RE: found half of it: EC key gen

[Dave Thompson]

 From: owner-openssl-us...@openssl.org On Behalf Of dave
 Sent: Monday, August 04, 2014 15:50

 I have it that the elliptic multiply is not standard.  So I have been
 skip tracing though the code.
 It starts with ec_key.c, with   EC_KEY_generate_key.  This grabs the
 group or or the particular curves prime field size.  It then uses this

No, it uses the order of the generator or equivalently the subgroup 
generated by the generator and used for operations. For a curve
over a prime field Zp the subgroup order is either slightly less than p
or slightly less than p divided by a small integer called the cofactor 
(small meaning usually 2 or 4). For a curve over a binary (m-bit) field 
the order is somewhat less than 2^m, or that divided by a small cofactor.

 as the range for   bn_rand_range.  This is in bn_rand.c.  In that it
 uses the first half which is bnrand.  That grabs the time and shifts it
 around to start the process.  Since the order or range is a large number

It logically adds the current time (assuming available) to the entropy pool.
Adding entropy is done by mixing bits in a fashion that should depend on 
both/all inputs in a complicated way, but I haven't looked recently. Using 
*only* the current time to seed random generation would not be secure,
and is a common mistake by inexperienced people.

 in hex it looks like the output of the private key is also in hex.

The private key is a large (integer) number. There are many ways of 
representing integers. Hex is a common way of representing large integers,
because it can easily be broken up into, or formed from, 8-bit bytes or
other 
power-of-2 size units that are common on modern computers. In particular 
when an EC private key is stored in the standard ASN.1 format defined in
X9.62 
and used in among others PKCS#8 and PKCS#12, the privatekey is stored as 
ASN.1 integer which some tools including openssl asn1parse show in hex.

 After that the generate key does the point multiply to make the public.
   Is there some other variable used here that I am missing?
 
Doesn't sound like it.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: found half of it: EC key gen

[dave paxton]

Thanks,  OK I got the rest of the way through the tangled mess.  The
question is there someone out there that can skip trace through the
subroutines that can put together a tight code set on how this works? 
One command walk through to start from the beginning to the end which is
the key feedback.  If there are some good c++ people out there that
might want to spend a day on it I can pay for the time.

Dave

On 8/7/2014 6:58 PM, Dave Thompson wrote:
 From: owner-openssl-us...@openssl.org On Behalf Of dave
 Sent: Monday, August 04, 2014 15:50
 I have it that the elliptic multiply is not standard.  So I have been
 skip tracing though the code.
 It starts with ec_key.c, with   EC_KEY_generate_key.  This grabs the
 group or or the particular curves prime field size.  It then uses this
 No, it uses the order of the generator or equivalently the subgroup 
 generated by the generator and used for operations. For a curve
 over a prime field Zp the subgroup order is either slightly less than p
 or slightly less than p divided by a small integer called the cofactor 
 (small meaning usually 2 or 4). For a curve over a binary (m-bit) field 
 the order is somewhat less than 2^m, or that divided by a small cofactor.

 as the range for   bn_rand_range.  This is in bn_rand.c.  In that it
 uses the first half which is bnrand.  That grabs the time and shifts it
 around to start the process.  Since the order or range is a large number
 It logically adds the current time (assuming available) to the entropy pool.
 Adding entropy is done by mixing bits in a fashion that should depend on 
 both/all inputs in a complicated way, but I haven't looked recently. Using 
 *only* the current time to seed random generation would not be secure,
 and is a common mistake by inexperienced people.

 in hex it looks like the output of the private key is also in hex.
 The private key is a large (integer) number. There are many ways of 
 representing integers. Hex is a common way of representing large integers,
 because it can easily be broken up into, or formed from, 8-bit bytes or
 other 
 power-of-2 size units that are common on modern computers. In particular 
 when an EC private key is stored in the standard ASN.1 format defined in
 X9.62 
 and used in among others PKCS#8 and PKCS#12, the privatekey is stored as 
 ASN.1 integer which some tools including openssl asn1parse show in hex.

 After that the generate key does the point multiply to make the public.
   Is there some other variable used here that I am missing?

 Doesn't sound like it.


 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org

-- 
Dave Paxton
dpax...@me.com
208 570 9755
skype: dpaxton

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org