From ac659a5fafc1d9bd973e0d09ae58404cf25d6f16 Mon Sep 17 00:00:00 2001 From: deatil <2217957370@qq.com> Date: Sun, 29 Sep 2024 12:42:15 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- elliptic/base_elliptic/elliptic.go | 5 +- elliptic/bign/bign.go | 55 ------ elliptic/bign/bign_curves.go | 60 +++++++ elliptic/bitcurves/bitcurve.go | 89 ++-------- elliptic/bitcurves/bitcurve_curves.go | 70 ++++++++ elliptic/koblitz/koblitz.go | 16 +- elliptic/nist/nist_curves.go | 15 +- elliptic/nums/nums.go | 130 ++------------ elliptic/nums/nums_curves.go | 112 ++++++++++++ elliptic/nums/rcurve.go | 17 +- elliptic/secg/secg.go | 1 + elliptic/secp/secp.go | 114 ------------- elliptic/secp/secp_curves.go | 119 +++++++++++++ elliptic/secp256k1/params.go | 176 +++++++++++++++++++ elliptic/secp256k1/secp256k1.go | 188 ++------------------- elliptic/secp256k1/secp256k1_test.go | 78 ++++++++- elliptic/weierstrass/weierstrass.go | 54 ++---- elliptic/weierstrass/weierstrass_curves.go | 49 ++++++ pubkey/bip0340/params.go | 4 +- 19 files changed, 740 insertions(+), 612 deletions(-) create mode 100644 elliptic/bign/bign_curves.go create mode 100644 elliptic/bitcurves/bitcurve_curves.go create mode 100644 elliptic/nums/nums_curves.go create mode 100644 elliptic/secp/secp_curves.go create mode 100644 elliptic/secp256k1/params.go create mode 100644 elliptic/weierstrass/weierstrass_curves.go diff --git a/elliptic/base_elliptic/elliptic.go b/elliptic/base_elliptic/elliptic.go index 13008334..7694a03b 100644 --- a/elliptic/base_elliptic/elliptic.go +++ b/elliptic/base_elliptic/elliptic.go @@ -1,8 +1,5 @@ -package base_elliptic - // Package `base_elliptic` implements Elliptic curves over binary fields - -// from github.com/RyuaNerin/elliptic2 +package base_elliptic // Create new elliptic curves over binary fields // warning: params dose not validated. diff --git a/elliptic/bign/bign.go b/elliptic/bign/bign.go index 7999dbcf..b9692d8b 100644 --- a/elliptic/bign/bign.go +++ b/elliptic/bign/bign.go @@ -1,8 +1,6 @@ package bign import ( - "sync" - "math/big" "encoding/asn1" "crypto/elliptic" ) @@ -13,50 +11,6 @@ var ( OIDNamedCurveP512v1 = asn1.ObjectIdentifier{1, 2, 112, 0, 2, 0, 34, 101, 45, 3, 3} ) -var ( - once sync.Once - p256v1, p384v1, p512v1 *elliptic.CurveParams -) - -func initAll() { - initP256v1() - initP384v1() - initP512v1() -} - -func initP256v1() { - p256v1 = new(elliptic.CurveParams) - p256v1.P = bigFromHex("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff43") - p256v1.N = bigFromHex("ffffffffffffffffffffffffffffffffd95c8ed60dfb4dfc7e5abf99263d6607") - p256v1.B = bigFromHex("77ce6c1515f3a8edd2c13aabe4d8fbbe4cf55069978b9253b22e7d6bd69c03f1") - p256v1.Gx = bigFromHex("0000000000000000000000000000000000000000000000000000000000000000") - p256v1.Gy = bigFromHex("6bf7fc3cfb16d69f5ce4c9a351d6835d78913966c408f6521e29cf1804516a93") - p256v1.BitSize = 256 - p256v1.Name = "BIGN256V1" -} - -func initP384v1() { - p384v1 = new(elliptic.CurveParams) - p384v1.P = bigFromHex("fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec3") - p384v1.N = bigFromHex("fffffffffffffffffffffffffffffffffffffffffffffffe6cccc40373af7bbb8046dae7a6a4ff0a3db7dc3ff30ca7b7") - p384v1.B = bigFromHex("3c75dfe1959cef2033075aab655d34d2712748bb0ffbb196a6216af9e9712e3a14bde2f0f3cebd7cbca7fc236873bf64") - p384v1.Gx = bigFromHex("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") - p384v1.Gy = bigFromHex("5d438224a82e9e9e6330117e432dbf893a729a11dc86ffa00549e79e66b1d35584403e276b2a42f9ea5ecb31f733c451") - p384v1.BitSize = 384 - p384v1.Name = "BIGN384V1" -} - -func initP512v1() { - p512v1 = new(elliptic.CurveParams) - p512v1.P = bigFromHex("fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdc7") - p512v1.N = bigFromHex("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffb2c0092c0198004ef26bebb02e2113f4361bcae59556df32dcffad490d068ef1") - p512v1.B = bigFromHex("6cb45944933b8c43d88c5d6a60fd58895bc6a9eedd5d255117ce13e3daadb0882711dcb5c4245e952933008c87aca243ea8622273a49a27a09346998d6139c90") - p512v1.Gx = bigFromHex("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") - p512v1.Gy = bigFromHex("a826ff7ae4037681b182e6f7a0d18fabb0ab41b3b361bce2d2edf81b00cccada6973dde20efa6fd2ff777395eee8226167aa83b9c94c0d04b792ae6fceefedbd") - p512v1.BitSize = 512 - p512v1.Name = "BIGN512V1" -} - func P256v1() elliptic.Curve { once.Do(initAll) return p256v1 @@ -71,12 +25,3 @@ func P512v1() elliptic.Curve { once.Do(initAll) return p512v1 } - -func bigFromHex(s string) *big.Int { - b, ok := new(big.Int).SetString(s, 16) - if !ok { - panic("go-cryptobin/bign: invalid encoding") - } - - return b -} diff --git a/elliptic/bign/bign_curves.go b/elliptic/bign/bign_curves.go new file mode 100644 index 00000000..016fb600 --- /dev/null +++ b/elliptic/bign/bign_curves.go @@ -0,0 +1,60 @@ +package bign + +import ( + "sync" + "math/big" + "crypto/elliptic" +) + +var ( + once sync.Once + p256v1, p384v1, p512v1 *elliptic.CurveParams +) + +func initAll() { + initP256v1() + initP384v1() + initP512v1() +} + +func initP256v1() { + p256v1 = new(elliptic.CurveParams) + p256v1.P = bigFromHex("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff43") + p256v1.N = bigFromHex("ffffffffffffffffffffffffffffffffd95c8ed60dfb4dfc7e5abf99263d6607") + p256v1.B = bigFromHex("77ce6c1515f3a8edd2c13aabe4d8fbbe4cf55069978b9253b22e7d6bd69c03f1") + p256v1.Gx = bigFromHex("0000000000000000000000000000000000000000000000000000000000000000") + p256v1.Gy = bigFromHex("6bf7fc3cfb16d69f5ce4c9a351d6835d78913966c408f6521e29cf1804516a93") + p256v1.BitSize = 256 + p256v1.Name = "BIGN256V1" +} + +func initP384v1() { + p384v1 = new(elliptic.CurveParams) + p384v1.P = bigFromHex("fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec3") + p384v1.N = bigFromHex("fffffffffffffffffffffffffffffffffffffffffffffffe6cccc40373af7bbb8046dae7a6a4ff0a3db7dc3ff30ca7b7") + p384v1.B = bigFromHex("3c75dfe1959cef2033075aab655d34d2712748bb0ffbb196a6216af9e9712e3a14bde2f0f3cebd7cbca7fc236873bf64") + p384v1.Gx = bigFromHex("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") + p384v1.Gy = bigFromHex("5d438224a82e9e9e6330117e432dbf893a729a11dc86ffa00549e79e66b1d35584403e276b2a42f9ea5ecb31f733c451") + p384v1.BitSize = 384 + p384v1.Name = "BIGN384V1" +} + +func initP512v1() { + p512v1 = new(elliptic.CurveParams) + p512v1.P = bigFromHex("fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdc7") + p512v1.N = bigFromHex("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffb2c0092c0198004ef26bebb02e2113f4361bcae59556df32dcffad490d068ef1") + p512v1.B = bigFromHex("6cb45944933b8c43d88c5d6a60fd58895bc6a9eedd5d255117ce13e3daadb0882711dcb5c4245e952933008c87aca243ea8622273a49a27a09346998d6139c90") + p512v1.Gx = bigFromHex("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") + p512v1.Gy = bigFromHex("a826ff7ae4037681b182e6f7a0d18fabb0ab41b3b361bce2d2edf81b00cccada6973dde20efa6fd2ff777395eee8226167aa83b9c94c0d04b792ae6fceefedbd") + p512v1.BitSize = 512 + p512v1.Name = "BIGN512V1" +} + +func bigFromHex(s string) *big.Int { + b, ok := new(big.Int).SetString(s, 16) + if !ok { + panic("go-cryptobin/bign: invalid encoding") + } + + return b +} diff --git a/elliptic/bitcurves/bitcurve.go b/elliptic/bitcurves/bitcurve.go index 2ea6c0a8..724880e4 100644 --- a/elliptic/bitcurves/bitcurve.go +++ b/elliptic/bitcurves/bitcurve.go @@ -1,88 +1,19 @@ +// Package bitelliptic implements several Koblitz elliptic curves over prime fields. package bitcurves -// Copyright 2010 The Go Authors. All rights reserved. -// Copyright 2011 ThePiachu. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package bitelliptic implements several Koblitz elliptic curves over prime -// fields. - -// This package operates, internally, on Jacobian coordinates. For a given -// (x, y) position on the curve, the Jacobian coordinates are (x1, y1, z1) -// where x = x1/z1² and y = y1/z1³. The greatest speedups come when the whole -// calculation can be performed within the transform (as in ScalarMult and -// ScalarBaseMult). But even for Add and Double, it's faster to apply and -// reverse the transform than to operate in affine coordinates. - import ( - "sync" - "math/big" + "encoding/asn1" ) -//curve parameters taken from: -//http://www.secg.org/collateral/sec2_final.pdf - -var initonce sync.Once -var secp160k1 *BitCurve -var secp192k1 *BitCurve -var secp224k1 *BitCurve -var secp256k1 *BitCurve - -func initAll() { - initS160() - initS192() - initS224() - initS256() -} - -func initS160() { - // See SEC 2 section 2.4.1 - secp160k1 = new(BitCurve) - secp160k1.Name = "secp160k1" - secp160k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 16) - secp160k1.N, _ = new(big.Int).SetString("0100000000000000000001B8FA16DFAB9ACA16B6B3", 16) - secp160k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000007", 16) - secp160k1.Gx, _ = new(big.Int).SetString("3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", 16) - secp160k1.Gy, _ = new(big.Int).SetString("938CF935318FDCED6BC28286531733C3F03C4FEE", 16) - secp160k1.BitSize = 160 -} - -func initS192() { - // See SEC 2 section 2.5.1 - secp192k1 = new(BitCurve) - secp192k1.Name = "secp192k1" - secp192k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", 16) - secp192k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 16) - secp192k1.B, _ = new(big.Int).SetString("000000000000000000000000000000000000000000000003", 16) - secp192k1.Gx, _ = new(big.Int).SetString("DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", 16) - secp192k1.Gy, _ = new(big.Int).SetString("9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", 16) - secp192k1.BitSize = 192 -} +// curve parameters taken from: +// http://www.secg.org/collateral/sec2_final.pdf -func initS224() { - // See SEC 2 section 2.6.1 - secp224k1 = new(BitCurve) - secp224k1.Name = "secp224k1" - secp224k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", 16) - secp224k1.N, _ = new(big.Int).SetString("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 16) - secp224k1.B, _ = new(big.Int).SetString("00000000000000000000000000000000000000000000000000000005", 16) - secp224k1.Gx, _ = new(big.Int).SetString("A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", 16) - secp224k1.Gy, _ = new(big.Int).SetString("7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", 16) - secp224k1.BitSize = 224 -} - -func initS256() { - // See SEC 2 section 2.7.1 - secp256k1 = new(BitCurve) - secp256k1.Name = "secp256k1" - secp256k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 16) - secp256k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 16) - secp256k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000000000000000000000000000007", 16) - secp256k1.Gx, _ = new(big.Int).SetString("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", 16) - secp256k1.Gy, _ = new(big.Int).SetString("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", 16) - secp256k1.BitSize = 256 -} +var ( + OIDNamedCurveSecp160k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 9} + OIDNamedCurveSecp192k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 31} + OIDNamedCurveSecp224k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 32} + OIDNamedCurveSecp256k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 10} +) // S160 returns a BitCurve which implements secp160k1 (see SEC 2 section 2.4.1) func S160() *BitCurve { diff --git a/elliptic/bitcurves/bitcurve_curves.go b/elliptic/bitcurves/bitcurve_curves.go new file mode 100644 index 00000000..ffb6c79a --- /dev/null +++ b/elliptic/bitcurves/bitcurve_curves.go @@ -0,0 +1,70 @@ +// Package bitelliptic implements several Koblitz elliptic curves over prime fields. +package bitcurves + +import ( + "sync" + "math/big" +) + +// curve parameters taken from: +// http://www.secg.org/collateral/sec2_final.pdf + +var ( + initonce sync.Once + secp160k1, secp192k1, secp224k1, secp256k1 *BitCurve +) + +func initAll() { + initS160() + initS192() + initS224() + initS256() +} + +func initS160() { + // See SEC 2 section 2.4.1 + secp160k1 = new(BitCurve) + secp160k1.Name = "secp160k1" + secp160k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 16) + secp160k1.N, _ = new(big.Int).SetString("0100000000000000000001B8FA16DFAB9ACA16B6B3", 16) + secp160k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000007", 16) + secp160k1.Gx, _ = new(big.Int).SetString("3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", 16) + secp160k1.Gy, _ = new(big.Int).SetString("938CF935318FDCED6BC28286531733C3F03C4FEE", 16) + secp160k1.BitSize = 160 +} + +func initS192() { + // See SEC 2 section 2.5.1 + secp192k1 = new(BitCurve) + secp192k1.Name = "secp192k1" + secp192k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", 16) + secp192k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 16) + secp192k1.B, _ = new(big.Int).SetString("000000000000000000000000000000000000000000000003", 16) + secp192k1.Gx, _ = new(big.Int).SetString("DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", 16) + secp192k1.Gy, _ = new(big.Int).SetString("9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", 16) + secp192k1.BitSize = 192 +} + +func initS224() { + // See