Databases
StackOverflow2013
Postsdbo
POMicrosoft PlayReady DRM P160 Eliptical Curve Parameters
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POMicrosoft PlayReady DRM P160 Eliptical Curve Parameters
    text
    copied!<p>I am attempting to create the properly DER encoded ECC parameters for the custom Microsoft P160 PlayReady curve to feed into a HSM. I have found a few sources that specify the definition of the P160 curve since it is non-standard and custom. Below is a link to one source. In particular, the PlayReady curve values are <a href="http://www.scribd.com/doc/55582525/45/Elliptic-Curve-Cryptography" rel="nofollow">discussed in Section 6.4.2</a> of the book Elementary Number Theory,A Computational Approach by William Stein.<br></p> <p>Below is an exert from <a href="http://cryptome.org/ms-drm.htm" rel="nofollow">another source</a> concerning the P160 PlayReady curve parameters.</p> <blockquote> <p>For ECC, Microsoft is using an elliptic curve over Zp, where p is a 160 bit prime number (given below). The curve consists of the points that lie on the curve y^2=x^3+ax+b, where the operations are done over the field Zp and a and b are coefficients that are given below. All values are represented as packed binary values: in other words, a single value over Zp is encoded simply as 20 bytes, stored in little endian order. A point on the elliptic curve is therefore a 40 byte block, which consists of two 20 byte little endian values (the x coordinate followed by the y coordinate). Here are the parameters for the elliptic curve used in MS-DRM:<br><br> <strong>p (modulus):</strong> 89abcdef012345672718281831415926141424f7<br> <strong>coefficient a:</strong> 37a5abccd277bce87632ff3d4780c009ebe41497<br> <strong>coefficient b</strong>: 0dd8dabf725e2f3228e85f1ad78fdedf9328239e<br> <strong>generator x</strong>: 8723947fd6a3a1e53510c07dba38daf0109fa120<br> <strong>*generator y</strong>: 445744911075522d8c3c5856d4ed7acda379936f<br> <strong>Order of curve</strong>: 89abcdef012345672716b26eec14904428c2a675<br><br> These constants are fixed, and used by all parties in the MS-DRM system. The "nerd appeal" of the modulus is high when you see this number in hexadecimal: it includes counting in the hexadecimal, as well as the digits of fundamental constants e, pi, and sqrt(2).</p> </blockquote> <p>Based on this information I have created the following hex-encoding of the DER encoded curve parameters for the P160 curve using BouncyCastle as my base ASN.1 library. Note that no seed value is specified in these curve parameters.</p> <blockquote> <p>308195020101302006072a8648ce3d010102150089abcdef012345672718281831415926141424f7302c041437a5abccd277bce87632ff3d4780c009ebe4149704140dd8dabf725e2f3228e85f1ad78fdedf9328239e0429048723947fd6a3a1e53510c07dba38daf0109fa120445744911075522d8c3c5856d4ed7acda379936f02150089abcdef012345672716b26eec14904428c2a675</p> </blockquote> <p>Although mathematically these curve parameters are accepted by the HSM and OpenSSL, the P160 curve points produced are not acceptable to PlayReady. I am able to use the same process to produce valid P256 curve points that are acceptable to PlayReady so I do no believe my methods are flawed. Does anyone have any experience with the PlayReady P160 curve parameters?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload