ec_self_tests_core.h
1 /* 2 * Copyright (C) 2017 - This file is part of libecc project 3 * 4 * Authors: 5 * Ryad BENADJILA <ryadbenadjila@gmail.com> 6 * Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr> 7 * Jean-Pierre FLORI <jean-pierre.flori@ssi.gouv.fr> 8 * 9 * Contributors: 10 * Nicolas VIVET <nicolas.vivet@ssi.gouv.fr> 11 * Karim KHALFALLAH <karim.khalfallah@ssi.gouv.fr> 12 * 13 * This software is licensed under a dual BSD and GPL v2 license. 14 * See LICENSE file at the root folder of the project. 15 */ 16 #ifndef __EC_SELF_TESTS_CORE_H__ 17 #define __EC_SELF_TESTS_CORE_H__ 18 19 #include <libecc/libsig.h> 20 21 /* A test is fully defined by the attributes pointed in this structure. */ 22 typedef struct { 23 /* Test case name */ 24 const char *name; 25 26 /* Curve params */ 27 const ec_str_params *ec_str_p; 28 29 /* Private key */ 30 const u8 *priv_key; 31 u8 priv_key_len; 32 33 /* Function returning a fixed random value */ 34 int (*nn_random) (nn_t out, nn_src_t q); 35 36 /* Hash function */ 37 hash_alg_type hash_type; 38 39 /* Message */ 40 const char *msg; 41 u32 msglen; 42 43 /* Expected signature and associated length */ 44 ec_alg_type sig_type; 45 const u8 *exp_sig; 46 u8 exp_siglen; 47 48 /* Optional ancillary data */ 49 const u8 *adata; 50 u16 adata_len; 51 } ec_test_case; 52 53 /* ECDH test case */ 54 typedef struct { 55 /* Test case name */ 56 const char *name; 57 58 /* ECDH type */ 59 ec_alg_type ecdh_type; 60 61 /* Curve params */ 62 const ec_str_params *ec_str_p; 63 64 /* Our private key */ 65 const u8 *our_priv_key; 66 u8 our_priv_key_len; 67 68 /* Peer public key */ 69 const u8 *peer_pub_key; 70 u8 peer_pub_key_len; 71 72 /* Our expected public key */ 73 const u8 *exp_our_pub_key; 74 u8 exp_our_pub_key_len; 75 76 /* Expected shared secret */ 77 const u8 *exp_shared_secret; 78 u8 exp_shared_secret_len; 79 } ecdh_test_case; 80 81 /******************************************************************* 82 ************** ECDSA tests **************************************** 83 *******************************************************************/ 84 #if (defined(WITH_HASH_SHA3_224) || defined(WITH_HASH_SHA3_256) || \ 85 defined(WITH_HASH_SHA3_384) || defined(WITH_HASH_SHA3_512)) 86 87 /* 88 * This test message is the 1600 bits message used by NIST in its 89 * test vectors for SHA3. We reuse it for sig/verif test vectors 90 * using SHA3. 91 */ 92 static const u8 sha3_1600_bit_msg[] = { 93 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 94 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 95 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 96 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 97 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 98 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 99 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 100 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 101 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 102 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 103 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 104 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 105 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 106 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 107 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 108 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 109 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 110 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 111 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 112 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 113 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 114 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 115 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 116 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 117 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3 118 }; 119 #endif 120 121 #ifdef WITH_SIG_ECDSA 122 #ifdef WITH_HASH_SHA3_224 123 #ifdef WITH_CURVE_SECP224R1 124 #define ECDSA_SHA3_224_SECP224R1_SELF_TEST 125 126 /* ECDSA secp224r1 test vectors */ 127 128 static int ecdsa_nn_random_secp224r1_sha3_224_test_vector(nn_t out, nn_src_t q) 129 { 130 int ret, cmp; 131 132 /* 133 * Fixed ephemeral private key for secp224r1 signature 134 * test vectors from RFC4754 135 */ 136 const u8 k_buf[] = { 137 0xb7, 0x63, 0x8a, 0x22, 0xe5, 0xee, 0xe7, 0x76, 138 0xa4, 0x25, 0x3f, 0x97, 0xe8, 0x35, 0x1a, 0x3c, 139 0x94, 0xb0, 0x19, 0x37, 0x66, 0x2a, 0x0e, 0xbd, 140 0xd6, 0xe7, 0xae, 0xe0 141 }; 142 143 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 144 ret = nn_cmp(out, q, &cmp); EG(ret, err); 145 146 ret = (cmp >= 0) ? -1 : 0; 147 148 err: 149 return ret; 150 } 151 152 static const u8 ecdsa_secp224r1_sha3_224_test_vectors_priv_key[] = { 153 0xc3, 0x1a, 0x15, 0x2d, 0x2c, 0x62, 0x40, 0x21, 154 0x80, 0x87, 0x55, 0xb2, 0xcb, 0xdf, 0x80, 0xd3, 155 0x09, 0xe3, 0x6a, 0xea, 0xc1, 0xcc, 0xd9, 0xdb, 156 0x82, 0xb1, 0xd7, 0xc3 157 }; 158 159 static const u8 ecdsa_secp224r1_sha3_224_test_vectors_expected_sig[] = { 160 0x56, 0xa6, 0x93, 0xe1, 0x20, 0x0a, 0xa8, 0xe3, 161 0xd2, 0x78, 0x07, 0xba, 0x5c, 0xe7, 0xb8, 0xf7, 162 0xdf, 0x24, 0xa6, 0x65, 0x1e, 0xb8, 0x70, 0x6e, 163 0x65, 0x52, 0x49, 0xd4, 164 0x14, 0xd0, 0x4b, 0x6b, 0xb9, 0x32, 0x58, 0x7d, 165 0xc0, 0xc6, 0x1c, 0xa1, 0x44, 0xf8, 0x4b, 0xf4, 166 0x6e, 0x7a, 0xbd, 0xcf, 0xa7, 0xa7, 0xa1, 0xee, 167 0x56, 0x06, 0x9a, 0x37 168 }; 169 170 static const ec_test_case ecdsa_secp224r1_sha3_224_test_case = { 171 .name = "ECDSA-SHA3_224/secp224r1", 172 .ec_str_p = &secp224r1_str_params, 173 .priv_key = ecdsa_secp224r1_sha3_224_test_vectors_priv_key, 174 .priv_key_len = sizeof(ecdsa_secp224r1_sha3_224_test_vectors_priv_key), 175 .nn_random = ecdsa_nn_random_secp224r1_sha3_224_test_vector, 176 .hash_type = SHA3_224, 177 .msg = (const char *)sha3_1600_bit_msg, 178 .msglen = sizeof(sha3_1600_bit_msg), 179 .sig_type = ECDSA, 180 .exp_sig = ecdsa_secp224r1_sha3_224_test_vectors_expected_sig, 181 .exp_siglen = 182 sizeof(ecdsa_secp224r1_sha3_224_test_vectors_expected_sig), 183 .adata = NULL, 184 .adata_len = 0 185 }; 186 #endif /* WITH_CURVE_SECP224R1 */ 187 #endif /* WITH_HASH_SHA3_224 */ 188 189 #ifdef WITH_HASH_SHA3_256 190 #ifdef WITH_CURVE_SECP256R1 191 #define ECDSA_SHA3_256_SECP256R1_SELF_TEST 192 193 /* ECDSA secp256r1 test vectors */ 194 195 static int ecdsa_nn_random_secp256r1_sha3_256_test_vector(nn_t out, nn_src_t q) 196 { 197 int ret, cmp; 198 199 /* 200 * Fixed ephemeral private key for secp256r1 signature 201 * test vectors from RFC4754 202 */ 203 const u8 k_buf[] = { 204 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9, 205 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7, 206 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15, 207 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE 208 }; 209 210 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 211 ret = nn_cmp(out, q, &cmp); EG(ret, err); 212 213 ret = (cmp >= 0) ? -1 : 0; 214 215 err: 216 return ret; 217 } 218 219 static const u8 ecdsa_secp256r1_sha3_256_test_vectors_priv_key[] = { 220 0xDC, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD, 221 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D, 222 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75, 223 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F 224 }; 225 226 static const u8 ecdsa_secp256r1_sha3_256_test_vectors_expected_sig[] = { 227 0xCB, 0x28, 0xE0, 0x99, 0x9B, 0x9C, 0x77, 0x15, 228 0xFD, 0x0A, 0x80, 0xD8, 0xE4, 0x7A, 0x77, 0x07, 229 0x97, 0x16, 0xCB, 0xBF, 0x91, 0x7D, 0xD7, 0x2E, 230 0x97, 0x56, 0x6E, 0xA1, 0xC0, 0x66, 0x95, 0x7C, 231 232 0x1d, 0x5d, 0x46, 0x09, 0xa2, 0xf9, 0x69, 0xa1, 233 0x90, 0xeb, 0x6b, 0x84, 0x51, 0xdd, 0x43, 0x0d, 234 0x65, 0x07, 0x10, 0x4d, 0xb6, 0x46, 0x61, 0x68, 235 0xec, 0x7a, 0x73, 0xdb, 0x8c, 0x96, 0xe9, 0x1b 236 }; 237 238 static const ec_test_case ecdsa_secp256r1_sha3_256_test_case = { 239 .name = "ECDSA-SHA3_256/secp256r1", 240 .ec_str_p = &secp256r1_str_params, 241 .priv_key = ecdsa_secp256r1_sha3_256_test_vectors_priv_key, 242 .priv_key_len = sizeof(ecdsa_secp256r1_sha3_256_test_vectors_priv_key), 243 .nn_random = ecdsa_nn_random_secp256r1_sha3_256_test_vector, 244 .hash_type = SHA3_256, 245 .msg = (const char *)sha3_1600_bit_msg, 246 .msglen = sizeof(sha3_1600_bit_msg), 247 .sig_type = ECDSA, 248 .exp_sig = ecdsa_secp256r1_sha3_256_test_vectors_expected_sig, 249 .exp_siglen = 250 sizeof(ecdsa_secp256r1_sha3_256_test_vectors_expected_sig), 251 .adata = NULL, 252 .adata_len = 0 253 }; 254 #endif /* WITH_CURVE_SECP256R1 */ 255 #endif /* WITH_HASH_SHA3_256 */ 256 257 #ifdef WITH_HASH_SHA3_512 258 #ifdef WITH_CURVE_SECP256R1 259 #define ECDSA_SHA3_512_SECP256R1_SELF_TEST 260 261 /* 262 * ECDSA secp256r1 test vector using SHA3_512. This test vector is intended 263 * to test truncation (right shift) step in signature and verification 264 * code when the output size of the hash function is larger than the 265 * bit size of q (order of the group generated by the base point). 266 */ 267 268 static int ecdsa_nn_random_secp256r1_sha3_512_test_vector(nn_t out, nn_src_t q) 269 { 270 int ret, cmp; 271 const u8 k_buf[] = { 272 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9, 273 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7, 274 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15, 275 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE 276 }; 277 278 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 279 ret = nn_cmp(out, q, &cmp); EG(ret, err); 280 281 ret = (cmp >= 0) ? -1 : 0; 282 283 err: 284 return ret; 285 } 286 287 static const u8 ecdsa_secp256r1_sha3_512_test_vectors_priv_key[] = { 288 0xDC, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD, 289 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D, 290 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75, 291 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F 292 }; 293 294 static const u8 ecdsa_secp256r1_sha3_512_test_vectors_expected_sig[] = { 295 0xcb, 0x28, 0xe0, 0x99, 0x9b, 0x9c, 0x77, 0x15, 296 0xfd, 0x0a, 0x80, 0xd8, 0xe4, 0x7a, 0x77, 0x07, 297 0x97, 0x16, 0xcb, 0xbf, 0x91, 0x7d, 0xd7, 0x2e, 298 0x97, 0x56, 0x6e, 0xa1, 0xc0, 0x66, 0x95, 0x7c, 299 300 0x88, 0x48, 0x1a, 0x4f, 0x5b, 0xd4, 0xf6, 0x8f, 301 0xcf, 0xe0, 0xb3, 0x15, 0xc4, 0xd4, 0x0a, 0xf9, 302 0xd5, 0x31, 0x76, 0x97, 0xae, 0x29, 0x45, 0x47, 303 0xef, 0x7c, 0x8f, 0x01, 0x41, 0x24, 0xea, 0xff 304 }; 305 306 static const ec_test_case ecdsa_secp256r1_sha3_512_test_case = { 307 .name = "ECDSA-SHA3_512/secp256r1", 308 .ec_str_p = &secp256r1_str_params, 309 .priv_key = ecdsa_secp256r1_sha3_512_test_vectors_priv_key, 310 .priv_key_len = sizeof(ecdsa_secp256r1_sha3_512_test_vectors_priv_key), 311 .nn_random = ecdsa_nn_random_secp256r1_sha3_512_test_vector, 312 .hash_type = SHA3_512, 313 .msg = (const char *)sha3_1600_bit_msg, 314 .msglen = sizeof(sha3_1600_bit_msg), 315 .sig_type = ECDSA, 316 .exp_sig = ecdsa_secp256r1_sha3_512_test_vectors_expected_sig, 317 .exp_siglen = 318 sizeof(ecdsa_secp256r1_sha3_512_test_vectors_expected_sig), 319 .adata = NULL, 320 .adata_len = 0 321 }; 322 #endif /* WITH_CURVE_SECP256R1 */ 323 #endif /* WITH_HASH_SHA3_512 */ 324 325 #ifdef WITH_HASH_SHA3_384 326 #ifdef WITH_CURVE_SECP384R1 327 #define ECDSA_SHA3_384_SECP384R1_SELF_TEST 328 329 /* ECDSA secp384r1 test vectors */ 330 331 static int ecdsa_nn_random_secp384r1_sha3_384_test_vector(nn_t out, nn_src_t q) 332 { 333 int ret, cmp; 334 335 /* 336 * Fixed ephemeral private key for secp384r1 signature 337 * test vectors from RFC4754 338 */ 339 const u8 k_buf[] = { 340 0xB4, 0xB7, 0x4E, 0x44, 0xD7, 0x1A, 0x13, 0xD5, 341 0x68, 0x00, 0x3D, 0x74, 0x89, 0x90, 0x8D, 0x56, 342 0x4C, 0x77, 0x61, 0xE2, 0x29, 0xC5, 0x8C, 0xBF, 343 0xA1, 0x89, 0x50, 0x09, 0x6E, 0xB7, 0x46, 0x3B, 344 0x85, 0x4D, 0x7F, 0xA9, 0x92, 0xF9, 0x34, 0xD9, 345 0x27, 0x37, 0x62, 0x85, 0xE6, 0x34, 0x14, 0xFA 346 }; 347 348 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 349 ret = nn_cmp(out, q, &cmp); EG(ret, err); 350 351 ret = (cmp >= 0) ? -1 : 0; 352 353 err: 354 return ret; 355 } 356 357 static const u8 ecdsa_secp384r1_sha3_384_test_vectors_priv_key[] = { 358 0x0B, 0xEB, 0x64, 0x66, 0x34, 0xBA, 0x87, 0x73, 359 0x5D, 0x77, 0xAE, 0x48, 0x09, 0xA0, 0xEB, 0xEA, 360 0x86, 0x55, 0x35, 0xDE, 0x4C, 0x1E, 0x1D, 0xCB, 361 0x69, 0x2E, 0x84, 0x70, 0x8E, 0x81, 0xA5, 0xAF, 362 0x62, 0xE5, 0x28, 0xC3, 0x8B, 0x2A, 0x81, 0xB3, 363 0x53, 0x09, 0x66, 0x8D, 0x73, 0x52, 0x4D, 0x9F 364 }; 365 366 static const u8 ecdsa_secp384r1_sha3_384_test_vectors_expected_sig[] = { 367 0xfb, 0x01, 0x7b, 0x91, 0x4e, 0x29, 0x14, 0x94, 368 0x32, 0xd8, 0xba, 0xc2, 0x9a, 0x51, 0x46, 0x40, 369 0xb4, 0x6f, 0x53, 0xdd, 0xab, 0x2c, 0x69, 0x94, 370 0x80, 0x84, 0xe2, 0x93, 0x0f, 0x1c, 0x8f, 0x7e, 371 0x08, 0xe0, 0x7c, 0x9c, 0x63, 0xf2, 0xd2, 0x1a, 372 0x07, 0xdc, 0xb5, 0x6a, 0x6a, 0xf5, 0x6e, 0xb3, 373 374 0xbe, 0x9b, 0x4f, 0x2b, 0x7b, 0x02, 0xca, 0xd3, 375 0xd0, 0xb4, 0x7c, 0xf6, 0x20, 0xfa, 0x26, 0xae, 376 0x24, 0x6c, 0x95, 0x86, 0x1d, 0xbe, 0x6b, 0x5d, 377 0xc5, 0xb3, 0xb3, 0xfb, 0xea, 0x96, 0x4f, 0xef, 378 0x48, 0xb7, 0x4b, 0x07, 0x4a, 0xdd, 0x6a, 0xc8, 379 0x8f, 0x4f, 0x3f, 0x9d, 0xdd, 0x3a, 0xa4, 0x1c 380 }; 381 382 static const ec_test_case ecdsa_secp384r1_sha3_384_test_case = { 383 .name = "ECDSA-SHA3_384/secp384r1", 384 .ec_str_p = &secp384r1_str_params, 385 .priv_key = ecdsa_secp384r1_sha3_384_test_vectors_priv_key, 386 .priv_key_len = sizeof(ecdsa_secp384r1_sha3_384_test_vectors_priv_key), 387 .nn_random = ecdsa_nn_random_secp384r1_sha3_384_test_vector, 388 .hash_type = SHA3_384, 389 .msg = (const char *)sha3_1600_bit_msg, 390 .msglen = sizeof(sha3_1600_bit_msg), 391 .sig_type = ECDSA, 392 .exp_sig = ecdsa_secp384r1_sha3_384_test_vectors_expected_sig, 393 .exp_siglen = 394 sizeof(ecdsa_secp384r1_sha3_384_test_vectors_expected_sig), 395 .adata = NULL, 396 .adata_len = 0 397 }; 398 #endif /* WITH_CURVE_SECP384R1 */ 399 #endif /* WITH_HASH_SHA3_384 */ 400 401 #ifdef WITH_HASH_SHA3_512 402 #ifdef WITH_CURVE_SECP521R1 403 #define ECDSA_SHA3_512_SECP521R1_SELF_TEST 404 405 /* ECDSA secp521r1 test vectors */ 406 407 static int ecdsa_nn_random_secp521r1_sha3_512_test_vector(nn_t out, nn_src_t q) 408 { 409 int ret, cmp; 410 411 /* 412 * Fixed ephemeral private key for secp521r1 signature 413 * test vectors from RFC4754 414 */ 415 const u8 k_buf[] = { 416 0x00, 0xC1, 0xC2, 0xB3, 0x05, 0x41, 0x9F, 0x5A, 417 0x41, 0x34, 0x4D, 0x7E, 0x43, 0x59, 0x93, 0x3D, 418 0x73, 0x40, 0x96, 0xF5, 0x56, 0x19, 0x7A, 0x9B, 419 0x24, 0x43, 0x42, 0xB8, 0xB6, 0x2F, 0x46, 0xF9, 420 0x37, 0x37, 0x78, 0xF9, 0xDE, 0x6B, 0x64, 0x97, 421 0xB1, 0xEF, 0x82, 0x5F, 0xF2, 0x4F, 0x42, 0xF9, 422 0xB4, 0xA4, 0xBD, 0x73, 0x82, 0xCF, 0xC3, 0x37, 423 0x8A, 0x54, 0x0B, 0x1B, 0x7F, 0x0C, 0x1B, 0x95, 424 0x6C, 0x2F 425 }; 426 427 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 428 ret = nn_cmp(out, q, &cmp); EG(ret, err); 429 430 ret = (cmp >= 0) ? -1 : 0; 431 432 err: 433 return ret; 434 } 435 436 static const u8 ecdsa_secp521r1_sha3_512_test_vectors_priv_key[] = { 437 0x00, 0x65, 0xFD, 0xA3, 0x40, 0x94, 0x51, 0xDC, 438 0xAB, 0x0A, 0x0E, 0xAD, 0x45, 0x49, 0x51, 0x12, 439 0xA3, 0xD8, 0x13, 0xC1, 0x7B, 0xFD, 0x34, 0xBD, 440 0xF8, 0xC1, 0x20, 0x9D, 0x7D, 0xF5, 0x84, 0x91, 441 0x20, 0x59, 0x77, 0x79, 0x06, 0x0A, 0x7F, 0xF9, 442 0xD7, 0x04, 0xAD, 0xF7, 0x8B, 0x57, 0x0F, 0xFA, 443 0xD6, 0xF0, 0x62, 0xE9, 0x5C, 0x7E, 0x0C, 0x5D, 444 0x54, 0x81, 0xC5, 0xB1, 0x53, 0xB4, 0x8B, 0x37, 445 0x5F, 0xA1 446 }; 447 448 static const u8 ecdsa_secp521r1_sha3_512_test_vectors_expected_sig[] = { 449 0x01, 0x54, 0xfd, 0x38, 0x36, 0xaf, 0x92, 0xd0, 450 0xdc, 0xa5, 0x7d, 0xd5, 0x34, 0x1d, 0x30, 0x53, 451 0x98, 0x85, 0x34, 0xfd, 0xe8, 0x31, 0x8f, 0xc6, 452 0xaa, 0xaa, 0xb6, 0x8e, 0x2e, 0x6f, 0x43, 0x39, 453 0xb1, 0x9f, 0x2f, 0x28, 0x1a, 0x7e, 0x0b, 0x22, 454 0xc2, 0x69, 0xd9, 0x3c, 0xf8, 0x79, 0x4a, 0x92, 455 0x78, 0x88, 0x0e, 0xd7, 0xdb, 0xb8, 0xd9, 0x36, 456 0x2c, 0xae, 0xac, 0xee, 0x54, 0x43, 0x20, 0x55, 457 0x22, 0x51, 458 0x00, 0x15, 0xeb, 0xfd, 0xad, 0xf3, 0xf8, 0x00, 459 0x11, 0x51, 0x47, 0x9e, 0xec, 0xf4, 0x19, 0x53, 460 0x01, 0x56, 0xc2, 0x85, 0x62, 0x69, 0xc5, 0x24, 461 0x4c, 0x7a, 0xbd, 0xac, 0x36, 0xab, 0x45, 0xd0, 462 0xdc, 0xf5, 0xa5, 0xb5, 0x33, 0xff, 0xff, 0xa2, 463 0xa8, 0xbe, 0xea, 0xea, 0xda, 0x04, 0xc1, 0xc5, 464 0xc8, 0x1e, 0x99, 0xa1, 0xd7, 0x88, 0xc9, 0x24, 465 0x03, 0xe1, 0x78, 0x4a, 0x82, 0xcd, 0xd5, 0xe5, 466 0xfb, 0x27 467 }; 468 469 static const ec_test_case ecdsa_secp521r1_sha3_512_test_case = { 470 .name = "ECDSA-SHA3_512/secp521r1", 471 .ec_str_p = &secp521r1_str_params, 472 .priv_key = ecdsa_secp521r1_sha3_512_test_vectors_priv_key, 473 .priv_key_len = sizeof(ecdsa_secp521r1_sha3_512_test_vectors_priv_key), 474 .nn_random = ecdsa_nn_random_secp521r1_sha3_512_test_vector, 475 .hash_type = SHA3_512, 476 .msg = (const char *)sha3_1600_bit_msg, 477 .msglen = sizeof(sha3_1600_bit_msg), 478 .sig_type = ECDSA, 479 .exp_sig = ecdsa_secp521r1_sha3_512_test_vectors_expected_sig, 480 .exp_siglen = 481 sizeof(ecdsa_secp521r1_sha3_512_test_vectors_expected_sig), 482 .adata = NULL, 483 .adata_len = 0 484 }; 485 #endif /* WITH_CURVE_SECP521R1 */ 486 #endif /* WITH_HASH_SHA3_512 */ 487 488 #ifdef WITH_HASH_SHA224 489 #ifdef WITH_CURVE_SECP192R1 490 #define ECDSA_SHA224_SECP192R1_SELF_TEST 491 492 /* ECDSA secp192r1 w/ sha224 test vectors to test truncation steps */ 493 494 static int ecdsa_nn_random_secp192r1_test_vector(nn_t out, nn_src_t q) 495 { 496 int ret, cmp; 497 498 const u8 k_buf[] = { 499 0xFA, 0x6D, 0xE2, 0x97, 0x46, 0xBB, 0xEB, 0x7F, 500 0x8B, 0xB1, 0xE7, 0x61, 0xF8, 0x5F, 0x7D, 0xFB, 501 0x29, 0x83, 0x16, 0x9D, 0x82, 0xFA, 0x2F, 0x4E 502 }; 503 504 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 505 ret = nn_cmp(out, q, &cmp); EG(ret, err); 506 507 ret = (cmp >= 0) ? -1 : 0; 508 509 err: 510 return ret; 511 } 512 513 static const u8 ecdsa_secp192r1_test_vectors_priv_key[] = { 514 0x1A, 0x8D, 0x59, 0x8F, 0xC1, 0x5B, 0xF0, 0xFD, 515 0x89, 0x03, 0x0B, 0x5C, 0xB1, 0x11, 0x1A, 0xEB, 516 0x92, 0xAE, 0x8B, 0xAF, 0x5E, 0xA4, 0x75, 0xFB 517 }; 518 519 static const u8 ecdsa_secp192r1_test_vectors_expected_sig[] = { 520 0x88, 0x50, 0x52, 0x38, 0x0F, 0xF1, 0x47, 0xB7, 521 0x34, 0xC3, 0x30, 0xC4, 0x3D, 0x39, 0xB2, 0xC4, 522 0xA8, 0x9F, 0x29, 0xB0, 0xF7, 0x49, 0xFE, 0xAD, 523 524 0x66, 0x63, 0xF2, 0x78, 0x36, 0x98, 0x7E, 0xED, 525 0x45, 0x85, 0x82, 0xD1, 0xF4, 0x43, 0x29, 0x3A, 526 0x5E, 0xD8, 0x88, 0x49, 0xB2, 0xFC, 0x5C, 0xD9 527 }; 528 529 static const ec_test_case ecdsa_secp192r1_test_case = { 530 .name = "ECDSA-SHA224/secp192r1", 531 .ec_str_p = &secp192r1_str_params, 532 .priv_key = ecdsa_secp192r1_test_vectors_priv_key, 533 .priv_key_len = sizeof(ecdsa_secp192r1_test_vectors_priv_key), 534 .nn_random = ecdsa_nn_random_secp192r1_test_vector, 535 .hash_type = SHA224, 536 .msg = "abc", 537 .msglen = 3, 538 .sig_type = ECDSA, 539 .exp_sig = ecdsa_secp192r1_test_vectors_expected_sig, 540 .exp_siglen = sizeof(ecdsa_secp192r1_test_vectors_expected_sig), 541 .adata = NULL, 542 .adata_len = 0 543 }; 544 #endif /* WITH_CURVE_SECP192R1 */ 545 #endif /* WITH_HASH_SHA224 */ 546 547 #ifdef WITH_HASH_SHA224 548 #ifdef WITH_CURVE_SECP224R1 549 #define ECDSA_SHA224_SECP224R1_SELF_TEST 550 551 /* ECDSA secp224r1 test vectors */ 552 553 static int ecdsa_nn_random_rfc4754_secp224r1_test_vector(nn_t out, nn_src_t q) 554 { 555 int ret, cmp; 556 557 /* 558 * Fixed ephemeral private key for secp224r1 signature 559 * test vectors from RFC4754 560 */ 561 const u8 k_buf[] = { 562 0xb7, 0x63, 0x8a, 0x22, 0xe5, 0xee, 0xe7, 0x76, 563 0xa4, 0x25, 0x3f, 0x97, 0xe8, 0x35, 0x1a, 0x3c, 564 0x94, 0xb0, 0x19, 0x37, 0x66, 0x2a, 0x0e, 0xbd, 565 0xd6, 0xe7, 0xae, 0xe0 566 }; 567 568 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 569 ret = nn_cmp(out, q, &cmp); EG(ret, err); 570 571 ret = (cmp >= 0) ? -1 : 0; 572 573 err: 574 return ret; 575 } 576 577 static const u8 ecdsa_secp224r1_test_vectors_priv_key[] = { 578 0xc3, 0x1a, 0x15, 0x2d, 0x2c, 0x62, 0x40, 0x21, 579 0x80, 0x87, 0x55, 0xb2, 0xcb, 0xdf, 0x80, 0xd3, 580 0x09, 0xe3, 0x6a, 0xea, 0xc1, 0xcc, 0xd9, 0xdb, 581 0x82, 0xb1, 0xd7, 0xc3 582 }; 583 584 static const u8 ecdsa_secp224r1_test_vectors_expected_sig[] = { 585 0x56, 0xa6, 0x93, 0xe1, 0x20, 0x0a, 0xa8, 0xe3, 586 0xd2, 0x78, 0x07, 0xba, 0x5c, 0xe7, 0xb8, 0xf7, 587 0xdf, 0x24, 0xa6, 0x65, 0x1e, 0xb8, 0x70, 0x6e, 588 0x65, 0x52, 0x49, 0xd4, 589 0x4e, 0x49, 0xa0, 0x37, 0x9d, 0x04, 0x4f, 0x34, 590 0x82, 0xe5, 0x68, 0x32, 0x45, 0x84, 0x23, 0xcf, 591 0x0a, 0xef, 0xef, 0xe9, 0x08, 0x1b, 0x6b, 0xc7, 592 0x80, 0x5e, 0x18, 0xea 593 }; 594 595 static const ec_test_case ecdsa_secp224r1_test_case = { 596 .name = "ECDSA-SHA224/secp224r1", 597 .ec_str_p = &secp224r1_str_params, 598 .priv_key = ecdsa_secp224r1_test_vectors_priv_key, 599 .priv_key_len = sizeof(ecdsa_secp224r1_test_vectors_priv_key), 600 .nn_random = ecdsa_nn_random_rfc4754_secp224r1_test_vector, 601 .hash_type = SHA224, 602 .msg = "abc", 603 .msglen = 3, 604 .sig_type = ECDSA, 605 .exp_sig = ecdsa_secp224r1_test_vectors_expected_sig, 606 .exp_siglen = sizeof(ecdsa_secp224r1_test_vectors_expected_sig), 607 .adata = NULL, 608 .adata_len = 0 609 }; 610 #endif /* WITH_CURVE_SECP224R1 */ 611 #endif /* WITH_HASH_SHA224 */ 612 613 #ifdef WITH_HASH_SHA256 614 #ifdef WITH_CURVE_SECP256R1 615 #define ECDSA_SHA256_SECP256R1_SELF_TEST 616 617 /* ECDSA secp256r1 test vectors */ 618 619 static int ecdsa_nn_random_rfc4754_secp256r1_test_vector(nn_t out, nn_src_t q) 620 { 621 int ret, cmp; 622 623 /* 624 * Fixed ephemeral private key for secp256r1 signature 625 * test vectors from RFC4754 626 */ 627 const u8 k_buf[] = { 628 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9, 629 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7, 630 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15, 631 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE 632 }; 633 634 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 635 ret = nn_cmp(out, q, &cmp); EG(ret, err); 636 637 ret = (cmp >= 0) ? -1 : 0; 638 639 err: 640 return ret; 641 } 642 643 static const u8 ecdsa_secp256r1_test_vectors_priv_key[] = { 644 0xDC, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD, 645 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D, 646 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75, 647 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F 648 }; 649 650 static const u8 ecdsa_secp256r1_test_vectors_expected_sig[] = { 651 0xCB, 0x28, 0xE0, 0x99, 0x9B, 0x9C, 0x77, 0x15, 652 0xFD, 0x0A, 0x80, 0xD8, 0xE4, 0x7A, 0x77, 0x07, 653 0x97, 0x16, 0xCB, 0xBF, 0x91, 0x7D, 0xD7, 0x2E, 654 0x97, 0x56, 0x6E, 0xA1, 0xC0, 0x66, 0x95, 0x7C, 655 0x86, 0xFA, 0x3B, 0xB4, 0xE2, 0x6C, 0xAD, 0x5B, 656 0xF9, 0x0B, 0x7F, 0x81, 0x89, 0x92, 0x56, 0xCE, 657 0x75, 0x94, 0xBB, 0x1E, 0xA0, 0xC8, 0x92, 0x12, 658 0x74, 0x8B, 0xFF, 0x3B, 0x3D, 0x5B, 0x03, 0x15 659 }; 660 661 static const ec_test_case ecdsa_secp256r1_test_case = { 662 .name = "ECDSA-SHA256/secp256r1", 663 .ec_str_p = &secp256r1_str_params, 664 .priv_key = ecdsa_secp256r1_test_vectors_priv_key, 665 .priv_key_len = sizeof(ecdsa_secp256r1_test_vectors_priv_key), 666 .nn_random = ecdsa_nn_random_rfc4754_secp256r1_test_vector, 667 .hash_type = SHA256, 668 .msg = "abc", 669 .msglen = 3, 670 .sig_type = ECDSA, 671 .exp_sig = ecdsa_secp256r1_test_vectors_expected_sig, 672 .exp_siglen = sizeof(ecdsa_secp256r1_test_vectors_expected_sig), 673 .adata = NULL, 674 .adata_len = 0 675 }; 676 #endif /* WITH_CURVE_SECP256R1 */ 677 #endif /* WITH_HASH_SHA256 */ 678 679 #ifdef WITH_HASH_SHA512 680 #ifdef WITH_CURVE_SECP256R1 681 #define ECDSA_SHA512_SECP256R1_SELF_TEST 682 683 /* 684 * ECDSA secp256r1 test vector using SHA512. This test vector is intended 685 * to test truncation (right shift) step in signature and verification 686 * code when the output size of the hash function is larger than the 687 * bit size of q (order of the group generated by the base point). 