Add support for secp256k1 elliptic curve (aws#457)

The change adds support for secp256k1 elliptic curve (required by ACCP). We use the generic |EC_GFp_mont_method| for the new curve. The largest part of the change is adding tests to cover as much as possible the potential use of the curve. We have added EC, ECDH, and ECDSA tests. In all three cases we generate the test vectors by newly added Go scripts. The standard Go library doesn't have support for secp256k1, and moreover, we can't instantiate the curve on our own because Go's implementation assumes a curve given by y^2 = x^3 + ax + b has a = -3, which is not the case for secp256k1. We work around this issue by using the most widely used secp256k1 Go implementation, Ethereum's go-ethereum/crypto/secp256k1 module. Also, EVP Wycheproof tests specific to secp256k1 were added. A small issue with FIPS service indicator test for ECDH is also fixed. The test assumed in one case that the indicator should always return APPROVED, when in reality the indicator status should depened on which elliptic curve is used in the protocol. For example, when a non FIPS approved curve like secp256k1 is used, we expect the indicator to return NOT_APPROVED. Co-authored-by: Dusan Kostic <[email protected]>
noahstaveley · Apr 13, 2022 · 98da1e3 · 98da1e3
1 parent fcd770f
commit 98da1e3
Show file tree

Hide file tree

Showing 20 changed files with 9,567 additions and 175 deletions.
diff --git a/crypto/ecdh_extra/ecdh_test.cc b/crypto/ecdh_extra/ecdh_test.cc
@@ -55,6 +55,9 @@ static bssl::UniquePtr<EC_GROUP> GetCurve(FileTest *t, const char *key) {
   if (curve_name == "P-521") {
     return bssl::UniquePtr<EC_GROUP>(EC_GROUP_new_by_curve_name(NID_secp521r1));
   }
+  if (curve_name == "secp256k1") {
+    return bssl::UniquePtr<EC_GROUP>(EC_GROUP_new_by_curve_name(NID_secp256k1));
+  }
 
   t->PrintLine("Unknown curve '%s'", curve_name.c_str());
   return nullptr;

diff --git a/crypto/ecdh_extra/ecdh_tests.txt b/crypto/ecdh_extra/ecdh_tests.txt
@@ -802,3 +802,207 @@ Y = 01cf0874f204b0363f020864672fadbf87c8811eb147758b254b74b14fae742159f0f671a018
 PeerX = 01a32099b02c0bd85371f60b0dd20890e6c7af048c8179890fda308b359dbbc2b7a832bb8c6526c4af99a7ea3f0b3cb96ae1eb7684132795c478ad6f962e4a6f446d
 PeerY = 017627357b39e9d7632a1370b3e93c1afb5c851b910eb4ead0c9d387df67cde85003e0e427552f1cd09059aad0262e235cce5fba8cedc4fdc1463da76dcd4b6d1a46
 Z = 01aaf24e5d47e4080c18c55ea35581cd8da30f1a079565045d2008d51b12d0abb4411cda7a0785b15d149ed301a3697062f42da237aa7f07e0af3fd00eb1800d9c41
+
+# Test vectors for secp256k1 curve were produced by
+# the |make_secp256k1_test_vectors.go| script.
