1 /*
2 * Copyright (C) 2017 - This file is part of libecc project
3 *
4 * Authors:
5 * Ryad BENADJILA <ryadbenadjila@gmail.com>
6 * Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr>
7 * Jean-Pierre FLORI <jean-pierre.flori@ssi.gouv.fr>
8 *
9 * Contributors:
10 * Nicolas VIVET <nicolas.vivet@ssi.gouv.fr>
11 * Karim KHALFALLAH <karim.khalfallah@ssi.gouv.fr>
12 *
13 * This software is licensed under a dual BSD and GPL v2 license.
14 * See LICENSE file at the root folder of the project.
15 */
16 #ifndef __EC_SELF_TESTS_CORE_H__
17 #define __EC_SELF_TESTS_CORE_H__
18
19 #include <libecc/libsig.h>
20
21 /* A test is fully defined by the attributes pointed in this structure. */
22 typedef struct {
23 /* Test case name */
24 const char *name;
25
26 /* Curve params */
27 const ec_str_params *ec_str_p;
28
29 /* Private key */
30 const u8 *priv_key;
31 u8 priv_key_len;
32
33 /* Function returning a fixed random value */
34 int (*nn_random) (nn_t out, nn_src_t q);
35
36 /* Hash function */
37 hash_alg_type hash_type;
38
39 /* Message */
40 const char *msg;
41 u32 msglen;
42
43 /* Expected signature and associated length */
44 ec_alg_type sig_type;
45 const u8 *exp_sig;
46 u8 exp_siglen;
47
48 /* Optional ancillary data */
49 const u8 *adata;
50 u16 adata_len;
51 } ec_test_case;
52
53 /* ECDH test case */
54 typedef struct {
55 /* Test case name */
56 const char *name;
57
58 /* ECDH type */
59 ec_alg_type ecdh_type;
60
61 /* Curve params */
62 const ec_str_params *ec_str_p;
63
64 /* Our private key */
65 const u8 *our_priv_key;
66 u8 our_priv_key_len;
67
68 /* Peer public key */
69 const u8 *peer_pub_key;
70 u8 peer_pub_key_len;
71
72 /* Our expected public key */
73 const u8 *exp_our_pub_key;
74 u8 exp_our_pub_key_len;
75
76 /* Expected shared secret */
77 const u8 *exp_shared_secret;
78 u8 exp_shared_secret_len;
79 } ecdh_test_case;
80
81 /*******************************************************************
82 ************** ECDSA tests ****************************************
83 *******************************************************************/
84 #if (defined(WITH_HASH_SHA3_224) || defined(WITH_HASH_SHA3_256) || \
85 defined(WITH_HASH_SHA3_384) || defined(WITH_HASH_SHA3_512))
86
87 /*
88 * This test message is the 1600 bits message used by NIST in its
89 * test vectors for SHA3. We reuse it for sig/verif test vectors
90 * using SHA3.
91 */
92 static const u8 sha3_1600_bit_msg[] = {
93 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
94 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
95 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
96 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
97 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
98 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
99 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
100 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
101 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
102 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
103 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
104 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
105 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
106 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
107 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
108 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
109 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
110 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
111 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
112 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
113 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
114 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
115 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
116 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
117 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3
118 };
119 #endif
120
121 #ifdef WITH_SIG_ECDSA
122 #ifdef WITH_HASH_SHA3_224
123 #ifdef WITH_CURVE_SECP224R1
124 #define ECDSA_SHA3_224_SECP224R1_SELF_TEST
125
126 /* ECDSA secp224r1 test vectors */
127
ecdsa_nn_random_secp224r1_sha3_224_test_vector(nn_t out,nn_src_t q)128 static int ecdsa_nn_random_secp224r1_sha3_224_test_vector(nn_t out, nn_src_t q)
129 {
130 int ret, cmp;
131
132 /*
133 * Fixed ephemeral private key for secp224r1 signature
134 * test vectors from RFC4754
135 */
136 const u8 k_buf[] = {
137 0xb7, 0x63, 0x8a, 0x22, 0xe5, 0xee, 0xe7, 0x76,
138 0xa4, 0x25, 0x3f, 0x97, 0xe8, 0x35, 0x1a, 0x3c,
139 0x94, 0xb0, 0x19, 0x37, 0x66, 0x2a, 0x0e, 0xbd,
140 0xd6, 0xe7, 0xae, 0xe0
141 };
142
143 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
144 ret = nn_cmp(out, q, &cmp); EG(ret, err);
145
146 ret = (cmp >= 0) ? -1 : 0;
147
148 err:
149 return ret;
150 }
151
152 static const u8 ecdsa_secp224r1_sha3_224_test_vectors_priv_key[] = {
153 0xc3, 0x1a, 0x15, 0x2d, 0x2c, 0x62, 0x40, 0x21,
154 0x80, 0x87, 0x55, 0xb2, 0xcb, 0xdf, 0x80, 0xd3,
155 0x09, 0xe3, 0x6a, 0xea, 0xc1, 0xcc, 0xd9, 0xdb,
156 0x82, 0xb1, 0xd7, 0xc3
157 };
158
159 static const u8 ecdsa_secp224r1_sha3_224_test_vectors_expected_sig[] = {
160 0x56, 0xa6, 0x93, 0xe1, 0x20, 0x0a, 0xa8, 0xe3,
161 0xd2, 0x78, 0x07, 0xba, 0x5c, 0xe7, 0xb8, 0xf7,
162 0xdf, 0x24, 0xa6, 0x65, 0x1e, 0xb8, 0x70, 0x6e,
163 0x65, 0x52, 0x49, 0xd4,
164 0x14, 0xd0, 0x4b, 0x6b, 0xb9, 0x32, 0x58, 0x7d,
165 0xc0, 0xc6, 0x1c, 0xa1, 0x44, 0xf8, 0x4b, 0xf4,
166 0x6e, 0x7a, 0xbd, 0xcf, 0xa7, 0xa7, 0xa1, 0xee,
167 0x56, 0x06, 0x9a, 0x37
168 };
169
170 static const ec_test_case ecdsa_secp224r1_sha3_224_test_case = {
171 .name = "ECDSA-SHA3_224/secp224r1",
172 .ec_str_p = &secp224r1_str_params,
173 .priv_key = ecdsa_secp224r1_sha3_224_test_vectors_priv_key,
174 .priv_key_len = sizeof(ecdsa_secp224r1_sha3_224_test_vectors_priv_key),
175 .nn_random = ecdsa_nn_random_secp224r1_sha3_224_test_vector,
176 .hash_type = SHA3_224,
177 .msg = (const char *)sha3_1600_bit_msg,
178 .msglen = sizeof(sha3_1600_bit_msg),
179 .sig_type = ECDSA,
180 .exp_sig = ecdsa_secp224r1_sha3_224_test_vectors_expected_sig,
181 .exp_siglen =
182 sizeof(ecdsa_secp224r1_sha3_224_test_vectors_expected_sig),
183 .adata = NULL,
184 .adata_len = 0
185 };
186 #endif /* WITH_CURVE_SECP224R1 */
187 #endif /* WITH_HASH_SHA3_224 */
188
189 #ifdef WITH_HASH_SHA3_256
190 #ifdef WITH_CURVE_SECP256R1
191 #define ECDSA_SHA3_256_SECP256R1_SELF_TEST
192
193 /* ECDSA secp256r1 test vectors */
194
ecdsa_nn_random_secp256r1_sha3_256_test_vector(nn_t out,nn_src_t q)195 static int ecdsa_nn_random_secp256r1_sha3_256_test_vector(nn_t out, nn_src_t q)
196 {
197 int ret, cmp;
198
199 /*
200 * Fixed ephemeral private key for secp256r1 signature
201 * test vectors from RFC4754
202 */
203 const u8 k_buf[] = {
204 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9,
205 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7,
206 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15,
207 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE
208 };
209
210 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
211 ret = nn_cmp(out, q, &cmp); EG(ret, err);
212
213 ret = (cmp >= 0) ? -1 : 0;
214
215 err:
216 return ret;
217 }
218
219 static const u8 ecdsa_secp256r1_sha3_256_test_vectors_priv_key[] = {
220 0xDC, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD,
221 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D,
222 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75,
223 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F
224 };
225
226 static const u8 ecdsa_secp256r1_sha3_256_test_vectors_expected_sig[] = {
227 0xCB, 0x28, 0xE0, 0x99, 0x9B, 0x9C, 0x77, 0x15,
228 0xFD, 0x0A, 0x80, 0xD8, 0xE4, 0x7A, 0x77, 0x07,
229 0x97, 0x16, 0xCB, 0xBF, 0x91, 0x7D, 0xD7, 0x2E,
230 0x97, 0x56, 0x6E, 0xA1, 0xC0, 0x66, 0x95, 0x7C,
231
232 0x1d, 0x5d, 0x46, 0x09, 0xa2, 0xf9, 0x69, 0xa1,
233 0x90, 0xeb, 0x6b, 0x84, 0x51, 0xdd, 0x43, 0x0d,
234 0x65, 0x07, 0x10, 0x4d, 0xb6, 0x46, 0x61, 0x68,
235 0xec, 0x7a, 0x73, 0xdb, 0x8c, 0x96, 0xe9, 0x1b
236 };
237
238 static const ec_test_case ecdsa_secp256r1_sha3_256_test_case = {
239 .name = "ECDSA-SHA3_256/secp256r1",
240 .ec_str_p = &secp256r1_str_params,
241 .priv_key = ecdsa_secp256r1_sha3_256_test_vectors_priv_key,
242 .priv_key_len = sizeof(ecdsa_secp256r1_sha3_256_test_vectors_priv_key),
243 .nn_random = ecdsa_nn_random_secp256r1_sha3_256_test_vector,
244 .hash_type = SHA3_256,
245 .msg = (const char *)sha3_1600_bit_msg,
246 .msglen = sizeof(sha3_1600_bit_msg),
247 .sig_type = ECDSA,
248 .exp_sig = ecdsa_secp256r1_sha3_256_test_vectors_expected_sig,
249 .exp_siglen =
250 sizeof(ecdsa_secp256r1_sha3_256_test_vectors_expected_sig),
251 .adata = NULL,
252 .adata_len = 0
253 };
254 #endif /* WITH_CURVE_SECP256R1 */
255 #endif /* WITH_HASH_SHA3_256 */
256
257 #ifdef WITH_HASH_SHA3_512
258 #ifdef WITH_CURVE_SECP256R1
259 #define ECDSA_SHA3_512_SECP256R1_SELF_TEST
260
261 /*
262 * ECDSA secp256r1 test vector using SHA3_512. This test vector is intended
263 * to test truncation (right shift) step in signature and verification
264 * code when the output size of the hash function is larger than the
265 * bit size of q (order of the group generated by the base point).
266 */
267
ecdsa_nn_random_secp256r1_sha3_512_test_vector(nn_t out,nn_src_t q)268 static int ecdsa_nn_random_secp256r1_sha3_512_test_vector(nn_t out, nn_src_t q)
269 {
270 int ret, cmp;
271 const u8 k_buf[] = {
272 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9,
273 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7,
274 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15,
275 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE
276 };
277
278 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
279 ret = nn_cmp(out, q, &cmp); EG(ret, err);
280
281 ret = (cmp >= 0) ? -1 : 0;
282
283 err:
284 return ret;
285 }
286
287 static const u8 ecdsa_secp256r1_sha3_512_test_vectors_priv_key[] = {
288 0xDC, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD,
289 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D,
290 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75,
291 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F
292 };
293
294 static const u8 ecdsa_secp256r1_sha3_512_test_vectors_expected_sig[] = {
295 0xcb, 0x28, 0xe0, 0x99, 0x9b, 0x9c, 0x77, 0x15,
296 0xfd, 0x0a, 0x80, 0xd8, 0xe4, 0x7a, 0x77, 0x07,
297 0x97, 0x16, 0xcb, 0xbf, 0x91, 0x7d, 0xd7, 0x2e,
298 0x97, 0x56, 0x6e, 0xa1, 0xc0, 0x66, 0x95, 0x7c,
299
300 0x88, 0x48, 0x1a, 0x4f, 0x5b, 0xd4, 0xf6, 0x8f,
301 0xcf, 0xe0, 0xb3, 0x15, 0xc4, 0xd4, 0x0a, 0xf9,
302 0xd5, 0x31, 0x76, 0x97, 0xae, 0x29, 0x45, 0x47,
303 0xef, 0x7c, 0x8f, 0x01, 0x41, 0x24, 0xea, 0xff
304 };
305
306 static const ec_test_case ecdsa_secp256r1_sha3_512_test_case = {
307 .name = "ECDSA-SHA3_512/secp256r1",
308 .ec_str_p = &secp256r1_str_params,
309 .priv_key = ecdsa_secp256r1_sha3_512_test_vectors_priv_key,
310 .priv_key_len = sizeof(ecdsa_secp256r1_sha3_512_test_vectors_priv_key),
311 .nn_random = ecdsa_nn_random_secp256r1_sha3_512_test_vector,
312 .hash_type = SHA3_512,
313 .msg = (const char *)sha3_1600_bit_msg,
314 .msglen = sizeof(sha3_1600_bit_msg),
315 .sig_type = ECDSA,
316 .exp_sig = ecdsa_secp256r1_sha3_512_test_vectors_expected_sig,
317 .exp_siglen =
318 sizeof(ecdsa_secp256r1_sha3_512_test_vectors_expected_sig),
319 .adata = NULL,
320 .adata_len = 0
321 };
322 #endif /* WITH_CURVE_SECP256R1 */
323 #endif /* WITH_HASH_SHA3_512 */
324
325 #ifdef WITH_HASH_SHA3_384
326 #ifdef WITH_CURVE_SECP384R1
327 #define ECDSA_SHA3_384_SECP384R1_SELF_TEST
328
329 /* ECDSA secp384r1 test vectors */
330
ecdsa_nn_random_secp384r1_sha3_384_test_vector(nn_t out,nn_src_t q)331 static int ecdsa_nn_random_secp384r1_sha3_384_test_vector(nn_t out, nn_src_t q)
332 {
333 int ret, cmp;
334
335 /*
336 * Fixed ephemeral private key for secp384r1 signature
337 * test vectors from RFC4754
338 */
339 const u8 k_buf[] = {
340 0xB4, 0xB7, 0x4E, 0x44, 0xD7, 0x1A, 0x13, 0xD5,
341 0x68, 0x00, 0x3D, 0x74, 0x89, 0x90, 0x8D, 0x56,
342 0x4C, 0x77, 0x61, 0xE2, 0x29, 0xC5, 0x8C, 0xBF,
343 0xA1, 0x89, 0x50, 0x09, 0x6E, 0xB7, 0x46, 0x3B,
344 0x85, 0x4D, 0x7F, 0xA9, 0x92, 0xF9, 0x34, 0xD9,
345 0x27, 0x37, 0x62, 0x85, 0xE6, 0x34, 0x14, 0xFA
346 };
347
348 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
349 ret = nn_cmp(out, q, &cmp); EG(ret, err);
350
351 ret = (cmp >= 0) ? -1 : 0;
352
353 err:
354 return ret;
355 }
356
357 static const u8 ecdsa_secp384r1_sha3_384_test_vectors_priv_key[] = {
358 0x0B, 0xEB, 0x64, 0x66, 0x34, 0xBA, 0x87, 0x73,
359 0x5D, 0x77, 0xAE, 0x48, 0x09, 0xA0, 0xEB, 0xEA,
360 0x86, 0x55, 0x35, 0xDE, 0x4C, 0x1E, 0x1D, 0xCB,
361 0x69, 0x2E, 0x84, 0x70, 0x8E, 0x81, 0xA5, 0xAF,
362 0x62, 0xE5, 0x28, 0xC3, 0x8B, 0x2A, 0x81, 0xB3,
363 0x53, 0x09, 0x66, 0x8D, 0x73, 0x52, 0x4D, 0x9F
364 };
365
366 static const u8 ecdsa_secp384r1_sha3_384_test_vectors_expected_sig[] = {
367 0xfb, 0x01, 0x7b, 0x91, 0x4e, 0x29, 0x14, 0x94,
368 0x32, 0xd8, 0xba, 0xc2, 0x9a, 0x51, 0x46, 0x40,
369 0xb4, 0x6f, 0x53, 0xdd, 0xab, 0x2c, 0x69, 0x94,
370 0x80, 0x84, 0xe2, 0x93, 0x0f, 0x1c, 0x8f, 0x7e,
371 0x08, 0xe0, 0x7c, 0x9c, 0x63, 0xf2, 0xd2, 0x1a,
372 0x07, 0xdc, 0xb5, 0x6a, 0x6a, 0xf5, 0x6e, 0xb3,
373
374 0xbe, 0x9b, 0x4f, 0x2b, 0x7b, 0x02, 0xca, 0xd3,
375 0xd0, 0xb4, 0x7c, 0xf6, 0x20, 0xfa, 0x26, 0xae,
376 0x24, 0x6c, 0x95, 0x86, 0x1d, 0xbe, 0x6b, 0x5d,
377 0xc5, 0xb3, 0xb3, 0xfb, 0xea, 0x96, 0x4f, 0xef,
378 0x48, 0xb7, 0x4b, 0x07, 0x4a, 0xdd, 0x6a, 0xc8,
379 0x8f, 0x4f, 0x3f, 0x9d, 0xdd, 0x3a, 0xa4, 0x1c
380 };
381
382 static const ec_test_case ecdsa_secp384r1_sha3_384_test_case = {
383 .name = "ECDSA-SHA3_384/secp384r1",
384 .ec_str_p = &secp384r1_str_params,
385 .priv_key = ecdsa_secp384r1_sha3_384_test_vectors_priv_key,
386 .priv_key_len = sizeof(ecdsa_secp384r1_sha3_384_test_vectors_priv_key),
387 .nn_random = ecdsa_nn_random_secp384r1_sha3_384_test_vector,
388 .hash_type = SHA3_384,
389 .msg = (const char *)sha3_1600_bit_msg,
390 .msglen = sizeof(sha3_1600_bit_msg),
391 .sig_type = ECDSA,
392 .exp_sig = ecdsa_secp384r1_sha3_384_test_vectors_expected_sig,
393 .exp_siglen =
394 sizeof(ecdsa_secp384r1_sha3_384_test_vectors_expected_sig),
395 .adata = NULL,
396 .adata_len = 0
397 };
398 #endif /* WITH_CURVE_SECP384R1 */
399 #endif /* WITH_HASH_SHA3_384 */
400
401 #ifdef WITH_HASH_SHA3_512
402 #ifdef WITH_CURVE_SECP521R1
403 #define ECDSA_SHA3_512_SECP521R1_SELF_TEST
404
405 /* ECDSA secp521r1 test vectors */
406
ecdsa_nn_random_secp521r1_sha3_512_test_vector(nn_t out,nn_src_t q)407 static int ecdsa_nn_random_secp521r1_sha3_512_test_vector(nn_t out, nn_src_t q)
408 {
409 int ret, cmp;
410
411 /*
412 * Fixed ephemeral private key for secp521r1 signature
413 * test vectors from RFC4754
414 */
415 const u8 k_buf[] = {
416 0x00, 0xC1, 0xC2, 0xB3, 0x05, 0x41, 0x9F, 0x5A,
417 0x41, 0x34, 0x4D, 0x7E, 0x43, 0x59, 0x93, 0x3D,
418 0x73, 0x40, 0x96, 0xF5, 0x56, 0x19, 0x7A, 0x9B,
419 0x24, 0x43, 0x42, 0xB8, 0xB6, 0x2F, 0x46, 0xF9,
420 0x37, 0x37, 0x78, 0xF9, 0xDE, 0x6B, 0x64, 0x97,
421 0xB1, 0xEF, 0x82, 0x5F, 0xF2, 0x4F, 0x42, 0xF9,
422 0xB4, 0xA4, 0xBD, 0x73, 0x82, 0xCF, 0xC3, 0x37,
423 0x8A, 0x54, 0x0B, 0x1B, 0x7F, 0x0C, 0x1B, 0x95,
424 0x6C, 0x2F
425 };
426
427 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
428 ret = nn_cmp(out, q, &cmp); EG(ret, err);
429
430 ret = (cmp >= 0) ? -1 : 0;
431
432 err:
433 return ret;
434 }
435
436 static const u8 ecdsa_secp521r1_sha3_512_test_vectors_priv_key[] = {
437 0x00, 0x65, 0xFD, 0xA3, 0x40, 0x94, 0x51, 0xDC,
438 0xAB, 0x0A, 0x0E, 0xAD, 0x45, 0x49, 0x51, 0x12,
439 0xA3, 0xD8, 0x13, 0xC1, 0x7B, 0xFD, 0x34, 0xBD,
440 0xF8, 0xC1, 0x20, 0x9D, 0x7D, 0xF5, 0x84, 0x91,
441 0x20, 0x59, 0x77, 0x79, 0x06, 0x0A, 0x7F, 0xF9,
442 0xD7, 0x04, 0xAD, 0xF7, 0x8B, 0x57, 0x0F, 0xFA,
443 0xD6, 0xF0, 0x62, 0xE9, 0x5C, 0x7E, 0x0C, 0x5D,
444 0x54, 0x81, 0xC5, 0xB1, 0x53, 0xB4, 0x8B, 0x37,
445 0x5F, 0xA1
446 };
447
448 static const u8 ecdsa_secp521r1_sha3_512_test_vectors_expected_sig[] = {
449 0x01, 0x54, 0xfd, 0x38, 0x36, 0xaf, 0x92, 0xd0,
450 0xdc, 0xa5, 0x7d, 0xd5, 0x34, 0x1d, 0x30, 0x53,
451 0x98, 0x85, 0x34, 0xfd, 0xe8, 0x31, 0x8f, 0xc6,
452 0xaa, 0xaa, 0xb6, 0x8e, 0x2e, 0x6f, 0x43, 0x39,
453 0xb1, 0x9f, 0x2f, 0x28, 0x1a, 0x7e, 0x0b, 0x22,
454 0xc2, 0x69, 0xd9, 0x3c, 0xf8, 0x79, 0x4a, 0x92,
455 0x78, 0x88, 0x0e, 0xd7, 0xdb, 0xb8, 0xd9, 0x36,
456 0x2c, 0xae, 0xac, 0xee, 0x54, 0x43, 0x20, 0x55,
457 0x22, 0x51,
458 0x00, 0x15, 0xeb, 0xfd, 0xad, 0xf3, 0xf8, 0x00,
459 0x11, 0x51, 0x47, 0x9e, 0xec, 0xf4, 0x19, 0x53,
460 0x01, 0x56, 0xc2, 0x85, 0x62, 0x69, 0xc5, 0x24,
461 0x4c, 0x7a, 0xbd, 0xac, 0x36, 0xab, 0x45, 0xd0,
462 0xdc, 0xf5, 0xa5, 0xb5, 0x33, 0xff, 0xff, 0xa2,
463 0xa8, 0xbe, 0xea, 0xea, 0xda, 0x04, 0xc1, 0xc5,
464 0xc8, 0x1e, 0x99, 0xa1, 0xd7, 0x88, 0xc9, 0x24,
465 0x03, 0xe1, 0x78, 0x4a, 0x82, 0xcd, 0xd5, 0xe5,
466 0xfb, 0x27
467 };
468
469 static const ec_test_case ecdsa_secp521r1_sha3_512_test_case = {
470 .name = "ECDSA-SHA3_512/secp521r1",
471 .ec_str_p = &secp521r1_str_params,
472 .priv_key = ecdsa_secp521r1_sha3_512_test_vectors_priv_key,
473 .priv_key_len = sizeof(ecdsa_secp521r1_sha3_512_test_vectors_priv_key),
474 .nn_random = ecdsa_nn_random_secp521r1_sha3_512_test_vector,
475 .hash_type = SHA3_512,
476 .msg = (const char *)sha3_1600_bit_msg,
477 .msglen = sizeof(sha3_1600_bit_msg),
478 .sig_type = ECDSA,
479 .exp_sig = ecdsa_secp521r1_sha3_512_test_vectors_expected_sig,
480 .exp_siglen =
481 sizeof(ecdsa_secp521r1_sha3_512_test_vectors_expected_sig),
482 .adata = NULL,
483 .adata_len = 0
484 };
485 #endif /* WITH_CURVE_SECP521R1 */
486 #endif /* WITH_HASH_SHA3_512 */
487
488 #ifdef WITH_HASH_SHA224
489 #ifdef WITH_CURVE_SECP192R1
490 #define ECDSA_SHA224_SECP192R1_SELF_TEST
491
492 /* ECDSA secp192r1 w/ sha224 test vectors to test truncation steps */
493
ecdsa_nn_random_secp192r1_test_vector(nn_t out,nn_src_t q)494 static int ecdsa_nn_random_secp192r1_test_vector(nn_t out, nn_src_t q)
495 {
496 int ret, cmp;
497
498 const u8 k_buf[] = {
499 0xFA, 0x6D, 0xE2, 0x97, 0x46, 0xBB, 0xEB, 0x7F,
500 0x8B, 0xB1, 0xE7, 0x61, 0xF8, 0x5F, 0x7D, 0xFB,
501 0x29, 0x83, 0x16, 0x9D, 0x82, 0xFA, 0x2F, 0x4E
502 };
503
504 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
505 ret = nn_cmp(out, q, &cmp); EG(ret, err);
506
507 ret = (cmp >= 0) ? -1 : 0;
508
509 err:
510 return ret;
511 }
512
513 static const u8 ecdsa_secp192r1_test_vectors_priv_key[] = {
514 0x1A, 0x8D, 0x59, 0x8F, 0xC1, 0x5B, 0xF0, 0xFD,
515 0x89, 0x03, 0x0B, 0x5C, 0xB1, 0x11, 0x1A, 0xEB,
516 0x92, 0xAE, 0x8B, 0xAF, 0x5E, 0xA4, 0x75, 0xFB
517 };
518
519 static const u8 ecdsa_secp192r1_test_vectors_expected_sig[] = {
520 0x88, 0x50, 0x52, 0x38, 0x0F, 0xF1, 0x47, 0xB7,
521 0x34, 0xC3, 0x30, 0xC4, 0x3D, 0x39, 0xB2, 0xC4,
522 0xA8, 0x9F, 0x29, 0xB0, 0xF7, 0x49, 0xFE, 0xAD,
523
524 0x66, 0x63, 0xF2, 0x78, 0x36, 0x98, 0x7E, 0xED,
525 0x45, 0x85, 0x82, 0xD1, 0xF4, 0x43, 0x29, 0x3A,
526 0x5E, 0xD8, 0x88, 0x49, 0xB2, 0xFC, 0x5C, 0xD9
527 };
528
529 static const ec_test_case ecdsa_secp192r1_test_case = {
530 .name = "ECDSA-SHA224/secp192r1",
531 .ec_str_p = &secp192r1_str_params,
532 .priv_key = ecdsa_secp192r1_test_vectors_priv_key,
533 .priv_key_len = sizeof(ecdsa_secp192r1_test_vectors_priv_key),
534 .nn_random = ecdsa_nn_random_secp192r1_test_vector,
535 .hash_type = SHA224,
536 .msg = "abc",
537 .msglen = 3,
538 .sig_type = ECDSA,
539 .exp_sig = ecdsa_secp192r1_test_vectors_expected_sig,
540 .exp_siglen = sizeof(ecdsa_secp192r1_test_vectors_expected_sig),
541 .adata = NULL,
542 .adata_len = 0
543 };
544 #endif /* WITH_CURVE_SECP192R1 */
545 #endif /* WITH_HASH_SHA224 */
546
547 #ifdef WITH_HASH_SHA224
548 #ifdef WITH_CURVE_SECP224R1
549 #define ECDSA_SHA224_SECP224R1_SELF_TEST
550
551 /* ECDSA secp224r1 test vectors */
552
ecdsa_nn_random_rfc4754_secp224r1_test_vector(nn_t out,nn_src_t q)553 static int ecdsa_nn_random_rfc4754_secp224r1_test_vector(nn_t out, nn_src_t q)
554 {
555 int ret, cmp;
556
557 /*
558 * Fixed ephemeral private key for secp224r1 signature
559 * test vectors from RFC4754
560 */
561 const u8 k_buf[] = {
562 0xb7, 0x63, 0x8a, 0x22, 0xe5, 0xee, 0xe7, 0x76,
563 0xa4, 0x25, 0x3f, 0x97, 0xe8, 0x35, 0x1a, 0x3c,
564 0x94, 0xb0, 0x19, 0x37, 0x66, 0x2a, 0x0e, 0xbd,
565 0xd6, 0xe7, 0xae, 0xe0
566 };
567
568 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
569 ret = nn_cmp(out, q, &cmp); EG(ret, err);
570
571 ret = (cmp >= 0) ? -1 : 0;
572
573 err:
574 return ret;
575 }
576
577 static const u8 ecdsa_secp224r1_test_vectors_priv_key[] = {
578 0xc3, 0x1a, 0x15, 0x2d, 0x2c, 0x62, 0x40, 0x21,
579 0x80, 0x87, 0x55, 0xb2, 0xcb, 0xdf, 0x80, 0xd3,
580 0x09, 0xe3, 0x6a, 0xea, 0xc1, 0xcc, 0xd9, 0xdb,
581 0x82, 0xb1, 0xd7, 0xc3
582 };
583
584 static const u8 ecdsa_secp224r1_test_vectors_expected_sig[] = {
585 0x56, 0xa6, 0x93, 0xe1, 0x20, 0x0a, 0xa8, 0xe3,
586 0xd2, 0x78, 0x07, 0xba, 0x5c, 0xe7, 0xb8, 0xf7,
587 0xdf, 0x24, 0xa6, 0x65, 0x1e, 0xb8, 0x70, 0x6e,
588 0x65, 0x52, 0x49, 0xd4,
589 0x4e, 0x49, 0xa0, 0x37, 0x9d, 0x04, 0x4f, 0x34,
590 0x82, 0xe5, 0x68, 0x32, 0x45, 0x84, 0x23, 0xcf,
591 0x0a, 0xef, 0xef, 0xe9, 0x08, 0x1b, 0x6b, 0xc7,
592 0x80, 0x5e, 0x18, 0xea
593 };
594
595 static const ec_test_case ecdsa_secp224r1_test_case = {
596 .name = "ECDSA-SHA224/secp224r1",
597 .ec_str_p = &secp224r1_str_params,
598 .priv_key = ecdsa_secp224r1_test_vectors_priv_key,
599 .priv_key_len = sizeof(ecdsa_secp224r1_test_vectors_priv_key),
600 .nn_random = ecdsa_nn_random_rfc4754_secp224r1_test_vector,
601 .hash_type = SHA224,
602 .msg = "abc",
603 .msglen = 3,
604 .sig_type = ECDSA,
605 .exp_sig = ecdsa_secp224r1_test_vectors_expected_sig,
606 .exp_siglen = sizeof(ecdsa_secp224r1_test_vectors_expected_sig),
607 .adata = NULL,
608 .adata_len = 0
609 };
610 #endif /* WITH_CURVE_SECP224R1 */
611 #endif /* WITH_HASH_SHA224 */
612
613 #ifdef WITH_HASH_SHA256
614 #ifdef WITH_CURVE_SECP256R1
615 #define ECDSA_SHA256_SECP256R1_SELF_TEST
616
617 /* ECDSA secp256r1 test vectors */
618
ecdsa_nn_random_rfc4754_secp256r1_test_vector(nn_t out,nn_src_t q)619 static int ecdsa_nn_random_rfc4754_secp256r1_test_vector(nn_t out, nn_src_t q)
620 {
621 int ret, cmp;
622
623 /*
624 * Fixed ephemeral private key for secp256r1 signature
625 * test vectors from RFC4754
626 */
627 const u8 k_buf[] = {
628 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9,
629 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7,
630 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15,
631 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE
632 };
633
634 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
635 ret = nn_cmp(out, q, &cmp); EG(ret, err);
636
637 ret = (cmp >= 0) ? -1 : 0;
638
639 err:
640 return ret;
641 }
642
643 static const u8 ecdsa_secp256r1_test_vectors_priv_key[] = {
644 0xDC, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD,
645 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D,
646 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75,
647 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F
648 };
649
650 static const u8 ecdsa_secp256r1_test_vectors_expected_sig[] = {
651 0xCB, 0x28, 0xE0, 0x99, 0x9B, 0x9C, 0x77, 0x15,
652 0xFD, 0x0A, 0x80, 0xD8, 0xE4, 0x7A, 0x77, 0x07,
653 0x97, 0x16, 0xCB, 0xBF, 0x91, 0x7D, 0xD7, 0x2E,
654 0x97, 0x56, 0x6E, 0xA1, 0xC0, 0x66, 0x95, 0x7C,
655 0x86, 0xFA, 0x3B, 0xB4, 0xE2, 0x6C, 0xAD, 0x5B,
656 0xF9, 0x0B, 0x7F, 0x81, 0x89, 0x92, 0x56, 0xCE,
657 0x75, 0x94, 0xBB, 0x1E, 0xA0, 0xC8, 0x92, 0x12,
658 0x74, 0x8B, 0xFF, 0x3B, 0x3D, 0x5B, 0x03, 0x15
659 };
660
661 static const ec_test_case ecdsa_secp256r1_test_case = {
662 .name = "ECDSA-SHA256/secp256r1",
663 .ec_str_p = &secp256r1_str_params,
664 .priv_key = ecdsa_secp256r1_test_vectors_priv_key,
665 .priv_key_len = sizeof(ecdsa_secp256r1_test_vectors_priv_key),
666 .nn_random = ecdsa_nn_random_rfc4754_secp256r1_test_vector,
667 .hash_type = SHA256,
668 .msg = "abc",
669 .msglen = 3,
670 .sig_type = ECDSA,
671 .exp_sig = ecdsa_secp256r1_test_vectors_expected_sig,
672 .exp_siglen = sizeof(ecdsa_secp256r1_test_vectors_expected_sig),
673 .adata = NULL,
674 .adata_len = 0
675 };
676 #endif /* WITH_CURVE_SECP256R1 */
677 #endif /* WITH_HASH_SHA256 */
678
679 #ifdef WITH_HASH_SHA512
680 #ifdef WITH_CURVE_SECP256R1
681 #define ECDSA_SHA512_SECP256R1_SELF_TEST
682
683 /*
684 * ECDSA secp256r1 test vector using SHA512. This test vector is intended
685 * to test truncation (right shift) step in signature and verification
686 * code when the output size of the hash function is larger than the
687 * bit size of q (order of the group generated by the base point).
688 */
689
ecdsa_nn_random_secp256r1_sha512_test_vector(nn_t out,nn_src_t q)690 static int ecdsa_nn_random_secp256r1_sha512_test_vector(nn_t out, nn_src_t q)
691 {
692 int ret, cmp;
693
694 const u8 k_buf[] = {
695 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9,
696 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7,
697 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15,
698 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE
699 };
700
701 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
702 ret = nn_cmp(out, q, &cmp); EG(ret, err);
703
704 ret = (cmp >= 0) ? -1 : 0;
705
706 err:
707 return ret;
708 }
709
710 static const u8 ecdsa_secp256r1_sha512_test_vectors_priv_key[] = {
711 0xDC, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD,
712 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D,
713 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75,
714 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F
715 };
716
717 static const u8 ecdsa_secp256r1_sha512_test_vectors_expected_sig[] = {
718 0xcb, 0x28, 0xe0, 0x99, 0x9b, 0x9c, 0x77, 0x15,
719 0xfd, 0x0a, 0x80, 0xd8, 0xe4, 0x7a, 0x77, 0x07,
720 0x97, 0x16, 0xcb, 0xbf, 0x91, 0x7d, 0xd7, 0x2e,
721 0x97, 0x56, 0x6e, 0xa1, 0xc0, 0x66, 0x95, 0x7c,
722 0x78, 0x84, 0x35, 0x83, 0x06, 0xaf, 0xd1, 0xc8,
723 0xa2, 0xa5, 0xf8, 0xee, 0x73, 0xe4, 0x22, 0x6f,
724 0x1f, 0x6a, 0x14, 0xec, 0xaf, 0x2d, 0xe3, 0x0e,
725 0xde, 0x1e, 0xb4, 0xe9, 0xe2, 0xf6, 0x8d, 0x3a
726 };
727
728 static const ec_test_case ecdsa_secp256r1_sha512_test_case = {
729 .name = "ECDSA-SHA512/secp256r1",
730 .ec_str_p = &secp256r1_str_params,
731 .priv_key = ecdsa_secp256r1_sha512_test_vectors_priv_key,
732 .priv_key_len = sizeof(ecdsa_secp256r1_sha512_test_vectors_priv_key),
733 .nn_random = ecdsa_nn_random_secp256r1_sha512_test_vector,
734 .hash_type = SHA512,
735 .msg = "abc",
736 .msglen = 3,
737 .sig_type = ECDSA,
738 .exp_sig = ecdsa_secp256r1_sha512_test_vectors_expected_sig,
739 .exp_siglen = sizeof(ecdsa_secp256r1_sha512_test_vectors_expected_sig),
740 .adata = NULL,
741 .adata_len = 0
742 };
743 #endif /* WITH_CURVE_SECP256R1 */
744 #endif /* WITH_HASH_SHA512 */
745
746 #ifdef WITH_HASH_SHA384
747 #ifdef WITH_CURVE_SECP384R1
748 #define ECDSA_SHA384_SECP384R1_SELF_TEST
749
750 /* ECDSA secp384r1 test vectors */
751
ecdsa_nn_random_rfc4754_secp384r1_test_vector(nn_t out,nn_src_t q)752 static int ecdsa_nn_random_rfc4754_secp384r1_test_vector(nn_t out, nn_src_t q)
753 {
754 int ret, cmp;
755
756 /*
757 * Fixed ephemeral private key for secp384r1 signature
758 * test vectors from RFC4754
759 */
760 const u8 k_buf[] = {
761 0xB4, 0xB7, 0x4E, 0x44, 0xD7, 0x1A, 0x13, 0xD5,
762 0x68, 0x00, 0x3D, 0x74, 0x89, 0x90, 0x8D, 0x56,
763 0x4C, 0x77, 0x61, 0xE2, 0x29, 0xC5, 0x8C, 0xBF,
764 0xA1, 0x89, 0x50, 0x09, 0x6E, 0xB7, 0x46, 0x3B,
765 0x85, 0x4D, 0x7F, 0xA9, 0x92, 0xF9, 0x34, 0xD9,
766 0x27, 0x37, 0x62, 0x85, 0xE6, 0x34, 0x14, 0xFA
767 };
768
769 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
770 ret = nn_cmp(out, q, &cmp); EG(ret, err);
771
772 ret = (cmp >= 0) ? -1 : 0;
773
774 err:
775 return ret;
776 }
777
778 static const u8 ecdsa_secp384r1_test_vectors_priv_key[] = {
779 0x0B, 0xEB, 0x64, 0x66, 0x34, 0xBA, 0x87, 0x73,
780 0x5D, 0x77, 0xAE, 0x48, 0x09, 0xA0, 0xEB, 0xEA,
781 0x86, 0x55, 0x35, 0xDE, 0x4C, 0x1E, 0x1D, 0xCB,
782 0x69, 0x2E, 0x84, 0x70, 0x8E, 0x81, 0xA5, 0xAF,
783 0x62, 0xE5, 0x28, 0xC3, 0x8B, 0x2A, 0x81, 0xB3,
784 0x53, 0x09, 0x66, 0x8D, 0x73, 0x52, 0x4D, 0x9F
785 };
786
787 static const u8 ecdsa_secp384r1_test_vectors_expected_sig[] = {
788 0xFB, 0x01, 0x7B, 0x91, 0x4E, 0x29, 0x14, 0x94,
789 0x32, 0xD8, 0xBA, 0xC2, 0x9A, 0x51, 0x46, 0x40,
790 0xB4, 0x6F, 0x53, 0xDD, 0xAB, 0x2C, 0x69, 0x94,
791 0x80, 0x84, 0xE2, 0x93, 0x0F, 0x1C, 0x8F, 0x7E,
792 0x08, 0xE0, 0x7C, 0x9C, 0x63, 0xF2, 0xD2, 0x1A,
793 0x07, 0xDC, 0xB5, 0x6A, 0x6A, 0xF5, 0x6E, 0xB3,
794 0xB2, 0x63, 0xA1, 0x30, 0x5E, 0x05, 0x7F, 0x98,
795 0x4D, 0x38, 0x72, 0x6A, 0x1B, 0x46, 0x87, 0x41,
796 0x09, 0xF4, 0x17, 0xBC, 0xA1, 0x12, 0x67, 0x4C,
797 0x52, 0x82, 0x62, 0xA4, 0x0A, 0x62, 0x9A, 0xF1,
798 0xCB, 0xB9, 0xF5, 0x16, 0xCE, 0x0F, 0xA7, 0xD2,
799 0xFF, 0x63, 0x08, 0x63, 0xA0, 0x0E, 0x8B, 0x9F
800 };
801
802 static const ec_test_case ecdsa_secp384r1_test_case = {
803 .name = "ECDSA-SHA384/secp384r1",
804 .ec_str_p = &secp384r1_str_params,
805 .priv_key = ecdsa_secp384r1_test_vectors_priv_key,
806 .priv_key_len = sizeof(ecdsa_secp384r1_test_vectors_priv_key),
807 .nn_random = ecdsa_nn_random_rfc4754_secp384r1_test_vector,
808 .hash_type = SHA384,
809 .msg = "abc",
810 .msglen = 3,
811 .sig_type = ECDSA,
812 .exp_sig = ecdsa_secp384r1_test_vectors_expected_sig,
813 .exp_siglen = sizeof(ecdsa_secp384r1_test_vectors_expected_sig),
814 .adata = NULL,
815 .adata_len = 0
816 };
817 #endif /* WITH_CURVE_SECP384R1 */
818 #endif /* WITH_HASH_SHA384 */
819
820 #ifdef WITH_HASH_SHA512
821 #ifdef WITH_CURVE_SECP521R1
822 #define ECDSA_SHA512_SECP521R1_SELF_TEST
823
824 /* ECDSA secp521r1 test vectors */
825
ecdsa_nn_random_secp521r1_test_vector(nn_t out,nn_src_t q)826 static int ecdsa_nn_random_secp521r1_test_vector(nn_t out, nn_src_t q)
827 {
828 int ret, cmp;
829
830 /*
831 * Fixed ephemeral private key for secp521r1 signature
832 * test vectors from RFC4754
833 */
834 const u8 k_buf[] = {
835 0x00, 0xC1, 0xC2, 0xB3, 0x05, 0x41, 0x9F, 0x5A,
836 0x41, 0x34, 0x4D, 0x7E, 0x43, 0x59, 0x93, 0x3D,
837 0x73, 0x40, 0x96, 0xF5, 0x56, 0x19, 0x7A, 0x9B,
838 0x24, 0x43, 0x42, 0xB8, 0xB6, 0x2F, 0x46, 0xF9,
839 0x37, 0x37, 0x78, 0xF9, 0xDE, 0x6B, 0x64, 0x97,
840 0xB1, 0xEF, 0x82, 0x5F, 0xF2, 0x4F, 0x42, 0xF9,
841 0xB4, 0xA4, 0xBD, 0x73, 0x82, 0xCF, 0xC3, 0x37,
842 0x8A, 0x54, 0x0B, 0x1B, 0x7F, 0x0C, 0x1B, 0x95,
843 0x6C, 0x2F
844 };
845
846 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
847 ret = nn_cmp(out, q, &cmp); EG(ret, err);
848
849 ret = (cmp >= 0) ? -1 : 0;
850
851 err:
852 return ret;
853 }
854
855 static const u8 ecdsa_secp521r1_test_vectors_priv_key[] = {
856 0x00, 0x65, 0xFD, 0xA3, 0x40, 0x94, 0x51, 0xDC,
857 0xAB, 0x0A, 0x0E, 0xAD, 0x45, 0x49, 0x51, 0x12,
858 0xA3, 0xD8, 0x13, 0xC1, 0x7B, 0xFD, 0x34, 0xBD,
859 0xF8, 0xC1, 0x20, 0x9D, 0x7D, 0xF5, 0x84, 0x91,
860 0x20, 0x59, 0x77, 0x79, 0x06, 0x0A, 0x7F, 0xF9,
861 0xD7, 0x04, 0xAD, 0xF7, 0x8B, 0x57, 0x0F, 0xFA,
862 0xD6, 0xF0, 0x62, 0xE9, 0x5C, 0x7E, 0x0C, 0x5D,
863 0x54, 0x81, 0xC5, 0xB1, 0x53, 0xB4, 0x8B, 0x37,
864 0x5F, 0xA1
865 };
866
867 static const u8 ecdsa_secp521r1_test_vectors_expected_sig[] = {
868 0x01, 0x54, 0xFD, 0x38, 0x36, 0xAF, 0x92, 0xD0,
869 0xDC, 0xA5, 0x7D, 0xD5, 0x34, 0x1D, 0x30, 0x53,
870 0x98, 0x85, 0x34, 0xFD, 0xE8, 0x31, 0x8F, 0xC6,
871 0xAA, 0xAA, 0xB6, 0x8E, 0x2E, 0x6F, 0x43, 0x39,
872 0xB1, 0x9F, 0x2F, 0x28, 0x1A, 0x7E, 0x0B, 0x22,
873 0xC2, 0x69, 0xD9, 0x3C, 0xF8, 0x79, 0x4A, 0x92,
874 0x78, 0x88, 0x0E, 0xD7, 0xDB, 0xB8, 0xD9, 0x36,
875 0x2C, 0xAE, 0xAC, 0xEE, 0x54, 0x43, 0x20, 0x55,
876 0x22, 0x51, 0x01, 0x77, 0x05, 0xA7, 0x03, 0x02,
877 0x90, 0xD1, 0xCE, 0xB6, 0x05, 0xA9, 0xA1, 0xBB,
878 0x03, 0xFF, 0x9C, 0xDD, 0x52, 0x1E, 0x87, 0xA6,
879 0x96, 0xEC, 0x92, 0x6C, 0x8C, 0x10, 0xC8, 0x36,
880 0x2D, 0xF4, 0x97, 0x53, 0x67, 0x10, 0x1F, 0x67,
881 0xD1, 0xCF, 0x9B, 0xCC, 0xBF, 0x2F, 0x3D, 0x23,
882 0x95, 0x34, 0xFA, 0x50, 0x9E, 0x70, 0xAA, 0xC8,
883 0x51, 0xAE, 0x01, 0xAA, 0xC6, 0x8D, 0x62, 0xF8,
884 0x66, 0x47, 0x26, 0x60
885 };
886
887 static const ec_test_case ecdsa_secp521r1_test_case = {
888 .name = "ECDSA-SHA512/secp521r1",
889 .ec_str_p = &secp521r1_str_params,
890 .priv_key = ecdsa_secp521r1_test_vectors_priv_key,
891 .priv_key_len = sizeof(ecdsa_secp521r1_test_vectors_priv_key),
892 .nn_random = ecdsa_nn_random_secp521r1_test_vector,
893 .hash_type = SHA512,
894 .msg = "abc",
895 .msglen = 3,
896 .sig_type = ECDSA,
897 .exp_sig = ecdsa_secp521r1_test_vectors_expected_sig,
898 .exp_siglen = sizeof(ecdsa_secp521r1_test_vectors_expected_sig),
899 .adata = NULL,
900 .adata_len = 0
901 };
902 #endif /* WITH_CURVE_SECP521R1 */
903 #endif /* WITH_HASH_SHA512 */
904
905 #ifdef WITH_HASH_SHA256
906 #ifdef WITH_CURVE_BRAINPOOLP256R1
907 #define ECDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
908
909 /* ECDSA Brainpoolp256r1 test vectors */
910
ecdsa_nn_random_brainpoolp256r1_test_vector(nn_t out,nn_src_t q)911 static int ecdsa_nn_random_brainpoolp256r1_test_vector(nn_t out, nn_src_t q)
912 {
913 int ret, cmp;
914
915 /*
916 * Fixed ephemeral private key for brainpoolp256r1 signature
917 */
918 const u8 k_buf[] = {
919 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9,
920 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7,
921 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15,
922 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE
923 };
924
925 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
926 ret = nn_cmp(out, q, &cmp); EG(ret, err);
927
928 ret = (cmp >= 0) ? -1 : 0;
929
930 err:
931 return ret;
932 }
933
934 static const u8 ecdsa_brainpoolp256r1_test_vectors_priv_key[] = {
935 0x00, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD,
936 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D,
937 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75,
938 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F
939 };
940
941 static const u8 ecdsa_brainpoolp256r1_test_vectors_expected_sig[] = {
942 0xa3, 0xfa, 0x53, 0x9a, 0xc2, 0xcf, 0xfb, 0xd5,
943 0xc5, 0xad, 0xb6, 0x64, 0x8c, 0xb3, 0xb5, 0xe3,
944 0x6a, 0x08, 0x7d, 0xcc, 0xd5, 0xda, 0xae, 0x8a,
945 0x05, 0x87, 0xac, 0x37, 0x88, 0x78, 0x79, 0xb5,
946 0xa7, 0xff, 0x72, 0xa9, 0xd8, 0x5c, 0x6e, 0xdd,
947 0x48, 0x56, 0x2e, 0x8c, 0xd8, 0xf7, 0x6d, 0xab,
948 0xe3, 0xdb, 0xc3, 0x96, 0x05, 0x69, 0xdf, 0x5d,
949 0x13, 0xf9, 0x83, 0x5c, 0xf4, 0xca, 0x72, 0x3b
950 };
951
952 static const ec_test_case ecdsa_brainpoolp256r1_test_case = {
953 .name = "ECDSA-SHA256/brainpoolp256r1",
954 .ec_str_p = &brainpoolp256r1_str_params,
955 .priv_key = ecdsa_brainpoolp256r1_test_vectors_priv_key,
956 .priv_key_len = sizeof(ecdsa_brainpoolp256r1_test_vectors_priv_key),
957 .nn_random = ecdsa_nn_random_brainpoolp256r1_test_vector,
958 .hash_type = SHA256,
959 .msg = "abc",
960 .msglen = 3,
961 .sig_type = ECDSA,
962 .exp_sig = ecdsa_brainpoolp256r1_test_vectors_expected_sig,
963 .exp_siglen = sizeof(ecdsa_brainpoolp256r1_test_vectors_expected_sig),
964 .adata = NULL,
965 .adata_len = 0
966 };
967
968 #endif /* WITH_CURVE_BRAINPOOLP256R1 */
969 #endif /* WITH_HASH_SHA256 */
970
971 #ifdef WITH_HASH_SHA384
972 #ifdef WITH_CURVE_BRAINPOOLP384R1
973 #define ECDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
974
975 /* ECDSA Brainpoolp384r1 test vectors */
976
ecdsa_nn_random_brainpoolp384r1_test_vector(nn_t out,nn_src_t q)977 static int ecdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q)
978 {
979 int ret, cmp;
980
981 /*
982 * Fixed ephemeral private key for brainpoolp384r1 signature
983 */
984 const u8 k_buf[] = {
985 0x87, 0x77, 0x2f, 0x94, 0x81, 0x26, 0xe2, 0x38,
986 0x04, 0xec, 0x30, 0x71, 0x34, 0x94, 0x74, 0x84,
987 0x2c, 0x21, 0x08, 0x6b, 0xf2, 0x91, 0xfb, 0x33,
988 0x02, 0xc2, 0x54, 0x82, 0x6c, 0x14, 0xc0, 0xa8,
989 0x5d, 0x66, 0x03, 0x0b, 0xe9, 0x0b, 0xfe, 0x51,
990 0xd4, 0x53, 0x0a, 0x55, 0xfd, 0x61, 0x51, 0x21
991 };
992
993 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
994 ret = nn_cmp(out, q, &cmp); EG(ret, err);
995
996 ret = (cmp >= 0) ? -1 : 0;
997
998 err:
999 return ret;
1000 }
1001
1002 static const u8 ecdsa_brainpoolp384r1_test_vectors_priv_key[] = {
1003 0x22, 0xde, 0x1b, 0x4e, 0x46, 0xdf, 0x58, 0x37,
1004 0xe0, 0x08, 0xa2, 0x67, 0x7a, 0xc6, 0x25, 0x6a,
1005 0xf3, 0x0e, 0xd1, 0xd9, 0x58, 0xe8, 0xa4, 0xee,
1006 0xd5, 0x02, 0x0a, 0xef, 0xbb, 0xf7, 0x90, 0x6e,
1007 0x35, 0x99, 0x43, 0xda, 0x81, 0xcc, 0x37, 0xdf,
1008 0xcf, 0x03, 0x83, 0x64, 0xf3, 0x96, 0x13, 0x5a
1009 };
1010
1011 static const u8 ecdsa_brainpoolp384r1_test_vectors_expected_sig[] = {
1012 0x84, 0xa4, 0xe3, 0xa5, 0xdb, 0x1a, 0x93, 0x1f,
1013 0x77, 0x3e, 0x55, 0xfb, 0xa3, 0x69, 0xc3, 0x6d,
1014 0x21, 0x92, 0xb4, 0x7d, 0xf8, 0x5d, 0x05, 0x20,
1015 0x80, 0x23, 0xdb, 0xaa, 0x15, 0x5f, 0xfe, 0xcc,
1016 0xf9, 0xc0, 0x8f, 0xf1, 0xba, 0x79, 0xe0, 0x13,
1017 0x1e, 0xb4, 0x2c, 0x13, 0xa8, 0x17, 0x99, 0xd6,
1018
1019 0x06, 0x9e, 0x3e, 0x95, 0x40, 0x80, 0xba, 0xef,
1020 0xfe, 0x3b, 0x73, 0xb1, 0xb9, 0x35, 0xa5, 0x60,
1021 0x27, 0x21, 0xa1, 0xd0, 0x0e, 0xe1, 0x12, 0xc0,
1022 0x86, 0x0b, 0xfc, 0xea, 0x93, 0x37, 0x33, 0xca,
1023 0x48, 0xd3, 0xae, 0xd8, 0xf7, 0x02, 0xdc, 0x86,
1024 0x2b, 0x18, 0x2b, 0x12, 0x8c, 0x8f, 0x3a, 0x4c,
1025 };
1026
1027 static const ec_test_case ecdsa_brainpoolp384r1_test_case = {
1028 .name = "ECDSA-SHA384/brainpoolp384r1",
1029 .ec_str_p = &brainpoolp384r1_str_params,
1030 .priv_key = ecdsa_brainpoolp384r1_test_vectors_priv_key,
1031 .priv_key_len = sizeof(ecdsa_brainpoolp384r1_test_vectors_priv_key),
1032 .nn_random = ecdsa_nn_random_brainpoolp384r1_test_vector,
1033 .hash_type = SHA384,
1034 .msg = "abc",
1035 .msglen = 3,
1036 .sig_type = ECDSA,
1037 .exp_sig = ecdsa_brainpoolp384r1_test_vectors_expected_sig,
1038 .exp_siglen = sizeof(ecdsa_brainpoolp384r1_test_vectors_expected_sig),
1039 .adata = NULL,
1040 .adata_len = 0
1041 };
1042
1043 #endif /* WITH_CURVE_BRAINPOOLP384R1 */
1044 #endif /* WITH_HASH_SHA384 */
1045
1046 #ifdef WITH_HASH_SHA512
1047 #ifdef WITH_CURVE_BRAINPOOLP512R1
1048 #define ECDSA_SHA512_BRAINPOOLP512R1_SELF_TEST
1049
1050 /* ECDSA Brainpoolp512r1 test vectors */
1051
ecdsa_nn_random_brainpoolp512r1_test_vector(nn_t out,nn_src_t q)1052 static int ecdsa_nn_random_brainpoolp512r1_test_vector(nn_t out, nn_src_t q)
1053 {
1054 int ret, cmp;
1055
1056 /*
1057 * Fixed ephemeral private key for brainpoolp512r1 signature
1058 */
1059 const u8 k_buf[] = {
1060 0x00, 0xC1, 0xC2, 0xB3, 0x05, 0x41, 0x9F, 0x5A,
1061 0x41, 0x34, 0x4D, 0x7E, 0x43, 0x59, 0x93, 0x3D,
1062 0x73, 0x40, 0x96, 0xF5, 0x56, 0x19, 0x7A, 0x9B,
1063 0x24, 0x43, 0x42, 0xB8, 0xB6, 0x2F, 0x46, 0xF9,
1064 0x37, 0x37, 0x78, 0xF9, 0xDE, 0x6B, 0x64, 0x97,
1065 0xB1, 0xEF, 0x82, 0x5F, 0xF2, 0x4F, 0x42, 0xF9,
1066 0xB4, 0xA4, 0xBD, 0x73, 0x82, 0xCF, 0xC3, 0x37,
1067 0x8A, 0x54, 0x0B, 0x1B, 0x7F, 0x0C, 0x1B, 0x95
1068 };
1069
1070 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1071 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1072
1073 ret = (cmp >= 0) ? -1 : 0;
1074
1075 err:
1076 return ret;
1077 }
1078
1079 static const u8 ecdsa_brainpoolp512r1_test_vectors_priv_key[] = {
1080 0x01, 0xA3, 0x40, 0x94, 0x51, 0xDC, 0xAB, 0x0A,
1081 0x0E, 0xAD, 0x45, 0x49, 0x51, 0x12, 0xA3, 0xD8,
1082 0x13, 0xC1, 0x7B, 0xFD, 0x34, 0xBD, 0xF8, 0xC1,
1083 0x20, 0x9D, 0x7D, 0xF5, 0x84, 0x91, 0x20, 0x59,
1084 0x77, 0x79, 0x06, 0x0A, 0x7F, 0xF9, 0xD7, 0x04,
1085 0xAD, 0xF7, 0x8B, 0x57, 0x0F, 0xFA, 0xD6, 0xF0,
1086 0x62, 0xE9, 0x5C, 0x7E, 0x0C, 0x5D, 0x54, 0x81,
1087 0xC5, 0xB1, 0x53, 0xB4, 0x8B, 0x37, 0x5F, 0xA1
1088 };
1089
1090 static const u8 ecdsa_brainpoolp512r1_test_vectors_expected_sig[] = {
1091 0x34, 0x83, 0xdd, 0x62, 0x64, 0xab, 0x50, 0xc3,
1092 0x7c, 0x01, 0x89, 0x96, 0xf2, 0x18, 0x3f, 0x31,
1093 0x19, 0xb4, 0xd5, 0x8a, 0x71, 0xba, 0x96, 0xee,
1094 0x4f, 0x1d, 0x69, 0x0d, 0x06, 0xff, 0x04, 0xe7,
1095 0x62, 0xc3, 0x7c, 0x87, 0xac, 0xcb, 0x1b, 0xcb,
1096 0xc6, 0xe1, 0x50, 0x57, 0x7f, 0xd9, 0xa5, 0xd5,
1097 0xfc, 0x64, 0xc9, 0xaa, 0x21, 0x2f, 0x43, 0xac,
1098 0x36, 0xeb, 0xaa, 0xb1, 0x10, 0x5b, 0xe0, 0x37,
1099 0xa9, 0x70, 0xb3, 0xd3, 0x80, 0x1d, 0x51, 0x3d,
1100 0x38, 0x9d, 0x9c, 0x80, 0x76, 0xd9, 0x99, 0x6f,
1101 0xad, 0x0f, 0xc7, 0xf8, 0x67, 0x40, 0xc2, 0x28,
1102 0x1c, 0xe3, 0xfb, 0xae, 0x71, 0x82, 0xd3, 0xe8,
1103 0x5c, 0xb2, 0x24, 0xec, 0x88, 0xb5, 0x81, 0x2a,
1104 0xb1, 0x15, 0x32, 0xfd, 0x01, 0x7c, 0x94, 0xed,
1105 0xd7, 0x8c, 0xa6, 0x32, 0x1e, 0x24, 0x94, 0xa7,
1106 0x38, 0xd0, 0xea, 0xc8, 0x34, 0x05, 0xb9, 0x9b
1107 };
1108
1109 static const ec_test_case ecdsa_brainpoolp512r1_test_case = {
1110 .name = "ECDSA-SHA512/brainpoolp512r1",
1111 .ec_str_p = &brainpoolp512r1_str_params,
1112 .priv_key = ecdsa_brainpoolp512r1_test_vectors_priv_key,
1113 .priv_key_len = sizeof(ecdsa_brainpoolp512r1_test_vectors_priv_key),
1114 .nn_random = ecdsa_nn_random_brainpoolp512r1_test_vector,
1115 .hash_type = SHA512,
1116 .msg = "abc",
1117 .msglen = 3,
1118 .sig_type = ECDSA,
1119 .exp_sig = ecdsa_brainpoolp512r1_test_vectors_expected_sig,
1120 .exp_siglen = sizeof(ecdsa_brainpoolp512r1_test_vectors_expected_sig),
1121 .adata = NULL,
1122 .adata_len = 0
1123 };
1124 #endif /* WITH_CURVE_BRAINPOOLP512R1 */
1125 #endif /* WITH_HASH_SHA512 */
1126
1127 #ifdef WITH_HASH_SHA256
1128 #ifdef WITH_CURVE_FRP256V1
1129 #define ECDSA_SHA256_FRP256V1_SELF_TEST
1130
1131 /* ECDSA frp256v1 test vectors */
1132
ecdsa_nn_random_frp256v1_test_vector(nn_t out,nn_src_t q)1133 static int ecdsa_nn_random_frp256v1_test_vector(nn_t out, nn_src_t q)
1134 {
1135 int ret, cmp;
1136
1137 /*
1138 * Fixed ephemeral private key for frp256v1 signature
1139 */
1140 const u8 k_buf[] = {
1141 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9,
1142 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7,
1143 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15,
1144 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE
1145 };
1146
1147 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1148 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1149
1150 ret = (cmp >= 0) ? -1 : 0;
1151
1152 err:
1153 return ret;
1154 }
1155
1156 static const u8 ecdsa_frp256v1_test_vectors_priv_key[] = {
1157 0x00, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD,
1158 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D,
1159 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75,
1160 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F
1161 };
1162
1163 static const u8 ecdsa_frp256v1_test_vectors_expected_sig[] = {
1164 0x22, 0xb1, 0xd0, 0x0d, 0xc8, 0x28, 0xa5, 0xcb,
1165 0xa2, 0x64, 0x31, 0x9f, 0x05, 0x93, 0x3a, 0xc8,
1166 0xed, 0xe6, 0x32, 0x3d, 0x69, 0xd0, 0x2b, 0x31,
1167 0x4e, 0x10, 0xca, 0xa5, 0xf1, 0x3b, 0x29, 0x96,
1168 0xbd, 0xef, 0x27, 0xe6, 0x3c, 0x16, 0xee, 0x46,
1169 0xf8, 0x14, 0x22, 0x9d, 0x3c, 0xf2, 0x3f, 0x08,
1170 0xc7, 0x96, 0x26, 0x13, 0x55, 0xe7, 0xd4, 0x4c,
1171 0x9d, 0xd9, 0xd6, 0xba, 0x08, 0x57, 0x1f, 0xd8
1172 };
1173
1174 static const ec_test_case ecdsa_frp256v1_test_case = {
1175 .name = "ECDSA-SHA256/frp256v1",
1176 .ec_str_p = &frp256v1_str_params,
1177 .priv_key = ecdsa_frp256v1_test_vectors_priv_key,
1178 .priv_key_len = sizeof(ecdsa_frp256v1_test_vectors_priv_key),
1179 .nn_random = ecdsa_nn_random_frp256v1_test_vector,
1180 .hash_type = SHA256,
1181 .msg = "abc",
1182 .msglen = 3,
1183 .sig_type = ECDSA,
1184 .exp_sig = ecdsa_frp256v1_test_vectors_expected_sig,
1185 .exp_siglen = sizeof(ecdsa_frp256v1_test_vectors_expected_sig),
1186 .adata = NULL,
1187 .adata_len = 0
1188 };
1189 #endif /* WITH_CURVE_FRP256V1 */
1190 #endif /* WITH_HASH_SHA256 */
1191 #endif /* WITH_SIG_ECDSA */
1192
1193 /*******************************************************************
1194 ************** ECKDSA tests ***************************************
1195 *******************************************************************/
1196
1197 #ifdef WITH_SIG_ECKCDSA
1198 #ifdef WITH_HASH_SHA224
1199 #ifdef WITH_CURVE_SECP224R1
1200 #define ECKCDSA_SHA224_SECP224R1_SELF_TEST
1201
1202 /* ECKCDSA secp224r1 test vectors */
1203
eckcdsa_nn_random_iso14888_3_secp224r1_test_vector(nn_t out,nn_src_t q)1204 static int eckcdsa_nn_random_iso14888_3_secp224r1_test_vector(nn_t out,
1205 nn_src_t q)
1206 {
1207 int ret, cmp;
1208
1209 const u8 k_buf[] = {
1210 0x76, 0xA0, 0xAF, 0xC1, 0x86, 0x46, 0xD1, 0xB6,
1211 0x20, 0xA0, 0x79, 0xFB, 0x22, 0x38, 0x65, 0xA7,
1212 0xBC, 0xB4, 0x47, 0xF3, 0xC0, 0x3A, 0x35, 0xD8,
1213 0x78, 0xEA, 0x4C, 0xDA
1214 };
1215
1216 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1217 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1218
1219 ret = (cmp >= 0) ? -1 : 0;
1220
1221 err:
1222 return ret;
1223 }
1224
1225 static const u8 eckcdsa_secp224r1_test_vectors_priv_key[] = {
1226 0x56, 0x2A, 0x6F, 0x64, 0xE1, 0x62, 0xFF, 0xCB,
1227 0x51, 0xCD, 0x47, 0x07, 0x77, 0x4A, 0xE3, 0x66,
1228 0x81, 0xB6, 0xCE, 0xF2, 0x05, 0xFE, 0x5D, 0x43,
1229 0x91, 0x29, 0x56, 0xA2
1230 };
1231
1232 static const u8 eckcdsa_secp224r1_test_vectors_expected_sig[] = {
1233 0xEE, 0xA5, 0x8C, 0x91, 0xE0, 0xCD, 0xCE, 0xB5,
1234 0x79, 0x9B, 0x00, 0xD2, 0x41, 0x2D, 0x92, 0x8F,
1235 0xDD, 0x23, 0x12, 0x2A, 0x1C, 0x2B, 0xDF, 0x43,
1236 0xC2, 0xF8, 0xDA, 0xFA, 0xAE, 0xBA, 0xB5, 0x3C,
1237 0x7A, 0x44, 0xA8, 0xB2, 0x2F, 0x35, 0xFD, 0xB9,
1238 0xDE, 0x26, 0x5F, 0x23, 0xB8, 0x9F, 0x65, 0xA6,
1239 0x9A, 0x8B, 0x7B, 0xD4, 0x06, 0x19, 0x11, 0xA6
1240 };
1241
1242 static const ec_test_case eckcdsa_secp224r1_test_case = {
1243 .name = "ECKCDSA-SHA224/secp224r1",
1244 .ec_str_p = &secp224r1_str_params,
1245 .priv_key = eckcdsa_secp224r1_test_vectors_priv_key,
1246 .priv_key_len = sizeof(eckcdsa_secp224r1_test_vectors_priv_key),
1247 .nn_random = eckcdsa_nn_random_iso14888_3_secp224r1_test_vector,
1248 .hash_type = SHA224,
1249 .msg = "This is a sample message for EC-KCDSA implementation validation.",
1250 .msglen = 64,
1251 .sig_type = ECKCDSA,
1252 .exp_sig = eckcdsa_secp224r1_test_vectors_expected_sig,
1253 .exp_siglen = sizeof(eckcdsa_secp224r1_test_vectors_expected_sig),
1254 .adata = NULL,
1255 .adata_len = 0
1256 };
1257 #endif /* WITH_CURVE_SECP224R1 */
1258 #endif /* WITH_HASH_SHA224 */
1259
1260 #ifdef WITH_HASH_SHA256
1261 #ifdef WITH_CURVE_SECP224R1
1262 #define ECKCDSA_SHA256_SECP224R1_SELF_TEST
1263
1264 /* ECKCDSA secp224r1 w/ SHA-256 test vectors (specific for truncation test) */
1265
eckcdsa_nn_random_iso14888_3_secp224r1_sha256_test_vector(nn_t out,nn_src_t q)1266 static int eckcdsa_nn_random_iso14888_3_secp224r1_sha256_test_vector(nn_t out,
1267 nn_src_t q)
1268 {
1269 int ret, cmp;
1270
1271 const u8 k_buf[] = {
1272 0xEE, 0xC7, 0x9D, 0x8D, 0x46, 0x48, 0xDF, 0x3A,
1273 0x83, 0x2A, 0x66, 0xE3, 0x77, 0x55, 0x37, 0xE0,
1274 0x00, 0xCC, 0x9B, 0x95, 0x7E, 0x13, 0x19, 0xC5,
1275 0xDB, 0x9D, 0xD4, 0xF7
1276 };
1277
1278 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1279 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1280
1281 ret = (cmp >= 0) ? -1 : 0;
1282
1283 err:
1284 return ret;
1285 }
1286
1287 static const u8 eckcdsa_secp224r1_sha256_test_vectors_priv_key[] = {
1288 0x61, 0x58, 0x58, 0x27, 0x44, 0x9D, 0xBC, 0x0E,
1289 0xC1, 0x61, 0xB2, 0xCF, 0x85, 0x75, 0xC9, 0xDF,
1290 0x14, 0x9F, 0x41, 0xDD, 0x02, 0x89, 0xBE, 0x4F,
1291 0xF1, 0x10, 0x77, 0x3D
1292 };
1293
1294 static const u8 eckcdsa_secp224r1_sha256_test_vectors_expected_sig[] = {
1295 0x64, 0xB4, 0x9E, 0x97, 0x7E, 0x65, 0x34, 0xF8,
1296 0x77, 0xCB, 0x68, 0xA3, 0x80, 0x6F, 0x6A, 0x98,
1297 0x93, 0x11, 0xCE, 0xAA, 0x8A, 0x64, 0xA0, 0x55,
1298 0x80, 0x77, 0xC0, 0x4B,
1299
1300 0xAF, 0xF2, 0x3D, 0x40, 0xB1, 0x77, 0x95, 0x11,
1301 0x51, 0xBE, 0x32, 0xF6, 0x56, 0x1B, 0x1B, 0x73,
1302 0x9E, 0x3E, 0x8F, 0x82, 0x2C, 0xC5, 0x2D, 0x4C,
1303 0xB3, 0x90, 0x9A, 0x93
1304 };
1305
1306 static const ec_test_case eckcdsa_secp224r1_sha256_test_case = {
1307 .name = "ECKCDSA-SHA256/secp224r1",
1308 .ec_str_p = &secp224r1_str_params,
1309 .priv_key = eckcdsa_secp224r1_sha256_test_vectors_priv_key,
1310 .priv_key_len = sizeof(eckcdsa_secp224r1_sha256_test_vectors_priv_key),
1311 .nn_random = eckcdsa_nn_random_iso14888_3_secp224r1_sha256_test_vector,
1312 .hash_type = SHA256,
1313 .msg = "This is a sample message for EC-KCDSA implementation validation.",
1314 .msglen = 64,
1315 .sig_type = ECKCDSA,
1316 .exp_sig = eckcdsa_secp224r1_sha256_test_vectors_expected_sig,
1317 .exp_siglen =
1318 sizeof(eckcdsa_secp224r1_sha256_test_vectors_expected_sig),
1319 .adata = NULL,
1320 .adata_len = 0
1321 };
1322 #endif /* WITH_CURVE_SECP224R1 */
1323 #endif /* WITH_HASH_SHA256 */
1324
1325 #ifdef WITH_HASH_SHA256
1326 #ifdef WITH_CURVE_SECP256R1
1327 #define ECKCDSA_SHA256_SECP256R1_SELF_TEST
1328
1329 /* ECKCDSA secp256r1 test vectors */
1330
eckcdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out,nn_src_t q)1331 static int eckcdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out,
1332 nn_src_t q)
1333 {
1334 int ret, cmp;
1335
1336 const u8 k_buf[] = {
1337 0x71, 0xB8, 0x8F, 0x39, 0x89, 0x16, 0xDA, 0x9C,
1338 0x90, 0xF5, 0x55, 0xF1, 0xB5, 0x73, 0x2B, 0x7D,
1339 0xC6, 0x36, 0xB4, 0x9C, 0x63, 0x81, 0x50, 0xBA,
1340 0xC1, 0x1B, 0xF0, 0x5C, 0xFE, 0x16, 0x59, 0x6A
1341 };
1342
1343 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1344 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1345
1346 ret = (cmp >= 0) ? -1 : 0;
1347
1348 err:
1349 return ret;
1350 }
1351
1352 static const u8 eckcdsa_secp256r1_test_vectors_priv_key[] = {
1353 0x90, 0x51, 0xA2, 0x75, 0xAA, 0x4D, 0x98, 0x43,
1354 0x9E, 0xDD, 0xED, 0x13, 0xFA, 0x1C, 0x6C, 0xBB,
1355 0xCC, 0xE7, 0x75, 0xD8, 0xCC, 0x94, 0x33, 0xDE,
1356 0xE6, 0x9C, 0x59, 0x84, 0x8B, 0x35, 0x94, 0xDF
1357 };
1358
1359 static const u8 eckcdsa_secp256r1_test_vectors_expected_sig[] = {
1360 0x0e, 0xdd, 0xf6, 0x80, 0x60, 0x12, 0x66, 0xee,
1361 0x1d, 0xa8, 0x3e, 0x55, 0xa6, 0xd9, 0x44, 0x5f,
1362 0xc7, 0x81, 0xda, 0xeb, 0x14, 0xc7, 0x65, 0xe7,
1363 0xe5, 0xd0, 0xcd, 0xba, 0xf1, 0xf1, 0x4a, 0x68,
1364 0x9b, 0x33, 0x34, 0x57, 0x66, 0x1c, 0x7c, 0xf7,
1365 0x41, 0xbd, 0xdb, 0xc0, 0x83, 0x55, 0x53, 0xdf,
1366 0xbb, 0x37, 0xee, 0x74, 0xf5, 0x3d, 0xb6, 0x99,
1367 0xe0, 0xa1, 0x77, 0x80, 0xc7, 0xb6, 0xf1, 0xd0
1368 };
1369
1370 static const ec_test_case eckcdsa_secp256r1_test_case = {
1371 .name = "ECKCDSA-SHA256/secp256r1",
1372 .ec_str_p = &secp256r1_str_params,
1373 .priv_key = eckcdsa_secp256r1_test_vectors_priv_key,
1374 .priv_key_len = sizeof(eckcdsa_secp256r1_test_vectors_priv_key),
1375 .nn_random = eckcdsa_nn_random_iso14888_3_secp256r1_test_vector,
1376 .hash_type = SHA256,
1377 .msg = "This is a sample message for EC-KCDSA implementation validation.",
1378 .msglen = 64,
1379 .sig_type = ECKCDSA,
1380 .exp_sig = eckcdsa_secp256r1_test_vectors_expected_sig,
1381 .exp_siglen = sizeof(eckcdsa_secp256r1_test_vectors_expected_sig),
1382 .adata = NULL,
1383 .adata_len = 0
1384 };
1385 #endif /* WITH_CURVE_SECP256R1 */
1386 #endif /* WITH_HASH_SHA256 */
1387
1388 #ifdef WITH_HASH_SHA384
1389 #ifdef WITH_CURVE_SECP384R1
1390 #define ECKCDSA_SHA384_SECP384R1_SELF_TEST
1391
1392 /* ECKCDSA secp384r1 test vectors */
1393
eckcdsa_nn_random_secp384r1_test_vector(nn_t out,nn_src_t q)1394 static int eckcdsa_nn_random_secp384r1_test_vector(nn_t out, nn_src_t q)
1395 {
1396 int ret, cmp;
1397
1398 const u8 k_buf[] = {
1399 0x08, 0x16, 0x2e, 0xf8, 0x24, 0xd2, 0xd5, 0x11,
1400 0x4e, 0x08, 0x61, 0xf3, 0x93, 0xb4, 0x6f, 0xb6,
1401 0x02, 0xa4, 0x95, 0xa2, 0xca, 0x17, 0x7f, 0x47,
1402 0xda, 0x4e, 0x6f, 0x2d, 0x23, 0xa1, 0x85, 0xc5,
1403 0xb8, 0x8f, 0x1b, 0x7e, 0x2c, 0xba, 0x8d, 0x77,
1404 0x37, 0x16, 0x09, 0x3a, 0xf5, 0x97, 0x9a, 0x7e
1405 };
1406
1407 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1408 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1409
1410 ret = (cmp >= 0) ? -1 : 0;
1411
1412 err:
1413 return ret;
1414 }
1415
1416 static const u8 eckcdsa_secp384r1_test_vectors_priv_key[] = {
1417 0x4f, 0xdb, 0xf2, 0xe7, 0x4e, 0x56, 0x81, 0x4e,
1418 0x4c, 0x2f, 0x40, 0x87, 0x90, 0x9c, 0xe9, 0xc4,
1419 0x73, 0x1b, 0xff, 0x06, 0x1a, 0x78, 0x82, 0x73,
1420 0x84, 0x1b, 0xf5, 0x68, 0xce, 0x63, 0x21, 0x3e,
1421 0x47, 0x04, 0x04, 0xea, 0x3e, 0xb6, 0x78, 0xc5,
1422 0x00, 0xba, 0x37, 0x92, 0xf2, 0x4a, 0x7a, 0x51
1423 };
1424
1425 static const u8 eckcdsa_secp384r1_test_vectors_expected_sig[] = {
1426
1427 0xd0, 0x37, 0x26, 0x47, 0x44, 0xe3, 0x8a, 0x38,
1428 0xca, 0xcc, 0xdc, 0x8f, 0xcb, 0x08, 0xd8, 0xcb,
1429 0x52, 0x18, 0x7d, 0x38, 0x3c, 0xc0, 0xb6, 0x29,
1430 0xf6, 0x27, 0x71, 0xd9, 0x3f, 0x5a, 0xfc, 0xd3,
1431 0xc1, 0x44, 0xc1, 0x53, 0xef, 0x06, 0xd9, 0x9a,
1432 0xc9, 0x20, 0x58, 0x81, 0xde, 0x03, 0xd1, 0x71,
1433 0xf1, 0xff, 0xc1, 0x43, 0xb9, 0x4e, 0x44, 0xdc,
1434 0xec, 0xd1, 0x61, 0xfd, 0xc5, 0x27, 0x0a, 0x32,
1435 0x71, 0x3e, 0x59, 0x38, 0xfb, 0x35, 0x60, 0x0e,
1436 0xdd, 0xd0, 0x0c, 0x63, 0x89, 0xfb, 0x33, 0xb0,
1437 0x3e, 0x77, 0xd2, 0xf7, 0x69, 0x4a, 0x04, 0x08,
1438 0x5a, 0xf9, 0x85, 0x31, 0xdf, 0xe6, 0xf1, 0x73
1439 };
1440
1441 static const ec_test_case eckcdsa_secp384r1_test_case = {
1442 .name = "ECKCDSA-SHA384/secp384r1",
1443 .ec_str_p = &secp384r1_str_params,
1444 .priv_key = eckcdsa_secp384r1_test_vectors_priv_key,
1445 .priv_key_len = sizeof(eckcdsa_secp384r1_test_vectors_priv_key),
1446 .nn_random = eckcdsa_nn_random_secp384r1_test_vector,
1447 .hash_type = SHA384,
1448 .msg = "This is a sample message for EC-KCDSA implementation validation.",
1449 .msglen = 64,
1450 .sig_type = ECKCDSA,
1451 .exp_sig = eckcdsa_secp384r1_test_vectors_expected_sig,
1452 .exp_siglen = sizeof(eckcdsa_secp384r1_test_vectors_expected_sig),
1453 .adata = NULL,
1454 .adata_len = 0
1455 };
1456 #endif /* WITH_CURVE_SECP384R1 */
1457 #endif /* WITH_HASH_SHA384 */
1458
1459 #ifdef WITH_HASH_SHA512
1460 #ifdef WITH_CURVE_SECP256R1
1461 #define ECKCDSA_SHA512_SECP256R1_SELF_TEST
1462
1463 /*
1464 * ECKCDSA secp256r1 test vector using SHA512. This test vector is intended
1465 * to test truncation (left shift) steps in signature and verification
1466 * code when the output size of the hash function is larger than the
1467 * bit size of q (order of the group generated by the base point).
1468 */
1469
eckcdsa_nn_random_secp256r1_sha512_test_vector(nn_t out,nn_src_t q)1470 static int eckcdsa_nn_random_secp256r1_sha512_test_vector(nn_t out, nn_src_t q)
1471 {
1472 int ret, cmp;
1473
1474 const u8 k_buf[] = {
1475 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9,
1476 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7,
1477 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15,
1478 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE
1479 };
1480
1481 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1482 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1483
1484 ret = (cmp >= 0) ? -1 : 0;
1485
1486 err:
1487 return ret;
1488 }
1489
1490 static const u8 eckcdsa_secp256r1_sha512_test_vectors_priv_key[] = {
1491 0xDC, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD,
1492 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D,
1493 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75,
1494 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F
1495 };
1496
1497 static const u8 eckcdsa_secp256r1_sha512_test_vectors_expected_sig[] = {
1498 0x70, 0x02, 0x1d, 0x6d, 0x5a, 0x5e, 0x99, 0x59,
1499 0x43, 0x18, 0xa3, 0xba, 0x8d, 0x27, 0xa5, 0x39,
1500 0xa5, 0x73, 0x76, 0x80, 0x73, 0xc8, 0x4d, 0xa0,
1501 0xdb, 0xcc, 0xf9, 0x24, 0x9a, 0xfe, 0x78, 0x54,
1502
1503 0xb6, 0x97, 0x28, 0xe1, 0x7b, 0x9e, 0x85, 0xb0,
1504 0x30, 0x05, 0x8f, 0x28, 0x54, 0xbf, 0x34, 0xd1,
1505 0xdd, 0x1d, 0xf6, 0x7a, 0x02, 0x64, 0x23, 0x76,
1506 0x9e, 0xb4, 0xfd, 0x0f, 0x4c, 0x2e, 0x15, 0x6b
1507 };
1508
1509 static const ec_test_case eckcdsa_secp256r1_sha512_test_case = {
1510 .name = "ECKCDSA-SHA512/secp256r1",
1511 .ec_str_p = &secp256r1_str_params,
1512 .priv_key = eckcdsa_secp256r1_sha512_test_vectors_priv_key,
1513 .priv_key_len = sizeof(eckcdsa_secp256r1_sha512_test_vectors_priv_key),
1514 .nn_random = eckcdsa_nn_random_secp256r1_sha512_test_vector,
1515 .hash_type = SHA512,
1516 .msg = "abc",
1517 .msglen = 3,
1518 .sig_type = ECKCDSA,
1519 .exp_sig = eckcdsa_secp256r1_sha512_test_vectors_expected_sig,
1520 .exp_siglen =
1521 sizeof(eckcdsa_secp256r1_sha512_test_vectors_expected_sig),
1522 .adata = NULL,
1523 .adata_len = 0
1524 };
1525 #endif /* WITH_CURVE_SECP256R1 */
1526 #endif /* WITH_HASH_SHA512 */
1527
1528 #ifdef WITH_HASH_SHA512
1529 #ifdef WITH_CURVE_SECP521R1
1530 #define ECKCDSA_SHA512_SECP521R1_SELF_TEST
1531
1532 /* ECKCDSA secp521r1 test vectors */
1533
eckcdsa_nn_random_secp521r1_test_vector(nn_t out,nn_src_t q)1534 static int eckcdsa_nn_random_secp521r1_test_vector(nn_t out, nn_src_t q)
1535 {
1536 int ret, cmp;
1537
1538 const u8 k_buf[] = {
1539 0x01, 0xb6, 0xfa, 0xf4, 0x5f, 0xb8, 0x6f, 0x57,
1540 0x9c, 0x4b, 0x54, 0xae, 0xc7, 0xa7, 0xf2, 0x95,
1541 0x6e, 0x4d, 0x93, 0x94, 0xb3, 0x62, 0x82, 0x0a,
1542 0xa5, 0x3f, 0x1b, 0x6c, 0x07, 0x3b, 0xbe, 0xc0,
1543 0x24, 0x33, 0x14, 0xdb, 0x11, 0xb6, 0x20, 0x21,
1544 0x35, 0x50, 0x20, 0xe8, 0x05, 0xad, 0x8e, 0x6d,
1545 0x0e, 0xa2, 0x7c, 0x04, 0x35, 0x9a, 0xd3, 0xf8,
1546 0x44, 0xd6, 0x5b, 0xbb, 0x73, 0xb7, 0x91, 0xd5,
1547 0x9a, 0x1c
1548 };
1549
1550 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1551 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1552
1553 ret = (cmp >= 0) ? -1 : 0;
1554
1555 err:
1556 return ret;
1557 }
1558
1559 static const u8 eckcdsa_secp521r1_test_vectors_priv_key[] = {
1560 0x01, 0x65, 0xe1, 0xf1, 0xf2, 0xe7, 0xae, 0x6b,
1561 0x50, 0x2a, 0x19, 0x4e, 0xf0, 0x3a, 0xd0, 0x50,
1562 0xe3, 0xa5, 0xae, 0x31, 0xfc, 0xb4, 0xf7, 0x0d,
1563 0x58, 0xf5, 0xc6, 0xdf, 0x28, 0x66, 0x71, 0x7f,
1564 0x44, 0x09, 0xe7, 0x78, 0x02, 0x4d, 0xe5, 0x2b,
1565 0xef, 0xc9, 0x6d, 0xb9, 0xfb, 0xba, 0x21, 0x30,
1566 0x6d, 0x12, 0x5a, 0x27, 0xcf, 0xcd, 0xce, 0x91,
1567 0x00, 0x09, 0x79, 0x63, 0xbf, 0x0c, 0x40, 0xe6,
1568 0x96, 0xdc
1569 };
1570
1571 static const u8 eckcdsa_secp521r1_test_vectors_expected_sig[] = {
1572 0x90, 0x52, 0xbb, 0xc4, 0xdf, 0xe8, 0x80, 0xfb,
1573 0x25, 0xcb, 0xa7, 0xa7, 0x47, 0xa0, 0xd0, 0xe9,
1574 0x0e, 0x10, 0x63, 0x5b, 0xe1, 0xc2, 0x03, 0xc0,
1575 0x5e, 0x6d, 0x1c, 0x7d, 0x3d, 0x07, 0x1c, 0xe0,
1576 0x5a, 0xd7, 0xd5, 0x1c, 0x38, 0xe6, 0xa5, 0x7a,
1577 0x85, 0x58, 0x01, 0x79, 0xb0, 0x32, 0x2e, 0x66,
1578 0xdc, 0x95, 0x7f, 0xe6, 0xd3, 0xf3, 0xa3, 0x0a,
1579 0x05, 0x37, 0xfb, 0xf0, 0xd1, 0x24, 0xb4, 0x49,
1580 0x01, 0x36, 0x43, 0x43, 0xdf, 0xd8, 0x52, 0x64,
1581 0x15, 0xe0, 0x25, 0x79, 0xd5, 0xe1, 0x11, 0xee,
1582 0x5a, 0x8e, 0x50, 0xf3, 0x41, 0x90, 0x3d, 0x5f,
1583 0x28, 0xa0, 0x78, 0xac, 0x17, 0x82, 0xfe, 0x7d,
1584 0xbf, 0xf7, 0xd8, 0xcc, 0x3f, 0x51, 0x17, 0x76,
1585 0x59, 0x37, 0xd4, 0x92, 0xc3, 0x6a, 0x00, 0xb3,
1586 0x0b, 0x70, 0xb1, 0xdb, 0xd3, 0x95, 0x34, 0x02,
1587 0x2a, 0xa6, 0x50, 0x7a, 0xfd, 0xe6, 0x15, 0xbe,
1588 0xec, 0xba
1589 };
1590
1591 static const ec_test_case eckcdsa_secp521r1_test_case = {
1592 .name = "ECKCDSA-SHA512/secp521r1",
1593 .ec_str_p = &secp521r1_str_params,
1594 .priv_key = eckcdsa_secp521r1_test_vectors_priv_key,
1595 .priv_key_len = sizeof(eckcdsa_secp521r1_test_vectors_priv_key),
1596 .nn_random = eckcdsa_nn_random_secp521r1_test_vector,
1597 .hash_type = SHA512,
1598 .msg = "This is a sample message for EC-KCDSA implementation validation.",
1599 .msglen = 64,
1600 .sig_type = ECKCDSA,
1601 .exp_sig = eckcdsa_secp521r1_test_vectors_expected_sig,
1602 .exp_siglen = sizeof(eckcdsa_secp521r1_test_vectors_expected_sig),
1603 .adata = NULL,
1604 .adata_len = 0
1605 };
1606 #endif /* WITH_CURVE_SECP521R1 */
1607 #endif /* WITH_HASH_SHA512 */
1608
1609 #ifdef WITH_HASH_SHA256
1610 #ifdef WITH_CURVE_BRAINPOOLP256R1
1611 #define ECKCDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
1612
1613 /* ECKCDSA brainpoolp256r1 test vectors */
1614
eckcdsa_nn_random_brainpoolp256r1_test_vector(nn_t out,nn_src_t q)1615 static int eckcdsa_nn_random_brainpoolp256r1_test_vector(nn_t out, nn_src_t q)
1616 {
1617 int ret, cmp;
1618
1619 const u8 k_buf[] = {
1620 0x09, 0x8a, 0x5b, 0x7c, 0xfa, 0x31, 0x7b, 0x79,
1621 0x6a, 0xf4, 0x46, 0xc4, 0x0e, 0x3e, 0xb5, 0x28,
1622 0x79, 0x03, 0x42, 0x2c, 0x56, 0x62, 0x49, 0x78,
1623 0xd9, 0x02, 0xc5, 0x9b, 0x7a, 0x92, 0xfe, 0x9b
1624 };
1625
1626 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1627 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1628
1629 ret = (cmp >= 0) ? -1 : 0;
1630
1631 err:
1632 return ret;
1633 }
1634
1635 static const u8 eckcdsa_brainpoolp256r1_test_vectors_priv_key[] = {
1636 0xa1, 0x45, 0x67, 0x88, 0x20, 0x4e, 0x69, 0xba,
1637 0xf3, 0x84, 0x88, 0xca, 0xe7, 0x77, 0x63, 0xca,
1638 0xde, 0xe5, 0xd0, 0xd9, 0x1a, 0xa0, 0xe5, 0xe6,
1639 0x0d, 0x19, 0xb0, 0x0d, 0x3a, 0x67, 0xed, 0x48
1640 };
1641
1642 static const u8 eckcdsa_brainpoolp256r1_test_vectors_expected_sig[] = {
1643 0xec, 0xc8, 0x2e, 0x85, 0x66, 0x90, 0x05, 0xaf,
1644 0x07, 0x7c, 0x67, 0xde, 0xba, 0xea, 0x8e, 0xbb,
1645 0x33, 0x26, 0x14, 0xe6, 0x61, 0xef, 0xc7, 0xff,
1646 0xd1, 0xf4, 0x52, 0xe1, 0xc4, 0x42, 0x23, 0xcd,
1647
1648 0x2f, 0x53, 0xb0, 0x9d, 0xdf, 0x97, 0xa8, 0x22,
1649 0x42, 0x55, 0x29, 0x65, 0xe1, 0xa2, 0x09, 0x27,
1650 0x8b, 0xe1, 0x4d, 0xde, 0x16, 0xfd, 0x54, 0xbc,
1651 0x16, 0xf1, 0xf0, 0x9d, 0x28, 0xe7, 0xfd, 0x11,
1652 };
1653
1654 static const ec_test_case eckcdsa_brainpoolp256r1_test_case = {
1655 .name = "ECKCDSA-SHA256/brainpoolp256r1",
1656 .ec_str_p = &brainpoolp256r1_str_params,
1657 .priv_key = eckcdsa_brainpoolp256r1_test_vectors_priv_key,
1658 .priv_key_len = sizeof(eckcdsa_brainpoolp256r1_test_vectors_priv_key),
1659 .nn_random = eckcdsa_nn_random_brainpoolp256r1_test_vector,
1660 .hash_type = SHA256,
1661 .msg = "brainpoolP256r1",
1662 .msglen = 15,
1663 .sig_type = ECKCDSA,
1664 .exp_sig = eckcdsa_brainpoolp256r1_test_vectors_expected_sig,
1665 .exp_siglen = sizeof(eckcdsa_brainpoolp256r1_test_vectors_expected_sig),
1666 .adata = NULL,
1667 .adata_len = 0
1668 };
1669 #endif /* WITH_CURVE_BRAINPOOLP256R1 */
1670 #endif /* WITH_HASH_SHA256 */
1671
1672 #ifdef WITH_HASH_SHA384
1673 #ifdef WITH_CURVE_BRAINPOOLP384R1
1674 #define ECKCDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
1675
1676 /* ECKCDSA brainpoolp384r1 test vectors */
1677
eckcdsa_nn_random_brainpoolp384r1_test_vector(nn_t out,nn_src_t q)1678 static int eckcdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q)
1679 {
1680 int ret, cmp;
1681
1682 const u8 k_buf[] = {
1683 0x07, 0x0f, 0x21, 0xec, 0xa6, 0xef, 0x53, 0xd8,
1684 0x81, 0x75, 0x33, 0xe8, 0x9c, 0xb6, 0xb7, 0x4f,
1685 0xb8, 0x2f, 0x4c, 0x23, 0x00, 0x80, 0x8c, 0xab,
1686 0x19, 0x9e, 0x6f, 0xfe, 0x96, 0xe6, 0x1d, 0x29,
1687 0x22, 0x7d, 0x76, 0x43, 0x3c, 0x34, 0x33, 0xc3,
1688 0x4d, 0x18, 0x5a, 0x8f, 0x01, 0x21, 0x38, 0x5b
1689 };
1690
1691 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1692 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1693
1694 ret = (cmp >= 0) ? -1 : 0;
1695
1696 err:
1697 return ret;
1698 }
1699
1700 static const u8 eckcdsa_brainpoolp384r1_test_vectors_priv_key[] = {
1701 0x21, 0x24, 0x1d, 0x99, 0x52, 0xcb, 0x23, 0x67,
1702 0x21, 0xcd, 0x02, 0xd4, 0xd5, 0xe0, 0xfd, 0xbe,
1703 0x22, 0xd7, 0xab, 0x69, 0xaf, 0xc1, 0x22, 0x12,
1704 0x16, 0xc6, 0x09, 0x96, 0x05, 0x14, 0xec, 0x3b,
1705 0xe6, 0x5f, 0x52, 0x73, 0xdd, 0x06, 0x9f, 0xdf,
1706 0x63, 0x7e, 0xd9, 0x5c, 0x6c, 0xe5, 0x4f, 0x08
1707 };
1708
1709 static const u8 eckcdsa_brainpoolp384r1_test_vectors_expected_sig[] = {
1710 0xe4, 0x9a, 0x76, 0x4e, 0xeb, 0x13, 0x1e, 0xa1,
1711 0xba, 0x0c, 0xef, 0xa5, 0xd6, 0x79, 0xa1, 0xf9,
1712 0x63, 0x5b, 0x93, 0x41, 0xa6, 0xb1, 0x3c, 0x40,
1713 0xbb, 0xd5, 0x5c, 0x38, 0x20, 0xe5, 0x09, 0xfa,
1714 0x15, 0x8c, 0x5a, 0x1a, 0xf1, 0xb9, 0x29, 0x26,
1715 0x8b, 0xe1, 0x06, 0xbe, 0xb2, 0x08, 0xc4, 0xc9,
1716
1717 0x3b, 0xa4, 0x36, 0xa6, 0x8e, 0x1e, 0xe9, 0x25,
1718 0x97, 0xdd, 0x12, 0x5e, 0x6e, 0xfb, 0xe5, 0x28,
1719 0x18, 0x47, 0x41, 0x75, 0xdb, 0x2f, 0x47, 0xa5,
1720 0xd0, 0xd0, 0x2b, 0xd7, 0xc0, 0x81, 0x43, 0xf1,
1721 0xc3, 0xe9, 0xbf, 0x2f, 0xf1, 0x4c, 0x18, 0x46,
1722 0xff, 0xbc, 0xdf, 0x39, 0x93, 0x88, 0x59, 0x6b
1723 };
1724
1725 static const ec_test_case eckcdsa_brainpoolp384r1_test_case = {
1726 .name = "ECKCDSA-SHA384/brainpoolp384r1",
1727 .ec_str_p = &brainpoolp384r1_str_params,
1728 .priv_key = eckcdsa_brainpoolp384r1_test_vectors_priv_key,
1729 .priv_key_len = sizeof(eckcdsa_brainpoolp384r1_test_vectors_priv_key),
1730 .nn_random = eckcdsa_nn_random_brainpoolp384r1_test_vector,
1731 .hash_type = SHA384,
1732 .msg = "brainpoolP384r1",
1733 .msglen = 15,
1734 .sig_type = ECKCDSA,
1735 .exp_sig = eckcdsa_brainpoolp384r1_test_vectors_expected_sig,
1736 .exp_siglen = sizeof(eckcdsa_brainpoolp384r1_test_vectors_expected_sig),
1737 .adata = NULL,
1738 .adata_len = 0
1739 };
1740 #endif /* WITH_CURVE_BRAINPOOLP384R1 */
1741 #endif /* WITH_HASH_SHA384 */
1742
1743 #ifdef WITH_HASH_SHA512
1744 #ifdef WITH_CURVE_BRAINPOOLP512R1
1745 #define ECKCDSA_SHA512_BRAINPOOLP512R1_SELF_TEST
1746
1747 /* ECKCDSA brainpoolp512r1 test vectors */
1748
eckcdsa_nn_random_brainpoolp512r1_test_vector(nn_t out,nn_src_t q)1749 static int eckcdsa_nn_random_brainpoolp512r1_test_vector(nn_t out, nn_src_t q)
1750 {
1751 int ret, cmp;
1752
1753 const u8 k_buf[] = {
1754 0x46, 0x3d, 0x92, 0x92, 0x3f, 0xe3, 0x37, 0xd8,
1755 0xe5, 0xfc, 0x5a, 0xbe, 0x76, 0xf6, 0x3d, 0x9e,
1756 0xec, 0x9a, 0xaf, 0x57, 0x48, 0x7d, 0xef, 0xe1,
1757 0xfa, 0xe1, 0x76, 0x5d, 0x7e, 0xf7, 0x2f, 0x5d,
1758 0x10, 0x64, 0xe1, 0xbe, 0x65, 0x68, 0x5c, 0x08,
1759 0x40, 0x59, 0x7e, 0x98, 0x79, 0x75, 0x1b, 0xda,
1760 0xc8, 0x42, 0xcf, 0xbb, 0xb0, 0x8e, 0x5c, 0x42,
1761 0x8d, 0x1c, 0xa6, 0xe7, 0x63, 0x4b, 0x37, 0xea
1762 };
1763
1764 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1765 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1766
1767 ret = (cmp >= 0) ? -1 : 0;
1768
1769 err:
1770 return ret;
1771 }
1772
1773 static const u8 eckcdsa_brainpoolp512r1_test_vectors_priv_key[] = {
1774 0xa9, 0xeb, 0x22, 0xd4, 0x1a, 0x8a, 0xa1, 0x0d,
1775 0xdf, 0xec, 0xd3, 0x1f, 0x93, 0xc8, 0xaf, 0x9a,
1776 0x38, 0x7f, 0xf5, 0x29, 0xb9, 0x81, 0xeb, 0x8e,
1777 0x3a, 0x73, 0xbe, 0x90, 0x70, 0x51, 0x99, 0x50,
1778 0xc2, 0x8d, 0x81, 0xce, 0x31, 0x84, 0x79, 0x67,
1779 0x18, 0xbf, 0xe4, 0x39, 0x17, 0x8c, 0x38, 0xe9,
1780 0xa8, 0x10, 0x99, 0xf7, 0xd2, 0x60, 0x7c, 0xbf,
1781 0x53, 0xa7, 0x12, 0xc8, 0xb8, 0xb3, 0x35, 0xcb
1782 };
1783
1784 static const u8 eckcdsa_brainpoolp512r1_test_vectors_expected_sig[] = {
1785 0xc0, 0x0d, 0x74, 0xbe, 0x19, 0x03, 0x45, 0xe3,
1786 0xd9, 0x73, 0x90, 0xfc, 0xcf, 0xa1, 0x27, 0x1d,
1787 0x5e, 0x8d, 0x8f, 0xfb, 0x15, 0x31, 0x49, 0xf6,
1788 0xa7, 0xc5, 0x69, 0xa8, 0x78, 0x63, 0x7b, 0xf5,
1789 0xcd, 0x02, 0x78, 0xf9, 0x2b, 0xce, 0x8c, 0x64,
1790 0x4c, 0xd3, 0xd4, 0x25, 0xc9, 0x50, 0x14, 0x34,
1791 0xfe, 0xdb, 0x1e, 0xc8, 0xf6, 0x55, 0x60, 0x79,
1792 0xce, 0x51, 0xf8, 0xa4, 0xcc, 0x2e, 0xa9, 0xe3,
1793
1794 0x45, 0xd8, 0xcf, 0x97, 0x8c, 0x15, 0x58, 0xbd,
1795 0x11, 0xba, 0xbe, 0x41, 0x97, 0xe1, 0x06, 0x19,
1796 0x0d, 0x60, 0x58, 0x53, 0x5e, 0xbd, 0xf4, 0x00,
1797 0x06, 0xbd, 0xf2, 0x2b, 0x11, 0x2c, 0x87, 0x7e,
1798 0xe4, 0x4c, 0xa2, 0xdc, 0xf9, 0x0a, 0xfe, 0x21,
1799 0x04, 0xbd, 0xf6, 0xd8, 0xb9, 0x07, 0xaa, 0x4c,
1800 0x75, 0xbd, 0x2e, 0x55, 0x65, 0xa3, 0xca, 0x8f,
1801 0xae, 0xb1, 0x10, 0x7e, 0x85, 0x39, 0xe2, 0x1f
1802 };
1803
1804 static const ec_test_case eckcdsa_brainpoolp512r1_test_case = {
1805 .name = "ECKCDSA-SHA512/brainpoolp512r1",
1806 .ec_str_p = &brainpoolp512r1_str_params,
1807 .priv_key = eckcdsa_brainpoolp512r1_test_vectors_priv_key,
1808 .priv_key_len = sizeof(eckcdsa_brainpoolp512r1_test_vectors_priv_key),
1809 .nn_random = eckcdsa_nn_random_brainpoolp512r1_test_vector,
1810 .hash_type = SHA512,
1811 .msg = "brainpoolP512r1",
1812 .msglen = 15,
1813 .sig_type = ECKCDSA,
1814 .exp_sig = eckcdsa_brainpoolp512r1_test_vectors_expected_sig,
1815 .exp_siglen = sizeof(eckcdsa_brainpoolp512r1_test_vectors_expected_sig),
1816 .adata = NULL,
1817 .adata_len = 0
1818 };
1819 #endif /* WITH_CURVE_BRAINPOOLP512R1 */
1820 #endif /* WITH_HASH_SHA512 */
1821
1822 #ifdef WITH_HASH_SHA256
1823 #ifdef WITH_CURVE_FRP256V1
1824 #define ECKCDSA_SHA256_FRP256V1_SELF_TEST
1825
1826 /* ECKCDSA frp256v1 test vectors */
1827
eckcdsa_nn_random_frp256v1_test_vector(nn_t out,nn_src_t q)1828 static int eckcdsa_nn_random_frp256v1_test_vector(nn_t out, nn_src_t q)
1829 {
1830 int ret, cmp;
1831
1832 const u8 k_buf[] = {
1833 0x71, 0xB8, 0x8F, 0x39, 0x89, 0x16, 0xDA, 0x9C,
1834 0x90, 0xF5, 0x55, 0xF1, 0xB5, 0x73, 0x2B, 0x7D,
1835 0xC6, 0x36, 0xB4, 0x9C, 0x63, 0x81, 0x50, 0xBA,
1836 0xC1, 0x1B, 0xF0, 0x5C, 0xFE, 0x16, 0x59, 0x6A
1837 };
1838
1839 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1840 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1841
1842 ret = (cmp >= 0) ? -1 : 0;
1843
1844 err:
1845 return ret;
1846 }
1847
1848 static const u8 eckcdsa_frp256v1_test_vectors_priv_key[] = {
1849 0x90, 0x51, 0xA2, 0x75, 0xAA, 0x4D, 0x98, 0x43,
1850 0x9E, 0xDD, 0xED, 0x13, 0xFA, 0x1C, 0x6C, 0xBB,
1851 0xCC, 0xE7, 0x75, 0xD8, 0xCC, 0x94, 0x33, 0xDE,
1852 0xE6, 0x9C, 0x59, 0x84, 0x8B, 0x35, 0x94, 0xDF
1853 };
1854
1855 static const u8 eckcdsa_frp25v1_test_vectors_expected_sig[] = {
1856 0x37, 0x58, 0xd0, 0x27, 0x18, 0x11, 0x16, 0xe9,
1857 0x2b, 0xaf, 0x70, 0xbf, 0x16, 0x48, 0x64, 0x34,
1858 0x9e, 0x75, 0x60, 0x3e, 0x89, 0xa4, 0xc6, 0xc1,
1859 0xbd, 0xb8, 0x01, 0x52, 0x2d, 0xca, 0x20, 0x31,
1860 0x2d, 0x20, 0x6f, 0x3e, 0x70, 0x5e, 0x5e, 0xfc,
1861 0x32, 0xd4, 0x3c, 0xb0, 0xe1, 0xf7, 0xb2, 0xc7,
1862 0x0c, 0xc2, 0xb0, 0x26, 0x93, 0xcb, 0x69, 0xb7,
1863 0x29, 0xb7, 0x97, 0x5c, 0x67, 0xd6, 0xa3, 0xe6
1864 };
1865
1866 static const ec_test_case eckcdsa_frp256v1_test_case = {
1867 .name = "ECKCDSA-SHA256/frp256v1",
1868 .ec_str_p = &frp256v1_str_params,
1869 .priv_key = eckcdsa_frp256v1_test_vectors_priv_key,
1870 .priv_key_len = sizeof(eckcdsa_frp256v1_test_vectors_priv_key),
1871 .nn_random = eckcdsa_nn_random_frp256v1_test_vector,
1872 .hash_type = SHA256,
1873 .msg = "abc",
1874 .msglen = 3,
1875 .sig_type = ECKCDSA,
1876 .exp_sig = eckcdsa_frp25v1_test_vectors_expected_sig,
1877 .exp_siglen = sizeof(eckcdsa_frp25v1_test_vectors_expected_sig),
1878 .adata = NULL,
1879 .adata_len = 0
1880 };
1881 #endif /* WITH_CURVE_FRP256V1 */
1882 #endif /* WITH_HASH_SHA256 */
1883 #endif /* WITH_SIG_ECKCDSA */
1884
1885 /*******************************************************************
1886 ************** ECSDSA tests ***************************************
1887 *******************************************************************/
1888
1889 #ifdef WITH_SIG_ECSDSA
1890 #ifdef WITH_HASH_SHA224
1891 #ifdef WITH_CURVE_SECP224R1
1892 #define ECSDSA_SHA224_SECP224R1_SELF_TEST
1893
1894 /* ECSDSA secp224r1 test vectors */
1895
ecsdsa_nn_random_secp224r1_test_vector(nn_t out,nn_src_t q)1896 static int ecsdsa_nn_random_secp224r1_test_vector(nn_t out, nn_src_t q)
1897 {
1898 int ret, cmp;
1899
1900 const u8 k_buf[] = {
1901 0x89, 0x99, 0x80, 0x6e, 0x0f, 0x68, 0x10, 0x9d,
1902 0x31, 0x56, 0x1b, 0x41, 0xbf, 0x1a, 0x56, 0x6e,
1903 0xfb, 0x13, 0x2c, 0x3e, 0xd7, 0x1e, 0x29, 0x5e,
1904 0x5d, 0x9b, 0x2e, 0x68
1905 };
1906
1907 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1908 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1909
1910 ret = (cmp >= 0) ? -1 : 0;
1911
1912 err:
1913 return ret;
1914 }
1915
1916 static const u8 ecsdsa_secp224r1_test_vectors_priv_key[] = {
1917 0xda, 0x71, 0x2d, 0x9b, 0x6f, 0xdb, 0xf7, 0x8f,
1918 0x92, 0x51, 0xcc, 0x3a, 0xe4, 0xc7, 0xce, 0xd3,
1919 0x87, 0x1a, 0x19, 0x9e, 0xf5, 0x91, 0xd1, 0x23,
1920 0xa9, 0x36, 0x44, 0x57
1921 };
1922
1923 static const u8 ecsdsa_secp224r1_test_vectors_expected_sig[] = {
1924 0x41, 0x69, 0xd3, 0xec, 0x93, 0x7b, 0x15, 0xce,
1925 0x15, 0x34, 0x53, 0x8d, 0x37, 0xe8, 0xc5, 0x7e,
1926 0x12, 0x1f, 0xd5, 0x9f, 0x90, 0x1b, 0x5e, 0xf8,
1927 0xd0, 0x0d, 0x62, 0x04,
1928 0xf0, 0xfe, 0xbe, 0x28, 0x36, 0xb0, 0x87, 0xec,
1929 0x44, 0x98, 0x94, 0x7a, 0x6c, 0x4c, 0x8a, 0xea,
1930 0x5a, 0x5a, 0x19, 0x8a, 0xce, 0x95, 0x2f, 0x75,
1931 0x07, 0x37, 0x23, 0x1b
1932 };
1933
1934 static const ec_test_case ecsdsa_secp224r1_test_case = {
1935 .name = "ECSDSA-SHA224/secp224r1",
1936 .ec_str_p = &secp224r1_str_params,
1937 .priv_key = ecsdsa_secp224r1_test_vectors_priv_key,
1938 .priv_key_len = sizeof(ecsdsa_secp224r1_test_vectors_priv_key),
1939 .nn_random = ecsdsa_nn_random_secp224r1_test_vector,
1940 .hash_type = SHA224,
1941 .msg = "abc",
1942 .msglen = 3,
1943 .sig_type = ECSDSA,
1944 .exp_sig = ecsdsa_secp224r1_test_vectors_expected_sig,
1945 .exp_siglen = sizeof(ecsdsa_secp224r1_test_vectors_expected_sig),
1946 .adata = NULL,
1947 .adata_len = 0
1948 };
1949 #endif /* WITH_CURVE_SECP224R1 */
1950 #endif /* WITH_HASH_SHA224 */
1951
1952 #ifdef WITH_HASH_SHA256
1953 #ifdef WITH_CURVE_SECP256R1
1954 #define ECSDSA_SHA256_SECP256R1_SELF_TEST
1955
1956 /* ECSDSA secp256r1 test vectors */
1957
ecsdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out,nn_src_t q)1958 static int ecsdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out,
1959 nn_src_t q)
1960 {
1961 int ret, cmp;
1962 const u8 k_buf[] = {
1963 0xDE, 0x7E, 0x0E, 0x5E, 0x66, 0x3F, 0x24, 0x18,
1964 0x34, 0x14, 0xB7, 0xC7, 0x2F, 0x24, 0x54, 0x6B,
1965 0x81, 0xE9, 0xE5, 0xF4, 0x10, 0xBE, 0xBF, 0x26,
1966 0xF3, 0xCA, 0x5F, 0xA8, 0x2F, 0x51, 0x92, 0xC8
1967 };
1968
1969 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
1970 ret = nn_cmp(out, q, &cmp); EG(ret, err);
1971
1972 ret = (cmp >= 0) ? -1 : 0;
1973
1974 err:
1975 return ret;
1976 }
1977
1978 static const u8 ecsdsa_secp256r1_test_vectors_priv_key[] = {
1979 0x52, 0x02, 0xA3, 0xD8, 0xAC, 0xAF, 0x69, 0x09,
1980 0xD1, 0x2C, 0x9A, 0x77, 0x4C, 0xD8, 0x86, 0xF9,
1981 0xFB, 0xA6, 0x11, 0x37, 0xFF, 0xD3, 0xE8, 0xE7,
1982 0x6A, 0xED, 0x36, 0x3F, 0xB4, 0x7A, 0xC4, 0x92
1983 };
1984
1985 static const u8 ecsdsa_secp256r1_test_vectors_expected_sig[] = {
1986 0x5A, 0x79, 0xA0, 0xAA, 0x9B, 0x24, 0x1E, 0x38,
1987 0x1A, 0x59, 0x4B, 0x22, 0x05, 0x54, 0xD0, 0x96,
1988 0xA5, 0xF0, 0x9F, 0xA6, 0x28, 0xAD, 0x9A, 0x33,
1989 0xC3, 0xCE, 0x43, 0x93, 0xAD, 0xE1, 0xDE, 0xF7,
1990 0x5C, 0x0E, 0xB7, 0x8B, 0x67, 0xA5, 0x13, 0xC3,
1991 0xE5, 0x3B, 0x26, 0x19, 0xF9, 0x68, 0x55, 0xE2,
1992 0x91, 0xD5, 0x14, 0x1C, 0x7C, 0xD0, 0x91, 0x5E,
1993 0x1D, 0x04, 0xB3, 0x47, 0x45, 0x7C, 0x96, 0x01
1994 };
1995
1996 static const ec_test_case ecsdsa_secp256r1_test_case = {
1997 .name = "ECSDSA-SHA256/secp256r1",
1998 .ec_str_p = &secp256r1_str_params,
1999 .priv_key = ecsdsa_secp256r1_test_vectors_priv_key,
2000 .priv_key_len = sizeof(ecsdsa_secp256r1_test_vectors_priv_key),
2001 .nn_random = ecsdsa_nn_random_iso14888_3_secp256r1_test_vector,
2002 .hash_type = SHA256,
2003 .msg = "abc",
2004 .msglen = 3,
2005 .sig_type = ECSDSA,
2006 .exp_sig = ecsdsa_secp256r1_test_vectors_expected_sig,
2007 .exp_siglen = sizeof(ecsdsa_secp256r1_test_vectors_expected_sig),
2008 .adata = NULL,
2009 .adata_len = 0
2010 };
2011 #endif /* WITH_CURVE_SECP256R1 */
2012 #endif /* WITH_HASH_SHA256 */
2013
2014 #ifdef WITH_HASH_SHA384
2015 #ifdef WITH_CURVE_SECP384R1
2016 #define ECSDSA_SHA384_SECP384R1_SELF_TEST
2017
2018 /* ECSDSA secp384r1 test vectors */
2019
ecsdsa_nn_random_iso14888_3_secp384r1_test_vector(nn_t out,nn_src_t q)2020 static int ecsdsa_nn_random_iso14888_3_secp384r1_test_vector(nn_t out,
2021 nn_src_t q)
2022 {
2023 int ret, cmp;
2024 const u8 k_buf[] = {
2025 0x8A, 0x29, 0xE7, 0x72, 0x35, 0x7B, 0xBA, 0x6F,
2026 0x5C, 0x9E, 0xA7, 0x65, 0xD5, 0x08, 0x2B, 0x9B,
2027 0xC7, 0xA7, 0x4C, 0x33, 0xE9, 0xD9, 0x4D, 0x49,
2028 0xFB, 0x2C, 0x9D, 0x3B, 0x52, 0x3A, 0x82, 0x16,
2029 0x96, 0x82, 0xEC, 0xF1, 0x6F, 0x1D, 0x06, 0x26,
2030 0x90, 0x42, 0xF3, 0xAF, 0x04, 0x4B, 0x4D, 0xE8
2031 };
2032
2033 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2034 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2035
2036 ret = (cmp >= 0) ? -1 : 0;
2037
2038 err:
2039 return ret;
2040 }
2041
2042 static const u8 ecsdsa_secp384r1_test_vectors_priv_key[] = {
2043 0x7E, 0x49, 0x14, 0xFE, 0x4B, 0x61, 0x70, 0x89,
2044 0xF9, 0xFE, 0x80, 0xAD, 0x91, 0x3D, 0x55, 0x30,
2045 0xEE, 0xC4, 0xF3, 0x0B, 0xCA, 0x1A, 0xD6, 0x6E,
2046 0x7B, 0x5A, 0xEA, 0xCF, 0x29, 0xD2, 0xF5, 0x67,
2047 0xD9, 0xA8, 0xF4, 0xA4, 0x55, 0x2A, 0x1A, 0x1A,
2048 0xF3, 0xE0, 0xB6, 0xD0, 0xA4, 0x9D, 0xFC, 0xC8
2049 };
2050
2051 static const u8 ecsdsa_secp384r1_test_vectors_expected_sig[] = {
2052 0xF9, 0x07, 0x55, 0x3B, 0xB5, 0xC7, 0xDE, 0x02,
2053 0x9A, 0x2A, 0x56, 0x70, 0x78, 0xDF, 0xF9, 0xB8,
2054 0x03, 0xEC, 0x64, 0x96, 0x0D, 0x75, 0xBA, 0x73,
2055 0xA8, 0x55, 0x90, 0xAC, 0xC0, 0xAC, 0x44, 0x79,
2056 0xAC, 0x52, 0xE5, 0x1D, 0x56, 0x91, 0xFC, 0xB0,
2057 0x69, 0xDC, 0x5C, 0xD2, 0x4E, 0x0B, 0xCE, 0xC7,
2058 0x0B, 0x9D, 0x66, 0xD5, 0xDE, 0x70, 0xFA, 0xA8,
2059 0xB3, 0x56, 0x34, 0xA3, 0x7B, 0x33, 0xC2, 0xC4,
2060 0x60, 0xB8, 0xDC, 0x0B, 0xD4, 0xC8, 0x74, 0x5B,
2061 0xB8, 0x4D, 0xC1, 0x5C, 0xA8, 0x57, 0x0B, 0x07,
2062 0x92, 0x58, 0xF9, 0x77, 0xDA, 0x8B, 0x40, 0x61,
2063 0xF3, 0xDA, 0x6E, 0xBD, 0x7C, 0x42, 0x9A, 0x89
2064 };
2065
2066 static const ec_test_case ecsdsa_secp384r1_test_case = {
2067 .name = "ECSDSA-SHA384/secp384r1",
2068 .ec_str_p = &secp384r1_str_params,
2069 .priv_key = ecsdsa_secp384r1_test_vectors_priv_key,
2070 .priv_key_len = sizeof(ecsdsa_secp384r1_test_vectors_priv_key),
2071 .nn_random = ecsdsa_nn_random_iso14888_3_secp384r1_test_vector,
2072 .hash_type = SHA384,
2073 .msg = "abc",
2074 .msglen = 3,
2075 .sig_type = ECSDSA,
2076 .exp_sig = ecsdsa_secp384r1_test_vectors_expected_sig,
2077 .exp_siglen = sizeof(ecsdsa_secp384r1_test_vectors_expected_sig),
2078 .adata = NULL,
2079 .adata_len = 0
2080 };
2081 #endif /* WITH_CURVE_SECP384R1 */
2082 #endif /* WITH_HASH_SHA384 */
2083
2084 #ifdef WITH_HASH_SHA512
2085 #ifdef WITH_CURVE_SECP521R1
2086 #define ECSDSA_SHA512_SECP521R1_SELF_TEST
2087
2088 /* ECSDSA secp521r1 test vectors */
2089
ecsdsa_nn_random_secp521r1_test_vector(nn_t out,nn_src_t q)2090 static int ecsdsa_nn_random_secp521r1_test_vector(nn_t out, nn_src_t q)
2091 {
2092 int ret, cmp;
2093
2094 /*
2095 * Fixed ephemeral private key for secp521r1 signature
2096 * test vectors from RFC4754
2097 */
2098 const u8 k_buf[] = {
2099 0x01, 0xad, 0xb3, 0xfd, 0xcf, 0x67, 0x5e, 0x25,
2100 0x3c, 0xfe, 0xac, 0x56, 0x1f, 0x21, 0x67, 0x67,
2101 0xa4, 0xba, 0xa7, 0x90, 0xac, 0x68, 0x1c, 0x74,
2102 0xf3, 0xdd, 0x83, 0x33, 0x5c, 0x9b, 0x37, 0x41,
2103 0xc8, 0x88, 0x77, 0x77, 0x33, 0xf7, 0xc7, 0xea,
2104 0x15, 0xd4, 0x5f, 0xa0, 0x7f, 0xba, 0x60, 0x39,
2105 0x4b, 0x3e, 0x16, 0xcd, 0xce, 0x1b, 0x02, 0xef,
2106 0xbc, 0x59, 0xba, 0xb0, 0xbd, 0x77, 0xa6, 0x50,
2107 0x07, 0xd4
2108 };
2109
2110 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2111 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2112
2113 ret = (cmp >= 0) ? -1 : 0;
2114
2115 err:
2116 return ret;
2117 }
2118
2119 static const u8 ecsdsa_secp521r1_test_vectors_priv_key[] = {
2120 0x01, 0x82, 0x1f, 0x88, 0xbd, 0xe6, 0x75, 0x1c,
2121 0x06, 0x29, 0xfb, 0x75, 0x3b, 0xb1, 0xc7, 0xec,
2122 0x07, 0xbe, 0x64, 0x82, 0x88, 0x4a, 0x77, 0x4e,
2123 0x18, 0x3e, 0x1d, 0xcf, 0x95, 0x49, 0x4f, 0x81,
2124 0x7e, 0x71, 0x5b, 0xfe, 0x1d, 0xe3, 0x17, 0x24,
2125 0xc2, 0x93, 0x24, 0x67, 0xb1, 0x39, 0x90, 0x02,
2126 0x4c, 0x25, 0xc5, 0x54, 0x13, 0xbc, 0xe1, 0x24,
2127 0xa5, 0x35, 0x83, 0xf7, 0x3a, 0x86, 0xed, 0xc4,
2128 0x39, 0xb0
2129 };
2130
2131 static const u8 ecsdsa_secp521r1_test_vectors_expected_sig[] = {
2132 0xe7, 0x3a, 0xe5, 0x72, 0x50, 0x29, 0x9b, 0x19,
2133 0x26, 0xbc, 0x79, 0x8a, 0x84, 0x6b, 0xd3, 0xbb,
2134 0x29, 0x15, 0x9d, 0x0d, 0xcb, 0x50, 0x87, 0xbb,
2135 0xd1, 0x72, 0xbd, 0x4a, 0x4b, 0x42, 0x3f, 0xb8,
2136 0xf1, 0x8b, 0xc2, 0x30, 0x1c, 0xa3, 0x1b, 0x94,
2137 0xef, 0x1a, 0xa0, 0x87, 0x71, 0x81, 0x0b, 0x37,
2138 0xa5, 0xd5, 0x4f, 0x0c, 0xde, 0xf1, 0xb1, 0xee,
2139 0xb0, 0x7b, 0x6c, 0xca, 0x35, 0xcf, 0xb2, 0x04,
2140 0x00, 0xba, 0xbf, 0x93, 0x78, 0xea, 0x91, 0x23,
2141 0x57, 0x49, 0xe1, 0x05, 0x52, 0x92, 0x2a, 0xff,
2142 0xb3, 0x32, 0x51, 0x6f, 0x59, 0xd9, 0xe1, 0x78,
2143 0x61, 0xfe, 0xb5, 0x43, 0x37, 0x40, 0xf3, 0xb8,
2144 0x18, 0x8c, 0x95, 0x2e, 0xd6, 0xb3, 0xea, 0x1a,
2145 0x37, 0x48, 0xfb, 0xa5, 0x77, 0xba, 0x69, 0xe2,
2146 0x12, 0x6b, 0x2c, 0xc9, 0x4e, 0x4c, 0x59, 0xe7,
2147 0x86, 0xe2, 0xfa, 0xdd, 0x5b, 0x79, 0xab, 0x15,
2148 0x5c, 0xf6
2149 };
2150
2151 static const ec_test_case ecsdsa_secp521r1_test_case = {
2152 .name = "ECSDSA-SHA512/secp521r1",
2153 .ec_str_p = &secp521r1_str_params,
2154 .priv_key = ecsdsa_secp521r1_test_vectors_priv_key,
2155 .priv_key_len = sizeof(ecsdsa_secp521r1_test_vectors_priv_key),
2156 .nn_random = ecsdsa_nn_random_secp521r1_test_vector,
2157 .hash_type = SHA512,
2158 .msg = "abc",
2159 .msglen = 3,
2160 .sig_type = ECSDSA,
2161 .exp_sig = ecsdsa_secp521r1_test_vectors_expected_sig,
2162 .exp_siglen = sizeof(ecsdsa_secp521r1_test_vectors_expected_sig),
2163 .adata = NULL,
2164 .adata_len = 0
2165 };
2166 #endif /* WITH_CURVE_SECP521R1 */
2167 #endif /* WITH_HASH_SHA512 */
2168
2169 #ifdef WITH_HASH_SHA256
2170 #ifdef WITH_CURVE_BRAINPOOLP256R1
2171 #define ECSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
2172
2173 /* ECSDSA Brainpoolp256r1 test vectors */
2174
ecsdsa_nn_random_brainpoolp256r1_test_vector(nn_t out,nn_src_t q)2175 static int ecsdsa_nn_random_brainpoolp256r1_test_vector(nn_t out, nn_src_t q)
2176 {
2177 int ret, cmp;
2178
2179 /*
2180 * Fixed ephemeral private key for brainpoolp256r1 signature
2181 */
2182 const u8 k_buf[] = {
2183 0x29, 0xa5, 0xc2, 0x64, 0xba, 0x76, 0x37, 0x9d,
2184 0x86, 0x49, 0x8a, 0x64, 0x16, 0xfc, 0x7f, 0xba,
2185 0x9d, 0x4f, 0x62, 0x75, 0x64, 0xc6, 0x98, 0xab,
2186 0x4d, 0x95, 0xd1, 0x90, 0x6c, 0x8c, 0x61, 0xe4
2187 };
2188
2189 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2190 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2191
2192 ret = (cmp >= 0) ? -1 : 0;
2193
2194 err:
2195 return ret;
2196 }
2197
2198 static const u8 ecsdsa_brainpoolp256r1_test_vectors_priv_key[] = {
2199 0xa9, 0x35, 0x71, 0x33, 0x4a, 0xc3, 0x2b, 0x50,
2200 0x26, 0x8d, 0xdc, 0xa0, 0x95, 0x23, 0x89, 0x3a,
2201 0x8f, 0x29, 0x89, 0xa9, 0x4f, 0x9f, 0x44, 0xa9,
2202 0x1b, 0x77, 0x43, 0xf7, 0xe1, 0x45, 0xae, 0xb7
2203 };
2204
2205 static const u8 ecsdsa_brainpoolp256r1_test_vectors_expected_sig[] = {
2206 0x0e, 0x7a, 0xf5, 0x0b, 0xf4, 0xe0, 0x8b, 0xf8,
2207 0x51, 0x00, 0x44, 0x24, 0xee, 0x9d, 0x65, 0x02,
2208 0xfc, 0xd1, 0x16, 0x4e, 0xe3, 0xd9, 0x9a, 0x00,
2209 0xa8, 0x4f, 0xd5, 0xdb, 0x81, 0x48, 0x00, 0xeb,
2210 0x64, 0x7a, 0x24, 0xe6, 0x07, 0xb6, 0xfc, 0x09,
2211 0xd8, 0x8b, 0x1b, 0x57, 0x2c, 0xfc, 0x4c, 0xe2,
2212 0x9e, 0x25, 0xfa, 0xe1, 0x43, 0x1f, 0x0d, 0xfa,
2213 0x58, 0x6b, 0xd1, 0x6d, 0xee, 0xff, 0x92, 0xb6
2214 };
2215
2216 static const ec_test_case ecsdsa_brainpoolp256r1_test_case = {
2217 .name = "ECSDSA-SHA256/brainpoolp256r1",
2218 .ec_str_p = &brainpoolp256r1_str_params,
2219 .priv_key = ecsdsa_brainpoolp256r1_test_vectors_priv_key,
2220 .priv_key_len = sizeof(ecsdsa_brainpoolp256r1_test_vectors_priv_key),
2221 .nn_random = ecsdsa_nn_random_brainpoolp256r1_test_vector,
2222 .hash_type = SHA256,
2223 .msg = "abc",
2224 .msglen = 3,
2225 .sig_type = ECSDSA,
2226 .exp_sig = ecsdsa_brainpoolp256r1_test_vectors_expected_sig,
2227 .exp_siglen = sizeof(ecsdsa_brainpoolp256r1_test_vectors_expected_sig),
2228 .adata = NULL,
2229 .adata_len = 0
2230 };
2231
2232 #endif /* WITH_CURVE_BRAINPOOLP256R1 */
2233 #endif /* WITH_HASH_SHA256 */
2234
2235 #ifdef WITH_HASH_SHA384
2236 #ifdef WITH_CURVE_BRAINPOOLP384R1
2237 #define ECSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
2238
2239 /* ECSDSA Brainpoolp384r1 test vectors */
2240
ecsdsa_nn_random_brainpoolp384r1_test_vector(nn_t out,nn_src_t q)2241 static int ecsdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q)
2242 {
2243 int ret, cmp;
2244
2245 /*
2246 * Fixed ephemeral private key for brainpoolp384r1 signature
2247 */
2248 const u8 k_buf[] = {
2249 0x4f, 0x71, 0xb2, 0x3e, 0x7f, 0xbb, 0x47, 0xa8,
2250 0x8d, 0xaf, 0xdb, 0xea, 0xdc, 0x78, 0x14, 0x50,
2251 0xa9, 0x3b, 0xc8, 0x4b, 0x5b, 0xd4, 0xd5, 0x38,
2252 0x6b, 0x1e, 0x19, 0x5f, 0x5c, 0x29, 0xe7, 0x9f,
2253 0x9e, 0xfe, 0x66, 0x1d, 0x02, 0x7b, 0xef, 0xbb,
2254 0xb1, 0xca, 0x1d, 0xa2, 0xfe, 0xa2, 0xab, 0x75
2255 };
2256
2257 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2258 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2259
2260 ret = (cmp >= 0) ? -1 : 0;
2261
2262 err:
2263 return ret;
2264 }
2265
2266 static const u8 ecsdsa_brainpoolp384r1_test_vectors_priv_key[] = {
2267 0x71, 0xa8, 0x85, 0x7e, 0x32, 0x14, 0x5f, 0x02,
2268 0x90, 0x02, 0xbe, 0xdc, 0x68, 0x77, 0x78, 0x1d,
2269 0xd9, 0x34, 0x6d, 0x5f, 0x4f, 0x7d, 0x0f, 0x96,
2270 0xe3, 0x1d, 0x6f, 0x41, 0x42, 0x36, 0x37, 0x1d,
2271 0x42, 0x2e, 0x97, 0xa9, 0x21, 0xc5, 0x04, 0x9c,
2272 0xb4, 0xbf, 0x49, 0x46, 0x8a, 0x99, 0x0a, 0x16
2273 };
2274
2275 static const u8 ecsdsa_brainpoolp384r1_test_vectors_expected_sig[] = {
2276 0x97, 0x27, 0x3d, 0x1b, 0x4a, 0x56, 0xe5, 0x55,
2277 0x77, 0xe0, 0x9c, 0xd4, 0xe0, 0x78, 0x2f, 0x6e,
2278 0x8d, 0x8b, 0x2e, 0xe0, 0xde, 0xef, 0x84, 0x44,
2279 0xd1, 0x3a, 0xc3, 0x5c, 0xe5, 0xf3, 0x5f, 0xae,
2280 0x49, 0xc2, 0x6a, 0x31, 0x26, 0xb4, 0x44, 0x88,
2281 0xc1, 0x4e, 0x3e, 0xcf, 0x78, 0x4c, 0xd8, 0xe5,
2282
2283 0x1b, 0x71, 0x79, 0x37, 0x89, 0x3a, 0x77, 0x90,
2284 0xa8, 0x80, 0x01, 0x19, 0x87, 0xb6, 0x47, 0x1e,
2285 0x4b, 0xb4, 0x56, 0xc9, 0x08, 0x79, 0x32, 0x29,
2286 0x2f, 0x28, 0x35, 0x09, 0xcb, 0x39, 0x6c, 0x68,
2287 0x13, 0x84, 0xcc, 0xb0, 0xc3, 0x97, 0x72, 0x86,
2288 0x4c, 0xb5, 0x18, 0x5e, 0xaa, 0x59, 0xf4, 0x3d
2289 };
2290
2291 static const ec_test_case ecsdsa_brainpoolp384r1_test_case = {
2292 .name = "ECSDSA-SHA384/brainpoolp384r1",
2293 .ec_str_p = &brainpoolp384r1_str_params,
2294 .priv_key = ecsdsa_brainpoolp384r1_test_vectors_priv_key,
2295 .priv_key_len = sizeof(ecsdsa_brainpoolp384r1_test_vectors_priv_key),
2296 .nn_random = ecsdsa_nn_random_brainpoolp384r1_test_vector,
2297 .hash_type = SHA384,
2298 .msg = "abc",
2299 .msglen = 3,
2300 .sig_type = ECSDSA,
2301 .exp_sig = ecsdsa_brainpoolp384r1_test_vectors_expected_sig,
2302 .exp_siglen = sizeof(ecsdsa_brainpoolp384r1_test_vectors_expected_sig),
2303 .adata = NULL,
2304 .adata_len = 0
2305 };
2306
2307 #endif /* WITH_CURVE_BRAINPOOLP384R1 */
2308 #endif /* WITH_HASH_SHA384 */
2309
2310 #ifdef WITH_HASH_SHA512
2311 #ifdef WITH_CURVE_BRAINPOOLP512R1
2312 #define ECSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST
2313
2314 /* ECSDSA Brainpoolp512r1 test vectors */
2315
ecsdsa_nn_random_brainpoolp512r1_test_vector(nn_t out,nn_src_t q)2316 static int ecsdsa_nn_random_brainpoolp512r1_test_vector(nn_t out, nn_src_t q)
2317 {
2318 int ret, cmp;
2319
2320 /*
2321 * Fixed ephemeral private key for brainpoolp512r1 signature
2322 */
2323 const u8 k_buf[] = {
2324 0x65, 0xe7, 0x6d, 0xe3, 0x2e, 0x77, 0x21, 0x67,
2325 0x3a, 0x99, 0x1d, 0x95, 0xda, 0x6f, 0x7e, 0x0a,
2326 0x5a, 0x72, 0x72, 0xf8, 0xde, 0x4a, 0xae, 0xfe,
2327 0xd9, 0x7b, 0x49, 0x07, 0xda, 0x0e, 0xe8, 0x4d,
2328 0x66, 0xdd, 0x51, 0x8e, 0x6e, 0x75, 0xd3, 0x28,
2329 0x54, 0x08, 0xaf, 0x82, 0xeb, 0xf2, 0x5a, 0x5e,
2330 0x3c, 0x14, 0x9b, 0x6e, 0xba, 0xba, 0x2b, 0x7b,
2331 0xdf, 0x6d, 0x26, 0x0e, 0x3a, 0xea, 0xae, 0xbc
2332 };
2333
2334 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2335 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2336
2337 ret = (cmp >= 0) ? -1 : 0;
2338
2339 err:
2340 return ret;
2341 }
2342
2343 static const u8 ecsdsa_brainpoolp512r1_test_vectors_priv_key[] = {
2344 0x20, 0xe6, 0xe2, 0x08, 0x67, 0xf7, 0x29, 0x0c,
2345 0x04, 0xfc, 0x00, 0x7e, 0x77, 0x34, 0x9e, 0x30,
2346 0x09, 0xaa, 0xc0, 0x3d, 0xfa, 0xf0, 0xd2, 0x56,
2347 0x70, 0x86, 0x73, 0x86, 0xca, 0xce, 0xdb, 0xcd,
2348 0x55, 0x3d, 0xd0, 0x1b, 0x86, 0xdd, 0x50, 0x17,
2349 0xe1, 0xdc, 0x45, 0xa1, 0xa5, 0xae, 0xd3, 0x80,
2350 0x72, 0xef, 0x04, 0xe7, 0x9f, 0x36, 0xc3, 0xe7,
2351 0x84, 0xd5, 0xdf, 0x80, 0x39, 0xc2, 0x5d, 0x18
2352 };
2353
2354 static const u8 ecsdsa_brainpoolp512r1_test_vectors_expected_sig[] = {
2355 0x7f, 0xf5, 0x12, 0x0a, 0xaa, 0x8f, 0x7a, 0x31,
2356 0xe9, 0xaf, 0x44, 0x4b, 0xdf, 0x97, 0x1e, 0x80,
2357 0x0c, 0xb8, 0x3c, 0x4c, 0x45, 0x39, 0xa1, 0xa6,
2358 0x51, 0x53, 0xc2, 0x32, 0x48, 0x62, 0x7a, 0x12,
2359 0xf5, 0xf3, 0xb1, 0xd6, 0xdf, 0x07, 0x78, 0x14,
2360 0xa0, 0x53, 0xcb, 0x6e, 0xef, 0x07, 0x20, 0xc3,
2361 0x9f, 0xf2, 0x34, 0x20, 0x31, 0x21, 0x5e, 0xea,
2362 0x55, 0xd7, 0xff, 0xd6, 0x4f, 0x18, 0xc2, 0x64,
2363
2364 0x45, 0xdb, 0xd2, 0xae, 0xf5, 0x0c, 0x14, 0x8b,
2365 0xad, 0xaa, 0x2d, 0x1e, 0x04, 0x06, 0xaf, 0xb9,
2366 0x1f, 0x17, 0x20, 0x3f, 0x29, 0x8c, 0xc6, 0x63,
2367 0xb6, 0xf9, 0xc4, 0x56, 0x4f, 0xa7, 0x76, 0x31,
2368 0xe5, 0x46, 0x6b, 0x86, 0x80, 0x59, 0xdf, 0x01,
2369 0x27, 0x38, 0x0f, 0x17, 0x8c, 0x59, 0xcc, 0xad,
2370 0x8c, 0x63, 0xe4, 0xa6, 0x48, 0x84, 0x88, 0x95,
2371 0x0e, 0x6f, 0xa6, 0x2a, 0xbf, 0x4b, 0xff, 0x30
2372 };
2373
2374 static const ec_test_case ecsdsa_brainpoolp512r1_test_case = {
2375 .name = "ECSDSA-SHA512/brainpoolp512r1",
2376 .ec_str_p = &brainpoolp512r1_str_params,
2377 .priv_key = ecsdsa_brainpoolp512r1_test_vectors_priv_key,
2378 .priv_key_len = sizeof(ecsdsa_brainpoolp512r1_test_vectors_priv_key),
2379 .nn_random = ecsdsa_nn_random_brainpoolp512r1_test_vector,
2380 .hash_type = SHA512,
2381 .msg = "abc",
2382 .msglen = 3,
2383 .sig_type = ECSDSA,
2384 .exp_sig = ecsdsa_brainpoolp512r1_test_vectors_expected_sig,
2385 .exp_siglen = sizeof(ecsdsa_brainpoolp512r1_test_vectors_expected_sig),
