342557 - There is no way to disable particular ECC curves

Status: REOPENED

(NSS :: Libraries, enhancement, P4)

Description

[Rob Crittenden]

Currently there is no way I know of to disable a particular ECC curve.

Can there be an API to enable/disable curves in a similar way that ciphers can be enabled/disabled and some default set available (perhaps all) when a policy is set (e.g. NSS_SetDomesticPolicy())?

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

*** This bug has been marked as a duplicate of 319327 ***

Comment 2

[Wan-Teh Chang]

This enhancement request is different from bug 319327.
The purpose of this new function is to disable an
elliptic curve when it is considered unsafe.  For
example, ANS X9.62-2005 considers a few curves in
X9.62-1998 unsafe and disallows the use of those
curves (bug 339393).  We need a way to handle similar
incidents in the future without rebuilding the softoken.

Comment 3

[tutudid]

See the last table on this page, choosing Safe Curves: https://safecurves.cr.yp.to/index.html

The only perfectly secure curves are:

Curve1174
Curve25519 (the only secure curve in windows that I am aware of)
Curve41417 formerly named Curve3617
Curve383187 authors subsequently recommended switching to M-383
M-221 formerly named Curve2213
M-383
M-511 formerly named Curve511187
E-222
E-382
E-521
Ed448-Goldilocks

Insecure Curves include:

NIST P-224
NIST P-256
secp256k1
NIST P-384
Anomalous
BN(2,254)
brainpoolP256t1
ANSSI FRP256v1
brainpoolP384t1

SafeCurves is joint work by the following authors (alphabetical order):

Daniel J. Bernstein, University of Illinois at Chicago, USA, and Technische Universiteit Eindhoven, Netherlands
Tanja Lange, Technische Universiteit Eindhoven, Netherlands 

Please include an option to chose and order curves; please prioritize Curve25519 above all if it has not been done so already.