+
+Curve = secp256k1
+Private = 921ecaecf887ccbe55f65c61f1315a7ea89874330367784273a9142cfe9dd2a5
+X = 4f5feb61b1fe370996843f72982f5d85514746aa8f78144c6129783e147effa9
+Y = 915f63ff4935eab3db230187000ae150e6707bd80872f58dfae829cc45290b93
+PeerX = 92b37f4c19163d737e36c56f58b0e63fc10c4b47142059bb8a63eedb32e6827c
+PeerY = c65cc4436fa94319b22ca20c0b44504878ef680153ba6cced413ab51f49a613b
+Z = 01a9f1f12624e63eeea7b56b6d5250ada0b47cdf1ef60c3d4a63f8b53acb115d
+
+Curve = secp256k1
+Private = 8778dd1b3f7f29d567303ac127edaa39000069e52941d2b9755b97971a826957
+X = 501e96b508cd2c49313161db9867db981481b3a4e0d14cf4c5c364107f8b0a19
+Y = 0b8d0f6a50276982df4cbea720d78237eb249d6f5221a593c5869c6463b85407
+PeerX = cdf6d740df75ef3a23e22f6b57c0d2d2b2f9466e6c367056e04bbd9ab0258dc0
+PeerY = 4b3ac8877da955b156c16b2f698ee6d92f1505485471d8f3c66229337d30099c
+Z = 07af603d99965a725d2979ca621ed969dfc998b3c9bf083e9a7433ac41b0040a
+
+Curve = secp256k1
+Private = 420fea7d66fd27e1912af45f810971a0c94576085f46c0a4adb9ffcacf033369
+X = 80a3b55b9472087636108bd1e720035fcf82fe5467ca2877119ec4596fdb9df7
+Y = e55106d8468f8f3cf67ed0eec9fcdcfbe77b8af02fe921b529385a3b904effea
+PeerX = dd7d11e3cebc1565e8ae8df2dd102c9ef3a0c7b0e840bc6f8cc14dffa43eca3d
+PeerY = f7c73006e695dfb3c543d9cecbd8380854b9495ecd3e87426c06d6daa7267fe4
+Z = 3c5110cbb9fae99ac28deccd5d08d885b0a924b2c435d85f87de1b5022591578
+
+Curve = secp256k1
+Private = 1c24c9c0870225d66cffb258a332e96b944ad47b3b39aff0e23f756a5eb591af
+X = 7be08177e2fdbb09d96abacd553bb255027c97c1748f2df41ab49857221a9f0b
+Y = 0517b75cd41c09f5b70e836f8e4ba32afb8e21b8ce861283fd4b2026ab020e7c
+PeerX = d886d92ab4e610abf591afa6ccc567b9975571ee56a2fa5ed26d4d5490ab075e
+PeerY = 42c4de84ec4a30a9cf9f2ac461e23ef7fd70c8e148029b0bc7ac85b19565f488
+Z = 03675d804009b634d97d5737f280b6195f9ab25a8d973d7f56e2595709a5ac40
+
+Curve = secp256k1
+Private = b44778072aa82fc7cb882c190362d0a7075fa364eaf9bf663a2fe3f5f772e364
+X = 885a592efeae34ecbefa07d39c02da566d57883bb0cc2fcefaa037fcdac18f5e
+Y = 855889f2f10402e0e6ec771fef7c2dcf821b9c69c024bf5e3ef9aec82bc7ebc1
+PeerX = 0556e79ad25ed34bfd49f7807fc285e7690f29fa770f30ec8c5dde49cd648c4b
+PeerY = f6c334fb4d8f6576ca2150f792b5c35c3fdf434e0b547914f3ebde2baf3efa9f
+Z = c753b6cbe7b982109f97f51be6a9ce5610a24e7f8e00075af1e81bd4b9c00ff9
+
+Curve = secp256k1
+Private = e6df4170e6fe3d289de817e759b935ecbfa2feb78faac2cf12ab00177f162430
+X = d91bcb339555e6a3b09c3976d849aa9105b46627dd990b5cf6e3c64a73ad1e19
+Y = fb8854cdf18e275a16ad79569c84cf1cac7d77f419317a362533d1dfa5907eb5
+PeerX = bf601fb8b39be36aca8b740a99b53a71afcac19751108e4ad1ef6327afa674d0
+PeerY = 71dab2567144674a36645bb99ceb0241a3639b57b6809a718b18990d84975b02