2386 .adata = NULL,
2387 .adata_len = 0
2388 };
2389 #endif /* WITH_CURVE_BRAINPOOLP512R1 */
2390 #endif /* WITH_HASH_SHA512 */
2391
2392 #ifdef WITH_HASH_SHA256
2393 #ifdef WITH_CURVE_FRP256V1
2394 #define ECSDSA_SHA256_FRP256V1_SELF_TEST
2395
2396 /* ECSDSA frp256v1 test vectors */
2397
ecsdsa_nn_random_frp256v1_test_vector(nn_t out,nn_src_t q)2398 static int ecsdsa_nn_random_frp256v1_test_vector(nn_t out, nn_src_t q)
2399 {
2400 int ret, cmp;
2401
2402 /*
2403 * Fixed ephemeral private key for frp256v1 signature
2404 */
2405 const u8 k_buf[] = {
2406 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9,
2407 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7,
2408 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15,
2409 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE
2410 };
2411
2412 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2413 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2414
2415 ret = (cmp >= 0) ? -1 : 0;
2416
2417 err:
2418 return ret;
2419 }
2420
2421 static const u8 ecsdsa_frp256v1_test_vectors_priv_key[] = {
2422 0x00, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD,
2423 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D,
2424 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75,
2425 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F
2426 };
2427
2428 static const u8 ecsdsa_frp256v1_test_vectors_expected_sig[] = {
2429 0x9e, 0x57, 0x81, 0x73, 0xf9, 0x7b, 0xbe, 0xb1,
2430 0xdc, 0xc4, 0x4f, 0xe6, 0xc1, 0x7a, 0x40, 0x9e,
2431 0x22, 0xad, 0x13, 0xa1, 0xa9, 0x69, 0x14, 0x62,
2432 0x0d, 0x08, 0x76, 0x0f, 0xe0, 0xd7, 0xc6, 0x75,
2433
2434 0x9b, 0x3a, 0xb9, 0xd5, 0xb6, 0x7f, 0xf2, 0xb9,
2435 0xaa, 0xe8, 0xc5, 0xed, 0xf9, 0x82, 0xd4, 0xf7,
2436 0x6d, 0x7c, 0x61, 0x36, 0x56, 0xe7, 0x73, 0xaa,
2437 0x1a, 0xab, 0xa6, 0x30, 0x90, 0x1d, 0x56, 0xa6,
2438 };
2439
2440 static const ec_test_case ecsdsa_frp256v1_test_case = {
2441 .name = "ECSDSA-SHA256/frp256v1",
2442 .ec_str_p = &frp256v1_str_params,
2443 .priv_key = ecsdsa_frp256v1_test_vectors_priv_key,
2444 .priv_key_len = sizeof(ecsdsa_frp256v1_test_vectors_priv_key),
2445 .nn_random = ecsdsa_nn_random_frp256v1_test_vector,
2446 .hash_type = SHA256,
2447 .msg = "abc",
2448 .msglen = 3,
2449 .sig_type = ECSDSA,
2450 .exp_sig = ecsdsa_frp256v1_test_vectors_expected_sig,
2451 .exp_siglen = sizeof(ecsdsa_frp256v1_test_vectors_expected_sig),
2452 .adata = NULL,
2453 .adata_len = 0
2454 };
2455 #endif /* WITH_CURVE_FRP256V1 */
2456 #endif /* WITH_HASH_SHA256 */
2457 #endif /* WITH_SIG_ECSDSA */
2458
2459 /*******************************************************************
2460 ************** ECOSDSA tests **************************************
2461 *******************************************************************/
2462
2463 #ifdef WITH_SIG_ECOSDSA
2464 #ifdef WITH_HASH_SHA224
2465 #ifdef WITH_CURVE_SECP224R1
2466 #define ECOSDSA_SHA224_SECP224R1_SELF_TEST
2467
2468 /* ECOSDSA secp224r1 test vectors */
2469
ecosdsa_nn_random_secp224r1_test_vector(nn_t out,nn_src_t q)2470 static int ecosdsa_nn_random_secp224r1_test_vector(nn_t out, nn_src_t q)
2471 {
2472 int ret, cmp;
2473
2474 const u8 k_buf[] = {
2475 0xc1, 0xbe, 0x08, 0xf7, 0xa6, 0xda, 0x95, 0xea,
2476 0xda, 0xc9, 0x2b, 0x7a, 0x8d, 0xfa, 0x4b, 0x8c,
2477 0x0b, 0x09, 0x9a, 0xf3, 0xa3, 0x0a, 0x23, 0xb5,
2478 0xa7, 0x6a, 0xa4, 0xc5
2479 };
2480
2481 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2482 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2483
2484 ret = (cmp >= 0) ? -1 : 0;
2485
2486 err:
2487 return ret;
2488 }
2489
2490 static const u8 ecosdsa_secp224r1_test_vectors_priv_key[] = {
2491 0xfd, 0x22, 0xee, 0x55, 0x5f, 0x4a, 0xb5, 0x40,
2492 0x1b, 0xbd, 0x53, 0x65, 0xec, 0x8a, 0xec, 0x37,
2493 0xf3, 0xb4, 0xcb, 0xe4, 0xeb, 0xdd, 0x55, 0x40,
2494 0xad, 0x92, 0x29, 0xf0
2495 };
2496
2497 static const u8 ecosdsa_secp224r1_test_vectors_expected_sig[] = {
2498 0x48, 0x33, 0x6d, 0x3d, 0x8d, 0xa5, 0x3b, 0x5d,
2499 0xff, 0xca, 0x3e, 0x36, 0x24, 0x7b, 0xeb, 0x07,
2500 0x0c, 0x32, 0x53, 0x21, 0xf3, 0x7e, 0xb3, 0xf7,
2501 0xe3, 0xb1, 0xaa, 0xb3,
2502 0x28, 0x39, 0xe8, 0x80, 0xbe, 0x1a, 0x2e, 0xd8,
2503 0x31, 0x4f, 0x85, 0x2d, 0xf6, 0x6b, 0x1a, 0xc0,
2504 0xb7, 0x22, 0x89, 0xa9, 0xf8, 0x70, 0xd5, 0x19,
2505 0xbb, 0x80, 0x11, 0x16
2506 };
2507
2508 static const ec_test_case ecosdsa_secp224r1_test_case = {
2509 .name = "ECOSDSA-SHA224/secp224r1",
2510 .ec_str_p = &secp224r1_str_params,
2511 .priv_key = ecosdsa_secp224r1_test_vectors_priv_key,
2512 .priv_key_len = sizeof(ecosdsa_secp224r1_test_vectors_priv_key),
2513 .nn_random = ecosdsa_nn_random_secp224r1_test_vector,
2514 .hash_type = SHA224,
2515 .msg = "abc",
2516 .msglen = 3,
2517 .sig_type = ECOSDSA,
2518 .exp_sig = ecosdsa_secp224r1_test_vectors_expected_sig,
2519 .exp_siglen = sizeof(ecosdsa_secp224r1_test_vectors_expected_sig),
2520 .adata = NULL,
2521 .adata_len = 0
2522 };
2523 #endif /* WITH_CURVE_SECP224R1 */
2524 #endif /* WITH_HASH_SHA224 */
2525
2526 #ifdef WITH_HASH_SHA256
2527 #ifdef WITH_CURVE_SECP256R1
2528 #define ECOSDSA_SHA256_SECP256R1_SELF_TEST
2529
2530 /* ECOSDSA secp256r1 test vectors */
2531
ecosdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out,nn_src_t q)2532 static int ecosdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out,
2533 nn_src_t q)
2534 {
2535 int ret, cmp;
2536 const u8 k_buf[] = {
2537 0xDE, 0x7E, 0x0E, 0x5E, 0x66, 0x3F, 0x24, 0x18,
2538 0x34, 0x14, 0xB7, 0xC7, 0x2F, 0x24, 0x54, 0x6B,
2539 0x81, 0xE9, 0xE5, 0xF4, 0x10, 0xBE, 0xBF, 0x26,
2540 0xF3, 0xCA, 0x5F, 0xA8, 0x2F, 0x51, 0x92, 0xC8
2541 };
2542
2543 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2544 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2545
2546 ret = (cmp >= 0) ? -1 : 0;
2547
2548 err:
2549 return ret;
2550 }
2551
2552 static const u8 ecosdsa_secp256r1_test_vectors_priv_key[] = {
2553 0x52, 0x02, 0xA3, 0xD8, 0xAC, 0xAF, 0x69, 0x09,
2554 0xD1, 0x2C, 0x9A, 0x77, 0x4C, 0xD8, 0x86, 0xF9,
2555 0xFB, 0xA6, 0x11, 0x37, 0xFF, 0xD3, 0xE8, 0xE7,
2556 0x6A, 0xED, 0x36, 0x3F, 0xB4, 0x7A, 0xC4, 0x92
2557 };
2558
2559 static const u8 ecosdsa_secp256r1_test_vectors_expected_sig[] = {
2560 0xD7, 0xFB, 0x81, 0x35, 0xD8, 0xEA, 0x45, 0xE8,
2561 0xFB, 0x3C, 0x90, 0x59, 0xF1, 0x46, 0xE2, 0x63,
2562 0x0E, 0xF4, 0xBD, 0x51, 0xC4, 0x00, 0x6A, 0x92,
2563 0xED, 0xB4, 0xC8, 0xB0, 0x84, 0x99, 0x63, 0xFB,
2564 0xB4, 0x6D, 0x15, 0x25, 0x37, 0x9E, 0x02, 0xE2,
2565 0x32, 0xD9, 0x79, 0x28, 0x26, 0x5B, 0x72, 0x54,
2566 0xEA, 0x2E, 0xD9, 0x78, 0x13, 0x45, 0x43, 0x88,
2567 0xC1, 0xA0, 0x8F, 0x62, 0xDC, 0xCD, 0x70, 0xB3
2568 };
2569
2570 static const ec_test_case ecosdsa_secp256r1_test_case = {
2571 .name = "ECOSDSA-SHA256/secp256r1",
2572 .ec_str_p = &secp256r1_str_params,
2573 .priv_key = ecosdsa_secp256r1_test_vectors_priv_key,
2574 .priv_key_len = sizeof(ecosdsa_secp256r1_test_vectors_priv_key),
2575 .nn_random = ecosdsa_nn_random_iso14888_3_secp256r1_test_vector,
2576 .hash_type = SHA256,
2577 .msg = "abc",
2578 .msglen = 3,
2579 .sig_type = ECOSDSA,
2580 .exp_sig = ecosdsa_secp256r1_test_vectors_expected_sig,
2581 .exp_siglen = sizeof(ecosdsa_secp256r1_test_vectors_expected_sig),
2582 .adata = NULL,
2583 .adata_len = 0
2584 };
2585 #endif /* WITH_CURVE_SECP256R1 */
2586 #endif /* WITH_HASH_SHA256 */
2587
2588 #ifdef WITH_HASH_SHA384
2589 #ifdef WITH_CURVE_SECP384R1
2590 #define ECOSDSA_SHA384_SECP384R1_SELF_TEST
2591
2592 /* ECOSDSA secp384r1 test vectors */
2593
ecosdsa_nn_random_iso14888_3_secp384r1_test_vector(nn_t out,nn_src_t q)2594 static int ecosdsa_nn_random_iso14888_3_secp384r1_test_vector(nn_t out,
2595 nn_src_t q)
2596
2597 {
2598 int ret, cmp;
2599 const u8 k_buf[] = {
2600 0x8A, 0x29, 0xE7, 0x72, 0x35, 0x7B, 0xBA, 0x6F,
2601 0x5C, 0x9E, 0xA7, 0x65, 0xD5, 0x08, 0x2B, 0x9B,
2602 0xC7, 0xA7, 0x4C, 0x33, 0xE9, 0xD9, 0x4D, 0x49,
2603 0xFB, 0x2C, 0x9D, 0x3B, 0x52, 0x3A, 0x82, 0x16,
2604 0x96, 0x82, 0xEC, 0xF1, 0x6F, 0x1D, 0x06, 0x26,
2605 0x90, 0x42, 0xF3, 0xAF, 0x04, 0x4B, 0x4D, 0xE8
2606 };
2607
2608 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2609 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2610
2611 ret = (cmp >= 0) ? -1 : 0;
2612
2613 err:
2614 return ret;
2615 }
2616
2617 static const u8 ecosdsa_secp384r1_test_vectors_priv_key[] = {
2618 0x7E, 0x49, 0x14, 0xFE, 0x4B, 0x61, 0x70, 0x89,
2619 0xF9, 0xFE, 0x80, 0xAD, 0x91, 0x3D, 0x55, 0x30,
2620 0xEE, 0xC4, 0xF3, 0x0B, 0xCA, 0x1A, 0xD6, 0x6E,
2621 0x7B, 0x5A, 0xEA, 0xCF, 0x29, 0xD2, 0xF5, 0x67,
2622 0xD9, 0xA8, 0xF4, 0xA4, 0x55, 0x2A, 0x1A, 0x1A,
2623 0xF3, 0xE0, 0xB6, 0xD0, 0xA4, 0x9D, 0xFC, 0xC8
2624 };
2625
2626 static const u8 ecosdsa_secp384r1_test_vectors_expected_sig[] = {
2627 0x27, 0xD2, 0xF5, 0xB9, 0x62, 0xA3, 0xAC, 0xF6,
2628 0x39, 0x0A, 0x47, 0x18, 0xEA, 0x54, 0x0D, 0xA7,
2629 0x96, 0x12, 0xA6, 0x0E, 0xAA, 0x15, 0xBE, 0xBB,
2630 0x00, 0xB9, 0xE1, 0x66, 0x57, 0x83, 0xF7, 0xC7,
2631 0x91, 0xCC, 0xAC, 0x42, 0x2C, 0xEE, 0x81, 0x5A,
2632 0x9C, 0x5D, 0xA3, 0x67, 0x8A, 0xC8, 0xD1, 0xF0,
2633 0x22, 0xCC, 0x89, 0xCE, 0xB9, 0xE6, 0xBE, 0x84,
2634 0x15, 0xCC, 0x14, 0xB3, 0x99, 0xBC, 0x66, 0xE6,
2635 0xF3, 0xA2, 0x1E, 0x5B, 0xA3, 0x8E, 0x09, 0xA6,
2636 0xDE, 0x8D, 0xE6, 0x70, 0xA1, 0x45, 0xC0, 0xE4,
2637 0x74, 0xD5, 0xCC, 0x88, 0xBE, 0x88, 0x78, 0xF0,
2638 0x12, 0x3C, 0xC6, 0x62, 0x25, 0xA1, 0xBA, 0x12
2639 };
2640
2641 static const ec_test_case ecosdsa_secp384r1_test_case = {
2642 .name = "ECOSDSA-SHA384/secp384r1",
2643 .ec_str_p = &secp384r1_str_params,
2644 .priv_key = ecosdsa_secp384r1_test_vectors_priv_key,
2645 .priv_key_len = sizeof(ecosdsa_secp384r1_test_vectors_priv_key),
2646 .nn_random = ecosdsa_nn_random_iso14888_3_secp384r1_test_vector,
2647 .hash_type = SHA384,
2648 .msg = "abc",
2649 .msglen = 3,
2650 .sig_type = ECOSDSA,
2651 .exp_sig = ecosdsa_secp384r1_test_vectors_expected_sig,
2652 .exp_siglen = sizeof(ecosdsa_secp384r1_test_vectors_expected_sig),
2653 .adata = NULL,
2654 .adata_len = 0
2655 };
2656 #endif /* WITH_CURVE_SECP384R1 */
2657 #endif /* WITH_HASH_SHA384 */
2658
2659 #ifdef WITH_HASH_SHA512
2660 #ifdef WITH_CURVE_SECP521R1
2661 #define ECOSDSA_SHA512_SECP521R1_SELF_TEST
2662
2663 /* ECOSDSA secp521r1 test vectors */
2664
ecosdsa_nn_random_secp521r1_test_vector(nn_t out,nn_src_t q)2665 static int ecosdsa_nn_random_secp521r1_test_vector(nn_t out, nn_src_t q)
2666 {
2667 int ret, cmp;
2668
2669 /*
2670 * Fixed ephemeral private key for secp521r1 signature
2671 * test vectors from RFC4754
2672 */
2673 const u8 k_buf[] = {
2674 0x01, 0x73, 0x03, 0x00, 0x16, 0x30, 0x79, 0x94,
2675 0x9b, 0xb6, 0xe3, 0x60, 0x3c, 0x96, 0xf6, 0xf0,
2676 0x90, 0x23, 0xa6, 0xf7, 0x48, 0xc5, 0xa6, 0xfc,
2677 0x41, 0xec, 0x39, 0xf5, 0x24, 0x04, 0x59, 0x59,
2678 0xa8, 0xfe, 0x4c, 0xc1, 0x9b, 0x01, 0x47, 0x5a,
2679 0xac, 0xc5, 0xf3, 0x92, 0xab, 0x50, 0x60, 0x1f,
2680 0x39, 0x8b, 0xc3, 0xb8, 0x01, 0x4a, 0x63, 0x91,
2681 0x1b, 0xce, 0x30, 0xe7, 0xcc, 0x0f, 0x3d, 0x82,
2682 0x3b, 0x05
2683 };
2684
2685 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2686 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2687
2688 ret = (cmp >= 0) ? -1 : 0;
2689
2690 err:
2691 return ret;
2692 }
2693
2694 static const u8 ecosdsa_secp521r1_test_vectors_priv_key[] = {
2695 0x01, 0x08, 0xb9, 0x4c, 0x21, 0x92, 0x06, 0xb8,
2696 0xd8, 0x92, 0x16, 0x90, 0xa5, 0x15, 0x76, 0xae,
2697 0x70, 0x3d, 0x46, 0x4b, 0x71, 0xbd, 0xf5, 0x68,
2698 0xf9, 0xf6, 0x70, 0x92, 0x95, 0x67, 0x85, 0x80,
2699 0x55, 0xb9, 0x16, 0xdb, 0xce, 0x5d, 0xb5, 0x6a,
2700 0x25, 0xb7, 0x91, 0x33, 0x25, 0xf5, 0x14, 0xf7,
2701 0x2a, 0x22, 0xbe, 0x4e, 0xfb, 0x4d, 0xb7, 0x9e,
2702 0x2f, 0x01, 0xb5, 0x71, 0xa9, 0x3f, 0x21, 0x79,
2703 0x82, 0xc5
2704 };
2705
2706 static const u8 ecosdsa_secp521r1_test_vectors_expected_sig[] = {
2707 0xbd, 0x54, 0xe8, 0xd7, 0x27, 0x1c, 0xcc, 0x1e,
2708 0x0a, 0xdd, 0xc3, 0x33, 0x8a, 0x99, 0xeb, 0x94,
2709 0x5e, 0x65, 0x40, 0x18, 0x05, 0x6f, 0xaf, 0x7e,
2710 0xc7, 0x6c, 0x0a, 0xa6, 0xb4, 0xd2, 0x62, 0x89,
2711 0x00, 0xe0, 0x5c, 0x05, 0x24, 0x95, 0xa0, 0x91,
2712 0x7d, 0x80, 0x85, 0x14, 0xd9, 0x1e, 0x41, 0x42,
2713 0xc5, 0xae, 0x53, 0x06, 0x24, 0x31, 0xe2, 0x31,
2714 0x05, 0x8d, 0xb5, 0x19, 0x2e, 0x35, 0x90, 0xe3,
2715
2716 0x00, 0x52, 0x7b, 0xab, 0x84, 0xc9, 0xaf, 0x15,
2717 0xcf, 0xa7, 0xd9, 0x25, 0x29, 0xdc, 0x15, 0xd2,
2718 0x17, 0x45, 0xee, 0x04, 0x88, 0x91, 0xf5, 0xe0,
2719 0x6a, 0x06, 0x65, 0xe5, 0xcb, 0x16, 0x2e, 0x62,
2720 0x2a, 0x0a, 0x62, 0xc3, 0x12, 0x23, 0xcc, 0x21,
2721 0x6d, 0x8f, 0xfe, 0xc3, 0x3a, 0xcd, 0xdd, 0xe5,
2722 0x0d, 0x58, 0xef, 0xe3, 0x87, 0x89, 0x3a, 0x5c,
2723 0xbc, 0xe2, 0xea, 0x07, 0x6e, 0x3b, 0x7c, 0xe7,
2724 0x95, 0x00,
2725 };
2726
2727 static const ec_test_case ecosdsa_secp521r1_test_case = {
2728 .name = "ECOSDSA-SHA512/secp521r1",
2729 .ec_str_p = &secp521r1_str_params,
2730 .priv_key = ecosdsa_secp521r1_test_vectors_priv_key,
2731 .priv_key_len = sizeof(ecosdsa_secp521r1_test_vectors_priv_key),
2732 .nn_random = ecosdsa_nn_random_secp521r1_test_vector,
2733 .hash_type = SHA512,
2734 .msg = "abc",
2735 .msglen = 3,
2736 .sig_type = ECOSDSA,
2737 .exp_sig = ecosdsa_secp521r1_test_vectors_expected_sig,
2738 .exp_siglen = sizeof(ecosdsa_secp521r1_test_vectors_expected_sig),
2739 .adata = NULL,
2740 .adata_len = 0
2741 };
2742 #endif /* WITH_CURVE_SECP521R1 */
2743 #endif /* WITH_HASH_SHA512 */
2744
2745 #ifdef WITH_HASH_SHA256
2746 #ifdef WITH_CURVE_BRAINPOOLP256R1
2747 #define ECOSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
2748
2749 /* ECOSDSA Brainpoolp256r1 test vectors */
2750
ecosdsa_nn_random_brainpoolp256r1_test_vector(nn_t out,nn_src_t q)2751 static int ecosdsa_nn_random_brainpoolp256r1_test_vector(nn_t out, nn_src_t q)
2752 {
2753 int ret, cmp;
2754
2755 /*
2756 * Fixed ephemeral private key for brainpoolp256r1 signature
2757 */
2758 const u8 k_buf[] = {
2759 0x3f, 0x80, 0xde, 0x27, 0x3e, 0xef, 0xc9, 0x53,
2760 0xc9, 0x25, 0xab, 0x53, 0xdd, 0xba, 0xd4, 0xb3,
2761 0x23, 0x98, 0xb7, 0xcc, 0x39, 0xb1, 0xda, 0xe4,
2762 0xbe, 0x68, 0x37, 0xd4, 0xd9, 0x9e, 0xa0, 0x49
2763 };
2764
2765 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2766 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2767
2768 ret = (cmp >= 0) ? -1 : 0;
2769
2770 err:
2771 return ret;
2772 }
2773
2774 static const u8 ecosdsa_brainpoolp256r1_test_vectors_priv_key[] = {
2775 0xa8, 0x44, 0x22, 0x5a, 0xf8, 0xae, 0xb6, 0xa7,
2776 0x66, 0x10, 0x93, 0xe5, 0x44, 0xd8, 0x47, 0xa0,
2777 0x63, 0x82, 0x08, 0xcf, 0xc6, 0x4f, 0x6e, 0xa8,
2778 0x1c, 0xbb, 0x0d, 0xbb, 0xcf, 0x16, 0x4d, 0xa2
2779 };
2780
2781 static const u8 ecosdsa_brainpoolp256r1_test_vectors_expected_sig[] = {
2782 0xc1, 0x5a, 0x0e, 0xd2, 0x9c, 0x39, 0x3b, 0x04,
2783 0x14, 0xaa, 0x40, 0xe5, 0x1c, 0xe6, 0x45, 0x28,
2784 0x19, 0xa9, 0x7f, 0x66, 0x1b, 0x4f, 0x11, 0x50,
2785 0x13, 0x8f, 0xc4, 0xe6, 0x96, 0x47, 0xe1, 0xa4,
2786
2787 0x1c, 0x26, 0x9e, 0x5e, 0xd2, 0x9d, 0x38, 0x1a,
2788 0xc4, 0xa0, 0xed, 0x86, 0xe4, 0x73, 0x68, 0x46,
2789 0xa4, 0x34, 0x72, 0x6a, 0xb5, 0x36, 0x0d, 0x3a,
2790 0x7e, 0x2b, 0x1c, 0x44, 0x0a, 0x69, 0xfe, 0xde
2791 };
2792
2793 static const ec_test_case ecosdsa_brainpoolp256r1_test_case = {
2794 .name = "ECOSDSA-SHA256/brainpoolp256r1",
2795 .ec_str_p = &brainpoolp256r1_str_params,
2796 .priv_key = ecosdsa_brainpoolp256r1_test_vectors_priv_key,
2797 .priv_key_len = sizeof(ecosdsa_brainpoolp256r1_test_vectors_priv_key),
2798 .nn_random = ecosdsa_nn_random_brainpoolp256r1_test_vector,
2799 .hash_type = SHA256,
2800 .msg = "abc",
2801 .msglen = 3,
2802 .sig_type = ECOSDSA,
2803 .exp_sig = ecosdsa_brainpoolp256r1_test_vectors_expected_sig,
2804 .exp_siglen = sizeof(ecosdsa_brainpoolp256r1_test_vectors_expected_sig),
2805 .adata = NULL,
2806 .adata_len = 0
2807 };
2808
2809 #endif /* WITH_CURVE_BRAINPOOLP256R1 */
2810 #endif /* WITH_HASH_SHA256 */
2811
2812 #ifdef WITH_HASH_SHA384
2813 #ifdef WITH_CURVE_BRAINPOOLP384R1
2814 #define ECOSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
2815
2816 /* ECOSDSA Brainpoolp384r1 test vectors */
2817
ecosdsa_nn_random_brainpoolp384r1_test_vector(nn_t out,nn_src_t q)2818 static int ecosdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q)
2819 {
2820 int ret, cmp;
2821
2822 /*
2823 * Fixed ephemeral private key for brainpoolp384r1 signature
2824 */
2825 const u8 k_buf[] = {
2826 0x4c, 0x0f, 0xa0, 0xfb, 0xd2, 0xec, 0x92, 0x0f,
2827 0x70, 0x32, 0xb2, 0xd5, 0xa4, 0xb0, 0xe5, 0xb0,
2828 0x88, 0xc1, 0x70, 0x6a, 0xe1, 0x4a, 0xc7, 0x49,
2829 0xc3, 0x14, 0x8a, 0x09, 0x9d, 0x3f, 0x0e, 0xde,
2830 0xe6, 0xf9, 0x73, 0x36, 0x76, 0x3b, 0xa7, 0x53,
2831 0x4c, 0xf5, 0x29, 0xa3, 0xd6, 0xe4, 0x60, 0x3e
2832 };
2833
2834 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2835 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2836
2837 ret = (cmp >= 0) ? -1 : 0;
2838
2839 err:
2840 return ret;
2841 }
2842
2843 static const u8 ecosdsa_brainpoolp384r1_test_vectors_priv_key[] = {
2844 0x84, 0x27, 0xc5, 0xc6, 0xb1, 0x95, 0x1a, 0x87,
2845 0x4a, 0x00, 0x02, 0xfc, 0xeb, 0x8b, 0x8f, 0x46,
2846 0x53, 0x2a, 0x82, 0xff, 0xac, 0x72, 0x78, 0x70,
2847 0x6a, 0x04, 0xe6, 0x25, 0x6b, 0x0f, 0xbd, 0x6e,
2848 0x10, 0xab, 0x74, 0x9d, 0xee, 0x3e, 0x02, 0x7d,
2849 0xc5, 0x2e, 0x3c, 0x55, 0x25, 0xc0, 0x1e, 0x7d
2850 };
2851
2852 static const u8 ecosdsa_brainpoolp384r1_test_vectors_expected_sig[] = {
2853 0xf8, 0x8e, 0x7c, 0x39, 0xcf, 0x98, 0xa5, 0x7d,
2854 0xb1, 0x6f, 0x3b, 0xea, 0x31, 0x61, 0xd5, 0x8a,
2855 0x9d, 0x90, 0xfe, 0x4b, 0xa8, 0xc0, 0x71, 0x65,
2856 0x93, 0x63, 0x34, 0x99, 0x0b, 0x06, 0xaf, 0x5e,
2857 0x86, 0xb1, 0x10, 0x53, 0x39, 0xfd, 0xf1, 0x52,
2858 0xda, 0x28, 0x9f, 0x6b, 0x4c, 0xd4, 0x20, 0x43,
2859
2860 0x69, 0x4e, 0x23, 0x7e, 0xc4, 0x5a, 0x83, 0x22,
