EVP_PKEY_get_int_param is not getting degree from EC key
Wolf
wolf at wolfsden.cz
Tue Jan 4 01:33:57 UTC 2022
Thank you for the answer!
On 2022-01-03 10:11:19 +0100, Tomas Mraz wrote:
> You're using the secp384r1 curve which is a prime field curve. The
> OSSL_PKEY_PARAM_EC_CHAR2_M parameter can be obtained only for binary
> field curves.
>
> If you have a group NID for the curve of the EC key, you could use:
>
> EC_GROUP *group = EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid);
>
> to create the group to call EC_GROUP_get_degree() on.
>
> Of course if you can have an EC key with arbitrary explicit group
> parameters, that would not work.
That is sadly the case of me.
> But you can then use number of bits of the OSSL_PKEY_PARAM_EC_P
> parameter as the degree for prime field curves.
So, I've tried following your advice, but for some reason it is still
failing for me. I've modified my example program to be:
#include <stdio.h>
#include <string.h>
#include <err.h>
#include <openssl/core_names.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>
#define ECCTYPE NID_secp384r1
#define ERR(...) do { warnx(__VA_ARGS__); exit(1); } while(0)
/* Source: https://en.wikipedia.org/wiki/Hamming_weight */
static int
popcnt(unsigned n)
{
int c;
for (c = 0; n; c++)
n &= n - 1;
return c;
}
int
main(void)
{
unsigned ec_p;
int degree = 0;
EVP_PKEY *pkey = 0;
const char *curve_name;
if (!(curve_name = OSSL_EC_curve_nid2name(ECCTYPE)))
ERR("OSSL_EC_curve_nid2name");
if (!(pkey = EVP_EC_gen(curve_name)))
ERR("EVP_EC_gen");
if (EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_EC_CHAR2_M, °ree))
;
else if (EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_EC_P, &ec_p))
degree = popcnt(ec_p);
else
ERR("could not get degree");
warnx("degree = %d", degree);
return 0;
}
So if the get for EC_CHAR2_M fails, I'm trying to fallback to EC_P.
However, even this program prints `a.out: could not get degree' for me.
Any ideas?
W.
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220104/7ce0665c/attachment.sig>
More information about the openssl-users
mailing list