+Z = 6e4f17bbafb930c4535b13085cc84f7813c0b99facf72b5a74a29d1b3e13f8eb
+
+Curve = secp256k1
+Private = c3cd691e803cb67be847e8a4ac9e655279b9cb9f1bd28e71a29fc3253a38eeb7
+X = 204e1e9f79df8b59efc67a67b106c78484d98487bdc839e7f770d22db6f048ff
+Y = d9dbf292be2aa0931a92200fec8d1ef67e114298260e45a8230b7f510d901d6f
+PeerX = 425e064e80683b45159c0eabe877166533050ea5ee72cde1f430417b7f32b711
+PeerY = db1e525d6a7c69ee7eea92ab4f7d2e2993ec1b00c5f1902a2c0249bed0398b79
+Z = 1ea12b01788fa99c0a5eedf69daec0f71efe5ac362a67695ed407fe5ae126318
+
+Curve = secp256k1
+Private = 657139c1ffec21cbb988905d35cd3af9b1deb4e3de2c3f12cd44479d392cfdb7
+X = 1ba16298dcb5a647eacb57a57ba0bff5aecd00649dfd48083f873e54160c2821
+Y = 324cf1670a0787bbd5eb6eb3bb60c7b9dd0cb8e7840eb00ab52e710de2a1894e
+PeerX = 77502cb9abed11be20211f6480b223d3a7f278a10da77f16bf89ce032d16cb38
+PeerY = 4b399db2afc24b5e9e3f1bcb177258cd974660fa81eae4aa533d9dcd6d296633
+Z = bc979716b2c4e1c437c6daf0462daf6693e08c1fbee44f807403e907c819e63a
+
+Curve = secp256k1
+Private = 453c0b0f84e2c09fbc8fd790c8501836dd7421f179f6e46172ca02ec7735259d
+X = a6ce2fa2e99d76f461feff220e78dd884f55ceda03527add5f81a999c8b4f865
+Y = 1826348841e55ab29d44f05047bf580a57484e226505c25e4f3d9a88c1c7aaa5
+PeerX = 8db71212552de578d1322e97005f83716bc293f4d54e7fbce9176ea879d27a0e
+PeerY = f505735e2e2efb21ed737cf918c547a8abfebc56297753ebb70682df66ba1a52
+Z = d47db891c7f8ff33488fb5cbba4c372eb9b215ed9902cbbf2bc0d800f08bf991
+
+Curve = secp256k1
+Private = 62eaf00b386c7b07b61e3f2f889a1d903a633031ee7eddbdd3822ece1483a676
+X = 8c69e79f6075ca6cb9e7e3988b3a5ae3e7b52c7d46aff088e7546a62323d79cf
+Y = a596f3e869c3d3765e989c7e49753df75ee9bdf21ace338a8eb26fd542f94397
+PeerX = d56979262adf4caf560fda38624728bd684025c5674c6e2453d1e5a07c5f7101
+PeerY = d9dd6b7f42ed0c640cb1f9c6377d5c970350b1cc3c3d3eaa37a3e142cb261df4
+Z = 966863ffd585d1394f4abd61efc71a75025be8ab6e5431a3dceeb926b3e63872
+
+Curve = secp256k1
+Private = 9abd336d9f93ca813b99b3e9f5df632c235abb16c3252e0636db62469632c818
+X = a1188af0bbc01a25f2bed2911845a71b51f4b2dc04b7b5bee7fb13aa79cc3c30
+Y = 16110bcbde82ce6296ce0a15b92be60771219dca0c8c8cb1bf0ce83c211c2789
+PeerX = 28dc040202eb4630ad8efb4355565615fd59df5616b57a3369fe83aa610a6af0
+PeerY = 9ec542d6b7415d1b541271bf6d6ebb17370675a672ca9ae357109a278d02855d
+Z = f042cb7da8c9342e6163dc262a2a9605c151d62d6c486fd9879de4824f9b7e1a
+
+Curve = secp256k1
+Private = 1f90947d421cffcbb4a2756cfddfd2adf1a08ee9fbc4d61cfbcf9af9880d02ac
+X = 2fdbcf7c82d0ae3f4f82c7338c5e0f27f9504326d8ba47a85dd07ad01c52d3af
+Y = 6a6d82ee263372f01fe15499c0ea3fb114e6910ffd8bf9516cce22373c8eeff9
+PeerX = 1bead6a0cc13271e703253329ac2bbb86da5bbdc2ce6c066c6dc41c194124e3c
+PeerY = 3bbb994b1f34ddb9066ea87002cb9bbf643d5d95ed448a42d84a91c3c81a64f6
+Z = 6a5938a5c1e62791b6ddbac73ec3fd90de9ff59b59e2110af0c7c30f8f513bab
+
+Curve = secp256k1
+Private = ff96aed8f921ab3569e386392ddb52a4333480e1bf9b51e6857facaaa8ad1d7b
+X = a195811b300cec1915c799601ef488b34ff36e23d19f6fbe8e20b2b7410bdb06
+Y = 031b59627e026cd5f2a9bceca55c70fc778916561d7994d263fba7b0ba93d302
+PeerX = ac289f649e9f45a1a515c5a09c4b09ba64573d8db4db36eee79c6a5fa557f0e2
+PeerY = 0abd590cdb9a1b5fb4d4ff7a0432a569866d14c493b8e4d5e388db47a013e99b
+Z = 0604ba041adf10b1c90d0b18c11678faca33e852ec875731ee1234761cb2aad7
+
+Curve = secp256k1
+Private = 4086033d771133e29d36123c45de30154f562ad767056a58b0f3b3d684c9ac56
+X = adc5d65f57a23f2c5a695de087c8e387118a305752847907041eca2344802ffa
+Y = d858939481400f65aaa3e490fe4a2024e73dc9299c7181ac141211366fe8ef06
+PeerX = cf9c3a1807eded3b2fa0dc3530bcb8e6f3073d68b47c9fe9c2dcf0e63775e68f
+PeerY = bf3b2b84c164a30db77b9e5f443c872b219fd50629befd4eb5e2cdbc2e8a0574
+Z = 9c134d4bf4cfb26e90a836780ecc9eb0f9cf7b182f9d7813a389012a9490d584
+
+Curve = secp256k1
+Private = bba100c78af621a62d5ba74d856c712ce7174612d70693a7f48d469310c35845
+X = 1ce63a7f1a588b2fcb5127d445d76ce0d546d6a1012e5e959bf8afc3ed496d46
+Y = 64db5924e48b39348a7981eeb7df465aabeb4601f08beb16214b7b3f81cd4b23
+PeerX = 636110f3d94d2800d4d5f9c54030833c37983f910279784f63718bcd528304b7
+PeerY = a7c187acf3377c0cbe6cbc445d3ddf210a48cb025c79b9443001f0e28df5ac31
+Z = e428bc80b5df387228a022f995c441e32e2676adbe85536ad1b860dfe8945ecf
+
+Curve = secp256k1
+Private = 4f86e4f14b896c314861d503784449095a78114afe89f83f0524a95c6a7219d6
+X = dc8ae08bdec6ab462abf38bc52eae529b2e4455f14002061c96e0c88d19ab642
+Y = 152662d2f355b257dd5060f59cf33e615591d5c354ec4e6b5e79f2f092c3c41f
+PeerX = 4b099096b359e95779735c3f44b35677b3ed4b3c4eef5f938e3304e2930d74e6
+PeerY = 5bc8e9614e2aa2c592c4a537e69465eefea2bce1af7fd3b9d3fa90ed81d9cc61
+Z = 7bfba5374e6a2e731d46acab082731a405d20ade4096ca4be0e22738d9bcc662
+
+Curve = secp256k1
+Private = 29723aef258431cf15b129f8e0757eca2bdd2c32cc78e3eebbdee57683a97470
+X = 5f83bab69e0887b66345dff0e8e277e124a067f92b739333a7183aa5dab9f2ea
+Y = 1c1e02092290affc2015376a761464bcd0b39dd7f162898689539955f2fb5d29
+PeerX = 5754423a3d5ddb4b851cb86dc08b5db3abe28771ac0d189b45abad4b0d04bd69
+PeerY = 0c4da1f9b1517c8cfedec9aebfdb88056442bf9676cf97ff1aad4603c5e3dc98
+Z = 0d85e90f370d9295ad7bbb6bc426b7a2be83da73fff7285d3863af3ec9a13b19
+
+Curve = secp256k1
+Private = fc2e8a842fee26f089a06fff36471f2aeac4e60f9a5fa5426321fc5e63254412
+X = 6d2938edfb6f4588c057fef3e3377327d5a04d3af33a8d78c7035a0dbc592c1b