2861 0x61, 0x53, 0xfd, 0x08, 0xc7, 0x5e, 0xdc, 0x69,
2862 0xc0, 0x22, 0x3f, 0x59, 0x8b, 0xf1, 0x9e, 0x8d,
2863 0x07, 0xb0, 0xb2, 0x38, 0x8a, 0xe2, 0xb7, 0x79,
2864 0x46, 0xda, 0xa2, 0x39, 0x4d, 0x7a, 0xce, 0x38,
2865 0x2a, 0xc6, 0xbe, 0xda, 0x21, 0x67, 0x81, 0xbf
2866 };
2867
2868 static const ec_test_case ecosdsa_brainpoolp384r1_test_case = {
2869 .name = "ECOSDSA-SHA384/brainpoolp384r1",
2870 .ec_str_p = &brainpoolp384r1_str_params,
2871 .priv_key = ecosdsa_brainpoolp384r1_test_vectors_priv_key,
2872 .priv_key_len = sizeof(ecosdsa_brainpoolp384r1_test_vectors_priv_key),
2873 .nn_random = ecosdsa_nn_random_brainpoolp384r1_test_vector,
2874 .hash_type = SHA384,
2875 .msg = "abc",
2876 .msglen = 3,
2877 .sig_type = ECOSDSA,
2878 .exp_sig = ecosdsa_brainpoolp384r1_test_vectors_expected_sig,
2879 .exp_siglen = sizeof(ecosdsa_brainpoolp384r1_test_vectors_expected_sig),
2880 .adata = NULL,
2881 .adata_len = 0
2882 };
2883
2884 #endif /* WITH_CURVE_BRAINPOOLP384R1 */
2885 #endif /* WITH_HASH_SHA384 */
2886
2887 #ifdef WITH_HASH_SHA512
2888 #ifdef WITH_CURVE_BRAINPOOLP512R1
2889 #define ECOSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST
2890
2891 /* ECOSDSA Brainpoolp512r1 test vectors */
2892
ecosdsa_nn_random_brainpoolp512r1_test_vector(nn_t out,nn_src_t q)2893 static int ecosdsa_nn_random_brainpoolp512r1_test_vector(nn_t out, nn_src_t q)
2894 {
2895 int ret, cmp;
2896
2897 /*
2898 * Fixed ephemeral private key for brainpoolp512r1 signature
2899 */
2900 const u8 k_buf[] = {
2901 0x70, 0x82, 0xf3, 0x1a, 0xb1, 0x06, 0x2d, 0x5b,
2902 0xb8, 0x16, 0x87, 0xd5, 0x65, 0x34, 0x74, 0xc3,
2903 0x53, 0x23, 0x0a, 0xc0, 0x09, 0xde, 0xd1, 0x44,
2904 0xad, 0x47, 0x86, 0xda, 0x89, 0xbf, 0x33, 0x0e,
2905 0x34, 0xd2, 0x12, 0x40, 0x44, 0xa5, 0x8b, 0x08,
2906 0x5a, 0x7e, 0x70, 0xbc, 0xfd, 0xed, 0x72, 0x03,
2907 0x07, 0x66, 0xc5, 0x41, 0x49, 0x1a, 0xda, 0x73,
2908 0x34, 0x3e, 0x7d, 0xf9, 0x0f, 0x0a, 0x4e, 0x38
2909 };
2910
2911 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2912 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2913
2914 ret = (cmp >= 0) ? -1 : 0;
2915
2916 err:
2917 return ret;
2918 }
2919
2920 static const u8 ecosdsa_brainpoolp512r1_test_vectors_priv_key[] = {
2921 0x9d, 0xf5, 0xaa, 0xf5, 0xdb, 0xc9, 0x8d, 0x6b,
2922 0x55, 0xf2, 0xa0, 0x8c, 0xd7, 0xea, 0x7f, 0x7b,
2923 0x19, 0xdb, 0xc7, 0x8c, 0x28, 0x0d, 0x76, 0xd5,
2924 0xd1, 0xd2, 0x71, 0xf1, 0x73, 0xc3, 0xca, 0x1e,
2925 0xf8, 0xfa, 0x96, 0x87, 0x10, 0xd6, 0x14, 0x06,
2926 0xff, 0xce, 0x74, 0x89, 0x34, 0x27, 0x19, 0x57,
2927 0x5d, 0x8a, 0x9e, 0x3f, 0x0a, 0xcc, 0xf4, 0x53,
2928 0xfa, 0x51, 0x5a, 0x8d, 0xcd, 0x3f, 0x5a, 0xf6
2929 };
2930
2931 static const u8 ecosdsa_brainpoolp512r1_test_vectors_expected_sig[] = {
2932 0xb2, 0x08, 0xeb, 0xa4, 0xf6, 0x87, 0x2b, 0xd6,
2933 0xcd, 0xef, 0xad, 0x6e, 0x72, 0x50, 0xb0, 0xb1,
2934 0x43, 0xb1, 0x4d, 0xfd, 0xf6, 0x10, 0xe8, 0xb5,
2935 0x95, 0x60, 0xec, 0xe6, 0xf7, 0x03, 0x56, 0xf6,
2936 0xac, 0xc0, 0x69, 0x57, 0xb5, 0x31, 0x30, 0x60,
2937 0x0f, 0x58, 0x3f, 0x6a, 0x8d, 0xf8, 0x1d, 0x4b,
2938 0xb0, 0xe3, 0x05, 0xe8, 0xdb, 0x5a, 0xee, 0x7f,
2939 0x15, 0xdb, 0xa8, 0xac, 0xbc, 0x3e, 0xba, 0x5d,
2940
2941 0x79, 0xc7, 0xad, 0xc8, 0x4a, 0x09, 0xd2, 0x84,
2942 0x30, 0x9b, 0x09, 0xdc, 0xe3, 0x79, 0x69, 0x33,
2943 0x4b, 0xb5, 0x3e, 0x57, 0x4c, 0x57, 0x1f, 0xf7,
2944 0x41, 0x48, 0xeb, 0x27, 0xf9, 0xcc, 0xb9, 0x9c,
2945 0x23, 0xd7, 0xed, 0xd2, 0x7e, 0x46, 0xb6, 0xd9,
2946 0x1e, 0x59, 0xc3, 0xb5, 0x62, 0x66, 0x6a, 0x88,
2947 0xab, 0x3c, 0x66, 0x48, 0x96, 0x57, 0xbb, 0xd4,
2948 0xd7, 0x4c, 0xac, 0x91, 0x59, 0xfc, 0xb2, 0x08
2949 };
2950
2951 static const ec_test_case ecosdsa_brainpoolp512r1_test_case = {
2952 .name = "ECOSDSA-SHA512/brainpoolp512r1",
2953 .ec_str_p = &brainpoolp512r1_str_params,
2954 .priv_key = ecosdsa_brainpoolp512r1_test_vectors_priv_key,
2955 .priv_key_len = sizeof(ecosdsa_brainpoolp512r1_test_vectors_priv_key),
2956 .nn_random = ecosdsa_nn_random_brainpoolp512r1_test_vector,
2957 .hash_type = SHA512,
2958 .msg = "abc",
2959 .msglen = 3,
2960 .sig_type = ECOSDSA,
2961 .exp_sig = ecosdsa_brainpoolp512r1_test_vectors_expected_sig,
2962 .exp_siglen = sizeof(ecosdsa_brainpoolp512r1_test_vectors_expected_sig),
2963 .adata = NULL,
2964 .adata_len = 0
2965 };
2966 #endif /* WITH_CURVE_BRAINPOOLP512R1 */
2967 #endif /* WITH_HASH_SHA512 */
2968
2969 #ifdef WITH_HASH_SHA256
2970 #ifdef WITH_CURVE_FRP256V1
2971 #define ECOSDSA_SHA256_FRP256V1_SELF_TEST
2972
2973 /* ECOSDSA frp256v1 test vectors */
2974
ecosdsa_nn_random_frp256v1_test_vector(nn_t out,nn_src_t q)2975 static int ecosdsa_nn_random_frp256v1_test_vector(nn_t out, nn_src_t q)
2976 {
2977 int ret, cmp;
2978
2979 /*
2980 * Fixed ephemeral private key for frp256v1 signature
2981 */
2982 const u8 k_buf[] = {
2983 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9,
2984 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7,
2985 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15,
2986 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE
2987 };
2988
2989 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
2990 ret = nn_cmp(out, q, &cmp); EG(ret, err);
2991
2992 ret = (cmp >= 0) ? -1 : 0;
2993
2994 err:
2995 return ret;
2996 }
2997
2998 static const u8 ecosdsa_frp256v1_test_vectors_priv_key[] = {
2999 0x00, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD,
3000 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D,
3001 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75,
3002 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F
3003 };
3004
3005 static const u8 ecosdsa_frp256v1_test_vectors_expected_sig[] = {
3006 0xae, 0xc2, 0x3f, 0x82, 0x0f, 0x4c, 0x50, 0x80,
3007 0xf4, 0xcd, 0x15, 0xd1, 0xd4, 0x7d, 0x68, 0x51,
3008 0x5e, 0x98, 0xb2, 0x85, 0xe2, 0x6f, 0x6a, 0x08,
3009 0x61, 0x46, 0x4b, 0x7e, 0x2b, 0xe0, 0xa4, 0x61,
3010
3011 0xd7, 0xa4, 0x22, 0x5f, 0x29, 0x79, 0x8c, 0x78,
3012 0x97, 0x2f, 0x1b, 0xce, 0x6b, 0x35, 0x97, 0x7d,
3013 0x85, 0x9b, 0x7e, 0x22, 0x9b, 0xde, 0xa4, 0x19,
3014 0xc9, 0xbe, 0x26, 0x35, 0x9e, 0x54, 0xea, 0x14
3015 };
3016
3017 static const ec_test_case ecosdsa_frp256v1_test_case = {
3018 .name = "ECOSDSA-SHA256/frp256v1",
3019 .ec_str_p = &frp256v1_str_params,
3020 .priv_key = ecosdsa_frp256v1_test_vectors_priv_key,
3021 .priv_key_len = sizeof(ecosdsa_frp256v1_test_vectors_priv_key),
3022 .nn_random = ecosdsa_nn_random_frp256v1_test_vector,
3023 .hash_type = SHA256,
3024 .msg = "abc",
3025 .msglen = 3,
3026 .sig_type = ECOSDSA,
3027 .exp_sig = ecosdsa_frp256v1_test_vectors_expected_sig,
3028 .exp_siglen = sizeof(ecosdsa_frp256v1_test_vectors_expected_sig),
3029 .adata = NULL,
3030 .adata_len = 0
3031 };
3032 #endif /* WITH_CURVE_FRP256V1 */
3033 #endif /* WITH_HASH_SHA256 */
3034 #endif /* WITH_SIG_ECOSDSA */
3035
3036 /*******************************************************************
3037 ************** ECFSDSA tests **************************************
3038 *******************************************************************/
3039
3040 #ifdef WITH_SIG_ECFSDSA
3041 #ifdef WITH_HASH_SHA224
3042 #ifdef WITH_CURVE_SECP224R1
3043 #define ECFSDSA_SHA224_SECP224R1_SELF_TEST
3044
3045 /* ECFSDSA secp224r1 test vectors */
3046
ecfsdsa_nn_random_secp224r1_test_vector(nn_t out,nn_src_t q)3047 static int ecfsdsa_nn_random_secp224r1_test_vector(nn_t out, nn_src_t q)
3048 {
3049 int ret, cmp;
3050
3051 const u8 k_buf[] = {
3052 0x42, 0xcf, 0xfe, 0x41, 0xf5, 0x01, 0xb4, 0x99,
3053 0x45, 0xe3, 0xd1, 0x03, 0xe9, 0x00, 0x48, 0xb9,
3054 0x6f, 0x47, 0xee, 0xb3, 0xb7, 0x37, 0xdc, 0x6a,
3055 0x79, 0xc7, 0xa4, 0x2e
3056 };
3057
3058 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3059 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3060
3061 ret = (cmp >= 0) ? -1 : 0;
3062
3063 err:
3064 return ret;
3065 }
3066
3067 static const u8 ecfsdsa_secp224r1_test_vectors_priv_key[] = {
3068 0xda, 0xd8, 0x0f, 0xfb, 0x64, 0x35, 0x6b, 0xd5,
3069 0x3b, 0x66, 0x3b, 0x6e, 0x20, 0xa8, 0x08, 0x94,
3070 0xb7, 0x93, 0x9a, 0xde, 0x21, 0xc7, 0x1e, 0xb8,
3071 0x09, 0xf7, 0xb5, 0x39
3072 };
3073
3074 static const u8 ecfsdsa_secp224r1_test_vectors_expected_sig[] = {
3075 0x55, 0x49, 0x93, 0x3b, 0xb2, 0x5d, 0x21, 0xc6,
3076 0x10, 0x84, 0xc1, 0xa4, 0x92, 0xed, 0x95, 0x30,
3077 0x0b, 0x50, 0x78, 0xd9, 0xa9, 0x5c, 0xac, 0x43,
3078 0xfd, 0xeb, 0x94, 0x9f, 0x32, 0xc2, 0xa1, 0xb1,
3079 0x67, 0x56, 0x3a, 0x6b, 0xe9, 0xdd, 0x77, 0x4e,
3080 0xa6, 0x5a, 0x29, 0xb1, 0x9f, 0xf3, 0xd8, 0x3b,
3081 0xdc, 0xa4, 0xf0, 0x3b, 0x7b, 0xc5, 0x27, 0x67,
3082
3083 0xb4, 0xe9, 0xf2, 0x03, 0x1a, 0x98, 0xbe, 0x55,
3084 0xf1, 0xa9, 0xb3, 0x8b, 0x23, 0x31, 0x98, 0x6c,
3085 0x3a, 0xfd, 0x97, 0x2a, 0xed, 0xcd, 0x80, 0x5a,
3086 0x3c, 0x6e, 0x3a, 0x8c
3087 };
3088
3089 static const ec_test_case ecfsdsa_secp224r1_test_case = {
3090 .name = "ECFSDSA-SHA224/secp224r1",
3091 .ec_str_p = &secp224r1_str_params,
3092 .priv_key = ecfsdsa_secp224r1_test_vectors_priv_key,
3093 .priv_key_len = sizeof(ecfsdsa_secp224r1_test_vectors_priv_key),
3094 .nn_random = ecfsdsa_nn_random_secp224r1_test_vector,
3095 .hash_type = SHA224,
3096 .msg = "abc",
3097 .msglen = 3,
3098 .sig_type = ECFSDSA,
3099 .exp_sig = ecfsdsa_secp224r1_test_vectors_expected_sig,
3100 .exp_siglen = sizeof(ecfsdsa_secp224r1_test_vectors_expected_sig),
3101 .adata = NULL,
3102 .adata_len = 0
3103 };
3104 #endif /* WITH_CURVE_SECP224R1 */
3105 #endif /* WITH_HASH_SHA224 */
3106
3107 #ifdef WITH_HASH_SHA256
3108 #ifdef WITH_CURVE_SECP256R1
3109 #define ECFSDSA_SHA256_SECP256R1_SELF_TEST
3110
3111 /* ECFSDSA secp256r1 test vectors */
3112
ecfsdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out,nn_src_t q)3113 static int ecfsdsa_nn_random_iso14888_3_secp256r1_test_vector(nn_t out,
3114 nn_src_t q)
3115 {
3116 int ret, cmp;
3117 const u8 k_buf[] = {
3118 0x89, 0x4D, 0xEA, 0xB4, 0x4D, 0x88, 0x45, 0x0F,
3119 0xE8, 0xDA, 0xC6, 0x63, 0xF0, 0xE5, 0x86, 0x50,
3120 0x31, 0xE8, 0x75, 0xBA, 0x22, 0x4C, 0x06, 0x01,
3121 0x3C, 0x53, 0xD0, 0xE3, 0x01, 0x09, 0xC2, 0x07
3122 };
3123
3124 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3125 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3126
3127 ret = (cmp >= 0) ? -1 : 0;
3128
3129 err:
3130 return ret;
3131 }
3132
3133 static const u8 ecfsdsa_secp256r1_test_vectors_priv_key[] = {
3134 0xAC, 0xCA, 0x7F, 0x0D, 0xD3, 0xAC, 0x53, 0x5F,
3135 0x48, 0x9B, 0x34, 0x0F, 0x6B, 0xD7, 0xF5, 0x03,
3136 0x61, 0xB0, 0xEE, 0x09, 0x5A, 0xE6, 0xA2, 0x28,
3137 0x9A, 0x6A, 0xB3, 0x29, 0x23, 0x81, 0x23, 0xE5
3138 };
3139
3140 static const u8 ecfsdsa_secp256r1_test_vectors_expected_sig[] = {
3141 0xAF, 0x31, 0x2F, 0xBD, 0x77, 0x92, 0x12, 0x5C,
3142 0x5C, 0xDF, 0xBA, 0x69, 0xE6, 0xD3, 0x69, 0x90,
3143 0x0A, 0xCE, 0x9A, 0x70, 0xBA, 0x65, 0x3F, 0xFF,
3144 0xBD, 0x91, 0x40, 0xE0, 0x00, 0x79, 0xFA, 0xE8,
3145 0xB7, 0xCE, 0xC5, 0x70, 0x16, 0xA0, 0xB9, 0x7A,
3146 0xA0, 0x69, 0xD5, 0x4E, 0x0D, 0xA9, 0x5E, 0x45,
3147 0xFB, 0x50, 0xB6, 0x77, 0x1F, 0xB6, 0x9F, 0x53,
3148 0xFE, 0xF0, 0x0F, 0xC8, 0xB0, 0x0E, 0x1F, 0xEC,
3149 0x25, 0x84, 0x70, 0x40, 0x23, 0x04, 0xBC, 0x2D,
3150 0xB4, 0x4F, 0x3B, 0x2A, 0x20, 0xC0, 0x8F, 0xF2,
3151 0xA6, 0x4F, 0x56, 0x6B, 0xAA, 0x2E, 0xB7, 0xBF,
3152 0x37, 0xE1, 0x61, 0x9B, 0x6A, 0xE0, 0x98, 0x44
3153 };
3154
3155 static const ec_test_case ecfsdsa_secp256r1_test_case = {
3156 .name = "ECFSDSA-SHA256/secp256r1",
3157 .ec_str_p = &secp256r1_str_params,
3158 .priv_key = ecfsdsa_secp256r1_test_vectors_priv_key,
3159 .priv_key_len = sizeof(ecfsdsa_secp256r1_test_vectors_priv_key),
3160 .nn_random = ecfsdsa_nn_random_iso14888_3_secp256r1_test_vector,
3161 .hash_type = SHA256,
3162 .msg = "abc",
3163 .msglen = 3,
3164 .sig_type = ECFSDSA,
3165 .exp_sig = ecfsdsa_secp256r1_test_vectors_expected_sig,
3166 .exp_siglen = sizeof(ecfsdsa_secp256r1_test_vectors_expected_sig),
3167 .adata = NULL,
3168 .adata_len = 0
3169 };
3170 #endif /* WITH_CURVE_SECP256R1 */
3171 #endif /* WITH_HASH_SHA256 */
3172
3173 #ifdef WITH_HASH_SHA384
3174 #ifdef WITH_CURVE_SECP384R1
3175 #define ECFSDSA_SHA384_SECP384R1_SELF_TEST
3176
3177 /* ECFSDSA secp384r1 test vectors */
3178
ecfsdsa_nn_random_iso14888_3_secp384r1_test_vector(nn_t out,nn_src_t q)3179 static int ecfsdsa_nn_random_iso14888_3_secp384r1_test_vector(nn_t out,
3180 nn_src_t q)
3181 {
3182 int ret, cmp;
3183 const u8 k_buf[] = {
3184 0x51, 0xC5, 0xB8, 0xB2, 0xE5, 0x9C, 0xF7, 0x8F,
3185 0x54, 0xE7, 0x7C, 0xDB, 0x0B, 0x2E, 0x26, 0x69,
3186 0xB6, 0x6B, 0x32, 0x84, 0x8B, 0x7B, 0x53, 0x78,
3187 0x01, 0x48, 0x3D, 0xE2, 0x39, 0x42, 0x27, 0x45,
3188 0x6F, 0x49, 0x30, 0xC8, 0x53, 0xFB, 0xFF, 0x6C,
3189 0x58, 0xFA, 0x6E, 0x1C, 0xC5, 0xD9, 0x74, 0x66
3190 };
3191
3192 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3193 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3194
3195 ret = (cmp >= 0) ? -1 : 0;
3196
3197 err:
3198 return ret;
3199 }
3200
3201 static const u8 ecfsdsa_secp384r1_test_vectors_priv_key[] = {
3202 0x95, 0xA4, 0xD2, 0x57, 0xA7, 0x29, 0x8C, 0x66,
3203 0x10, 0xA3, 0x75, 0x58, 0x78, 0x50, 0x36, 0xDE,
3204 0x6F, 0x9F, 0xB9, 0x97, 0x73, 0x5C, 0x07, 0x6B,
3205 0x8C, 0x8A, 0x18, 0xB2, 0xAA, 0xAC, 0x31, 0x42,
3206 0x50, 0x7A, 0x25, 0x60, 0x3D, 0x7C, 0x95, 0xF9,
3207 0xE5, 0xF0, 0x30, 0x7E, 0xC5, 0xA5, 0x6D, 0x7E
3208 };
3209
3210 static const u8 ecfsdsa_secp384r1_test_vectors_expected_sig[] = {
3211 0x29, 0xB7, 0x85, 0xAB, 0x7F, 0xAC, 0x1F, 0x80,
3212 0xF6, 0x4C, 0xE2, 0xF2, 0xD8, 0x8A, 0xBA, 0x8F,
3213 0xE6, 0x10, 0x3B, 0x25, 0x65, 0xFE, 0xB5, 0xAE,
3214 0x82, 0xFB, 0x6C, 0xF5, 0x8F, 0x8C, 0xE1, 0xE7,
3215 0x3F, 0x7A, 0x8D, 0x68, 0x3B, 0xEA, 0xBD, 0x24,
3216 0xB7, 0xEA, 0x78, 0xF6, 0x01, 0x3C, 0x9F, 0x70,
3217 0xDE, 0x94, 0xFA, 0xD1, 0x72, 0x81, 0xF4, 0xA6,
3218 0x0A, 0xA2, 0x54, 0x23, 0xE9, 0xD8, 0x71, 0x22,
3219 0x96, 0x54, 0x02, 0x19, 0x52, 0x39, 0xB8, 0x39,
3220 0xFC, 0xD4, 0x4C, 0xDF, 0x54, 0x5B, 0xF7, 0x4E,
3221 0x13, 0x00, 0xC9, 0xF5, 0x7F, 0xFC, 0x83, 0x0D,
3222 0xEF, 0xD9, 0x7B, 0x66, 0xD5, 0x7E, 0x9D, 0x07,
3223
3224 0xD1, 0x85, 0x80, 0x62, 0xC5, 0x50, 0x4E, 0x21,
3225 0x78, 0x52, 0x39, 0x26, 0x42, 0x3F, 0xDD, 0x83,
3226 0x99, 0xA8, 0xBA, 0x2B, 0x85, 0xBF, 0x45, 0x85,
3227 0x3F, 0x8E, 0x04, 0xBF, 0x20, 0x44, 0x15, 0x16,
3228 0xE7, 0x1A, 0x78, 0xB0, 0x9C, 0x7A, 0x7E, 0xE6,
3229 0x20, 0xB7, 0xF5, 0x37, 0xE6, 0xC1, 0xDE, 0xEE
3230 };
3231
3232 static const ec_test_case ecfsdsa_secp384r1_test_case = {
3233 .name = "ECFSDSA-SHA384/secp384r1",
3234 .ec_str_p = &secp384r1_str_params,
3235 .priv_key = ecfsdsa_secp384r1_test_vectors_priv_key,
3236 .priv_key_len = sizeof(ecfsdsa_secp384r1_test_vectors_priv_key),
3237 .nn_random = ecfsdsa_nn_random_iso14888_3_secp384r1_test_vector,
3238 .hash_type = SHA384,
3239 .msg = "abc",
3240 .msglen = 3,
3241 .sig_type = ECFSDSA,
3242 .exp_sig = ecfsdsa_secp384r1_test_vectors_expected_sig,
3243 .exp_siglen = sizeof(ecfsdsa_secp384r1_test_vectors_expected_sig),
3244 .adata = NULL,
3245 .adata_len = 0
3246 };
3247 #endif /* WITH_CURVE_SECP384R1 */
3248 #endif /* WITH_HASH_SHA384 */
3249
3250 #ifdef WITH_HASH_SHA512
3251 #ifdef WITH_CURVE_SECP521R1
3252 #define ECFSDSA_SHA512_SECP521R1_SELF_TEST
3253
3254 /* ECFSDSA secp521r1 test vectors */
3255
ecfsdsa_nn_random_secp521r1_test_vector(nn_t out,nn_src_t q)3256 static int ecfsdsa_nn_random_secp521r1_test_vector(nn_t out, nn_src_t q)
3257 {
3258 int ret, cmp;
3259
3260 /*
3261 * Fixed ephemeral private key for secp521r1 signature
3262 * test vectors from RFC4754
3263 */
3264 const u8 k_buf[] = {
3265 0x01, 0xbc, 0x24, 0x62, 0x6a, 0xd6, 0x10, 0x3c,
3266 0x72, 0xdc, 0x63, 0xb6, 0x8c, 0xe4, 0xcd, 0xb2,
3267 0xf0, 0x63, 0x39, 0x9c, 0x69, 0x69, 0x84, 0xc6,
3268 0x2f, 0x8c, 0x58, 0x5f, 0x12, 0x7d, 0x47, 0x71,
3269 0x6e, 0x0e, 0x9d, 0xd7, 0x2b, 0x27, 0x28, 0xfb,
3270 0xab, 0xed, 0xe4, 0x12, 0x0b, 0xcf, 0x83, 0x5a,
3271 0x9a, 0x32, 0xf1, 0x3e, 0x65, 0x1d, 0x18, 0x2a,
3272 0x69, 0x13, 0xfd, 0xeb, 0x9d, 0x79, 0xf5, 0xb0,
3273 0xbf, 0xe5
3274 };
3275
3276 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3277 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3278
3279 ret = (cmp >= 0) ? -1 : 0;
3280
3281 err:
3282 return ret;
3283 }
3284
3285 static const u8 ecfsdsa_secp521r1_test_vectors_priv_key[] = {
3286 0x00, 0x9c, 0x0d, 0x38, 0xdb, 0x40, 0x76, 0x55,
3287 0x37, 0x79, 0xd9, 0x4a, 0x8f, 0x4f, 0x74, 0x2d,
3288 0x32, 0xd0, 0xf9, 0xf2, 0x9b, 0xea, 0x27, 0x60,
3289 0x47, 0x03, 0xcb, 0xe7, 0x34, 0x9e, 0x5f, 0x14,
3290 0x52, 0x5b, 0xfe, 0x57, 0x41, 0x50, 0x31, 0x52,
3291 0x0b, 0x19, 0xf7, 0x68, 0x70, 0x1a, 0x57, 0x0b,
3292 0x62, 0xa6, 0x4e, 0xc1, 0xc0, 0xd0, 0xe7, 0xa0,
3293 0x84, 0x94, 0x37, 0xfc, 0xf6, 0x7b, 0x56, 0x12,
3294 0x53, 0xc3
3295 };
3296
3297 static const u8 ecfsdsa_secp521r1_test_vectors_expected_sig[] = {
3298 0x00, 0x43, 0xf7, 0x90, 0x80, 0xe4, 0xff, 0x8c,
3299 0x91, 0x44, 0x93, 0xad, 0xbb, 0x35, 0x3d, 0x78,
3300 0xbb, 0x15, 0x5d, 0x95, 0xde, 0x51, 0x9b, 0x78,
3301 0xe2, 0xa1, 0xfa, 0x34, 0x70, 0x0b, 0x45, 0x04,
3302 0x6a, 0xd2, 0xea, 0x99, 0xa7, 0x0c, 0xf8, 0x37,
3303 0x7a, 0xcf, 0x72, 0x89, 0x4b, 0xa3, 0xa5, 0x8c,
3304 0x5d, 0x50, 0xcb, 0x01, 0x3e, 0x3a, 0x3e, 0x19,
3305 0xc8, 0xcb, 0xf2, 0xca, 0xcf, 0x1e, 0x28, 0x47,
3306 0xcb, 0x92, 0x01, 0x70, 0x49, 0x0a, 0x35, 0xde,
3307 0xfd, 0x32, 0xc6, 0xd6, 0x08, 0x2a, 0xc5, 0x24,
3308 0x70, 0x51, 0x3f, 0x03, 0x93, 0x92, 0x71, 0xfb,
3309 0x8b, 0xa8, 0xbe, 0x1a, 0xe1, 0xc2, 0x64, 0xf9,
3310 0x86, 0x78, 0x5b, 0xb8, 0xd0, 0xa1, 0xcc, 0xd0,
3311 0xc8, 0xf6, 0x93, 0xb7, 0xff, 0x92, 0xe3, 0x72,
3312 0x20, 0xe5, 0x1c, 0x15, 0x80, 0xb7, 0x4d, 0xda,
3313 0x1c, 0x90, 0x79, 0x5b, 0x52, 0x5b, 0x23, 0x5b,
3314 0x1e, 0x0e, 0xc8, 0xb7,
3315
3316 0x01, 0x0f, 0x45, 0xec, 0x7c, 0x8b, 0xe0, 0x8f,
3317 0x42, 0xb4, 0x4f, 0xe1, 0x7c, 0xde, 0x1e, 0xe4,
3318 0x9f, 0xa7, 0x47, 0xcb, 0x4a, 0x23, 0x42, 0xb7,