688 */ 689 690 static int ecdsa_nn_random_secp256r1_sha512_test_vector(nn_t out, nn_src_t q) 691 { 692 int ret, cmp; 693 694 const u8 k_buf[] = { 695 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9, 696 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7, 697 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15, 698 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE 699 }; 700 701 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 702 ret = nn_cmp(out, q, &cmp); EG(ret, err); 703 704 ret = (cmp >= 0) ? -1 : 0; 705 706 err: 707 return ret; 708 } 709 710 static const u8 ecdsa_secp256r1_sha512_test_vectors_priv_key[] = { 711 0xDC, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD, 712 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D, 713 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75, 714 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F 715 }; 716 717 static const u8 ecdsa_secp256r1_sha512_test_vectors_expected_sig[] = { 718 0xcb, 0x28, 0xe0, 0x99, 0x9b, 0x9c, 0x77, 0x15, 719 0xfd, 0x0a, 0x80, 0xd8, 0xe4, 0x7a, 0x77, 0x07, 720 0x97, 0x16, 0xcb, 0xbf, 0x91, 0x7d, 0xd7, 0x2e, 721 0x97, 0x56, 0x6e, 0xa1, 0xc0, 0x66, 0x95, 0x7c, 722 0x78, 0x84, 0x35, 0x83, 0x06, 0xaf, 0xd1, 0xc8, 723 0xa2, 0xa5, 0xf8, 0xee, 0x73, 0xe4, 0x22, 0x6f, 724 0x1f, 0x6a, 0x14, 0xec, 0xaf, 0x2d, 0xe3, 0x0e, 725 0xde, 0x1e, 0xb4, 0xe9, 0xe2, 0xf6, 0x8d, 0x3a 726 }; 727 728 static const ec_test_case ecdsa_secp256r1_sha512_test_case = { 729 .name = "ECDSA-SHA512/secp256r1", 730 .ec_str_p = &secp256r1_str_params, 731 .priv_key = ecdsa_secp256r1_sha512_test_vectors_priv_key, 732 .priv_key_len = sizeof(ecdsa_secp256r1_sha512_test_vectors_priv_key), 733 .nn_random = ecdsa_nn_random_secp256r1_sha512_test_vector, 734 .hash_type = SHA512, 735 .msg = "abc", 736 .msglen = 3, 737 .sig_type = ECDSA, 738 .exp_sig = ecdsa_secp256r1_sha512_test_vectors_expected_sig, 739 .exp_siglen = sizeof(ecdsa_secp256r1_sha512_test_vectors_expected_sig), 740 .adata = NULL, 741 .adata_len = 0 742 }; 743 #endif /* WITH_CURVE_SECP256R1 */ 744 #endif /* WITH_HASH_SHA512 */ 745 746 #ifdef WITH_HASH_SHA384 747 #ifdef WITH_CURVE_SECP384R1 748 #define ECDSA_SHA384_SECP384R1_SELF_TEST 749 750 /* ECDSA secp384r1 test vectors */ 751 752 static int ecdsa_nn_random_rfc4754_secp384r1_test_vector(nn_t out, nn_src_t q) 753 { 754 int ret, cmp; 755 756 /* 757 * Fixed ephemeral private key for secp384r1 signature 758 * test vectors from RFC4754 759 */ 760 const u8 k_buf[] = { 761 0xB4, 0xB7, 0x4E, 0x44, 0xD7, 0x1A, 0x13, 0xD5, 762 0x68, 0x00, 0x3D, 0x74, 0x89, 0x90, 0x8D, 0x56, 763 0x4C, 0x77, 0x61, 0xE2, 0x29, 0xC5, 0x8C, 0xBF, 764 0xA1, 0x89, 0x50, 0x09, 0x6E, 0xB7, 0x46, 0x3B, 765 0x85, 0x4D, 0x7F, 0xA9, 0x92, 0xF9, 0x34, 0xD9, 766 0x27, 0x37, 0x62, 0x85, 0xE6, 0x34, 0x14, 0xFA 767 }; 768 769 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 770 ret = nn_cmp(out, q, &cmp); EG(ret, err); 771 772 ret = (cmp >= 0) ? -1 : 0; 773 774 err: 775 return ret; 776 } 777 778 static const u8 ecdsa_secp384r1_test_vectors_priv_key[] = { 779 0x0B, 0xEB, 0x64, 0x66, 0x34, 0xBA, 0x87, 0x73, 780 0x5D, 0x77, 0xAE, 0x48, 0x09, 0xA0, 0xEB, 0xEA, 781 0x86, 0x55, 0x35, 0xDE, 0x4C, 0x1E, 0x1D, 0xCB, 782 0x69, 0x2E, 0x84, 0x70, 0x8E, 0x81, 0xA5, 0xAF, 783 0x62, 0xE5, 0x28, 0xC3, 0x8B, 0x2A, 0x81, 0xB3, 784 0x53, 0x09, 0x66, 0x8D, 0x73, 0x52, 0x4D, 0x9F 785 }; 786 787 static const u8 ecdsa_secp384r1_test_vectors_expected_sig[] = { 788 0xFB, 0x01, 0x7B, 0x91, 0x4E, 0x29, 0x14, 0x94, 789 0x32, 0xD8, 0xBA, 0xC2, 0x9A, 0x51, 0x46, 0x40, 790 0xB4, 0x6F, 0x53, 0xDD, 0xAB, 0x2C, 0x69, 0x94, 791 0x80, 0x84, 0xE2, 0x93, 0x0F, 0x1C, 0x8F, 0x7E, 792 0x08, 0xE0, 0x7C, 0x9C, 0x63, 0xF2, 0xD2, 0x1A, 793 0x07, 0xDC, 0xB5, 0x6A, 0x6A, 0xF5, 0x6E, 0xB3, 794 0xB2, 0x63, 0xA1, 0x30, 0x5E, 0x05, 0x7F, 0x98, 795 0x4D, 0x38, 0x72, 0x6A, 0x1B, 0x46, 0x87, 0x41, 796 0x09, 0xF4, 0x17, 0xBC, 0xA1, 0x12, 0x67, 0x4C, 797 0x52, 0x82, 0x62, 0xA4, 0x0A, 0x62, 0x9A, 0xF1, 798 0xCB, 0xB9, 0xF5, 0x16, 0xCE, 0x0F, 0xA7, 0xD2, 799 0xFF, 0x63, 0x08, 0x63, 0xA0, 0x0E, 0x8B, 0x9F 800 }; 801 802 static const ec_test_case ecdsa_secp384r1_test_case = { 803 .name = "ECDSA-SHA384/secp384r1", 804 .ec_str_p = &secp384r1_str_params, 805 .priv_key = ecdsa_secp384r1_test_vectors_priv_key, 806 .priv_key_len = sizeof(ecdsa_secp384r1_test_vectors_priv_key), 807 .nn_random = ecdsa_nn_random_rfc4754_secp384r1_test_vector, 808 .hash_type = SHA384, 809 .msg = "abc", 810 .msglen = 3, 811 .sig_type = ECDSA, 812 .exp_sig = ecdsa_secp384r1_test_vectors_expected_sig, 813 .exp_siglen = sizeof(ecdsa_secp384r1_test_vectors_expected_sig), 814 .adata = NULL, 815 .adata_len = 0 816 }; 817 #endif /* WITH_CURVE_SECP384R1 */ 818 #endif /* WITH_HASH_SHA384 */ 819 820 #ifdef WITH_HASH_SHA512 821 #ifdef WITH_CURVE_SECP521R1 822 #define ECDSA_SHA512_SECP521R1_SELF_TEST 823 824 /* ECDSA secp521r1 test vectors */ 825 826 static int ecdsa_nn_random_secp521r1_test_vector(nn_t out, nn_src_t q) 827 { 828 int ret, cmp; 829 830 /* 831 * Fixed ephemeral private key for secp521r1 signature 832 * test vectors from RFC4754 833 */ 834 const u8 k_buf[] = { 835 0x00, 0xC1, 0xC2, 0xB3, 0x05, 0x41, 0x9F, 0x5A, 836 0x41, 0x34, 0x4D, 0x7E, 0x43, 0x59, 0x93, 0x3D, 837 0x73, 0x40, 0x96, 0xF5, 0x56, 0x19, 0x7A, 0x9B, 838 0x24, 0x43, 0x42, 0xB8, 0xB6, 0x2F, 0x46, 0xF9, 839 0x37, 0x37, 0x78, 0xF9, 0xDE, 0x6B, 0x64, 0x97, 840 0xB1, 0xEF, 0x82, 0x5F, 0xF2, 0x4F, 0x42, 0xF9, 841 0xB4, 0xA4, 0xBD, 0x73, 0x82, 0xCF, 0xC3, 0x37, 842 0x8A, 0x54, 0x0B, 0x1B, 0x7F, 0x0C, 0x1B, 0x95, 843 0x6C, 0x2F 844 }; 845 846 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 847 ret = nn_cmp(out, q, &cmp); EG(ret, err); 848 849 ret = (cmp >= 0) ? -1 : 0; 850 851 err: 852 return ret; 853 } 854 855 static const u8 ecdsa_secp521r1_test_vectors_priv_key[] = { 856 0x00, 0x65, 0xFD, 0xA3, 0x40, 0x94, 0x51, 0xDC, 857 0xAB, 0x0A, 0x0E, 0xAD, 0x45, 0x49, 0x51, 0x12, 858 0xA3, 0xD8, 0x13, 0xC1, 0x7B, 0xFD, 0x34, 0xBD, 859 0xF8, 0xC1, 0x20, 0x9D, 0x7D, 0xF5, 0x84, 0x91, 860 0x20, 0x59, 0x77, 0x79, 0x06, 0x0A, 0x7F, 0xF9, 861 0xD7, 0x04, 0xAD, 0xF7, 0x8B, 0x57, 0x0F, 0xFA, 862 0xD6, 0xF0, 0x62, 0xE9, 0x5C, 0x7E, 0x0C, 0x5D, 863 0x54, 0x81, 0xC5, 0xB1, 0x53, 0xB4, 0x8B, 0x37, 864 0x5F, 0xA1 865 }; 866 867 static const u8 ecdsa_secp521r1_test_vectors_expected_sig[] = { 868 0x01, 0x54, 0xFD, 0x38, 0x36, 0xAF, 0x92, 0xD0, 869 0xDC, 0xA5, 0x7D, 0xD5, 0x34, 0x1D, 0x30, 0x53, 870 0x98, 0x85, 0x34, 0xFD, 0xE8, 0x31, 0x8F, 0xC6, 871 0xAA, 0xAA, 0xB6, 0x8E, 0x2E, 0x6F, 0x43, 0x39, 872 0xB1, 0x9F, 0x2F, 0x28, 0x1A, 0x7E, 0x0B, 0x22, 873 0xC2, 0x69, 0xD9, 0x3C, 0xF8, 0x79, 0x4A, 0x92, 874 0x78, 0x88, 0x0E, 0xD7, 0xDB, 0xB8, 0xD9, 0x36, 875 0x2C, 0xAE, 0xAC, 0xEE, 0x54, 0x43, 0x20, 0x55, 876 0x22, 0x51, 0x01, 0x77, 0x05, 0xA7, 0x03, 0x02, 877 0x90, 0xD1, 0xCE, 0xB6, 0x05, 0xA9, 0xA1, 0xBB, 878 0x03, 0xFF, 0x9C, 0xDD, 0x52, 0x1E, 0x87, 0xA6, 879 0x96, 0xEC, 0x92, 0x6C, 0x8C, 0x10, 0xC8, 0x36, 880 0x2D, 0xF4, 0x97, 0x53, 0x67, 0x10, 0x1F, 0x67, 881 0xD1, 0xCF, 0x9B, 0xCC, 0xBF, 0x2F, 0x3D, 0x23, 882 0x95, 0x34, 0xFA, 0x50, 0x9E, 0x70, 0xAA, 0xC8, 883 0x51, 0xAE, 0x01, 0xAA, 0xC6, 0x8D, 0x62, 0xF8, 884 0x66, 0x47, 0x26, 0x60 885 }; 886 887 static const ec_test_case ecdsa_secp521r1_test_case = { 888 .name = "ECDSA-SHA512/secp521r1", 889 .ec_str_p = &secp521r1_str_params, 890 .priv_key = ecdsa_secp521r1_test_vectors_priv_key, 891 .priv_key_len = sizeof(ecdsa_secp521r1_test_vectors_priv_key), 892 .nn_random = ecdsa_nn_random_secp521r1_test_vector, 893 .hash_type = SHA512, 894 .msg = "abc", 895 .msglen = 3, 896 .sig_type = ECDSA, 897 .exp_sig = ecdsa_secp521r1_test_vectors_expected_sig, 898 .exp_siglen = sizeof(ecdsa_secp521r1_test_vectors_expected_sig), 899 .adata = NULL, 900 .adata_len = 0 901 }; 902 #endif /* WITH_CURVE_SECP521R1 */ 903 #endif /* WITH_HASH_SHA512 */ 904 905 #ifdef WITH_HASH_SHA256 906 #ifdef WITH_CURVE_BRAINPOOLP256R1 907 #define ECDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 908 909 /* ECDSA Brainpoolp256r1 test vectors */ 910 911 static int ecdsa_nn_random_brainpoolp256r1_test_vector(nn_t out, nn_src_t q) 912 { 913 int ret, cmp; 914 915 /* 916 * Fixed ephemeral private key for brainpoolp256r1 signature 917 */ 918 const u8 k_buf[] = { 919 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9, 920 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7, 921 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15, 922 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE 923 }; 924 925 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 926 ret = nn_cmp(out, q, &cmp); EG(ret, err); 927 928 ret = (cmp >= 0) ? -1 : 0; 929 930 err: 931 return ret; 932 } 933 934 static const u8 ecdsa_brainpoolp256r1_test_vectors_priv_key[] = { 935 0x00, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD, 936 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D, 937 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75, 938 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F 939 }; 940 941 static const u8 ecdsa_brainpoolp256r1_test_vectors_expected_sig[] = { 942 0xa3, 0xfa, 0x53, 0x9a, 0xc2, 0xcf, 0xfb, 0xd5, 943 0xc5, 0xad, 0xb6, 0x64, 0x8c, 0xb3, 0xb5, 0xe3, 944 0x6a, 0x08, 0x7d, 0xcc, 0xd5, 0xda, 0xae, 0x8a, 945 0x05, 0x87, 0xac, 0x37, 0x88, 0x78, 0x79, 0xb5, 946 0xa7, 0xff, 0x72, 0xa9, 0xd8, 0x5c, 0x6e, 0xdd, 947 0x48, 0x56, 0x2e, 0x8c, 0xd8, 0xf7, 0x6d, 0xab, 948 0xe3, 0xdb, 0xc3, 0x96, 0x05, 0x69, 0xdf, 0x5d, 949 0x13, 0xf9, 0x83, 0x5c, 0xf4, 0xca, 0x72, 0x3b 950 }; 951 952 static const ec_test_case ecdsa_brainpoolp256r1_test_case = { 953 .name = "ECDSA-SHA256/brainpoolp256r1", 954 .ec_str_p = &brainpoolp256r1_str_params, 955 .priv_key = ecdsa_brainpoolp256r1_test_vectors_priv_key, 956 .priv_key_len = sizeof(ecdsa_brainpoolp256r1_test_vectors_priv_key), 957 .nn_random = ecdsa_nn_random_brainpoolp256r1_test_vector, 958 .hash_type = SHA256, 959 .msg = "abc", 960 .msglen = 3, 961 .sig_type = ECDSA, 962 .exp_sig = ecdsa_brainpoolp256r1_test_vectors_expected_sig, 963 .exp_siglen = sizeof(ecdsa_brainpoolp256r1_test_vectors_expected_sig), 964 .adata = NULL, 965 .adata_len = 0 966 }; 967 968 #endif /* WITH_CURVE_BRAINPOOLP256R1 */ 969 #endif /* WITH_HASH_SHA256 */ 970 971 #ifdef WITH_HASH_SHA384 972 #ifdef WITH_CURVE_BRAINPOOLP384R1 973 #define ECDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 974 975 /* ECDSA Brainpoolp384r1 test vectors */ 976 977 static int ecdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q) 978 { 979 int ret, cmp; 980 981 /* 982 * Fixed ephemeral private key for brainpoolp384r1 signature 983 */ 984 const u8 k_buf[] = { 985 0x87, 0x77, 0x2f, 0x94, 0x81, 0x26, 0xe2, 0x38, 986 0x04, 0xec, 0x30, 0x71, 0x34, 0x94, 0x74, 0x84, 987 0x2c, 0x21, 0x08, 0x6b, 0xf2, 0x91, 0xfb, 0x33, 988 0x02, 0xc2, 0x54, 0x82, 0x6c, 0x14, 0xc0, 0xa8, 989 0x5d, 0x66, 0x03, 0x0b, 0xe9, 0x0b, 0xfe, 0x51, 990 0xd4, 0x53, 0x0a, 0x55, 0xfd, 0x61, 0x51, 0x21 991 }; 992 993 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 994 ret = nn_cmp(out, q, &cmp); EG(ret, err); 995 996 ret = (cmp >= 0) ? -1 : 0; 997 998 err: 999 return ret; 1000 } 1001 1002 static const u8 ecdsa_brainpoolp384r1_test_vectors_priv_key[] = { 1003 0x22, 0xde, 0x1b, 0x4e, 0x46, 0xdf, 0x58, 0x37, 1004 0xe0, 0x08, 0xa2, 0x67, 0x7a, 0xc6, 0x25, 0x6a, 1005 0xf3, 0x0e, 0xd1, 0xd9, 0x58, 0xe8, 0xa4, 0xee, 1006 0xd5, 0x02, 0x0a, 0xef, 0xbb, 0xf7, 0x90, 0x6e, 1007 0x35, 0x99, 0x43, 0xda, 0x81, 0xcc, 0x37, 0xdf, 1008 0xcf, 0x03, 0x83, 0x64, 0xf3, 0x96, 0x13, 0x5a 1009 }; 1010 1011 static const u8 ecdsa_brainpoolp384r1_test_vectors_expected_sig[] = { 1012 0x84, 0xa4, 0xe3, 0xa5, 0xdb, 0x1a, 0x93, 0x1f, 1013 0x77, 0x3e, 0x55, 0xfb, 0xa3, 0x69, 0xc3, 0x6d, 1014 0x21, 0x92, 0xb4, 0x7d, 0xf8, 0x5d, 0x05, 0x20, 1015 0x80, 0x23, 0xdb, 0xaa, 0x15, 0x5f, 0xfe, 0xcc, 1016 0xf9, 0xc0, 0x8f, 0xf1, 0xba, 0x79, 0xe0, 0x13, 1017 0x1e, 0xb4, 0x2c, 0x13, 0xa8, 0x17, 0x99, 0xd6, 1018 1019 0x06, 0x9e, 0x3e, 0x95, 0x40, 0x80, 0xba, 0xef, 1020 0xfe, 0x3b, 0x73, 0xb1, 0xb9, 0x35, 0xa5, 0x60, 1021 0x27, 0x21, 0xa1, 0xd0, 0x0e, 0xe1, 0x12, 0xc0, 1022 0x86, 0x0b, 0xfc, 0xea, 0x93, 0x37, 0x33, 0xca, 1023 0x48, 0xd3, 0xae, 0xd8, 0xf7, 0x02, 0xdc, 0x86, 1024 0x2b, 0x18, 0x2b, 0x12, 0x8c, 0x8f, 0x3a, 0x4c, 1025 }; 1026 1027 static const ec_test_case ecdsa_brainpoolp384r1_test_case = { 1028 .name = "ECDSA-SHA384/brainpoolp384r1", 1029 .ec_str_p = &brainpoolp384r1_str_params, 1030 .priv_key = ecdsa_brainpoolp384r1_test_vectors_priv_key, 1031 .priv_key_len = sizeof(ecdsa_brainpoolp384r1_test_vectors_priv_key), 1032 .nn_random = ecdsa_nn_random_brainpoolp384r1_test_vector, 1033 .hash_type = SHA384, 1034 .msg = "abc", 1035 .msglen = 3, 1036 .sig_type = ECDSA, 1037 .exp_sig = ecdsa_brainpoolp384r1_test_vectors_expected_sig, 1038 .exp_siglen = sizeof(ecdsa_brainpoolp384r1_test_vectors_expected_sig), 1039 .adata = NULL, 1040 .adata_len = 0 1041 }; 1042 1043 #endif /* WITH_CURVE_BRAINPOOLP384R1 */ 1044 #endif /* WITH_HASH_SHA384 */ 1045 1046 #ifdef WITH_HASH_SHA512 1047 #ifdef WITH_CURVE_BRAINPOOLP512R1 1048 #define ECDSA_SHA512_BRAINPOOLP512R1_SELF_TEST 1049 1050 /* ECDSA Brainpoolp512r1 test vectors */ 1051 1052 static int ecdsa_nn_random_brainpoolp512r1_test_vector(nn_t out, nn_src_t q) 1053 { 1054 int ret, cmp; 1055 1056 /* 1057 * Fixed ephemeral private key for brainpoolp512r1 signature 1058 */ 1059 const u8 k_buf[] = { 1060 0x00, 0xC1, 0xC2, 0xB3, 0x05, 0x41, 0x9F, 0x5A, 1061 0x41, 0x34, 0x4D, 0x7E, 0x43, 0x59, 0x93, 0x3D, 1062 0x73, 0x40, 0x96, 0xF5, 0x56, 0x19, 0x7A, 0x9B, 1063 0x24, 0x43, 0x42, 0xB8, 0xB6, 0x2F, 0x46, 0xF9, 1064 0x37, 0x37, 0x78, 0xF9, 0xDE, 0x6B, 0x64, 0x97, 1065 0xB1, 0xEF, 0x82, 0x5F, 0xF2, 0x4F, 0x42, 0xF9, 1066 0xB4, 0xA4, 0xBD, 0x73, 0x82, 0xCF, 0xC3, 0x37, 1067 0x8A, 0x54, 0x0B, 0x1B, 0x7F, 0x0C, 0x1B, 0x95 1068 }; 1069 1070 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1071 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1072 1073 ret = (cmp >= 0) ? -1 : 0; 1074 1075 err: 1076 return ret; 1077 } 1078 1079 static const u8 ecdsa_brainpoolp512r1_test_vectors_priv_key[] = { 1080 0x01, 0xA3, 0x40, 0x94, 0x51, 0xDC, 0xAB, 0x0A, 1081 0x0E, 0xAD, 0x45, 0x49, 0x51, 0x12, 0xA3, 0xD8, 1082 0x13, 0xC1, 0x7B, 0xFD, 0x34, 0xBD, 0xF8, 0xC1, 1083 0x20, 0x9D, 0x7D, 0xF5, 0x84, 0x91, 0x20, 0x59, 1084 0x77, 0x79, 0x06, 0x0A, 0x7F, 0xF9, 0xD7, 0x04, 1085 0xAD, 0xF7, 0x8B, 0x57, 0x0F, 0xFA, 0xD6, 0xF0, 1086 0x62, 0xE9, 0x5C, 0x7E, 0x0C, 0x5D, 0x54, 0x81, 1087 0xC5, 0xB1, 0x53, 0xB4, 0x8B, 0x37, 0x5F, 0xA1 1088 }; 1089 1090 static const u8 ecdsa_brainpoolp512r1_test_vectors_expected_sig[] = { 1091 0x34, 0x83, 0xdd, 0x62, 0x64, 0xab, 0x50, 0xc3, 1092 0x7c, 0x01, 0x89, 0x96, 0xf2, 0x18, 0x3f, 0x31, 1093 0x19, 0xb4, 0xd5, 0x8a, 0x71, 0xba, 0x96, 0xee, 1094 0x4f, 0x1d, 0x69, 0x0d, 0x06, 0xff, 0x04, 0xe7, 1095 0x62, 0xc3, 0x7c, 0x87, 0xac, 0xcb, 0x1b, 0xcb, 1096 0xc6, 0xe1, 0x50, 0x57, 0x7f, 0xd9, 0xa5, 0xd5, 1097 0xfc, 0x64, 0xc9, 0xaa, 0x21, 0x2f, 0x43, 0xac, 1098 0x36, 0xeb, 0xaa, 0xb1, 0x10, 0x5b, 0xe0, 0x37, 1099 0xa9, 0x70, 0xb3, 0xd3, 0x80, 0x1d, 0x51, 0x3d, 1100 0x38, 0x9d, 0x9c, 0x80, 0x76, 0xd9, 0x99, 0x6f, 1101 0xad, 0x0f, 0xc7, 0xf8, 0x67, 0x40, 0xc2, 0x28, 1102 0x1c, 0xe3, 0xfb, 0xae, 0x71, 0x82, 0xd3, 0xe8, 1103 0x5c, 0xb2, 0x24, 0xec, 0x88, 0xb5, 0x81, 0x2a, 1104 0xb1, 0x15, 0x32, 0xfd, 0x01, 0x7c, 0x94, 0xed, 1105 0xd7, 0x8c, 0xa6, 0x32, 0x1e, 0x24, 0x94, 0xa7, 1106 0x38, 0xd0, 0xea, 0xc8, 0x34, 0x05, 0xb9, 0x9b 1107 }; 1108 1109 static const ec_test_case ecdsa_brainpoolp512r1_test_case = { 1110 .name = "ECDSA-SHA512/brainpoolp512r1", 1111 .ec_str_p = &brainpoolp512r1_str_params, 1112 .priv_key = ecdsa_brainpoolp512r1_test_vectors_priv_key, 1113 .priv_key_len = sizeof(ecdsa_brainpoolp512r1_test_vectors_priv_key), 1114 .nn_random = ecdsa_nn_random_brainpoolp512r1_test_vector, 1115 .hash_type = SHA512, 1116 .msg = "abc", 1117 .msglen = 3, 1118 .sig_type = ECDSA, 1119 .exp_sig = ecdsa_brainpoolp512r1_test_vectors_expected_sig, 1120 .exp_siglen = sizeof(ecdsa_brainpoolp512r1_test_vectors_expected_sig), 1121 .adata = NULL, 1122 .adata_len = 0 1123 }; 1124 #endif /* WITH_CURVE_BRAINPOOLP512R1 */ 1125 #endif /* WITH_HASH_SHA512 */ 1126 1127 #ifdef WITH_HASH_SHA256 1128 #ifdef WITH_CURVE_FRP256V1 1129 #define ECDSA_SHA256_FRP256V1_SELF_TEST 1130 1131 /* ECDSA frp256v1 test vectors */ 1132 1133 static int ecdsa_nn_random_frp256v1_test_vector(nn_t out, nn_src_t q) 1134 { 1135 int ret, cmp; 1136 1137 /* 1138 * Fixed ephemeral private key for frp256v1 signature 1139 */ 1140 const u8 k_buf[] = { 1141 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9, 1142 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7, 1143 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15, 1144 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE 1145 }; 1146 1147 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1148 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1149 1150 ret = (cmp >= 0) ? -1 : 0; 1151 1152 err: 1153 return ret; 1154 } 1155 1156 static const u8 ecdsa_frp256v1_test_vectors_priv_key[] = { 1157 0x00, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD, 1158 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D, 1159 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75, 1160 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F 1161 }; 1162 1163 static const u8 ecdsa_frp256v1_test_vectors_expected_sig[] = { 1164 0x22, 0xb1, 0xd0, 0x0d, 0xc8, 0x28, 0xa5, 0xcb, 1165 0xa2, 0x64, 0x31, 0x9f, 0x05, 0x93, 0x3a, 0xc8, 1166 0xed, 0xe6, 0x32, 0x3d, 0x69, 0xd0, 0x2b, 0x31, 1167 0x4e, 0x10, 0xca, 0xa5, 0xf1, 0x3b, 0x29, 0x96, 1168 0xbd, 0xef, 0x27, 0xe6, 0x3c, 0x16, 0xee, 0x46, 1169 0xf8, 0x14, 0x22, 0x9d, 0x3c, 0xf2, 0x3f, 0x08, 1170 0xc7, 0x96, 0x26, 0x13, 0x55, 0xe7, 0xd4, 0x4c, 1171 0x9d, 0xd9, 0xd6, 0xba, 0x08, 0x57, 0x1f, 0xd8 1172 }; 1173 1174 static const ec_test_case ecdsa_frp256v1_test_case = { 1175 .name = "ECDSA-SHA256/frp256v1", 1176 .ec_str_p = &frp256v1_str_params, 1177 .priv_key = ecdsa_frp256v1_test_vectors_priv_key, 1178 .priv_key_len = sizeof(ecdsa_frp256v1_test_vectors_priv_key), 1179 .nn_random = ecdsa_nn_random_frp256v1_test_vector, 1180 .hash_type = SHA256, 1181 .msg = "abc", 1182 .msglen = 3, 1183 .sig_type = ECDSA, 1184 .exp_sig = ecdsa_frp256v1_test_vectors_expected_sig, 1185 .exp_siglen = sizeof(ecdsa_frp256v1_test_vectors_expected_sig), 1186 .adata = NULL, 1187 .adata_len = 0 1188 }; 1189 #endif /* WITH_CURVE_FRP256V1 */ 1190 #endif /* WITH_HASH_SHA256 */ 1191 #endif /* WITH_SIG_ECDSA */ 1192 1193 /******************************************************************* 1194 ************** ECKDSA tests *************************************** 1195 *******************************************************************/ 1196 1197 #ifdef WITH_SIG_ECKCDSA 1198 #ifdef WITH_HASH_SHA224 1199 #ifdef WITH_CURVE_SECP224R1 1200 #define ECKCDSA_SHA224_SECP224R1_SELF_TEST 1201 1202 /* ECKCDSA secp224r1 test vectors */ 1203 1204 static int eckcdsa_nn_random_iso14888_3_secp224r1_test_vector(nn_t out, 1205 nn_src_t q) 1206 { 1207 int ret, cmp; 1208 1209 const u8 k_buf[] = { 1210 0x76, 0xA0, 0xAF, 0xC1, 0x86, 0x46, 0xD1, 0xB6, 1211 0x20, 0xA0, 0x79, 0xFB, 0x22, 0x38, 0x65, 0xA7, 1212 0xBC, 0xB4, 0x47, 0xF3, 0xC0, 0x3A, 0x35, 0xD8, 1213 0x78, 0xEA, 0x4C, 0xDA 1214 }; 1215 1216 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1217 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1218 1219 ret = (cmp >= 0) ? -1 : 0; 1220 1221 err: 1222 return ret; 1223 } 1224 1225 static const u8 eckcdsa_secp224r1_test_vectors_priv_key[] = { 1226 0x56, 0x2A, 0x6F, 0x64, 0xE1, 0x62, 0xFF, 0xCB, 1227 0x51, 0xCD, 0x47, 0x07, 0x77, 0x4A, 0xE3, 0x66, 1228 0x81, 0xB6, 0xCE, 0xF2, 0x05, 0xFE, 0x5D, 0x43, 1229 0x91, 0x29, 0x56, 0xA2 1230 }; 1231 1232 static const u8 eckcdsa_secp224r1_test_vectors_expected_sig[] = { 1233 0xEE, 0xA5, 0x8C, 0x91, 0xE0, 0xCD, 0xCE, 0xB5, 1234 0x79, 0x9B, 0x00, 0xD2, 0x41, 0x2D, 0x92, 0x8F, 1235 0xDD, 0x23, 0x12, 0x2A, 0x1C, 0x2B, 0xDF, 0x43, 1236 0xC2, 0xF8, 0xDA, 0xFA, 0xAE, 0xBA, 0xB5, 0x3C, 1237 0x7A, 0x44, 0xA8, 0xB2, 0x2F, 0x35, 0xFD, 0xB9, 1238 0xDE, 0x26, 0x5F, 0x23, 0xB8, 0x9F, 0x65, 0xA6, 1239 0x9A, 0x8B, 0x7B, 0xD4, 0x06, 0x19, 0x11, 0xA6 1240 }; 1241 1242 static const ec_test_case eckcdsa_secp224r1_test_case = { 1243 .name = "ECKCDSA-SHA224/secp224r1", 1244 .ec_str_p = &secp224r1_str_params, 1245 .priv_key = eckcdsa_secp224r1_test_vectors_priv_key, 1246 .priv_key_len = sizeof(eckcdsa_secp224r1_test_vectors_priv_key), 1247 .nn_random = eckcdsa_nn_random_iso14888_3_secp224r1_test_vector, 1248 .hash_type = SHA224, 1249 .msg = "This is a sample message for EC-KCDSA implementation validation.", 1250 .msglen = 64, 1251 .sig_type = ECKCDSA, 1252 .exp_sig = eckcdsa_secp224r1_test_vectors_expected_sig, 1253 .exp_siglen = sizeof(eckcdsa_secp224r1_test_vectors_expected_sig), 1254 .adata = NULL, 1255 .adata_len = 0 1256 }; 1257 #endif /* WITH_CURVE_SECP224R1 */ 1258 #endif /* WITH_HASH_SHA224 */ 1259 1260 #ifdef WITH_HASH_SHA256 1261 #ifdef WITH_CURVE_SECP224R1 1262 #define ECKCDSA_SHA256_SECP224R1_SELF_TEST 1263 1264 /* ECKCDSA secp224r1 w/ SHA-256 test vectors (specific for truncation test) */ 1265 1266 static int eckcdsa_nn_random_iso14888_3_secp224r1_sha256_test_vector(nn_t out, 1267 nn_src_t q) 1268 { 1269 int ret, cmp; 1270 1271 const u8 k_buf[] = { 1272 0xEE, 0xC7, 0x9D, 0x8D, 0x46, 0x48, 0xDF, 0x3A, 1273 0x83, 0x2A, 0x66, 0xE3, 0x77, 0x55, 0x37, 0xE0, 1274 0x00, 0xCC, 0x9B, 0x95, 0x7E, 0x13, 0x19, 0xC5, 1275 0xDB, 0x9D, 0xD4, 0xF7 1276 }; 1277 1278 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1279 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1280 1281 ret = (cmp >= 0) ? -1 : 0; 1282 1283 err: 1284 return ret; 1285 } 1286 1287 static const u8 eckcdsa_secp224r1_sha256_test_vectors_priv_key[] = { 1288 0x61, 0x58, 0x58, 0x27, 0x44, 0x9D, 0xBC, 0x0E, 1289 0xC1, 0x61, 0xB2, 0xCF, 0x85, 0x75, 0xC9, 0xDF, 1290 0x14, 0x9F, 0x41, 0xDD, 0x02, 0x89, 0xBE, 0x4F, 1291 0xF1, 0x10, 0x77, 0x3D 1292 }; 1293 1294 static const u8 eckcdsa_secp224r1_sha256_test_vectors_expected_sig[] = { 1295 0x64, 0xB4, 0x9E, 0x97, 0x7E, 0x65, 0x34, 0xF8, 1296 0x77, 0xCB, 0x68, 0xA3, 0x80, 0x6F, 0x6A, 0x98, 1297 0x93, 0x11, 0xCE, 0xAA, 0x8A, 0x64, 0xA0, 0x55, 1298 0x80, 0x77, 0xC0, 0x4B, 1299 1300 0xAF, 0xF2, 0x3D, 0x40, 0xB1, 0x77, 0x95, 0x11, 1301 0x51, 0xBE, 0x32, 0xF6, 0x56, 0x1B, 0x1B, 0x73, 1302 0x9E, 0x3E, 0x8F, 0x82, 0x2C, 0xC5, 0x2D, 0x4C, 1303 0xB3, 0x90, 0x9A, 0x93 1304 }; 1305 1306 static const ec_test_case eckcdsa_secp224r1_sha256_test_case = { 1307 .name = "ECKCDSA-SHA256/secp224r1", 1308 .ec_str_p = &secp224r1_str_params, 1309 .priv_key = eckcdsa_secp224r1_sha256_test_vectors_priv_key, 1310 .priv_key_len = sizeof(eckcdsa_secp224r1_sha256_test_vectors_priv_key), 1311 .nn_random = eckcdsa_nn_random_iso14888_3_secp224r1_sha256_test_vector, 1312 .hash_type = SHA256, 1313 .msg = "This is a sample message for EC-KCDSA implementation validation.", 1314 .msglen = 64, 1315 .sig_type = ECKCDSA, 1316 .exp_sig = eckcdsa_secp224r1_sha256_test_vectors_expected_sig, 1317 .exp_siglen = 1318 sizeof(eckcdsa_secp224r1_sha256_test_vectors_expected_sig), 1319 .adata = NULL, 1320 .adata_len = 0 1321 }; 1322 #endif /* WITH_CURVE_SECP224R1 */ 1323 #endif /* WITH_HASH_SHA256 */ 1324 1325 #ifdef WITH_HASH_SHA256 1326 #ifdef WITH_CURVE_SECP256R1 1327 #define ECKCDSA_SHA256_SECP256R1_SELF_TEST 1328 1329 /* ECKCDSA secp256r1 test vectors */ 1330 1331 static int eckcdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out, 1332 nn_src_t q) 1333 { 1334 int ret, cmp; 1335 1336 const u8 k_buf[] = { 1337 0x71, 0xB8, 0x8F, 0x39, 0x89, 0x16, 0xDA, 0x9C, 1338 0x90, 0xF5, 0x55, 0xF1, 0xB5, 0x73, 0x2B, 0x7D, 1339 0xC6, 0x36, 0xB4, 0x9C, 0x63, 0x81, 0x50, 0xBA, 1340 0xC1, 0x1B, 0xF0, 0x5C, 0xFE, 0x16, 0x59, 0x6A 1341 }; 1342 1343 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1344 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1345 1346 ret = (cmp >= 0) ? -1 : 0; 1347 1348 err: 1349 return ret; 1350 } 1351 1352 static const u8 eckcdsa_secp256r1_test_vectors_priv_key[] = { 1353 0x90, 0x51, 0xA2, 0x75, 0xAA, 0x4D, 0x98, 0x43, 1354 0x9E, 0xDD, 0xED, 0x13, 0xFA, 0x1C, 0x6C, 0xBB, 1355 0xCC, 0xE7, 0x75, 0xD8, 0xCC, 0x94, 0x33, 0xDE, 1356 0xE6, 0x9C, 0x59, 0x84, 0x8B, 0x35, 0x94, 0xDF 1357 }; 1358 1359 static const u8 eckcdsa_secp256r1_test_vectors_expected_sig[] = { 1360 0x0e, 0xdd, 0xf6, 0x80, 0x60, 0x12, 0x66, 0xee, 1361 0x1d, 0xa8, 0x3e, 0x55, 0xa6, 0xd9, 0x44, 0x5f, 1362 0xc7, 0x81, 0xda, 0xeb, 0x14, 0xc7, 0x65, 0xe7, 1363 0xe5, 0xd0, 0xcd, 0xba, 0xf1, 0xf1, 0x4a, 0x68, 1364 0x9b, 0x33, 0x34, 0x57, 0x66, 0x1c, 0x7c, 0xf7, 1365 0x41, 0xbd, 0xdb, 0xc0, 0x83, 0x55, 0x53, 0xdf, 1366 0xbb, 0x37, 0xee, 0x74, 0xf5, 0x3d, 0xb6, 0x99, 1367 0xe0, 0xa1, 0x77, 0x80, 0xc7, 0xb6, 0xf1, 0xd0 1368 }; 1369 1370 static const ec_test_case eckcdsa_secp256r1_test_case = { 1371 .name = "ECKCDSA-SHA256/secp256r1", 1372 .ec_str_p = &secp256r1_str_params, 1373 .priv_key = eckcdsa_secp256r1_test_vectors_priv_key, 1374 .priv_key_len = sizeof(eckcdsa_secp256r1_test_vectors_priv_key), 1375 .nn_random = eckcdsa_nn_random_iso14888_3_secp256r1_test_vector, 1376 .hash_type = SHA256, 1377 .msg = "This is a sample message for EC-KCDSA implementation validation.", 1378 .msglen = 64, 1379 .sig_type = ECKCDSA, 1380 .exp_sig = eckcdsa_secp256r1_test_vectors_expected_sig, 1381 .exp_siglen = sizeof(eckcdsa_secp256r1_test_vectors_expected_sig), 1382 .adata = NULL, 1383 .adata_len = 0 1384 }; 1385 #endif /* WITH_CURVE_SECP256R1 */ 1386 #endif /* WITH_HASH_SHA256 */ 1387 1388 #ifdef WITH_HASH_SHA384 1389 #ifdef WITH_CURVE_SECP384R1 1390 #define ECKCDSA_SHA384_SECP384R1_SELF_TEST 1391 1392 /* ECKCDSA secp384r1 test vectors */ 1393 1394 static int eckcdsa_nn_random_secp384r1_test_vector(nn_t out, nn_src_t q) 1395 { 1396 int ret, cmp; 1397 1398 const u8 k_buf[] = { 1399 0x08, 0x16, 0x2e, 0xf8, 0x24, 0xd2, 0xd5, 0x11, 1400 0x4e, 0x08, 0x61, 0xf3, 0x93, 0xb4, 0x6f, 0xb6, 1401 0x02, 0xa4, 0x95, 0xa2, 0xca, 0x17, 0x7f, 0x47, 1402 0xda, 0x4e, 0x6f, 0x2d, 0x23, 0xa1, 0x85, 0xc5, 1403 0xb8, 0x8f, 0x1b, 0x7e, 0x2c, 0xba, 0x8d, 0x77, 1404 0x37, 0x16, 0x09, 0x3a, 0xf5, 0x97, 0x9a, 0x7e 1405 }; 1406 1407 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1408 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1409 1410 ret = (cmp >= 0) ? -1 : 0; 1411 1412 err: 1413 return ret; 1414 } 1415 1416 static const u8 eckcdsa_secp384r1_test_vectors_priv_key[] = { 1417 0x4f, 0xdb, 0xf2, 0xe7, 0x4e, 0x56, 0x81, 0x4e, 1418 0x4c, 0x2f, 0x40, 0x87, 0x90, 0x9c, 0xe9, 0xc4, 1419 0x73, 0x1b, 0xff, 0x06, 0x1a, 0x78, 0x82, 0x73, 1420 0x84, 0x1b, 0xf5, 0x68, 0xce, 0x63, 0x21, 0x3e, 1421 0x47, 0x04, 0x04, 0xea, 0x3e, 0xb6, 0x78, 0xc5, 1422 0x00, 0xba, 0x37, 0x92, 0xf2, 0x4a, 0x7a, 0x51 1423 }; 1424 1425 static const u8 eckcdsa_secp384r1_test_vectors_expected_sig[] = { 1426 1427 0xd0, 0x37, 0x26, 0x47, 0x44, 0xe3, 0x8a, 0x38, 1428 0xca, 0xcc, 0xdc, 0x8f, 0xcb, 0x08, 0xd8, 0xcb, 1429 0x52, 0x18, 0x7d, 0x38, 0x3c, 0xc0, 0xb6, 0x29, 1430 0xf6, 0x27, 0x71, 0xd9, 0x3f, 0x5a, 0xfc, 0xd3, 1431 0xc1, 0x44, 0xc1, 0x53, 0xef, 0x06, 0xd9, 0x9a, 1432 0xc9, 0x20, 0x58, 0x81, 0xde, 0x03, 0xd1, 0x71, 1433 0xf1, 0xff, 0xc1, 0x43, 0xb9, 0x4e, 0x44, 0xdc, 1434 0xec, 0xd1, 0x61, 0xfd, 0xc5, 0x27, 0x0a, 0x32, 1435 0x71, 0x3e, 0x59, 0x38, 0xfb, 0x35, 0x60, 0x0e, 1436 0xdd, 0xd0, 0x0c, 0x63, 0x89, 0xfb, 0x33, 0xb0, 1437 0x3e, 0x77, 0xd2, 0xf7, 0x69, 0x4a, 0x04, 0x08, 1438 0x5a, 0xf9, 0x85, 0x31, 0xdf, 0xe6, 0xf1, 0x73 1439 }; 1440 1441 static const ec_test_case eckcdsa_secp384r1_test_case = { 1442 .name = "ECKCDSA-SHA384/secp384r1", 1443 .ec_str_p = &secp384r1_str_params, 1444 .priv_key = eckcdsa_secp384r1_test_vectors_priv_key, 1445 .priv_key_len = sizeof(eckcdsa_secp384r1_test_vectors_priv_key), 1446 .nn_random = eckcdsa_nn_random_secp384r1_test_vector, 1447 .hash_type = SHA384, 1448 .msg = "This is a sample message for EC-KCDSA implementation validation.", 1449 .msglen = 64, 1450 .sig_type = ECKCDSA, 1451 .exp_sig = eckcdsa_secp384r1_test_vectors_expected_sig, 1452 .exp_siglen = sizeof(eckcdsa_secp384r1_test_vectors_expected_sig), 1453 .adata = NULL, 1454 .adata_len = 0 1455 }; 1456 #endif /* WITH_CURVE_SECP384R1 */ 1457 #endif /* WITH_HASH_SHA384 */ 1458 1459 #ifdef WITH_HASH_SHA512 1460 #ifdef WITH_CURVE_SECP256R1 1461 #define ECKCDSA_SHA512_SECP256R1_SELF_TEST 1462 1463 /* 1464 * ECKCDSA secp256r1 test vector using SHA512. This test vector is intended 1465 * to test truncation (left shift) steps in signature and verification 1466 * code when the output size of the hash function is larger than the 1467 * bit size of q (order of the group generated by the base point). 