+Y = 5d451cc6c9380c95f1d3d6d07fcd9f263e5be7847842915b4456150314db4642
+PeerX = 5bec788d109ae6b151ac052af78f911c3acd183034d5094b3c94becbe6144560
+PeerY = 86ed16cfbf11a30c82a5e0c420fecc5eb24d09ce933c40b67ab41e5178a917c1
+Z = 58464de52536d9e7b9c635090761075a40562ae4d6d10ec1d31f82450af5bead
+
+Curve = secp256k1
+Private = d4a33653a89fb4e6423f94c0cad14671fc26d5abe60fd024a58aa1fab8c41a41
+X = e639ff4368e57658636b3ea63274bcc0fe106dc2b0ee2ef6d9f19de4c87e94a2
+Y = 51793604318e5a2b273ae610ab5b51dade724c5537a7867179aad80fdaeda643
+PeerX = 376ae648987c8cf44d247d4f3c53a27d5cb69bd8dee8d862d13779c76e32d690
+PeerY = 83da0725a277df672ccbae809eaec7af662ff5a2cf999f419c3fdf85640e9429
+Z = d892f3ddce29be37f9c920c5977ea9b93038d7beec6ce647278a9b59998379ed
+
+Curve = secp256k1
+Private = b1fdf4329268f28e01490d4645243b0ed7d2327fb23f07067da5fe172326fee4
+X = bfc222c7b7527a5f1c53a87c40e467e227ffe8d3694f2bce960f99286672df38
+Y = 58928f6300d919037b5612d2b0df556e53faae515a7999296ce5f0f516cf01fc
+PeerX = 3a6bc71ddd77ad13bc419156a8127c156ee784dc431bd57def6b5dd282764de5
+PeerY = 91788a9b9a29cb70b8a89d74c85ecfb9dca86426be2e6b0e6a8382bdce622ca5
+Z = 7ff7e528b10f2fde75906c33a93268664517ecefcf3acb4664dedfd4dd06f5f7
+
+Curve = secp256k1
+Private = cba366380bdef896e95d6514ee9061e1247d7f55a65acbf6d6da60dd1a5a4a12
+X = bcef71da2381901e95b4fe4693b2d35bbe23d25cb888b10c4d464c3a9c2ecb1a
+Y = ef0e90abf9a5c88c796a33c80a4edb3fb4dfcc750b5817408a5eb9206438b60a
+PeerX = 9e3f23976e032996301f0e58eacf94d43ace5ae6ee6952168dfd131053ce49ce
+PeerY = 9307d60221a792881da7a7854702ec926c680f02fd1d6b3b339abc6aa6646a9a
+Z = 669560aaa38925c6773b6b2eeb05d4e2eb091e07550199ec47d2831db00bb768
+
+Curve = secp256k1
+Private = 1b83deecbb8f3b93dc4f2249579ec468d6f996151a6969eb9a0c89cb55a3cf8f
+X = 772e3ee8191956c671ccd9ff8655b29c4654dcd4aa2bc61b0a275eb582e6e9cf
+Y = 04cef51d505bbf3dcd3c056c8b88d0090103768396798cc044ce56a98fa152a5
+PeerX = e3ec766e9f7922672f334810d3a55e669a4fd17462657a0f0a956dd19de7ff12
+PeerY = 6808172789939a54831af47ee4749194ca4327f0722c331b7def97c4b7482a4f
+Z = b4adec3f4e572c41b3acf2883aa91b3c23a50d409b805f13d5d0e9d3925d403e
+
+Curve = secp256k1
+Private = 3c27c4fbd40c7556e42d742b6ad7ffe6d7f645768c82457f0abf9897eedace04
+X = f4ea6d9367380ca3aa188bf382ab35a2df72ff1766886266167d1b7afcb94197
+Y = 7936062f53fdb502b5ec8a5a0c87cb03af738a7b0c145ba7d1fbf71acbcb2890
+PeerX = 8916d32e382088d912f9b15fdf0a9f1e51c730971f8c062ace0da830f7598c74
+PeerY = 2407a8300c1535126aa43b2f2569b45e09af88aea91320485b272f17522712f8
+Z = f25cad676eebecc681a97ceffcd2bf812fc9b288432aa69fe7627f2e033c5352
+
+Curve = secp256k1
+Private = dbd383e7ebf7fc069a12a826992002983059d8454adb5456fa099a4fbe2dec7e
