[crypto] Expose the (prime) group order as an elliptic curve property

ECDSA requires knowledge of the group order of the base point, and is defined only for curves with a prime group order (e.g. the NIST curves). Add the group order as an explicit property of an elliptic curve, and add tests to verify that the order is correct. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-05-09 18:00:12 +03:00 · 2025-12-05 14:47:55 +00:00
parent 80e98dc0d1
commit d3adea8380
8 changed files with 82 additions and 3 deletions
@@ -62,6 +62,13 @@ static const uint8_t p256_base[ P256_LEN * 2 ] = {
 	0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
 };

+/** P-256 group order */
+static const uint8_t p256_order[P256_LEN] = {
+	0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17,
+	0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
+};
+
 /** P-256 elliptic curve */
 WEIERSTRASS_CURVE ( p256, p256_curve, P256_LEN,
-		    p256_prime, p256_a, p256_b, p256_base );
+		    p256_prime, p256_a, p256_b, p256_base, p256_order );
@@ -71,6 +71,15 @@ static const uint8_t p384_base[ P384_LEN * 2 ] = {
 	0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f
 };

+/** P-384 group order */
+static const uint8_t p384_order[P384_LEN] = {
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xc7, 0x63, 0x4d, 0x81, 0xf4, 0x37, 0x2d, 0xdf, 0x58,
+	0x1a, 0x0d, 0xb2, 0x48, 0xb0, 0xa7, 0x7a, 0xec, 0xec, 0x19, 0x6a,
+	0xcc, 0xc5, 0x29, 0x73
+};
+
 /** P-384 elliptic curve */
 WEIERSTRASS_CURVE ( p384, p384_curve, P384_LEN,
-		    p384_prime, p384_a, p384_b, p384_base );
+		    p384_prime, p384_a, p384_b, p384_base, p384_order );