1468 */ 1469 1470 static int eckcdsa_nn_random_secp256r1_sha512_test_vector(nn_t out, nn_src_t q) 1471 { 1472 int ret, cmp; 1473 1474 const u8 k_buf[] = { 1475 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9, 1476 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7, 1477 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15, 1478 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE 1479 }; 1480 1481 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1482 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1483 1484 ret = (cmp >= 0) ? -1 : 0; 1485 1486 err: 1487 return ret; 1488 } 1489 1490 static const u8 eckcdsa_secp256r1_sha512_test_vectors_priv_key[] = { 1491 0xDC, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD, 1492 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D, 1493 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75, 1494 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F 1495 }; 1496 1497 static const u8 eckcdsa_secp256r1_sha512_test_vectors_expected_sig[] = { 1498 0x70, 0x02, 0x1d, 0x6d, 0x5a, 0x5e, 0x99, 0x59, 1499 0x43, 0x18, 0xa3, 0xba, 0x8d, 0x27, 0xa5, 0x39, 1500 0xa5, 0x73, 0x76, 0x80, 0x73, 0xc8, 0x4d, 0xa0, 1501 0xdb, 0xcc, 0xf9, 0x24, 0x9a, 0xfe, 0x78, 0x54, 1502 1503 0xb6, 0x97, 0x28, 0xe1, 0x7b, 0x9e, 0x85, 0xb0, 1504 0x30, 0x05, 0x8f, 0x28, 0x54, 0xbf, 0x34, 0xd1, 1505 0xdd, 0x1d, 0xf6, 0x7a, 0x02, 0x64, 0x23, 0x76, 1506 0x9e, 0xb4, 0xfd, 0x0f, 0x4c, 0x2e, 0x15, 0x6b 1507 }; 1508 1509 static const ec_test_case eckcdsa_secp256r1_sha512_test_case = { 1510 .name = "ECKCDSA-SHA512/secp256r1", 1511 .ec_str_p = &secp256r1_str_params, 1512 .priv_key = eckcdsa_secp256r1_sha512_test_vectors_priv_key, 1513 .priv_key_len = sizeof(eckcdsa_secp256r1_sha512_test_vectors_priv_key), 1514 .nn_random = eckcdsa_nn_random_secp256r1_sha512_test_vector, 1515 .hash_type = SHA512, 1516 .msg = "abc", 1517 .msglen = 3, 1518 .sig_type = ECKCDSA, 1519 .exp_sig = eckcdsa_secp256r1_sha512_test_vectors_expected_sig, 1520 .exp_siglen = 1521 sizeof(eckcdsa_secp256r1_sha512_test_vectors_expected_sig), 1522 .adata = NULL, 1523 .adata_len = 0 1524 }; 1525 #endif /* WITH_CURVE_SECP256R1 */ 1526 #endif /* WITH_HASH_SHA512 */ 1527 1528 #ifdef WITH_HASH_SHA512 1529 #ifdef WITH_CURVE_SECP521R1 1530 #define ECKCDSA_SHA512_SECP521R1_SELF_TEST 1531 1532 /* ECKCDSA secp521r1 test vectors */ 1533 1534 static int eckcdsa_nn_random_secp521r1_test_vector(nn_t out, nn_src_t q) 1535 { 1536 int ret, cmp; 1537 1538 const u8 k_buf[] = { 1539 0x01, 0xb6, 0xfa, 0xf4, 0x5f, 0xb8, 0x6f, 0x57, 1540 0x9c, 0x4b, 0x54, 0xae, 0xc7, 0xa7, 0xf2, 0x95, 1541 0x6e, 0x4d, 0x93, 0x94, 0xb3, 0x62, 0x82, 0x0a, 1542 0xa5, 0x3f, 0x1b, 0x6c, 0x07, 0x3b, 0xbe, 0xc0, 1543 0x24, 0x33, 0x14, 0xdb, 0x11, 0xb6, 0x20, 0x21, 1544 0x35, 0x50, 0x20, 0xe8, 0x05, 0xad, 0x8e, 0x6d, 1545 0x0e, 0xa2, 0x7c, 0x04, 0x35, 0x9a, 0xd3, 0xf8, 1546 0x44, 0xd6, 0x5b, 0xbb, 0x73, 0xb7, 0x91, 0xd5, 1547 0x9a, 0x1c 1548 }; 1549 1550 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1551 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1552 1553 ret = (cmp >= 0) ? -1 : 0; 1554 1555 err: 1556 return ret; 1557 } 1558 1559 static const u8 eckcdsa_secp521r1_test_vectors_priv_key[] = { 1560 0x01, 0x65, 0xe1, 0xf1, 0xf2, 0xe7, 0xae, 0x6b, 1561 0x50, 0x2a, 0x19, 0x4e, 0xf0, 0x3a, 0xd0, 0x50, 1562 0xe3, 0xa5, 0xae, 0x31, 0xfc, 0xb4, 0xf7, 0x0d, 1563 0x58, 0xf5, 0xc6, 0xdf, 0x28, 0x66, 0x71, 0x7f, 1564 0x44, 0x09, 0xe7, 0x78, 0x02, 0x4d, 0xe5, 0x2b, 1565 0xef, 0xc9, 0x6d, 0xb9, 0xfb, 0xba, 0x21, 0x30, 1566 0x6d, 0x12, 0x5a, 0x27, 0xcf, 0xcd, 0xce, 0x91, 1567 0x00, 0x09, 0x79, 0x63, 0xbf, 0x0c, 0x40, 0xe6, 1568 0x96, 0xdc 1569 }; 1570 1571 static const u8 eckcdsa_secp521r1_test_vectors_expected_sig[] = { 1572 0x90, 0x52, 0xbb, 0xc4, 0xdf, 0xe8, 0x80, 0xfb, 1573 0x25, 0xcb, 0xa7, 0xa7, 0x47, 0xa0, 0xd0, 0xe9, 1574 0x0e, 0x10, 0x63, 0x5b, 0xe1, 0xc2, 0x03, 0xc0, 1575 0x5e, 0x6d, 0x1c, 0x7d, 0x3d, 0x07, 0x1c, 0xe0, 1576 0x5a, 0xd7, 0xd5, 0x1c, 0x38, 0xe6, 0xa5, 0x7a, 1577 0x85, 0x58, 0x01, 0x79, 0xb0, 0x32, 0x2e, 0x66, 1578 0xdc, 0x95, 0x7f, 0xe6, 0xd3, 0xf3, 0xa3, 0x0a, 1579 0x05, 0x37, 0xfb, 0xf0, 0xd1, 0x24, 0xb4, 0x49, 1580 0x01, 0x36, 0x43, 0x43, 0xdf, 0xd8, 0x52, 0x64, 1581 0x15, 0xe0, 0x25, 0x79, 0xd5, 0xe1, 0x11, 0xee, 1582 0x5a, 0x8e, 0x50, 0xf3, 0x41, 0x90, 0x3d, 0x5f, 1583 0x28, 0xa0, 0x78, 0xac, 0x17, 0x82, 0xfe, 0x7d, 1584 0xbf, 0xf7, 0xd8, 0xcc, 0x3f, 0x51, 0x17, 0x76, 1585 0x59, 0x37, 0xd4, 0x92, 0xc3, 0x6a, 0x00, 0xb3, 1586 0x0b, 0x70, 0xb1, 0xdb, 0xd3, 0x95, 0x34, 0x02, 1587 0x2a, 0xa6, 0x50, 0x7a, 0xfd, 0xe6, 0x15, 0xbe, 1588 0xec, 0xba 1589 }; 1590 1591 static const ec_test_case eckcdsa_secp521r1_test_case = { 1592 .name = "ECKCDSA-SHA512/secp521r1", 1593 .ec_str_p = &secp521r1_str_params, 1594 .priv_key = eckcdsa_secp521r1_test_vectors_priv_key, 1595 .priv_key_len = sizeof(eckcdsa_secp521r1_test_vectors_priv_key), 1596 .nn_random = eckcdsa_nn_random_secp521r1_test_vector, 1597 .hash_type = SHA512, 1598 .msg = "This is a sample message for EC-KCDSA implementation validation.", 1599 .msglen = 64, 1600 .sig_type = ECKCDSA, 1601 .exp_sig = eckcdsa_secp521r1_test_vectors_expected_sig, 1602 .exp_siglen = sizeof(eckcdsa_secp521r1_test_vectors_expected_sig), 1603 .adata = NULL, 1604 .adata_len = 0 1605 }; 1606 #endif /* WITH_CURVE_SECP521R1 */ 1607 #endif /* WITH_HASH_SHA512 */ 1608 1609 #ifdef WITH_HASH_SHA256 1610 #ifdef WITH_CURVE_BRAINPOOLP256R1 1611 #define ECKCDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 1612 1613 /* ECKCDSA brainpoolp256r1 test vectors */ 1614 1615 static int eckcdsa_nn_random_brainpoolp256r1_test_vector(nn_t out, nn_src_t q) 1616 { 1617 int ret, cmp; 1618 1619 const u8 k_buf[] = { 1620 0x09, 0x8a, 0x5b, 0x7c, 0xfa, 0x31, 0x7b, 0x79, 1621 0x6a, 0xf4, 0x46, 0xc4, 0x0e, 0x3e, 0xb5, 0x28, 1622 0x79, 0x03, 0x42, 0x2c, 0x56, 0x62, 0x49, 0x78, 1623 0xd9, 0x02, 0xc5, 0x9b, 0x7a, 0x92, 0xfe, 0x9b 1624 }; 1625 1626 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1627 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1628 1629 ret = (cmp >= 0) ? -1 : 0; 1630 1631 err: 1632 return ret; 1633 } 1634 1635 static const u8 eckcdsa_brainpoolp256r1_test_vectors_priv_key[] = { 1636 0xa1, 0x45, 0x67, 0x88, 0x20, 0x4e, 0x69, 0xba, 1637 0xf3, 0x84, 0x88, 0xca, 0xe7, 0x77, 0x63, 0xca, 1638 0xde, 0xe5, 0xd0, 0xd9, 0x1a, 0xa0, 0xe5, 0xe6, 1639 0x0d, 0x19, 0xb0, 0x0d, 0x3a, 0x67, 0xed, 0x48 1640 }; 1641 1642 static const u8 eckcdsa_brainpoolp256r1_test_vectors_expected_sig[] = { 1643 0xec, 0xc8, 0x2e, 0x85, 0x66, 0x90, 0x05, 0xaf, 1644 0x07, 0x7c, 0x67, 0xde, 0xba, 0xea, 0x8e, 0xbb, 1645 0x33, 0x26, 0x14, 0xe6, 0x61, 0xef, 0xc7, 0xff, 1646 0xd1, 0xf4, 0x52, 0xe1, 0xc4, 0x42, 0x23, 0xcd, 1647 1648 0x2f, 0x53, 0xb0, 0x9d, 0xdf, 0x97, 0xa8, 0x22, 1649 0x42, 0x55, 0x29, 0x65, 0xe1, 0xa2, 0x09, 0x27, 1650 0x8b, 0xe1, 0x4d, 0xde, 0x16, 0xfd, 0x54, 0xbc, 1651 0x16, 0xf1, 0xf0, 0x9d, 0x28, 0xe7, 0xfd, 0x11, 1652 }; 1653 1654 static const ec_test_case eckcdsa_brainpoolp256r1_test_case = { 1655 .name = "ECKCDSA-SHA256/brainpoolp256r1", 1656 .ec_str_p = &brainpoolp256r1_str_params, 1657 .priv_key = eckcdsa_brainpoolp256r1_test_vectors_priv_key, 1658 .priv_key_len = sizeof(eckcdsa_brainpoolp256r1_test_vectors_priv_key), 1659 .nn_random = eckcdsa_nn_random_brainpoolp256r1_test_vector, 1660 .hash_type = SHA256, 1661 .msg = "brainpoolP256r1", 1662 .msglen = 15, 1663 .sig_type = ECKCDSA, 1664 .exp_sig = eckcdsa_brainpoolp256r1_test_vectors_expected_sig, 1665 .exp_siglen = sizeof(eckcdsa_brainpoolp256r1_test_vectors_expected_sig), 1666 .adata = NULL, 1667 .adata_len = 0 1668 }; 1669 #endif /* WITH_CURVE_BRAINPOOLP256R1 */ 1670 #endif /* WITH_HASH_SHA256 */ 1671 1672 #ifdef WITH_HASH_SHA384 1673 #ifdef WITH_CURVE_BRAINPOOLP384R1 1674 #define ECKCDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 1675 1676 /* ECKCDSA brainpoolp384r1 test vectors */ 1677 1678 static int eckcdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q) 1679 { 1680 int ret, cmp; 1681 1682 const u8 k_buf[] = { 1683 0x07, 0x0f, 0x21, 0xec, 0xa6, 0xef, 0x53, 0xd8, 1684 0x81, 0x75, 0x33, 0xe8, 0x9c, 0xb6, 0xb7, 0x4f, 1685 0xb8, 0x2f, 0x4c, 0x23, 0x00, 0x80, 0x8c, 0xab, 1686 0x19, 0x9e, 0x6f, 0xfe, 0x96, 0xe6, 0x1d, 0x29, 1687 0x22, 0x7d, 0x76, 0x43, 0x3c, 0x34, 0x33, 0xc3, 1688 0x4d, 0x18, 0x5a, 0x8f, 0x01, 0x21, 0x38, 0x5b 1689 }; 1690 1691 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1692 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1693 1694 ret = (cmp >= 0) ? -1 : 0; 1695 1696 err: 1697 return ret; 1698 } 1699 1700 static const u8 eckcdsa_brainpoolp384r1_test_vectors_priv_key[] = { 1701 0x21, 0x24, 0x1d, 0x99, 0x52, 0xcb, 0x23, 0x67, 1702 0x21, 0xcd, 0x02, 0xd4, 0xd5, 0xe0, 0xfd, 0xbe, 1703 0x22, 0xd7, 0xab, 0x69, 0xaf, 0xc1, 0x22, 0x12, 1704 0x16, 0xc6, 0x09, 0x96, 0x05, 0x14, 0xec, 0x3b, 1705 0xe6, 0x5f, 0x52, 0x73, 0xdd, 0x06, 0x9f, 0xdf, 1706 0x63, 0x7e, 0xd9, 0x5c, 0x6c, 0xe5, 0x4f, 0x08 1707 }; 1708 1709 static const u8 eckcdsa_brainpoolp384r1_test_vectors_expected_sig[] = { 1710 0xe4, 0x9a, 0x76, 0x4e, 0xeb, 0x13, 0x1e, 0xa1, 1711 0xba, 0x0c, 0xef, 0xa5, 0xd6, 0x79, 0xa1, 0xf9, 1712 0x63, 0x5b, 0x93, 0x41, 0xa6, 0xb1, 0x3c, 0x40, 1713 0xbb, 0xd5, 0x5c, 0x38, 0x20, 0xe5, 0x09, 0xfa, 1714 0x15, 0x8c, 0x5a, 0x1a, 0xf1, 0xb9, 0x29, 0x26, 1715 0x8b, 0xe1, 0x06, 0xbe, 0xb2, 0x08, 0xc4, 0xc9, 1716 1717 0x3b, 0xa4, 0x36, 0xa6, 0x8e, 0x1e, 0xe9, 0x25, 1718 0x97, 0xdd, 0x12, 0x5e, 0x6e, 0xfb, 0xe5, 0x28, 1719 0x18, 0x47, 0x41, 0x75, 0xdb, 0x2f, 0x47, 0xa5, 1720 0xd0, 0xd0, 0x2b, 0xd7, 0xc0, 0x81, 0x43, 0xf1, 1721 0xc3, 0xe9, 0xbf, 0x2f, 0xf1, 0x4c, 0x18, 0x46, 1722 0xff, 0xbc, 0xdf, 0x39, 0x93, 0x88, 0x59, 0x6b 1723 }; 1724 1725 static const ec_test_case eckcdsa_brainpoolp384r1_test_case = { 1726 .name = "ECKCDSA-SHA384/brainpoolp384r1", 1727 .ec_str_p = &brainpoolp384r1_str_params, 1728 .priv_key = eckcdsa_brainpoolp384r1_test_vectors_priv_key, 1729 .priv_key_len = sizeof(eckcdsa_brainpoolp384r1_test_vectors_priv_key), 1730 .nn_random = eckcdsa_nn_random_brainpoolp384r1_test_vector, 1731 .hash_type = SHA384, 1732 .msg = "brainpoolP384r1", 1733 .msglen = 15, 1734 .sig_type = ECKCDSA, 1735 .exp_sig = eckcdsa_brainpoolp384r1_test_vectors_expected_sig, 1736 .exp_siglen = sizeof(eckcdsa_brainpoolp384r1_test_vectors_expected_sig), 1737 .adata = NULL, 1738 .adata_len = 0 1739 }; 1740 #endif /* WITH_CURVE_BRAINPOOLP384R1 */ 1741 #endif /* WITH_HASH_SHA384 */ 1742 1743 #ifdef WITH_HASH_SHA512 1744 #ifdef WITH_CURVE_BRAINPOOLP512R1 1745 #define ECKCDSA_SHA512_BRAINPOOLP512R1_SELF_TEST 1746 1747 /* ECKCDSA brainpoolp512r1 test vectors */ 1748 1749 static int eckcdsa_nn_random_brainpoolp512r1_test_vector(nn_t out, nn_src_t q) 1750 { 1751 int ret, cmp; 1752 1753 const u8 k_buf[] = { 1754 0x46, 0x3d, 0x92, 0x92, 0x3f, 0xe3, 0x37, 0xd8, 1755 0xe5, 0xfc, 0x5a, 0xbe, 0x76, 0xf6, 0x3d, 0x9e, 1756 0xec, 0x9a, 0xaf, 0x57, 0x48, 0x7d, 0xef, 0xe1, 1757 0xfa, 0xe1, 0x76, 0x5d, 0x7e, 0xf7, 0x2f, 0x5d, 1758 0x10, 0x64, 0xe1, 0xbe, 0x65, 0x68, 0x5c, 0x08, 1759 0x40, 0x59, 0x7e, 0x98, 0x79, 0x75, 0x1b, 0xda, 1760 0xc8, 0x42, 0xcf, 0xbb, 0xb0, 0x8e, 0x5c, 0x42, 1761 0x8d, 0x1c, 0xa6, 0xe7, 0x63, 0x4b, 0x37, 0xea 1762 }; 1763 1764 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1765 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1766 1767 ret = (cmp >= 0) ? -1 : 0; 1768 1769 err: 1770 return ret; 1771 } 1772 1773 static const u8 eckcdsa_brainpoolp512r1_test_vectors_priv_key[] = { 1774 0xa9, 0xeb, 0x22, 0xd4, 0x1a, 0x8a, 0xa1, 0x0d, 1775 0xdf, 0xec, 0xd3, 0x1f, 0x93, 0xc8, 0xaf, 0x9a, 1776 0x38, 0x7f, 0xf5, 0x29, 0xb9, 0x81, 0xeb, 0x8e, 1777 0x3a, 0x73, 0xbe, 0x90, 0x70, 0x51, 0x99, 0x50, 1778 0xc2, 0x8d, 0x81, 0xce, 0x31, 0x84, 0x79, 0x67, 1779 0x18, 0xbf, 0xe4, 0x39, 0x17, 0x8c, 0x38, 0xe9, 1780 0xa8, 0x10, 0x99, 0xf7, 0xd2, 0x60, 0x7c, 0xbf, 1781 0x53, 0xa7, 0x12, 0xc8, 0xb8, 0xb3, 0x35, 0xcb 1782 }; 1783 1784 static const u8 eckcdsa_brainpoolp512r1_test_vectors_expected_sig[] = { 1785 0xc0, 0x0d, 0x74, 0xbe, 0x19, 0x03, 0x45, 0xe3, 1786 0xd9, 0x73, 0x90, 0xfc, 0xcf, 0xa1, 0x27, 0x1d, 1787 0x5e, 0x8d, 0x8f, 0xfb, 0x15, 0x31, 0x49, 0xf6, 1788 0xa7, 0xc5, 0x69, 0xa8, 0x78, 0x63, 0x7b, 0xf5, 1789 0xcd, 0x02, 0x78, 0xf9, 0x2b, 0xce, 0x8c, 0x64, 1790 0x4c, 0xd3, 0xd4, 0x25, 0xc9, 0x50, 0x14, 0x34, 1791 0xfe, 0xdb, 0x1e, 0xc8, 0xf6, 0x55, 0x60, 0x79, 1792 0xce, 0x51, 0xf8, 0xa4, 0xcc, 0x2e, 0xa9, 0xe3, 1793 1794 0x45, 0xd8, 0xcf, 0x97, 0x8c, 0x15, 0x58, 0xbd, 1795 0x11, 0xba, 0xbe, 0x41, 0x97, 0xe1, 0x06, 0x19, 1796 0x0d, 0x60, 0x58, 0x53, 0x5e, 0xbd, 0xf4, 0x00, 1797 0x06, 0xbd, 0xf2, 0x2b, 0x11, 0x2c, 0x87, 0x7e, 1798 0xe4, 0x4c, 0xa2, 0xdc, 0xf9, 0x0a, 0xfe, 0x21, 1799 0x04, 0xbd, 0xf6, 0xd8, 0xb9, 0x07, 0xaa, 0x4c, 1800 0x75, 0xbd, 0x2e, 0x55, 0x65, 0xa3, 0xca, 0x8f, 1801 0xae, 0xb1, 0x10, 0x7e, 0x85, 0x39, 0xe2, 0x1f 1802 }; 1803 1804 static const ec_test_case eckcdsa_brainpoolp512r1_test_case = { 1805 .name = "ECKCDSA-SHA512/brainpoolp512r1", 1806 .ec_str_p = &brainpoolp512r1_str_params, 1807 .priv_key = eckcdsa_brainpoolp512r1_test_vectors_priv_key, 1808 .priv_key_len = sizeof(eckcdsa_brainpoolp512r1_test_vectors_priv_key), 1809 .nn_random = eckcdsa_nn_random_brainpoolp512r1_test_vector, 1810 .hash_type = SHA512, 1811 .msg = "brainpoolP512r1", 1812 .msglen = 15, 1813 .sig_type = ECKCDSA, 1814 .exp_sig = eckcdsa_brainpoolp512r1_test_vectors_expected_sig, 1815 .exp_siglen = sizeof(eckcdsa_brainpoolp512r1_test_vectors_expected_sig), 1816 .adata = NULL, 1817 .adata_len = 0 1818 }; 1819 #endif /* WITH_CURVE_BRAINPOOLP512R1 */ 1820 #endif /* WITH_HASH_SHA512 */ 1821 1822 #ifdef WITH_HASH_SHA256 1823 #ifdef WITH_CURVE_FRP256V1 1824 #define ECKCDSA_SHA256_FRP256V1_SELF_TEST 1825 1826 /* ECKCDSA frp256v1 test vectors */ 1827 1828 static int eckcdsa_nn_random_frp256v1_test_vector(nn_t out, nn_src_t q) 1829 { 1830 int ret, cmp; 1831 1832 const u8 k_buf[] = { 1833 0x71, 0xB8, 0x8F, 0x39, 0x89, 0x16, 0xDA, 0x9C, 1834 0x90, 0xF5, 0x55, 0xF1, 0xB5, 0x73, 0x2B, 0x7D, 1835 0xC6, 0x36, 0xB4, 0x9C, 0x63, 0x81, 0x50, 0xBA, 1836 0xC1, 0x1B, 0xF0, 0x5C, 0xFE, 0x16, 0x59, 0x6A 1837 }; 1838 1839 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1840 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1841 1842 ret = (cmp >= 0) ? -1 : 0; 1843 1844 err: 1845 return ret; 1846 } 1847 1848 static const u8 eckcdsa_frp256v1_test_vectors_priv_key[] = { 1849 0x90, 0x51, 0xA2, 0x75, 0xAA, 0x4D, 0x98, 0x43, 1850 0x9E, 0xDD, 0xED, 0x13, 0xFA, 0x1C, 0x6C, 0xBB, 1851 0xCC, 0xE7, 0x75, 0xD8, 0xCC, 0x94, 0x33, 0xDE, 1852 0xE6, 0x9C, 0x59, 0x84, 0x8B, 0x35, 0x94, 0xDF 1853 }; 1854 1855 static const u8 eckcdsa_frp25v1_test_vectors_expected_sig[] = { 1856 0x37, 0x58, 0xd0, 0x27, 0x18, 0x11, 0x16, 0xe9, 1857 0x2b, 0xaf, 0x70, 0xbf, 0x16, 0x48, 0x64, 0x34, 1858 0x9e, 0x75, 0x60, 0x3e, 0x89, 0xa4, 0xc6, 0xc1, 1859 0xbd, 0xb8, 0x01, 0x52, 0x2d, 0xca, 0x20, 0x31, 1860 0x2d, 0x20, 0x6f, 0x3e, 0x70, 0x5e, 0x5e, 0xfc, 1861 0x32, 0xd4, 0x3c, 0xb0, 0xe1, 0xf7, 0xb2, 0xc7, 1862 0x0c, 0xc2, 0xb0, 0x26, 0x93, 0xcb, 0x69, 0xb7, 1863 0x29, 0xb7, 0x97, 0x5c, 0x67, 0xd6, 0xa3, 0xe6 1864 }; 1865 1866 static const ec_test_case eckcdsa_frp256v1_test_case = { 1867 .name = "ECKCDSA-SHA256/frp256v1", 1868 .ec_str_p = &frp256v1_str_params, 1869 .priv_key = eckcdsa_frp256v1_test_vectors_priv_key, 1870 .priv_key_len = sizeof(eckcdsa_frp256v1_test_vectors_priv_key), 1871 .nn_random = eckcdsa_nn_random_frp256v1_test_vector, 1872 .hash_type = SHA256, 1873 .msg = "abc", 1874 .msglen = 3, 1875 .sig_type = ECKCDSA, 1876 .exp_sig = eckcdsa_frp25v1_test_vectors_expected_sig, 1877 .exp_siglen = sizeof(eckcdsa_frp25v1_test_vectors_expected_sig), 1878 .adata = NULL, 1879 .adata_len = 0 1880 }; 1881 #endif /* WITH_CURVE_FRP256V1 */ 1882 #endif /* WITH_HASH_SHA256 */ 1883 #endif /* WITH_SIG_ECKCDSA */ 1884 1885 /******************************************************************* 1886 ************** ECSDSA tests *************************************** 1887 *******************************************************************/ 1888 1889 #ifdef WITH_SIG_ECSDSA 1890 #ifdef WITH_HASH_SHA224 1891 #ifdef WITH_CURVE_SECP224R1 1892 #define ECSDSA_SHA224_SECP224R1_SELF_TEST 1893 1894 /* ECSDSA secp224r1 test vectors */ 1895 1896 static int ecsdsa_nn_random_secp224r1_test_vector(nn_t out, nn_src_t q) 1897 { 1898 int ret, cmp; 1899 1900 const u8 k_buf[] = { 1901 0x89, 0x99, 0x80, 0x6e, 0x0f, 0x68, 0x10, 0x9d, 1902 0x31, 0x56, 0x1b, 0x41, 0xbf, 0x1a, 0x56, 0x6e, 1903 0xfb, 0x13, 0x2c, 0x3e, 0xd7, 0x1e, 0x29, 0x5e, 1904 0x5d, 0x9b, 0x2e, 0x68 1905 }; 1906 1907 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1908 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1909 1910 ret = (cmp >= 0) ? -1 : 0; 1911 1912 err: 1913 return ret; 1914 } 1915 1916 static const u8 ecsdsa_secp224r1_test_vectors_priv_key[] = { 1917 0xda, 0x71, 0x2d, 0x9b, 0x6f, 0xdb, 0xf7, 0x8f, 1918 0x92, 0x51, 0xcc, 0x3a, 0xe4, 0xc7, 0xce, 0xd3, 1919 0x87, 0x1a, 0x19, 0x9e, 0xf5, 0x91, 0xd1, 0x23, 1920 0xa9, 0x36, 0x44, 0x57 1921 }; 1922 1923 static const u8 ecsdsa_secp224r1_test_vectors_expected_sig[] = { 1924 0x41, 0x69, 0xd3, 0xec, 0x93, 0x7b, 0x15, 0xce, 1925 0x15, 0x34, 0x53, 0x8d, 0x37, 0xe8, 0xc5, 0x7e, 1926 0x12, 0x1f, 0xd5, 0x9f, 0x90, 0x1b, 0x5e, 0xf8, 1927 0xd0, 0x0d, 0x62, 0x04, 1928 0xf0, 0xfe, 0xbe, 0x28, 0x36, 0xb0, 0x87, 0xec, 1929 0x44, 0x98, 0x94, 0x7a, 0x6c, 0x4c, 0x8a, 0xea, 1930 0x5a, 0x5a, 0x19, 0x8a, 0xce, 0x95, 0x2f, 0x75, 1931 0x07, 0x37, 0x23, 0x1b 1932 }; 1933 1934 static const ec_test_case ecsdsa_secp224r1_test_case = { 1935 .name = "ECSDSA-SHA224/secp224r1", 1936 .ec_str_p = &secp224r1_str_params, 1937 .priv_key = ecsdsa_secp224r1_test_vectors_priv_key, 1938 .priv_key_len = sizeof(ecsdsa_secp224r1_test_vectors_priv_key), 1939 .nn_random = ecsdsa_nn_random_secp224r1_test_vector, 1940 .hash_type = SHA224, 1941 .msg = "abc", 1942 .msglen = 3, 1943 .sig_type = ECSDSA, 1944 .exp_sig = ecsdsa_secp224r1_test_vectors_expected_sig, 1945 .exp_siglen = sizeof(ecsdsa_secp224r1_test_vectors_expected_sig), 1946 .adata = NULL, 1947 .adata_len = 0 1948 }; 1949 #endif /* WITH_CURVE_SECP224R1 */ 1950 #endif /* WITH_HASH_SHA224 */ 1951 1952 #ifdef WITH_HASH_SHA256 1953 #ifdef WITH_CURVE_SECP256R1 1954 #define ECSDSA_SHA256_SECP256R1_SELF_TEST 1955 1956 /* ECSDSA secp256r1 test vectors */ 1957 1958 static int ecsdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out, 1959 nn_src_t q) 1960 { 1961 int ret, cmp; 1962 const u8 k_buf[] = { 1963 0xDE, 0x7E, 0x0E, 0x5E, 0x66, 0x3F, 0x24, 0x18, 1964 0x34, 0x14, 0xB7, 0xC7, 0x2F, 0x24, 0x54, 0x6B, 1965 0x81, 0xE9, 0xE5, 0xF4, 0x10, 0xBE, 0xBF, 0x26, 1966 0xF3, 0xCA, 0x5F, 0xA8, 0x2F, 0x51, 0x92, 0xC8 1967 }; 1968 1969 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 1970 ret = nn_cmp(out, q, &cmp); EG(ret, err); 1971 1972 ret = (cmp >= 0) ? -1 : 0; 1973 1974 err: 1975 return ret; 1976 } 1977 1978 static const u8 ecsdsa_secp256r1_test_vectors_priv_key[] = { 1979 0x52, 0x02, 0xA3, 0xD8, 0xAC, 0xAF, 0x69, 0x09, 1980 0xD1, 0x2C, 0x9A, 0x77, 0x4C, 0xD8, 0x86, 0xF9, 1981 0xFB, 0xA6, 0x11, 0x37, 0xFF, 0xD3, 0xE8, 0xE7, 1982 0x6A, 0xED, 0x36, 0x3F, 0xB4, 0x7A, 0xC4, 0x92 1983 }; 1984 1985 static const u8 ecsdsa_secp256r1_test_vectors_expected_sig[] = { 1986 0x5A, 0x79, 0xA0, 0xAA, 0x9B, 0x24, 0x1E, 0x38, 1987 0x1A, 0x59, 0x4B, 0x22, 0x05, 0x54, 0xD0, 0x96, 1988 0xA5, 0xF0, 0x9F, 0xA6, 0x28, 0xAD, 0x9A, 0x33, 1989 0xC3, 0xCE, 0x43, 0x93, 0xAD, 0xE1, 0xDE, 0xF7, 1990 0x5C, 0x0E, 0xB7, 0x8B, 0x67, 0xA5, 0x13, 0xC3, 1991 0xE5, 0x3B, 0x26, 0x19, 0xF9, 0x68, 0x55, 0xE2, 1992 0x91, 0xD5, 0x14, 0x1C, 0x7C, 0xD0, 0x91, 0x5E, 1993 0x1D, 0x04, 0xB3, 0x47, 0x45, 0x7C, 0x96, 0x01 1994 }; 1995 1996 static const ec_test_case ecsdsa_secp256r1_test_case = { 1997 .name = "ECSDSA-SHA256/secp256r1", 1998 .ec_str_p = &secp256r1_str_params, 1999 .priv_key = ecsdsa_secp256r1_test_vectors_priv_key, 2000 .priv_key_len = sizeof(ecsdsa_secp256r1_test_vectors_priv_key), 2001 .nn_random = ecsdsa_nn_random_iso14888_3_secp256r1_test_vector, 2002 .hash_type = SHA256, 2003 .msg = "abc", 2004 .msglen = 3, 2005 .sig_type = ECSDSA, 2006 .exp_sig = ecsdsa_secp256r1_test_vectors_expected_sig, 2007 .exp_siglen = sizeof(ecsdsa_secp256r1_test_vectors_expected_sig), 2008 .adata = NULL, 2009 .adata_len = 0 2010 }; 2011 #endif /* WITH_CURVE_SECP256R1 */ 2012 #endif /* WITH_HASH_SHA256 */ 2013 2014 #ifdef WITH_HASH_SHA384 2015 #ifdef WITH_CURVE_SECP384R1 2016 #define ECSDSA_SHA384_SECP384R1_SELF_TEST 2017 2018 /* ECSDSA secp384r1 test vectors */ 2019 2020 static int ecsdsa_nn_random_iso14888_3_secp384r1_test_vector(nn_t out, 2021 nn_src_t q) 2022 { 2023 int ret, cmp; 2024 const u8 k_buf[] = { 2025 0x8A, 0x29, 0xE7, 0x72, 0x35, 0x7B, 0xBA, 0x6F, 2026 0x5C, 0x9E, 0xA7, 0x65, 0xD5, 0x08, 0x2B, 0x9B, 2027 0xC7, 0xA7, 0x4C, 0x33, 0xE9, 0xD9, 0x4D, 0x49, 2028 0xFB, 0x2C, 0x9D, 0x3B, 0x52, 0x3A, 0x82, 0x16, 2029 0x96, 0x82, 0xEC, 0xF1, 0x6F, 0x1D, 0x06, 0x26, 2030 0x90, 0x42, 0xF3, 0xAF, 0x04, 0x4B, 0x4D, 0xE8 2031 }; 2032 2033 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2034 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2035 2036 ret = (cmp >= 0) ? -1 : 0; 2037 2038 err: 2039 return ret; 2040 } 2041 2042 static const u8 ecsdsa_secp384r1_test_vectors_priv_key[] = { 2043 0x7E, 0x49, 0x14, 0xFE, 0x4B, 0x61, 0x70, 0x89, 2044 0xF9, 0xFE, 0x80, 0xAD, 0x91, 0x3D, 0x55, 0x30, 2045 0xEE, 0xC4, 0xF3, 0x0B, 0xCA, 0x1A, 0xD6, 0x6E, 2046 0x7B, 0x5A, 0xEA, 0xCF, 0x29, 0xD2, 0xF5, 0x67, 2047 0xD9, 0xA8, 0xF4, 0xA4, 0x55, 0x2A, 0x1A, 0x1A, 2048 0xF3, 0xE0, 0xB6, 0xD0, 0xA4, 0x9D, 0xFC, 0xC8 2049 }; 2050 2051 static const u8 ecsdsa_secp384r1_test_vectors_expected_sig[] = { 2052 0xF9, 0x07, 0x55, 0x3B, 0xB5, 0xC7, 0xDE, 0x02, 2053 0x9A, 0x2A, 0x56, 0x70, 0x78, 0xDF, 0xF9, 0xB8, 2054 0x03, 0xEC, 0x64, 0x96, 0x0D, 0x75, 0xBA, 0x73, 2055 0xA8, 0x55, 0x90, 0xAC, 0xC0, 0xAC, 0x44, 0x79, 2056 0xAC, 0x52, 0xE5, 0x1D, 0x56, 0x91, 0xFC, 0xB0, 2057 0x69, 0xDC, 0x5C, 0xD2, 0x4E, 0x0B, 0xCE, 0xC7, 2058 0x0B, 0x9D, 0x66, 0xD5, 0xDE, 0x70, 0xFA, 0xA8, 2059 0xB3, 0x56, 0x34, 0xA3, 0x7B, 0x33, 0xC2, 0xC4, 2060 0x60, 0xB8, 0xDC, 0x0B, 0xD4, 0xC8, 0x74, 0x5B, 2061 0xB8, 0x4D, 0xC1, 0x5C, 0xA8, 0x57, 0x0B, 0x07, 2062 0x92, 0x58, 0xF9, 0x77, 0xDA, 0x8B, 0x40, 0x61, 2063 0xF3, 0xDA, 0x6E, 0xBD, 0x7C, 0x42, 0x9A, 0x89 2064 }; 2065 2066 static const ec_test_case ecsdsa_secp384r1_test_case = { 2067 .name = "ECSDSA-SHA384/secp384r1", 2068 .ec_str_p = &secp384r1_str_params, 2069 .priv_key = ecsdsa_secp384r1_test_vectors_priv_key, 2070 .priv_key_len = sizeof(ecsdsa_secp384r1_test_vectors_priv_key), 2071 .nn_random = ecsdsa_nn_random_iso14888_3_secp384r1_test_vector, 2072 .hash_type = SHA384, 2073 .msg = "abc", 2074 .msglen = 3, 2075 .sig_type = ECSDSA, 2076 .exp_sig = ecsdsa_secp384r1_test_vectors_expected_sig, 2077 .exp_siglen = sizeof(ecsdsa_secp384r1_test_vectors_expected_sig), 2078 .adata = NULL, 2079 .adata_len = 0 2080 }; 2081 #endif /* WITH_CURVE_SECP384R1 */ 2082 #endif /* WITH_HASH_SHA384 */ 2083 2084 #ifdef WITH_HASH_SHA512 2085 #ifdef WITH_CURVE_SECP521R1 2086 #define ECSDSA_SHA512_SECP521R1_SELF_TEST 2087 2088 /* ECSDSA secp521r1 test vectors */ 2089 2090 static int ecsdsa_nn_random_secp521r1_test_vector(nn_t out, nn_src_t q) 2091 { 2092 int ret, cmp; 2093 2094 /* 2095 * Fixed ephemeral private key for secp521r1 signature 2096 * test vectors from RFC4754 2097 */ 2098 const u8 k_buf[] = { 2099 0x01, 0xad, 0xb3, 0xfd, 0xcf, 0x67, 0x5e, 0x25, 2100 0x3c, 0xfe, 0xac, 0x56, 0x1f, 0x21, 0x67, 0x67, 2101 0xa4, 0xba, 0xa7, 0x90, 0xac, 0x68, 0x1c, 0x74, 2102 0xf3, 0xdd, 0x83, 0x33, 0x5c, 0x9b, 0x37, 0x41, 2103 0xc8, 0x88, 0x77, 0x77, 0x33, 0xf7, 0xc7, 0xea, 2104 0x15, 0xd4, 0x5f, 0xa0, 0x7f, 0xba, 0x60, 0x39, 2105 0x4b, 0x3e, 0x16, 0xcd, 0xce, 0x1b, 0x02, 0xef, 2106 0xbc, 0x59, 0xba, 0xb0, 0xbd, 0x77, 0xa6, 0x50, 2107 0x07, 0xd4 2108 }; 2109 2110 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2111 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2112 2113 ret = (cmp >= 0) ? -1 : 0; 2114 2115 err: 2116 return ret; 2117 } 2118 2119 static const u8 ecsdsa_secp521r1_test_vectors_priv_key[] = { 2120 0x01, 0x82, 0x1f, 0x88, 0xbd, 0xe6, 0x75, 0x1c, 2121 0x06, 0x29, 0xfb, 0x75, 0x3b, 0xb1, 0xc7, 0xec, 2122 0x07, 0xbe, 0x64, 0x82, 0x88, 0x4a, 0x77, 0x4e, 2123 0x18, 0x3e, 0x1d, 0xcf, 0x95, 0x49, 0x4f, 0x81, 2124 0x7e, 0x71, 0x5b, 0xfe, 0x1d, 0xe3, 0x17, 0x24, 2125 0xc2, 0x93, 0x24, 0x67, 0xb1, 0x39, 0x90, 0x02, 2126 0x4c, 0x25, 0xc5, 0x54, 0x13, 0xbc, 0xe1, 0x24, 2127 0xa5, 0x35, 0x83, 0xf7, 0x3a, 0x86, 0xed, 0xc4, 2128 0x39, 0xb0 2129 }; 2130 2131 static const u8 ecsdsa_secp521r1_test_vectors_expected_sig[] = { 2132 0xe7, 0x3a, 0xe5, 0x72, 0x50, 0x29, 0x9b, 0x19, 2133 0x26, 0xbc, 0x79, 0x8a, 0x84, 0x6b, 0xd3, 0xbb, 2134 0x29, 0x15, 0x9d, 0x0d, 0xcb, 0x50, 0x87, 0xbb, 2135 0xd1, 0x72, 0xbd, 0x4a, 0x4b, 0x42, 0x3f, 0xb8, 2136 0xf1, 0x8b, 0xc2, 0x30, 0x1c, 0xa3, 0x1b, 0x94, 2137 0xef, 0x1a, 0xa0, 0x87, 0x71, 0x81, 0x0b, 0x37, 2138 0xa5, 0xd5, 0x4f, 0x0c, 0xde, 0xf1, 0xb1, 0xee, 2139 0xb0, 0x7b, 0x6c, 0xca, 0x35, 0xcf, 0xb2, 0x04, 2140 0x00, 0xba, 0xbf, 0x93, 0x78, 0xea, 0x91, 0x23, 2141 0x57, 0x49, 0xe1, 0x05, 0x52, 0x92, 0x2a, 0xff, 2142 0xb3, 0x32, 0x51, 0x6f, 0x59, 0xd9, 0xe1, 0x78, 2143 0x61, 0xfe, 0xb5, 0x43, 0x37, 0x40, 0xf3, 0xb8, 2144 0x18, 0x8c, 0x95, 0x2e, 0xd6, 0xb3, 0xea, 0x1a, 2145 0x37, 0x48, 0xfb, 0xa5, 0x77, 0xba, 0x69, 0xe2, 2146 0x12, 0x6b, 0x2c, 0xc9, 0x4e, 0x4c, 0x59, 0xe7, 2147 0x86, 0xe2, 0xfa, 0xdd, 0x5b, 0x79, 0xab, 0x15, 2148 0x5c, 0xf6 2149 }; 2150 2151 static const ec_test_case ecsdsa_secp521r1_test_case = { 2152 .name = "ECSDSA-SHA512/secp521r1", 2153 .ec_str_p = &secp521r1_str_params, 2154 .priv_key = ecsdsa_secp521r1_test_vectors_priv_key, 2155 .priv_key_len = sizeof(ecsdsa_secp521r1_test_vectors_priv_key), 2156 .nn_random = ecsdsa_nn_random_secp521r1_test_vector, 2157 .hash_type = SHA512, 2158 .msg = "abc", 2159 .msglen = 3, 2160 .sig_type = ECSDSA, 2161 .exp_sig = ecsdsa_secp521r1_test_vectors_expected_sig, 2162 .exp_siglen = sizeof(ecsdsa_secp521r1_test_vectors_expected_sig), 2163 .adata = NULL, 2164 .adata_len = 0 2165 }; 2166 #endif /* WITH_CURVE_SECP521R1 */ 2167 #endif /* WITH_HASH_SHA512 */ 2168 2169 #ifdef WITH_HASH_SHA256 2170 #ifdef WITH_CURVE_BRAINPOOLP256R1 2171 #define ECSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 2172 2173 /* ECSDSA Brainpoolp256r1 test vectors */ 2174 2175 static int ecsdsa_nn_random_brainpoolp256r1_test_vector(nn_t out, nn_src_t q) 2176 { 2177 int ret, cmp; 2178 2179 /* 2180 * Fixed ephemeral private key for brainpoolp256r1 signature 2181 */ 2182 const u8 k_buf[] = { 2183 0x29, 0xa5, 0xc2, 0x64, 0xba, 0x76, 0x37, 0x9d, 2184 0x86, 0x49, 0x8a, 0x64, 0x16, 0xfc, 0x7f, 0xba, 2185 0x9d, 0x4f, 0x62, 0x75, 0x64, 0xc6, 0x98, 0xab, 2186 0x4d, 0x95, 0xd1, 0x90, 0x6c, 0x8c, 0x61, 0xe4 2187 }; 2188 2189 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2190 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2191 2192 ret = (cmp >= 0) ? -1 : 0; 2193 2194 err: 2195 return ret; 2196 } 2197 2198 static const u8 ecsdsa_brainpoolp256r1_test_vectors_priv_key[] = { 2199 0xa9, 0x35, 0x71, 0x33, 0x4a, 0xc3, 0x2b, 0x50, 2200 0x26, 0x8d, 0xdc, 0xa0, 0x95, 0x23, 0x89, 0x3a, 2201 0x8f, 0x29, 0x89, 0xa9, 0x4f, 0x9f, 0x44, 0xa9, 2202 0x1b, 0x77, 0x43, 0xf7, 0xe1, 0x45, 0xae, 0xb7 2203 }; 2204 2205 static const u8 ecsdsa_brainpoolp256r1_test_vectors_expected_sig[] = { 2206 0x0e, 0x7a, 0xf5, 0x0b, 0xf4, 0xe0, 0x8b, 0xf8, 2207 0x51, 0x00, 0x44, 0x24, 0xee, 0x9d, 0x65, 0x02, 2208 0xfc, 0xd1, 0x16, 0x4e, 0xe3, 0xd9, 0x9a, 0x00, 2209 0xa8, 0x4f, 0xd5, 0xdb, 0x81, 0x48, 0x00, 0xeb, 2210 0x64, 0x7a, 0x24, 0xe6, 0x07, 0xb6, 0xfc, 0x09, 2211 0xd8, 0x8b, 0x1b, 0x57, 0x2c, 0xfc, 0x4c, 0xe2, 2212 0x9e, 0x25, 0xfa, 0xe1, 0x43, 0x1f, 0x0d, 0xfa, 2213 0x58, 0x6b, 0xd1, 0x6d, 0xee, 0xff, 0x92, 0xb6 2214 }; 2215 2216 static const ec_test_case ecsdsa_brainpoolp256r1_test_case = { 2217 .name = "ECSDSA-SHA256/brainpoolp256r1", 2218 .ec_str_p = &brainpoolp256r1_str_params, 2219 .priv_key = ecsdsa_brainpoolp256r1_test_vectors_priv_key, 2220 .priv_key_len = sizeof(ecsdsa_brainpoolp256r1_test_vectors_priv_key), 2221 .nn_random = ecsdsa_nn_random_brainpoolp256r1_test_vector, 2222 .hash_type = SHA256, 2223 .msg = "abc", 2224 .msglen = 3, 2225 .sig_type = ECSDSA, 2226 .exp_sig = ecsdsa_brainpoolp256r1_test_vectors_expected_sig, 2227 .exp_siglen = sizeof(ecsdsa_brainpoolp256r1_test_vectors_expected_sig), 2228 .adata = NULL, 2229 .adata_len = 0 2230 }; 2231 2232 #endif /* WITH_CURVE_BRAINPOOLP256R1 */ 2233 #endif /* WITH_HASH_SHA256 */ 2234 2235 #ifdef WITH_HASH_SHA384 2236 #ifdef WITH_CURVE_BRAINPOOLP384R1 2237 #define ECSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 2238 2239 /* ECSDSA Brainpoolp384r1 test vectors */ 2240 2241 static int ecsdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q) 2242 { 2243 int ret, cmp; 2244 2245 /* 2246 * Fixed ephemeral private key for brainpoolp384r1 signature 2247 */ 2248 const u8 k_buf[] = { 2249 0x4f, 0x71, 0xb2, 0x3e, 0x7f, 0xbb, 0x47, 0xa8, 2250 0x8d, 0xaf, 0xdb, 0xea, 0xdc, 0x78, 0x14, 0x50, 2251 0xa9, 0x3b, 0xc8, 0x4b, 0x5b, 0xd4, 0xd5, 0x38, 2252 0x6b, 0x1e, 0x19, 0x5f, 0x5c, 0x29, 0xe7, 0x9f, 2253 0x9e, 0xfe, 0x66, 0x1d, 0x02, 0x7b, 0xef, 0xbb, 2254 0xb1, 0xca, 0x1d, 0xa2, 0xfe, 0xa2, 0xab, 0x75 2255 }; 2256 2257 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2258 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2259 2260 ret = (cmp >= 0) ? -1 : 0; 2261 2262 err: 2263 return ret; 2264 } 2265 2266 static const u8 ecsdsa_brainpoolp384r1_test_vectors_priv_key[] = { 2267 0x71, 0xa8, 0x85, 0x7e, 0x32, 0x14, 0x5f, 0x02, 2268 0x90, 0x02, 0xbe, 0xdc, 0x68, 0x77, 0x78, 0x1d, 2269 0xd9, 0x34, 0x6d, 0x5f, 0x4f, 0x7d, 0x0f, 0x96, 2270 0xe3, 0x1d, 0x6f, 0x41, 0x42, 0x36, 0x37, 0x1d, 2271 0x42, 0x2e, 0x97, 0xa9, 0x21, 0xc5, 0x04, 0x9c, 2272 0xb4, 0xbf, 0x49, 0x46, 0x8a, 0x99, 0x0a, 0x16 2273 }; 2274 2275 static const u8 ecsdsa_brainpoolp384r1_test_vectors_expected_sig[] = { 2276 0x97, 0x27, 0x3d, 0x1b, 0x4a, 0x56, 0xe5, 0x55, 2277 0x77, 0xe0, 0x9c, 0xd4, 0xe0, 0x78, 0x2f, 0x6e, 2278 0x8d, 0x8b, 0x2e, 0xe0, 0xde, 0xef, 0x84, 0x44, 2279 0xd1, 0x3a, 0xc3, 0x5c, 0xe5, 0xf3, 0x5f, 0xae, 2280 0x49, 0xc2, 0x6a, 0x31, 0x26, 0xb4, 0x44, 0x88, 2281 0xc1, 0x4e, 0x3e, 0xcf, 0x78, 0x4c, 0xd8, 0xe5, 2282 2283 0x1b, 0x71, 0x79, 0x37, 0x89, 0x3a, 0x77, 0x90, 2284 0xa8, 0x80, 0x01, 0x19, 0x87, 0xb6, 0x47, 0x1e, 2285 0x4b, 0xb4, 0x56, 0xc9, 0x08, 0x79, 0x32, 0x29, 2286 0x2f, 0x28, 0x35, 0x09, 0xcb, 0x39, 0x6c, 0x68, 2287 0x13, 0x84, 0xcc, 0xb0, 0xc3, 0x97, 0x72, 0x86, 2288 0x4c, 0xb5, 0x18, 0x5e, 0xaa, 0x59, 0xf4, 0x3d 2289 }; 2290 2291 static const ec_test_case ecsdsa_brainpoolp384r1_test_case = { 2292 .name = "ECSDSA-SHA384/brainpoolp384r1", 2293 .ec_str_p = &brainpoolp384r1_str_params, 2294 .priv_key = ecsdsa_brainpoolp384r1_test_vectors_priv_key, 2295 .priv_key_len = sizeof(ecsdsa_brainpoolp384r1_test_vectors_priv_key), 2296 .nn_random = ecsdsa_nn_random_brainpoolp384r1_test_vector, 2297 .hash_type = SHA384, 2298 .msg = "abc", 2299 .msglen = 3, 2300 .sig_type = ECSDSA, 2301 .exp_sig = ecsdsa_brainpoolp384r1_test_vectors_expected_sig, 2302 .exp_siglen = sizeof(ecsdsa_brainpoolp384r1_test_vectors_expected_sig), 2303 .adata = NULL, 2304 .adata_len = 0 2305 }; 2306 2307 #endif /* WITH_CURVE_BRAINPOOLP384R1 */ 2308 #endif /* WITH_HASH_SHA384 */ 2309 2310 #ifdef WITH_HASH_SHA512 2311 #ifdef WITH_CURVE_BRAINPOOLP512R1 2312 #define ECSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST 2313 2314 /* ECSDSA Brainpoolp512r1 test vectors */ 2315 2316 static int ecsdsa_nn_random_brainpoolp512r1_test_vector(nn_t out, nn_src_t q) 2317 { 2318 int ret, cmp; 2319 2320 /* 2321 * Fixed ephemeral private key for brainpoolp512r1 signature 2322 */ 2323 const u8 k_buf[] = { 2324 0x65, 0xe7, 0x6d, 0xe3, 0x2e, 0x77, 0x21, 0x67, 2325 0x3a, 0x99, 0x1d, 0x95, 0xda, 0x6f, 0x7e, 0x0a, 2326 0x5a, 0x72, 0x72, 0xf8, 0xde, 0x4a, 0xae, 0xfe, 2327 0xd9, 0x7b, 0x49, 0x07, 0xda, 0x0e, 0xe8, 0x4d, 2328 0x66, 0xdd, 0x51, 0x8e, 0x6e, 0x75, 0xd3, 0x28, 2329 0x54, 0x08, 0xaf, 0x82, 0xeb, 0xf2, 0x5a, 0x5e, 2330 0x3c, 0x14, 0x9b, 0x6e, 0xba, 0xba, 0x2b, 0x7b, 2331 0xdf, 0x6d, 0x26, 0x0e, 0x3a, 0xea, 0xae, 0xbc 2332 }; 2333 2334 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2335 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2336 2337 ret = (cmp >= 0) ? -1 : 0; 2338 2339 err: 2340 return ret; 2341 } 2342 2343 static const u8 ecsdsa_brainpoolp512r1_test_vectors_priv_key[] = { 2344 0x20, 0xe6, 0xe2, 0x08, 0x67, 0xf7, 0x29, 0x0c, 2345 0x04, 0xfc, 0x00, 0x7e, 0x77, 0x34, 0x9e, 0x30, 2346 0x09, 0xaa, 0xc0, 0x3d, 0xfa, 0xf0, 0xd2, 0x56, 2347 0x70, 0x86, 0x73, 0x86, 0xca, 0xce, 0xdb, 0xcd, 2348 0x55, 0x3d, 0xd0, 0x1b, 0x86, 0xdd, 0x50, 0x17, 2349 0xe1, 0xdc, 0x45, 0xa1, 0xa5, 0xae, 0xd3, 0x80, 2350 0x72, 0xef, 0x04, 0xe7, 0x9f, 0x36, 0xc3, 0xe7, 2351 0x84, 0xd5, 0xdf, 0x80, 0x39, 0xc2, 0x5d, 0x18 2352 }; 2353 2354 static const u8 ecsdsa_brainpoolp512r1_test_vectors_expected_sig[] = { 2355 0x7f, 0xf5, 0x12, 0x0a, 0xaa, 0x8f, 0x7a, 0x31, 2356 0xe9, 0xaf, 0x44, 0x4b, 0xdf, 0x97, 0x1e, 0x80, 2357 0x0c, 0xb8, 0x3c, 0x4c, 0x45, 0x39, 0xa1, 0xa6, 2358 0x51, 0x53, 0xc2, 0x32, 0x48, 0x62, 0x7a, 0x12, 2359 0xf5, 0xf3, 0xb1, 0xd6, 0xdf, 0x07, 0x78, 0x14, 2360 0xa0, 0x53, 0xcb, 0x6e, 0xef, 0x07, 0x20, 0xc3, 2361 0x9f, 0xf2, 0x34, 0x20, 0x31, 0x21, 0x5e, 0xea, 2362 0x55, 0xd7, 0xff, 0xd6, 0x4f, 0x18, 0xc2, 0x64, 2363 2364 0x45, 0xdb, 0xd2, 0xae, 0xf5, 0x0c, 0x14, 0x8b, 2365 0xad, 0xaa, 0x2d, 0x1e, 0x04, 0x06, 0xaf, 0xb9, 2366 0x1f, 0x17, 0x20, 0x3f, 0x29, 0x8c, 0xc6, 0x63, 2367 0xb6, 0xf9, 0xc4, 0x56, 0x4f, 0xa7, 0x76, 0x31, 2368 0xe5, 0x46, 0x6b, 0x86, 0x80, 0x59, 0xdf, 0x01, 2369 0x27, 0x38, 0x0f, 0x17, 0x8c, 0x59, 0xcc, 0xad, 2370 0x8c, 0x63, 0xe4, 0xa6, 0x48, 0x84, 0x88, 0x95, 2371 0x0e, 0x6f, 0xa6, 0x2a, 0xbf, 0x4b, 0xff, 0x30 2372 }; 2373 2374 static const ec_test_case ecsdsa_brainpoolp512r1_test_case = { 2375 .name = "ECSDSA-SHA512/brainpoolp512r1", 2376 .ec_str_p = &brainpoolp512r1_str_params, 2377 .priv_key = ecsdsa_brainpoolp512r1_test_vectors_priv_key, 2378 .priv_key_len = sizeof(ecsdsa_brainpoolp512r1_test_vectors_priv_key), 2379 .nn_random = ecsdsa_nn_random_brainpoolp512r1_test_vector, 2380 .hash_type = SHA512, 2381 .msg = "abc", 2382 .msglen = 3, 2383 .sig_type = ECSDSA, 2384 .exp_sig = ecsdsa_brainpoolp512r1_test_vectors_expected_sig, 2385 .exp_siglen = sizeof(ecsdsa_brainpoolp512r1_test_vectors_expected_sig), 2386 .adata = NULL, 2387 .adata_len = 0 2388 }; 2389 #endif /* WITH_CURVE_BRAINPOOLP512R1 */ 2390 #endif /* WITH_HASH_SHA512 */ 2391 2392 #ifdef WITH_HASH_SHA256 2393 #ifdef WITH_CURVE_FRP256V1 2394 #define ECSDSA_SHA256_FRP256V1_SELF_TEST 2395 2396 /* ECSDSA frp256v1 test vectors */ 2397 2398 static int ecsdsa_nn_random_frp256v1_test_vector(nn_t out, nn_src_t q) 2399 { 2400 int ret, cmp; 2401 2402 /* 2403 * Fixed ephemeral private key for frp256v1 signature 2404 */ 2405 const u8 k_buf[] = { 2406 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9, 2407 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7, 2408 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15, 2409 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE 2410 }; 2411 2412 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2413 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2414 2415 ret = (cmp >= 0) ? -1 : 0; 2416 2417 err: 2418 return ret; 2419 } 2420 2421 static const u8 ecsdsa_frp256v1_test_vectors_priv_key[] = { 2422 0x00, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD, 2423 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D, 2424 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75, 2425 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F 2426 }; 2427 2428 static const u8 ecsdsa_frp256v1_test_vectors_expected_sig[] = { 2429 0x9e, 0x57, 0x81, 0x73, 0xf9, 0x7b, 0xbe, 0xb1, 2430 0xdc, 0xc4, 0x4f, 0xe6, 0xc1, 0x7a, 0x40, 0x9e, 2431 0x22, 0xad, 0x13, 0xa1, 0xa9, 0x69, 0x14, 0x62, 2432 0x0d, 0x08, 0x76, 0x0f, 0xe0, 0xd7, 0xc6, 0x75, 2433 2434 0x9b, 0x3a, 0xb9, 0xd5, 0xb6, 0x7f, 0xf2, 0xb9, 2435 0xaa, 0xe8, 0xc5, 0xed, 0xf9, 0x82, 0xd4, 0xf7, 2436 0x6d, 0x7c, 0x61, 0x36, 0x56, 0xe7, 0x73, 0xaa, 2437 0x1a, 0xab, 0xa6, 0x30, 0x90, 0x1d, 0x56, 0xa6, 2438 }; 2439 2440 static const ec_test_case ecsdsa_frp256v1_test_case = { 2441 .name = "ECSDSA-SHA256/frp256v1", 2442 .ec_str_p = &frp256v1_str_params, 2443 .priv_key = ecsdsa_frp256v1_test_vectors_priv_key, 2444 .priv_key_len = sizeof(ecsdsa_frp256v1_test_vectors_priv_key), 2445 .nn_random = ecsdsa_nn_random_frp256v1_test_vector, 2446 .hash_type = SHA256, 2447 .msg = "abc", 2448 .msglen = 3, 2449 .sig_type = ECSDSA, 2450 .exp_sig = ecsdsa_frp256v1_test_vectors_expected_sig, 2451 .exp_siglen = sizeof(ecsdsa_frp256v1_test_vectors_expected_sig), 2452 .adata = NULL, 2453 .adata_len = 0 2454 }; 2455 #endif /* WITH_CURVE_FRP256V1 */ 2456 #endif /* WITH_HASH_SHA256 */ 2457 #endif /* WITH_SIG_ECSDSA */ 2458 2459 /******************************************************************* 2460 ************** ECOSDSA tests ************************************** 2461 *******************************************************************/ 2462 2463 #ifdef WITH_SIG_ECOSDSA 2464 #ifdef WITH_HASH_SHA224 2465 #ifdef WITH_CURVE_SECP224R1 2466 #define ECOSDSA_SHA224_SECP224R1_SELF_TEST 2467 2468 /* ECOSDSA secp224r1 test vectors */ 2469 2470 static int ecosdsa_nn_random_secp224r1_test_vector(nn_t out, nn_src_t q) 2471 { 2472 int ret, cmp; 2473 2474 const u8 k_buf[] = { 2475 0xc1, 0xbe, 0x08, 0xf7, 0xa6, 0xda, 0x95, 0xea, 2476 0xda, 0xc9, 0x2b, 0x7a, 0x8d, 0xfa, 0x4b, 0x8c, 2477 0x0b, 0x09, 0x9a, 0xf3, 0xa3, 0x0a, 0x23, 0xb5, 2478 0xa7, 0x6a, 0xa4, 0xc5 2479 }; 2480 2481 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2482 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2483 2484 ret = (cmp >= 0) ? -1 : 0; 2485 2486 err: 2487 return ret; 2488 } 2489 2490 static const u8 ecosdsa_secp224r1_test_vectors_priv_key[] = { 2491 0xfd, 0x22, 0xee, 0x55, 0x5f, 0x4a, 0xb5, 0x40, 2492 0x1b, 0xbd, 0x53, 0x65, 0xec, 0x8a, 0xec, 0x37, 2493 0xf3, 0xb4, 0xcb, 0xe4, 0xeb, 0xdd, 0x55, 0x40, 2494 0xad, 0x92, 0x29, 0xf0 2495 }; 2496 2497 static const u8 ecosdsa_secp224r1_test_vectors_expected_sig[] = { 2498 0x48, 0x33, 0x6d, 0x3d, 0x8d, 0xa5, 0x3b, 0x5d, 2499 0xff, 0xca, 0x3e, 0x36, 0x24, 0x7b, 0xeb, 0x07, 2500 0x0c, 0x32, 0x53, 0x21, 0xf3, 0x7e, 0xb3, 0xf7, 2501 0xe3, 0xb1, 0xaa, 0xb3, 2502 0x28, 0x39, 0xe8, 0x80, 0xbe, 0x1a, 0x2e, 0xd8, 2503 0x31, 0x4f, 0x85, 0x2d, 0xf6, 0x6b, 0x1a, 0xc0, 2504 0xb7, 0x22, 0x89, 0xa9, 0xf8, 0x70, 0xd5, 0x19, 2505 0xbb, 0x80, 0x11, 0x16 2506 }; 2507 2508 static const ec_test_case ecosdsa_secp224r1_test_case = { 2509 .name = "ECOSDSA-SHA224/secp224r1", 2510 .ec_str_p = &secp224r1_str_params, 2511 .priv_key = ecosdsa_secp224r1_test_vectors_priv_key, 2512 .priv_key_len = sizeof(ecosdsa_secp224r1_test_vectors_priv_key), 2513 .nn_random = ecosdsa_nn_random_secp224r1_test_vector, 2514 .hash_type = SHA224, 2515 .msg = "abc", 2516 .msglen = 3, 2517 .sig_type = ECOSDSA, 2518 .exp_sig = ecosdsa_secp224r1_test_vectors_expected_sig, 2519 .exp_siglen = sizeof(ecosdsa_secp224r1_test_vectors_expected_sig), 2520 .adata = NULL, 2521 .adata_len = 0 2522 }; 2523 #endif /* WITH_CURVE_SECP224R1 */ 2524 #endif /* WITH_HASH_SHA224 */ 2525 2526 #ifdef WITH_HASH_SHA256 2527 #ifdef WITH_CURVE_SECP256R1 2528 #define ECOSDSA_SHA256_SECP256R1_SELF_TEST 2529 2530 /* ECOSDSA secp256r1 test vectors */ 2531 2532 static int ecosdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out, 2533 nn_src_t q) 2534 { 2535 int ret, cmp; 2536 const u8 k_buf[] = { 2537 0xDE, 0x7E, 0x0E, 0x5E, 0x66, 0x3F, 0x24, 0x18, 2538 0x34, 0x14, 0xB7, 0xC7, 0x2F, 0x24, 0x54, 0x6B, 2539 0x81, 0xE9, 0xE5, 0xF4, 0x10, 0xBE, 0xBF, 0x26, 2540 0xF3, 0xCA, 0x5F, 0xA8, 0x2F, 0x51, 0x92, 0xC8 2541 }; 2542 2543 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2544 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2545 2546 ret = (cmp >= 0) ? -1 : 0; 2547 2548 err: 2549 return ret; 2550 } 2551 2552 static const u8 ecosdsa_secp256r1_test_vectors_priv_key[] = { 2553 0x52, 0x02, 0xA3, 0xD8, 0xAC, 0xAF, 0x69, 0x09, 2554 0xD1, 0x2C, 0x9A, 0x77, 0x4C, 0xD8, 0x86, 0xF9, 2555 0xFB, 0xA6, 0x11, 0x37, 0xFF, 0xD3, 0xE8, 0xE7, 2556 0x6A, 0xED, 0x36, 0x3F, 0xB4, 0x7A, 0xC4, 0x92 2557 }; 2558 2559 static const u8 ecosdsa_secp256r1_test_vectors_expected_sig[] = { 2560 0xD7, 0xFB, 0x81, 0x35, 0xD8, 0xEA, 0x45, 0xE8, 2561 0xFB, 0x3C, 0x90, 0x59, 0xF1, 0x46, 0xE2, 0x63, 2562 0x0E, 0xF4, 0xBD, 0x51, 0xC4, 0x00, 0x6A, 0x92, 2563 0xED, 0xB4, 0xC8, 0xB0, 0x84, 0x99, 0x63, 0xFB, 2564 0xB4, 0x6D, 0x15, 0x25, 0x37, 0x9E, 0x02, 0xE2, 2565 0x32, 0xD9, 0x79, 0x28, 0x26, 0x5B, 0x72, 0x54, 2566 0xEA, 0x2E, 0xD9, 0x78, 0x13, 0x45, 0x43, 0x88, 2567 0xC1, 0xA0, 0x8F, 0x62, 0xDC, 0xCD, 0x70, 0xB3 2568 }; 2569 2570 static const ec_test_case ecosdsa_secp256r1_test_case = { 2571 .name = "ECOSDSA-SHA256/secp256r1", 2572 .ec_str_p = &secp256r1_str_params, 2573 .priv_key = ecosdsa_secp256r1_test_vectors_priv_key, 2574 .priv_key_len = sizeof(ecosdsa_secp256r1_test_vectors_priv_key), 2575 .nn_random = ecosdsa_nn_random_iso14888_3_secp256r1_test_vector, 2576 .hash_type = SHA256, 2577 .msg = "abc", 2578 .msglen = 3, 2579 .sig_type = ECOSDSA, 2580 .exp_sig = ecosdsa_secp256r1_test_vectors_expected_sig, 2581 .exp_siglen = sizeof(ecosdsa_secp256r1_test_vectors_expected_sig), 2582 .adata = NULL, 2583 .adata_len = 0 2584 }; 2585 #endif /* WITH_CURVE_SECP256R1 */ 2586 #endif /* WITH_HASH_SHA256 */ 2587 2588 #ifdef WITH_HASH_SHA384 2589 #ifdef WITH_CURVE_SECP384R1 2590 #define ECOSDSA_SHA384_SECP384R1_SELF_TEST 2591 2592 /* ECOSDSA secp384r1 test vectors */ 2593 2594 static int ecosdsa_nn_random_iso14888_3_secp384r1_test_vector(nn_t out, 2595 nn_src_t q) 2596 2597 { 2598 int ret, cmp; 2599 const u8 k_buf[] = { 2600 0x8A, 0x29, 0xE7, 0x72, 0x35, 0x7B, 0xBA, 0x6F, 2601 0x5C, 0x9E, 0xA7, 0x65, 0xD5, 0x08, 0x2B, 0x9B, 2602 0xC7, 0xA7, 0x4C, 0x33, 0xE9, 0xD9, 0x4D, 0x49, 2603 0xFB, 0x2C, 0x9D, 0x3B, 0x52, 0x3A, 0x82, 0x16, 2604 0x96, 0x82, 0xEC, 0xF1, 0x6F, 0x1D, 0x06, 0x26, 2605 0x90, 0x42, 0xF3, 0xAF, 0x04, 0x4B, 0x4D, 0xE8 2606 }; 2607 2608 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2609 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2610 2611 ret = (cmp >= 0) ? -1 : 0; 2612 2613 err: 2614 return ret; 2615 } 2616 2617 static const u8 ecosdsa_secp384r1_test_vectors_priv_key[] = { 2618 0x7E, 0x49, 0x14, 0xFE, 0x4B, 0x61, 0x70, 0x89, 2619 0xF9, 0xFE, 0x80, 0xAD, 0x91, 0x3D, 0x55, 0x30, 2620 0xEE, 0xC4, 0xF3, 0x0B, 0xCA, 0x1A, 0xD6, 0x6E, 2621 0x7B, 0x5A, 0xEA, 0xCF, 0x29, 0xD2, 0xF5, 0x67, 2622 0xD9, 0xA8, 0xF4, 0xA4, 0x55, 0x2A, 0x1A, 0x1A, 2623 0xF3, 0xE0, 0xB6, 0xD0, 0xA4, 0x9D, 0xFC, 0xC8 2624 }; 2625 2626 static const u8 ecosdsa_secp384r1_test_vectors_expected_sig[] = { 2627 0x27, 0xD2, 0xF5, 0xB9, 0x62, 0xA3, 0xAC, 0xF6, 2628 0x39, 0x0A, 0x47, 0x18, 0xEA, 0x54, 0x0D, 0xA7, 2629 0x96, 0x12, 0xA6, 0x0E, 0xAA, 0x15, 0xBE, 0xBB, 2630 0x00, 0xB9, 0xE1, 0x66, 0x57, 0x83, 0xF7, 0xC7, 2631 0x91, 0xCC, 0xAC, 0x42, 0x2C, 0xEE, 0x81, 0x5A, 2632 0x9C, 0x5D, 0xA3, 0x67, 0x8A, 0xC8, 0xD1, 0xF0, 2633 0x22, 0xCC, 0x89, 0xCE, 0xB9, 0xE6, 0xBE, 0x84, 2634 0x15, 0xCC, 0x14, 0xB3, 0x99, 0xBC, 0x66, 0xE6, 2635 0xF3, 0xA2, 0x1E, 0x5B, 0xA3, 0x8E, 0x09, 0xA6, 2636 0xDE, 0x8D, 0xE6, 0x70, 0xA1, 0x45, 0xC0, 0xE4, 2637 0x74, 0xD5, 0xCC, 0x88, 0xBE, 0x88, 0x78, 0xF0, 2638 0x12, 0x3C, 0xC6, 0x62, 0x25, 0xA1, 0xBA, 0x12 2639 }; 2640 2641 static const ec_test_case ecosdsa_secp384r1_test_case = { 2642 .name = "ECOSDSA-SHA384/secp384r1", 2643 .ec_str_p = &secp384r1_str_params, 2644 .priv_key = ecosdsa_secp384r1_test_vectors_priv_key, 2645 .priv_key_len = sizeof(ecosdsa_secp384r1_test_vectors_priv_key), 2646 .nn_random = ecosdsa_nn_random_iso14888_3_secp384r1_test_vector, 2647 .hash_type = SHA384, 2648 .msg = "abc", 2649 .msglen = 3, 2650 .sig_type = ECOSDSA, 2651 .exp_sig = ecosdsa_secp384r1_test_vectors_expected_sig, 2652 .exp_siglen = sizeof(ecosdsa_secp384r1_test_vectors_expected_sig), 2653 .adata = NULL, 2654 .adata_len = 0 2655 }; 2656 #endif /* WITH_CURVE_SECP384R1 */ 2657 #endif /* WITH_HASH_SHA384 */ 2658 2659 #ifdef WITH_HASH_SHA512 2660 #ifdef WITH_CURVE_SECP521R1 2661 #define ECOSDSA_SHA512_SECP521R1_SELF_TEST 2662 2663 /* ECOSDSA secp521r1 test vectors */ 2664 2665 static int ecosdsa_nn_random_secp521r1_test_vector(nn_t out, nn_src_t q) 2666 { 2667 int ret, cmp; 2668 2669 /* 2670 * Fixed ephemeral private key for secp521r1 signature 2671 * test vectors from RFC4754 2672 */ 2673 const u8 k_buf[] = { 2674 0x01, 0x73, 0x03, 0x00, 0x16, 0x30, 0x79, 0x94, 2675 0x9b, 0xb6, 0xe3, 0x60, 0x3c, 0x96, 0xf6, 0xf0, 2676 0x90, 0x23, 0xa6, 0xf7, 0x48, 0xc5, 0xa6, 0xfc, 2677 0x41, 0xec, 0x39, 0xf5, 0x24, 0x04, 0x59, 0x59, 2678 0xa8, 0xfe, 0x4c, 0xc1, 0x9b, 0x01, 0x47, 0x5a, 2679 0xac, 0xc5, 0xf3, 0x92, 0xab, 0x50, 0x60, 0x1f, 2680 0x39, 0x8b, 0xc3, 0xb8, 0x01, 0x4a, 0x63, 0x91, 2681 0x1b, 0xce, 0x30, 0xe7, 0xcc, 0x0f, 0x3d, 0x82, 2682 0x3b, 0x05 2683 }; 2684 2685 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2686 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2687 2688 ret = (cmp >= 0) ? -1 : 0; 2689 2690 err: 2691 return ret; 2692 } 2693 2694 static const u8 ecosdsa_secp521r1_test_vectors_priv_key[] = { 2695 0x01, 0x08, 0xb9, 0x4c, 0x21, 0x92, 0x06, 0xb8, 2696 0xd8, 0x92, 0x16, 0x90, 0xa5, 0x15, 0x76, 0xae, 2697 0x70, 0x3d, 0x46, 0x4b, 0x71, 0xbd, 0xf5, 0x68, 2698 0xf9, 0xf6, 0x70, 0x92, 0x95, 0x67, 0x85, 0x80, 2699 0x55, 0xb9, 0x16, 0xdb, 0xce, 0x5d, 0xb5, 0x6a, 2700 0x25, 0xb7, 0x91, 0x33, 0x25, 0xf5, 0x14, 0xf7, 2701 0x2a, 0x22, 0xbe, 0x4e, 0xfb, 0x4d, 0xb7, 0x9e, 2702 0x2f, 0x01, 0xb5, 0x71, 0xa9, 0x3f, 0x21, 0x79, 2703 0x82, 0xc5 2704 }; 2705 2706 static const u8 ecosdsa_secp521r1_test_vectors_expected_sig[] = { 2707 0xbd, 0x54, 0xe8, 0xd7, 0x27, 0x1c, 0xcc, 0x1e, 2708 0x0a, 0xdd, 0xc3, 0x33, 0x8a, 0x99, 0xeb, 0x94, 2709 0x5e, 0x65, 0x40, 0x18, 0x05, 0x6f, 0xaf, 0x7e, 2710 0xc7, 0x6c, 0x0a, 0xa6, 0xb4, 0xd2, 0x62, 0x89, 2711 0x00, 0xe0, 0x5c, 0x05, 0x24, 0x95, 0xa0, 0x91, 2712 0x7d, 0x80, 0x85, 0x14, 0xd9, 0x1e, 0x41, 0x42, 2713 0xc5, 0xae, 0x53, 0x06, 0x24, 0x31, 0xe2, 0x31, 2714 0x05, 0x8d, 0xb5, 0x19, 0x2e, 0x35, 0x90, 0xe3, 2715 2716 0x00, 0x52, 0x7b, 0xab, 0x84, 0xc9, 0xaf, 0x15, 2717 0xcf, 0xa7, 0xd9, 0x25, 0x29, 0xdc, 0x15, 0xd2, 2718 0x17, 0x45, 0xee, 0x04, 0x88, 0x91, 0xf5, 0xe0, 2719 0x6a, 0x06, 0x65, 0xe5, 0xcb, 0x16, 0x2e, 0x62, 2720 0x2a, 0x0a, 0x62, 0xc3, 0x12, 0x23, 0xcc, 0x21, 2721 0x6d, 0x8f, 0xfe, 0xc3, 0x3a, 0xcd, 0xdd, 0xe5, 2722 0x0d, 0x58, 0xef, 0xe3, 0x87, 0x89, 0x3a, 0x5c, 2723 0xbc, 0xe2, 0xea, 0x07, 0x6e, 0x3b, 0x7c, 0xe7, 2724 0x95, 0x00, 2725 }; 2726 2727 static const ec_test_case ecosdsa_secp521r1_test_case = { 2728 .name = "ECOSDSA-SHA512/secp521r1", 2729 .ec_str_p = &secp521r1_str_params, 2730 .priv_key = ecosdsa_secp521r1_test_vectors_priv_key, 2731 .priv_key_len = sizeof(ecosdsa_secp521r1_test_vectors_priv_key), 2732 .nn_random = ecosdsa_nn_random_secp521r1_test_vector, 2733 .hash_type = SHA512, 2734 .msg = "abc", 2735 .msglen = 3, 2736 .sig_type = ECOSDSA, 2737 .exp_sig = ecosdsa_secp521r1_test_vectors_expected_sig, 2738 .exp_siglen = sizeof(ecosdsa_secp521r1_test_vectors_expected_sig), 2739 .adata = NULL, 2740 .adata_len = 0 2741 }; 2742 #endif /* WITH_CURVE_SECP521R1 */ 2743 #endif /* WITH_HASH_SHA512 */ 2744 2745 #ifdef WITH_HASH_SHA256 2746 #ifdef WITH_CURVE_BRAINPOOLP256R1 2747 #define ECOSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 2748 2749 /* ECOSDSA Brainpoolp256r1 test vectors */ 2750 2751 static int ecosdsa_nn_random_brainpoolp256r1_test_vector(nn_t out, nn_src_t q) 2752 { 2753 int ret, cmp; 2754 2755 /* 2756 * Fixed ephemeral private key for brainpoolp256r1 signature 2757 */ 2758 const u8 k_buf[] = { 2759 0x3f, 0x80, 0xde, 0x27, 0x3e, 0xef, 0xc9, 0x53, 2760 0xc9, 0x25, 0xab, 0x53, 0xdd, 0xba, 0xd4, 0xb3, 2761 0x23, 0x98, 0xb7, 0xcc, 0x39, 0xb1, 0xda, 0xe4, 2762 0xbe, 0x68, 0x37, 0xd4, 0xd9, 0x9e, 0xa0, 0x49 2763 }; 2764 2765 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2766 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2767 2768 ret = (cmp >= 0) ? -1 : 0; 2769 2770 err: 2771 return ret; 2772 } 2773 2774 static const u8 ecosdsa_brainpoolp256r1_test_vectors_priv_key[] = { 2775 0xa8, 0x44, 0x22, 0x5a, 0xf8, 0xae, 0xb6, 0xa7, 2776 0x66, 0x10, 0x93, 0xe5, 0x44, 0xd8, 0x47, 0xa0, 2777 0x63, 0x82, 0x08, 0xcf, 0xc6, 0x4f, 0x6e, 0xa8, 2778 0x1c, 0xbb, 0x0d, 0xbb, 0xcf, 0x16, 0x4d, 0xa2 2779 }; 2780 2781 static const u8 ecosdsa_brainpoolp256r1_test_vectors_expected_sig[] = { 2782 0xc1, 0x5a, 0x0e, 0xd2, 0x9c, 0x39, 0x3b, 0x04, 2783 0x14, 0xaa, 0x40, 0xe5, 0x1c, 0xe6, 0x45, 0x28, 2784 0x19, 0xa9, 0x7f, 0x66, 0x1b, 0x4f, 0x11, 0x50, 2785 0x13, 0x8f, 0xc4, 0xe6, 0x96, 0x47, 0xe1, 0xa4, 2786 2787 0x1c, 0x26, 0x9e, 0x5e, 0xd2, 0x9d, 0x38, 0x1a, 2788 0xc4, 0xa0, 0xed, 0x86, 0xe4, 0x73, 0x68, 0x46, 2789 0xa4, 0x34, 0x72, 0x6a, 0xb5, 0x36, 0x0d, 0x3a, 2790 0x7e, 0x2b, 0x1c, 0x44, 0x0a, 0x69, 0xfe, 0xde 2791 }; 2792 2793 static const ec_test_case ecosdsa_brainpoolp256r1_test_case = { 2794 .name = "ECOSDSA-SHA256/brainpoolp256r1", 2795 .ec_str_p = &brainpoolp256r1_str_params, 2796 .priv_key = ecosdsa_brainpoolp256r1_test_vectors_priv_key, 2797 .priv_key_len = sizeof(ecosdsa_brainpoolp256r1_test_vectors_priv_key), 2798 .nn_random = ecosdsa_nn_random_brainpoolp256r1_test_vector, 2799 .hash_type = SHA256, 2800 .msg = "abc", 2801 .msglen = 3, 2802 .sig_type = ECOSDSA, 2803 .exp_sig = ecosdsa_brainpoolp256r1_test_vectors_expected_sig, 2804 .exp_siglen = sizeof(ecosdsa_brainpoolp256r1_test_vectors_expected_sig), 2805 .adata = NULL, 2806 .adata_len = 0 2807 }; 2808 2809 #endif /* WITH_CURVE_BRAINPOOLP256R1 */ 2810 #endif /* WITH_HASH_SHA256 */ 2811 2812 #ifdef WITH_HASH_SHA384 2813 #ifdef WITH_CURVE_BRAINPOOLP384R1 2814 #define ECOSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 2815 2816 /* ECOSDSA Brainpoolp384r1 test vectors */ 2817 2818 static int ecosdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q) 2819 { 2820 int ret, cmp; 2821 2822 /* 2823 * Fixed ephemeral private key for brainpoolp384r1 signature 2824 */ 2825 const u8 k_buf[] = { 2826 0x4c, 0x0f, 0xa0, 0xfb, 0xd2, 0xec, 0x92, 0x0f, 2827 0x70, 0x32, 0xb2, 0xd5, 0xa4, 0xb0, 0xe5, 0xb0, 2828 0x88, 0xc1, 0x70, 0x6a, 0xe1, 0x4a, 0xc7, 0x49, 2829 0xc3, 0x14, 0x8a, 0x09, 0x9d, 0x3f, 0x0e, 0xde, 2830 0xe6, 0xf9, 0x73, 0x36, 0x76, 0x3b, 0xa7, 0x53, 2831 0x4c, 0xf5, 0x29, 0xa3, 0xd6, 0xe4, 0x60, 0x3e 2832 }; 2833 2834 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2835 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2836 2837 ret = (cmp >= 0) ? -1 : 0; 2838 2839 err: 2840 return ret; 2841 } 2842 2843 static const u8 ecosdsa_brainpoolp384r1_test_vectors_priv_key[] = { 2844 0x84, 0x27, 0xc5, 0xc6, 0xb1, 0x95, 0x1a, 0x87, 2845 0x4a, 0x00, 0x02, 0xfc, 0xeb, 0x8b, 0x8f, 0x46, 2846 0x53, 0x2a, 0x82, 0xff, 0xac, 0x72, 0x78, 0x70, 2847 0x6a, 0x04, 0xe6, 0x25, 0x6b, 0x0f, 0xbd, 0x6e, 2848 0x10, 0xab, 0x74, 0x9d, 0xee, 0x3e, 0x02, 0x7d, 2849 0xc5, 0x2e, 0x3c, 0x55, 0x25, 0xc0, 0x1e, 0x7d 2850 }; 2851 2852 static const u8 ecosdsa_brainpoolp384r1_test_vectors_expected_sig[] = { 2853 0xf8, 0x8e, 0x7c, 0x39, 0xcf, 0x98, 0xa5, 0x7d, 2854 0xb1, 0x6f, 0x3b, 0xea, 0x31, 0x61, 0xd5, 0x8a, 2855 0x9d, 0x90, 0xfe, 0x4b, 0xa8, 0xc0, 0x71, 0x65, 2856 0x93, 0x63, 0x34, 0x99, 0x0b, 0x06, 0xaf, 0x5e, 2857 0x86, 0xb1, 0x10, 0x53, 0x39, 0xfd, 0xf1, 0x52, 2858 0xda, 0x28, 0x9f, 0x6b, 0x4c, 0xd4, 0x20, 0x43, 2859 2860 0x69, 0x4e, 0x23, 0x7e, 0xc4, 0x5a, 0x83, 0x22, 2861 0x61, 0x53, 0xfd, 0x08, 0xc7, 0x5e, 0xdc, 0x69, 2862 0xc0, 0x22, 0x3f, 0x59, 0x8b, 0xf1, 0x9e, 0x8d, 2863 0x07, 0xb0, 0xb2, 0x38, 0x8a, 0xe2, 0xb7, 0x79, 2864 0x46, 0xda, 0xa2, 0x39, 0x4d, 0x7a, 0xce, 0x38, 2865 0x2a, 0xc6, 0xbe, 0xda, 0x21, 0x67, 0x81, 0xbf 2866 }; 2867 2868 static const ec_test_case ecosdsa_brainpoolp384r1_test_case = { 2869 .name = "ECOSDSA-SHA384/brainpoolp384r1", 2870 .ec_str_p = &brainpoolp384r1_str_params, 2871 .priv_key = ecosdsa_brainpoolp384r1_test_vectors_priv_key, 2872 .priv_key_len = sizeof(ecosdsa_brainpoolp384r1_test_vectors_priv_key), 2873 .nn_random = ecosdsa_nn_random_brainpoolp384r1_test_vector, 2874 .hash_type = SHA384, 2875 .msg = "abc", 2876 .msglen = 3, 2877 .sig_type = ECOSDSA, 2878 .exp_sig = ecosdsa_brainpoolp384r1_test_vectors_expected_sig, 2879 .exp_siglen = sizeof(ecosdsa_brainpoolp384r1_test_vectors_expected_sig), 2880 .adata = NULL, 2881 .adata_len = 0 2882 }; 2883 2884 #endif /* WITH_CURVE_BRAINPOOLP384R1 */ 2885 #endif /* WITH_HASH_SHA384 */ 2886 2887 #ifdef WITH_HASH_SHA512 2888 #ifdef WITH_CURVE_BRAINPOOLP512R1 2889 #define ECOSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST 2890 2891 /* ECOSDSA Brainpoolp512r1 test vectors */ 2892 2893 static int ecosdsa_nn_random_brainpoolp512r1_test_vector(nn_t out, nn_src_t q) 2894 { 2895 int ret, cmp; 2896 2897 /* 2898 * Fixed ephemeral private key for brainpoolp512r1 signature 2899 */ 2900 const u8 k_buf[] = { 2901 0x70, 0x82, 0xf3, 0x1a, 0xb1, 0x06, 0x2d, 0x5b, 2902 0xb8, 0x16, 0x87, 0xd5, 0x65, 0x34, 0x74, 0xc3, 2903 0x53, 0x23, 0x0a, 0xc0, 0x09, 0xde, 0xd1, 0x44, 2904 0xad, 0x47, 0x86, 0xda, 0x89, 0xbf, 0x33, 0x0e, 2905 0x34, 0xd2, 0x12, 0x40, 0x44, 0xa5, 0x8b, 0x08, 2906 0x5a, 0x7e, 0x70, 0xbc, 0xfd, 0xed, 0x72, 0x03, 2907 0x07, 0x66, 0xc5, 0x41, 0x49, 0x1a, 0xda, 0x73, 2908 0x34, 0x3e, 0x7d, 0xf9, 0x0f, 0x0a, 0x4e, 0x38 2909 }; 2910 2911 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2912 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2913 2914 ret = (cmp >= 0) ? -1 : 0; 2915 2916 err: 2917 return ret; 2918 } 2919 2920 static const u8 ecosdsa_brainpoolp512r1_test_vectors_priv_key[] = { 2921 0x9d, 0xf5, 0xaa, 0xf5, 0xdb, 0xc9, 0x8d, 0x6b, 2922 0x55, 0xf2, 0xa0, 0x8c, 0xd7, 0xea, 0x7f, 0x7b, 2923 0x19, 0xdb, 0xc7, 0x8c, 0x28, 0x0d, 0x76, 0xd5, 2924 0xd1, 0xd2, 0x71, 0xf1, 0x73, 0xc3, 0xca, 0x1e, 2925 0xf8, 0xfa, 0x96, 0x87, 0x10, 0xd6, 0x14, 0x06, 2926 0xff, 0xce, 0x74, 0x89, 0x34, 0x27, 0x19, 0x57, 2927 0x5d, 0x8a, 0x9e, 0x3f, 0x0a, 0xcc, 0xf4, 0x53, 2928 0xfa, 0x51, 0x5a, 0x8d, 0xcd, 0x3f, 0x5a, 0xf6 2929 }; 2930 2931 static const u8 ecosdsa_brainpoolp512r1_test_vectors_expected_sig[] = { 2932 0xb2, 0x08, 0xeb, 0xa4, 0xf6, 0x87, 0x2b, 0xd6, 2933 0xcd, 0xef, 0xad, 0x6e, 0x72, 0x50, 0xb0, 0xb1, 2934 0x43, 0xb1, 0x4d, 0xfd, 0xf6, 0x10, 0xe8, 0xb5, 2935 0x95, 0x60, 0xec, 0xe6, 0xf7, 0x03, 0x56, 0xf6, 2936 0xac, 0xc0, 0x69, 0x57, 0xb5, 0x31, 0x30, 0x60, 2937 0x0f, 0x58, 0x3f, 0x6a, 0x8d, 0xf8, 0x1d, 0x4b, 2938 0xb0, 0xe3, 0x05, 0xe8, 0xdb, 0x5a, 0xee, 0x7f, 2939 0x15, 0xdb, 0xa8, 0xac, 0xbc, 0x3e, 0xba, 0x5d, 2940 2941 0x79, 0xc7, 0xad, 0xc8, 0x4a, 0x09, 0xd2, 0x84, 2942 0x30, 0x9b, 0x09, 0xdc, 0xe3, 0x79, 0x69, 0x33, 2943 0x4b, 0xb5, 0x3e, 0x57, 0x4c, 0x57, 0x1f, 0xf7, 2944 0x41, 0x48, 0xeb, 0x27, 0xf9, 0xcc, 0xb9, 0x9c, 2945 0x23, 0xd7, 0xed, 0xd2, 0x7e, 0x46, 0xb6, 0xd9, 2946 0x1e, 0x59, 0xc3, 0xb5, 0x62, 0x66, 0x6a, 0x88, 2947 0xab, 0x3c, 0x66, 0x48, 0x96, 0x57, 0xbb, 0xd4, 2948 0xd7, 0x4c, 0xac, 0x91, 0x59, 0xfc, 0xb2, 0x08 2949 }; 2950 2951 static const ec_test_case ecosdsa_brainpoolp512r1_test_case = { 2952 .name = "ECOSDSA-SHA512/brainpoolp512r1", 2953 .ec_str_p = &brainpoolp512r1_str_params, 2954 .priv_key = ecosdsa_brainpoolp512r1_test_vectors_priv_key, 2955 .priv_key_len = sizeof(ecosdsa_brainpoolp512r1_test_vectors_priv_key), 2956 .nn_random = ecosdsa_nn_random_brainpoolp512r1_test_vector, 2957 .hash_type = SHA512, 2958 .msg = "abc", 2959 .msglen = 3, 2960 .sig_type = ECOSDSA, 2961 .exp_sig = ecosdsa_brainpoolp512r1_test_vectors_expected_sig, 2962 .exp_siglen = sizeof(ecosdsa_brainpoolp512r1_test_vectors_expected_sig), 2963 .adata = NULL, 2964 .adata_len = 0 2965 }; 2966 #endif /* WITH_CURVE_BRAINPOOLP512R1 */ 2967 #endif /* WITH_HASH_SHA512 */ 2968 2969 #ifdef WITH_HASH_SHA256 2970 #ifdef WITH_CURVE_FRP256V1 2971 #define ECOSDSA_SHA256_FRP256V1_SELF_TEST 2972 2973 /* ECOSDSA frp256v1 test vectors */ 2974 2975 static int ecosdsa_nn_random_frp256v1_test_vector(nn_t out, nn_src_t q) 2976 { 2977 int ret, cmp; 2978 2979 /* 2980 * Fixed ephemeral private key for frp256v1 signature 2981 */ 2982 const u8 k_buf[] = { 2983 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9, 2984 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7, 2985 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15, 2986 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE 2987 }; 2988 2989 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 2990 ret = nn_cmp(out, q, &cmp); EG(ret, err); 2991 2992 ret = (cmp >= 0) ? -1 : 0; 2993 2994 err: 2995 return ret; 2996 } 2997 2998 static const u8 ecosdsa_frp256v1_test_vectors_priv_key[] = { 2999 0x00, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD, 3000 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D, 3001 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75, 3002 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F 3003 }; 3004 3005 static const u8 ecosdsa_frp256v1_test_vectors_expected_sig[] = { 3006 0xae, 0xc2, 0x3f, 0x82, 0x0f, 0x4c, 0x50, 0x80, 3007 0xf4, 0xcd, 0x15, 0xd1, 0xd4, 0x7d, 0x68, 0x51, 3008 0x5e, 0x98, 0xb2, 0x85, 0xe2, 0x6f, 0x6a, 0x08, 3009 0x61, 0x46, 0x4b, 0x7e, 0x2b, 0xe0, 0xa4, 0x61, 3010 3011 0xd7, 0xa4, 0x22, 0x5f, 0x29, 0x79, 0x8c, 0x78, 3012 0x97, 0x2f, 0x1b, 0xce, 0x6b, 0x35, 0x97, 0x7d, 3013 0x85, 0x9b, 0x7e, 0x22, 0x9b, 0xde, 0xa4, 0x19, 3014 0xc9, 0xbe, 0x26, 0x35, 0x9e, 0x54, 0xea, 0x14 3015 }; 3016 3017 static const ec_test_case ecosdsa_frp256v1_test_case = { 3018 .name = "ECOSDSA-SHA256/frp256v1", 3019 .ec_str_p = &frp256v1_str_params, 3020 .priv_key = ecosdsa_frp256v1_test_vectors_priv_key, 3021 .priv_key_len = sizeof(ecosdsa_frp256v1_test_vectors_priv_key), 3022 .nn_random = ecosdsa_nn_random_frp256v1_test_vector, 3023 .hash_type = SHA256, 3024 .msg = "abc", 3025 .msglen = 3, 3026 .sig_type = ECOSDSA, 3027 .exp_sig = ecosdsa_frp256v1_test_vectors_expected_sig, 3028 .exp_siglen = sizeof(ecosdsa_frp256v1_test_vectors_expected_sig), 3029 .adata = NULL, 3030 .adata_len = 0 3031 }; 3032 #endif /* WITH_CURVE_FRP256V1 */ 3033 #endif /* WITH_HASH_SHA256 */ 3034 #endif /* WITH_SIG_ECOSDSA */ 3035 3036 /******************************************************************* 3037 ************** ECFSDSA tests ************************************** 3038 *******************************************************************/ 3039 3040 #ifdef WITH_SIG_ECFSDSA 3041 #ifdef WITH_HASH_SHA224 3042 #ifdef WITH_CURVE_SECP224R1 3043 #define ECFSDSA_SHA224_SECP224R1_SELF_TEST 3044 3045 /* ECFSDSA secp224r1 test vectors */ 3046 3047 static int ecfsdsa_nn_random_secp224r1_test_vector(nn_t out, nn_src_t q) 3048 { 3049 int ret, cmp; 3050 3051 const u8 k_buf[] = { 3052 0x42, 0xcf, 0xfe, 0x41, 0xf5, 0x01, 0xb4, 0x99, 3053 0x45, 0xe3, 0xd1, 0x03, 0xe9, 0x00, 0x48, 0xb9, 3054 0x6f, 0x47, 0xee, 0xb3, 0xb7, 0x37, 0xdc, 0x6a, 3055 0x79, 0xc7, 0xa4, 0x2e 3056 }; 3057 3058 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3059 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3060 3061 ret = (cmp >= 0) ? -1 : 0; 3062 3063 err: 3064 return ret; 3065 } 3066 3067 static const u8 ecfsdsa_secp224r1_test_vectors_priv_key[] = { 