[openssl-dev] [openssl.org #4576] X25519, ECPKParameters_print

[Simon via RT]

Hi,

It is not possible to print parameters of the elliptic curve X25519 from
the command line:

  openssl ecparam -name X25519 -noout -text -param_enc explicit

Nothing is printed.

openssl version: OpenSSL 1.1.0-pre6-dev  xx XXX xxxx
built from git source: commit b84e12266f85156f58804ff94ea110890f13b52d

First explanation: ECPKParameters_print cannot call "get parameter"
functions because there are not defined in the method list of X25519.

The curve coefficient used in the curve25519 methods is not useful
because it uses a strange representation.

The solution is not simple because curve25519 is a Montgomery curve:
  B.y^2 = x^3 + A.x^2 + x mod p
With
  A=486662       (decimal)
  B=1            (decimal)
  p=(2^255)-19   (decimal)

If the function ECPKParameters_print prints this information as others
prime curves, it will be *confused* because in the others prime curves
A and B are coefficients of a short Weierstrass curve:
  y^2 = x^3 + A.x + B
That is different than a Montgomery curve.

It exists a short Weierstrass curve isomorphic with curve25519. I thinks
protocols use coordinates of point on the Montgomery curve so it will be
also *confused* to print the isomorphic short Weierstrass curve
parameters.

Before found a proper method to print A and B, it should be easy to
print p, order, co-factor and generator coordinates:

p =
  2^255 - 19   (decimal)

Order (of the generator) =
  2^252 + 27742317777372353535851937790883648493   (decimal)

Cofactor =
  8   (decimal)

<https://cr.yp.to/ecdh/curve25519-20060209.pdf>

Simon.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4576
Please log in as guest with password guest if prompted