SEC 2 section 2.6.1 + secp224k1 = new(BitCurve) + secp224k1.Name = "secp224k1" + secp224k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", 16) + secp224k1.N, _ = new(big.Int).SetString("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 16) + secp224k1.B, _ = new(big.Int).SetString("00000000000000000000000000000000000000000000000000000005", 16) + secp224k1.Gx, _ = new(big.Int).SetString("A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", 16) + secp224k1.Gy, _ = new(big.Int).SetString("7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", 16) + secp224k1.BitSize = 224 +} + +func initS256() { + // See SEC 2 section 2.7.1 + secp256k1 = new(BitCurve) + secp256k1.Name = "secp256k1" + secp256k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 16) + secp256k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 16) + secp256k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000000000000000000000000000007", 16) + secp256k1.Gx, _ = new(big.Int).SetString("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", 16) + secp256k1.Gy, _ = new(big.Int).SetString("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", 16) + secp256k1.BitSize = 256 +} diff --git a/elliptic/koblitz/koblitz.go b/elliptic/koblitz/koblitz.go index a33c1390..16a06b83 100644 --- a/elliptic/koblitz/koblitz.go +++ b/elliptic/koblitz/koblitz.go @@ -1,14 +1,22 @@ package koblitz -// Support for Koblitz elliptic curves -// http://www.secg.org/SEC2-Ver-1.0.pdf - import ( + "encoding/asn1" "crypto/elliptic" - + "github.com/deatil/go-cryptobin/elliptic/bitcurves" ) +// Support for Koblitz elliptic curves +// http://www.secg.org/SEC2-Ver-1.0.pdf + +var ( + OIDNamedCurveSecp160k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 9} + OIDNamedCurveSecp192k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 31} + OIDNamedCurveSecp224k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 32} + OIDNamedCurveSecp256k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 10} +) + func P160k1() elliptic.Curve { return bitcurves.S160() } diff --git a/elliptic/nist/nist_curves.go b/elliptic/nist/nist_curves.go index b1fa648b..7f3f616e 100644 --- a/elliptic/nist/nist_curves.go +++ b/elliptic/nist/nist_curves.go @@ -9,16 +9,11 @@ import ( var initonce sync.Once var ( - k163 base_elliptic.Curve - b163 base_elliptic.Curve - k233 base_elliptic.Curve - b233 base_elliptic.Curve - k283 base_elliptic.Curve - b283 base_elliptic.Curve - k409 base_elliptic.Curve - b409 base_elliptic.Curve - k571 base_elliptic.Curve - b571 base_elliptic.Curve + k163, b163 base_elliptic.Curve + k233, b233 base_elliptic.Curve + k283, b283 base_elliptic.Curve + k409, b409 base_elliptic.Curve + k571, b571 base_elliptic.Curve ) func initAll() { diff --git a/elliptic/nums/nums.go b/elliptic/nums/nums.go index 70fc30ee..5427a422 100644 --- a/elliptic/nums/nums.go +++ b/elliptic/nums/nums.go @@ -1,13 +1,11 @@ package nums import ( - "sync" - "math/big" "encoding/asn1" "crypto/elliptic" ) -// see http://www.watersprings.org/pub/id/draft-black-numscurves-01.html +// see https://datatracker.ietf.org/doc/draft-black-numscurves/ var ( OIDNums = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 0} @@ -20,138 +18,36 @@ var ( OIDNumsp512t1 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 0, 6} ) -var ( - once sync.Once - p256d1, p384d1, p512d1 *elliptic.CurveParams - p256t1, p384t1, p512t1 *rcurve -) - -func bigFromHex(s string) (i *big.Int) { - i = new(big.Int) - i.SetString(s, 16) - return -} - -func initAll() { - initP256d1() - initP384d1() - initP512d1() - - initP256t1() - initP384t1() - initP512t1() -} - -func initP256d1() { - p256d1 = &elliptic.CurveParams{ - P: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF43"), - N: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE43C8275EA265C6020AB20294751A825"), - B: bigFromHex("25581"), - Gx: bigFromHex("01"), - Gy: bigFromHex("696F1853C1E466D7FC82C96CCEEEDD6BD02C2F9375894EC10BF46306C2B56C77"), - BitSize: 256, - Name: "numsp256d1", - } -} - -func initP384d1() { - p384d1 = &elliptic.CurveParams{ - P: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC3"), - N: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD61EAF1EEB5D6881BEDA9D3D4C37E27A604D81F67B0E61B9"), - B: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF77BB"), - Gx: bigFromHex("02"), - Gy: bigFromHex("3C9F82CB4B87B4DC71E763E0663E5DBD8034ED422F04F82673330DC58D15FFA2B4A3D0BAD5D30F865BCBBF503EA66F43"), - BitSize: 384, - Name: "numsp384d1", - } -} - -func initP512d1() { - p512d1 = &elliptic.CurveParams{ - P: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7"), - N: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D"), - B: bigFromHex("1D99B"), - Gx: bigFromHex("02"), - Gy: bigFromHex("1C282EB23327F9711952C250EA61AD53FCC13031CF6DD336E0B9328433AFBDD8CC5A1C1F0C716FDC724DDE537C2B0ADB00BB3D08DC83755B205CC30D7F83CF28"), - BitSize: 512, - Name: "numsp512d1", - } -} - // P256d1() returns a Curve which implements p256d1 of Microsoft's Nothing Up My Sleeve (NUMS) func P256d1() elliptic.Curve { once.Do(initAll) return p256d1 } -// P384d1() returns a Curve which implements p384d1 of Microsoft's Nothing Up My Sleeve (NUMS) -func P384d1() elliptic.Curve { - once.Do(initAll) - return p384d1 -} - -// P512d1() returns a Curve which implements p512d1 of Microsoft's Nothing Up My Sleeve (NUMS) -func P512d1() elliptic.Curve { - once.Do(initAll) - return p512d1 -} - -// ============ - -func initP256t1() { - twisted := p256d1 - params := &elliptic.CurveParams{ - Name: "numsp256t1", - P: twisted.P, - N: twisted.N, - BitSize: twisted.BitSize, - } - params.Gx = bigFromHex("0D") - params.Gy = bigFromHex("7D0AB41E2A1276DBA3D330B39FA046BFBE2A6D63824D303F707F6FB5331CADBA") - r := bigFromHex("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBE6AA55AD0A6BC64E5B84E6F1122B4AD") - p256t1 = newRcurve(twisted, params, r) -} - -func initP384t1() { - twisted := p384d1 - params := &elliptic.CurveParams{ - Name: "numsp384t1", - P: twisted.P, - N: twisted.N, - BitSize: twisted.BitSize, - } - params.Gx = bigFromHex("08") - params.Gy = bigFromHex("749CDABA136CE9B65BD4471794AA619DAA5C7B4C930BFF8EBD798A8AE753C6D72F003860FEBABAD534A4ACF5FA7F5BEE") - r := bigFromHex("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECD7D11ED5A259A25A13A0458E39F4E451D6D71F70426E25") - p384t1 = newRcurve(twisted, params, r) -} - -func initP512t1() { - twisted := p512d1 - params := &elliptic.CurveParams{ - Name: "numsp512t1", - P: twisted.P, - N: twisted.N, - BitSize: twisted.BitSize, - } - params.Gx = bigFromHex("20") - params.Gy = bigFromHex("7D67E841DC4C467B605091D80869212F9CEB124BF726973F9FF048779E1D614E62AE2ECE5057B5DAD96B7A897C1D72799261134638750F4F0CB91027543B1C5E") - r := bigFromHex("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA7E50809EFDABBB9A624784F449545F0DCEA5FF0CB800F894E78D1CB0B5F0189") - p512t1 = newRcurve(twisted, params, r) -} - // P256t1() returns a Curve which implements p256t1 of Microsoft's Nothing Up My Sleeve (NUMS) func P256t1() elliptic.Curve { once.Do(initAll) return p256t1 } +// P384d1() returns a Curve which implements p384d1 of Microsoft's Nothing Up My Sleeve (NUMS) +func P384d1() elliptic.Curve { + once.Do(initAll) + return p384d1 +} + // P384t1() returns a Curve which implements p384t1 of Microsoft's Nothing Up My Sleeve (NUMS) func P384t1() elliptic.Curve { once.Do(initAll) return p384t1 } +// P512d1() returns a Curve which implements p512d1 of Microsoft's Nothing Up My Sleeve (NUMS) +func P512d1() elliptic.Curve { + once.Do(initAll) + return p512d1 +} + // P512t1() returns a Curve which implements p512t1 of Microsoft's Nothing Up My Sleeve (NUMS) func P512t1() elliptic.Curve { once.Do(initAll) diff --git a/elliptic/nums/nums_curves.go b/elliptic/nums/nums_curves.go new file mode 100644 index 00000000..0ad9703e --- /dev/null +++ b/elliptic/nums/nums_curves.go @@ -0,0 +1,112 @@ +package nums + +import ( + "sync" + "math/big" + "crypto/elliptic" +) + +// see http://www.watersprings.org/pub/id/draft-black-numscurves-01.html + +var ( + once sync.Once + + p256d1, p384d1, p512d1 *elliptic.CurveParams + p256t1, p384t1, p512t1 *rcurve +) + +func initAll() { + initP256d1() + initP256t1() + + initP384d1() + initP384t1() + + initP512d1() + initP512t1() +} + +func initP256d1() { + p256d1 = &elliptic.CurveParams{ + P: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF43"), + N: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE43C8275EA265C6020AB20294751A825"), + B: bigFromHex("25581"), + Gx: bigFromHex("01"), + Gy: bigFromHex("696F1853C1E466D7FC82C96CCEEEDD6BD02C2F9375894EC10BF46306C2B56C77"), + BitSize: 256, + Name: "numsp256d1", + } +} + +func initP256t1() { + twisted := p256d1 + params := &elliptic.CurveParams{ + Name: "numsp256t1", + P: twisted.P, + N: twisted.N, + BitSize: twisted.BitSize, + } + params.Gx = bigFromHex("0D") + params.Gy = bigFromHex("7D0AB41E2A1276DBA3D330B39FA046BFBE2A6D63824D303F707F6FB5331CADBA") + r := bigFromHex("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBE6AA55AD0A6BC64E5B84E6F1122B4AD") + p256t1 = newRcurve(twisted, params, r) +} + +func initP384d1() { + p384d1 = &elliptic.CurveParams{ + P: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC3"), + N: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD61EAF1EEB5D6881BEDA9D3D4C37E27A604D81F67B0E61B9"), + B: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF77BB"), + Gx: bigFromHex("02"), + Gy: bigFromHex("3C9F82CB4B87B4DC71E763E0663E5DBD8034ED422F04F82673330DC58D15FFA2B4A3D0BAD5D30F865BCBBF503EA66F43"), + BitSize: 384, + Name: "numsp384d1", + } +} + +func initP384t1() { + twisted := p384d1 + params := &elliptic.CurveParams{ + Name: "numsp384t1", + P: twisted.P, + N: twisted.N, + BitSize: twisted.BitSize, + } + params.Gx = bigFromHex("08") + params.Gy = bigFromHex("749CDABA136CE9B65BD4471794AA619DAA5C7B4C930BFF8EBD798A8AE753C6D72F003860FEBABAD534A4ACF5FA7F5BEE") + r := bigFromHex("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECD7D11ED5A259A25A13A0458E39F4E451D6D71F70426E25") + p384t1 = newRcurve(twisted, params, r) +} + +func initP512d1() { + p512d1 = &elliptic.CurveParams{ + P: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7"), + N: bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D"), + B: bigFromHex("1D99B"), + Gx: bigFromHex("02"), + Gy: bigFromHex("1C282EB23327F9711952C250EA61AD53FCC13031CF6DD336E0B9328433AFBDD8CC5A1C1F0C716FDC724DDE537C2B0ADB00BB3D08DC83755B205CC30D7F83CF28"), + BitSize: 512, + Name: "numsp512d1", + } +} + +func initP512t1() { + twisted := p512d1 + params := &elliptic.CurveParams{ + Name: "numsp512t1", + P: twisted.P, + N: twisted.N, + BitSize: twisted.BitSize, + } + params.Gx = bigFromHex("20") + params.Gy = bigFromHex("7D67E841DC4C467B605091D80869212F9CEB124BF726973F9FF048779E1D614E62AE2ECE5057B5DAD96B7A897C1D72799261134638750F4F0CB91027543B1C5E") + r := bigFromHex("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA7E50809EFDABBB9A624784F449545F0DCEA5FF0CB800F894E78D1CB0B5F0189") + p512t1 = newRcurve(twisted, params, r) +} + +func bigFromHex(s string) (i *big.Int) { + i = new(big.Int) + i.SetString(s, 16) + + return +} diff --git a/elliptic/nums/rcurve.go b/elliptic/nums/rcurve.go index 191d18b5..1ef93d6c 100644 --- a/elliptic/nums/rcurve.go +++ b/elliptic/nums/rcurve.go @@ -25,6 +25,7 @@ var ( func newRcurve(twisted elliptic.Curve, params *elliptic.CurveParams, z *big.Int) *rcurve { zinv := new(big.Int).ModInverse(z, params.P) + return &rcurve{ twisted: twisted, params: params, @@ -39,19 +40,19 @@ func newRcurve(twisted elliptic.Curve, params *elliptic.CurveParams, z *big.Int) func (curve *rcurve) toTwisted(x, y *big.Int) (*big.Int, *big.Int) { var tx, ty big.Int - tx.Mul(x, curve.z2) - tx.Mod(&tx, curve.params.P) - ty.Mul(y, curve.z3) - ty.Mod(&ty, curve.params.P) + tx.Mul(x, curve.z2) // tx = (z^2 mod p) * x + tx.Mod(&tx, curve.params.P) // tx = tx mod p + ty.Mul(y, curve.z3) // ty = (z^3 mod p) * y + ty.Mod(&ty, curve.params.P) // ty = ty mod p return &tx, &ty } func (curve *rcurve) fromTwisted(tx, ty *big.Int) (*big.Int, *big.Int) { var x, y big.Int - x.Mul(tx, curve.zinv2) - x.Mod(&x, curve.params.P) - y.Mul(ty, curve.zinv3) - y.Mod(&y, curve.params.P) + x.Mul(tx, curve.zinv2) // x = (zinv^2 mod p) * tx + x.Mod(&x, curve.params.P) // x = x mod p + y.Mul(ty, curve.zinv3) // y = (zinv^3 mod p) * ty + y.Mod(&y, curve.params.P) // y = y mod p return &x, &y } diff --git a/elliptic/secg/secg.go b/elliptic/secg/secg.go index 0f20ef16..6bf51447 100644 --- a/elliptic/secg/secg.go +++ b/elliptic/secg/secg.go @@ -16,6 +16,7 @@ var ( OIDNamedCurveSect163r2 = asn1.ObjectIdentifier{1, 3, 132, 0, 15} OIDNamedCurveSect193r1 = asn1.ObjectIdentifier{1, 3, 132, 0, 24} OIDNamedCurveSect193r2 = asn1.ObjectIdentifier{1, 3, 132, 0, 25} + OIDNamedCurveSect233k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 26} OIDNamedCurveSect233r1 = asn1.ObjectIdentifier{1, 3, 132, 0, 27} OIDNamedCurveSect239k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 3} diff --git a/elliptic/secp/secp.go b/elliptic/secp/secp.go index 0d1a2c17..5ecbd6a3 100644 --- a/elliptic/secp/secp.go +++ b/elliptic/secp/secp.go @@ -1,8 +1,6 @@ package secp import ( - "sync" - "math/big" "encoding/asn1" "crypto/elliptic" ) @@ -19,109 +17,6 @@ var ( OIDNamedCurveSecp160r2 = asn1.ObjectIdentifier{1, 3, 132, 0, 30} ) -var ( - once sync.Once - secp192r1 *elliptic.CurveParams - secp112r1, secp112r2 *elliptic.CurveParams - secp128r1, secp128r2 *elliptic.CurveParams - secp160r1, secp160r2 *elliptic.CurveParams -) - -func initAll() { - initP192() - - initSecp112r1() - initSecp112r2() - initSecp128r1() - initSecp128r2() - initSecp160r1() - initSecp160r2() -} - -func initSecp112r1() { - // p = (2^128 - 3) / 76439 - secp112r1 = new(elliptic.CurveParams) - secp112r1.P = bigFromHex("DB7C2ABF62E35E668076BEAD208B") - secp112r1.N = bigFromHex("DB7C2ABF62E35E7628DFAC6561C5") - secp112r1.B = bigFromHex("659EF8BA043916EEDE8911702B22") - secp112r1.Gx = bigFromHex("09487239995A5EE76B55F9C2F098") - secp112r1.Gy = bigFromHex("A89CE5AF8724C0A23E0E0FF77500") - secp112r1.BitSize = 112 - secp112r1.Name = "secp112r1" -} - -func initSecp112r2() { - // p = (2^128 - 3) / 76439 - secp112r2 = new(elliptic.CurveParams) - secp112r2.P = bigFromHex("DB7C2ABF62E35E668076BEAD208B") - secp112r2.N = bigFromHex("36DF0AAFD8B8D7597CA10520D04B") - secp112r2.B = bigFromHex("51DEF1815DB5ED74FCC34C85D709") - secp112r2.Gx = bigFromHex("4BA30AB5E892B4E1649DD0928643") - secp112r2.Gy = bigFromHex("ADCD46F5882E3747DEF36E956E97") - secp112r2.BitSize = 112 - secp112r2.Name = "secp112r2" -} - -func initSecp128r1() { - // p = 2^128 - 2^97 - 1 - secp128r1 = new(elliptic.CurveParams) - secp128r1.P = bigFromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF") - secp128r1.N = bigFromHex("FFFFFFFE0000000075A30D1B9038A115") - secp128r1.B = bigFromHex("E87579C11079F43DD824993C2CEE5ED3") - secp128r1.Gx = bigFromHex("161FF7528B899B2D0C28607CA52C5B86") - secp128r1.Gy = bigFromHex("CF5AC8395BAFEB13C02DA292DDED7A83") - secp128r1.BitSize = 128 - secp128r1.Name = "secp128r1" -} - -func initSecp128r2() { - // p = 2^128 - 2^97 - 1 - secp128r2 = new(elliptic.CurveParams) - secp128r2.P = bigFromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF") - secp128r2.N = bigFromHex("3FFFFFFF7FFFFFFFBE0024720613B5A3") - secp128r2.B = bigFromHex("5EEEFCA380D02919DC2C6558BB6D8A5D") - secp128r2.Gx = bigFromHex("7B6AA5D85E572983E6FB32A7CDEBC140") - secp128r2.Gy = bigFromHex("27B6916A894D3AEE7106FE805FC34B44") - secp128r2.BitSize = 128 - secp128r2.Name = "secp128r2" -} - -func initSecp160r1() { - // p = 2^160 - 2^31 - 1 - secp160r1 = new(elliptic.CurveParams) - secp160r1.P = bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF") - secp160r1.N = bigFromHex("0100000000000000000001F4C8F927AED3CA752257") - secp160r1.B = bigFromHex("1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45") - secp160r1.Gx = bigFromHex("4A96B5688EF573284664698968C38BB913CBFC82") - secp160r1.Gy = bigFromHex("23A628553168947D59DCC912042351377AC5FB32") - secp160r1.BitSize = 160 - secp160r1.Name = "secp160r1" -} - -func initSecp160r2() { - // p = 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1 - secp160r2 = new(elliptic.CurveParams) - secp160r2.P = bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73") - secp160r2.N = bigFromHex("0100000000000000000000351EE786A818F3A1A16B") - secp160r2.B = bigFromHex("B4E134D3FB59EB8BAB57274904664D5AF50388BA") - secp160r2.Gx = bigFromHex("52DCB034293A117E1F4FF11B30F7199D3144CE6D") - secp160r2.Gy = bigFromHex("FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E") - secp160r2.BitSize = 160 - secp160r2.Name = "secp160r2" -} - -func initP192() { - // p = 2^192 - 2^64 - 1 - secp192r1 = new(elliptic.CurveParams) - secp192r1.P = bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF") - secp192r1.N = bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831") - secp192r1.B = bigFromHex("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1") - secp192r1.Gx = bigFromHex("188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012") - secp192r1.Gy = bigFromHex("07192B95FFC8DA78631011ED6B24CDD573F977A11E794811") - secp192r1.BitSize = 192 - secp192r1.Name = "secp192r1" -} - func P112r1() elliptic.Curve { once.Do(initAll) return secp112r1 @@ -161,12 +56,3 @@ func P192r1() elliptic.Curve { once.Do(initAll) return secp192r1 } - -func bigFromHex(s string) *big.Int { - b, ok := new(big.Int).SetString(s, 16) - if !ok { - panic("go-cryptobin/secp: invalid encoding") - } - - return b -} diff --git a/elliptic/secp/secp_curves.go b/elliptic/secp/secp_curves.go new file mode 100644 index 00000000..6fe05e7b --- /dev/null +++ b/elliptic/secp/secp_curves.go @@ -0,0 +1,119 @@ +package secp + +import ( + "sync" + "math/big" + "crypto/elliptic" +) + +var ( + once sync.Once + secp192r1 *elliptic.CurveParams + secp112r1, secp112r2 *elliptic.CurveParams + secp128r1, secp128r2 *elliptic.CurveParams + secp160r1, secp160r2 *elliptic.CurveParams +) + +func initAll() { + initP192() + + initSecp112r1() + initSecp112r2() + initSecp128r1() + initSecp128r2() + initSecp160r1() + initSecp160r2() +} + +func initSecp112r1() { + // p = (2^128 - 3) / 76439 + secp112r1 = new(elliptic.CurveParams) + secp112r1.P = bigFromHex("DB7C2ABF62E35E668076BEAD208B") + secp112r1.N = bigFromHex("DB7C2ABF62E35E7628DFAC6561C5") + secp112r1.B = bigFromHex("659EF8BA043916EEDE8911702B22") + secp112r1.Gx = bigFromHex("09487239995A5EE76B55F9C2F098") + secp112r1.Gy = bigFromHex("A89CE5AF8724C0A23E0E0FF77500") + secp112r1.BitSize = 112 + secp112r1.Name = "secp112r1" +} + +func initSecp112r2() { + // p = (2^128 - 3) / 76439 + secp112r2 = new(elliptic.CurveParams) + secp112r2.P = bigFromHex("DB7C2ABF62E35E668076BEAD208B") + secp112r2.N = bigFromHex("36DF0AAFD8B8D7597CA10520D04B") + secp112r2.B = bigFromHex("51DEF1815DB5ED74FCC34C85D709") + secp112r2.Gx = bigFromHex("4BA30AB5E892B4E1649DD0928643") + secp112r2.Gy = bigFromHex("ADCD46F5882E3747DEF36E956E97") + secp112r2.BitSize = 112 + secp112r2.Name = "secp112r2" +} + +func initSecp128r1() { + // p = 2^128 - 2^97 - 1 + secp128r1 = new(elliptic.CurveParams) + secp128r1.P = bigFromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF") + secp128r1.N = bigFromHex("FFFFFFFE0000000075A30D1B9038A115") + secp128r1.B = bigFromHex("E87579C11079F43DD824993C2CEE5ED3") + secp128r1.Gx = bigFromHex("161FF7528B899B2D0C28607CA52C5B86") + secp128r1.Gy = bigFromHex("CF5AC8395BAFEB13C02DA292DDED7A83") + secp128r1.BitSize = 128 + secp128r1.Name = "secp128r1" +} + +func initSecp128r2() { + // p = 2^128 - 2^97 - 1 + secp128r2 = new(elliptic.CurveParams) + secp128r2.P = bigFromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF") + secp128r2.N = bigFromHex("3FFFFFFF7FFFFFFFBE0024720613B5A3") + secp128r2.B = bigFromHex("5EEEFCA380D02919DC2C6558BB6D8A5D") + secp128r2.Gx = bigFromHex("7B6AA5D85E572983E6FB32A7CDEBC140") + secp128r2.Gy = bigFromHex("27B6916A894D3AEE7106FE805FC34B44") + secp128r2.BitSize = 128 + secp128r2.Name = "secp128r2" +} + +func initSecp160r1() { + // p = 2^160 - 2^31 - 1 + secp160r1 = new(elliptic.CurveParams) + secp160r1.P = bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF") + secp160r1.N = bigFromHex("0100000000000000000001F4C8F927AED3CA752257") + secp160r1.B = bigFromHex("1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45") + secp160r1.Gx = bigFromHex("4A96B5688EF573284664698968C38BB913CBFC82") + secp160r1.Gy = bigFromHex("23A628553168947D59DCC912042351377AC5FB32") + secp160r1.BitSize = 160 + secp160r1.Name = "secp160r1" +} + +func initSecp160r2() { + // p = 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1 + secp160r2 = new(elliptic.CurveParams) + secp160r2.P = bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73") + secp160r2.N = bigFromHex("0100000000000000000000351EE786A818F3A1A16B") + secp160r2.B = bigFromHex("B4E134D3FB59EB8BAB57274904664D5AF50388BA") + secp160r2.Gx = bigFromHex("52DCB034293A117E1F4FF11B30F7199D3144CE6D") + secp160r2.Gy = bigFromHex("FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E") + secp160r2.BitSize = 160 + secp160r2.Name = "secp160r2" +} + +func initP192() { + // p = 2^192 - 2^64 - 1 + secp192r1 = new(elliptic.CurveParams) + secp192r1.P = bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF") + secp192r1.N = bigFromHex("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831") + secp192r1.B = bigFromHex("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1") + secp192r1.Gx = bigFromHex("188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012") + secp192r1.Gy = bigFromHex("07192B95FFC8DA78631011ED6B24CDD573F977A11E794811") + secp192r1.BitSize = 192 + secp192r1.Name = "secp192r1" +} + +func bigFromHex(s string) *big.Int { + b, ok := new(big.Int).SetString(s, 16) + if !ok { + panic("go-cryptobin/secp: invalid encoding") + } + + return b +} diff --git a/elliptic/secp256k1/params.go b/elliptic/secp256k1/params.go new file mode 100644 index 00000000..9217ebaa --- /dev/null +++ b/elliptic/secp256k1/params.go @@ -0,0 +1,176 @@ +package secp256k1 + +import ( + "math/big" + "crypto/elliptic" + + "github.com/deatil/go-cryptobin/elliptic/curve256k1" +) + +var _ elliptic.Curve = (*secp256k1)(nil) + +type secp256k1 struct { + params *elliptic.CurveParams +} + +// Params returns the parameters for the curve. +func (crv *secp256k1) Params() *elliptic.CurveParams { + return crv.params +} + +// IsOnCurve reports whether the given (x,y) lies on the curve. +func (crv *secp256k1) IsOnCurve(x, y *big.Int) bool { + var p curve256k1.Point + if _, err := p.NewPoint(x, y); err != nil { + return false + } + return curve256k1.IsOnCurve(&p) +} + +// Add returns the sum of (x1,y1) and (x2,y2) +func (crv *secp256k1) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int) { + var p1, p2, p3 curve256k1.Point + var pj1, pj2, pj3 curve256k1.PointJacobian + if _, err := p1.NewPoint(x1, y1); err != nil { + panic("invalid point") + } + if _, err := p2.NewPoint(x2, y2); err != nil { + panic("invalid point") + } + pj1.FromAffine(&p1) + pj2.FromAffine(&p2) + pj3.Add(&pj1, &pj2) + p3.FromJacobian(&pj3) + return p3.ToBig(new(big.Int), new(big.Int)) +} + +// Double returns 2*(x,y) +func (crv *secp256k1) Double(x1, y1 *big.Int) (x, y *big.Int) { + var p1, p3 curve256k1.Point + var pj1, pj3 curve256k1.PointJacobian + if _, err := p1.NewPoint(x1, y1); err != nil { + panic("invalid point") + } + pj1.FromAffine(&p1) + pj3.Double(&pj1) + p3.FromJacobian(&pj3) + return p3.ToBig(new(big.Int), new(big.Int)) +} + +// ScalarMult returns k*(Bx,By) where k is a number in big-endian form. +func (crv *secp256k1) ScalarMult(Bx, By *big.Int, k []byte) (x, y *big.Int) { + var B, ret curve256k1.Point + var Bj, retj curve256k1.PointJacobian + if _, err := B.NewPoint(Bx, By); err != nil { + panic("invalid point") + } + Bj.FromAffine(&B) + retj.ScalarMult(&Bj, k) + ret.FromJacobian(&retj) + return ret.ToBig(new(big.Int), new(big.Int)) +} + +// ScalarBaseMult returns k*G, where G is the base point of the group +// and k is an integer in big-endian form. +func (crv *secp256k1) ScalarBaseMult(k []byte) (x, y *big.Int) { + var ret curve256k1.Point + var retj curve256k1.PointJacobian + retj.ScalarBaseMult(k) + ret.FromJacobian(&retj) + return ret.ToBig(new(big.Int), new(big.Int)) +} + +// CombinedMult returns [s1]G + [s2]P where G is the generator. +// It's used through an interface upgrade in crypto/ecdsa. +func (crv *secp256k1) CombinedMult(Px, Py *big.Int, s1, s2 []byte) (x, y *big.Int) { + // calculate [s1]G + var retj1 curve256k1.PointJacobian + retj1.ScalarBaseMult(s1) + + var B curve256k1.Point + var Bj, retj2 curve256k1.PointJacobian + if _, err := B.NewPoint(Px, Py); err != nil { + panic("invalid point") + } + + // calculate [s2]P + Bj.FromAffine(&B) + retj2.ScalarMult(&Bj, s2) + + // add them + var ret curve256k1.Point + retj1.Add(&retj1, &retj2) + ret.FromJacobian(&retj1) + return ret.ToBig(new(big.Int), new(big.Int)) +} + +// polynomial returns x3 + 7. +func (crv *secp256k1) polynomial(x *big.Int) *big.Int { + x3 := new(big.Int).Mul(x, x) + x3.Mul(x3, x) + + b := big.NewInt(7) + + x3.Add(x3, b) + x3.Mod(x3, crv.Params().P) + + return x3 +} + +// Unmarshal implements elliptic.Unmarshal. +func (crv *secp256k1) Unmarshal(data []byte) (x, y *big.Int) { + byteLen := (crv.Params().BitSize + 7) / 8 + if len(data) != 1+2*byteLen { + return nil, nil + } + if data[0] != 4 { // uncompressed form + return nil, nil + } + + p := crv.Params().P + x = new(big.Int).SetBytes(data[1 : 1+byteLen]) + y = new(big.Int).SetBytes(data[1+byteLen:]) + + if x.Cmp(p) >= 0 || y.Cmp(p) >= 0 { + return nil, nil + } + if !crv.IsOnCurve(x, y) { + return nil, nil + } + + return +} + +// UnmarshalCompressed implements elliptic.UnmarshalCompressed. +func (crv *secp256k1) UnmarshalCompressed(data []byte) (x, y *big.Int) { + byteLen := (crv.Params().BitSize + 7) / 8 + if len(data) != 1+byteLen { + return nil, nil + } + if data[0] != 2 && data[0] != 3 { // compressed form + return nil, nil + } + + p := crv.Params().P + x = new(big.Int).SetBytes(data[1:]) + if x.Cmp(p) >= 0 { + return nil, nil + } + + // y² = x3 + 7 + y = crv.polynomial(x) + y = y.ModSqrt(y, p) + if y == nil { + return nil, nil + } + + if byte(y.Bit(0)) != data[0]&1 { + y.Neg(y).Mod(y, p) + } + + if !crv.IsOnCurve(x, y) { + return nil, nil + } + + return +} diff --git a/elliptic/secp256k1/secp256k1.go b/elliptic/secp256k1/secp256k1.go index 19614bc9..07f08caa 100644 --- a/elliptic/secp256k1/secp256k1.go +++ b/elliptic/secp256k1/secp256k1.go @@ -4,15 +4,18 @@ package secp256k1 import ( "sync" "math/big" + "encoding/asn1" "crypto/elliptic" +) - "github.com/deatil/go-cryptobin/elliptic/curve256k1" +var ( + OIDNamedCurveSecp256k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 10} ) var initonce sync.Once var curve secp256k1 -func initCurve() { +func initAll() { // SEC 2 (Draft) Ver. 2.0 2.4 Recommended 256-bit Elliptic Curve Domain Parameters over Fp // http://www.secg.org/sec2-v2.pdf curve.params = &elliptic.CurveParams{ @@ -26,190 +29,25 @@ func initCurve() { } } -func bigHex(s string) *big.Int { - i, ok := new(big.Int).SetString(s, 16) - if !ok { - panic("secp256k1: failed to parse hex") - } - return i -} - // Curve returns the standard secp256k1 elliptic curve. // // Multiple invocations of this function will return the same value, so it can be used for equality checks and switch statements. // // The cryptographic operations are implemented using constant-time algorithms. func Curve() elliptic.Curve { - initonce.Do(initCurve) + initonce.Do(initAll) return &curve } -var S256 = Curve - -var _ elliptic.Curve = (*secp256k1)(nil) - -type secp256k1 struct { - params *elliptic.CurveParams -} - -// Params returns the parameters for the curve. -func (crv *secp256k1) Params() *elliptic.CurveParams { - return crv.params -} - -// IsOnCurve reports whether the given (x,y) lies on the curve. -func (crv *secp256k1) IsOnCurve(x, y *big.Int) bool { - var p curve256k1.Point - if _, err := p.NewPoint(x, y); err != nil { - return false - } - return curve256k1.IsOnCurve(&p) -} - -// Add returns the sum of (x1,y1) and (x2,y2) -func (crv *secp256k1) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int) { - var p1, p2, p3 curve256k1.Point - var pj1, pj2, pj3 curve256k1.PointJacobian - if _, err := p1.NewPoint(x1, y1); err != nil { - panic("invalid point") - } - if _, err := p2.NewPoint(x2, y2); err != nil { - panic("invalid point") - } - pj1.FromAffine(&p1) - pj2.FromAffine(&p2) - pj3.Add(&pj1, &pj2) - p3.FromJacobian(&pj3) - return p3.ToBig(new(big.Int), new(big.Int)) -} - -// Double returns 2*(x,y) -func (crv *secp256k1) Double(x1, y1 *big.Int) (x, y *big.Int) { - var p1, p3 curve256k1.Point - var pj1, pj3 curve256k1.PointJacobian - if _, err := p1.NewPoint(x1, y1); err != nil { - panic("invalid point") - } - pj1.FromAffine(&p1) - pj3.Double(&pj1) - p3.FromJacobian(&pj3) - return p3.ToBig(new(big.Int), new(big.Int)) -} - -// ScalarMult returns k*(Bx,By) where k is a number in big-endian form. -func (crv *secp256k1) ScalarMult(Bx, By *big.Int, k []byte) (x, y *big.Int) { - var B, ret curve256k1.Point - var Bj, retj curve256k1.PointJacobian - if _, err := B.NewPoint(Bx, By); err != nil { - panic("invalid point") - } - Bj.FromAffine(&B) - retj.ScalarMult(&Bj, k) - ret.FromJacobian(&retj) - return ret.ToBig(new(big.Int), new(big.Int)) -} - -// ScalarBaseMult returns k*G, where G is the base point of the group -// and k is an integer in big-endian form. -func (crv *secp256k1) ScalarBaseMult(k []byte) (x, y *big.Int) { - var ret curve256k1.Point - var retj curve256k1.PointJacobian - retj.ScalarBaseMult(k) - ret.FromJacobian(&retj) - return ret.ToBig(new(big.Int), new(big.Int)) -} - -// CombinedMult returns [s1]G + [s2]P where G is the generator. -// It's used through an interface upgrade in crypto/ecdsa. -func (crv *secp256k1) CombinedMult(Px, Py *big.Int, s1, s2 []byte) (x, y *big.Int) { - // calculate [s1]G - var retj1 curve256k1.PointJacobian - retj1.ScalarBaseMult(s1) - - var B curve256k1.Point - var Bj, retj2 curve256k1.PointJacobian - if _, err := B.NewPoint(Px, Py); err != nil { - panic("invalid point") - } - - // calculate [s2]P - Bj.FromAffine(&B) - retj2.ScalarMult(&Bj, s2) - - // add them - var ret curve256k1.Point - retj1.Add(&retj1, &retj2) - ret.FromJacobian(&retj1) - return ret.ToBig(new(big.Int), new(big.Int)) -} - -// polynomial returns x3 + 7. -func (crv *secp256k1) polynomial(x *big.Int) *big.Int { - x3 := new(big.Int).Mul(x, x) - x3.Mul(x3, x) - - b := big.NewInt(7) - - x3.Add(x3, b) - x3.Mod(x3, crv.Params().P) - - return x3 +func S256() elliptic.Curve { + return Curve() } -// Unmarshal implements elliptic.Unmarshal. -func (crv *secp256k1) Unmarshal(data []byte) (x, y *big.Int) { - byteLen := (crv.Params().BitSize + 7) / 8 - if len(data) != 1+2*byteLen { - return nil, nil - } - if data[0] != 4 { // uncompressed form - return nil, nil - } - - p := crv.Params().P - x = new(big.Int).SetBytes(data[1 : 1+byteLen]) - y = new(big.Int).SetBytes(data[1+byteLen:]) - - if x.Cmp(p) >= 0 || y.Cmp(p) >= 0 { - return nil, nil - } - if !crv.IsOnCurve(x, y) { - return nil, nil - } - - return -} - -// UnmarshalCompressed implements elliptic.UnmarshalCompressed. -func (crv *secp256k1) UnmarshalCompressed(data []byte) (x, y *big.Int) { - byteLen := (crv.Params().BitSize + 7) / 8 - if len(data) != 1+byteLen { - return nil, nil - } - if data[0] != 2 && data[0] != 3 { // compressed form - return nil, nil - } - - p := crv.Params().P - x = new(big.Int).SetBytes(data[1:]) - if x.Cmp(p) >= 0 { - return nil, nil - } - - // y² = x3 + 7 - y = crv.polynomial(x) - y = y.ModSqrt(y, p) - if y == nil { - return nil, nil - } - - if byte(y.Bit(0)) != data[0]&1 { - y.Neg(y).Mod(y, p) - } - - if !crv.IsOnCurve(x, y) { - return nil, nil +func bigHex(s string) *big.Int { + i, ok := new(big.Int).SetString(s, 16) + if !ok { + panic("secp256k1: failed to parse hex") } - return + return i } diff --git a/elliptic/secp256k1/secp256k1_test.go b/elliptic/secp256k1/secp256k1_test.go index a240d5cb..b4d8bc95 100644 --- a/elliptic/secp256k1/secp256k1_test.go +++ b/elliptic/secp256k1/secp256k1_test.go @@ -1,11 +1,13 @@ package secp256k1 import ( + "testing" "crypto/ecdsa" "crypto/rand" "crypto/sha256" "encoding/hex" - "testing" + + cryptobin_ecdsa "github.com/deatil/go-cryptobin/pubkey/ecdsa" ) func decodeHex(s string) []byte { @@ -374,3 +376,77 @@ func BenchmarkCombinedMultMinus1(b *testing.B) { crv.CombinedMult(x, y, k, k) } } + +func Test_ECDSA(t *testing.T) { + cryptobin_ecdsa.AddNamedCurve(S256(), OIDNamedCurveSecp256k1) + + t.Run("PKCS8", func(t *testing.T) { + curue := S256() + + priv, err := ecdsa.GenerateKey(curue, rand.Reader) + if err != nil { + t.Fatal(err) + } + + pub := priv.Public().