3068 0xda, 0xd8, 0x0f, 0xfb, 0x64, 0x35, 0x6b, 0xd5, 3069 0x3b, 0x66, 0x3b, 0x6e, 0x20, 0xa8, 0x08, 0x94, 3070 0xb7, 0x93, 0x9a, 0xde, 0x21, 0xc7, 0x1e, 0xb8, 3071 0x09, 0xf7, 0xb5, 0x39 3072 }; 3073 3074 static const u8 ecfsdsa_secp224r1_test_vectors_expected_sig[] = { 3075 0x55, 0x49, 0x93, 0x3b, 0xb2, 0x5d, 0x21, 0xc6, 3076 0x10, 0x84, 0xc1, 0xa4, 0x92, 0xed, 0x95, 0x30, 3077 0x0b, 0x50, 0x78, 0xd9, 0xa9, 0x5c, 0xac, 0x43, 3078 0xfd, 0xeb, 0x94, 0x9f, 0x32, 0xc2, 0xa1, 0xb1, 3079 0x67, 0x56, 0x3a, 0x6b, 0xe9, 0xdd, 0x77, 0x4e, 3080 0xa6, 0x5a, 0x29, 0xb1, 0x9f, 0xf3, 0xd8, 0x3b, 3081 0xdc, 0xa4, 0xf0, 0x3b, 0x7b, 0xc5, 0x27, 0x67, 3082 3083 0xb4, 0xe9, 0xf2, 0x03, 0x1a, 0x98, 0xbe, 0x55, 3084 0xf1, 0xa9, 0xb3, 0x8b, 0x23, 0x31, 0x98, 0x6c, 3085 0x3a, 0xfd, 0x97, 0x2a, 0xed, 0xcd, 0x80, 0x5a, 3086 0x3c, 0x6e, 0x3a, 0x8c 3087 }; 3088 3089 static const ec_test_case ecfsdsa_secp224r1_test_case = { 3090 .name = "ECFSDSA-SHA224/secp224r1", 3091 .ec_str_p = &secp224r1_str_params, 3092 .priv_key = ecfsdsa_secp224r1_test_vectors_priv_key, 3093 .priv_key_len = sizeof(ecfsdsa_secp224r1_test_vectors_priv_key), 3094 .nn_random = ecfsdsa_nn_random_secp224r1_test_vector, 3095 .hash_type = SHA224, 3096 .msg = "abc", 3097 .msglen = 3, 3098 .sig_type = ECFSDSA, 3099 .exp_sig = ecfsdsa_secp224r1_test_vectors_expected_sig, 3100 .exp_siglen = sizeof(ecfsdsa_secp224r1_test_vectors_expected_sig), 3101 .adata = NULL, 3102 .adata_len = 0 3103 }; 3104 #endif /* WITH_CURVE_SECP224R1 */ 3105 #endif /* WITH_HASH_SHA224 */ 3106 3107 #ifdef WITH_HASH_SHA256 3108 #ifdef WITH_CURVE_SECP256R1 3109 #define ECFSDSA_SHA256_SECP256R1_SELF_TEST 3110 3111 /* ECFSDSA secp256r1 test vectors */ 3112 3113 static int ecfsdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out, 3114 nn_src_t q) 3115 { 3116 int ret, cmp; 3117 const u8 k_buf[] = { 3118 0x89, 0x4D, 0xEA, 0xB4, 0x4D, 0x88, 0x45, 0x0F, 3119 0xE8, 0xDA, 0xC6, 0x63, 0xF0, 0xE5, 0x86, 0x50, 3120 0x31, 0xE8, 0x75, 0xBA, 0x22, 0x4C, 0x06, 0x01, 3121 0x3C, 0x53, 0xD0, 0xE3, 0x01, 0x09, 0xC2, 0x07 3122 }; 3123 3124 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3125 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3126 3127 ret = (cmp >= 0) ? -1 : 0; 3128 3129 err: 3130 return ret; 3131 } 3132 3133 static const u8 ecfsdsa_secp256r1_test_vectors_priv_key[] = { 3134 0xAC, 0xCA, 0x7F, 0x0D, 0xD3, 0xAC, 0x53, 0x5F, 3135 0x48, 0x9B, 0x34, 0x0F, 0x6B, 0xD7, 0xF5, 0x03, 3136 0x61, 0xB0, 0xEE, 0x09, 0x5A, 0xE6, 0xA2, 0x28, 3137 0x9A, 0x6A, 0xB3, 0x29, 0x23, 0x81, 0x23, 0xE5 3138 }; 3139 3140 static const u8 ecfsdsa_secp256r1_test_vectors_expected_sig[] = { 3141 0xAF, 0x31, 0x2F, 0xBD, 0x77, 0x92, 0x12, 0x5C, 3142 0x5C, 0xDF, 0xBA, 0x69, 0xE6, 0xD3, 0x69, 0x90, 3143 0x0A, 0xCE, 0x9A, 0x70, 0xBA, 0x65, 0x3F, 0xFF, 3144 0xBD, 0x91, 0x40, 0xE0, 0x00, 0x79, 0xFA, 0xE8, 3145 0xB7, 0xCE, 0xC5, 0x70, 0x16, 0xA0, 0xB9, 0x7A, 3146 0xA0, 0x69, 0xD5, 0x4E, 0x0D, 0xA9, 0x5E, 0x45, 3147 0xFB, 0x50, 0xB6, 0x77, 0x1F, 0xB6, 0x9F, 0x53, 3148 0xFE, 0xF0, 0x0F, 0xC8, 0xB0, 0x0E, 0x1F, 0xEC, 3149 0x25, 0x84, 0x70, 0x40, 0x23, 0x04, 0xBC, 0x2D, 3150 0xB4, 0x4F, 0x3B, 0x2A, 0x20, 0xC0, 0x8F, 0xF2, 3151 0xA6, 0x4F, 0x56, 0x6B, 0xAA, 0x2E, 0xB7, 0xBF, 3152 0x37, 0xE1, 0x61, 0x9B, 0x6A, 0xE0, 0x98, 0x44 3153 }; 3154 3155 static const ec_test_case ecfsdsa_secp256r1_test_case = { 3156 .name = "ECFSDSA-SHA256/secp256r1", 3157 .ec_str_p = &secp256r1_str_params, 3158 .priv_key = ecfsdsa_secp256r1_test_vectors_priv_key, 3159 .priv_key_len = sizeof(ecfsdsa_secp256r1_test_vectors_priv_key), 3160 .nn_random = ecfsdsa_nn_random_iso14888_3_secp256r1_test_vector, 3161 .hash_type = SHA256, 3162 .msg = "abc", 3163 .msglen = 3, 3164 .sig_type = ECFSDSA, 3165 .exp_sig = ecfsdsa_secp256r1_test_vectors_expected_sig, 3166 .exp_siglen = sizeof(ecfsdsa_secp256r1_test_vectors_expected_sig), 3167 .adata = NULL, 3168 .adata_len = 0 3169 }; 3170 #endif /* WITH_CURVE_SECP256R1 */ 3171 #endif /* WITH_HASH_SHA256 */ 3172 3173 #ifdef WITH_HASH_SHA384 3174 #ifdef WITH_CURVE_SECP384R1 3175 #define ECFSDSA_SHA384_SECP384R1_SELF_TEST 3176 3177 /* ECFSDSA secp384r1 test vectors */ 3178 3179 static int ecfsdsa_nn_random_iso14888_3_secp384r1_test_vector(nn_t out, 3180 nn_src_t q) 3181 { 3182 int ret, cmp; 3183 const u8 k_buf[] = { 3184 0x51, 0xC5, 0xB8, 0xB2, 0xE5, 0x9C, 0xF7, 0x8F, 3185 0x54, 0xE7, 0x7C, 0xDB, 0x0B, 0x2E, 0x26, 0x69, 3186 0xB6, 0x6B, 0x32, 0x84, 0x8B, 0x7B, 0x53, 0x78, 3187 0x01, 0x48, 0x3D, 0xE2, 0x39, 0x42, 0x27, 0x45, 3188 0x6F, 0x49, 0x30, 0xC8, 0x53, 0xFB, 0xFF, 0x6C, 3189 0x58, 0xFA, 0x6E, 0x1C, 0xC5, 0xD9, 0x74, 0x66 3190 }; 3191 3192 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3193 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3194 3195 ret = (cmp >= 0) ? -1 : 0; 3196 3197 err: 3198 return ret; 3199 } 3200 3201 static const u8 ecfsdsa_secp384r1_test_vectors_priv_key[] = { 3202 0x95, 0xA4, 0xD2, 0x57, 0xA7, 0x29, 0x8C, 0x66, 3203 0x10, 0xA3, 0x75, 0x58, 0x78, 0x50, 0x36, 0xDE, 3204 0x6F, 0x9F, 0xB9, 0x97, 0x73, 0x5C, 0x07, 0x6B, 3205 0x8C, 0x8A, 0x18, 0xB2, 0xAA, 0xAC, 0x31, 0x42, 3206 0x50, 0x7A, 0x25, 0x60, 0x3D, 0x7C, 0x95, 0xF9, 3207 0xE5, 0xF0, 0x30, 0x7E, 0xC5, 0xA5, 0x6D, 0x7E 3208 }; 3209 3210 static const u8 ecfsdsa_secp384r1_test_vectors_expected_sig[] = { 3211 0x29, 0xB7, 0x85, 0xAB, 0x7F, 0xAC, 0x1F, 0x80, 3212 0xF6, 0x4C, 0xE2, 0xF2, 0xD8, 0x8A, 0xBA, 0x8F, 3213 0xE6, 0x10, 0x3B, 0x25, 0x65, 0xFE, 0xB5, 0xAE, 3214 0x82, 0xFB, 0x6C, 0xF5, 0x8F, 0x8C, 0xE1, 0xE7, 3215 0x3F, 0x7A, 0x8D, 0x68, 0x3B, 0xEA, 0xBD, 0x24, 3216 0xB7, 0xEA, 0x78, 0xF6, 0x01, 0x3C, 0x9F, 0x70, 3217 0xDE, 0x94, 0xFA, 0xD1, 0x72, 0x81, 0xF4, 0xA6, 3218 0x0A, 0xA2, 0x54, 0x23, 0xE9, 0xD8, 0x71, 0x22, 3219 0x96, 0x54, 0x02, 0x19, 0x52, 0x39, 0xB8, 0x39, 3220 0xFC, 0xD4, 0x4C, 0xDF, 0x54, 0x5B, 0xF7, 0x4E, 3221 0x13, 0x00, 0xC9, 0xF5, 0x7F, 0xFC, 0x83, 0x0D, 3222 0xEF, 0xD9, 0x7B, 0x66, 0xD5, 0x7E, 0x9D, 0x07, 3223 3224 0xD1, 0x85, 0x80, 0x62, 0xC5, 0x50, 0x4E, 0x21, 3225 0x78, 0x52, 0x39, 0x26, 0x42, 0x3F, 0xDD, 0x83, 3226 0x99, 0xA8, 0xBA, 0x2B, 0x85, 0xBF, 0x45, 0x85, 3227 0x3F, 0x8E, 0x04, 0xBF, 0x20, 0x44, 0x15, 0x16, 3228 0xE7, 0x1A, 0x78, 0xB0, 0x9C, 0x7A, 0x7E, 0xE6, 3229 0x20, 0xB7, 0xF5, 0x37, 0xE6, 0xC1, 0xDE, 0xEE 3230 }; 3231 3232 static const ec_test_case ecfsdsa_secp384r1_test_case = { 3233 .name = "ECFSDSA-SHA384/secp384r1", 3234 .ec_str_p = &secp384r1_str_params, 3235 .priv_key = ecfsdsa_secp384r1_test_vectors_priv_key, 3236 .priv_key_len = sizeof(ecfsdsa_secp384r1_test_vectors_priv_key), 3237 .nn_random = ecfsdsa_nn_random_iso14888_3_secp384r1_test_vector, 3238 .hash_type = SHA384, 3239 .msg = "abc", 3240 .msglen = 3, 3241 .sig_type = ECFSDSA, 3242 .exp_sig = ecfsdsa_secp384r1_test_vectors_expected_sig, 3243 .exp_siglen = sizeof(ecfsdsa_secp384r1_test_vectors_expected_sig), 3244 .adata = NULL, 3245 .adata_len = 0 3246 }; 3247 #endif /* WITH_CURVE_SECP384R1 */ 3248 #endif /* WITH_HASH_SHA384 */ 3249 3250 #ifdef WITH_HASH_SHA512 3251 #ifdef WITH_CURVE_SECP521R1 3252 #define ECFSDSA_SHA512_SECP521R1_SELF_TEST 3253 3254 /* ECFSDSA secp521r1 test vectors */ 3255 3256 static int ecfsdsa_nn_random_secp521r1_test_vector(nn_t out, nn_src_t q) 3257 { 3258 int ret, cmp; 3259 3260 /* 3261 * Fixed ephemeral private key for secp521r1 signature 3262 * test vectors from RFC4754 3263 */ 3264 const u8 k_buf[] = { 3265 0x01, 0xbc, 0x24, 0x62, 0x6a, 0xd6, 0x10, 0x3c, 3266 0x72, 0xdc, 0x63, 0xb6, 0x8c, 0xe4, 0xcd, 0xb2, 3267 0xf0, 0x63, 0x39, 0x9c, 0x69, 0x69, 0x84, 0xc6, 3268 0x2f, 0x8c, 0x58, 0x5f, 0x12, 0x7d, 0x47, 0x71, 3269 0x6e, 0x0e, 0x9d, 0xd7, 0x2b, 0x27, 0x28, 0xfb, 3270 0xab, 0xed, 0xe4, 0x12, 0x0b, 0xcf, 0x83, 0x5a, 3271 0x9a, 0x32, 0xf1, 0x3e, 0x65, 0x1d, 0x18, 0x2a, 3272 0x69, 0x13, 0xfd, 0xeb, 0x9d, 0x79, 0xf5, 0xb0, 3273 0xbf, 0xe5 3274 }; 3275 3276 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3277 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3278 3279 ret = (cmp >= 0) ? -1 : 0; 3280 3281 err: 3282 return ret; 3283 } 3284 3285 static const u8 ecfsdsa_secp521r1_test_vectors_priv_key[] = { 3286 0x00, 0x9c, 0x0d, 0x38, 0xdb, 0x40, 0x76, 0x55, 3287 0x37, 0x79, 0xd9, 0x4a, 0x8f, 0x4f, 0x74, 0x2d, 3288 0x32, 0xd0, 0xf9, 0xf2, 0x9b, 0xea, 0x27, 0x60, 3289 0x47, 0x03, 0xcb, 0xe7, 0x34, 0x9e, 0x5f, 0x14, 3290 0x52, 0x5b, 0xfe, 0x57, 0x41, 0x50, 0x31, 0x52, 3291 0x0b, 0x19, 0xf7, 0x68, 0x70, 0x1a, 0x57, 0x0b, 3292 0x62, 0xa6, 0x4e, 0xc1, 0xc0, 0xd0, 0xe7, 0xa0, 3293 0x84, 0x94, 0x37, 0xfc, 0xf6, 0x7b, 0x56, 0x12, 3294 0x53, 0xc3 3295 }; 3296 3297 static const u8 ecfsdsa_secp521r1_test_vectors_expected_sig[] = { 3298 0x00, 0x43, 0xf7, 0x90, 0x80, 0xe4, 0xff, 0x8c, 3299 0x91, 0x44, 0x93, 0xad, 0xbb, 0x35, 0x3d, 0x78, 3300 0xbb, 0x15, 0x5d, 0x95, 0xde, 0x51, 0x9b, 0x78, 3301 0xe2, 0xa1, 0xfa, 0x34, 0x70, 0x0b, 0x45, 0x04, 3302 0x6a, 0xd2, 0xea, 0x99, 0xa7, 0x0c, 0xf8, 0x37, 3303 0x7a, 0xcf, 0x72, 0x89, 0x4b, 0xa3, 0xa5, 0x8c, 3304 0x5d, 0x50, 0xcb, 0x01, 0x3e, 0x3a, 0x3e, 0x19, 3305 0xc8, 0xcb, 0xf2, 0xca, 0xcf, 0x1e, 0x28, 0x47, 3306 0xcb, 0x92, 0x01, 0x70, 0x49, 0x0a, 0x35, 0xde, 3307 0xfd, 0x32, 0xc6, 0xd6, 0x08, 0x2a, 0xc5, 0x24, 3308 0x70, 0x51, 0x3f, 0x03, 0x93, 0x92, 0x71, 0xfb, 3309 0x8b, 0xa8, 0xbe, 0x1a, 0xe1, 0xc2, 0x64, 0xf9, 3310 0x86, 0x78, 0x5b, 0xb8, 0xd0, 0xa1, 0xcc, 0xd0, 3311 0xc8, 0xf6, 0x93, 0xb7, 0xff, 0x92, 0xe3, 0x72, 3312 0x20, 0xe5, 0x1c, 0x15, 0x80, 0xb7, 0x4d, 0xda, 3313 0x1c, 0x90, 0x79, 0x5b, 0x52, 0x5b, 0x23, 0x5b, 3314 0x1e, 0x0e, 0xc8, 0xb7, 3315 3316 0x01, 0x0f, 0x45, 0xec, 0x7c, 0x8b, 0xe0, 0x8f, 3317 0x42, 0xb4, 0x4f, 0xe1, 0x7c, 0xde, 0x1e, 0xe4, 3318 0x9f, 0xa7, 0x47, 0xcb, 0x4a, 0x23, 0x42, 0xb7, 3319 0x72, 0x26, 0x9b, 0xc5, 0x96, 0x16, 0x8f, 0x82, 3320 0xa4, 0xc3, 0x44, 0x71, 0x1c, 0xdb, 0xf7, 0x20, 3321 0x3f, 0x45, 0x19, 0x93, 0x00, 0xb7, 0xc5, 0xc6, 3322 0xb1, 0xb6, 0xa1, 0x67, 0x9e, 0xe9, 0xba, 0x88, 3323 0xe6, 0x30, 0x13, 0x13, 0x85, 0xaf, 0x2d, 0x5d, 3324 0x82, 0xce 3325 }; 3326 3327 static const ec_test_case ecfsdsa_secp521r1_test_case = { 3328 .name = "ECFSDSA-SHA512/secp521r1", 3329 .ec_str_p = &secp521r1_str_params, 3330 .priv_key = ecfsdsa_secp521r1_test_vectors_priv_key, 3331 .priv_key_len = sizeof(ecfsdsa_secp521r1_test_vectors_priv_key), 3332 .nn_random = ecfsdsa_nn_random_secp521r1_test_vector, 3333 .hash_type = SHA512, 3334 .msg = "abc", 3335 .msglen = 3, 3336 .sig_type = ECFSDSA, 3337 .exp_sig = ecfsdsa_secp521r1_test_vectors_expected_sig, 3338 .exp_siglen = sizeof(ecfsdsa_secp521r1_test_vectors_expected_sig), 3339 .adata = NULL, 3340 .adata_len = 0 3341 }; 3342 #endif /* WITH_CURVE_SECP521R1 */ 3343 #endif /* WITH_HASH_SHA512 */ 3344 3345 #ifdef WITH_HASH_SHA256 3346 #ifdef WITH_CURVE_BRAINPOOLP256R1 3347 #define ECFSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 3348 3349 /* ECFSDSA Brainpoolp256r1 test vectors */ 3350 3351 static int ecfsdsa_nn_random_brainpoolp256r1_test_vector(nn_t out, nn_src_t q) 3352 { 3353 int ret, cmp; 3354 3355 /* 3356 * Fixed ephemeral private key for brainpoolp256r1 signature 3357 */ 3358 const u8 k_buf[] = { 3359 0x94, 0x06, 0x79, 0x01, 0x57, 0xb2, 0x15, 0x15, 3360 0x35, 0x11, 0x37, 0xbc, 0xe0, 0x42, 0x8f, 0xc3, 3361 0xde, 0x3a, 0xe9, 0x86, 0xa2, 0xf3, 0xab, 0xac, 3362 0xaf, 0x0e, 0xa5, 0xcb, 0x24, 0x49, 0x19, 0x37 3363 }; 3364 3365 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3366 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3367 3368 ret = (cmp >= 0) ? -1 : 0; 3369 3370 err: 3371 return ret; 3372 } 3373 3374 static const u8 ecfsdsa_brainpoolp256r1_test_vectors_priv_key[] = { 3375 0x17, 0x86, 0x00, 0xbb, 0xf4, 0xf6, 0xe8, 0x92, 3376 0xbe, 0x80, 0x67, 0xc5, 0xd4, 0xdb, 0xd3, 0x90, 3377 0x67, 0x6c, 0xb8, 0x57, 0xc1, 0x68, 0x31, 0x0b, 3378 0x87, 0x3a, 0xdc, 0xe4, 0x74, 0xd3, 0xcf, 0x2d 3379 }; 3380 3381 static const u8 ecfsdsa_brainpoolp256r1_test_vectors_expected_sig[] = { 3382 0xa7, 0xf1, 0xc8, 0xcb, 0x02, 0x9f, 0x01, 0xda, 3383 0xb8, 0xf5, 0x68, 0x74, 0x57, 0x2c, 0xf0, 0xdb, 3384 0x75, 0x2f, 0x95, 0x8b, 0xb5, 0x23, 0x53, 0xd9, 3385 0x2d, 0x87, 0xec, 0x9f, 0x59, 0x53, 0x12, 0x3e, 3386 0x5e, 0x2a, 0x30, 0x64, 0x9b, 0xb8, 0xa2, 0x5f, 3387 0x8f, 0xcb, 0xe1, 0xd9, 0x7f, 0xb4, 0x98, 0x7d, 3388 0x2d, 0xad, 0xd8, 0x1b, 0x05, 0xdd, 0x8b, 0x94, 3389 0xbe, 0x1a, 0xc5, 0xc9, 0x14, 0x05, 0x09, 0x52, 3390 3391 0x2d, 0xf7, 0x9a, 0x80, 0xaa, 0xa9, 0x57, 0x82, 3392 0xff, 0x96, 0x44, 0x62, 0xce, 0xd9, 0x68, 0xf5, 3393 0x11, 0xc6, 0xb5, 0x1a, 0x8e, 0xb9, 0x44, 0xd1, 3394 0xf9, 0xe7, 0xbc, 0xb3, 0xd0, 0xd8, 0x98, 0xc4 3395 }; 3396 3397 static const ec_test_case ecfsdsa_brainpoolp256r1_test_case = { 3398 .name = "ECFSDSA-SHA256/brainpoolp256r1", 3399 .ec_str_p = &brainpoolp256r1_str_params, 3400 .priv_key = ecfsdsa_brainpoolp256r1_test_vectors_priv_key, 3401 .priv_key_len = sizeof(ecfsdsa_brainpoolp256r1_test_vectors_priv_key), 3402 .nn_random = ecfsdsa_nn_random_brainpoolp256r1_test_vector, 3403 .hash_type = SHA256, 3404 .msg = "abc", 3405 .msglen = 3, 3406 .sig_type = ECFSDSA, 3407 .exp_sig = ecfsdsa_brainpoolp256r1_test_vectors_expected_sig, 3408 .exp_siglen = sizeof(ecfsdsa_brainpoolp256r1_test_vectors_expected_sig), 3409 .adata = NULL, 3410 .adata_len = 0 3411 }; 3412 3413 #endif /* WITH_CURVE_BRAINPOOLP256R1 */ 3414 #endif /* WITH_HASH_SHA256 */ 3415 3416 #ifdef WITH_HASH_SHA384 3417 #ifdef WITH_CURVE_BRAINPOOLP384R1 3418 #define ECFSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 3419 3420 /* ECFSDSA Brainpoolp384r1 test vectors */ 3421 3422 static int ecfsdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q) 3423 { 3424 int ret, cmp; 3425 3426 /* 3427 * Fixed ephemeral private key for brainpoolp384r1 signature 3428 */ 3429 const u8 k_buf[] = { 3430 0x20, 0x89, 0x69, 0xde, 0xcd, 0xd0, 0x61, 0xd9, 3431 0xee, 0x13, 0xae, 0xdc, 0xbe, 0xd0, 0xd3, 0x3c, 3432 0x6e, 0xe7, 0xf7, 0x57, 0xd7, 0xfd, 0xe4, 0xb2, 3433 0x1e, 0xbc, 0xbd, 0xd5, 0x21, 0x57, 0x86, 0xf5, 3434 0x28, 0x3e, 0x65, 0x81, 0x46, 0x92, 0xbd, 0xc0, 3435 0x38, 0x82, 0x52, 0xce, 0x58, 0x3d, 0xf5, 0x77 3436 }; 3437 3438 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3439 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3440 3441 ret = (cmp >= 0) ? -1 : 0; 3442 3443 err: 3444 return ret; 3445 } 3446 3447 static const u8 ecfsdsa_brainpoolp384r1_test_vectors_priv_key[] = { 3448 0x1c, 0x5b, 0xdb, 0xfa, 0xf3, 0x7e, 0x68, 0x87, 3449 0xd3, 0xf9, 0x10, 0xa6, 0x45, 0x14, 0x4c, 0x95, 3450 0xe6, 0xcc, 0x48, 0xe7, 0x8c, 0xfa, 0x6b, 0x05, 3451 0xac, 0xf5, 0x0a, 0xcd, 0x51, 0x38, 0xba, 0xba, 3452 0xcd, 0x26, 0x01, 0x50, 0x8a, 0x86, 0x48, 0xd3, 3453 0x87, 0x82, 0x37, 0xb1, 0xca, 0xf1, 0xd8, 0xcf 3454 }; 3455 3456 static const u8 ecfsdsa_brainpoolp384r1_test_vectors_expected_sig[] = { 3457 0x7e, 0xa5, 0xf5, 0x97, 0x64, 0x8a, 0x55, 0x0c, 3458 0x5a, 0xb1, 0xaa, 0x74, 0xd4, 0x40, 0x42, 0xdb, 3459 0xf8, 0xaf, 0xf2, 0x71, 0xad, 0x14, 0xaf, 0xc3, 3460 0x89, 0x0c, 0xe4, 0x62, 0x2d, 0x91, 0xdb, 0x94, 3461 0x87, 0xa0, 0xbf, 0x3a, 0xf0, 0x55, 0xf1, 0xf6, 3462 0xaa, 0x60, 0x8c, 0x83, 0x62, 0xe2, 0x7f, 0xf5, 3463 0x49, 0xc4, 0xe6, 0xa7, 0x6c, 0xbc, 0x03, 0xac, 3464 0xb0, 0x7d, 0x6b, 0x75, 0x25, 0xe5, 0x5e, 0xfd, 3465 0x97, 0xdd, 0x5c, 0xec, 0x09, 0x55, 0x0b, 0x58, 3466 0x47, 0x0a, 0x9b, 0x7e, 0x07, 0xe9, 0x5d, 0x4b, 3467 0x86, 0xf6, 0xfa, 0xe3, 0xe8, 0xb7, 0x66, 0xa9, 3468 0xca, 0x40, 0xe7, 0x4a, 0xc4, 0x44, 0x79, 0xe7, 3469 3470 0x3d, 0x33, 0x34, 0xaf, 0x71, 0x29, 0x4c, 0x1c, 3471 0xef, 0x28, 0x2f, 0xdb, 0xbf, 0xf2, 0x4e, 0x7f, 3472 0xde, 0xf0, 0xb9, 0xe2, 0x4c, 0xaa, 0xdf, 0x56, 3473 0x52, 0xcc, 0x1e, 0xb5, 0x33, 0x6e, 0x29, 0x8e, 3474 0x29, 0x8f, 0x2c, 0x5b, 0x0f, 0x2f, 0x1f, 0x8c, 3475 0xb8, 0xd8, 0x2a, 0x8f, 0x12, 0x5b, 0x08, 0xc9 3476 }; 3477 3478 static const ec_test_case ecfsdsa_brainpoolp384r1_test_case = { 3479 .name = "ECFSDSA-SHA384/brainpoolp384r1", 3480 .ec_str_p = &brainpoolp384r1_str_params, 3481 .priv_key = ecfsdsa_brainpoolp384r1_test_vectors_priv_key, 3482 .priv_key_len = sizeof(ecfsdsa_brainpoolp384r1_test_vectors_priv_key), 3483 .nn_random = ecfsdsa_nn_random_brainpoolp384r1_test_vector, 3484 .hash_type = SHA384, 3485 .msg = "abc", 3486 .msglen = 3, 3487 .sig_type = ECFSDSA, 3488 .exp_sig = ecfsdsa_brainpoolp384r1_test_vectors_expected_sig, 3489 .exp_siglen = sizeof(ecfsdsa_brainpoolp384r1_test_vectors_expected_sig), 3490 .adata = NULL, 3491 .adata_len = 0 3492 }; 3493 3494 #endif /* WITH_CURVE_BRAINPOOLP384R1 */ 3495 #endif /* WITH_HASH_SHA384 */ 3496 3497 #ifdef WITH_HASH_SHA512 3498 #ifdef WITH_CURVE_BRAINPOOLP512R1 3499 #define ECFSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST 3500 3501 /* ECFSDSA Brainpoolp512r1 test vectors */ 3502 3503 static int ecfsdsa_nn_random_brainpoolp512r1_test_vector(nn_t out, nn_src_t q) 3504 { 3505 int ret, cmp; 3506 3507 /* 3508 * Fixed ephemeral private key for brainpoolp512r1 signature 3509 */ 3510 const u8 k_buf[] = { 3511 0x5f, 0x84, 0x57, 0xa0, 0xbc, 0xd3, 0x49, 0xd9, 3512 0x7d, 0x0a, 0xc7, 0x95, 0x49, 0x49, 0x43, 0x03, 3513 0x06, 0x37, 0x2b, 0x63, 0xfc, 0x73, 0x14, 0xaa, 3514 0xe0, 0x23, 0x4d, 0x96, 0x66, 0x53, 0x46, 0xea, 3515 0xa7, 0x8a, 0x60, 0x05, 0xa6, 0x0f, 0xc4, 0x16, 3516 0x11, 0x4c, 0xbc, 0x02, 0x67, 0x6d, 0x49, 0xe6, 3517 0xea, 0x92, 0x21, 0xcd, 0xe7, 0xd7, 0x2a, 0x45, 3518 0xf7, 0xc2, 0xf5, 0x07, 0xfe, 0x39, 0x65, 0x52 3519 }; 3520 3521 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3522 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3523 3524 ret = (cmp >= 0) ? -1 : 0; 3525 3526 err: 3527 return ret; 3528 } 3529 3530 static const u8 ecfsdsa_brainpoolp512r1_test_vectors_priv_key[] = { 3531 0xaa, 0x85, 0x90, 0x2b, 0xdc, 0x3a, 0x89, 0xb9, 3532 0xa2, 0xa6, 0x12, 0x80, 0xb2, 0xd5, 0xd4, 0xea, 3533 0xb0, 0xdd, 0x69, 0xb6, 0x45, 0xd0, 0x2b, 0xfd, 3534 0xb1, 0xa6, 0xa9, 0x36, 0x39, 0xff, 0x27, 0x1e, 3535 0xf3, 0x52, 0x9f, 0xbc, 0xca, 0x45, 0xe5, 0x7b, 3536 0x46, 0x3a, 0x3c, 0xe3, 0x88, 0x90, 0x44, 0xeb, 3537 0x2f, 0x6d, 0x09, 0x80, 0x47, 0x50, 0xe7, 0xf9, 3538 0x43, 0x10, 0x80, 0xe0, 0xb0, 0x5c, 0x2b, 0xab 3539 }; 3540 3541 static const u8 ecfsdsa_brainpoolp512r1_test_vectors_expected_sig[] = { 3542 0x3e, 0xe9, 0x03, 0x40, 0x75, 0x7a, 0x19, 0xae, 3543 0x24, 0x2f, 0xf9, 0x89, 0x77, 0xb8, 0x23, 0x54, 3544 0xf3, 0x7e, 0x68, 0xda, 0x32, 0xcc, 0x80, 0xf7, 3545 0x83, 0x5f, 0x1f, 0xd6, 0xf9, 0x64, 0x62, 0x64, 3546 0x0f, 0xc2, 0xbb, 0x6e, 0x83, 0x3e, 0x2e, 0xd6, 3547 0x29, 0x37, 0x1f, 0x43, 0xd3, 0x83, 0xa9, 0x9b, 3548 0x62, 0x25, 0x68, 0x7f, 0xd5, 0xf9, 0x9b, 0x07, 3549 0xfb, 0x4b, 0x95, 0x30, 0x5f, 0x25, 0xa5, 0x4d, 3550 0x58, 0x5a, 0xf5, 0x95, 0xd6, 0x07, 0x92, 0xa4, 3551 0xdf, 0x01, 0xf0, 0x42, 0x2f, 0x39, 0x94, 0x9c, 3552 0xf9, 0x8b, 0xe4, 0x0e, 0x9f, 0xb3, 0x8b, 0x40, 3553 0xc4, 0xaa, 0x2d, 0x49, 0x36, 0xf7, 0x0f, 0x71, 3554 0x7e, 0x30, 0x3e, 0xe7, 0xba, 0x0f, 0x44, 0x28, 3555 0xa4, 0xfd, 0x18, 0x9d, 0x88, 0xe8, 0x5c, 0x5e, 3556 0x69, 0xf8, 0x7b, 0xb7, 0x44, 0x44, 0x0a, 0x41, 3557 0xfd, 0x79, 0x37, 0x14, 0x54, 0x49, 0x6b, 0xc1, 3558 3559 0x29, 0x0a, 0x96, 0x8b, 0x0d, 0x46, 0xbe, 0x9c, 3560 0x5e, 0x3e, 0x1c, 0x1e, 0xa3, 0x09, 0xb3, 0x03, 3561 0x10, 0x81, 0x6b, 0x08, 0x01, 0xab, 0x8f, 0x20, 3562 0x0e, 0xf7, 0x7c, 0x86, 0xfb, 0xf4, 0xfc, 0xc3, 3563 0xeb, 0x43, 0x8f, 0xf9, 0xd7, 0x6e, 0xc0, 0x62, 3564 0x2e, 0xbc, 0x37, 0xa4, 0xbe, 0x14, 0x12, 0x26, 3565 0xc2, 0xa4, 0x40, 0xd6, 0x90, 0x8c, 0xe4, 0x73, 3566 0x0c, 0x5c, 0xf3, 0xbb, 0x7b, 0xf7, 0x6c, 0x7f 3567 }; 3568 3569 static const ec_test_case ecfsdsa_brainpoolp512r1_test_case = { 3570 .name = "ECFSDSA-SHA512/brainpoolp512r1", 3571 .ec_str_p = &brainpoolp512r1_str_params, 3572 .priv_key = ecfsdsa_brainpoolp512r1_test_vectors_priv_key, 3573 .priv_key_len = sizeof(ecfsdsa_brainpoolp512r1_test_vectors_priv_key), 3574 .nn_random = ecfsdsa_nn_random_brainpoolp512r1_test_vector, 3575 .hash_type = SHA512, 3576 .msg = "abc", 3577 .msglen = 3, 3578 .sig_type = ECFSDSA, 3579 .exp_sig = ecfsdsa_brainpoolp512r1_test_vectors_expected_sig, 3580 .exp_siglen = sizeof(ecfsdsa_brainpoolp512r1_test_vectors_expected_sig), 3581 .adata = NULL, 3582 .adata_len = 0 3583 }; 3584 #endif /* WITH_CURVE_BRAINPOOLP512R1 */ 3585 #endif /* WITH_HASH_SHA512 */ 3586 3587 #ifdef WITH_HASH_SHA256 3588 #ifdef WITH_CURVE_FRP256V1 3589 #define ECFSDSA_SHA256_FRP256V1_SELF_TEST 3590 3591 /* ECFSDSA frp256v1 test vectors */ 3592 3593 static int ecfsdsa_nn_random_frp256v1_test_vector(nn_t out, nn_src_t q) 3594 { 3595 int ret, cmp; 3596 3597 /* 3598 * Fixed ephemeral private key for frp256v1 signature 3599 */ 3600 const u8 k_buf[] = { 3601 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9, 3602 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7, 3603 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15, 3604 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE 3605 }; 3606 3607 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3608 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3609 3610 ret = (cmp >= 0) ? -1 : 0; 3611 3612 err: 3613 return ret; 3614 } 3615 3616 static const u8 ecfsdsa_frp256v1_test_vectors_priv_key[] = { 3617 0x00, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD, 3618 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D, 3619 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75, 3620 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F 3621 }; 3622 3623 static const u8 ecfsdsa_frp256v1_test_vectors_expected_sig[] = { 3624 0x22, 0xb1, 0xd0, 0x0d, 0xc8, 0x28, 0xa5, 0xcb, 3625 0xa2, 0x64, 0x31, 0x9f, 0x05, 0x93, 0x3a, 0xc8, 3626 0xed, 0xe6, 0x32, 0x3d, 0x69, 0xd0, 0x2b, 0x31, 3627 0x4e, 0x10, 0xca, 0xa5, 0xf1, 0x3b, 0x29, 0x96, 3628 0x52, 0xe2, 0xef, 0x4e, 0x46, 0x9f, 0x08, 0x63, 3629 0xfb, 0x3c, 0xf4, 0xc5, 0x18, 0xb0, 0x5f, 0xc4, 3630 0xbb, 0x1d, 0xaf, 0xb7, 0xd2, 0xc4, 0x30, 0x7e, 3631 0xda, 0x41, 0xef, 0xac, 0x88, 0x8f, 0x0c, 0x7d, 3632 3633 0x9b, 0x3a, 0xb9, 0xd5, 0xb6, 0x7f, 0xf2, 0xb9, 3634 0xaa, 0xe8, 0xc5, 0xed, 0xf9, 0x82, 0xd4, 0xf7, 3635 0x6d, 0x7c, 0x61, 0x36, 0x56, 0xe7, 0x73, 0xaa, 3636 0x1a, 0xab, 0xa6, 0x30, 0x90, 0x1d, 0x56, 0xa6 3637 }; 3638 3639 static const ec_test_case ecfsdsa_frp256v1_test_case = { 3640 .name = "ECFSDSA-SHA256/frp256v1", 3641 .ec_str_p = &frp256v1_str_params, 3642 .priv_key = ecfsdsa_frp256v1_test_vectors_priv_key, 3643 .priv_key_len = sizeof(ecfsdsa_frp256v1_test_vectors_priv_key), 3644 .nn_random = ecfsdsa_nn_random_frp256v1_test_vector, 3645 .hash_type = SHA256, 3646 .msg = "abc", 3647 .msglen = 3, 3648 .sig_type = ECFSDSA, 3649 .exp_sig = ecfsdsa_frp256v1_test_vectors_expected_sig, 3650 .exp_siglen = sizeof(ecfsdsa_frp256v1_test_vectors_expected_sig), 3651 .adata = NULL, 3652 .adata_len = 0 3653 }; 3654 #endif /* WITH_CURVE_FRP256V1 */ 3655 #endif /* WITH_HASH_SHA256 */ 3656 #endif /* WITH_SIG_ECFSDSA */ 3657 3658 /******************************************************************* 3659 ************** ECGDSA tests ************************************** 3660 *******************************************************************/ 3661 #ifdef WITH_SIG_ECGDSA 3662 #ifdef WITH_HASH_SHA256 3663 #ifdef WITH_CURVE_BRAINPOOLP192R1 3664 #define ECGDSA_SHA256_BRAINPOOLP192R1_SELF_TEST 3665 3666 /* ECGDSA brainpoolp192r1 test vectors */ 3667 3668 static int ecgdsa_nn_random_iso14888_3_brainpoolp192r1_test_vector(nn_t out, 3669 nn_src_t q) 3670 { 3671 int ret, cmp; 3672 const u8 k_buf[] = { 3673 0x5A, 0x96, 0x62, 0x60, 0x96, 0x28, 0x8C, 0xC4, 3674 0x69, 0xF1, 0x70, 0x4E, 0xC0, 0x5F, 0x44, 0xD1, 3675 0xEC, 0x18, 0xBD, 0x32, 0xCE, 0xB0, 0x2D, 0x5B, 3676 }; 3677 3678 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3679 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3680 3681 ret = (cmp >= 0) ? -1 : 0; 3682 3683 err: 3684 return ret; 3685 } 3686 3687 static const u8 ecgdsa_brainpoolp192r1_test_vectors_priv_key[] = { 3688 0x40, 0xF9, 0x5B, 0x49, 0xA3, 0xB1, 0xBF, 0x55, 3689 0x31, 0x1A, 0x56, 0xDF, 0xD3, 0xB5, 0x06, 0x1E, 3690 0xE1, 0xDF, 0x64, 0x39, 0x84, 0xD4, 0x1E, 0x35, 3691 }; 3692 3693 static const u8 ecgdsa_brainpoolp192r1_test_vectors_expected_sig[] = { 3694 0xA0, 0x0B, 0x0A, 0xA2, 0x5D, 0xB6, 0xAB, 0x5C, 3695 0x21, 0xB8, 0x63, 0x00, 0xD9, 0xBC, 0x99, 0xF5, 3696 0x6E, 0x9D, 0xD1, 0xB7, 0xF1, 0xDC, 0x47, 0x74, 3697 0x63, 0x46, 0x35, 0xEF, 0x81, 0x32, 0x47, 0xD7, 3698 0x20, 0x24, 0x5C, 0x94, 0x09, 0xFB, 0x20, 0xA2, 3699 0x67, 0xC5, 0x60, 0xC8, 0x8E, 0xB2, 0xB0, 0x7B, 3700 }; 3701 3702 static const ec_test_case ecgdsa_brainpoolp192r1_test_case = { 3703 .name = "ECGDSA-SHA256/brainpoolp192r1", 3704 .ec_str_p = &brainpoolp192r1_str_params, 3705 .priv_key = ecgdsa_brainpoolp192r1_test_vectors_priv_key, 3706 .priv_key_len = sizeof(ecgdsa_brainpoolp192r1_test_vectors_priv_key), 3707 .nn_random = ecgdsa_nn_random_iso14888_3_brainpoolp192r1_test_vector, 3708 .hash_type = SHA256, 3709 .msg = "brainpoolP192r1", 3710 .msglen = 15, 3711 .sig_type = ECGDSA, 3712 .exp_sig = ecgdsa_brainpoolp192r1_test_vectors_expected_sig, 3713 .exp_siglen = sizeof(ecgdsa_brainpoolp192r1_test_vectors_expected_sig), 3714 .adata = NULL, 3715 .adata_len = 0 3716 }; 3717 #endif /* WITH_CURVE_BRAINPOOLP192R1 */ 3718 #endif /* WITH_HASH_SHA256 */ 3719 3720 #ifdef WITH_HASH_SHA224 3721 #ifdef WITH_CURVE_BRAINPOOLP224R1 3722 #define ECGDSA_SHA224_BRAINPOOLP224R1_SELF_TEST 3723 3724 /* ECGDSA brainpoolp224r1 test vectors */ 3725 3726 static int ecgdsa_nn_random_iso14888_3_brainpoolp224r1_test_vector(nn_t out, 3727 nn_src_t q) 3728 { 3729 int ret, cmp; 3730 const u8 k_buf[] = { 3731 0x5B, 0x60, 0x4F, 0x2C, 0x35, 0xED, 0x04, 0x01, 3732 0xFC, 0xA3, 0x1E, 0x88, 0x0C, 0xB5, 0x5C, 0x2A, 3733 0x74, 0x56, 0xE7, 0x1A, 0x5C, 0xBA, 0xA8, 0xDF, 3734 0x2F, 0xC0, 0x3C, 0xA9 3735 }; 3736 3737 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3738 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3739 3740 ret = (cmp >= 0) ? -1 : 0; 3741 3742 err: 3743 return ret; 3744 } 3745 3746 static const u8 ecgdsa_brainpoolp224r1_test_vectors_priv_key[] = { 3747 0x7E, 0x75, 0xBC, 0x2C, 0xD5, 0x73, 0xB3, 0x8A, 3748 0xED, 0x09, 0x77, 0xAD, 0x61, 0x17, 0x63, 0xDD, 3749 0x57, 0xFB, 0x29, 0xB2, 0x20, 0x88, 0x33, 0x44, 3750 0xB8, 0x1D, 0xF0, 0x37 3751 }; 3752 3753 static const u8 ecgdsa_brainpoolp224r1_test_vectors_expected_sig[] = { 3754 0x60, 0xFB, 0xB2, 0xB1, 0x5F, 0x05, 0x5C, 0xD1, 3755 0xD4, 0x82, 0xED, 0x6D, 0xC5, 0x06, 0x9C, 0x8F, 3756 0x62, 0x4A, 0x34, 0x05, 0xB6, 0x7D, 0x11, 0xB3, 3757 0xB6, 0x5E, 0x02, 0x34, 0x5A, 0x05, 0x0F, 0x05, 3758 0xAF, 0x0B, 0x10, 0x6B, 0xA3, 0xF1, 0x46, 0x96, 3759 0xE6, 0x16, 0x2C, 0xA4, 0x6F, 0xBA, 0xBD, 0x2C, 3760 0x14, 0x44, 0x19, 0xDB, 0xB5, 0xBF, 0xBD, 0xC0 3761 }; 3762 3763 static const ec_test_case ecgdsa_brainpoolp224r1_test_case = { 3764 .name = "ECGDSA-SHA224/brainpoolp224r1", 3765 .ec_str_p = &brainpoolp224r1_str_params, 3766 .priv_key = ecgdsa_brainpoolp224r1_test_vectors_priv_key, 3767 .priv_key_len = sizeof(ecgdsa_brainpoolp224r1_test_vectors_priv_key), 3768 .nn_random = ecgdsa_nn_random_iso14888_3_brainpoolp224r1_test_vector, 3769 .hash_type = SHA224, 3770 .msg = "brainpoolP224r1", 3771 .msglen = 15, 3772 .sig_type = ECGDSA, 3773 .exp_sig = ecgdsa_brainpoolp224r1_test_vectors_expected_sig, 3774 .exp_siglen = sizeof(ecgdsa_brainpoolp224r1_test_vectors_expected_sig), 3775 .adata = NULL, 3776 .adata_len = 0 3777 }; 3778 #endif /* WITH_CURVE_BRAINPOOLP224R1 */ 3779 #endif /* WITH_HASH_SHA224 */ 3780 3781 #ifdef WITH_HASH_SHA256 3782 #ifdef WITH_CURVE_BRAINPOOLP256R1 3783 #define ECGDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 3784 3785 /* ECGDSA brainpoolp256r1 test vectors */ 3786 3787 static int ecgdsa_nn_random_iso14888_3_brainpoolp256r1_test_vector(nn_t out, 3788 nn_src_t q) 3789 { 3790 int ret, cmp; 3791 const u8 k_buf[] = { 3792 0x0E, 0x64, 0x21, 0x27, 0x2D, 0xDA, 0xB9, 0xC2, 3793 0x07, 0xB1, 0x19, 0xBD, 0xD1, 0x0C, 0x03, 0x86, 3794 0x10, 0x05, 0x75, 0x2E, 0xEA, 0xBB, 0x3A, 0xC9, 3795 0x75, 0x13, 0x04, 0x1A, 0xDE, 0x62, 0x86, 0xD9 3796 }; 3797 3798 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3799 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3800 3801 ret = (cmp >= 0) ? -1 : 0; 3802 3803 err: 3804 return ret; 3805 } 3806 3807 static