Add Weierstrass Curve 25519 #207
Conversation
There was a problem hiding this comment.
- What's the usefulness of a Weirstrass representation of Curve25519? It won't interoperate with X25519 or Ed25519 implementations without additional code (projecting the results back and forth between Weierstrass and Edwards representations)
- To be clear, I have nothing against adding support for X25519 or Ed25519, but I don't think the high level interface should expose the Weirstrass representation used on the backend
- Test coverage missing
- Please fix the email used in the commit: either change it to the one you use for github or add it as an alternative one in your profile (if you are the author)
src/ecdsa/__init__.py
Outdated
| BRAINPOOLP320r1, | ||
| BRAINPOOLP384r1, | ||
| BRAINPOOLP512r1, | ||
| Curve25519Weier, |
There was a problem hiding this comment.
I'd prefer the full name "Curve25519Weierstrass"
but then I've found at least https://tools.ietf.org/id/draft-struik-lwip-curve-representations-00.html referring to it as "Wei25519"
There was a problem hiding this comment.
That PR in Javascript library uses different name still... How does BouncyCastle call it?
There was a problem hiding this comment.
yeah, though the docs are explicit that it's non-standard: https://github.com/bcgit/bc-java/blob/738dfc0132323d66ad27e7ec366666ed3e0638ab/core/src/main/javadoc/org/bouncycastle/math/ec/custom/djb/package.html
so I'd prefer the https://tools.ietf.org/html/draft-ietf-lwig-curve-representations-11 naming
src/ecdsa/ecdsa.py
Outdated
|
|
||
| curve_25519_weier = ellipticcurve.CurveFp(_p, _a, _b, 1) | ||
| generator_25519_weier = ellipticcurve.PointJacobi( | ||
| curve_25519_weier, _Gx, _Gy, 1, _r, generator=True) |
There was a problem hiding this comment.
nit: newline missing
nit: closing paren needs to be on next line, black will complain otherwise
src/ecdsa/curves.py
Outdated
| Curve25519Weier = Curve("Curve25519Weier", | ||
| ecdsa.curve_25519_weier, | ||
| ecdsa.generator_25519_weier, | ||
| (1, 3, 101, 110)) |
There was a problem hiding this comment.
this is not the correct OID, this is an OID for X25519
There was a problem hiding this comment.
I really do not know what is the actually OID of Weierstrass Form of Curve 25519 (aka wei25519). Please suggest
There was a problem hiding this comment.
I don't know, that's the first time I've heard of people actually using Curve25519 in Weierstrass form...
Check what OID BouncyCastle uses when you write the key to PKCS#8 file?
There was a problem hiding this comment.
I searched from the web. I really could not find the OID for Wei25519. How could I solve this situation?
There was a problem hiding this comment.
Could you generate the Wei25519 key using BouncyCastle, save it to a PKCS#8 file and post here?
There was a problem hiding this comment.
-----BEGIN EC PRIVATE KEY-----
MIIBTwIBAQQgDH+gRomUb4CHd+xaBRNBRlpoGbuATwVo+Jk6b8Uy/feggeEwgd4C
AQEwKwYHKoZIzj0BAQIgf////////////////////////////////////////+0w
RAQgKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqmEkUoUQEIHtCXtCXtCXtCXtC
XtCXtCXtCXtCXtCXtCYLXpx3EMhkBEEEKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
qqqqqqqtJFogrhmhuKCGtOAe3Sx3SNFMkj1Nfm18YbIp6cWifs7T2QIgEAAAAAAA
AAAAAAAAAAAAABTe+d6i95zWWBJjGlz10+0CAQihRANCAAQcnP48Ark4a7C6sgBO
Fb2LOY4+StfnnO3Hfx5TqeUhfXhOaTH7A4lMLfMvtIGNapdHM114uHACjRf5Qh2a
OGKp
-----END EC PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIIBMTCB6gYHKoZIzj0CATCB3gIBATArBgcqhkjOPQEBAiB/////////////////
////////////////////////7TBEBCAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
qqqYSRShRAQge0Je0Je0Je0Je0Je0Je0Je0Je0Je0Je0JgtenHcQyGQEQQQqqqqq
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq0kWiCuGaG4oIa04B7dLHdI0UySPU1+
bXxhsinpxaJ+ztPZAiAQAAAAAAAAAAAAAAAAAAAAFN753qL3nNZYEmMaXPXT7QIB
CANCAAQcnP48Ark4a7C6sgBOFb2LOY4+StfnnO3Hfx5TqeUhfXhOaTH7A4lMLfMv
tIGNapdHM114uHACjRf5Qh2aOGKp
-----END PUBLIC KEY-----
There was a problem hiding this comment.
hmm, so both the private and public key save the curve parameters with the key, they don't use the name/OID; while valid, that's not supported in python-ecdsa: #39
Is there an api setting in BC to save using named_curve format (instead of the explicit format it used)?
There was a problem hiding this comment.
I am not sure that I understand your question correctly. Do you mean to embed the curve name in the keys?
There was a problem hiding this comment.
essentially yes
For ECDSA keys (which mathematically speaking are points on a 2D plane) an application that uses them needs to know on what curve they lay on, that information needs to be encoded in the private and public keys or transferred out of band. When it's included in the files, there are 3 possible encodings: explicit parameters, where the constants that define the curve are spelled out explicitly, as a set of integers; named_curve, where the curve is identified only as an OID, that usually is then transformed into human-readable name, like secp256r1; or "implicit", where the curve parameters are supposed to be taken from the CA certificate that signed the public key (I didn't see any software that supports it though)
See https://tools.ietf.org/html/rfc5480#section-2.1.1
in both files the curve parameters are encoded explicitly
A bit of quick googling suggests that the parameters needs to be created using X962NamedCurves.GetOid("prime256v1") : https://stackoverflow.com/a/9432083/462370 but I don't know if you're using .NET or the Java BC
Side note: the "-----BEGIN EC PRIVATE KEY-----" is the legacy, OpenSSL format, PKCS#8 has "-----BEGIN PRIVATE KEY-----" header, that being said both support the different ways of encoding the curve parameters
Thank you for your feedback. |
src/ecdsa/curves.py
Outdated
| Curve25519Weier = Curve("Curve25519Weier", | ||
| ecdsa.curve_25519_weier, | ||
| ecdsa.generator_25519_weier, | ||
| (1, 3, 101, 110)) |
There was a problem hiding this comment.
I don't know, that's the first time I've heard of people actually using Curve25519 in Weierstrass form...
Check what OID BouncyCastle uses when you write the key to PKCS#8 file?
src/ecdsa/__init__.py
Outdated
| BRAINPOOLP320r1, | ||
| BRAINPOOLP384r1, | ||
| BRAINPOOLP512r1, | ||
| Curve25519Weier, |
There was a problem hiding this comment.
That PR in Javascript library uses different name still... How does BouncyCastle call it?
With no details, I really can't help you. The tox config runs with different python versions, maybe try running with just the version you have installed? If you have python 3.7, then run it as
I still see 37af1db with email unlinked to any github account... Are you sure you force pushed this change? |
|
side note: adding interoperability tests with Bouncy Castle (like there are with OpenSSL) would be really awesome |
Change name Curve25519Weier to Wei25519 refer from https://tools.ietf.org/html/draft-ietf-lwig-curve-representations-11
1 similar comment
There was a problem hiding this comment.
- Please fix flake warnings: https://travis-ci.org/github/warner/python-ecdsa/jobs/717847859#L374
- Add unit tests (BouncyCastle generated keys and signatures we can compare or try to verify would be nice, online tests with BouncyCastle would be perfect)
- we need to figure out OID handling, and that brings us back to how BC handles it, which is point 2
| ecdsa.curve_wei_25519, | ||
| ecdsa.generator_wei_25519, | ||
| (1, 3, 101, 110), | ||
| "wei25519") |
There was a problem hiding this comment.
if a curve isn't supported in OpenSSL we shouldn't add its openssl_name, it's just that we didn't have curves like that before, so the test suite can't handle it correctly—i.e. empty openssl_name should be supported in test suite, the fact it's not is a bug
|
@pranithan-kang do you plan to continue work on this? |
|
@tomato42 I have no idea how to deal with test suite and OpenSSL. This work is quite far from my ability. I think you can reject this pull request. |
|
@pranithan-kang side note: I've just released 0.17.0 that includes support for loading curve parameters from files and both reading and writing keys with explicit curve parameters |
|
Developer team adds the feature to include support for loading curve parameters from files and both reading and writing keys with explicit curve parameters as stated above |
No description provided.