openssl 3.0.0 get ECC public key modulus from EVP_PKEY
Ken Goldman
kgoldman at us.ibm.com
Wed Oct 13 20:12:42 UTC 2021
On 10/13/2021 12:06 PM, Matt Caswell wrote:
>
> On 12/10/2021 23:37, Ken Goldman wrote:
>> In pre-3.0.0, I used this, omitting the error checking, malloc, ...
>>
>> ecPoint = EC_KEY_get0_public_key(ecKey);
>> ecGroup = EC_KEY_get0_group(ecKey);
>> EC_POINT_point2oct(ecGroup, ecPoint,
>> POINT_CONVERSION_UNCOMPRESSED,
>> *modulusBin, *modulusBytes, NULL);
>>
>> In 3.0.0, I tried this, expecting to get a BIGNUM and then convert
>>
>> irc = EVP_PKEY_get_bn_param(eccKey, OSSL_PKEY_PARAM_PUB_KEY, (BIGNUM **)pub);
>>
>> It returns 0.
>>
>> What's the correct way to get the uncompressed ECC public key?
>>
> Refer to this man page:
>
> https://www.openssl.org/docs/man3.0/man7/EVP_PKEY-EC.html
>
> For an EC key, the public key parameter is:
>
> "pub" (OSSL_PKEY_PARAM_PUB_KEY) <octet string>
> The public key value in EC point format.
>
> You will note that this is an octet string and not an integer which is why EVP_PKEY_get_bn_param is failing.
I tried
irc = EVP_PKEY_get_octet_string_param(eccKey, OSSL_PKEY_PARAM_PRIV_KEY,
*priv, 256, (size_t *)privLen);
which failed.
In common_get_params() the eccKey is cast to an EC_KEY and there are BIGNUMs for X,Y,Z.
The EC_GROUP looks populated.
It fails on
(p = OSSL_PARAM_locate(params,
OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS))
>
> Alternatively you could get the x and y components of the public key separately using:
>
> "qx" (OSSL_PKEY_PARAM_EC_PUB_X) <unsigned integer>
> Used for getting the EC public key X component.
>
> "qy" (OSSL_PKEY_PARAM_EC_PUB_Y) <unsigned integer>
> Used for getting the EC public key Y component.
>
> In this case EVP_PKEY_get_bn_param would be appropriate.
>
> Matt
>
>
>
>
>
More information about the openssl-users
mailing list