crypto:generate_key/3 on explicit curves is broken #9723

RoadRunnr · 2025-04-14T18:52:23Z

Describe the bug

The spec is -spec generate_key(Type, Params, PrivKeyIn) -> {PublicKey, PrivKeyOut} where Params is allow to be a ec_explicit_curve(). That type contains all parameters to define a curve. However, attempting to generate a key on a valid, explicit curve fails.

To Reproduce

Define a curve that uses the curve parameters of secp256k1, but uses a different generator,

Curve = {{prime_field,<<"ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿþÿÿü/">>},
 {<<0>>,<<7>>,none},
 <<4,198,4,127,148,65,237,125,109,48,69,64,110,149,192,124,
   216,92,119,142,75,140,239,60,167,171,172,9,185,92,112,
   158,229,26,225,104,254,166,61,195,57,163,197,132,25,70,
   108,234,238,247,246,50,101,50,102,208,225,35,100,49,169,
   80,207,229,42>>,
 <<255,255,255,255,255,255,255,255,255,255,255,255,255,255,
   255,254,186,174,220,230,175,72,160,59,191,210,94,140,
   208,54,65,65>>,
 <<1>>}.
crypto:generate_key(ecdh, Curve, 2).
** exception error: {error,{"ec.c",465},"Couldn't get EC group name size"}
     in function  crypto:generate_key/2
        called as crypto:generate_key({{{prime_field,<<"ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿþÿÿü/">>},
                                        {<<0>>,<<7>>,none},
                                        <<4,198,4,127,148,65,237,125,109,48,69,64,110,149,192,124,
                                          216,92,119,142,75,140,239,60,...>>,
                                        <<"ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿþº®Üæ¯H ;¿Ò^"...>>,
                                        <<1>>},
                                       undefined},
                                      <<2>>)

The problem is that code attempts to get a name for curve and then use that named curve to initialize the curve parameters. That obviously won't work for curves with non-standard parameters.
Since all curve parameters are given, the code should instead initialize the curve context from the given values.

Expected behavior

Generating points on explicit curves should work.

Affected versions

OTP-28.0-rc2
OTP-27.3

Additional context

I am relatively certain that it did work when I submitted the original version of the EC key support in 2014. A quick inspection suggests that the OpenSSL 3.0 API changes broken it.

The text was updated successfully, but these errors were encountered:

Going though the curve NID or name only works for standardized curves. However, explicit curves can use parameters that that deviate from the named curves. The public key generation would in that case fail to extract the group parameters from the key. Instead extract all parameters explicitly and build the group from that. fixes erlang#9723

RoadRunnr added the bug Issue is reported as a bug label Apr 14, 2025

RoadRunnr linked a pull request Apr 15, 2025 that will close this issue

extract EC group from private key for explicit curves #9729

Open

frazze-jobb assigned frazze-jobb and sverker and unassigned frazze-jobb Apr 16, 2025

IngelaAndin added the team:VM Assigned to OTP team VM label Apr 22, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crypto:generate_key/3 on explicit curves is broken #9723

crypto:generate_key/3 on explicit curves is broken #9723

RoadRunnr commented Apr 14, 2025

crypto:generate_key/3 on explicit curves is broken #9723

crypto:generate_key/3 on explicit curves is broken #9723

Comments

RoadRunnr commented Apr 14, 2025