const u8 ecgdsa_brainpoolp256r1_test_vectors_priv_key[] = { 3808 0x52, 0xB9, 0x29, 0xB4, 0x02, 0x97, 0x43, 0x7B, 3809 0x98, 0x97, 0x3A, 0x2C, 0x43, 0x7E, 0x8F, 0x03, 3810 0xA2, 0x31, 0xEB, 0x61, 0xE0, 0xCD, 0x38, 0xFD, 3811 0xAD, 0x80, 0x2F, 0x00, 0xD5, 0x5A, 0x13, 0xA3 3812 }; 3813 3814 static const u8 ecgdsa_brainpoolp256r1_test_vectors_expected_sig[] = { 3815 0x82, 0x93, 0x49, 0xe3, 0xb6, 0xe1, 0xf3, 0xe5, 3816 0x15, 0xeb, 0x95, 0x81, 0xbe, 0x0f, 0x95, 0x8d, 3817 0xcc, 0xaa, 0xa6, 0xb6, 0x8d, 0x83, 0xba, 0x77, 3818 0x01, 0xdd, 0x7a, 0x08, 0x67, 0xe4, 0x4e, 0xa7, 3819 0x3d, 0xc2, 0xf1, 0x03, 0x29, 0x6a, 0x79, 0x3e, 3820 0x50, 0xdc, 0x22, 0x66, 0x65, 0x74, 0x70, 0xa4, 3821 0x0d, 0x2c, 0x9e, 0xa1, 0xca, 0x79, 0x7d, 0xea, 3822 0x61, 0x00, 0x42, 0xb7, 0x73, 0x0b, 0xbd, 0xce 3823 }; 3824 3825 static const ec_test_case ecgdsa_brainpoolp256r1_test_case = { 3826 .name = "ECGDSA-SHA256/brainpoolp256r1", 3827 .ec_str_p = &brainpoolp256r1_str_params, 3828 .priv_key = ecgdsa_brainpoolp256r1_test_vectors_priv_key, 3829 .priv_key_len = sizeof(ecgdsa_brainpoolp256r1_test_vectors_priv_key), 3830 .nn_random = ecgdsa_nn_random_iso14888_3_brainpoolp256r1_test_vector, 3831 .hash_type = SHA256, 3832 .msg = "brainpoolP256r1", 3833 .msglen = 15, 3834 .sig_type = ECGDSA, 3835 .exp_sig = ecgdsa_brainpoolp256r1_test_vectors_expected_sig, 3836 .exp_siglen = sizeof(ecgdsa_brainpoolp256r1_test_vectors_expected_sig), 3837 .adata = NULL, 3838 .adata_len = 0 3839 }; 3840 #endif /* WITH_CURVE_BRAINPOOLP256R1 */ 3841 #endif /* WITH_HASH_SHA256 */ 3842 3843 #ifdef WITH_HASH_SHA384 3844 #ifdef WITH_CURVE_BRAINPOOLP384R1 3845 #define ECGDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 3846 3847 /* ECGDSA brainpoolp384r1 test vectors */ 3848 3849 static int ecgdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q) 3850 { 3851 int ret, cmp; 3852 3853 const u8 k_buf[] = { 3854 0x39, 0x1c, 0x0c, 0xff, 0xe3, 0xaa, 0x7e, 0x95, 3855 0x47, 0xd2, 0x3e, 0xe9, 0x70, 0x36, 0x12, 0x55, 3856 0x15, 0xce, 0x74, 0xd6, 0xfe, 0x55, 0x44, 0x07, 3857 0x17, 0x79, 0x64, 0xfd, 0xee, 0xce, 0x9d, 0x88, 3858 0xb3, 0xeb, 0xdc, 0xed, 0x5e, 0xe6, 0x34, 0xf3, 3859 0x0c, 0x3a, 0x74, 0xaa, 0xad, 0x54, 0x57, 0x0a 3860 }; 3861 3862 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3863 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3864 3865 ret = (cmp >= 0) ? -1 : 0; 3866 3867 err: 3868 return ret; 3869 } 3870 3871 static const u8 ecgdsa_brainpoolp384r1_test_vectors_priv_key[] = { 3872 0x70, 0x74, 0x93, 0xc8, 0x39, 0x9a, 0x07, 0x95, 3873 0xd1, 0xa3, 0xd2, 0x36, 0xae, 0x60, 0xa5, 0x46, 3874 0x86, 0xec, 0xc5, 0x7c, 0x1e, 0xc5, 0x51, 0xef, 3875 0x3f, 0x63, 0x19, 0x3a, 0x09, 0xd9, 0xb5, 0x9c, 3876 0xae, 0x50, 0x04, 0xee, 0x2d, 0x4d, 0x48, 0x71, 3877 0xf8, 0x5a, 0xcb, 0x1a, 0x60, 0x36, 0xbb, 0x68 3878 }; 3879 3880 static const u8 ecgdsa_brainpoolp384r1_test_vectors_expected_sig[] = { 3881 0x3b, 0x34, 0xbe, 0xb7, 0xa6, 0x9e, 0x07, 0x6d, 3882 0xd9, 0x6f, 0x2d, 0x71, 0x2a, 0xfe, 0xe2, 0xf2, 3883 0x72, 0xa4, 0xd7, 0xad, 0xdf, 0x29, 0x1c, 0xa7, 3884 0x99, 0xed, 0x62, 0x49, 0xa9, 0xbb, 0x4e, 0xcd, 3885 0xcb, 0xe4, 0x44, 0x88, 0x31, 0xc5, 0x49, 0xb7, 3886 0x8f, 0xc7, 0x2b, 0xa5, 0x5a, 0x34, 0x66, 0xa6, 3887 3888 0x79, 0xa0, 0x47, 0x25, 0x3d, 0xad, 0x09, 0x80, 3889 0xe1, 0x3f, 0x99, 0xf3, 0x20, 0x4a, 0xd9, 0x7b, 3890 0xfe, 0x2c, 0xa2, 0x09, 0xdd, 0x33, 0xbe, 0xd5, 3891 0x7f, 0xe0, 0xb5, 0x1d, 0x52, 0x1d, 0x2e, 0x61, 3892 0xb2, 0x78, 0x81, 0x40, 0x90, 0x57, 0x02, 0xe5, 3893 0x1a, 0xdf, 0x44, 0x84, 0x9f, 0x0c, 0x4b, 0xce 3894 }; 3895 3896 static const ec_test_case ecgdsa_brainpoolp384r1_test_case = { 3897 .name = "ECGDSA-SHA384/brainpoolp384r1", 3898 .ec_str_p = &brainpoolp384r1_str_params, 3899 .priv_key = ecgdsa_brainpoolp384r1_test_vectors_priv_key, 3900 .priv_key_len = sizeof(ecgdsa_brainpoolp384r1_test_vectors_priv_key), 3901 .nn_random = ecgdsa_nn_random_brainpoolp384r1_test_vector, 3902 .hash_type = SHA384, 3903 .msg = "brainpoolP384r1", 3904 .msglen = 15, 3905 .sig_type = ECGDSA, 3906 .exp_sig = ecgdsa_brainpoolp384r1_test_vectors_expected_sig, 3907 .exp_siglen = sizeof(ecgdsa_brainpoolp384r1_test_vectors_expected_sig), 3908 .adata = NULL, 3909 .adata_len = 0 3910 }; 3911 #endif /* WITH_CURVE_BRAINPOOLP384R1 */ 3912 #endif /* WITH_HASH_SHA384 */ 3913 #endif /* WITH_SIG_ECGDSA */ 3914 3915 /******************************************************************* 3916 ************** ECRDSA tests *************************************** 3917 *******************************************************************/ 3918 /* 3919 * NOTE: ISO/IEC 14888-3 standard seems to diverge from the existing implementations 3920 * of ECRDSA when treating the message hash, and from the examples of certificates provided 3921 * in RFC 7091 and draft-deremin-rfc4491-bis. While in ISO/IEC 14888-3 it is explicitely asked 3922 * to proceed with the hash of the message as big endian, the RFCs derived from the Russian 3923 * standard expect the hash value to be treated as little endian when importing it as an integer 3924 * (this discrepancy is exhibited and confirmed by test vectors present in ISO/IEC 14888-3, and 3925 * by X.509 certificates present in the RFCs). This seems (to be confirmed) to be a discrepancy of 3926 * ISO/IEC 14888-3 algorithm description that must be fixed there. 3927 * 3928 * In order to be conservative, libecc uses the Russian standard behavior as expected to be in line with 3929 * other implemetations, but keeps the ISO/IEC 14888-3 behavior if forced/asked by the user using 3930 * the USE_ISO14888_3_ECRDSA toggle. This allows to keep backward compatibility with previous versions of the 3931 * library if needed. 3932 * 3933 */ 3934 3935 #ifdef WITH_SIG_ECRDSA 3936 3937 #ifndef USE_ISO14888_3_ECRDSA 3938 3939 /* 3940 * All the follwing test vectors are extracted from draft-deremin-rfc4491-bis RFC draft 3941 * (https://datatracker.ietf.org/doc/html/draft-deremin-rfc4491-bis) where certificates signed with 3942 * GOST R 34.10-2012 using GOST R 34.11-2012 (256 and 512 bits) are provided. We can use them 3943 * as test vectors with the message being the TBS (To Be Signed) blob of the certificate. 3944 */ 3945 3946 #ifdef WITH_HASH_STREEBOG256 3947 #ifdef WITH_CURVE_GOST256 3948 #define ECRDSA_STREEBOG256_GOST256_SELF_TEST 3949 3950 static int ecrdsa_nn_random_rfc4491_bis_1_GOST_256bits_curve_test_vector(nn_t out, nn_src_t q){ 3951 int ret, cmp; 3952 const u8 k_buf[] = { 3953 0x77, 0x10, 0x5c, 0x9b, 0x20, 0xbc, 0xd3, 0x12, 0x28, 0x23, 0xc8, 0xcf, 3954 0x6f, 0xcc, 0x7b, 0x95, 0x6d, 0xe3, 0x38, 0x14, 0xe9, 0x5b, 0x7f, 0xe6, 3955 0x4f, 0xed, 0x92, 0x45, 0x94, 0xdc, 0xea, 0xb3, 3956 }; 3957 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 3958 ret = nn_cmp(out, q, &cmp); EG(ret, err); 3959 3960 ret = (cmp >= 0) ? -1 : 0; 3961 3962 err: 3963 return ret; 3964 } 3965 static const u8 ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_priv_key[] = { 3966 0x7a, 0x92, 0x9a, 0xde, 0x78, 0x9b, 0xb9, 0xbe, 0x10, 0xed, 3967 0x35, 0x9d, 0xd3, 0x9a, 0x72, 0xc1, 0x1b, 0x60, 0x96, 0x1f, 3968 0x49, 0x39, 0x7e, 0xee, 0x1d, 0x19, 0xce, 0x98, 0x91, 0xec, 3969 0x3b, 0x28, 3970 }; 3971 static const u8 ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_expected_sig[] = { 3972 0x41, 0xaa, 0x28, 0xd2, 0xf1, 0xab, 0x14, 0x82, 0x80, 0xcd, 3973 0x9e, 0xd5, 0x6f, 0xed, 0xa4, 0x19, 0x74, 0x05, 0x35, 0x54, 3974 0xa4, 0x27, 0x67, 0xb8, 0x3a, 0xd0, 0x43, 0xfd, 0x39, 0xdc, 3975 0x04, 0x93, 3976 0x4d, 0x53, 0xf0, 0x12, 0xfe, 0x08, 0x17, 0x76, 0x50, 0x7d, 3977 0x4d, 0x9b, 0xb8, 0x1f, 0x00, 0xef, 0xdb, 0x4e, 0xef, 0xd4, 3978 0xab, 0x83, 0xba, 0xc4, 0xba, 0xcf, 0x73, 0x51, 0x73, 0xcf, 3979 0xa8, 0x1c, 3980 }; 3981 static const unsigned char ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_message[] = { 3982 0x30, 0x81, 0xdb, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0a, 0x30, 3983 0x0a, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01, 0x01, 0x03, 0x02, 0x30, 3984 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x07, 3985 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x30, 0x20, 0x17, 0x0d, 0x30, 3986 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 3987 0x18, 0x0f, 0x32, 0x30, 0x35, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30, 0x30, 3988 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 3989 0x03, 0x55, 0x04, 0x03, 0x13, 0x07, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 3990 0x65, 0x30, 0x66, 0x30, 0x1f, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01, 3991 0x01, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 3992 0x23, 0x00, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01, 0x01, 0x02, 0x02, 3993 0x03, 0x43, 0x00, 0x04, 0x40, 0x0b, 0xd8, 0x6f, 0xe5, 0xd8, 0xdb, 0x89, 3994 0x66, 0x8f, 0x78, 0x9b, 0x4e, 0x1d, 0xba, 0x85, 0x85, 0xc5, 0x50, 0x8b, 3995 0x45, 0xec, 0x5b, 0x59, 0xd8, 0x90, 0x6d, 0xdb, 0x70, 0xe2, 0x49, 0x2b, 3996 0x7f, 0xda, 0x77, 0xff, 0x87, 0x1a, 0x10, 0xfb, 0xdf, 0x27, 0x66, 0xd2, 3997 0x93, 0xc5, 0xd1, 0x64, 0xaf, 0xbb, 0x3c, 0x7b, 0x97, 0x3a, 0x41, 0xc8, 3998 0x85, 0xd1, 0x1d, 0x70, 0xd6, 0x89, 0xb4, 0xf1, 0x26, 0xa3, 0x13, 0x30, 3999 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 4000 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 4001 }; 4002 static const ec_test_case ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_case = { 4003 .name="ECRDSA-STREEBOG256/GOST-256-curve (RFC4491)", 4004 .ec_str_p = &GOST_256bits_curve_str_params, 4005 .priv_key = ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_priv_key, 4006 .priv_key_len = sizeof(ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_priv_key), 4007 .nn_random = ecrdsa_nn_random_rfc4491_bis_1_GOST_256bits_curve_test_vector, 4008 .hash_type = STREEBOG256, 4009 .msg = (const char*)ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_message, 4010 .msglen = sizeof(ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_message), 4011 .sig_type = ECRDSA, 4012 .exp_sig = ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_expected_sig, 4013 .exp_siglen = sizeof(ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_expected_sig), 4014 .adata = NULL, 4015 .adata_len = 0 4016 }; 4017 4018 #endif /* WITH_CURVE_GOST256 */ 4019 #endif /* WITH_HASH_STREEBOG256 */ 4020 4021 #ifdef WITH_HASH_STREEBOG256 4022 #ifdef WITH_CURVE_GOST_R3410_2012_256_PARAMSETA 4023 #define ECRDSA_STREEBOG256_GOST256_PARAMSETA_SELF_TEST 4024 4025 static int ecrdsa_nn_random_rfc4491_bis_2_GOST_256bits_curve_test_vector(nn_t out, nn_src_t q){ 4026 int ret, cmp; 4027 const u8 k_buf[] = { 4028 0x27, 0x10, 0x5c, 0x9b, 0x20, 0xbc, 0xd3, 0x12, 0x28, 0x23, 4029 0xc8, 0xcf, 0x6f, 0xcc, 0x7b, 0x95, 0x6d, 0xe3, 0x38, 0x14, 4030 0xe9, 0x5b, 0x7f, 0xe6, 0x4f, 0xed, 0x92, 0x45, 0x94, 0xdc, 4031 0xea, 0xb3, 4032 }; 4033 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 4034 ret = nn_cmp(out, q, &cmp); EG(ret, err); 4035 4036 ret = (cmp >= 0) ? -1 : 0; 4037 4038 err: 4039 return ret; 4040 } 4041 static const u8 ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_priv_key[] = { 4042 0x3a, 0x92, 0x9a, 0xde, 0x78, 0x9b, 0xb9, 0xbe, 0x10, 4043 0xed, 0x35, 0x9d, 0xd3, 0x9a, 0x72, 0xc1, 0x0b, 0x87, 4044 0xc8, 0x3f, 0x80, 0xbe, 0x18, 0xb8, 0x5c, 0x04, 0x1f, 4045 0x43, 0x25, 0xb6, 0x2e, 0xc1, 4046 }; 4047 static const u8 ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_expected_sig[] = { 4048 0x1d, 0x0e, 0x1d, 0xa5, 0xbe, 0x34, 0x7c, 0x6f, 0x1b, 4049 0x52, 0x56, 0xc7, 0xae, 0xac, 0x20, 0x0a, 0xd6, 0x4a, 4050 0xc7, 0x7a, 0x6f, 0x5b, 0x3a, 0x0e, 0x09, 0x73, 0x18, 4051 0xe7, 0xae, 0x6e, 0xe7, 0x69, 4052 0x14, 0x0b, 0x4d, 0xa9, 0x12, 0x4b, 0x09, 0xcb, 0x0d, 4053 0x5c, 0xe9, 0x28, 0xee, 0x87, 0x42, 0x73, 0xa3, 0x10, 4054 0x12, 0x94, 0x92, 0xec, 0x0e, 0x29, 0x36, 0x9e, 0x3b, 4055 0x79, 0x12, 0x48, 0x57, 0x8c, 4056 }; 4057 static const unsigned char ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_message[] = { 4058 0x30, 0x81, 0xd3, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0a, 0x30, 4059 0x0a, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01, 0x01, 0x03, 0x02, 0x30, 4060 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x07, 4061 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x30, 0x20, 0x17, 0x0d, 0x30, 4062 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 4063 0x18, 0x0f, 0x32, 0x30, 0x35, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30, 0x30, 4064 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 4065 0x03, 0x55, 0x04, 0x03, 0x13, 0x07, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 4066 0x65, 0x30, 0x5e, 0x30, 0x17, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01, 4067 0x01, 0x01, 0x01, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x85, 0x03, 0x07, 0x01, 4068 0x02, 0x01, 0x01, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40, 0x74, 0x27, 0x95, 4069 0xd4, 0xbe, 0xe8, 0x84, 0xdd, 0xf2, 0x85, 0x0f, 0xec, 0x03, 0xea, 0x3f, 4070 0xaf, 0x18, 0x44, 0xe0, 0x1d, 0x9d, 0xa6, 0x0b, 0x64, 0x50, 0x93, 0xa5, 4071 0x5e, 0x26, 0xdf, 0xc3, 0x99, 0x78, 0xf5, 0x96, 0xcf, 0x4d, 0x4d, 0x0c, 4072 0x6c, 0xf1, 0xd1, 0x89, 0x43, 0xd9, 0x44, 0x93, 0xd1, 0x6b, 0x9e, 0xc0, 4073 0xa1, 0x6d, 0x51, 0x2d, 0x2e, 0x12, 0x7c, 0xc4, 0x69, 0x1a, 0x63, 0x18, 4074 0xe2, 0xa3, 0x13, 0x30, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 4075 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 4076 }; 4077 static const ec_test_case ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_case = { 4078 .name="ECRDSA-STREEBOG256/GOST-256-curve-paramsetA (RFC4491)", 4079 .ec_str_p = &gost_R3410_2012_256_paramSetA_str_params, 4080 .priv_key = ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_priv_key, 4081 .priv_key_len = sizeof(ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_priv_key), 4082 .nn_random = ecrdsa_nn_random_rfc4491_bis_2_GOST_256bits_curve_test_vector, 4083 .hash_type = STREEBOG256, 4084 .msg = (const char*)ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_message, 4085 .msglen = sizeof(ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_message), 4086 .sig_type = ECRDSA, 4087 .exp_sig = ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_expected_sig, 4088 .exp_siglen = sizeof(ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_expected_sig), 4089 .adata = NULL, 4090 .adata_len = 0 4091 }; 4092 4093 #endif /* WITH_CURVE_GOST_R3410_2012_256_PARAMSETA */ 4094 #endif /* WITH_HASH_STREEBOG256 */ 4095 4096 #ifdef WITH_HASH_STREEBOG512 4097 #ifdef WITH_CURVE_GOST512 4098 #define ECRDSA_STREEBOG512_GOST512_SELF_TEST 4099 4100 static int ecrdsa_nn_random_rfc4491_bis_1_GOST_512bits_curve_test_vector(nn_t out, nn_src_t q){ 4101 int ret, cmp; 4102 const u8 k_buf[] = { 4103 0x03, 0x59, 0xe7, 0xf4, 0xb1, 0x41, 0x0f, 0xea, 0xcc, 4104 0x57, 0x04, 0x56, 0xc6, 0x80, 0x14, 0x96, 0x94, 0x63, 4105 0x12, 0x12, 0x0b, 0x39, 0xd0, 0x19, 0xd4, 0x55, 0x98, 4106 0x6e, 0x36, 0x4f, 0x36, 0x58, 0x86, 0x74, 0x8e, 0xd7, 4107 0xa4, 0x4b, 0x3e, 0x79, 0x44, 0x34, 0x00, 0x60, 0x11, 4108 0x84, 0x22, 0x86, 0x21, 0x22, 0x73, 0xa6, 0xd1, 0x4c, 4109 0xf7, 0x0e, 0xa3, 0xaf, 0x71, 0xbb, 0x1a, 0xe6, 0x79, 4110 0xf1, 4111 }; 4112 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 4113 ret = nn_cmp(out, q, &cmp); EG(ret, err); 4114 4115 ret = (cmp >= 0) ? -1 : 0; 4116 4117 err: 4118 return ret; 4119 } 4120 static const u8 ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_priv_key[] = { 4121 0x0B, 0xA6, 0x04, 0x8A, 0xAD, 0xAE, 0x24, 0x1B, 0xA4, 4122 0x09, 0x36, 0xD4, 0x77, 0x56, 0xD7, 0xC9, 0x30, 0x91, 4123 0xA0, 0xE8, 0x51, 0x46, 0x69, 0x70, 0x0E, 0xE7, 0x50, 4124 0x8E, 0x50, 0x8B, 0x10, 0x20, 0x72, 0xE8, 0x12, 0x3B, 4125 0x22, 0x00, 0xA0, 0x56, 0x33, 0x22, 0xDA, 0xD2, 0x82, 4126 0x7E, 0x27, 0x14, 0xA2, 0x63, 0x6B, 0x7B, 0xFD, 0x18, 4127 0xAA, 0xDF, 0xC6, 0x29, 0x67, 0x82, 0x1F, 0xA1, 0x8D, 4128 0xD4, 4129 }; 4130 static const u8 ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_expected_sig[] = { 4131 0x2f, 0x86, 0xfa, 0x60, 0xa0, 0x81, 0x09, 0x1a, 0x23, 4132 0xdd, 0x79, 0x5e, 0x1e, 0x3c, 0x68, 0x9e, 0xe5, 0x12, 4133 0xa3, 0xc8, 0x2e, 0xe0, 0xdc, 0xc2, 0x64, 0x3c, 0x78, 4134 0xee, 0xa8, 0xfc, 0xac, 0xd3, 0x54, 0x92, 0x55, 0x84, 4135 0x86, 0xb2, 0x0f, 0x1c, 0x9e, 0xc1, 0x97, 0xc9, 0x06, 4136 0x99, 0x85, 0x02, 0x60, 0xc9, 0x3b, 0xcb, 0xcd, 0x9c, 4137 0x5c, 0x33, 0x17, 0xe1, 0x93, 0x44, 0xe1, 0x73, 0xae, 4138 0x36, 4139 0x41, 0x57, 0x03, 0xd8, 0x92, 0xf1, 0xa5, 0xf3, 0xf6, 4140 0x8c, 0x43, 0x53, 0x18, 0x9a, 0x7e, 0xe2, 0x07, 0xb8, 4141 0x0b, 0x56, 0x31, 0xef, 0x9d, 0x49, 0x52, 0x9a, 0x4d, 4142 0x6b, 0x54, 0x2c, 0x2c, 0xfa, 0x15, 0xaa, 0x2e, 0xac, 4143 0xf1, 0x1f, 0x47, 0x0f, 0xde, 0x7d, 0x95, 0x48, 0x56, 4144 0x90, 0x3c, 0x35, 0xfd, 0x8f, 0x95, 0x5e, 0xf3, 0x00, 4145 0xd9, 0x5c, 0x77, 0x53, 0x4a, 0x72, 0x4a, 0x0e, 0xee, 4146 0x70, 4147 }; 4148 static const unsigned char ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_message[] = { 4149 0x30, 0x82, 0x01, 0x16, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0b, 4150 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01, 0x01, 0x03, 0x03, 4151 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 4152 0x07, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x30, 0x20, 0x17, 0x0d, 4153 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 4154 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x35, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30, 4155 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 4156 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x07, 0x45, 0x78, 0x61, 0x6d, 0x70, 4157 0x6c, 0x65, 0x30, 0x81, 0xa0, 0x30, 0x17, 0x06, 0x08, 0x2a, 0x85, 0x03, 4158 0x07, 0x01, 0x01, 0x01, 0x02, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x85, 0x03, 4159 0x07, 0x01, 0x02, 0x01, 0x02, 0x00, 0x03, 0x81, 0x84, 0x00, 0x04, 0x81, 4160 0x80, 0xe1, 0xef, 0x30, 0xd5, 0x2c, 0x61, 0x33, 0xdd, 0xd9, 0x9d, 0x1d, 4161 0x5c, 0x41, 0x45, 0x5c, 0xf7, 0xdf, 0x4d, 0x8b, 0x4c, 0x92, 0x5b, 0xbc, 4162 0x69, 0xaf, 0x14, 0x33, 0xd1, 0x56, 0x58, 0x51, 0x5a, 0xdd, 0x21, 0x46, 4163 0x85, 0x0c, 0x32, 0x5c, 0x5b, 0x81, 0xc1, 0x33, 0xbe, 0x65, 0x5a, 0xa8, 4164 0xc4, 0xd4, 0x40, 0xe7, 0xb9, 0x8a, 0x8d, 0x59, 0x48, 0x7b, 0x0c, 0x76, 4165 0x96, 0xbc, 0xc5, 0x5d, 0x11, 0xec, 0xbe, 0x77, 0x36, 0xa9, 0xec, 0x35, 4166 0x7f, 0xf2, 0xfd, 0x39, 0x93, 0x1f, 0x4e, 0x11, 0x4c, 0xb8, 0xcd, 0xa3, 4167 0x59, 0x27, 0x0a, 0xc7, 0xf0, 0xe7, 0xff, 0x43, 0xd9, 0x41, 0x94, 0x19, 4168 0xea, 0x61, 0xfd, 0x2a, 0xb7, 0x7f, 0x5d, 0x9f, 0x63, 0x52, 0x3d, 0x3b, 4169 0x50, 0xa0, 0x4f, 0x63, 0xe2, 0xa0, 0xcf, 0x51, 0xb7, 0xc1, 0x3a, 0xdc, 4170 0x21, 0x56, 0x0f, 0x0b, 0xd4, 0x0c, 0xc9, 0xc7, 0x37, 0xa3, 0x13, 0x30, 4171 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 4172 0x05, 0x30, 0x03, 0x01, 0x01, 0xff 4173 }; 4174 static const ec_test_case ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_case = { 4175 .name="ECRDSA-STREEBOG512/GOST-512-curve (RFC4491)", 4176 .ec_str_p = &GOST_512bits_curve_str_params, 4177 .priv_key = ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_priv_key, 4178 .priv_key_len = sizeof(ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_priv_key), 4179 .nn_random = ecrdsa_nn_random_rfc4491_bis_1_GOST_512bits_curve_test_vector, 4180 .hash_type = STREEBOG512, 4181 .msg = (const char*)ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_message, 4182 .msglen = sizeof(ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_message), 4183 .sig_type = ECRDSA, 4184 .exp_sig = ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_expected_sig, 4185 .exp_siglen = sizeof(ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_expected_sig), 4186 .adata = NULL, 4187 .adata_len = 0 4188 }; 4189 4190 #endif /* WITH_CURVE_GOST512 */ 4191 #endif /* WITH_HASH_STREEBOG512 */ 4192 4193 4194 #else /* !defined(USE_ISO14888_3_ECRDSA) */ 4195 /* 4196 * Unlike other signature algorithms (defined in ISO 14888-3:2015) for 4197 * which tests vectors are based on secp* or brainpoolp* curves, EC-RDSA 4198 * tests vectors are based on custom curves. As a side note, the 256 4199 * curve (not the random signature param and key) appear in RFC 5832 and 4200 * RFC 7091, but discrepancies exist in the algorithm with the ISO/IEC 14888-3 4201 * description and test vectors (see above). 4202 */ 4203 4204 #ifdef WITH_HASH_SHA256 4205 #ifdef WITH_CURVE_GOST256 4206 #define ECRDSA_SHA256_GOST256_SELF_TEST 4207 4208 /* First, ECRDSA test vector on a 256-bit GOST curve */ 4209 4210 static int ecrdsa_nn_random_iso14888_3_GOST_256bits_curve_test_vector(nn_t out, 4211 nn_src_t q) 4212 { 4213 int ret, cmp; 4214 const u8 k_buf[] = { 4215 0x77, 0x10, 0x5C, 0x9B, 0x20, 0xBC, 0xD3, 0x12, 4216 0x28, 0x23, 0xC8, 0xCF, 0x6F, 0xCC, 0x7B, 0x95, 4217 0x6D, 0xE3, 0x38, 0x14, 0xE9, 0x5B, 0x7F, 0xE6, 4218 0x4F, 0xED, 0x92, 0x45, 0x94, 0xDC, 0xEA, 0xB3 4219 }; 4220 4221 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 4222 ret = nn_cmp(out, q, &cmp); EG(ret, err); 4223 4224 ret = (cmp >= 0) ? -1 : 0; 4225 4226 err: 4227 return ret; 4228 } 4229 4230 static const u8 ecrdsa_GOST_256bits_curve_test_vectors_priv_key[] = { 4231 0x7A, 0x92, 0x9A, 0xDE, 0x78, 0x9B, 0xB9, 0xBE, 4232 0x10, 0xED, 0x35, 0x9D, 0xD3, 0x9A, 0x72, 0xC1, 4233 0x1B, 0x60, 0x96, 0x1F, 0x49, 0x39, 0x7E, 0xEE, 4234 0x1D, 0x19, 0xCE, 0x98, 0x91, 0xEC, 0x3B, 0x28 4235 }; 4236 4237 static const u8 ecrdsa_GOST_256bits_curve_test_vectors_expected_sig[] = { 4238 0x41, 0xAA, 0x28, 0xD2, 0xF1, 0xAB, 0x14, 0x82, 4239 0x80, 0xCD, 0x9E, 0xD5, 0x6F, 0xED, 0xA4, 0x19, 4240 0x74, 0x05, 0x35, 0x54, 0xA4, 0x27, 0x67, 0xB8, 4241 0x3A, 0xD0, 0x43, 0xFD, 0x39, 0xDC, 0x04, 0x93, 4242 0x0A, 0x7B, 0xA4, 0x72, 0x2D, 0xA5, 0x69, 0x3F, 4243 0x22, 0x9D, 0x17, 0x5F, 0xAB, 0x6A, 0xFB, 0x85, 4244 0x7E, 0xC2, 0x27, 0x3B, 0x9F, 0x88, 0xDA, 0x58, 4245 0x92, 0xCE, 0xD3, 0x11, 0x7F, 0xCF, 0x1E, 0x36 4246 }; 4247 4248 static const ec_test_case ecrdsa_GOST_256bits_curve_test_case = { 4249 .name = "ECRDSA-SHA256/GOST-256-curve", 4250 .ec_str_p = &GOST_256bits_curve_str_params, 4251 .priv_key = ecrdsa_GOST_256bits_curve_test_vectors_priv_key, 4252 .priv_key_len = 4253 sizeof(ecrdsa_GOST_256bits_curve_test_vectors_priv_key), 4254 .nn_random = 4255 ecrdsa_nn_random_iso14888_3_GOST_256bits_curve_test_vector, 4256 .hash_type = SHA256, 4257 .msg = "abc", 4258 .msglen = 3, 4259 .sig_type = ECRDSA, 4260 .exp_sig = ecrdsa_GOST_256bits_curve_test_vectors_expected_sig, 4261 .exp_siglen = 4262 sizeof(ecrdsa_GOST_256bits_curve_test_vectors_expected_sig), 4263 .adata = NULL, 4264 .adata_len = 0 4265 }; 4266 #endif /* WITH_CURVE_GOST256 */ 4267 #endif /* WITH_HASH_SHA256 */ 4268 4269 /* NOTE: the test vectors present in the GOST 34.10-2012 standard and in the 4270 * associated RFC7091 do not provide messages as input, they instead provide the 4271 * value of the raw result of the hash function reduced modulo q. This is kinf of 4272 * useless here as we want to test the full GOST stack (i.e. hash digest plus curves), 4273 * hence we use the PyGOST Python library to generate some test vectors. 4274 */ 4275 #ifdef WITH_HASH_STREEBOG256 4276 #ifdef WITH_CURVE_GOST256 4277 #define ECRDSA_STREEBOG256_GOST256_SELF_TEST 4278 static int ecrdsa_nn_random_pygostlib_1_GOST_256bits_curve_test_vector(nn_t out, nn_src_t q){ 4279 int ret, cmp; 4280 const u8 k_buf[] = { 4281 0x4c, 0xe0, 0xe1, 0x2a, 0x2a, 0x35, 0x82, 0xa2, 0x1b, 0xe0, 4282 0xe7, 0x3f, 0xaf, 0xf2, 0xe2, 0xdb, 0x0c, 0xc2, 0x04, 0x80, 4283 0x33, 0x86, 0x36, 0xa2, 0x75, 0xcd, 0x12, 0xee, 0x0e, 0x3b, 4284 0x7a, 0xa7, 4285 }; 4286 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 4287 ret = nn_cmp(out, q, &cmp); EG(ret, err); 4288 4289 ret = (cmp >= 0) ? -1 : 0; 4290 4291 err: 4292 return ret; 4293 } 4294 static const u8 ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_priv_key[] = { 4295 0x34, 0xce, 0x5e, 0x59, 0xef, 0x00, 0x78, 0x53, 0x06, 4296 0xe8, 0x4a, 0xfd, 0x53, 0x47, 0xab, 0xe5, 0x68, 0x92, 4297 0x4e, 0xfe, 0x26, 0x32, 0x11, 0x1d, 0x05, 0x6a, 0xf9, 4298 0x1c, 0x4d, 0x7d, 0x59, 0x9a, 4299 }; 4300 static const u8 ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_expected_sig[] = { 4301 0x43, 0x3f, 0x32, 0xf8, 0xcb, 0xdb, 0x53, 0x3d, 0x1e, 4302 0x8f, 0x5f, 0x5b, 0xfa, 0xc8, 0x67, 0x90, 0x5d, 0x01, 4303 0x22, 0xa7, 0x40, 0x5d, 0x06, 0xa2, 0x06, 0xac, 0x6a, 4304 0xfb, 0x42, 0xf9, 0x9c, 0x66, 0x4a, 0xa8, 0xea, 0x8f, 4305 0x5c, 0xbc, 0x88, 0xf3, 0x3b, 0x66, 0x9f, 0x0d, 0xa6, 4306 0x21, 0xa9, 0xe2, 0x1c, 0xba, 0xcc, 0xca, 0x91, 0x97, 4307 0xe6, 0xdf, 0xcb, 0x14, 0x9a, 0x99, 0x26, 0xf2, 0xd7, 4308 0xd2, 4309 }; 4310 static const char ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_message[] = { 4311 0x61, 0x62, 0x63, 4312 }; 4313 static const ec_test_case ecrdsa_pygostlib_1_GOST_256bits_curve_test_case = { 4314 .name="ECRDSA-STREEBOG256/GOST-256-curve 1", 4315 .ec_str_p = &GOST_256bits_curve_str_params, 4316 .priv_key = ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_priv_key, 4317 .priv_key_len = sizeof(ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_priv_key), 4318 .nn_random = ecrdsa_nn_random_pygostlib_1_GOST_256bits_curve_test_vector, 4319 .hash_type = STREEBOG256, 4320 .msg = ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_message, 4321 .msglen = sizeof(ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_message), 4322 .sig_type = ECRDSA, 4323 .exp_sig = ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_expected_sig, 4324 .exp_siglen = sizeof(ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_expected_sig), 4325 .adata = NULL, 4326 .adata_len = 0 4327 }; 4328 4329 static int ecrdsa_nn_random_pygostlib_2_GOST_256bits_curve_test_vector(nn_t out, nn_src_t q){ 4330 int ret, cmp; 4331 const u8 k_buf[] = { 4332 0x1b, 0x91, 0xc9, 0xc8, 0xf3, 0x3d, 0x16, 0x2f, 0xe0, 4333 0x97, 0xf2, 0x8e, 0x1d, 0x8a, 0x52, 0xab, 0x8f, 0x31, 4334 0x91, 0x55, 0x08, 0xf7, 0x1c, 0x80, 0x65, 0xac, 0x50, 4335 0x61, 0xff, 0x20, 0x07, 0x07, 4336 }; 4337 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 4338 ret = nn_cmp(out, q, &cmp); EG(ret, err); 4339 4340 ret = (cmp >= 0) ? -1 : 0; 4341 4342 err: 4343 return ret; 4344 } 4345 static const u8 ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_priv_key[] = { 4346 0x36, 0xf5, 0x26, 0x39, 0x79, 0x87, 0x88, 0x83, 0x06, 4347 0x56, 0x86, 0xd8, 0x7e, 0x04, 0xf0, 0x68, 0xbb, 0xf5, 4348 0x54, 0x18, 0xbf, 0xbf, 0x02, 0x1f, 0xa3, 0x0e, 0x9c, 4349 0xfb, 0xa7, 0x8d, 0x63, 0xef, 4350 }; 4351 static const u8 ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_expected_sig[] = { 4352 0x24, 0x28, 0x81, 0x56, 0xe2, 0xaa, 0xb4, 0xd7, 0xbd, 4353 0x33, 0x2c, 0x50, 0x39, 0xe0, 0x84, 0x8a, 0x85, 0x2a, 4354 0xfd, 0xab, 0x36, 0x35, 0xea, 0x1e, 0xdd, 0xd0, 0x28, 4355 0xf3, 0x34, 0x5d, 0x68, 0xcf, 0x24, 0xaf, 0x4b, 0xe3, 4356 0x86, 0xc6, 0x95, 0x9c, 0xfb, 0xd5, 0x0e, 0x2e, 0x11, 4357 0x17, 0x65, 0x09, 0x18, 0xea, 0xe9, 0x3c, 0x60, 0x67, 4358 0x3f, 0xe2, 0xa2, 0xe9, 0xde, 0x33, 0xe7, 0xff, 0x79, 4359 0x0c, 4360 }; 4361 static const char ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_message[] = { 4362 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4363 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4364 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4365 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4366 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4367 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4368 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4369 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4370 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4371 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4372 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4373 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4374 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4375 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4376 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4377 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4378 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4379 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4380 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4381 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4382 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4383 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4384 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4385 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4386 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4387 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4388 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4389 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4390 0x61, 0x62, 0x63, 0x64, 4391 }; 4392 static const ec_test_case ecrdsa_pygostlib_2_GOST_256bits_curve_test_case = { 4393 .name="ECRDSA-STREEBOG256/GOST-256-curve 2", 4394 .ec_str_p = &GOST_256bits_curve_str_params, 4395 .priv_key = ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_priv_key, 4396 .priv_key_len = sizeof(ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_priv_key), 4397 .nn_random = ecrdsa_nn_random_pygostlib_2_GOST_256bits_curve_test_vector, 4398 .hash_type = STREEBOG256, 4399 .msg = ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_message, 4400 .msglen = sizeof(ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_message), 4401 .sig_type = ECRDSA, 4402 .exp_sig = ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_expected_sig, 4403 .exp_siglen = sizeof(ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_expected_sig), 4404 .adata = NULL, 4405 .adata_len = 0 4406 }; 4407 4408 #endif /* WITH_CURVE_GOST256 */ 4409 #endif /* WITH_HASH_STREEBOG256 */ 4410 4411 #ifdef WITH_HASH_SHA512 4412 #ifdef WITH_CURVE_GOST512 4413 #define ECRDSA_SHA512_GOST512_SELF_TEST 4414 4415 /* Then, ECRDSA test vector on a GOST 512-bit curve */ 4416 4417 static int ecrdsa_nn_random_iso14888_3_GOST_512bits_curve_test_vector(nn_t out, 4418 nn_src_t q) 4419 { 4420 int ret, cmp; 4421 /* 4422 * Current version of ISO 14888-3:2015 has a bad k value in its 4423 * test vectors. The value of k is higher than q!!!! Instead of 4424 * reducing the wrong value each time, let's change that false 4425 * value for a correct one (i.e. the reduced one mod q). 