Custom EC curve NID_secp256k1

1. From 475dcc4a0ad77e81333be32f7833cdc9a4bc6548 Mon Sep 17 00:00:00 2001
2. From: fedora_user@example.com
3. Date: Mon, 9 Dec 2013 20:59:10 +0000
4. Subject: [PATCH] Custom EC curve NID_secp256k1
5.  
6. Patch for bitcoin git with openssl, which is supporting ECC,
7. but missing NID_secp256k1.
8.  
9. Donate to 1MyBTCJepaaM6Bs4iJgew3tVZbuUWunBV7
10. ---
11. src/key.cpp | 164 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
12.  1 file changed, 162 insertions(+), 2 deletions(-)
13.  
14. diff --git a/src/key.cpp b/src/key.cpp
15. index b57b7c5..5a3684b 100644
16. --- a/src/key.cpp
17. +++ b/src/key.cpp
18. @@ -8,10 +8,170 @@
19.  #include <openssl/ecdsa.h>
20.  #include <openssl/obj_mac.h>
21.  #include <openssl/rand.h>
22. +#include <openssl/err.h>
23.  
24.  // anonymous namespace with local implementation code (OpenSSL interaction)
25.  namespace {
26.  
27. +typedef struct {
28. +    int    field_type, /* either NID_X9_62_prime_field or
29. +                         * NID_X9_62_characteristic_two_field */
30. +        seed_len,
31. +        param_len;
32. +    unsigned int cofactor; /* promoted to BN_ULONG */
33. +} EC_CURVE_DATA;
34. +
35. +static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; }
36. +    _EC_SECG_PRIME_256K1 = {
37. +        { NID_X9_62_prime_field,0,32,1 },
38. +        {                          /* no seed */
39. +            0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */
40. +            0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
41. +            0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,
42. +            0xFC,0x2F,
43. +            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */
44. +            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
45. +            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
46. +            0x00,0x00,
47. +            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */
48. +            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
49. +            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
50. +            0x00,0x07,
51. +            0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0, /* x */
52. +            0x62,0x95,0xCE,0x87,0x0B,0x07,0x02,0x9B,0xFC,0xDB,
53. +            0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
54. +            0x17,0x98,
55. +            0x48,0x3a,0xda,0x77,0x26,0xa3,0xc4,0x65,0x5d,0xa4, /* y */
56. +            0xfb,0xfc,0x0e,0x11,0x08,0xa8,0xfd,0x17,0xb4,0x48,
57. +            0xa6,0x85,0x54,0x19,0x9c,0x47,0xd0,0x8f,0xfb,0x10,
58. +            0xd4,0xb8,
59. +            0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */
60. +            0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,
61. +            0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,0x8C,0xD0,0x36,
62. +            0x41,0x41 }
63. +    };
64. +
65. +static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
66. +{
67. +    EC_GROUP *group=NULL;
68. +    EC_POINT *P=NULL;
69. +    BN_CTX  *ctx=NULL;
70. +    BIGNUM  *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
71. +    int     ok=0;
72. +    int     seed_len,param_len;
73. +    const unsigned char *params;
74. +
75. +    if ((ctx = BN_CTX_new()) == NULL) {
76. +        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
77. +        goto err;
78. +    }
79. +
80. +    seed_len  = data->seed_len;
81. +    param_len = data->param_len;
82. +    params   = (const unsigned char *)(data+1);    /* skip header */
83. +    params  += seed_len;               /* skip seed   */
84. +
85. +    if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL))
86. +        || !(a = BN_bin2bn(params+1*param_len, param_len, NULL))
87. +        || !(b = BN_bin2bn(params+2*param_len, param_len, NULL))) {
88. +        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
89. +        goto err;
90. +    }
91. +
92. +    if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
93. +        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
94. +        goto err;
95. +    }
96. +
97. +    if ((P = EC_POINT_new(group)) == NULL) {
98. +        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
99. +        goto err;
100. +    }
101. +
102. +    if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL))
103. +        || !(y = BN_bin2bn(params+4*param_len, param_len, NULL))) {
104. +        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
105. +        goto err;
106. +    }
107. +    if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
108. +        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
109. +        goto err;
110. +    }
111. +    if (!(order = BN_bin2bn(params+5*param_len, param_len, NULL))
112. +        || !BN_set_word(x, (BN_ULONG)data->cofactor))
113. +    {
114. +        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
115. +        goto err;
116. +    }
117. +    if (!EC_GROUP_set_generator(group, P, order, x)) {
118. +        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
119. +        goto err;
120. +    }
121. +    if (seed_len) {
122. +        if (!EC_GROUP_set_seed(group, params-seed_len, seed_len)) {
123. +            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
124. +            goto err;
125. +        }
126. +    }
127. +    ok=1;
128. +err:
129. +    if (!ok) {
130. +        EC_GROUP_free(group);
131. +        group = NULL;
132. +    }
133. +    if (P)
134. +        EC_POINT_free(P);
135. +    if (ctx)
136. +        BN_CTX_free(ctx);
137. +    if (p)
138. +        BN_free(p);
139. +    if (a)
140. +        BN_free(a);
141. +    if (b)
142. +        BN_free(b);
143. +    if (order)
144. +        BN_free(order);
145. +    if (x)
146. +        BN_free(x);
147. +    if (y)
148. +        BN_free(y);
149. +    return group;
150. +}
151. +
152. +EC_GROUP *EC_GROUP_new_by_curve_name_NID_secp256k1(void)
153. +{
154. +    static EC_GROUP *group = NULL;
155. +
156. +    if (group == NULL) {
157. +#ifdef HAVE_NID_SECP256K1
158. +        group = EC_GROUP_new_by_curve_name(NID_secp256k1);
159. +#else
160. +        group = ec_group_new_from_data(&_EC_SECG_PRIME_256K1.h);
161. +#endif
162. +    }
163. +
164. +    return group;
165. +}
166. +
167. +EC_KEY *EC_KEY_new_by_curve_name_NID_secp256k1(void)
168. +{
169. +    EC_KEY *ret = NULL;
170. +    EC_GROUP *group = EC_GROUP_new_by_curve_name_NID_secp256k1();
171. +
172. +    if (group == NULL)
173. +        return NULL;
174. +
175. +    ret = EC_KEY_new();
176. +
177. +    if (ret == NULL)
178. +        return NULL;
179. +
180. +    EC_KEY_set_group(ret, group);
181. +
182. +    return ret;
183. +}
184. +
185. +
186.  // Generate a private key from just the secret parameter
187.  int EC_KEY_regenerate_key(EC_KEY *eckey, BIGNUM *priv_key)
188.  {
189. @@ -130,7 +290,7 @@ private:
190.  
191.  public:
192.      CECKey() {
193. -        pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
194. +        pkey = EC_KEY_new_by_curve_name_NID_secp256k1();
195.          assert(pkey != NULL);
196.      }
197.  
198. @@ -288,7 +448,7 @@ public:
199.          BIGNUM *bnSecret = BN_CTX_get(ctx);
200.          BIGNUM *bnTweak = BN_CTX_get(ctx);
201.          BIGNUM *bnOrder = BN_CTX_get(ctx);
202. -        EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1);
203. +        EC_GROUP *group = EC_GROUP_new_by_curve_name_NID_secp256k1();
204.          EC_GROUP_get_order(group, bnOrder, ctx); // what a grossly inefficient way to get the (constant) group order...
205.          BN_bin2bn(vchTweak, 32, bnTweak);
206.          if (BN_cmp(bnTweak, bnOrder) >= 0)
207. --
208. 1.8.4.2