Thanks for reply.
Correct me if I am wrong, the R point, which is the "ephemeral" or
temporary point on the elliptic curve, is calculated in the
ECDSA_sign_setup function. Is that right? If it is, then its value is also
lost in that function because the memory containing is freed at the end of
the function. So if I need it, I have to modify the code to bring it out.
Am I right? (Frankly, I hope to be wrong because I hope there is another
way for me to get R from signature->r and signature->s or private key or
something without changing the source code of OpenSSL).
And thanks for the feedback on my code.
Regards,
Chuong D. Khuc
On 5/25/12 4:39 PM, "Matt Caswell (fr...@baggins.org)" <fr...@baggins.org>
wrote:
>On 25/05/12 14:41, Khuc, Chuong D. wrote:
>> Wow, that is a lot of good information. Thanks, Matt. And I am still
>>trying to digest the first paragraph. So do you mean the R value that I
>>mentioned is actually the public key?
>No, R is just a random point...different for every signature. The public
>key is also a point - but different to R.
>
>> And if I was provided
>> with a private key, are the following lines of code appropriate to
>>compute
>> the public key and get its x-y coordinates?
>>
>> EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp256k1);
>> if(eckey == NULL)
>> {
>> printf("ERROR: NULL EC_KEY!\r\n");
>> }
>> else
>> {
>> BIGNUM *retbn;
>> retbn = BN_bin2bn(tempkey,32,NULL); // tempkey is an array of 32
>>u_char
>> if(EC_KEY_set_private_key(eckey,retbn)!=1)
>> {
>> printf("ERROR: Fail to set private key!\r\n");
>> }
>You probably want to goto an error location after the printf...you don't
>want to fall through to the next section of code! Same for the error
>conditions below.
>> EC_POINT* pub_key = EC_POINT_new(EC_KEY_get0_group(eckey));
>>
>>if(EC_POINT_mul(EC_KEY_get0_group(eckey),pub_key,retbn,NULL,NULL,NULL)
>>!= 1)
>> {
>> printf("ERROR: Fail to generate public key!\r\n");
>> }
>> if(EC_KEY_set_public_key(eckey,pub_key) != 1)
>> {
>> printf("ERROR: Can't set public key!\r\n");
>> }
>
>Yes - all of this looks fine at a glance.
>
>> BIGNUM *x_coord = BN_new();
>> BIGNUM *y_coord = BN_new();
>> // IS THIS THE RIGHT WAY TO GET X-Y COORDINATES?
>> if(EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(eckey),
>> EC_KEY_get0_public_keyeckey), x_coord, y_coord, NULL)!=1)
>> {
>> printf("ERROR: Fail to get affine coordinates!\r\n");
>> }
>> }
>Yes - that is a valid way to get the x/y coords - as long as you are
>using a GFp curve (which in this example code you are). Other curves may
>require you to call EC_POINT_get_affine_coordinates_GF2m.
>
>However if your intention is to write out the public key in a
>"compressed" form as discussed in the previous email then you don't need
>to actually get the coords. You can just use:
>
> BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
> point_conversion_form_t form, BIGNUM *, BN_CTX *);
>
>or
>
> size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
> point_conversion_form_t form,
> unsigned char *buf, size_t len, BN_CTX *ctx);
>
>
>Matt
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List openssl-users@openssl.org
>Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
