197
197
"62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"
200
{ "brainpoolP160r1", 160,
200
{ "brainpoolP160r1", 160, 0,
201
201
"0xe95e4a5f737059dc60dfc7ad95b3d8139515620f",
202
202
"0x340e7be2a280eb74e2be61bada745d97e8f7c300",
203
203
"0x1e589a8595423412134faa2dbdec95c8d8675e58",
206
206
"0x1667cb477a1a8ec338f94741669c976316da6321"
209
{ "brainpoolP192r1", 192,
209
{ "brainpoolP192r1", 192, 0,
210
210
"0xc302f41d932a36cda7a3463093d18db78fce476de1a86297",
211
211
"0x6a91174076b1e0e19c39c031fe8685c1cae040e5c69a28ef",
212
212
"0x469a28ef7c28cca3dc721d044f4496bcca7ef4146fbf25c9",
215
215
"0x14b690866abd5bb88b5f4828c1490002e6773fa2fa299b8f"
218
{ "brainpoolP224r1", 224,
218
{ "brainpoolP224r1", 224, 0,
219
219
"0xd7c134aa264366862a18302575d1d787b09f075797da89f57ec8c0ff",
220
220
"0x68a5e62ca9ce6c1c299803a6c1530b514e182ad8b0042a59cad29f43",
221
221
"0x2580f63ccfe44138870713b1a92369e33e2135d266dbb372386c400b",
224
224
"0x58aa56f772c0726f24c6b89e4ecdac24354b9e99caa3f6d3761402cd"
227
{ "brainpoolP256r1", 256,
227
{ "brainpoolP256r1", 256, 0,
228
228
"0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377",
229
229
"0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9",
230
230
"0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6",
248
248
"d35245d1692e8ee1"
251
{ "brainpoolP384r1", 384,
251
{ "brainpoolP384r1", 384, 0,
252
252
"0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123"
253
253
"acd3a729901d1a71874700133107ec53",
254
254
"0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f"
263
263
"0e4646217791811142820341263c5315"
266
{ "brainpoolP512r1", 512,
266
{ "brainpoolP512r1", 512, 0,
267
267
"0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330871"
268
268
"7d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3",
269
269
"0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc"
278
278
"b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892"
281
{ NULL, 0, NULL, NULL, NULL, NULL }
281
{ NULL, 0, 0, NULL, NULL, NULL, NULL }
478
478
if (!domain_parms[idx].desc)
479
479
return GPG_ERR_INV_VALUE;
481
/* In fips mode we only support NIST curves. Note that it is
482
possible to bypass this check by specifying the curve parameters
484
if (fips_mode () && !domain_parms[idx].fips )
485
return GPG_ERR_NOT_SUPPORTED;
481
488
*r_nbits = domain_parms[idx].nbits;
482
489
curve->p = scanval (domain_parms[idx].p);
483
490
curve->a = scanval (domain_parms[idx].a);
945
/* Extended version of ecc_generate which is called directly by
946
pubkey.c. If CURVE is not NULL, that name will be used to select
947
the domain parameters. NBITS is not used in this case. */
949
_gcry_ecc_generate (int algo, unsigned int nbits, const char *curve,
950
gcry_mpi_t *skey, gcry_mpi_t **retfactors)
953
/* Extended version of ecc_generate. */
954
static gcry_err_code_t
955
ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
956
const gcry_sexp_t genparms,
957
gcry_mpi_t *skey, gcry_mpi_t **retfactors,
958
gcry_sexp_t *r_extrainfo)
953
961
ECC_secret_key sk;
954
962
gcry_mpi_t g_x, g_y, q_x, q_y;
963
char *curve_name = NULL;
958
/* Make an empty list of factors. */
959
*retfactors = gcry_calloc ( 1, sizeof **retfactors );
961
return gpg_err_code_from_syserror ();
972
/* Parse the optional "curve" parameter. */
973
l1 = gcry_sexp_find_token (genparms, "curve", 0);
976
curve_name = _gcry_sexp_nth_string (l1, 1);
977
gcry_sexp_release (l1);
979
return GPG_ERR_INV_OBJ; /* No curve name or value too large. */
983
/* NBITS is required if no curve name has been given. */
984
if (!nbits && !curve_name)
985
return GPG_ERR_NO_OBJ; /* No NBITS parameter. */
963
987
g_x = mpi_new (0);
964
988
g_y = mpi_new (0);
965
989
q_x = mpi_new (0);
966
990
