// SupportedEllipticCurves are the types of curves
// to be used in key generation (e.g. P256, P384)
type SupportedEllipticCurves string

const (
	// only ECDSA is currently supported
	EcdsaSigAlg SupportedECSignatureAlgorithms = "ECDSA"

	// supported curves when using ECC
	P256Curve SupportedEllipticCurves = "P256"
	P384Curve SupportedEllipticCurves = "P384"
)

// CertOptions contains options for generating a new certificate.

				ECDSAWithP521AndSHA512,
				ECDSAWithSHA1,
			}
			break
		}
		switch pub.Curve {
		case elliptic.P256():
			sigAlgs = []SignatureScheme{ECDSAWithP256AndSHA256}
		case elliptic.P384():
			sigAlgs = []SignatureScheme{ECDSAWithP384AndSHA384}
		case elliptic.P521():
			sigAlgs = []SignatureScheme{ECDSAWithP521AndSHA512}
		default:
			return nil
		}
	case *rsa.PublicKey:

			return nil, errMalformedJWKECKey
		}

		var curve elliptic.Curve
		switch key.Crv {
		case "P-224":
			curve = elliptic.P224()
		case "P-256":
			curve = elliptic.P256()
		case "P-384":
			curve = elliptic.P384()
		case "P-521":
			curve = elliptic.P521()
		default:
			return nil, fmt.Errorf("Unknown curve type: %s", key.Crv)
		}

		xbuf, err := base64.RawURLEncoding.DecodeString(key.X)
		if err != nil {

	var priv any
	var err error
	if options.ECSigAlg != "" {
		switch options.ECSigAlg {
		case EcdsaSigAlg:
			var curve elliptic.Curve
			switch options.ECCCurve {
			case P384Curve:
				curve = elliptic.P384()
			default:
				curve = elliptic.P256()
			}
			priv, err = ecdsa.GenerateKey(curve, rand.Reader)
			if err != nil {
				return nil, nil, fmt.Errorf("EC key generation failed (%v)", err)
			}
		default:

	I_R3 := testBoringCert(t, "I_R3", boringRSAKey(t, 3072), R3, boringCertCA|boringCertFIPSOK)
	testBoringCert(t, "I_R3", I_R3.key, R3, boringCertCA|boringCertFIPSOK)

	testBoringCert(t, "L1_I", boringECDSAKey(t, elliptic.P384()), I_R1, boringCertLeaf|boringCertFIPSOK)
	testBoringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf)
}

// if ECDSA is used, then only 384 and 256 (default) are returned; if non-ECDSA
// is used then an error is returned
func GetEllipticCurve(privKey *crypto.PrivateKey) (elliptic.Curve, error) {
	switch key := (*privKey).(type) {
	// this should agree with var SupportedECSignatureAlgorithms
	case *ecdsa.PrivateKey:
		if key.Curve == elliptic.P384() {
			return key.Curve, nil
		}

			keyHex:  pkcs8P256PrivateKeyHex,
			keyType: reflect.TypeOf(&ecdsa.PrivateKey{}),
			curve:   elliptic.P256(),
		},
		{
			name:    "P-384 private key",
			keyHex:  pkcs8P384PrivateKeyHex,
			keyType: reflect.TypeOf(&ecdsa.PrivateKey{}),
			curve:   elliptic.P384(),
		},
		{
			name:    "P-521 private key",
			keyHex:  pkcs8P521PrivateKeyHex,
			keyType: reflect.TypeOf(&ecdsa.PrivateKey{}),

	var curves []tls.CurveID
	if !Enabled {
		curves = append(curves, tls.X25519) // Only enable X25519 in non-FIPS mode
	}
	curves = append(curves, tls.CurveP256)
	if go19 {
		// With go1.19 enable P384, P521 newer constant time implementations.
		curves = append(curves, tls.CurveP384, tls.CurveP521)
	}
	return curves

		Prime:    "2^256 - 2^224 + 2^192 + 2^96 - 1",
		Prefix:   "p256",
		FiatType: "[4]uint64",
		BytesLen: 32,
	},
	{
		Element:  "P384Element",
		Prime:    "2^384 - 2^128 - 2^96 + 2^32 - 1",
		Prefix:   "p384",
		FiatType: "[6]uint64",
		BytesLen: 48,
	},
	// Note that unsaturated_solinas would be about 2x faster than
	// word_by_word_montgomery for P-521, but this curve is used rarely enough

		// updated to support the same key sizes. Today we only support RS256.
		return jose.RS256, nil
	case *ecdsa.PublicKey:
		switch pk.Curve {
		case elliptic.P256():
			return jose.ES256, nil
		case elliptic.P384():
			return jose.ES384, nil
		case elliptic.P521():
			return jose.ES512, nil
		default:
			return "", fmt.Errorf("unknown private key curve, must be 256, 384, or 521")
		}
	case jose.OpaqueSigner: