293f4d54e7fbce9176ea879d27a0e
PeerY = f505735e2e2efb21ed737cf918c547a8abfebc56297753ebb70682df66ba1a52
Z = d47db891c7f8ff33488fb5cbba4c372eb9b215ed9902cbbf2bc0d800f08bf991

Curve = secp256k1
Private = 62eaf00b386c7b07b61e3f2f889a1d903a633031ee7eddbdd3822ece1483a676
X = 8c69e79f6075ca6cb9e7e3988b3a5ae3e7b52c7d46aff088e7546a62323d79cf
Y = a596f3e869c3d3765e989c7e49753df75ee9bdf21ace338a8eb26fd542f94397
PeerX = d56979262adf4caf560fda38624728bd684025c5674c6e2453d1e5a07c5f7101
PeerY = d9dd6b7f42ed0c640cb1f9c6377d5c970350b1cc3c3d3eaa37a3e142cb261df4
Z = 966863ffd585d1394f4abd61efc71a75025be8ab6e5431a3dceeb926b3e63872

Curve = secp256k1
Private = 9abd336d9f93ca813b99b3e9f5df632c235abb16c3252e0636db62469632c818
X = a1188af0bbc01a25f2bed2911845a71b51f4b2dc04b7b5bee7fb13aa79cc3c30
Y = 16110bcbde82ce6296ce0a15b92be60771219dca0c8c8cb1bf0ce83c211c2789
PeerX = 28dc040202eb4630ad8efb4355565615fd59df5616b57a3369fe83aa610a6af0
PeerY = 9ec542d6b7415d1b541271bf6d6ebb17370675a672ca9ae357109a278d02855d
Z = f042cb7da8c9342e6163dc262a2a9605c151d62d6c486fd9879de4824f9b7e1a

Curve = secp256k1
Private = 1f90947d421cffcbb4a2756cfddfd2adf1a08ee9fbc4d61cfbcf9af9880d02ac
X = 2fdbcf7c82d0ae3f4f82c7338c5e0f27f9504326d8ba47a85dd07ad01c52d3af
Y = 6a6d82ee263372f01fe15499c0ea3fb114e6910ffd8bf9516cce22373c8eeff9
PeerX = 1bead6a0cc13271e703253329ac2bbb86da5bbdc2ce6c066c6dc41c194124e3c
PeerY = 3bbb994b1f34ddb9066ea87002cb9bbf643d5d95ed448a42d84a91c3c81a64f6
Z = 6a5938a5c1e62791b6ddbac73ec3fd90de9ff59b59e2110af0c7c30f8f513bab

Curve = secp256k1
Private = ff96aed8f921ab3569e386392ddb52a4333480e1bf9b51e6857facaaa8ad1d7b
X = a195811b300cec1915c799601ef488b34ff36e23d19f6fbe8e20b2b7410bdb06
Y = 031b59627e026cd5f2a9bceca55c70fc778916561d7994d263fba7b0ba93d302
PeerX = ac289f649e9f45a1a515c5a09c4b09ba64573d8db4db36eee79c6a5fa557f0e2
PeerY = 0abd590cdb9a1b5fb4d4ff7a0432a569866d14c493b8e4d5e388db47a013e99b
Z = 0604ba041adf10b1c90d0b18c11678faca33e852ec875731ee1234761cb2aad7

Curve = secp256k1
Private = 4086033d771133e29d36123c45de30154f562ad767056a58b0f3b3d684c9ac56
X = adc5d65f57a23f2c5a695de087c8e387118a305752847907041eca2344802ffa
Y = d858939481400f65aaa3e490fe4a2024e73dc9299c7181ac141211366fe8ef06
PeerX = cf9c3a1807eded3b2fa0dc3530bcb8e6f3073d68b47c9fe9c2dcf0e63775e68f
PeerY = bf3b2b84c164a30db77b9e5f443c872b219fd50629befd4eb5e2cdbc2e8a0574
Z = 9c134d4bf4cfb26e90a836780ecc9eb0f9cf7b182f9d7813a389012a9490d584

