1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

//! The NIST P-384 (a.k.a. secp384r1) elliptic curve defined in
//! FIPS 186-4: Digital Signature Standard (DSS)
//!
//! <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>
//!
//! This curve is part of the US National Security Agency's "Suite B" and
//! and is widely used in protocols like TLS and the associated X.509 PKI.

#[cfg(feature = "test-vectors")]
mod test_vectors;

#[cfg(feature = "test-vectors")]
pub use self::test_vectors::SHA384_FIXED_SIZE_TEST_VECTORS;
use super::{WeierstrassCurve, WeierstrassCurveKind};
#[cfg(all(feature = "digest", feature = "sha2"))]
use crate::sha2::Sha384;
use generic_array::typenum::{U105, U48, U49, U96, U97};

/// The NIST P-384 elliptic curve: y² = x³ - 3x + b over a ~384-bit prime field
/// where b is "verifiably random"† constant:
///
/// b = 2758019355995970587784901184038904809305690585636156852142
///     8707301988689241309860865136260764883745107765439761230575
///
/// † NOTE: the specific origins of this constant have never been fully disclosed
///   (it is the SHA-1 digest of an inexplicable NSA-selected constant)
///
/// NIST P-384 is also known as secp384r1 (SECG)
#[derive(Copy, Clone, Debug, Default, Eq, Hash, PartialEq, PartialOrd, Ord)]
pub struct NistP384;

impl WeierstrassCurve for NistP384 {
    /// Elliptic curve kind
    const CURVE_KIND: WeierstrassCurveKind = WeierstrassCurveKind::NistP384;

    /// Random 384-bit (48-byte) private scalar
    type ScalarSize = U48;

    /// Size of a compressed elliptic curve point serialized using
    /// `Elliptic-Curve-Point-to-Octet-String` encoding
    type CompressedPointSize = U49;

    /// Size of a raw uncompressed elliptic curve point sans the `0x04`
    /// tag byte added in the `UncompressedPointSize` value.
    type UntaggedPointSize = U96;

    /// Size of an uncompressed elliptic curve point serialized using
    /// the `Elliptic-Curve-Point-to-Octet-String` encoding (including the
    /// `0x04` tag)
    type UncompressedPointSize = U97;

    /// Maximum size of an ASN.1 DER encoded signature
    // TODO: double check this calculation
    type Asn1SignatureMaxSize = U105;

    /// Concatenated `r || s` values (48-bytes each)
    type FixedSignatureSize = U96;
}

/// NIST P-256 secret key
pub type SecretKey = crate::ecdsa::SecretKey<NistP384>;

/// NIST P-384 public key
pub type PublicKey = crate::ecdsa::PublicKey<NistP384>;

/// ASN.1 DER encoded secp384k1 ECDSA signature
pub type Asn1Signature = crate::ecdsa::Asn1Signature<NistP384>;

/// Compact, fixed-sized secp384k1 ECDSA signature
pub type FixedSignature = crate::ecdsa::FixedSignature<NistP384>;

#[cfg(all(feature = "digest", feature = "sha2"))]
impl_digest_signature!(Sha384, Asn1Signature, FixedSignature);