Merge pull request #521 from cplussharp/p521

Support P-521 curve
kjur · Nov 20, 2021 · 4af3e98 · 4af3e98
2 parents ec348fc + fae1b81
commit 4af3e98
Show file tree

Hide file tree

Showing 11 changed files with 779 additions and 20 deletions.
diff --git a/sample/sample-ecdsa.html b/sample/sample-ecdsa.html
@@ -84,6 +84,7 @@ <h4>(Step1) choose supported EC curve name and generate key pair</h4>
 <option value="secp256r1">secp256r1 (= NIST P-256, P-256, prime256v1)
 <option value="secp256k1">secp256k1
 <option value="secp384r1">secp384r1 (= NIST P-384, P-384)
+<option value="secp521r1">secp521r1 (= NIST P-521, P-521)
 </select><br/>
 <input type="button" value="generate EC key pair" onClick="doGenerate();"/><br/>
 <p>

diff --git a/src/asn1x509-1.0.js b/src/asn1x509-1.0.js
@@ -4162,6 +4162,7 @@ KJUR.asn1.x509.OID = new function(params) {
         'secp256r1':            '1.2.840.10045.3.1.7',
         'secp256k1':            '1.3.132.0.10',
         'secp384r1':            '1.3.132.0.34',
+        'secp521r1':            '1.3.132.0.35',
 
         'pkcs5PBES2':           '1.2.840.113549.1.5.13',
         'pkcs5PBKDF2':          '1.2.840.113549.1.5.12',

diff --git a/src/crypto-1.1.js b/src/crypto-1.1.js
@@ -1012,6 +1012,7 @@ KJUR.crypto.Mac = function(params) {
  * <li>secp256k1</li>
  * <li>secp256r1, NIST P-256, P-256, prime256v1</li>
  * <li>secp384r1, NIST P-384, P-384</li>
+ * <li>secp521r1, NIST P-521, P-521</li>
  * </ul>
  * NOTE1: DSA signing algorithm is also supported since crypto 1.1.5.
  * <h4>EXAMPLES</h4>
@@ -1512,8 +1513,8 @@ KJUR.crypto.OID = new function() {
 	'2b8104001f': 'secp192k1',
 	'2b81040021': 'secp224r1',
 	'2b8104000a': 'secp256k1',
-	'2b81040023': 'secp521r1',
 	'2b81040022': 'secp384r1',
+	'2b81040023': 'secp521r1',
 	'2a8648ce380403': 'SHA1withDSA', // 1.2.840.10040.4.3
 	'608648016503040301': 'SHA224withDSA', // 2.16.840.1.101.3.4.3.1
 	'608648016503040302': 'SHA256withDSA', // 2.16.840.1.101.3.4.3.2

diff --git a/src/ecdsa-modified-1.0.js b/src/ecdsa-modified-1.0.js
@@ -39,6 +39,7 @@ if (typeof KJUR.crypto == "undefined" || !KJUR.crypto) KJUR.crypto = {};
  * <li>secp256r1, NIST P-256, P-256, prime256v1 (*)</li>
  * <li>secp256k1 (*)</li>
  * <li>secp384r1, NIST P-384, P-384 (*)</li>
+ * <li>secp521r1, NIST P-521, P-521 (*)</li>
  * </ul>
  * </p>
  */
@@ -134,7 +135,7 @@ KJUR.crypto.ECDSA = function(params) {
 	if (h.substr(0, 2) !== "04")
 	    throw "this method supports uncompressed format(04) only";
 
-	var charlen = this.ecparams.keylen / 4;
+	var charlen = this.ecparams.keycharlen;
 	if (h.length !== 2 + charlen * 2)
 	    throw "malformed public key hex length";
 
@@ -162,6 +163,8 @@ KJUR.crypto.ECDSA = function(params) {
 	    return "P-256";
 	if (s === "secp384r1" || s === "NIST P-384" || s === "P-384")
 	    return "P-384";
+	if (s === "secp521r1" || s === "NIST P-521" || s === "P-521")
+	    return "P-521";
 	return null;
     };
 
@@ -181,21 +184,37 @@ KJUR.crypto.ECDSA = function(params) {
     this.generateKeyPairHex = function() {
 	var biN = this.ecparams['n'];
 	var biPrv = this.getBigRandom(biN);
-	var epPub = this.ecparams['G'].multiply(biPrv);
-	var biX = epPub.getX().toBigInteger();
-	var biY = epPub.getY().toBigInteger();
-
-	var charlen = this.ecparams['keylen'] / 4;
+	var charlen = this.ecparams.keycharlen;
 	var hPrv = ("0000000000" + biPrv.toString(16)).slice(- charlen);
-	var hX   = ("0000000000" + biX.toString(16)).slice(- charlen);
-	var hY   = ("0000000000" + biY.toString(16)).slice(- charlen);
-	var hPub = "04" + hX + hY;
-
 	this.setPrivateKeyHex(hPrv);
-	this.setPublicKeyHex(hPub);
+	hPub = this.generatePublicKeyHex();
 	return {'ecprvhex': hPrv, 'ecpubhex': hPub};
     };
 