Curve = secp256k1
Private = bba100c78af621a62d5ba74d856c712ce7174612d70693a7f48d469310c35845
X = 1ce63a7f1a588b2fcb5127d445d76ce0d546d6a1012e5e959bf8afc3ed496d46
Y = 64db5924e48b39348a7981eeb7df465aabeb4601f08beb16214b7b3f81cd4b23
PeerX = 636110f3d94d2800d4d5f9c54030833c37983f910279784f63718bcd528304b7
PeerY = a7c187acf3377c0cbe6cbc445d3ddf210a48cb025c79b9443001f0e28df5ac31
Z = e428bc80b5df387228a022f995c441e32e2676adbe85536ad1b860dfe8945ecf

Curve = secp256k1
Private = 4f86e4f14b896c314861d503784449095a78114afe89f83f0524a95c6a7219d6
X = dc8ae08bdec6ab462abf38bc52eae529b2e4455f14002061c96e0c88d19ab642
Y = 152662d2f355b257dd5060f59cf33e615591d5c354ec4e6b5e79f2f092c3c41f
PeerX = 4b099096b359e95779735c3f44b35677b3ed4b3c4eef5f938e3304e2930d74e6
PeerY = 5bc8e9614e2aa2c592c4a537e69465eefea2bce1af7fd3b9d3fa90ed81d9cc61
Z = 7bfba5374e6a2e731d46acab082731a405d20ade4096ca4be0e22738d9bcc662

Curve = secp256k1
Private = 29723aef258431cf15b129f8e0757eca2bdd2c32cc78e3eebbdee57683a97470
X = 5f83bab69e0887b66345dff0e8e277e124a067f92b739333a7183aa5dab9f2ea
Y = 1c1e02092290affc2015376a761464bcd0b39dd7f162898689539955f2fb5d29
PeerX = 5754423a3d5ddb4b851cb86dc08b5db3abe28771ac0d189b45abad4b0d04bd69
PeerY = 0c4da1f9b1517c8cfedec9aebfdb88056442bf9676cf97ff1aad4603c5e3dc98
Z = 0d85e90f370d9295ad7bbb6bc426b7a2be83da73fff7285d3863af3ec9a13b19

Curve = secp256k1
Private = fc2e8a842fee26f089a06fff36471f2aeac4e60f9a5fa5426321fc5e63254412
X = 6d2938edfb6f4588c057fef3e3377327d5a04d3af33a8d78c7035a0dbc592c1b
Y = 5d451cc6c9380c95f1d3d6d07fcd9f263e5be7847842915b4456150314db4642
PeerX = 5bec788d109ae6b151ac052af78f911c3acd183034d5094b3c94becbe6144560
PeerY = 86ed16cfbf11a30c82a5e0c420fecc5eb24d09ce933c40b67ab41e5178a917c1
Z = 58464de52536d9e7b9c635090761075a40562ae4d6d10ec1d31f82450af5bead

Curve = secp256k1
Private = d4a33653a89fb4e6423f94c0cad14671fc26d5abe60fd024a58aa1fab8c41a41
X = e639ff4368e57658636b3ea63274bcc0fe106dc2b0ee2ef6d9f19de4c87e94a2
Y = 51793604318e5a2b273ae610ab5b51dade724c5537a7867179aad80fdaeda643
PeerX = 376ae648987c8cf44d247d4f3c53a27d5cb69bd8dee8d862d13779c76e32d690
PeerY = 83da0725a277df672ccbae809eaec7af662ff5a2cf999f419c3fdf85640e9429
Z = d892f3ddce29be37f9c920c5977ea9b93038d7beec6ce647278a9b59998379ed

Curve = secp256k1
Private = b1fdf4329268f28e01490d4645243b0ed7d2327fb23f07067da5fe172326fee4
X = bfc222c7b7527a5f1c53a87c40e467e227ffe8d3694f2bce960f99286672df38
Y = 58928f6300d919037b5612d2b0df556e53faae515a7999296ce5f0f516cf01fc
PeerX = 3a6bc71ddd77ad13bc419156a8127c156ee784dc431bd57def6b5dd282764de5
PeerY = 91788a9b9a29cb70b8a89d74c85ecfb9dca86426be2e6b0e6a8382bdce622ca5
Z = 7ff7e528b10f2fde75906c33a93268664517ecefcf3acb4664dedfd4dd06f5f7

