1 //! secp256r1 validation for DNSSEC signatures
6 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
8 impl PrimeModulus<U256> for P {
9 const PRIME: U256 = U256::from_32_be_bytes_panicking(&hex_lit::hex!(
10 "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"));
11 const R_SQUARED_MOD_PRIME: U256 = U256::from_32_be_bytes_panicking(&hex_lit::hex!(
12 "00000004fffffffdfffffffffffffffefffffffbffffffff0000000000000003"));
13 const NEGATIVE_PRIME_INV_MOD_R: U256 = U256::from_32_be_bytes_panicking(&hex_lit::hex!(
14 "ffffffff00000002000000000000000000000001000000000000000000000001"));
16 #[derive(Clone, Copy, PartialEq, Eq)]
18 impl PrimeModulus<U256> for N {
19 const PRIME: U256 = U256::from_32_be_bytes_panicking(&hex_lit::hex!(
20 "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"));
21 const R_SQUARED_MOD_PRIME: U256 = U256::from_32_be_bytes_panicking(&hex_lit::hex!(
22 "66e12d94f3d956202845b2392b6bec594699799c49bd6fa683244c95be79eea2"));
23 const NEGATIVE_PRIME_INV_MOD_R: U256 = U256::from_32_be_bytes_panicking(&hex_lit::hex!(
24 "60d06633a9d6281c50fe77ecc588c6f648c944087d74d2e4ccd1c8aaee00bc4f"));
27 #[derive(Clone, Copy)]
30 impl ec::Curve for P256 {
32 type IntModP = U256Mod<P>;
33 type IntModN = U256Mod<N>;
38 const A: U256Mod<P> = U256Mod::from_u256_panicking(U256::from_32_be_bytes_panicking(&hex_lit::hex!(
39 "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc")));
40 const B: U256Mod<P> = U256Mod::from_u256_panicking(U256::from_32_be_bytes_panicking(&hex_lit::hex!(
41 "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b")));
43 const G: ec::Point<P256> = ec::Point::from_xy_assuming_on_curve(
44 U256Mod::from_u256_panicking(U256::from_32_be_bytes_panicking(&hex_lit::hex!(
45 "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"))),
46 U256Mod::from_u256_panicking(U256::from_32_be_bytes_panicking(&hex_lit::hex!(
47 "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"))),
51 /// Validates the given signature against the given public key and message digest.
52 pub fn validate_ecdsa(pk: &[u8], sig: &[u8], hash_input: &[u8]) -> Result<(), ()> {
53 ec::validate_ecdsa::<P256>(pk, sig, hash_input)