4426 * 4427 4428 const u8 k_buf[] = { 4429 0xC5, 0x73, 0xF6, 0xB3, 0x01, 0xD9, 0x9C, 0x24, 4430 0xC4, 0x22, 0xA4, 0x27, 0x1E, 0x9E, 0xC9, 0x3B, 4431 0xAE, 0xAA, 0x6E, 0xEF, 0x0D, 0xE8, 0x24, 0x77, 4432 0xD8, 0xB7, 0x39, 0x1F, 0x9F, 0x67, 0x90, 0xD9, 4433 0xDD, 0xE5, 0x14, 0x6F, 0x02, 0xEC, 0xA5, 0x67, 4434 0x2C, 0x38, 0xFC, 0x80, 0x9C, 0xF4, 0xCA, 0x88, 4435 0x93, 0x7C, 0x4B, 0x3A, 0x39, 0x36, 0xAD, 0xF9, 4436 0x90, 0x8F, 0x79, 0x6C, 0x86, 0xC0, 0x5C, 0x43 4437 }; 4438 4439 */ 4440 4441 const u8 k_buf[] = { 4442 0x3b, 0x10, 0x9d, 0x0f, 0x05, 0xd9, 0x54, 0x96, 4443 0x1a, 0x08, 0x57, 0x30, 0x48, 0x3e, 0xec, 0x3a, 4444 0x8a, 0x54, 0x45, 0x89, 0x0e, 0x76, 0x06, 0x6e, 4445 0x2e, 0xe0, 0x41, 0x0c, 0x33, 0xc1, 0xee, 0x1e, 4446 0x8d, 0x86, 0xb9, 0x71, 0x6c, 0xb1, 0x2f, 0xd8, 4447 0xf9, 0x18, 0x43, 0xc2, 0xc3, 0x6c, 0x82, 0xa4, 4448 0xe2, 0x9f, 0xff, 0x5e, 0xbc, 0xef, 0x22, 0xcd, 4449 0xe4, 0x06, 0x23, 0x89, 0x76, 0xf2, 0x8e, 0x85 4450 }; 4451 4452 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 4453 ret = nn_cmp(out, q, &cmp); EG(ret, err); 4454 4455 ret = (cmp >= 0) ? -1 : 0; 4456 4457 err: 4458 return ret; 4459 } 4460 4461 static const u8 ecrdsa_GOST_512bits_curve_test_vectors_priv_key[] = { 4462 0x0B, 0xA6, 0x04, 0x8A, 0xAD, 0xAE, 0x24, 0x1B, 4463 0xA4, 0x09, 0x36, 0xD4, 0x77, 0x56, 0xD7, 0xC9, 4464 0x30, 0x91, 0xA0, 0xE8, 0x51, 0x46, 0x69, 0x70, 4465 0x0E, 0xE7, 0x50, 0x8E, 0x50, 0x8B, 0x10, 0x20, 4466 0x72, 0xE8, 0x12, 0x3B, 0x22, 0x00, 0xA0, 0x56, 4467 0x33, 0x22, 0xDA, 0xD2, 0x82, 0x7E, 0x27, 0x14, 4468 0xA2, 0x63, 0x6B, 0x7B, 0xFD, 0x18, 0xAA, 0xDF, 4469 0xC6, 0x29, 0x67, 0x82, 0x1F, 0xA1, 0x8D, 0xD4 4470 }; 4471 4472 static const u8 ecrdsa_GOST_512bits_curve_test_vectors_expected_sig[] = { 4473 0x13, 0xc5, 0x65, 0x57, 0xe3, 0x00, 0x89, 0x8b, 4474 0xf6, 0xc9, 0x1a, 0x08, 0xaf, 0x0c, 0xaf, 0x80, 4475 0x10, 0x46, 0xa2, 0xdc, 0x58, 0xcf, 0x7e, 0x84, 4476 0xa1, 0x5d, 0xa3, 0xb6, 0x89, 0xc0, 0xeb, 0x29, 4477 0x73, 0xf5, 0xbe, 0x70, 0x27, 0xdb, 0xdd, 0x77, 4478 0xbc, 0xe5, 0xd3, 0x37, 0x6a, 0xd5, 0x79, 0x3c, 4479 0x21, 0x31, 0x57, 0x85, 0xaa, 0x6d, 0x25, 0x36, 4480 0xa2, 0x0c, 0x91, 0x58, 0x14, 0xf2, 0xad, 0xdc, 4481 0x32, 0xC0, 0xB1, 0x5B, 0xE3, 0x67, 0x58, 0x3B, 4482 0xB3, 0xFA, 0xEF, 0xF1, 0x49, 0xAF, 0x87, 0xD1, 4483 0x18, 0xBF, 0x18, 0xE1, 0x34, 0x87, 0xE0, 0xC6, 4484 0xAB, 0x75, 0x80, 0xB8, 0x62, 0xEC, 0x10, 0x4A, 4485 0x41, 0xEC, 0x9A, 0x5F, 0xB1, 0x7B, 0x0E, 0x0E, 4486 0xDB, 0xCF, 0xFD, 0x92, 0x0D, 0x6F, 0x62, 0x7E, 4487 0x70, 0x4A, 0x82, 0xCC, 0x53, 0x41, 0x27, 0xF6, 4488 0x44, 0xFD, 0xC9, 0x58, 0x98, 0x4D, 0xDC, 0xA0 4489 }; 4490 4491 static const ec_test_case ecrdsa_GOST_512bits_curve_test_case = { 4492 .name = "ECRDSA-SHA512/GOST-512-curve", 4493 .ec_str_p = &GOST_512bits_curve_str_params, 4494 .priv_key = ecrdsa_GOST_512bits_curve_test_vectors_priv_key, 4495 .priv_key_len = 4496 sizeof(ecrdsa_GOST_512bits_curve_test_vectors_priv_key), 4497 .nn_random = 4498 ecrdsa_nn_random_iso14888_3_GOST_512bits_curve_test_vector, 4499 .hash_type = SHA512, 4500 .msg = "abc", 4501 .msglen = 3, 4502 .sig_type = ECRDSA, 4503 .exp_sig = ecrdsa_GOST_512bits_curve_test_vectors_expected_sig, 4504 .exp_siglen = 4505 sizeof(ecrdsa_GOST_512bits_curve_test_vectors_expected_sig), 4506 .adata = NULL, 4507 .adata_len = 0 4508 }; 4509 #endif /* WITH_CURVE_GOST512 */ 4510 #endif /* WITH_HASH_SHA512 */ 4511 4512 #ifdef WITH_HASH_STREEBOG512 4513 #ifdef WITH_CURVE_GOST512 4514 #define ECRDSA_STREEBOG512_GOST512_SELF_TEST 4515 4516 static int ecrdsa_nn_random_pygostlib_1_GOST_512bits_curve_test_vector(nn_t out, nn_src_t q){ 4517 int ret, cmp; 4518 const u8 k_buf[] = { 4519 0x03, 0xc3, 0xcb, 0xa3, 0x26, 0xc7, 0xdd, 0x44, 0x8e, 4520 0x98, 0xa1, 0x03, 0x37, 0x71, 0x4e, 0xf7, 0xa7, 0x9c, 4521 0xc1, 0x06, 0x30, 0x34, 0xb6, 0xcf, 0x63, 0x0c, 0x1d, 4522 0xe7, 0x7d, 0x80, 0xe0, 0x95, 0xc5, 0x7c, 0x5b, 0xa3, 4523 0x78, 0x01, 0x99, 0xde, 0x1f, 0x7c, 0xb0, 0x5b, 0x5b, 4524 0x08, 0x41, 0xd2, 0xcd, 0x88, 0x60, 0x8e, 0x75, 0xa8, 4525 0x8f, 0xe4, 0x9f, 0xee, 0xe8, 0xfd, 0xc2, 0x9f, 0x8b, 4526 0xa6, 4527 }; 4528 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 4529 ret = nn_cmp(out, q, &cmp); EG(ret, err); 4530 4531 ret = (cmp >= 0) ? -1 : 0; 4532 4533 err: 4534 return ret; 4535 } 4536 static const u8 ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_priv_key[] = { 4537 0x0c, 0x18, 0x44, 0xa6, 0x1c, 0xbb, 0x08, 0xb7, 0xa1, 4538 0x86, 0x32, 0x1e, 0xf5, 0x53, 0x97, 0x7d, 0xef, 0x40, 4539 0x87, 0x7e, 0xd8, 0x98, 0xfb, 0xf6, 0xfd, 0x3e, 0xab, 4540 0xe4, 0xcf, 0xcf, 0xd3, 0x04, 0x21, 0xe5, 0xbf, 0xcb, 4541 0x73, 0xce, 0xd7, 0x35, 0x98, 0xa5, 0x4f, 0x9d, 0x9e, 4542 0x4b, 0x55, 0x83, 0xd6, 0x04, 0x65, 0x3c, 0xb3, 0x0a, 4543 0xbb, 0xe0, 0x56, 0x96, 0x3f, 0x08, 0xaf, 0x9a, 0x5b, 0x4f, 4544 }; 4545 static const u8 ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_expected_sig[] = { 4546 0x0e, 0xf7, 0xf8, 0xcb, 0x41, 0x86, 0xce, 0xb5, 0x86, 4547 0x43, 0x53, 0x15, 0xec, 0x67, 0x48, 0xfe, 0x20, 0x58, 4548 0x35, 0x57, 0x51, 0xd3, 0xfe, 0x25, 0xe2, 0x42, 0xad, 4549 0x96, 0x58, 0xae, 0x55, 0x11, 0xef, 0xb3, 0x3f, 0x93, 4550 0x2d, 0x71, 0x0c, 0xea, 0xc9, 0xd7, 0x4e, 0x34, 0x98, 4551 0xde, 0x85, 0xc9, 0xf1, 0x31, 0x52, 0xfe, 0xf4, 0x65, 4552 0xa6, 0x57, 0x05, 0x78, 0x4d, 0x6d, 0x45, 0x40, 0x09, 4553 0x4b, 0x1f, 0x2f, 0xc0, 0x2b, 0x79, 0xc5, 0x85, 0x1a, 4554 0xc1, 0xc1, 0x4b, 0xaa, 0x63, 0x58, 0xab, 0x07, 0x6e, 4555 0x0b, 0xc7, 0xfd, 0x28, 0x98, 0xe9, 0x88, 0x90, 0x6c, 4556 0xd7, 0x14, 0x02, 0x30, 0x14, 0x8c, 0xa7, 0xe7, 0x24, 4557 0x9a, 0x64, 0x83, 0x63, 0x9c, 0x4f, 0x18, 0xf5, 0x84, 4558 0x7e, 0xce, 0x03, 0xad, 0x3f, 0x9f, 0x26, 0x2f, 0xcb, 4559 0xaa, 0x3c, 0x55, 0xf7, 0xee, 0xd2, 0x91, 0xb3, 0xe7, 4560 0xeb, 0x4b, 4561 }; 4562 static const char ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_message[] = { 4563 0x61, 0x62, 0x63, 4564 }; 4565 static const ec_test_case ecrdsa_pygostlib_1_GOST_512bits_curve_test_case = { 4566 .name="ECRDSA-STREEBOG512/GOST-512-curve 1", 4567 .ec_str_p = &GOST_512bits_curve_str_params, 4568 .priv_key = ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_priv_key, 4569 .priv_key_len = sizeof(ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_priv_key), 4570 .nn_random = ecrdsa_nn_random_pygostlib_1_GOST_512bits_curve_test_vector, 4571 .hash_type = STREEBOG512, 4572 .msg = ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_message, 4573 .msglen = sizeof(ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_message), 4574 .sig_type = ECRDSA, 4575 .exp_sig = ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_expected_sig, 4576 .exp_siglen = sizeof(ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_expected_sig), 4577 .adata = NULL, 4578 .adata_len = 0 4579 }; 4580 4581 static int ecrdsa_nn_random_pygostlib_2_GOST_512bits_curve_test_vector(nn_t out, nn_src_t q){ 4582 int ret, cmp; 4583 const u8 k_buf[] = { 4584 0x15, 0x56, 0x79, 0x4e, 0xed, 0x00, 0x7c, 0xdc, 0xc0, 4585 0xc1, 0x3f, 0xb3, 0x6b, 0xa3, 0xa3, 0x00, 0xdd, 0x16, 4586 0xce, 0x6d, 0x83, 0xf6, 0x49, 0xab, 0x8d, 0x7a, 0x06, 4587 0x38, 0x34, 0xf0, 0x8b, 0xaf, 0xbc, 0x4e, 0x2a, 0x30, 4588 0x25, 0xee, 0xa2, 0x59, 0x5a, 0xc6, 0x79, 0x57, 0x84, 4589 0xc9, 0x15, 0x65, 0xed, 0xcb, 0x33, 0x42, 0x8a, 0x7a, 4590 0xd0, 0xe7, 0x87, 0xfe, 0x3c, 0x16, 0xd1, 0xb5, 0x50, 4591 0x8a, 4592 }; 4593 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 4594 ret = nn_cmp(out, q, &cmp); EG(ret, err); 4595 4596 ret = (cmp >= 0) ? -1 : 0; 4597 4598 err: 4599 return ret; 4600 } 4601 static const u8 ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_priv_key[] = { 4602 0x32, 0xb5, 0xda, 0xed, 0x49, 0x2e, 0x13, 0xc5, 0x8a, 0xb5, 0xa1, 0x41, 4603 0x9e, 0x01, 0x2f, 0x0c, 0x69, 0xc1, 0x4e, 0xf0, 0xcf, 0x84, 0xce, 0x81, 4604 0x4f, 0x76, 0x3b, 0x6f, 0xac, 0xd5, 0x7c, 0xd9, 0x42, 0xfe, 0x47, 0xe5, 4605 0x13, 0x38, 0xbd, 0xdd, 0xd5, 0x91, 0xe0, 0x38, 0xa6, 0x77, 0x17, 0x89, 4606 0x85, 0x9c, 0x55, 0x54, 0xa3, 0xd0, 0x94, 0x6d, 0x20, 0xb4, 0xd3, 0xfd, 4607 0x5c, 0xad, 0x17, 0xbc, 4608 }; 4609 static const u8 ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_expected_sig[] = { 4610 0x06, 0xfa, 0x71, 0xf0, 0xf9, 0x5b, 0xab, 0x4f, 0x08, 0x5b, 0x81, 0x44, 4611 0x32, 0x3a, 0x79, 0xa3, 0x9f, 0xb6, 0x72, 0x7c, 0x5b, 0x14, 0x48, 0xcb, 4612 0x2b, 0x42, 0xc9, 0x75, 0xb8, 0x35, 0x63, 0xf0, 0x6f, 0x81, 0x02, 0x78, 4613 0xd3, 0x2d, 0x7b, 0x04, 0x91, 0x11, 0xb0, 0x69, 0xa0, 0xba, 0x62, 0x47, 4614 0x3c, 0x72, 0x29, 0xef, 0x1b, 0xc2, 0x5c, 0xe5, 0x94, 0x4a, 0xf4, 0xbb, 4615 0x64, 0xf8, 0x68, 0xb9, 0x2e, 0x29, 0xa4, 0x50, 0xd2, 0x38, 0xae, 0xc2, 4616 0x8f, 0x6c, 0x3f, 0xcf, 0x2b, 0x13, 0x5b, 0xf9, 0x73, 0x6a, 0xf8, 0xac, 4617 0x13, 0xff, 0xff, 0x60, 0x19, 0xbd, 0x89, 0xae, 0x4e, 0x29, 0xb8, 0x07, 4618 0xea, 0xa9, 0xe3, 0xf1, 0x78, 0xa2, 0x4f, 0x07, 0x3d, 0xd8, 0x6b, 0x9f, 4619 0x2e, 0xb7, 0x2d, 0x96, 0xd2, 0xea, 0xae, 0x68, 0x38, 0xdb, 0x0d, 0x42, 4620 0xa7, 0x73, 0xf5, 0x5b, 0xbd, 0x3c, 0xe8, 0x84, 4621 }; 4622 static const char ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_message[] = { 4623 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4624 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4625 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4626 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4627 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4628 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4629 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4630 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4631 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4632 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4633 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4634 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4635 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4636 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4637 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4638 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4639 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4640 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4641 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4642 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4643 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4644 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4645 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4646 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4647 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 4648 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 4649 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 4650 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 4651 0x61, 0x62, 0x63, 0x64, 4652 }; 4653 static const ec_test_case ecrdsa_pygostlib_2_GOST_512bits_curve_test_case = { 4654 .name="ECRDSA-STREEBOG512/GOST-512-curve 2", 4655 .ec_str_p = &GOST_512bits_curve_str_params, 4656 .priv_key = ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_priv_key, 4657 .priv_key_len = sizeof(ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_priv_key), 4658 .nn_random = ecrdsa_nn_random_pygostlib_2_GOST_512bits_curve_test_vector, 4659 .hash_type = STREEBOG512, 4660 .msg = ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_message, 4661 .msglen = sizeof(ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_message), 4662 .sig_type = ECRDSA, 4663 .exp_sig = ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_expected_sig, 4664 .exp_siglen = sizeof(ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_expected_sig), 4665 .adata = NULL, 4666 .adata_len = 0 4667 }; 4668 4669 #endif /* WITH_CURVE_GOST512 */ 4670 #endif /* WITH_HASH_STREEBOG512 */ 4671 4672 #endif /* defined(USE_ISO14888_3_ECRDSA) */ 4673 4674 #endif /* WITH_SIG_ECRDSA */ 4675 4676 /******************************************************************* 4677 ************** SM2 tests ****************************************** 4678 *******************************************************************/ 4679 4680 /* 4681 * Unlike other signature algorithms (defined in ISO 14888-3:2015) for 4682 * which tests vectors are based on secp* or brainpoolp* curves, SM2 4683 * tests vectors are based on custom curves. 4684 */ 4685 4686 #ifdef WITH_SIG_SM2 4687 #ifdef WITH_HASH_SM3 4688 4689 #ifdef WITH_CURVE_SM2P256TEST 4690 #define SM2_SM3_CURVE_SM2P256TEST 4691 4692 /* First, SM2 test vector on a 256-bit SM2 TEST curve */ 4693 4694 static int sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vector(nn_t out, 4695 nn_src_t 4696 q) 4697 { 4698 int ret, cmp; 4699 const u8 k_buf[] = { 4700 0x6C, 0xB2, 0x8D, 0x99, 0x38, 0x5C, 0x17, 0x5C, 4701 0x94, 0xF9, 0x4E, 0x93, 0x48, 0x17, 0x66, 0x3F, 4702 0xC1, 0x76, 0xD9, 0x25, 0xDD, 0x72, 0xB7, 0x27, 4703 0x26, 0x0D, 0xBA, 0xAE, 0x1F, 0xB2, 0xF9, 0x6F 4704 }; 4705 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 4706 ret = nn_cmp(out, q, &cmp); EG(ret, err); 4707 4708 ret = (cmp >= 0) ? -1 : 0; 4709 4710 err: 4711 return ret; 4712 } 4713 4714 static const u8 sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_priv_key[] = { 4715 0x12, 0x8B, 0x2F, 0xA8, 0xBD, 0x43, 0x3C, 0x6C, 4716 0x06, 0x8C, 0x8D, 0x80, 0x3D, 0xFF, 0x79, 0x79, 4717 0x2A, 0x51, 0x9A, 0x55, 0x17, 0x1B, 0x1B, 0x65, 4718 0x0C, 0x23, 0x66, 0x1D, 0x15, 0x89, 0x72, 0x63 4719 }; 4720 4721 static const u8 sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_expected_sig[] = { 4722 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 4723 0x9E, 0x09, 0xDC, 0xEF, 0x49, 0x13, 0x0D, 0x41, 4724 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2, 0xCA, 0xA5, 4725 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1, 4726 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 4727 0x0C, 0x77, 0xDF, 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 4728 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0, 0x9E, 0xC5, 4729 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7 4730 }; 4731 4732 static const char sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_msg[] = "message digest"; 4733 4734 static const char sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_adata[] = "ALICE123@YAHOO.COM"; 4735 4736 static const ec_test_case sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_case = { 4737 .name = "SM2-SM3/SM2P256TEST", 4738 .ec_str_p = &sm2p256test_str_params, 4739 .priv_key = sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_priv_key, 4740 .priv_key_len = sizeof(sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_priv_key), 4741 .nn_random = sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vector, 4742 .hash_type = SM3, 4743 .msg = sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_msg, 4744 .msglen = 14, 4745 .sig_type = SM2, 4746 .exp_sig = sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_expected_sig, 4747 .exp_siglen = sizeof(sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_expected_sig), 4748 .adata = (const u8*)sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_adata, 4749 .adata_len = 18, 4750 }; 4751 #endif /* WITH_CURVE_SM2P256TEST */ 4752 4753 #ifdef WITH_CURVE_SM2P256V1 4754 #define SM2_SM3_CURVE_SM2P256V1 4755 4756 /* SM2 test vector on a 256-bit SM2 standardized curve */ 4757 4758 static int sm2_nn_random_sm2p256v1_test_vector(nn_t out, nn_src_t q) 4759 { 4760 int ret, cmp; 4761 const u8 k_buf[] = { 4762 0x59, 0x27, 0x6E, 0x27, 0xD5, 0x06, 0x86, 0x1A, 0x16, 4763 0x68, 0x0F, 0x3A, 0xD9, 0xC0, 0x2D, 0xCC, 0xEF, 0x3C, 4764 0xC1, 0xFA, 0x3C, 0xDB, 0xE4, 0xCE, 0x6D, 0x54, 0xB8, 4765 0x0D, 0xEA, 0xC1, 0xBC, 0x21, 4766 }; 4767 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 4768 ret = nn_cmp(out, q, &cmp); EG(ret, err); 4769 4770 ret = (cmp >= 0) ? -1 : 0; 4771 4772 err: 4773 return ret; 4774 } 4775 4776 static const u8 sm2_nn_random_sm2p256v1_test_vectors_priv_key[] = { 4777 0x39, 0x45, 0x20, 0x8F, 0x7B, 0x21, 0x44, 0xB1, 0x3F, 0x36, 0xE3, 4778 0x8A, 0xC6, 0xD3, 0x9F, 0x95, 0x88, 0x93, 0x93, 0x69, 0x28, 0x60, 4779 0xB5, 0x1A, 0x42, 0xFB, 0x81, 0xEF, 0x4D, 0xF7, 0xC5, 0xB8, 4780 }; 4781 4782 static const u8 sm2_nn_random_sm2p256v1_test_vectors_expected_sig[] = { 4783 0xF5, 0xA0, 0x3B, 0x06, 0x48, 0xD2, 0xC4, 0x63, 0x0E, 0xEA, 0xC5, 4784 0x13, 0xE1, 0xBB, 0x81, 0xA1, 0x59, 0x44, 0xDA, 0x38, 0x27, 0xD5, 4785 0xB7, 0x41, 0x43, 0xAC, 0x7E, 0xAC, 0xEE, 0xE7, 0x20, 0xB3, 0xB1, 4786 0xB6, 0xAA, 0x29, 0xDF, 0x21, 0x2F, 0xD8, 0x76, 0x31, 0x82, 0xBC, 4787 0x0D, 0x42, 0x1C, 0xA1, 0xBB, 0x90, 0x38, 0xFD, 0x1F, 0x7F, 0x42, 4788 0xD4, 0x84, 0x0B, 0x69, 0xC4, 0x85, 0xBB, 0xC1, 0xAA, 4789 }; 4790 4791 static const u8 sm2_nn_random_sm2p256v1_test_vectors_adata[] = { 4792 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 4793 0x34, 0x35, 0x36, 0x37, 0x38, 4794 }; 4795 4796 static const u8 tmp_msg_sm2_sm2p256v1[] = { 4797 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 4798 }; 4799 static const ec_test_case sm2_nn_random_sm2p256v1_test_case = { 4800 .name = "SM2-SM3/SM2P256V1", 4801 .ec_str_p = &sm2p256v1_str_params, 4802 .priv_key = sm2_nn_random_sm2p256v1_test_vectors_priv_key, 4803 .priv_key_len = sizeof(sm2_nn_random_sm2p256v1_test_vectors_priv_key), 4804 .nn_random = sm2_nn_random_sm2p256v1_test_vector, 4805 .hash_type = SM3, 4806 .msg = (const char *)tmp_msg_sm2_sm2p256v1, 4807 .msglen = sizeof(tmp_msg_sm2_sm2p256v1), 4808 .sig_type = SM2, 4809 .exp_sig = sm2_nn_random_sm2p256v1_test_vectors_expected_sig, 4810 .exp_siglen = sizeof(sm2_nn_random_sm2p256v1_test_vectors_expected_sig), 4811 .adata = sm2_nn_random_sm2p256v1_test_vectors_adata, 4812 .adata_len = sizeof(sm2_nn_random_sm2p256v1_test_vectors_adata), 4813 }; 4814 #endif /* WITH_CURVE_SM2P256TEST */ 4815 4816 4817 #endif /* WITH_HASH_SM3 */ 4818 #endif /* WITH_SIG_SM2 */ 4819 4820 4821 /******************************************************************* 4822 ************** EdDSA tests **************************************** 4823 *******************************************************************/ 4824 #ifdef WITH_SIG_EDDSA25519 4825 #ifdef WITH_HASH_SHA512 4826 #ifdef WITH_CURVE_WEI25519 4827 #define EDDSA25519_SHA512_WEI25519_SELF_TEST 4828 4829 #include "ed25519_test_vectors.h" 4830 4831 #define EDDSA25519PH_SHA512_WEI25519_SELF_TEST 4832 4833 #include "ed25519ph_test_vectors.h" 4834 4835 #define EDDSA25519CTX_SHA512_WEI25519_SELF_TEST 4836 4837 #include "ed25519ctx_test_vectors.h" 4838 4839 #endif /* WITH_CURVE_WEI25519 */ 4840 #endif /* WITH_HASH_SHA512 */ 4841 #endif /* WITH_SIG_EDDSA */ 4842 4843 #ifdef WITH_SIG_EDDSA448 4844 #ifdef WITH_HASH_SHAKE256 4845 #ifdef WITH_CURVE_WEI448 4846 #define EDDSA448_SHAKE256_WEI448_SELF_TEST 4847 4848 #include "ed448_test_vectors.h" 4849 4850 #define EDDSA448PH_SHAKE256_WEI448_SELF_TEST 4851 4852 #include "ed448ph_test_vectors.h" 4853 4854 #endif /* WITH_CURVE_WEI448 */ 4855 #endif /* WITH_HASH_SHAKE256 */ 4856 #endif /* WITH_SIG_EDDSA */ 4857 4858 /*********** Deterministic ECDSA tests taken from RFC6979 **************/ 4859 #ifdef WITH_SIG_DECDSA 4860 4861 #include "decdsa_test_vectors.h" 4862 4863 #endif /* WITH_SIG_DECDSA */ 4864 4865 #if defined(WITH_SIG_BIGN) && defined(WITH_CURVE_BIGN256V1) 4866 4867 /* NOTE: tests taken from STB 34.101.45-2013 */ 4868 #include "bign_test_vectors.h" 4869 4870 #endif 4871 4872 #if defined(WITH_SIG_DBIGN) && defined(WITH_CURVE_BIGN256V1) 4873 4874 /* NOTE: tests taken from STB 34.101.45-2013 */ 4875 #include "dbign_test_vectors.h" 4876 4877 #endif 4878 4879 #if defined(WITH_SIG_BIP0340) && defined(WITH_HASH_SHA256) && defined(WITH_CURVE_SECP256K1) 4880 4881 /* NOTE: tests taken from: 4882 * https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv 4883 */ 4884 #include "bip0340_test_vectors.h" 4885 4886 #endif 4887 4888 /* ADD curve test vectors header here */ 4889 /* XXX: Do not remove the comment above, as it is 4890 * used by external tools as a placeholder to add or 4891 * remove automatically generated code. 4892 */ 4893 4894 /* Dummy empty test case to avoid empty array 4895 * when no test case is defined 4896 */ 4897 static const ec_test_case dummy_test_case = { 4898 .name = "Dummy SIGN", 4899 .ec_str_p = NULL, 4900 .priv_key = NULL, 4901 .priv_key_len = 0, 4902 .nn_random = NULL, 4903 .hash_type = UNKNOWN_HASH_ALG, 4904 .msg = NULL, 4905 .msglen = 0, 4906 .sig_type = UNKNOWN_ALG, 4907 .exp_sig = NULL, 4908 .exp_siglen = 0, 4909 .adata = NULL, 4910 .adata_len = 0 4911 }; 4912 4913 /* List of all test cases */ 4914 4915 static const ec_test_case *ec_fixed_vector_tests[] = { 4916 /* ECDSA */ 4917 #ifdef ECDSA_SHA224_SECP224R1_SELF_TEST 4918 &ecdsa_secp224r1_test_case, 4919 #endif 4920 #ifdef ECDSA_SHA256_SECP256R1_SELF_TEST 4921 &ecdsa_secp256r1_test_case, 4922 #endif 4923 #ifdef ECDSA_SHA512_SECP256R1_SELF_TEST 4924 &ecdsa_secp256r1_sha512_test_case, 4925 #endif 4926 #ifdef ECDSA_SHA384_SECP384R1_SELF_TEST 4927 &ecdsa_secp384r1_test_case, 4928 #endif 4929 #ifdef ECDSA_SHA512_SECP521R1_SELF_TEST 4930 &ecdsa_secp521r1_test_case, 4931 #endif 4932 #ifdef ECDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 4933 &ecdsa_brainpoolp256r1_test_case, 4934 #endif 4935 #ifdef ECDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 4936 &ecdsa_brainpoolp384r1_test_case, 4937 #endif 4938 #ifdef ECDSA_SHA512_BRAINPOOLP512R1_SELF_TEST 4939 &ecdsa_brainpoolp512r1_test_case, 4940 #endif 4941 #ifdef ECDSA_SHA256_FRP256V1_SELF_TEST 4942 &ecdsa_frp256v1_test_case, 4943 #endif 4944 #ifdef ECDSA_SHA3_224_SECP224R1_SELF_TEST 4945 &ecdsa_secp224r1_sha3_224_test_case, 4946 #endif 4947 #ifdef ECDSA_SHA3_256_SECP256R1_SELF_TEST 4948 &ecdsa_secp256r1_sha3_256_test_case, 4949 #endif 4950 #ifdef ECDSA_SHA3_512_SECP256R1_SELF_TEST 4951 &ecdsa_secp256r1_sha3_512_test_case, 4952 #endif 4953 #ifdef ECDSA_SHA3_384_SECP384R1_SELF_TEST 4954 &ecdsa_secp384r1_sha3_384_test_case, 4955 #endif 4956 #ifdef ECDSA_SHA3_512_SECP521R1_SELF_TEST 4957 &ecdsa_secp521r1_sha3_512_test_case, 4958 #endif 4959 #ifdef ECDSA_SHA224_SECP192R1_SELF_TEST 4960 &ecdsa_secp192r1_test_case, 4961 #endif 4962 /* ECKCDSA */ 4963 #ifdef ECKCDSA_SHA224_SECP224R1_SELF_TEST 4964 &eckcdsa_secp224r1_test_case, 4965 #endif 4966 #ifdef ECKCDSA_SHA256_SECP224R1_SELF_TEST 4967 &eckcdsa_secp224r1_sha256_test_case, 4968 #endif 4969 #ifdef ECKCDSA_SHA256_SECP256R1_SELF_TEST 4970 &eckcdsa_secp256r1_test_case, 4971 #endif 4972 #ifdef ECKCDSA_SHA384_SECP384R1_SELF_TEST 4973 &eckcdsa_secp384r1_test_case, 4974 #endif 4975 #ifdef ECKCDSA_SHA512_SECP256R1_SELF_TEST 4976 &eckcdsa_secp256r1_sha512_test_case, 4977 #endif 4978 #ifdef ECKCDSA_SHA512_SECP521R1_SELF_TEST 4979 &eckcdsa_secp521r1_test_case, 4980 #endif 4981 #ifdef ECKCDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 4982 &eckcdsa_brainpoolp256r1_test_case, 4983 #endif 4984 #ifdef ECKCDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 4985 &eckcdsa_brainpoolp384r1_test_case, 4986 #endif 4987 #ifdef ECKCDSA_SHA512_BRAINPOOLP512R1_SELF_TEST 4988 &eckcdsa_brainpoolp512r1_test_case, 4989 #endif 4990 #ifdef ECKCDSA_SHA256_FRP256V1_SELF_TEST 4991 &eckcdsa_frp256v1_test_case, 4992 #endif 4993 /* ECSDSA */ 4994 #ifdef ECSDSA_SHA224_SECP224R1_SELF_TEST 4995 &ecsdsa_secp224r1_test_case, 4996 #endif 4997 #ifdef ECSDSA_SHA256_SECP256R1_SELF_TEST 4998 &ecsdsa_secp256r1_test_case, 4999 #endif 5000 #ifdef ECSDSA_SHA384_SECP384R1_SELF_TEST 5001 &ecsdsa_secp384r1_test_case, 5002 #endif 5003 #ifdef ECSDSA_SHA512_SECP521R1_SELF_TEST 5004 &ecsdsa_secp521r1_test_case, 5005 #endif 5006 #ifdef ECSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 5007 &ecsdsa_brainpoolp256r1_test_case, 5008 #endif 5009 #ifdef ECSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 5010 &ecsdsa_brainpoolp384r1_test_case, 5011 #endif 5012 #ifdef ECSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST 5013 &ecsdsa_brainpoolp512r1_test_case, 5014 #endif 5015 #ifdef ECSDSA_SHA256_FRP256V1_SELF_TEST 5016 &ecsdsa_frp256v1_test_case, 5017 #endif 5018 /* ECOSDSA */ 5019 #ifdef ECOSDSA_SHA224_SECP224R1_SELF_TEST 5020 &ecosdsa_secp224r1_test_case, 5021 #endif 5022 #ifdef ECOSDSA_SHA256_SECP256R1_SELF_TEST 5023 &ecosdsa_secp256r1_test_case, 5024 #endif 5025 #ifdef ECOSDSA_SHA384_SECP384R1_SELF_TEST 5026 &ecosdsa_secp384r1_test_case, 5027 #endif 5028 #ifdef ECOSDSA_SHA512_SECP521R1_SELF_TEST 5029 &ecosdsa_secp521r1_test_case, 5030 #endif 5031 #ifdef ECOSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 5032 &ecosdsa_brainpoolp256r1_test_case, 5033 #endif 5034 #ifdef ECOSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 5035 &ecosdsa_brainpoolp384r1_test_case, 5036 #endif 5037 #ifdef ECOSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST 5038 &ecosdsa_brainpoolp512r1_test_case, 5039 #endif 5040 #ifdef ECOSDSA_SHA256_FRP256V1_SELF_TEST 5041 &ecosdsa_frp256v1_test_case, 5042 #endif 5043 /* ECFSDSA */ 5044 #ifdef ECFSDSA_SHA224_SECP224R1_SELF_TEST 5045 &ecfsdsa_secp224r1_test_case, 5046 #endif 5047 #ifdef ECFSDSA_SHA256_SECP256R1_SELF_TEST 5048 &ecfsdsa_secp256r1_test_case, 5049 #endif 5050 #ifdef ECFSDSA_SHA384_SECP384R1_SELF_TEST 5051 &ecfsdsa_secp384r1_test_case, 5052 #endif 5053 #ifdef ECFSDSA_SHA512_SECP521R1_SELF_TEST 5054 &ecfsdsa_secp521r1_test_case, 5055 #endif 5056 #ifdef ECFSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 5057 &ecfsdsa_brainpoolp256r1_test_case, 5058 #endif 5059 #ifdef ECFSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 5060 &ecfsdsa_brainpoolp384r1_test_case, 5061 #endif 5062 #ifdef ECFSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST 5063 &ecfsdsa_brainpoolp512r1_test_case, 5064 #endif 5065 #ifdef ECFSDSA_SHA256_FRP256V1_SELF_TEST 5066 &ecfsdsa_frp256v1_test_case, 5067 #endif 5068 /* ECGDSA */ 5069 #ifdef ECGDSA_SHA256_BRAINPOOLP192R1_SELF_TEST 5070 &ecgdsa_brainpoolp192r1_test_case, 5071 #endif 5072 #ifdef ECGDSA_SHA224_BRAINPOOLP224R1_SELF_TEST 5073 &ecgdsa_brainpoolp224r1_test_case, 5074 #endif 5075 #ifdef ECGDSA_SHA256_BRAINPOOLP256R1_SELF_TEST 