Curve = secp256k1
Private = cba366380bdef896e95d6514ee9061e1247d7f55a65acbf6d6da60dd1a5a4a12
X = bcef71da2381901e95b4fe4693b2d35bbe23d25cb888b10c4d464c3a9c2ecb1a
Y = ef0e90abf9a5c88c796a33c80a4edb3fb4dfcc750b5817408a5eb9206438b60a
PeerX = 9e3f23976e032996301f0e58eacf94d43ace5ae6ee6952168dfd131053ce49ce
PeerY = 9307d60221a792881da7a7854702ec926c680f02fd1d6b3b339abc6aa6646a9a
Z = 669560aaa38925c6773b6b2eeb05d4e2eb091e07550199ec47d2831db00bb768

Curve = secp256k1
Private = 1b83deecbb8f3b93dc4f2249579ec468d6f996151a6969eb9a0c89cb55a3cf8f
X = 772e3ee8191956c671ccd9ff8655b29c4654dcd4aa2bc61b0a275eb582e6e9cf
Y = 04cef51d505bbf3dcd3c056c8b88d0090103768396798cc044ce56a98fa152a5
PeerX = e3ec766e9f7922672f334810d3a55e669a4fd17462657a0f0a956dd19de7ff12
PeerY = 6808172789939a54831af47ee4749194ca4327f0722c331b7def97c4b7482a4f
Z = b4adec3f4e572c41b3acf2883aa91b3c23a50d409b805f13d5d0e9d3925d403e

Curve = secp256k1
Private = 3c27c4fbd40c7556e42d742b6ad7ffe6d7f645768c82457f0abf9897eedace04
X = f4ea6d9367380ca3aa188bf382ab35a2df72ff1766886266167d1b7afcb94197
Y = 7936062f53fdb502b5ec8a5a0c87cb03af738a7b0c145ba7d1fbf71acbcb2890
PeerX = 8916d32e382088d912f9b15fdf0a9f1e51c730971f8c062ace0da830f7598c74
PeerY = 2407a8300c1535126aa43b2f2569b45e09af88aea91320485b272f17522712f8
Z = f25cad676eebecc681a97ceffcd2bf812fc9b288432aa69fe7627f2e033c5352

Curve = secp256k1
Private = dbd383e7ebf7fc069a12a826992002983059d8454adb5456fa099a4fbe2dec7e
X = f07cb80b85528ae3f73d02868d048c7926e690051cb5c68a31f984e0e1a9041c
Y = 4d70662f78dd5bb8a66c93caf8ebeb776395d82bc0a29a9ef2f0a5fdd036cfc9
PeerX = c08fa679fa7b0cf5b6d96b890e9522914f8382a0d48196cad4a28cb84a45c2bc
PeerY = ce01acb888f214e6f2584a1bc64285865c69dcd55b6b4318bb7bca66d6cb10ea
Z = e464dbae21e14635de38a63161f785f4a21e16b715b9ef47b5d7ea413655466e

Curve = secp256k1
Private = c8f49f50878a126c77094fde58063e5d551dc9771bf08b6cb00101f322255688
X = 81a96289ba2d10a2fe40769cd138ac6a26d15d4a4ec1a0b144d787bb24e05c04
Y = 7f7fd81f094df19eae747a2875bbdae350f459b0cfde5368647dd1a16e43bfae
PeerX = 3815c4f2596c8caa4fa2824ee3e0e568f864de44ca51e9a8f75c3f3bb1d9c197
PeerY = 6cfa3f3004d751b95d00c2b033ff620a2ae1ade7edd118e53f1b89943b2b8ffc
Z = d5ad066726b526fcf3a5cb2498e6612d96fc7d96f8ec5eb20424ed804bfada73

80 changes: 80 additions & 0 deletions crypto/ecdh_extra/make_secp256k1_test_vectors.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

// This script is used to generate the ECDH test vectors for secp256k1 curve.

package main

import (
"crypto/sha256"
"math/big"
"strconv"
"fmt"
)

import "github.com/ethereum/go-ethereum/crypto/secp256k1"