+X = f07cb80b85528ae3f73d02868d048c7926e690051cb5c68a31f984e0e1a9041c
+Y = 4d70662f78dd5bb8a66c93caf8ebeb776395d82bc0a29a9ef2f0a5fdd036cfc9
+PeerX = c08fa679fa7b0cf5b6d96b890e9522914f8382a0d48196cad4a28cb84a45c2bc
+PeerY = ce01acb888f214e6f2584a1bc64285865c69dcd55b6b4318bb7bca66d6cb10ea
+Z = e464dbae21e14635de38a63161f785f4a21e16b715b9ef47b5d7ea413655466e
+
+Curve = secp256k1
+Private = c8f49f50878a126c77094fde58063e5d551dc9771bf08b6cb00101f322255688
+X = 81a96289ba2d10a2fe40769cd138ac6a26d15d4a4ec1a0b144d787bb24e05c04
+Y = 7f7fd81f094df19eae747a2875bbdae350f459b0cfde5368647dd1a16e43bfae
+PeerX = 3815c4f2596c8caa4fa2824ee3e0e568f864de44ca51e9a8f75c3f3bb1d9c197
+PeerY = 6cfa3f3004d751b95d00c2b033ff620a2ae1ade7edd118e53f1b89943b2b8ffc
+Z = d5ad066726b526fcf3a5cb2498e6612d96fc7d96f8ec5eb20424ed804bfada73
+
diff --git a/crypto/ecdh_extra/make_secp256k1_test_vectors.go b/crypto/ecdh_extra/make_secp256k1_test_vectors.go
@@ -0,0 +1,80 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// This script is used to generate the ECDH test vectors for secp256k1 curve.
+
+package main
+
+import (
+	"crypto/sha256"
+	"math/big"
+	"strconv"
+	"fmt"
+)
+
+import "github.com/ethereum/go-ethereum/crypto/secp256k1"
+
+// Number of test vectors to be generated
+const numOfTests = 25
+
+// Initialize the counter used for generating pseudo-random numbers
+// using the SHA-256 hash function.
+var prng_ctr = 1
+
+func printPadded(key string, n, max *big.Int) {
+	padded := make([]byte, len(max.Bytes()))
+	b := n.Bytes()
+	copy(padded[len(padded)-len(b):], b)
+	fmt.Printf("%s = %x\n", key, padded)
+}
+
+func genRandModN(N *big.Int) *big.Int {
+	res := new(big.Int)
+	for {
+		dgst := sha256.Sum256([]byte("Dummy string" + strconv.Itoa(prng_ctr)))
+		prng_ctr++
+		res.SetBytes(dgst[:])
+		if res.Cmp(N) == -1 {
+			break
+		}
+	}
+	return res
+}
+
+func main() {
+
+	curve := secp256k1.S256()
+
+  fmt.Printf("\n# Test vectors for secp256k1 curve were produced by")
+  fmt.Printf("\n# the |make_secp256k1_test_vectors.go| script.\n\n")
+
+	for i := 0; i < numOfTests; i++ {
+		// Generate a private key for Alice and for Bob
+		sA := genRandModN(curve.Params().P)
+		sB := genRandModN(curve.Params().P)
+
+		// Compute the corresponding public key
+		xA, yA := curve.ScalarBaseMult(sA.Bytes())
+		xB, yB := curve.ScalarBaseMult(sB.Bytes())
+
+		// Compute shared keys zA and zB for Alice and Bob
+		zA, _ := curve.ScalarMult(xB, yB, sA.Bytes())
+		zB, _ := curve.ScalarMult(xA, yA, sB.Bytes())
+
+		if zA.Cmp(zB) != 0 {
+			fmt.Printf("Error, shared secret keys for Alice and Bob are different!")
