xref: /freebsd/crypto/libecc/src/tests/bip0340_test_vectors.h (revision f0865ec9906d5a18fa2a3b61381f22ce16e606ad) 
1 /*
2  *  Copyright (C) 2022 - This file is part of libecc project
3  *
4  *  Authors:
5  *      Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr>
6  *      Ryad BENADJILA <ryadbenadjila@gmail.com>
7  *
8  *  This software is licensed under a dual BSD and GPL v2 license.
9  *  See LICENSE file at the root folder of the project.
10  */
11 #ifndef __BIP0340_TEST_VECTORS_H__
12 #define __BIP0340_TEST_VECTORS_H__
13 
14 #if defined(WITH_HASH_SHA256) && defined(WITH_CURVE_SECP256K1)
15 /************************************************/
16 static const u8 bip0340_1_test_vectors_priv_key[] = {
17 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
18  };
19 static const u8 bip0340_1_test_vectors_expected_sig[] = {
20 	0xE9, 0x07, 0x83, 0x1F, 0x80, 0x84, 0x8D, 0x10, 0x69, 0xA5, 0x37, 0x1B, 0x40, 0x24, 0x10, 0x36, 0x4B, 0xDF, 0x1C, 0x5F, 0x83, 0x07, 0xB0, 0x08, 0x4C, 0x55, 0xF1, 0xCE, 0x2D, 0xCA, 0x82, 0x15, 0x25, 0xF6, 0x6A, 0x4A, 0x85, 0xEA, 0x8B, 0x71, 0xE4, 0x82, 0xA7, 0x4F, 0x38, 0x2D, 0x2C, 0xE5, 0xEB, 0xEE, 0xE8, 0xFD, 0xB2, 0x17, 0x2F, 0x47, 0x7D, 0xF4, 0x90, 0x0D, 0x31, 0x05, 0x36, 0xC0,
21  };
bip0340_1_nn_random_test_vector(nn_t out,nn_src_t q)22 static int bip0340_1_nn_random_test_vector(nn_t out, nn_src_t q)
23 {
24         int ret, cmp;
25 
26         /*
27          * Fixed auxiliary random for BIP0340
28          * Test vectors from:
29 	 * https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv
30          */
31         const u8 k_buf[] = {
32 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
33         };
34 
35         ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
36         ret = nn_cmp(out, q, &cmp); EG(ret, err);
37 
38         ret = (cmp >= 0) ? -1 : 0;
39 
40 err:
41         return ret;
42 }
43 
44 static const ec_test_case bip0340_1_test_case = {
45         .name = "BIP0340-SHA256/secp256k1 1",
46         .ec_str_p = &secp256k1_str_params,
47         .priv_key = bip0340_1_test_vectors_priv_key,
48         .priv_key_len = sizeof(bip0340_1_test_vectors_priv_key),
49         .nn_random = bip0340_1_nn_random_test_vector,
50         .hash_type = SHA256,
51         .msg = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
52         .msglen = 32,
53         .sig_type = BIP0340,
54         .exp_sig = bip0340_1_test_vectors_expected_sig,
55         .exp_siglen = sizeof(bip0340_1_test_vectors_expected_sig),
56 	.adata = NULL,
57 	.adata_len = 0
58 };
59 
60 /************************************************/
61 static const u8 bip0340_2_test_vectors_priv_key[] = {
62 	0xB7, 0xE1, 0x51, 0x62, 0x8A, 0xED, 0x2A, 0x6A, 0xBF, 0x71, 0x58, 0x80, 0x9C, 0xF4, 0xF3, 0xC7, 0x62, 0xE7, 0x16, 0x0F, 0x38, 0xB4, 0xDA, 0x56, 0xA7, 0x84, 0xD9, 0x04, 0x51, 0x90, 0xCF, 0xEF,
63  };
64 static const u8 bip0340_2_test_vectors_expected_sig[] = {
65 	0x68, 0x96, 0xBD, 0x60, 0xEE, 0xAE, 0x29, 0x6D, 0xB4, 0x8A, 0x22, 0x9F, 0xF7, 0x1D, 0xFE, 0x07, 0x1B, 0xDE, 0x41, 0x3E, 0x6D, 0x43, 0xF9, 0x17, 0xDC, 0x8D, 0xCF, 0x8C, 0x78, 0xDE, 0x33, 0x41, 0x89, 0x06, 0xD1, 0x1A, 0xC9, 0x76, 0xAB, 0xCC, 0xB2, 0x0B, 0x09, 0x12, 0x92, 0xBF, 0xF4, 0xEA, 0x89, 0x7E, 0xFC, 0xB6, 0x39, 0xEA, 0x87, 0x1C, 0xFA, 0x95, 0xF6, 0xDE, 0x33, 0x9E, 0x4B, 0x0A,
