ECC algorithm analysis-National Standards

After learning about the ECC concept, we know the meaning of group. In fact, group defines a curve, A, B, and order, in the implementation of OpenSSL, the Group also has an ec_method struct, which contains a series of functions. As the name suggests, these functions are used to operate on curves. We can see that this method is not supported by the engine, why? Because the founder of ECC does not consider the curves used by ECC algorithms as part of the algorithms. That is to say, these curves are open. Once you confirm the curve parameters, the subsequent operations on the curve are fixed, and there is no need to customize the implementation. Therefore, ec_method is basically fixed without the support of the engine, it can be said that the calculation of group and ECC keys is basically irrelevant. It only provides a so-called "Infrastructure" because modern computers do not implement the calculation rules of curve domains, therefore, OpenSSL should be implemented by itself. This implementation is the ec_method in the group.
However, our country always enjoys ZG characteristics. Just like our country's dual-certificate system, our country's dual-certificate system is designed to facilitate official forensics, which does not exist in other countries, in other countries, your private key is not accessible to any organization,... justice? Sorry! It is because our ECC standard does not publish elliptic curve parameters that we cannot use OpenSSL, but OpenSSL is amazing and I cannot discard it, therefore, we need to find a way to transform OpenSSL into an ECC standard framework that supports the Office of National cryptography. To achieve this, the first idea is to enable ec_metho to support the engine. because the country does not announce the elliptic curve standard, we have to call the National interface to implement it ourselves. How can we make ec_method support engine? It's easy. First, register your engine into OpenSSL, and then modify and obtain the group code. If the oId of the key to be processed is the standard of our country, we can get the engine we implement, then we will use our engine implementation method to implement curve operations.
After curve operations are implemented, the next key operation is simple. Key operations are performed on the "curve", as long as we load our own engine, it is easy to use our own engine, so we don't need to talk about it. For details, see the introduction of engine. The reason for this is that ecdh or ECDSA originally support engine. We need a lot of work to implement the country-specific ECC algorithm, or to integrate the country-specific ECC into OpenSSL. There are two reasons for us to do this: first, we must implement national standards. Second, OpenSSL is amazing!