+	/**
+     * generate public key for EC private key
+     * @name generatePublicKeyHex
+     * @memberOf KJUR.crypto.ECDSA#
+     * @function
+     * @return {String} associative array of hexadecimal string of private and public key
+     * @example
+     * var ec = new KJUR.crypto.ECDSA({'curve': 'secp256r1', 'prv': prvHex});
+     * var pubhex = ec.generatePublicKeyHex(); // hexadecimal string of EC public key
+     * var pub ec.getPublicKeyXYHex() &rarr; { x: '01bacf...', y: 'c3bc22...' }
+     */
+	this.generatePublicKeyHex = function() {
+		var biPrv = new _BigInteger(this.prvKeyHex, 16);
+		var epPub = this.ecparams['G'].multiply(biPrv);
+		var biX = epPub.getX().toBigInteger();
+		var biY = epPub.getY().toBigInteger();
+		var charlen = this.ecparams.keycharlen;;
+		var hX   = ("0000000000" + biX.toString(16)).slice(- charlen);
+		var hY   = ("0000000000" + biY.toString(16)).slice(- charlen);
+		var hPub = "04" + hX + hY;
+		this.setPublicKeyHex(hPub);
+		return hPub;
+	}
+
     this.signWithMessageHash = function(hashHex) {
 	return this.signHex(hashHex, this.prvKeyHex);
     };
@@ -218,7 +237,7 @@ KJUR.crypto.ECDSA = function(params) {
 	var n = this.ecparams['n'];
 
 	// message hash is truncated with curve key length (FIPS 186-4 6.4)
-        var e = new _BigInteger(hashHex.substring(0, this.ecparams.keylen / 4), 16);
+        var e = new _BigInteger(hashHex.substring(0, this.ecparams.keycharlen), 16);
 
 	do {
 	    var k = this.getBigRandom(n);
@@ -277,7 +296,7 @@ KJUR.crypto.ECDSA = function(params) {
 	    var Q = _ECPointFp.decodeFromHex(this.ecparams['curve'], pubkeyHex);
 
 	    // message hash is truncated with curve key length (FIPS 186-4 6.4)
-            var e = new _BigInteger(hashHex.substring(0, this.ecparams.keylen / 4), 16);
+            var e = new _BigInteger(hashHex.substring(0, this.ecparams.keycharlen), 16);
 
 	    return this.verifyRaw(e, r, s, Q);
 	} catch (ex) {
@@ -846,10 +865,12 @@ KJUR.crypto.ECDSA.getName = function(s) {
     if (s === "2b8104000a") return "secp256k1"; // 1.3.132.0.10
     if (s === "2b81040021") return "secp224r1"; // 1.3.132.0.33
     if (s === "2b81040022") return "secp384r1"; // 1.3.132.0.34
+	if (s === "2b81040023") return "secp521r1"; // 1.3.132.0.35
     if ("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(s) !== -1) return "secp256r1";
     if ("|secp256k1|".indexOf(s) !== -1) return "secp256k1";
     if ("|secp224r1|NIST P-224|P-224|".indexOf(s) !== -1) return "secp224r1";
     if ("|secp384r1|NIST P-384|P-384|".indexOf(s) !== -1) return "secp384r1";
+	if ("|secp521r1|NIST P-521|P-521|".indexOf(s) !== -1) return "secp521r1";
     return null;
 };
 

diff --git a/src/ecparam-1.0.js b/src/ecparam-1.0.js
@@ -107,6 +107,7 @@ KJUR.crypto.ECParameterDB = new function() {
         var G = curve.decodePointHex("04" + gxHex + gyHex);
 	db[name]['name'] = name;
 	db[name]['keylen'] = keylen;
+  db[name]['keycharlen'] = Math.ceil(keylen / 8) * 2; // for P-521
         db[name]['curve'] = curve;
         db[name]['G'] = G;
         db[name]['n'] = n;
@@ -242,7 +243,7 @@ KJUR.crypto.ECParameterDB.regist(
   "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", // b
   "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", // n
   "1", // h
-  "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", // gx
+  "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", // gx
   "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", // gy
   ["NIST P-521", "P-521"]); // alias
 
diff --git a/src/keyutil-1.0.js b/src/keyutil-1.0.js
@@ -1238,7 +1238,7 @@ KEYUTIL.getKey = function(param, passcode, hextype) {
  * NOTE1: As for RSA algoirthm, public exponent has fixed
  * value '0x10001'.
  * NOTE2: As for EC algorithm, supported names of curve are
- * secp256r1, secp256k1 and secp384r1.
+ * secp256r1, secp256k1, secp384r1 and secp521r1.
  * NOTE3: DSA is not supported yet.
  * @example
  * var rsaKeypair = KEYUTIL.generateKeypair("RSA", 1024);