66  };
bip0340_2_nn_random_test_vector(nn_t out,nn_src_t q)67 static int bip0340_2_nn_random_test_vector(nn_t out, nn_src_t q)
68 {
69         int ret, cmp;
70 
71         /*
72          * Fixed auxiliary random for BIP0340
73          * Test vectors from:
74 	 * https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv
75          */
76         const u8 k_buf[] = {
77 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
78         };
79 
80         ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
81         ret = nn_cmp(out, q, &cmp); EG(ret, err);
82 
83         ret = (cmp >= 0) ? -1 : 0;
84 
85 err:
86         return ret;
87 }
88 
89 static const ec_test_case bip0340_2_test_case = {
90         .name = "BIP0340-SHA256/secp256k1 2",
91         .ec_str_p = &secp256k1_str_params,
92         .priv_key = bip0340_2_test_vectors_priv_key,
93         .priv_key_len = sizeof(bip0340_2_test_vectors_priv_key),
94         .nn_random = bip0340_2_nn_random_test_vector,
95         .hash_type = SHA256,
96         .msg = "\x24\x3F\x6A\x88\x85\xA3\x08\xD3\x13\x19\x8A\x2E\x03\x70\x73\x44\xA4\x09\x38\x22\x29\x9F\x31\xD0\x08\x2E\xFA\x98\xEC\x4E\x6C\x89",
97         .msglen = 32,
98         .sig_type = BIP0340,
99         .exp_sig = bip0340_2_test_vectors_expected_sig,
100         .exp_siglen = sizeof(bip0340_2_test_vectors_expected_sig),
101 	.adata = NULL,
102 	.adata_len = 0
103 };
104 
105 /************************************************/
106 static const u8 bip0340_3_test_vectors_priv_key[] = {
107 	0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x14, 0xE5, 0xC9,
108  };
109 static const u8 bip0340_3_test_vectors_expected_sig[] = {
110 	0x58, 0x31, 0xAA, 0xEE, 0xD7, 0xB4, 0x4B, 0xB7, 0x4E, 0x5E, 0xAB, 0x94, 0xBA, 0x9D, 0x42, 0x94, 0xC4, 0x9B, 0xCF, 0x2A, 0x60, 0x72, 0x8D, 0x8B, 0x4C, 0x20, 0x0F, 0x50, 0xDD, 0x31, 0x3C, 0x1B, 0xAB, 0x74, 0x58, 0x79, 0xA5, 0xAD, 0x95, 0x4A, 0x72, 0xC4, 0x5A, 0x91, 0xC3, 0xA5, 0x1D, 0x3C, 0x7A, 0xDE, 0xA9, 0x8D, 0x82, 0xF8, 0x48, 0x1E, 0x0E, 0x1E, 0x03, 0x67, 0x4A, 0x6F, 0x3F, 0xB7,
111  };
bip0340_3_nn_random_test_vector(nn_t out,nn_src_t q)112 static int bip0340_3_nn_random_test_vector(nn_t out, nn_src_t q)
113 {
114         int ret, cmp;
115 
116         /*
117          * Fixed auxiliary random for BIP0340
118          * Test vectors from:
119 	 * https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv
120          */
121         const u8 k_buf[] = {
122 		0xC8, 0x7A, 0xA5, 0x38, 0x24, 0xB4, 0xD7, 0xAE, 0x2E, 0xB0, 0x35, 0xA2, 0xB5, 0xBB, 0xBC, 0xCC, 0x08, 0x0E, 0x76, 0xCD, 0xC6, 0xD1, 0x69, 0x2C, 0x4B, 0x0B, 0x62, 0xD7, 0x98, 0xE6, 0xD9, 0x06,
123         };
124 
125         ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
126         ret = nn_cmp(out, q, &cmp); EG(ret, err);
127 
128         ret = (cmp >= 0) ? -1 : 0;
129 
130 err:
131         return ret;
132 }
133 
134 static const ec_test_case bip0340_3_test_case = {
