hi again,
here's another patch attached replacing the first one.
It specifies the right cofactor values,
fixes base group point (aka generator) order values
and introduce proper NIDs.
Many thanx to Nils Larsch for hints on cofactor and order and
to Dr Stephen N. Henson for hint on NIDs without OIDs
regards,
Vadim
On Sun, Nov 16, 2003 at 12:48:43PM +0100, Nils Larsch wrote:
> On Saturday 15 November 2003 22:59, Nils Larsch wrote:
> > Hi Vadim,
> >
> > On Saturday 15 November 2003 13:34, Vadim Fedukovich wrote:
> > > Dear OpenSSL team,
> > >
> > > please consider a patch attached.
> > > It adds 2 binary curves defined in RFC 2409 and 2412.
> > > It unclear whether any well-known OID was ever assigned
> > > and I'm not quite sure what are the right cofactor values
> >
> > Hmm, no OIDs => no NIDs => you can't use them with
> ^^^^^^^^^^^^^^^^^^
> this is wrong (thanks for the hint Steve)
>
> Nils
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Naina library: http://www.unity.net/~vf/naina_r1.tgz
--- crypto/objects/objects.txt.orig Fri Jul 4 19:00:19 2003
+++ crypto/objects/objects.txt Sun Nov 16 18:24:14 2003
@@ -1008,3 +1008,6 @@
rsadsi 3 10 : DES-CDMF : des-cdmf
rsadsi 1 1 6 : rsaOAEPEncryptionSET
+
+ : Oakley-EC2N-3 : ipsec3
+ : Oakley-EC2N-4 : ipsec4
--- crypto/ec/ec_curve.c.orig Thu Jan 16 21:15:21 2003
+++ crypto/ec/ec_curve.c Sun Nov 16 19:09:47 2003
@@ -981,6 +981,31 @@
"113 bit binary curve from the WTLS standard"
};
+/* IPSec curves */
+static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = {
+ NID_X9_62_characteristic_two_field,
+ "0800000000000000000000004000000000000001",
+ "0",
+ "07338f",
+ "7b",
+ "1c8",
+ "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3,
+ NULL, 0,
+ "IPSec/IKE/Oakley curve #3 over a 155 bit binary field"
+ };
+
+static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = {
+ NID_X9_62_characteristic_two_field,
+ "020000000000000000000000000000200000000000000001",
+ "0",
+ "1ee9",
+ "18",
+ "0d",
+ "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2,
+ NULL, 0,
+ "IPSec/IKE/Oakley curve #4 over a 185 bit binary field"
+ };
+
typedef struct _ec_list_element_st {
int nid;
const EC_CURVE_DATA *data;
@@ -1061,6 +1086,9 @@
{ NID_wap_wsg_idm_ecid_wtls10, &_EC_SECG_CHAR2_233K1},
{ NID_wap_wsg_idm_ecid_wtls11, &_EC_SECG_CHAR2_233R1},
{ NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12},
+ /* IPSec curves */
+ { NID_ipsec3, &_EC_IPSEC_155_ID3},
+ { NID_ipsec4, &_EC_IPSEC_185_ID4},
};
static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element);
/* double-check base point (generator) order for IPSec curves
* Vadim Fedukovich 2003
*/
#include <stdio.h>
#include <openssl/bn.h>
int main() {
BIGNUM *a = NULL;
// RFC 2412, appendix E.3
BN_dec2bn(&a, "3805993847215893016155463826195386266397436443");
BN_mul_word(a, 4L);
printf("group-155, base point order = 4*prime:\n");
BN_print_fp(stdout, a);
printf("\n\n");
BN_clear(a);
// E.4
BN_dec2bn(&a, "12259964326927110866866776214413170562013096250261263279");
BN_mul_word(a, 2);
printf("group-185, base point order = 2*prime:\n");
BN_print_fp(stdout, a);
printf("\n\n");
BN_clear(a);
return 0;
}