(*ecdsa.PublicKey) + + pubDer, err := cryptobin_ecdsa.MarshalPublicKey(pub) + if err != nil { + t.Fatal(err) + } + privDer, err := cryptobin_ecdsa.MarshalPrivateKey(priv) + if err != nil { + t.Fatal(err) + } + + if len(privDer) == 0 { + t.Error("expected export key Der error: priv") + } + if len(pubDer) == 0 { + t.Error("expected export key Der error: pub") + } + + newPub, err := cryptobin_ecdsa.ParsePublicKey(pubDer) + if err != nil { + t.Fatal(err) + } + newPriv, err := cryptobin_ecdsa.ParsePrivateKey(privDer) + if err != nil { + t.Fatal(err) + } + + if !newPriv.Equal(priv) { + t.Error("Marshal privekey error") + } + if !newPub.Equal(pub) { + t.Error("Marshal public error") + } + }) + + t.Run("PKCS1", func(t *testing.T) { + curue := S256() + + priv, err := ecdsa.GenerateKey(curue, rand.Reader) + if err != nil { + t.Fatal(err) + } + + privDer, err := cryptobin_ecdsa.MarshalECPrivateKey(priv) + if err != nil { + t.Fatal(err) + } + + if len(privDer) == 0 { + t.Error("expected export key Der error: EC priv") + } + + newPriv, err := cryptobin_ecdsa.ParseECPrivateKey(privDer) + if err != nil { + t.Fatal(err) + } + + if !newPriv.Equal(priv) { + t.Error("Marshal EC privekey error") + } + }) +} diff --git a/elliptic/weierstrass/weierstrass.go b/elliptic/weierstrass/weierstrass.go index 7c11d15d..cca8baff 100644 --- a/elliptic/weierstrass/weierstrass.go +++ b/elliptic/weierstrass/weierstrass.go @@ -1,55 +1,23 @@ package weierstrass -// Support for short Weierstrass elliptic curves -// http://www.secg.org/SEC2-Ver-1.0.pdf - import ( - "sync" - "math/big" + "encoding/asn1" "crypto/elliptic" ) +// Support for short Weierstrass elliptic curves +// http://www.secg.org/SEC2-Ver-1.0.pdf + var ( - once sync.Once - p160k1, p160r1, p160r2, p192k1, p192r1, p224k1, p256k1 *elliptic.CurveParams + OIDNamedCurveSecp160k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 9} + OIDNamedCurveSecp160r1 = asn1.ObjectIdentifier{1, 3, 132, 0, 8} + OIDNamedCurveSecp160r2 = asn1.ObjectIdentifier{1, 3, 132, 0, 30} + OIDNamedCurveSecp192k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 31} + OIDNamedCurveSecp192r1 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 1} + OIDNamedCurveSecp224k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 32} + OIDNamedCurveSecp256k1 = asn1.ObjectIdentifier{1, 3, 132, 0, 10} ) -func initAll() { - initP160r1() - initP160r2() - initP192r1() -} - -func initP160r1() { - p160r1 = new(elliptic.CurveParams) - p160r1.P, _ = new(big.Int).SetString("ffffffffffffffffffffffffffffffff7fffffff", 16) - p160r1.N, _ = new(big.Int).SetString("0100000000000000000001f4c8f927aed3ca752257", 16) - p160r1.B, _ = new(big.Int).SetString("1c97befc54bd7a8b65acf89f81d4d4adc565fa45", 16) - p160r1.Gx, _ = new(big.Int).SetString("4a96b5688ef573284664698968c38bb913cbfc82", 16) - p160r1.Gy, _ = new(big.Int).SetString("23a628553168947d59dcc912042351377ac5fb32", 16) - p160r1.BitSize = 160 -} - -func initP160r2() { - p160r2 = new(elliptic.CurveParams) - p160r2.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 16) - p160r2.N, _ = new(big.Int).SetString("0100000000000000000000351EE786A818F3A1A16B", 16) - p160r2.B, _ = new(big.Int).SetString("B4E134D3FB59EB8BAB57274904664D5AF50388BA", 16) - p160r2.Gx, _ = new(big.Int).SetString("52DCB034293A117E1F4FF11B30F7199D3144CE6D", 16) - p160r2.Gy, _ = new(big.Int).SetString("FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", 16) - p160r2.BitSize = 160 -} - -func initP192r1() { - p192r1 = new(elliptic.CurveParams) - p192r1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 16) - p192r1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 16) - p192r1.B, _ = new(big.Int).SetString("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", 16) - p192r1.Gx, _ = new(big.Int).SetString("188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", 16) - p192r1.Gy, _ = new(big.Int).SetString("07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", 16) - p192r1.BitSize = 192 -} - func P160r1() elliptic.Curve { once.Do(initAll) return p160r1 diff --git a/elliptic/weierstrass/weierstrass_curves.go b/elliptic/weierstrass/weierstrass_curves.go new file mode 100644 index 00000000..af8cbbc1 --- /dev/null +++ b/elliptic/weierstrass/weierstrass_curves.go @@ -0,0 +1,49 @@ +package weierstrass + +import ( + "sync" + "math/big" + "crypto/elliptic" +) + +var ( + once sync.Once + p160k1, p160r1, p160r2 *elliptic.CurveParams + p192k1, p192r1, p224k1, p256k1 *elliptic.CurveParams +) + +func initAll() { + initP160r1() + initP160r2() + initP192r1() +} + +func initP160r1() { + p160r1 = new(elliptic.CurveParams) + p160r1.P, _ = new(big.Int).SetString("ffffffffffffffffffffffffffffffff7fffffff", 16) + p160r1.N, _ = new(big.Int).SetString("0100000000000000000001f4c8f927aed3ca752257", 16) + p160r1.B, _ = new(big.Int).SetString("1c97befc54bd7a8b65acf89f81d4d4adc565fa45", 16) + p160r1.Gx, _ = new(big.Int).SetString("4a96b5688ef573284664698968c38bb913cbfc82", 16) + p160r1.Gy, _ = new(big.Int).SetString("23a628553168947d59dcc912042351377ac5fb32", 16) + p160r1.BitSize = 160 +} + +func initP160r2() { + p160r2 = new(elliptic.CurveParams) + p160r2.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 16) + p160r2.N, _ = new(big.Int).SetString("0100000000000000000000351EE786A818F3A1A16B", 16) + p160r2.B, _ = new(big.Int).SetString("B4E134D3FB59EB8BAB57274904664D5AF50388BA", 16) + p160r2.Gx, _ = new(big.Int).SetString("52DCB034293A117E1F4FF11B30F7199D3144CE6D", 16) + p160r2.Gy, _ = new(big.Int).SetString("FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", 16) + p160r2.BitSize = 160 +} + +func initP192r1() { + p192r1 = new(elliptic.CurveParams) + p192r1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 16) + p192r1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 16) + p192r1.B, _ = new(big.Int).SetString("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", 16) + p192r1.Gx, _ = new(big.Int).SetString("188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", 16) + p192r1.Gy, _ = new(big.Int).SetString("07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", 16) + p192r1.BitSize = 192 +} diff --git a/pubkey/bip0340/params.go b/pubkey/bip0340/params.go index 6479b804..1ce531cc 100644 --- a/pubkey/bip0340/params.go +++ b/pubkey/bip0340/params.go @@ -28,7 +28,7 @@ func (curve *CurveParams) Params() *elliptic.CurveParams { } } -// polynomial returns x3 + 7. +// polynomial returns x^3 + 7. func (curve *CurveParams) polynomial(x *big.Int) *big.Int { x3 := new(big.Int).Mul(x, x) x3.Mul(x3, x) @@ -48,7 +48,7 @@ func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool { return false } - // y² = x3 + 7 + // y² = x^3 + 7 y2 := new(big.Int).Mul(y, y) y2.Mod(y2, curve.P)