135         .name = "BIP0340-SHA256/secp256k1 3",
136         .ec_str_p = &secp256k1_str_params,
137         .priv_key = bip0340_3_test_vectors_priv_key,
138         .priv_key_len = sizeof(bip0340_3_test_vectors_priv_key),
139         .nn_random = bip0340_3_nn_random_test_vector,
140         .hash_type = SHA256,
141         .msg = "\x7E\x2D\x58\xD8\xB3\xBC\xDF\x1A\xBA\xDE\xC7\x82\x90\x54\xF9\x0D\xDA\x98\x05\xAA\xB5\x6C\x77\x33\x30\x24\xB9\xD0\xA5\x08\xB7\x5C",
142         .msglen = 32,
143         .sig_type = BIP0340,
144         .exp_sig = bip0340_3_test_vectors_expected_sig,
145         .exp_siglen = sizeof(bip0340_3_test_vectors_expected_sig),
146 	.adata = NULL,
147 	.adata_len = 0
148 };
149 
150 /************************************************/
151 static const u8 bip0340_4_test_vectors_priv_key[] = {
152 	0x0B, 0x43, 0x2B, 0x26, 0x77, 0x93, 0x73, 0x81, 0xAE, 0xF0, 0x5B, 0xB0, 0x2A, 0x66, 0xEC, 0xD0, 0x12, 0x77, 0x30, 0x62, 0xCF, 0x3F, 0xA2, 0x54, 0x9E, 0x44, 0xF5, 0x8E, 0xD2, 0x40, 0x17, 0x10,
153  };
154 static const u8 bip0340_4_test_vectors_expected_sig[] = {
155 	0x7E, 0xB0, 0x50, 0x97, 0x57, 0xE2, 0x46, 0xF1, 0x94, 0x49, 0x88, 0x56, 0x51, 0x61, 0x1C, 0xB9, 0x65, 0xEC, 0xC1, 0xA1, 0x87, 0xDD, 0x51, 0xB6, 0x4F, 0xDA, 0x1E, 0xDC, 0x96, 0x37, 0xD5, 0xEC, 0x97, 0x58, 0x2B, 0x9C, 0xB1, 0x3D, 0xB3, 0x93, 0x37, 0x05, 0xB3, 0x2B, 0xA9, 0x82, 0xAF, 0x5A, 0xF2, 0x5F, 0xD7, 0x88, 0x81, 0xEB, 0xB3, 0x27, 0x71, 0xFC, 0x59, 0x22, 0xEF, 0xC6, 0x6E, 0xA3,
156  };
bip0340_4_nn_random_test_vector(nn_t out,nn_src_t q)157 static int bip0340_4_nn_random_test_vector(nn_t out, nn_src_t q)
158 {
159         int ret, cmp;
160 
161         /*
162          * Fixed auxiliary random for BIP0340
163          * Test vectors from:
164 	 * https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv
165          */
166         const u8 k_buf[] = {
167 		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
168         };
169 
170         ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
171         ret = nn_cmp(out, q, &cmp); EG(ret, err);
172 
173         ret = (cmp >= 0) ? -1 : 0;
174 
175 err:
176         return ret;
177 }
178 
179 static const ec_test_case bip0340_4_test_case = {
180         .name = "BIP0340-SHA256/secp256k1 4",
181         .ec_str_p = &secp256k1_str_params,
182         .priv_key = bip0340_4_test_vectors_priv_key,
183         .priv_key_len = sizeof(bip0340_4_test_vectors_priv_key),
184         .nn_random = bip0340_4_nn_random_test_vector,
185         .hash_type = SHA256,
186         .msg = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF",
187         .msglen = 32,
188         .sig_type = BIP0340,
189         .exp_sig = bip0340_4_test_vectors_expected_sig,
190         .exp_siglen = sizeof(bip0340_4_test_vectors_expected_sig),
191 	.adata = NULL,
192 	.adata_len = 0
193 };
194 
195 #endif
196 
197 /************************************************/
198 #define BIP0340_ALL_TESTS() \
199         &bip0340_1_test_case, \
200         &bip0340_2_test_case, \
201         &bip0340_3_test_case, \
202         &bip0340_4_test_case,
203 
204 #endif /* __BIP0340_TEST_VECTORS_H__ */
205