ACTION-233: Propose text covering semantics for curve validation

This is in response to ACTION-233 that I got at this week's call.

Here's a proposal that combines the previously suggested schema with some 
descriptive text. I will also update the 1.1 draft with this text once we 
agree on the wording (that is ACTION-232).

-- Magnus
--
4.4.2.3.1 Explicit Curve Parameters

The ECParameters element consists of the following subelements. Note these 
definitions are based on the those described in [RFC3279].

- The FieldID element identifies the finite field over which the elliptic 
curve is defined. Additional details on the structures for defining prime 
and characteristic two fields is provided below.

- The Curve element specifies the coefficients a and b of the elliptic 
curve E. Each coefficient is first converted from a field element to an 
octet string as specified in section 2.3.5 of [SEC 1], then the resultant 
octet string is encoded in base64.

Seed is an optional parameter used to 
derive the coefficients of a randomly generated elliptic curve and is 
represented as a base64 encoded bit string.

- The Base element specifies the base point P on the elliptic curve. The 
base point is represented as a value of type ECPointType.

- The Order element specifies the order n of the base point and is encoded 
as a positiveInteger.

- The Cofactor element is an optional element that specifies the integer h 
= #E(Fq)/n. The cofactor is not required to support ECDSA, except in 
parameter validation. The cofactor MAY be included to support parameter 
validation for ECDSA keys. Parameter validation is not required by this 
specification. The cofactor is required in ECDH public key parameters.

- The ValidationData element is an optional element that specifies the 
hash algorithm used to generate the elliptic curve E and the base point G 
verifiably at random. It also specifies the seed that was used to generate 
the curve and the base point. When verifiably random curves and base 
points are used, they shall be generated (and verified) as described in 
Section A.3.3 of [ANSI X9.62].

[Note: ANSI X9.62 needs to be added to listed references. Since SEC-1 
refers to ANSI X9.62 for this functionality, one cannot just reference 
SEC-1.]

<complexType name="ECParametersType">
   <sequence>
     <element name="FieldID" type="dsig11:FieldIDType"/>
     <element name="Curve" type="dsig11:CurveType"/>
     <element name="Base" type="dsig11:ECPointType"/>
     <element name="Order" type="ds:CryptoBinary"/>
     <element name="CoFactor" type="integer" minOccurs="0"/>
     <element name="ValidationData"
              type="dsig11:ECValidationDataType" minOccurs="0"/>
   </sequence>
</complexType>

<complexType name="FieldIDType">
   <choice>
     <element ref="dsig11:Prime"/>
     <element ref="dsig11:TnB"/>
     <element ref="dsig11:PnB"/>
     <element ref="dsig11:GnB"/>
     <any namespace="##other" processContents="lax"/>
   </choice>
</complexType>

<complexType name="CurveType">
   <sequence>
     <element name="A" type="ds:CryptoBinary"/>
     <element name="B" type="ds:CryptoBinary"/>
     <element name="Seed" type="ds:CryptoBinary" minOccurs="0"/>
   </sequence>
</complexType>

<complexType name="ECValidationDataType">
   <sequence>
     <element name="seed" type="ds:CryptoBinary"/>
   </sequence>
   <attribute name="hashAlgorithm" type="anyURI" use="required"/>
</complexType>
--

Received on Friday, 20 March 2009 14:45:27 UTC