+			return
+		}
+
+		// Print all the required values
+		fmt.Printf("Curve = secp256k1\n")
+		printPadded("Private", sA, curve.Params().P)
+		printPadded("X", xA, curve.Params().P)
+		printPadded("Y", yA, curve.Params().P)
+		printPadded("PeerX", xB, curve.Params().P)
+		printPadded("PeerY", yB, curve.Params().P)
+		printPadded("Z", zA, curve.Params().P)
+		fmt.Printf("\n")
+	}
+}
+
diff --git a/crypto/evp_extra/evp_test.cc b/crypto/evp_extra/evp_test.cc
@@ -664,15 +664,22 @@ TEST(EVPTest, WycheproofECDSAP256) {
 TEST(EVPTest, WycheproofECDSAP384) {
   RunWycheproofVerifyTest(
       "third_party/wycheproof_testvectors/ecdsa_secp384r1_sha384_test.txt");
+  RunWycheproofVerifyTest(
+      "third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt");
 }
 
 TEST(EVPTest, WycheproofECDSAP521) {
-  RunWycheproofVerifyTest(
-      "third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt");
   RunWycheproofVerifyTest(
       "third_party/wycheproof_testvectors/ecdsa_secp521r1_sha512_test.txt");
 }
 
+TEST(EVPTest, WycheproofECDSAsecp256k1) {
+  RunWycheproofVerifyTest(
+      "third_party/wycheproof_testvectors/ecdsa_secp256k1_sha256_test.txt");
+  RunWycheproofVerifyTest(
+      "third_party/wycheproof_testvectors/ecdsa_secp256k1_sha512_test.txt");
+}
+
 TEST(EVPTest, WycheproofEdDSA) {
   RunWycheproofVerifyTest("third_party/wycheproof_testvectors/eddsa_test.txt");
 }

diff --git a/crypto/fipsmodule/ec/ec.c b/crypto/fipsmodule/ec/ec.c
@@ -215,6 +215,33 @@ static const uint8_t kP521Params[6 * 66] = {
     0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09,
 };
 
+static const uint8_t kP256K1Params[6 * 32] = {
+    // p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
+    // a
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    // b
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+    // x
+    0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
+    0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
+    0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
+    // y
+    0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
+    0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
+    0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
+    // order
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
+    0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
+};
+
 DEFINE_METHOD_FUNCTION(struct built_in_curves, OPENSSL_built_in_curves) {
   // 1.3.132.0.35
   static const uint8_t kOIDP521[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
@@ -268,6 +295,16 @@ DEFINE_METHOD_FUNCTION(struct built_in_curves, OPENSSL_built_in_curves) {
 #else
       EC_GFp_mont_method();
 #endif
+
+  // 1.3.132.0.10
+  static const uint8_t kOIDP256K1[] = {0x2b, 0x81, 0x04, 0x00, 0x0a};
+  out->curves[4].nid = NID_secp256k1;
+  out->curves[4].oid = kOIDP256K1;
+  out->curves[4].oid_len = sizeof(kOIDP256K1);
+  out->curves[4].comment = "SEC/ANSI P-256 K1";
+  out->curves[4].param_len = 32;
+  out->curves[4].params = kP256K1Params;
+  out->curves[4].method = EC_GFp_mont_method();
 }
 
 EC_GROUP *ec_group_new(const EC_METHOD *meth) {