q_y = mpi_new (0);
967
err = generate_key (&sk, nbits, curve, g_x, g_y, q_x, q_y);
970
gcry_free (*retfactors);
991
ec = generate_key (&sk, nbits, curve_name, g_x, g_y, q_x, q_y);
992
gcry_free (curve_name);
975
996
skey[0] = sk.E.p;
976
997
skey[1] = sk.E.a;
985
1006
point_free (&sk.E.G);
986
1007
point_free (&sk.Q);
1009
/* Make an empty list of factors. */
1010
*retfactors = gcry_calloc ( 1, sizeof **retfactors );
1012
return gpg_err_code_from_syserror ();
1018
static gcry_err_code_t
1019
ecc_generate (int algo, unsigned int nbits, unsigned long evalue,
1020
gcry_mpi_t *skey, gcry_mpi_t **retfactors)
1023
return ecc_generate_ext (algo, nbits, 0, NULL, skey, retfactors, NULL);
991
1027
/* Return the parameters of the curve NAME. */
993
_gcry_ecc_get_param (const char *name, gcry_mpi_t *pkey)
1028
static gcry_err_code_t
1029
ecc_get_param (const char *name, gcry_mpi_t *pkey)
995
1031
gpg_err_code_t err;
996
1032
unsigned int nbits;
1023
static gcry_err_code_t
1024
ecc_generate (int algo, unsigned int nbits, unsigned long dummy,
1025
gcry_mpi_t *skey, gcry_mpi_t **retfactors)
1028
return _gcry_ecc_generate (algo, nbits, NULL, skey, retfactors);
1032
1060
static gcry_err_code_t
1033
1061
ecc_check_secret_key (int algo, gcry_mpi_t *skey)
1207
/* See rsa.c for a description of this function. */
1208
static gpg_err_code_t
1209
compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
1211
static const char names[] = "pabgnq";
1212
gpg_err_code_t ec = 0;
1214
gcry_mpi_t values[6];
1217
/* Clear the values for easier error cleanup. */
1218
for (idx=0; idx < 6; idx++)
1221
/* Fill values with all available parameters. */
1222
for (idx=0; idx < 6; idx++)
1224
l1 = gcry_sexp_find_token (keyparam, names+idx, 1);
1227
values[idx] = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
1228
gcry_sexp_release (l1);
1231
ec = GPG_ERR_INV_OBJ;
1237
/* Check whether a curve parameter is available and use that to fill
1238
in missing values. */
1239
l1 = gcry_sexp_find_token (keyparam, "curve", 5);
1243
gcry_mpi_t tmpvalues[6];
1245
for (idx = 0; idx < 6; idx++)
1246
tmpvalues[idx] = NULL;
1248
curve = _gcry_sexp_nth_string (l1, 1);
1251
ec = GPG_ERR_INV_OBJ; /* Name missing or out of core. */
1254
ec = ecc_get_param (curve, tmpvalues);
1259
for (idx = 0; idx < 6; idx++)
1262
values[idx] = tmpvalues[idx];
1264
mpi_free (tmpvalues[idx]);
1268
/* Check that all parameters are known and normalize all MPIs (that
1269
should not be required but we use an internal fucntion later and
1270
thus we better make 100% sure that they are normalized). */
1271
for (idx = 0; idx < 6; idx++)
1274
ec = GPG_ERR_NO_OBJ;
1278
_gcry_mpi_normalize (values[idx]);
1280
/* Hash them all. */
1281
for (idx = 0; idx < 6; idx++)
1284
unsigned char *rawmpi;
1285
unsigned int rawmpilen;
1287
rawmpi = _gcry_mpi_get_buffer (values[idx], &rawmpilen, NULL);
1290
ec = gpg_err_code_from_syserror ();
1293
snprintf (buf, sizeof buf, "(1:%c%u:", names[idx], rawmpilen);
1294
gcry_md_write (md, buf, strlen (buf));
1295
gcry_md_write (md, rawmpi, rawmpilen);
1296
gcry_md_write (md, ")", 1);
1301
for (idx = 0; idx < 6; idx++)
1302
_gcry_mpi_release (values[idx]);
1316
static gpg_err_code_t
1317
selftests_ecdsa (selftest_report_func_t report)
1323
errtxt = NULL; /*selftest ();*/
1327
/* FIXME: need more tests. */
1329
return 0; /* Succeeded. */
1333
report ("pubkey", GCRY_PK_ECDSA, what, errtxt);
1334
return GPG_ERR_SELFTEST_FAILED;
1338
/* Run a full self-test for ALGO and return 0 on success. */
1339
static gpg_err_code_t
1340
run_selftests (int algo, int extended, selftest_report_func_t report)
1349
ec = selftests_ecdsa (report);
1352
ec = GPG_ERR_PUBKEY_ALGO;
1178
1362
static const char *ecdsa_names[] =