5076 &ecgdsa_brainpoolp256r1_test_case, 5077 #endif 5078 #ifdef ECGDSA_SHA384_BRAINPOOLP384R1_SELF_TEST 5079 &ecgdsa_brainpoolp384r1_test_case, 5080 #endif 5081 /* ECRDSA */ 5082 #ifndef USE_ISO14888_3_ECRDSA 5083 #ifdef ECRDSA_STREEBOG256_GOST256_SELF_TEST 5084 &ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_case, 5085 #endif 5086 #ifdef ECRDSA_STREEBOG256_GOST256_PARAMSETA_SELF_TEST 5087 &ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_case, 5088 #endif 5089 #ifdef ECRDSA_STREEBOG512_GOST512_SELF_TEST 5090 &ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_case, 5091 #endif 5092 /**/ 5093 #else /* defined(USE_ISO14888_3_ECRDSA) */ 5094 #ifdef ECRDSA_SHA256_GOST256_SELF_TEST 5095 &ecrdsa_GOST_256bits_curve_test_case, 5096 #endif 5097 #ifdef ECRDSA_SHA512_GOST512_SELF_TEST 5098 &ecrdsa_GOST_512bits_curve_test_case, 5099 #endif 5100 #ifdef ECRDSA_STREEBOG256_GOST256_SELF_TEST 5101 &ecrdsa_pygostlib_1_GOST_256bits_curve_test_case, 5102 &ecrdsa_pygostlib_2_GOST_256bits_curve_test_case, 5103 #endif 5104 #ifdef ECRDSA_STREEBOG512_GOST512_SELF_TEST 5105 &ecrdsa_pygostlib_1_GOST_512bits_curve_test_case, 5106 &ecrdsa_pygostlib_2_GOST_512bits_curve_test_case, 5107 #endif 5108 #endif /* defined(USE_ISO14888_3_ECRDSA) */ 5109 #ifdef SM2_SM3_CURVE_SM2P256TEST 5110 &sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_case, 5111 #endif 5112 #ifdef SM2_SM3_CURVE_SM2P256V1 5113 &sm2_nn_random_sm2p256v1_test_case, 5114 #endif 5115 /* EdDSA Ed25519 */ 5116 #ifdef EDDSA25519_SHA512_WEI25519_SELF_TEST 5117 EDDSA25519_SHA512_WEI25519_ALL_TESTS() 5118 #endif 5119 /* EdDSA Ed25519ph */ 5120 #ifdef EDDSA25519PH_SHA512_WEI25519_SELF_TEST 5121 EDDSA25519PH_SHA512_WEI25519_ALL_TESTS() 5122 #endif 5123 /* EdDSA Ed25519ctx */ 5124 #ifdef EDDSA25519CTX_SHA512_WEI25519_SELF_TEST 5125 EDDSA25519CTX_SHA512_WEI25519_ALL_TESTS() 5126 #endif 5127 /* EdDSA Ed448 */ 5128 #ifdef EDDSA448_SHAKE256_WEI448_SELF_TEST 5129 EDDSA448_SHAKE256_WEI448_ALL_TESTS() 5130 #endif 5131 /* EdDSA Ed448PH */ 5132 #ifdef EDDSA448PH_SHAKE256_WEI448_SELF_TEST 5133 EDDSA448PH_SHAKE256_WEI448_ALL_TESTS() 5134 #endif 5135 #ifdef DECDSA_SHA224_SECP192R1_SELF_TEST_0 5136 &decdsa_rfc6979_SECP192R1_SHA224_0_test_case, 5137 #endif /* DECDSA_SHA224_SECP192R1_SELF_TEST_0 */ 5138 #ifdef DECDSA_SHA256_SECP192R1_SELF_TEST_0 5139 &decdsa_rfc6979_SECP192R1_SHA256_0_test_case, 5140 #endif /* DECDSA_SHA256_SECP192R1_SELF_TEST_0 */ 5141 #ifdef DECDSA_SHA384_SECP192R1_SELF_TEST_0 5142 &decdsa_rfc6979_SECP192R1_SHA384_0_test_case, 5143 #endif /* DECDSA_SHA384_SECP192R1_SELF_TEST_0 */ 5144 #ifdef DECDSA_SHA512_SECP192R1_SELF_TEST_0 5145 &decdsa_rfc6979_SECP192R1_SHA512_0_test_case, 5146 #endif /* DECDSA_SHA512_SECP192R1_SELF_TEST_0 */ 5147 #ifdef DECDSA_SHA224_SECP192R1_SELF_TEST_1 5148 &decdsa_rfc6979_SECP192R1_SHA224_1_test_case, 5149 #endif /* DECDSA_SHA224_SECP192R1_SELF_TEST_1 */ 5150 #ifdef DECDSA_SHA256_SECP192R1_SELF_TEST_1 5151 &decdsa_rfc6979_SECP192R1_SHA256_1_test_case, 5152 #endif /* DECDSA_SHA256_SECP192R1_SELF_TEST_1 */ 5153 #ifdef DECDSA_SHA384_SECP192R1_SELF_TEST_1 5154 &decdsa_rfc6979_SECP192R1_SHA384_1_test_case, 5155 #endif /* DECDSA_SHA384_SECP192R1_SELF_TEST_1 */ 5156 #ifdef DECDSA_SHA512_SECP192R1_SELF_TEST_1 5157 &decdsa_rfc6979_SECP192R1_SHA512_1_test_case, 5158 #endif /* DECDSA_SHA512_SECP192R1_SELF_TEST_1 */ 5159 #ifdef DECDSA_SHA224_SECP256R1_SELF_TEST_0 5160 &decdsa_rfc6979_SECP256R1_SHA224_0_test_case, 5161 #endif /* DECDSA_SHA224_SECP256R1_SELF_TEST_0 */ 5162 #ifdef DECDSA_SHA256_SECP256R1_SELF_TEST_0 5163 &decdsa_rfc6979_SECP256R1_SHA256_0_test_case, 5164 #endif /* DECDSA_SHA256_SECP256R1_SELF_TEST_0 */ 5165 #ifdef DECDSA_SHA384_SECP256R1_SELF_TEST_0 5166 &decdsa_rfc6979_SECP256R1_SHA384_0_test_case, 5167 #endif /* DECDSA_SHA384_SECP256R1_SELF_TEST_0 */ 5168 #ifdef DECDSA_SHA512_SECP256R1_SELF_TEST_0 5169 &decdsa_rfc6979_SECP256R1_SHA512_0_test_case, 5170 #endif /* DECDSA_SHA512_SECP256R1_SELF_TEST_0 */ 5171 #ifdef DECDSA_SHA224_SECP256R1_SELF_TEST_1 5172 &decdsa_rfc6979_SECP256R1_SHA224_1_test_case, 5173 #endif /* DECDSA_SHA224_SECP256R1_SELF_TEST_1 */ 5174 #ifdef DECDSA_SHA256_SECP256R1_SELF_TEST_1 5175 &decdsa_rfc6979_SECP256R1_SHA256_1_test_case, 5176 #endif /* DECDSA_SHA256_SECP256R1_SELF_TEST_1 */ 5177 #ifdef DECDSA_SHA384_SECP256R1_SELF_TEST_1 5178 &decdsa_rfc6979_SECP256R1_SHA384_1_test_case, 5179 #endif /* DECDSA_SHA384_SECP256R1_SELF_TEST_1 */ 5180 #ifdef DECDSA_SHA512_SECP256R1_SELF_TEST_1 5181 &decdsa_rfc6979_SECP256R1_SHA512_1_test_case, 5182 #endif /* DECDSA_SHA512_SECP256R1_SELF_TEST_1 */ 5183 #ifdef DECDSA_SHA224_SECP384R1_SELF_TEST_0 5184 &decdsa_rfc6979_SECP384R1_SHA224_0_test_case, 5185 #endif /* DECDSA_SHA224_SECP384R1_SELF_TEST_0 */ 5186 #ifdef DECDSA_SHA256_SECP384R1_SELF_TEST_0 5187 &decdsa_rfc6979_SECP384R1_SHA256_0_test_case, 5188 #endif /* DECDSA_SHA256_SECP384R1_SELF_TEST_0 */ 5189 #ifdef DECDSA_SHA384_SECP384R1_SELF_TEST_0 5190 &decdsa_rfc6979_SECP384R1_SHA384_0_test_case, 5191 #endif /* DECDSA_SHA384_SECP384R1_SELF_TEST_0 */ 5192 #ifdef DECDSA_SHA512_SECP384R1_SELF_TEST_0 5193 &decdsa_rfc6979_SECP384R1_SHA512_0_test_case, 5194 #endif /* DECDSA_SHA512_SECP384R1_SELF_TEST_0 */ 5195 #ifdef DECDSA_SHA224_SECP384R1_SELF_TEST_1 5196 &decdsa_rfc6979_SECP384R1_SHA224_1_test_case, 5197 #endif /* DECDSA_SHA224_SECP384R1_SELF_TEST_1 */ 5198 #ifdef DECDSA_SHA256_SECP384R1_SELF_TEST_1 5199 &decdsa_rfc6979_SECP384R1_SHA256_1_test_case, 5200 #endif /* DECDSA_SHA256_SECP384R1_SELF_TEST_1 */ 5201 #ifdef DECDSA_SHA384_SECP384R1_SELF_TEST_1 5202 &decdsa_rfc6979_SECP384R1_SHA384_1_test_case, 5203 #endif /* DECDSA_SHA384_SECP384R1_SELF_TEST_1 */ 5204 #ifdef DECDSA_SHA512_SECP384R1_SELF_TEST_1 5205 &decdsa_rfc6979_SECP384R1_SHA512_1_test_case, 5206 #endif /* DECDSA_SHA512_SECP384R1_SELF_TEST_1 */ 5207 #ifdef DECDSA_SHA224_SECP521R1_SELF_TEST_0 5208 &decdsa_rfc6979_SECP521R1_SHA224_0_test_case, 5209 #endif /* DECDSA_SHA224_SECP521R1_SELF_TEST_0 */ 5210 #ifdef DECDSA_SHA256_SECP521R1_SELF_TEST_0 5211 &decdsa_rfc6979_SECP521R1_SHA256_0_test_case, 5212 #endif /* DECDSA_SHA256_SECP521R1_SELF_TEST_0 */ 5213 #ifdef DECDSA_SHA384_SECP521R1_SELF_TEST_0 5214 &decdsa_rfc6979_SECP521R1_SHA384_0_test_case, 5215 #endif /* DECDSA_SHA384_SECP521R1_SELF_TEST_0 */ 5216 #ifdef DECDSA_SHA512_SECP521R1_SELF_TEST_0 5217 &decdsa_rfc6979_SECP521R1_SHA512_0_test_case, 5218 #endif /* DECDSA_SHA512_SECP521R1_SELF_TEST_0 */ 5219 #ifdef DECDSA_SHA224_SECP521R1_SELF_TEST_1 5220 &decdsa_rfc6979_SECP521R1_SHA224_1_test_case, 5221 #endif /* DECDSA_SHA224_SECP521R1_SELF_TEST_1 */ 5222 #ifdef DECDSA_SHA256_SECP521R1_SELF_TEST_1 5223 &decdsa_rfc6979_SECP521R1_SHA256_1_test_case, 5224 #endif /* DECDSA_SHA256_SECP521R1_SELF_TEST_1 */ 5225 #ifdef DECDSA_SHA384_SECP521R1_SELF_TEST_1 5226 &decdsa_rfc6979_SECP521R1_SHA384_1_test_case, 5227 #endif /* DECDSA_SHA384_SECP521R1_SELF_TEST_1 */ 5228 #ifdef DECDSA_SHA512_SECP521R1_SELF_TEST_1 5229 &decdsa_rfc6979_SECP521R1_SHA512_1_test_case, 5230 #endif /* DECDSA_SHA512_SECP521R1_SELF_TEST_1 */ 5231 #if defined(WITH_SIG_BIGN) && defined(WITH_CURVE_BIGN256V1) 5232 BIGN_ALL_TESTS() 5233 #endif 5234 #if defined(WITH_SIG_DBIGN) && defined(WITH_CURVE_BIGN256V1) 5235 DBIGN_ALL_TESTS() 5236 #endif 5237 #if defined(WITH_SIG_BIP0340) && defined(WITH_HASH_SHA256) && defined(WITH_CURVE_SECP256K1) 5238 BIP0340_ALL_TESTS() 5239 #endif 5240 5241 /* Dummy empty test case to avoid empty array 5242 * when no test case is defined */ 5243 &dummy_test_case, 5244 5245 /* ADD curve test case here */ 5246 /* XXX: Do not remove the comment above, as it is 5247 * used by external tools as a placeholder to add or 5248 * remove automatically generated code. 5249 */ 5250 }; 5251 5252 #define EC_FIXED_VECTOR_NUM_TESTS \ 5253 (sizeof(ec_fixed_vector_tests) / sizeof(ec_fixed_vector_tests[0])) 5254 5255 5256 /* Dummy empty test case to avoid empty array 5257 * when no test case is defined 5258 */ 5259 static const ecdh_test_case ecdh_dummy_test_case = { 5260 .name = "Dummy ECDH", 5261 .ecdh_type = UNKNOWN_ALG, 5262 .ec_str_p = NULL, 5263 .our_priv_key = NULL, 5264 .our_priv_key_len = 0, 5265 .peer_pub_key = NULL, 5266 .peer_pub_key_len = 0, 5267 .exp_our_pub_key = NULL, 5268 .exp_our_pub_key_len = 0, 5269 .exp_shared_secret = NULL, 5270 .exp_shared_secret_len = 0, 5271 }; 5272 5273 /******************************************************************* 5274 ************** ECCCDH tests *************************************** 5275 *******************************************************************/ 5276 #ifdef WITH_ECCCDH 5277 /* NOTE: these tests are taken from the NIST CAVS 14.1 test suite 5278 * on curves P-192 P-224 P-256 P-384 P-521 5279 */ 5280 #include "ecccdh_test_vectors.h" 5281 #endif /* WITH_ECCCDH */ 5282 5283 #ifdef WITH_X25519 5284 /* NOTE: tests taken from RFC7748 and https://tools.ietf.org/id/draft-ietf-ipsecme-safecurves-03.xml */ 5285 #include "x25519_test_vectors.h" 5286 #endif /* WITH_X25519 */ 5287 5288 #ifdef WITH_X448 5289 /* NOTE: tests taken from RFC7748 */ 5290 #include "x448_test_vectors.h" 5291 #endif /* WITH_X448 */ 5292 5293 #if defined(WITH_ECCCDH) || defined(WITH_X25519) || defined(WITH_X448) 5294 static const ecdh_test_case *ecdh_fixed_vector_tests[] = { 5295 #ifdef ECCCDH_SECP192R1_SELF_TEST_0 5296 &ecccdh_SECP192R1_0_test_case, 5297 #endif /* ECCCDH_SECP192R1_SELF_TEST_0 */ 5298 #ifdef ECCCDH_SECP192R1_SELF_TEST_1 5299 &ecccdh_SECP192R1_1_test_case, 5300 #endif /* ECCCDH_SECP192R1_SELF_TEST_1 */ 5301 #ifdef ECCCDH_SECP192R1_SELF_TEST_2 5302 &ecccdh_SECP192R1_2_test_case, 5303 #endif /* ECCCDH_SECP192R1_SELF_TEST_2 */ 5304 #ifdef ECCCDH_SECP192R1_SELF_TEST_3 5305 &ecccdh_SECP192R1_3_test_case, 5306 #endif /* ECCCDH_SECP192R1_SELF_TEST_3 */ 5307 #ifdef ECCCDH_SECP192R1_SELF_TEST_4 5308 &ecccdh_SECP192R1_4_test_case, 5309 #endif /* ECCCDH_SECP192R1_SELF_TEST_4 */ 5310 #ifdef ECCCDH_SECP192R1_SELF_TEST_5 5311 &ecccdh_SECP192R1_5_test_case, 5312 #endif /* ECCCDH_SECP192R1_SELF_TEST_5 */ 5313 #ifdef ECCCDH_SECP192R1_SELF_TEST_6 5314 &ecccdh_SECP192R1_6_test_case, 5315 #endif /* ECCCDH_SECP192R1_SELF_TEST_6 */ 5316 #ifdef ECCCDH_SECP192R1_SELF_TEST_7 5317 &ecccdh_SECP192R1_7_test_case, 5318 #endif /* ECCCDH_SECP192R1_SELF_TEST_7 */ 5319 #ifdef ECCCDH_SECP192R1_SELF_TEST_8 5320 &ecccdh_SECP192R1_8_test_case, 5321 #endif /* ECCCDH_SECP192R1_SELF_TEST_8 */ 5322 #ifdef ECCCDH_SECP192R1_SELF_TEST_9 5323 &ecccdh_SECP192R1_9_test_case, 5324 #endif /* ECCCDH_SECP192R1_SELF_TEST_9 */ 5325 #ifdef ECCCDH_SECP192R1_SELF_TEST_10 5326 &ecccdh_SECP192R1_10_test_case, 5327 #endif /* ECCCDH_SECP192R1_SELF_TEST_10 */ 5328 #ifdef ECCCDH_SECP192R1_SELF_TEST_11 5329 &ecccdh_SECP192R1_11_test_case, 5330 #endif /* ECCCDH_SECP192R1_SELF_TEST_11 */ 5331 #ifdef ECCCDH_SECP192R1_SELF_TEST_12 5332 &ecccdh_SECP192R1_12_test_case, 5333 #endif /* ECCCDH_SECP192R1_SELF_TEST_12 */ 5334 #ifdef ECCCDH_SECP192R1_SELF_TEST_13 5335 &ecccdh_SECP192R1_13_test_case, 5336 #endif /* ECCCDH_SECP192R1_SELF_TEST_13 */ 5337 #ifdef ECCCDH_SECP192R1_SELF_TEST_14 5338 &ecccdh_SECP192R1_14_test_case, 5339 #endif /* ECCCDH_SECP192R1_SELF_TEST_14 */ 5340 #ifdef ECCCDH_SECP192R1_SELF_TEST_15 5341 &ecccdh_SECP192R1_15_test_case, 5342 #endif /* ECCCDH_SECP192R1_SELF_TEST_15 */ 5343 #ifdef ECCCDH_SECP192R1_SELF_TEST_16 5344 &ecccdh_SECP192R1_16_test_case, 5345 #endif /* ECCCDH_SECP192R1_SELF_TEST_16 */ 5346 #ifdef ECCCDH_SECP192R1_SELF_TEST_17 5347 &ecccdh_SECP192R1_17_test_case, 5348 #endif /* ECCCDH_SECP192R1_SELF_TEST_17 */ 5349 #ifdef ECCCDH_SECP192R1_SELF_TEST_18 5350 &ecccdh_SECP192R1_18_test_case, 5351 #endif /* ECCCDH_SECP192R1_SELF_TEST_18 */ 5352 #ifdef ECCCDH_SECP192R1_SELF_TEST_19 5353 &ecccdh_SECP192R1_19_test_case, 5354 #endif /* ECCCDH_SECP192R1_SELF_TEST_19 */ 5355 #ifdef ECCCDH_SECP192R1_SELF_TEST_20 5356 &ecccdh_SECP192R1_20_test_case, 5357 #endif /* ECCCDH_SECP192R1_SELF_TEST_20 */ 5358 #ifdef ECCCDH_SECP192R1_SELF_TEST_21 5359 &ecccdh_SECP192R1_21_test_case, 5360 #endif /* ECCCDH_SECP192R1_SELF_TEST_21 */ 5361 #ifdef ECCCDH_SECP192R1_SELF_TEST_22 5362 &ecccdh_SECP192R1_22_test_case, 5363 #endif /* ECCCDH_SECP192R1_SELF_TEST_22 */ 5364 #ifdef ECCCDH_SECP192R1_SELF_TEST_23 5365 &ecccdh_SECP192R1_23_test_case, 5366 #endif /* ECCCDH_SECP192R1_SELF_TEST_23 */ 5367 #ifdef ECCCDH_SECP192R1_SELF_TEST_24 5368 &ecccdh_SECP192R1_24_test_case, 5369 #endif /* ECCCDH_SECP192R1_SELF_TEST_24 */ 5370 #ifdef ECCCDH_SECP224R1_SELF_TEST_0 5371 &ecccdh_SECP224R1_0_test_case, 5372 #endif /* ECCCDH_SECP224R1_SELF_TEST_0 */ 5373 #ifdef ECCCDH_SECP224R1_SELF_TEST_1 5374 &ecccdh_SECP224R1_1_test_case, 5375 #endif /* ECCCDH_SECP224R1_SELF_TEST_1 */ 5376 #ifdef ECCCDH_SECP224R1_SELF_TEST_2 5377 &ecccdh_SECP224R1_2_test_case, 5378 #endif /* ECCCDH_SECP224R1_SELF_TEST_2 */ 5379 #ifdef ECCCDH_SECP224R1_SELF_TEST_3 5380 &ecccdh_SECP224R1_3_test_case, 5381 #endif /* ECCCDH_SECP224R1_SELF_TEST_3 */ 5382 #ifdef ECCCDH_SECP224R1_SELF_TEST_4 5383 &ecccdh_SECP224R1_4_test_case, 5384 #endif /* ECCCDH_SECP224R1_SELF_TEST_4 */ 5385 #ifdef ECCCDH_SECP224R1_SELF_TEST_5 5386 &ecccdh_SECP224R1_5_test_case, 5387 #endif /* ECCCDH_SECP224R1_SELF_TEST_5 */ 5388 #ifdef ECCCDH_SECP224R1_SELF_TEST_6 5389 &ecccdh_SECP224R1_6_test_case, 5390 #endif /* ECCCDH_SECP224R1_SELF_TEST_6 */ 5391 #ifdef ECCCDH_SECP224R1_SELF_TEST_7 5392 &ecccdh_SECP224R1_7_test_case, 5393 #endif /* ECCCDH_SECP224R1_SELF_TEST_7 */ 5394 #ifdef ECCCDH_SECP224R1_SELF_TEST_8 5395 &ecccdh_SECP224R1_8_test_case, 5396 #endif /* ECCCDH_SECP224R1_SELF_TEST_8 */ 5397 #ifdef ECCCDH_SECP224R1_SELF_TEST_9 5398 &ecccdh_SECP224R1_9_test_case, 5399 #endif /* ECCCDH_SECP224R1_SELF_TEST_9 */ 5400 #ifdef ECCCDH_SECP224R1_SELF_TEST_10 5401 &ecccdh_SECP224R1_10_test_case, 5402 #endif /* ECCCDH_SECP224R1_SELF_TEST_10 */ 5403 #ifdef ECCCDH_SECP224R1_SELF_TEST_11 5404 &ecccdh_SECP224R1_11_test_case, 5405 #endif /* ECCCDH_SECP224R1_SELF_TEST_11 */ 5406 #ifdef ECCCDH_SECP224R1_SELF_TEST_12 5407 &ecccdh_SECP224R1_12_test_case, 5408 #endif /* ECCCDH_SECP224R1_SELF_TEST_12 */ 5409 #ifdef ECCCDH_SECP224R1_SELF_TEST_13 5410 &ecccdh_SECP224R1_13_test_case, 5411 #endif /* ECCCDH_SECP224R1_SELF_TEST_13 */ 5412 #ifdef ECCCDH_SECP224R1_SELF_TEST_14 5413 &ecccdh_SECP224R1_14_test_case, 5414 #endif /* ECCCDH_SECP224R1_SELF_TEST_14 */ 5415 #ifdef ECCCDH_SECP224R1_SELF_TEST_15 5416 &ecccdh_SECP224R1_15_test_case, 5417 #endif /* ECCCDH_SECP224R1_SELF_TEST_15 */ 5418 #ifdef ECCCDH_SECP224R1_SELF_TEST_16 5419 &ecccdh_SECP224R1_16_test_case, 5420 #endif /* ECCCDH_SECP224R1_SELF_TEST_16 */ 5421 #ifdef ECCCDH_SECP224R1_SELF_TEST_17 5422 &ecccdh_SECP224R1_17_test_case, 5423 #endif /* ECCCDH_SECP224R1_SELF_TEST_17 */ 5424 #ifdef ECCCDH_SECP224R1_SELF_TEST_18 5425 &ecccdh_SECP224R1_18_test_case, 5426 #endif /* ECCCDH_SECP224R1_SELF_TEST_18 */ 5427 #ifdef ECCCDH_SECP224R1_SELF_TEST_19 5428 &ecccdh_SECP224R1_19_test_case, 5429 #endif /* ECCCDH_SECP224R1_SELF_TEST_19 */ 5430 #ifdef ECCCDH_SECP224R1_SELF_TEST_20 5431 &ecccdh_SECP224R1_20_test_case, 5432 #endif /* ECCCDH_SECP224R1_SELF_TEST_20 */ 5433 #ifdef ECCCDH_SECP224R1_SELF_TEST_21 5434 &ecccdh_SECP224R1_21_test_case, 5435 #endif /* ECCCDH_SECP224R1_SELF_TEST_21 */ 5436 #ifdef ECCCDH_SECP224R1_SELF_TEST_22 5437 &ecccdh_SECP224R1_22_test_case, 5438 #endif /* ECCCDH_SECP224R1_SELF_TEST_22 */ 5439 #ifdef ECCCDH_SECP224R1_SELF_TEST_23 5440 &ecccdh_SECP224R1_23_test_case, 5441 #endif /* ECCCDH_SECP224R1_SELF_TEST_23 */ 5442 #ifdef ECCCDH_SECP224R1_SELF_TEST_24 5443 &ecccdh_SECP224R1_24_test_case, 5444 #endif /* ECCCDH_SECP224R1_SELF_TEST_24 */ 5445 #ifdef ECCCDH_SECP256R1_SELF_TEST_0 5446 &ecccdh_SECP256R1_0_test_case, 5447 #endif /* ECCCDH_SECP256R1_SELF_TEST_0 */ 5448 #ifdef ECCCDH_SECP256R1_SELF_TEST_1 5449 &ecccdh_SECP256R1_1_test_case, 5450 #endif /* ECCCDH_SECP256R1_SELF_TEST_1 */ 5451 #ifdef ECCCDH_SECP256R1_SELF_TEST_2 5452 &ecccdh_SECP256R1_2_test_case, 5453 #endif /* ECCCDH_SECP256R1_SELF_TEST_2 */ 5454 #ifdef ECCCDH_SECP256R1_SELF_TEST_3 5455 &ecccdh_SECP256R1_3_test_case, 5456 #endif /* ECCCDH_SECP256R1_SELF_TEST_3 */ 5457 #ifdef ECCCDH_SECP256R1_SELF_TEST_4 5458 &ecccdh_SECP256R1_4_test_case, 5459 #endif /* ECCCDH_SECP256R1_SELF_TEST_4 */ 5460 #ifdef ECCCDH_SECP256R1_SELF_TEST_5 5461 &ecccdh_SECP256R1_5_test_case, 5462 #endif /* ECCCDH_SECP256R1_SELF_TEST_5 */ 5463 #ifdef ECCCDH_SECP256R1_SELF_TEST_6 5464 &ecccdh_SECP256R1_6_test_case, 5465 #endif /* ECCCDH_SECP256R1_SELF_TEST_6 */ 5466 #ifdef ECCCDH_SECP256R1_SELF_TEST_7 5467 &ecccdh_SECP256R1_7_test_case, 5468 #endif /* ECCCDH_SECP256R1_SELF_TEST_7 */ 5469 #ifdef ECCCDH_SECP256R1_SELF_TEST_8 5470 &ecccdh_SECP256R1_8_test_case, 5471 #endif /* ECCCDH_SECP256R1_SELF_TEST_8 */ 5472 #ifdef ECCCDH_SECP256R1_SELF_TEST_9 5473 &ecccdh_SECP256R1_9_test_case, 5474 #endif /* ECCCDH_SECP256R1_SELF_TEST_9 */ 5475 #ifdef ECCCDH_SECP256R1_SELF_TEST_10 5476 &ecccdh_SECP256R1_10_test_case, 5477 #endif /* ECCCDH_SECP256R1_SELF_TEST_10 */ 5478 #ifdef ECCCDH_SECP256R1_SELF_TEST_11 5479 &ecccdh_SECP256R1_11_test_case, 5480 #endif /* ECCCDH_SECP256R1_SELF_TEST_11 */ 5481 #ifdef ECCCDH_SECP256R1_SELF_TEST_12 5482 &ecccdh_SECP256R1_12_test_case, 5483 #endif /* ECCCDH_SECP256R1_SELF_TEST_12 */ 5484 #ifdef ECCCDH_SECP256R1_SELF_TEST_13 5485 &ecccdh_SECP256R1_13_test_case, 5486 #endif /* ECCCDH_SECP256R1_SELF_TEST_13 */ 5487 #ifdef ECCCDH_SECP256R1_SELF_TEST_14 5488 &ecccdh_SECP256R1_14_test_case, 5489 #endif /* ECCCDH_SECP256R1_SELF_TEST_14 */ 5490 #ifdef ECCCDH_SECP256R1_SELF_TEST_15 5491 &ecccdh_SECP256R1_15_test_case, 5492 #endif /* ECCCDH_SECP256R1_SELF_TEST_15 */ 5493 #ifdef ECCCDH_SECP256R1_SELF_TEST_16 5494 &ecccdh_SECP256R1_16_test_case, 5495 #endif /* ECCCDH_SECP256R1_SELF_TEST_16 */ 5496 #ifdef ECCCDH_SECP256R1_SELF_TEST_17 5497 &ecccdh_SECP256R1_17_test_case, 5498 #endif /* ECCCDH_SECP256R1_SELF_TEST_17 */ 5499 #ifdef ECCCDH_SECP256R1_SELF_TEST_18 5500 &ecccdh_SECP256R1_18_test_case, 5501 #endif /* ECCCDH_SECP256R1_SELF_TEST_18 */ 5502 #ifdef ECCCDH_SECP256R1_SELF_TEST_19 5503 &ecccdh_SECP256R1_19_test_case, 5504 #endif /* ECCCDH_SECP256R1_SELF_TEST_19 */ 5505 #ifdef ECCCDH_SECP256R1_SELF_TEST_20 5506 &ecccdh_SECP256R1_20_test_case, 5507 #endif /* ECCCDH_SECP256R1_SELF_TEST_20 */ 5508 #ifdef ECCCDH_SECP256R1_SELF_TEST_21 5509 &ecccdh_SECP256R1_21_test_case, 5510 #endif /* ECCCDH_SECP256R1_SELF_TEST_21 */ 5511 #ifdef ECCCDH_SECP256R1_SELF_TEST_22 5512 &ecccdh_SECP256R1_22_test_case, 5513 #endif /* ECCCDH_SECP256R1_SELF_TEST_22 */ 5514 #ifdef ECCCDH_SECP256R1_SELF_TEST_23 5515 &ecccdh_SECP256R1_23_test_case, 5516 #endif /* ECCCDH_SECP256R1_SELF_TEST_23 */ 5517 #ifdef ECCCDH_SECP256R1_SELF_TEST_24 5518 &ecccdh_SECP256R1_24_test_case, 5519 #endif /* ECCCDH_SECP256R1_SELF_TEST_24 */ 5520 #ifdef ECCCDH_SECP384R1_SELF_TEST_0 5521 &ecccdh_SECP384R1_0_test_case, 5522 #endif /* ECCCDH_SECP384R1_SELF_TEST_0 */ 5523 #ifdef ECCCDH_SECP384R1_SELF_TEST_1 5524 &ecccdh_SECP384R1_1_test_case, 5525 #endif /* ECCCDH_SECP384R1_SELF_TEST_1 */ 5526 #ifdef ECCCDH_SECP384R1_SELF_TEST_2 5527 &ecccdh_SECP384R1_2_test_case, 5528 #endif /* ECCCDH_SECP384R1_SELF_TEST_2 */ 5529 #ifdef ECCCDH_SECP384R1_SELF_TEST_3 5530 &ecccdh_SECP384R1_3_test_case, 5531 #endif /* ECCCDH_SECP384R1_SELF_TEST_3 */ 5532 #ifdef ECCCDH_SECP384R1_SELF_TEST_4 5533 &ecccdh_SECP384R1_4_test_case, 5534 #endif /* ECCCDH_SECP384R1_SELF_TEST_4 */ 5535 #ifdef ECCCDH_SECP384R1_SELF_TEST_5 5536 &ecccdh_SECP384R1_5_test_case, 5537 #endif /* ECCCDH_SECP384R1_SELF_TEST_5 */ 5538 #ifdef ECCCDH_SECP384R1_SELF_TEST_6 5539 &ecccdh_SECP384R1_6_test_case, 5540 #endif /* ECCCDH_SECP384R1_SELF_TEST_6 */ 5541 #ifdef ECCCDH_SECP384R1_SELF_TEST_7 5542 &ecccdh_SECP384R1_7_test_case, 5543 #endif /* ECCCDH_SECP384R1_SELF_TEST_7 */ 5544 #ifdef ECCCDH_SECP384R1_SELF_TEST_8 5545 &ecccdh_SECP384R1_8_test_case, 5546 #endif /* ECCCDH_SECP384R1_SELF_TEST_8 */ 5547 #ifdef ECCCDH_SECP384R1_SELF_TEST_9 5548 &ecccdh_SECP384R1_9_test_case, 5549 #endif /* ECCCDH_SECP384R1_SELF_TEST_9 */ 5550 #ifdef ECCCDH_SECP384R1_SELF_TEST_10 5551 &ecccdh_SECP384R1_10_test_case, 5552 #endif /* ECCCDH_SECP384R1_SELF_TEST_10 */ 5553 #ifdef ECCCDH_SECP384R1_SELF_TEST_11 5554 &ecccdh_SECP384R1_11_test_case, 5555 #endif /* ECCCDH_SECP384R1_SELF_TEST_11 */ 5556 #ifdef ECCCDH_SECP384R1_SELF_TEST_12 5557 &ecccdh_SECP384R1_12_test_case, 5558 #endif /* ECCCDH_SECP384R1_SELF_TEST_12 */ 5559 #ifdef ECCCDH_SECP384R1_SELF_TEST_13 5560 &ecccdh_SECP384R1_13_test_case, 5561 #endif /* ECCCDH_SECP384R1_SELF_TEST_13 */ 5562 #ifdef ECCCDH_SECP384R1_SELF_TEST_14 5563 &ecccdh_SECP384R1_14_test_case, 5564 #endif /* ECCCDH_SECP384R1_SELF_TEST_14 */ 5565 #ifdef ECCCDH_SECP384R1_SELF_TEST_15 5566 &ecccdh_SECP384R1_15_test_case, 5567 #endif /* ECCCDH_SECP384R1_SELF_TEST_15 */ 5568 #ifdef ECCCDH_SECP384R1_SELF_TEST_16 5569 &ecccdh_SECP384R1_16_test_case, 5570 #endif /* ECCCDH_SECP384R1_SELF_TEST_16 */ 5571 #ifdef ECCCDH_SECP384R1_SELF_TEST_17 5572 &ecccdh_SECP384R1_17_test_case, 5573 #endif /* ECCCDH_SECP384R1_SELF_TEST_17 */ 5574 #ifdef ECCCDH_SECP384R1_SELF_TEST_18 5575 &ecccdh_SECP384R1_18_test_case, 5576 #endif /* ECCCDH_SECP384R1_SELF_TEST_18 */ 5577 #ifdef ECCCDH_SECP384R1_SELF_TEST_19 5578 &ecccdh_SECP384R1_19_test_case, 5579 #endif /* ECCCDH_SECP384R1_SELF_TEST_19 */ 5580 #ifdef ECCCDH_SECP384R1_SELF_TEST_20 5581 &ecccdh_SECP384R1_20_test_case, 5582 #endif /* ECCCDH_SECP384R1_SELF_TEST_20 */ 5583 #ifdef ECCCDH_SECP384R1_SELF_TEST_21 5584 &ecccdh_SECP384R1_21_test_case, 5585 #endif /* ECCCDH_SECP384R1_SELF_TEST_21 */ 5586 #ifdef ECCCDH_SECP384R1_SELF_TEST_22 5587 &ecccdh_SECP384R1_22_test_case, 5588 #endif /* ECCCDH_SECP384R1_SELF_TEST_22 */ 5589 #ifdef ECCCDH_SECP384R1_SELF_TEST_23 5590 &ecccdh_SECP384R1_23_test_case, 5591 #endif /* ECCCDH_SECP384R1_SELF_TEST_23 */ 5592 #ifdef ECCCDH_SECP384R1_SELF_TEST_24 5593 &ecccdh_SECP384R1_24_test_case, 5594 #endif /* ECCCDH_SECP384R1_SELF_TEST_24 */ 5595 #ifdef ECCCDH_SECP521R1_SELF_TEST_0 5596 &ecccdh_SECP521R1_0_test_case, 5597 #endif /* ECCCDH_SECP521R1_SELF_TEST_0 */ 5598 #ifdef ECCCDH_SECP521R1_SELF_TEST_1 5599 &ecccdh_SECP521R1_1_test_case, 5600 #endif /* ECCCDH_SECP521R1_SELF_TEST_1 */ 5601 #ifdef ECCCDH_SECP521R1_SELF_TEST_2 5602 &ecccdh_SECP521R1_2_test_case, 5603 #endif /* ECCCDH_SECP521R1_SELF_TEST_2 */ 5604 #ifdef ECCCDH_SECP521R1_SELF_TEST_3 5605 &ecccdh_SECP521R1_3_test_case, 5606 #endif /* ECCCDH_SECP521R1_SELF_TEST_3 */ 5607 #ifdef ECCCDH_SECP521R1_SELF_TEST_4 5608 &ecccdh_SECP521R1_4_test_case, 5609 #endif /* ECCCDH_SECP521R1_SELF_TEST_4 */ 5610 #ifdef ECCCDH_SECP521R1_SELF_TEST_5 5611 &ecccdh_SECP521R1_5_test_case, 5612 #endif /* ECCCDH_SECP521R1_SELF_TEST_5 */ 5613 #ifdef ECCCDH_SECP521R1_SELF_TEST_6 5614 &ecccdh_SECP521R1_6_test_case, 5615 #endif /* ECCCDH_SECP521R1_SELF_TEST_6 */ 5616 #ifdef ECCCDH_SECP521R1_SELF_TEST_7 5617 &ecccdh_SECP521R1_7_test_case, 5618 #endif /* ECCCDH_SECP521R1_SELF_TEST_7 */ 5619 #ifdef ECCCDH_SECP521R1_SELF_TEST_8 5620 &ecccdh_SECP521R1_8_test_case, 5621 #endif /* ECCCDH_SECP521R1_SELF_TEST_8 */ 5622 #ifdef ECCCDH_SECP521R1_SELF_TEST_9 5623 &ecccdh_SECP521R1_9_test_case, 5624 #endif /* ECCCDH_SECP521R1_SELF_TEST_9 */ 5625 #ifdef ECCCDH_SECP521R1_SELF_TEST_10 5626 &ecccdh_SECP521R1_10_test_case, 5627 #endif /* ECCCDH_SECP521R1_SELF_TEST_10 */ 5628 #ifdef ECCCDH_SECP521R1_SELF_TEST_11 5629 &ecccdh_SECP521R1_11_test_case, 5630 #endif /* ECCCDH_SECP521R1_SELF_TEST_11 */ 5631 #ifdef ECCCDH_SECP521R1_SELF_TEST_12 5632 &ecccdh_SECP521R1_12_test_case, 5633 #endif /* ECCCDH_SECP521R1_SELF_TEST_12 */ 5634 #ifdef ECCCDH_SECP521R1_SELF_TEST_13 5635 &ecccdh_SECP521R1_13_test_case, 5636 #endif /* ECCCDH_SECP521R1_SELF_TEST_13 */ 5637 #ifdef ECCCDH_SECP521R1_SELF_TEST_14 5638 &ecccdh_SECP521R1_14_test_case, 5639 #endif /* ECCCDH_SECP521R1_SELF_TEST_14 */ 5640 #ifdef ECCCDH_SECP521R1_SELF_TEST_15 5641 &ecccdh_SECP521R1_15_test_case, 5642 #endif /* ECCCDH_SECP521R1_SELF_TEST_15 */ 5643 #ifdef ECCCDH_SECP521R1_SELF_TEST_16 5644 &ecccdh_SECP521R1_16_test_case, 5645 #endif /* ECCCDH_SECP521R1_SELF_TEST_16 */ 5646 #ifdef ECCCDH_SECP521R1_SELF_TEST_17 5647 &ecccdh_SECP521R1_17_test_case, 5648 #endif /* ECCCDH_SECP521R1_SELF_TEST_17 */ 5649 #ifdef ECCCDH_SECP521R1_SELF_TEST_18 5650 &ecccdh_SECP521R1_18_test_case, 5651 #endif /* ECCCDH_SECP521R1_SELF_TEST_18 */ 5652 #ifdef ECCCDH_SECP521R1_SELF_TEST_19 5653 &ecccdh_SECP521R1_19_test_case, 5654 #endif /* ECCCDH_SECP521R1_SELF_TEST_19 */ 5655 #ifdef ECCCDH_SECP521R1_SELF_TEST_20 5656 &ecccdh_SECP521R1_20_test_case, 5657 #endif /* ECCCDH_SECP521R1_SELF_TEST_20 */ 5658 #ifdef ECCCDH_SECP521R1_SELF_TEST_21 5659 &ecccdh_SECP521R1_21_test_case, 5660 #endif /* ECCCDH_SECP521R1_SELF_TEST_21 */ 5661 #ifdef ECCCDH_SECP521R1_SELF_TEST_22 5662 &ecccdh_SECP521R1_22_test_case, 5663 #endif /* ECCCDH_SECP521R1_SELF_TEST_22 */ 5664 #ifdef ECCCDH_SECP521R1_SELF_TEST_23 5665 &ecccdh_SECP521R1_23_test_case, 5666 #endif /* ECCCDH_SECP521R1_SELF_TEST_23 */ 5667 #ifdef ECCCDH_SECP521R1_SELF_TEST_24 5668 &ecccdh_SECP521R1_24_test_case, 5669 #endif /* ECCCDH_SECP521R1_SELF_TEST_24 */ 5670 #if defined(WITH_X25519) && defined(WITH_CURVE_WEI25519) 5671 &x25519_WEI25519_0_test_case, 5672 &x25519_WEI25519_1_test_case, 5673 &x25519_WEI25519_2_test_case, 5674 &x25519_WEI25519_3_test_case, 5675 #endif 5676 #if defined(WITH_X448) && defined(WITH_CURVE_WEI448) 5677 &x448_WEI448_0_test_case, 5678 &x448_WEI448_1_test_case, 5679 #endif 5680 5681 /* Dummy empty test case to avoid empty array 5682 * when no test case is defined */ 5683 &ecdh_dummy_test_case, 5684 }; 5685 #endif /* !(defined(WITH_ECCCDH) || defined(WITH_X25519) || defined(WITH_X448)) */ 5686 5687 #define ECDH_FIXED_VECTOR_NUM_TESTS \ 5688 (sizeof(ecdh_fixed_vector_tests) / sizeof(ecdh_fixed_vector_tests[0])) 5689 5690 /* 5691 * A fixed test can fail in various ways. The way we report the failure 5692 * to the caller is by returning a non-zero value, in which we encode 5693 * some informations on the failure: curve, sig alg, hash alg, operation 5694 * (key import, signature, sig comparison, verification). Those 4 pieces 5695 * of information are each encoded on 8 bits in that order on the 28 LSB 5696 * of the return value. The function below produces a meaningful negative 5697 * return value in that specific format. 5698 */ 5699 typedef enum { 5700 TEST_KEY_IMPORT_ERROR = 1, 5701 TEST_SIG_ERROR = 2, 5702 TEST_SIG_COMP_ERROR = 3, 5703 TEST_VERIF_ERROR = 4, 5704 TEST_ECDH_ERROR = 5, 5705 TEST_ECDH_COMP_ERROR = 6, 5706 } test_err_kind; 5707 5708 static int encode_error_value(const ec_test_case *c, test_err_kind failed_test, u32 *err_val) 5709 { 5710 ec_curve_type ctype; 5711 ec_alg_type stype = c->sig_type; 5712 hash_alg_type htype = c->hash_type; 5713 test_err_kind etype = failed_test; 5714 int ret; 5715 5716 MUST_HAVE((c != NULL) && (err_val != NULL), ret, err); 5717 5718 ret = ec_get_curve_type_by_name(c->ec_str_p->name->buf, 5719 c->ec_str_p->name->buflen, &ctype); EG(ret, err); 5720 5721 *err_val = (((u32)ctype << 24) | 5722 ((u32)stype << 16) | 5723 ((u32)htype << 8) | 5724 ((u32)etype)); 5725 ret = 0; 5726 5727 err: 5728 return ret; 5729 } 5730 5731 static inline int ecdh_encode_error_value(const ecdh_test_case *c, test_err_kind failed_test, u32 *err_val) 5732 { 5733 ec_curve_type ctype; 5734 ec_alg_type stype = c->ecdh_type; 5735 test_err_kind etype = failed_test; 5736 int ret; 5737 5738 MUST_HAVE((c != NULL) && (err_val != NULL), ret, err); 5739 5740 ret = ec_get_curve_type_by_name(c->ec_str_p->name->buf, 5741 c->ec_str_p->name->buflen, &ctype); EG(ret, err); 5742 5743 *err_val = (((u32)ctype << 24) | 5744 ((u32)stype << 16) | 5745 ((u32)0 << 8) | 5746 ((u32)etype)); 5747 ret = 0; 5748 5749 err: 5750 return ret; 5751 } 5752 5753 int perform_known_test_vectors_test(const char *sig, const char *hash, const char *curve); 5754 int perform_random_sig_verif_test(const char *sig, const char *hash, const char *curve); 5755 int perform_performance_test(const char *sig, const char *hash, const char *curve); 5756 5757 #endif /* __EC_SELF_TESTS_CORE_H__ */