// Number of test vectors to be generated
const numOfTests = 25

// Initialize the counter used for generating pseudo-random numbers
// using the SHA-256 hash function.
var prng_ctr = 1

func printPadded(key string, n, max *big.Int) {
padded := make([]byte, len(max.Bytes()))
b := n.Bytes()
copy(padded[len(padded)-len(b):], b)
fmt.Printf("%s = %x\n", key, padded)
}

func genRandModN(N *big.Int) *big.Int {
res := new(big.Int)
for {
dgst := sha256.Sum256([]byte("Dummy string" + strconv.Itoa(prng_ctr)))
prng_ctr++
res.SetBytes(dgst[:])
if res.Cmp(N) == -1 {
break
}
}
return res
}

func main() {

curve := secp256k1.S256()

fmt.Printf("\n# Test vectors for secp256k1 curve were produced by")
fmt.Printf("\n# the |make_secp256k1_test_vectors.go| script.\n\n")

for i := 0; i < numOfTests; i++ {
// Generate a private key for Alice and for Bob
sA := genRandModN(curve.Params().P)
sB := genRandModN(curve.Params().P)

// Compute the corresponding public key
xA, yA := curve.ScalarBaseMult(sA.Bytes())
xB, yB := curve.ScalarBaseMult(sB.Bytes())

// Compute shared keys zA and zB for Alice and Bob
zA, _ := curve.ScalarMult(xB, yB, sA.Bytes())
zB, _ := curve.ScalarMult(xA, yA, sB.Bytes())

if zA.Cmp(zB) != 0 {
fmt.Printf("Error, shared secret keys for Alice and Bob are different!")
return
}

// Print all the required values
fmt.Printf("Curve = secp256k1\n")
printPadded("Private", sA, curve.Params().P)
printPadded("X", xA, curve.Params().P)
printPadded("Y", yA, curve.Params().P)
printPadded("PeerX", xB, curve.Params().P)
printPadded("PeerY", yB, curve.Params().P)
printPadded("Z", zA, curve.Params().P)
fmt.Printf("\n")
}
}

11 changes: 9 additions & 2 deletions crypto/evp_extra/evp_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -664,15 +664,22 @@ TEST(EVPTest, WycheproofECDSAP256) {
TEST(EVPTest, WycheproofECDSAP384) {
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp384r1_sha384_test.txt");
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt");
}

TEST(EVPTest, WycheproofECDSAP521) {
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt");
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp521r1_sha512_test.txt");
}

TEST(EVPTest, WycheproofECDSAsecp256k1) {
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp256k1_sha256_test.txt");
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp256k1_sha512_test.txt");
}

TEST(EVPTest, WycheproofEdDSA) {
RunWycheproofVerifyTest("third_party/wycheproof_testvectors/eddsa_test.txt");
}
Expand Down
37 changes: 37 additions & 0 deletions crypto/fipsmodule/ec/ec.c
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,33 @@ static const uint8_t kP521Params[6 * 66] = {
0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09,
};

static const uint8_t kP256K1Params[6 * 32] = {
// p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
// a
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
// b
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
// x
0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
// y
0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
// order
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
};

DEFINE_METHOD_FUNCTION(struct built_in_curves, OPENSSL_built_in_curves) {
// 1.3.132.0.35
static const uint8_t kOIDP521[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
Expand Down Expand Up @@ -268,6 +295,16 @@ DEFINE_METHOD_FUNCTION(struct built_in_curves, OPENSSL_built_in_curves) {
#else
EC_GFp_mont_method();
#endif

// 1.3.132.0.10
static const uint8_t kOIDP256K1[] = {0x2b, 0x81, 0x04, 0x00, 0x0a};
out->curves[4].nid = NID_secp256k1;
out->curves[4].oid = kOIDP256K1;
out->curves[4].oid_len = sizeof(kOIDP256K1);
out->curves[4].comment = "SEC/ANSI P-256 K1";
out->curves[4].param_len = 32;
out->curves[4].params = kP256K1Params;
out->curves[4].method = EC_GFp_mont_method();
}

EC_GROUP *ec_group_new(const EC_METHOD *meth) {
Expand Down
Loading

0 comments on commit 98da1e3

Please sign in to comment.