3319 0x72, 0x26, 0x9b, 0xc5, 0x96, 0x16, 0x8f, 0x82,
3320 0xa4, 0xc3, 0x44, 0x71, 0x1c, 0xdb, 0xf7, 0x20,
3321 0x3f, 0x45, 0x19, 0x93, 0x00, 0xb7, 0xc5, 0xc6,
3322 0xb1, 0xb6, 0xa1, 0x67, 0x9e, 0xe9, 0xba, 0x88,
3323 0xe6, 0x30, 0x13, 0x13, 0x85, 0xaf, 0x2d, 0x5d,
3324 0x82, 0xce
3325 };
3326
3327 static const ec_test_case ecfsdsa_secp521r1_test_case = {
3328 .name = "ECFSDSA-SHA512/secp521r1",
3329 .ec_str_p = &secp521r1_str_params,
3330 .priv_key = ecfsdsa_secp521r1_test_vectors_priv_key,
3331 .priv_key_len = sizeof(ecfsdsa_secp521r1_test_vectors_priv_key),
3332 .nn_random = ecfsdsa_nn_random_secp521r1_test_vector,
3333 .hash_type = SHA512,
3334 .msg = "abc",
3335 .msglen = 3,
3336 .sig_type = ECFSDSA,
3337 .exp_sig = ecfsdsa_secp521r1_test_vectors_expected_sig,
3338 .exp_siglen = sizeof(ecfsdsa_secp521r1_test_vectors_expected_sig),
3339 .adata = NULL,
3340 .adata_len = 0
3341 };
3342 #endif /* WITH_CURVE_SECP521R1 */
3343 #endif /* WITH_HASH_SHA512 */
3344
3345 #ifdef WITH_HASH_SHA256
3346 #ifdef WITH_CURVE_BRAINPOOLP256R1
3347 #define ECFSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
3348
3349 /* ECFSDSA Brainpoolp256r1 test vectors */
3350
ecfsdsa_nn_random_brainpoolp256r1_test_vector(nn_t out,nn_src_t q)3351 static int ecfsdsa_nn_random_brainpoolp256r1_test_vector(nn_t out, nn_src_t q)
3352 {
3353 int ret, cmp;
3354
3355 /*
3356 * Fixed ephemeral private key for brainpoolp256r1 signature
3357 */
3358 const u8 k_buf[] = {
3359 0x94, 0x06, 0x79, 0x01, 0x57, 0xb2, 0x15, 0x15,
3360 0x35, 0x11, 0x37, 0xbc, 0xe0, 0x42, 0x8f, 0xc3,
3361 0xde, 0x3a, 0xe9, 0x86, 0xa2, 0xf3, 0xab, 0xac,
3362 0xaf, 0x0e, 0xa5, 0xcb, 0x24, 0x49, 0x19, 0x37
3363 };
3364
3365 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3366 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3367
3368 ret = (cmp >= 0) ? -1 : 0;
3369
3370 err:
3371 return ret;
3372 }
3373
3374 static const u8 ecfsdsa_brainpoolp256r1_test_vectors_priv_key[] = {
3375 0x17, 0x86, 0x00, 0xbb, 0xf4, 0xf6, 0xe8, 0x92,
3376 0xbe, 0x80, 0x67, 0xc5, 0xd4, 0xdb, 0xd3, 0x90,
3377 0x67, 0x6c, 0xb8, 0x57, 0xc1, 0x68, 0x31, 0x0b,
3378 0x87, 0x3a, 0xdc, 0xe4, 0x74, 0xd3, 0xcf, 0x2d
3379 };
3380
3381 static const u8 ecfsdsa_brainpoolp256r1_test_vectors_expected_sig[] = {
3382 0xa7, 0xf1, 0xc8, 0xcb, 0x02, 0x9f, 0x01, 0xda,
3383 0xb8, 0xf5, 0x68, 0x74, 0x57, 0x2c, 0xf0, 0xdb,
3384 0x75, 0x2f, 0x95, 0x8b, 0xb5, 0x23, 0x53, 0xd9,
3385 0x2d, 0x87, 0xec, 0x9f, 0x59, 0x53, 0x12, 0x3e,
3386 0x5e, 0x2a, 0x30, 0x64, 0x9b, 0xb8, 0xa2, 0x5f,
3387 0x8f, 0xcb, 0xe1, 0xd9, 0x7f, 0xb4, 0x98, 0x7d,
3388 0x2d, 0xad, 0xd8, 0x1b, 0x05, 0xdd, 0x8b, 0x94,
3389 0xbe, 0x1a, 0xc5, 0xc9, 0x14, 0x05, 0x09, 0x52,
3390
3391 0x2d, 0xf7, 0x9a, 0x80, 0xaa, 0xa9, 0x57, 0x82,
3392 0xff, 0x96, 0x44, 0x62, 0xce, 0xd9, 0x68, 0xf5,
3393 0x11, 0xc6, 0xb5, 0x1a, 0x8e, 0xb9, 0x44, 0xd1,
3394 0xf9, 0xe7, 0xbc, 0xb3, 0xd0, 0xd8, 0x98, 0xc4
3395 };
3396
3397 static const ec_test_case ecfsdsa_brainpoolp256r1_test_case = {
3398 .name = "ECFSDSA-SHA256/brainpoolp256r1",
3399 .ec_str_p = &brainpoolp256r1_str_params,
3400 .priv_key = ecfsdsa_brainpoolp256r1_test_vectors_priv_key,
3401 .priv_key_len = sizeof(ecfsdsa_brainpoolp256r1_test_vectors_priv_key),
3402 .nn_random = ecfsdsa_nn_random_brainpoolp256r1_test_vector,
3403 .hash_type = SHA256,
3404 .msg = "abc",
3405 .msglen = 3,
3406 .sig_type = ECFSDSA,
3407 .exp_sig = ecfsdsa_brainpoolp256r1_test_vectors_expected_sig,
3408 .exp_siglen = sizeof(ecfsdsa_brainpoolp256r1_test_vectors_expected_sig),
3409 .adata = NULL,
3410 .adata_len = 0
3411 };
3412
3413 #endif /* WITH_CURVE_BRAINPOOLP256R1 */
3414 #endif /* WITH_HASH_SHA256 */
3415
3416 #ifdef WITH_HASH_SHA384
3417 #ifdef WITH_CURVE_BRAINPOOLP384R1
3418 #define ECFSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
3419
3420 /* ECFSDSA Brainpoolp384r1 test vectors */
3421
ecfsdsa_nn_random_brainpoolp384r1_test_vector(nn_t out,nn_src_t q)3422 static int ecfsdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q)
3423 {
3424 int ret, cmp;
3425
3426 /*
3427 * Fixed ephemeral private key for brainpoolp384r1 signature
3428 */
3429 const u8 k_buf[] = {
3430 0x20, 0x89, 0x69, 0xde, 0xcd, 0xd0, 0x61, 0xd9,
3431 0xee, 0x13, 0xae, 0xdc, 0xbe, 0xd0, 0xd3, 0x3c,
3432 0x6e, 0xe7, 0xf7, 0x57, 0xd7, 0xfd, 0xe4, 0xb2,
3433 0x1e, 0xbc, 0xbd, 0xd5, 0x21, 0x57, 0x86, 0xf5,
3434 0x28, 0x3e, 0x65, 0x81, 0x46, 0x92, 0xbd, 0xc0,
3435 0x38, 0x82, 0x52, 0xce, 0x58, 0x3d, 0xf5, 0x77
3436 };
3437
3438 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3439 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3440
3441 ret = (cmp >= 0) ? -1 : 0;
3442
3443 err:
3444 return ret;
3445 }
3446
3447 static const u8 ecfsdsa_brainpoolp384r1_test_vectors_priv_key[] = {
3448 0x1c, 0x5b, 0xdb, 0xfa, 0xf3, 0x7e, 0x68, 0x87,
3449 0xd3, 0xf9, 0x10, 0xa6, 0x45, 0x14, 0x4c, 0x95,
3450 0xe6, 0xcc, 0x48, 0xe7, 0x8c, 0xfa, 0x6b, 0x05,
3451 0xac, 0xf5, 0x0a, 0xcd, 0x51, 0x38, 0xba, 0xba,
3452 0xcd, 0x26, 0x01, 0x50, 0x8a, 0x86, 0x48, 0xd3,
3453 0x87, 0x82, 0x37, 0xb1, 0xca, 0xf1, 0xd8, 0xcf
3454 };
3455
3456 static const u8 ecfsdsa_brainpoolp384r1_test_vectors_expected_sig[] = {
3457 0x7e, 0xa5, 0xf5, 0x97, 0x64, 0x8a, 0x55, 0x0c,
3458 0x5a, 0xb1, 0xaa, 0x74, 0xd4, 0x40, 0x42, 0xdb,
3459 0xf8, 0xaf, 0xf2, 0x71, 0xad, 0x14, 0xaf, 0xc3,
3460 0x89, 0x0c, 0xe4, 0x62, 0x2d, 0x91, 0xdb, 0x94,
3461 0x87, 0xa0, 0xbf, 0x3a, 0xf0, 0x55, 0xf1, 0xf6,
3462 0xaa, 0x60, 0x8c, 0x83, 0x62, 0xe2, 0x7f, 0xf5,
3463 0x49, 0xc4, 0xe6, 0xa7, 0x6c, 0xbc, 0x03, 0xac,
3464 0xb0, 0x7d, 0x6b, 0x75, 0x25, 0xe5, 0x5e, 0xfd,
3465 0x97, 0xdd, 0x5c, 0xec, 0x09, 0x55, 0x0b, 0x58,
3466 0x47, 0x0a, 0x9b, 0x7e, 0x07, 0xe9, 0x5d, 0x4b,
3467 0x86, 0xf6, 0xfa, 0xe3, 0xe8, 0xb7, 0x66, 0xa9,
3468 0xca, 0x40, 0xe7, 0x4a, 0xc4, 0x44, 0x79, 0xe7,
3469
3470 0x3d, 0x33, 0x34, 0xaf, 0x71, 0x29, 0x4c, 0x1c,
3471 0xef, 0x28, 0x2f, 0xdb, 0xbf, 0xf2, 0x4e, 0x7f,
3472 0xde, 0xf0, 0xb9, 0xe2, 0x4c, 0xaa, 0xdf, 0x56,
3473 0x52, 0xcc, 0x1e, 0xb5, 0x33, 0x6e, 0x29, 0x8e,
3474 0x29, 0x8f, 0x2c, 0x5b, 0x0f, 0x2f, 0x1f, 0x8c,
3475 0xb8, 0xd8, 0x2a, 0x8f, 0x12, 0x5b, 0x08, 0xc9
3476 };
3477
3478 static const ec_test_case ecfsdsa_brainpoolp384r1_test_case = {
3479 .name = "ECFSDSA-SHA384/brainpoolp384r1",
3480 .ec_str_p = &brainpoolp384r1_str_params,
3481 .priv_key = ecfsdsa_brainpoolp384r1_test_vectors_priv_key,
3482 .priv_key_len = sizeof(ecfsdsa_brainpoolp384r1_test_vectors_priv_key),
3483 .nn_random = ecfsdsa_nn_random_brainpoolp384r1_test_vector,
3484 .hash_type = SHA384,
3485 .msg = "abc",
3486 .msglen = 3,
3487 .sig_type = ECFSDSA,
3488 .exp_sig = ecfsdsa_brainpoolp384r1_test_vectors_expected_sig,
3489 .exp_siglen = sizeof(ecfsdsa_brainpoolp384r1_test_vectors_expected_sig),
3490 .adata = NULL,
3491 .adata_len = 0
3492 };
3493
3494 #endif /* WITH_CURVE_BRAINPOOLP384R1 */
3495 #endif /* WITH_HASH_SHA384 */
3496
3497 #ifdef WITH_HASH_SHA512
3498 #ifdef WITH_CURVE_BRAINPOOLP512R1
3499 #define ECFSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST
3500
3501 /* ECFSDSA Brainpoolp512r1 test vectors */
3502
ecfsdsa_nn_random_brainpoolp512r1_test_vector(nn_t out,nn_src_t q)3503 static int ecfsdsa_nn_random_brainpoolp512r1_test_vector(nn_t out, nn_src_t q)
3504 {
3505 int ret, cmp;
3506
3507 /*
3508 * Fixed ephemeral private key for brainpoolp512r1 signature
3509 */
3510 const u8 k_buf[] = {
3511 0x5f, 0x84, 0x57, 0xa0, 0xbc, 0xd3, 0x49, 0xd9,
3512 0x7d, 0x0a, 0xc7, 0x95, 0x49, 0x49, 0x43, 0x03,
3513 0x06, 0x37, 0x2b, 0x63, 0xfc, 0x73, 0x14, 0xaa,
3514 0xe0, 0x23, 0x4d, 0x96, 0x66, 0x53, 0x46, 0xea,
3515 0xa7, 0x8a, 0x60, 0x05, 0xa6, 0x0f, 0xc4, 0x16,
3516 0x11, 0x4c, 0xbc, 0x02, 0x67, 0x6d, 0x49, 0xe6,
3517 0xea, 0x92, 0x21, 0xcd, 0xe7, 0xd7, 0x2a, 0x45,
3518 0xf7, 0xc2, 0xf5, 0x07, 0xfe, 0x39, 0x65, 0x52
3519 };
3520
3521 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3522 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3523
3524 ret = (cmp >= 0) ? -1 : 0;
3525
3526 err:
3527 return ret;
3528 }
3529
3530 static const u8 ecfsdsa_brainpoolp512r1_test_vectors_priv_key[] = {
3531 0xaa, 0x85, 0x90, 0x2b, 0xdc, 0x3a, 0x89, 0xb9,
3532 0xa2, 0xa6, 0x12, 0x80, 0xb2, 0xd5, 0xd4, 0xea,
3533 0xb0, 0xdd, 0x69, 0xb6, 0x45, 0xd0, 0x2b, 0xfd,
3534 0xb1, 0xa6, 0xa9, 0x36, 0x39, 0xff, 0x27, 0x1e,
3535 0xf3, 0x52, 0x9f, 0xbc, 0xca, 0x45, 0xe5, 0x7b,
3536 0x46, 0x3a, 0x3c, 0xe3, 0x88, 0x90, 0x44, 0xeb,
3537 0x2f, 0x6d, 0x09, 0x80, 0x47, 0x50, 0xe7, 0xf9,
3538 0x43, 0x10, 0x80, 0xe0, 0xb0, 0x5c, 0x2b, 0xab
3539 };
3540
3541 static const u8 ecfsdsa_brainpoolp512r1_test_vectors_expected_sig[] = {
3542 0x3e, 0xe9, 0x03, 0x40, 0x75, 0x7a, 0x19, 0xae,
3543 0x24, 0x2f, 0xf9, 0x89, 0x77, 0xb8, 0x23, 0x54,
3544 0xf3, 0x7e, 0x68, 0xda, 0x32, 0xcc, 0x80, 0xf7,
3545 0x83, 0x5f, 0x1f, 0xd6, 0xf9, 0x64, 0x62, 0x64,
3546 0x0f, 0xc2, 0xbb, 0x6e, 0x83, 0x3e, 0x2e, 0xd6,
3547 0x29, 0x37, 0x1f, 0x43, 0xd3, 0x83, 0xa9, 0x9b,
3548 0x62, 0x25, 0x68, 0x7f, 0xd5, 0xf9, 0x9b, 0x07,
3549 0xfb, 0x4b, 0x95, 0x30, 0x5f, 0x25, 0xa5, 0x4d,
3550 0x58, 0x5a, 0xf5, 0x95, 0xd6, 0x07, 0x92, 0xa4,
3551 0xdf, 0x01, 0xf0, 0x42, 0x2f, 0x39, 0x94, 0x9c,
3552 0xf9, 0x8b, 0xe4, 0x0e, 0x9f, 0xb3, 0x8b, 0x40,
3553 0xc4, 0xaa, 0x2d, 0x49, 0x36, 0xf7, 0x0f, 0x71,
3554 0x7e, 0x30, 0x3e, 0xe7, 0xba, 0x0f, 0x44, 0x28,
3555 0xa4, 0xfd, 0x18, 0x9d, 0x88, 0xe8, 0x5c, 0x5e,
3556 0x69, 0xf8, 0x7b, 0xb7, 0x44, 0x44, 0x0a, 0x41,
3557 0xfd, 0x79, 0x37, 0x14, 0x54, 0x49, 0x6b, 0xc1,
3558
3559 0x29, 0x0a, 0x96, 0x8b, 0x0d, 0x46, 0xbe, 0x9c,
3560 0x5e, 0x3e, 0x1c, 0x1e, 0xa3, 0x09, 0xb3, 0x03,
3561 0x10, 0x81, 0x6b, 0x08, 0x01, 0xab, 0x8f, 0x20,
3562 0x0e, 0xf7, 0x7c, 0x86, 0xfb, 0xf4, 0xfc, 0xc3,
3563 0xeb, 0x43, 0x8f, 0xf9, 0xd7, 0x6e, 0xc0, 0x62,
3564 0x2e, 0xbc, 0x37, 0xa4, 0xbe, 0x14, 0x12, 0x26,
3565 0xc2, 0xa4, 0x40, 0xd6, 0x90, 0x8c, 0xe4, 0x73,
3566 0x0c, 0x5c, 0xf3, 0xbb, 0x7b, 0xf7, 0x6c, 0x7f
3567 };
3568
3569 static const ec_test_case ecfsdsa_brainpoolp512r1_test_case = {
3570 .name = "ECFSDSA-SHA512/brainpoolp512r1",
3571 .ec_str_p = &brainpoolp512r1_str_params,
3572 .priv_key = ecfsdsa_brainpoolp512r1_test_vectors_priv_key,
3573 .priv_key_len = sizeof(ecfsdsa_brainpoolp512r1_test_vectors_priv_key),
3574 .nn_random = ecfsdsa_nn_random_brainpoolp512r1_test_vector,
3575 .hash_type = SHA512,
3576 .msg = "abc",
3577 .msglen = 3,
3578 .sig_type = ECFSDSA,
3579 .exp_sig = ecfsdsa_brainpoolp512r1_test_vectors_expected_sig,
3580 .exp_siglen = sizeof(ecfsdsa_brainpoolp512r1_test_vectors_expected_sig),
3581 .adata = NULL,
3582 .adata_len = 0
3583 };
3584 #endif /* WITH_CURVE_BRAINPOOLP512R1 */
3585 #endif /* WITH_HASH_SHA512 */
3586
3587 #ifdef WITH_HASH_SHA256
3588 #ifdef WITH_CURVE_FRP256V1
3589 #define ECFSDSA_SHA256_FRP256V1_SELF_TEST
3590
3591 /* ECFSDSA frp256v1 test vectors */
3592
ecfsdsa_nn_random_frp256v1_test_vector(nn_t out,nn_src_t q)3593 static int ecfsdsa_nn_random_frp256v1_test_vector(nn_t out, nn_src_t q)
3594 {
3595 int ret, cmp;
3596
3597 /*
3598 * Fixed ephemeral private key for frp256v1 signature
3599 */
3600 const u8 k_buf[] = {
3601 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9,
3602 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7,
3603 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15,
3604 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE
3605 };
3606
3607 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3608 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3609
3610 ret = (cmp >= 0) ? -1 : 0;
3611
3612 err:
3613 return ret;
3614 }
3615
3616 static const u8 ecfsdsa_frp256v1_test_vectors_priv_key[] = {
3617 0x00, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD,
3618 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D,
3619 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75,
3620 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F
3621 };
3622
3623 static const u8 ecfsdsa_frp256v1_test_vectors_expected_sig[] = {
3624 0x22, 0xb1, 0xd0, 0x0d, 0xc8, 0x28, 0xa5, 0xcb,
3625 0xa2, 0x64, 0x31, 0x9f, 0x05, 0x93, 0x3a, 0xc8,
3626 0xed, 0xe6, 0x32, 0x3d, 0x69, 0xd0, 0x2b, 0x31,
3627 0x4e, 0x10, 0xca, 0xa5, 0xf1, 0x3b, 0x29, 0x96,
3628 0x52, 0xe2, 0xef, 0x4e, 0x46, 0x9f, 0x08, 0x63,
3629 0xfb, 0x3c, 0xf4, 0xc5, 0x18, 0xb0, 0x5f, 0xc4,
3630 0xbb, 0x1d, 0xaf, 0xb7, 0xd2, 0xc4, 0x30, 0x7e,
3631 0xda, 0x41, 0xef, 0xac, 0x88, 0x8f, 0x0c, 0x7d,
3632
3633 0x9b, 0x3a, 0xb9, 0xd5, 0xb6, 0x7f, 0xf2, 0xb9,
3634 0xaa, 0xe8, 0xc5, 0xed, 0xf9, 0x82, 0xd4, 0xf7,
3635 0x6d, 0x7c, 0x61, 0x36, 0x56, 0xe7, 0x73, 0xaa,
3636 0x1a, 0xab, 0xa6, 0x30, 0x90, 0x1d, 0x56, 0xa6
3637 };
3638
3639 static const ec_test_case ecfsdsa_frp256v1_test_case = {
3640 .name = "ECFSDSA-SHA256/frp256v1",
3641 .ec_str_p = &frp256v1_str_params,
3642 .priv_key = ecfsdsa_frp256v1_test_vectors_priv_key,
3643 .priv_key_len = sizeof(ecfsdsa_frp256v1_test_vectors_priv_key),
3644 .nn_random = ecfsdsa_nn_random_frp256v1_test_vector,
3645 .hash_type = SHA256,
3646 .msg = "abc",
3647 .msglen = 3,
3648 .sig_type = ECFSDSA,
3649 .exp_sig = ecfsdsa_frp256v1_test_vectors_expected_sig,
3650 .exp_siglen = sizeof(ecfsdsa_frp256v1_test_vectors_expected_sig),
3651 .adata = NULL,
3652 .adata_len = 0
3653 };
3654 #endif /* WITH_CURVE_FRP256V1 */
3655 #endif /* WITH_HASH_SHA256 */
3656 #endif /* WITH_SIG_ECFSDSA */
3657
3658 /*******************************************************************
3659 ************** ECGDSA tests **************************************
3660 *******************************************************************/
3661 #ifdef WITH_SIG_ECGDSA
3662 #ifdef WITH_HASH_SHA256
3663 #ifdef WITH_CURVE_BRAINPOOLP192R1
3664 #define ECGDSA_SHA256_BRAINPOOLP192R1_SELF_TEST
3665
3666 /* ECGDSA brainpoolp192r1 test vectors */
3667
ecgdsa_nn_random_iso14888_3_brainpoolp192r1_test_vector(nn_t out,nn_src_t q)3668 static int ecgdsa_nn_random_iso14888_3_brainpoolp192r1_test_vector(nn_t out,
3669 nn_src_t q)
3670 {
3671 int ret, cmp;
3672 const u8 k_buf[] = {
3673 0x5A, 0x96, 0x62, 0x60, 0x96, 0x28, 0x8C, 0xC4,
3674 0x69, 0xF1, 0x70, 0x4E, 0xC0, 0x5F, 0x44, 0xD1,
3675 0xEC, 0x18, 0xBD, 0x32, 0xCE, 0xB0, 0x2D, 0x5B,
3676 };
3677
3678 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3679 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3680
3681 ret = (cmp >= 0) ? -1 : 0;
3682
3683 err:
3684 return ret;
3685 }
3686
3687 static const u8 ecgdsa_brainpoolp192r1_test_vectors_priv_key[] = {
3688 0x40, 0xF9, 0x5B, 0x49, 0xA3, 0xB1, 0xBF, 0x55,
3689 0x31, 0x1A, 0x56, 0xDF, 0xD3, 0xB5, 0x06, 0x1E,
3690 0xE1, 0xDF, 0x64, 0x39, 0x84, 0xD4, 0x1E, 0x35,
3691 };
3692
3693 static const u8 ecgdsa_brainpoolp192r1_test_vectors_expected_sig[] = {
3694 0xA0, 0x0B, 0x0A, 0xA2, 0x5D, 0xB6, 0xAB, 0x5C,
3695 0x21, 0xB8, 0x63, 0x00, 0xD9, 0xBC, 0x99, 0xF5,
3696 0x6E, 0x9D, 0xD1, 0xB7, 0xF1, 0xDC, 0x47, 0x74,
3697 0x63, 0x46, 0x35, 0xEF, 0x81, 0x32, 0x47, 0xD7,
3698 0x20, 0x24, 0x5C, 0x94, 0x09, 0xFB, 0x20, 0xA2,
3699 0x67, 0xC5, 0x60, 0xC8, 0x8E, 0xB2, 0xB0, 0x7B,
3700 };
3701
3702 static const ec_test_case ecgdsa_brainpoolp192r1_test_case = {
3703 .name = "ECGDSA-SHA256/brainpoolp192r1",
3704 .ec_str_p = &brainpoolp192r1_str_params,
3705 .priv_key = ecgdsa_brainpoolp192r1_test_vectors_priv_key,
3706 .priv_key_len = sizeof(ecgdsa_brainpoolp192r1_test_vectors_priv_key),
3707 .nn_random = ecgdsa_nn_random_iso14888_3_brainpoolp192r1_test_vector,
3708 .hash_type = SHA256,
3709 .msg = "brainpoolP192r1",
3710 .msglen = 15,
3711 .sig_type = ECGDSA,
3712 .exp_sig = ecgdsa_brainpoolp192r1_test_vectors_expected_sig,
3713 .exp_siglen = sizeof(ecgdsa_brainpoolp192r1_test_vectors_expected_sig),
3714 .adata = NULL,
3715 .adata_len = 0
3716 };
3717 #endif /* WITH_CURVE_BRAINPOOLP192R1 */
3718 #endif /* WITH_HASH_SHA256 */
3719
3720 #ifdef WITH_HASH_SHA224
3721 #ifdef WITH_CURVE_BRAINPOOLP224R1
3722 #define ECGDSA_SHA224_BRAINPOOLP224R1_SELF_TEST
3723
3724 /* ECGDSA brainpoolp224r1 test vectors */
3725
ecgdsa_nn_random_iso14888_3_brainpoolp224r1_test_vector(nn_t out,nn_src_t q)3726 static int ecgdsa_nn_random_iso14888_3_brainpoolp224r1_test_vector(nn_t out,
3727 nn_src_t q)
3728 {
3729 int ret, cmp;
3730 const u8 k_buf[] = {
3731 0x5B, 0x60, 0x4F, 0x2C, 0x35, 0xED, 0x04, 0x01,
3732 0xFC, 0xA3, 0x1E, 0x88, 0x0C, 0xB5, 0x5C, 0x2A,
3733 0x74, 0x56, 0xE7, 0x1A, 0x5C, 0xBA, 0xA8, 0xDF,
3734 0x2F, 0xC0, 0x3C, 0xA9
3735 };
3736
3737 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3738 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3739
3740 ret = (cmp >= 0) ? -1 : 0;
3741
3742 err:
3743 return ret;
3744 }
3745
3746 static const u8 ecgdsa_brainpoolp224r1_test_vectors_priv_key[] = {
3747 0x7E, 0x75, 0xBC, 0x2C, 0xD5, 0x73, 0xB3, 0x8A,
3748 0xED, 0x09, 0x77, 0xAD, 0x61, 0x17, 0x63, 0xDD,
3749 0x57, 0xFB, 0x29, 0xB2, 0x20, 0x88, 0x33, 0x44,
3750 0xB8, 0x1D, 0xF0, 0x37
3751 };
3752
3753 static const u8 ecgdsa_brainpoolp224r1_test_vectors_expected_sig[] = {
3754 0x60, 0xFB, 0xB2, 0xB1, 0x5F, 0x05, 0x5C, 0xD1,
3755 0xD4, 0x82, 0xED, 0x6D, 0xC5, 0x06, 0x9C, 0x8F,
3756 0x62, 0x4A, 0x34, 0x05, 0xB6, 0x7D, 0x11, 0xB3,
3757 0xB6, 0x5E, 0x02, 0x34, 0x5A, 0x05, 0x0F, 0x05,
3758 0xAF, 0x0B, 0x10, 0x6B, 0xA3, 0xF1, 0x46, 0x96,
3759 0xE6, 0x16, 0x2C, 0xA4, 0x6F, 0xBA, 0xBD, 0x2C,
3760 0x14, 0x44, 0x19, 0xDB, 0xB5, 0xBF, 0xBD, 0xC0
3761 };
3762
3763 static const ec_test_case ecgdsa_brainpoolp224r1_test_case = {
3764 .name = "ECGDSA-SHA224/brainpoolp224r1",
3765 .ec_str_p = &brainpoolp224r1_str_params,
3766 .priv_key = ecgdsa_brainpoolp224r1_test_vectors_priv_key,
3767 .priv_key_len = sizeof(ecgdsa_brainpoolp224r1_test_vectors_priv_key),
3768 .nn_random = ecgdsa_nn_random_iso14888_3_brainpoolp224r1_test_vector,
3769 .hash_type = SHA224,
3770 .msg = "brainpoolP224r1",
3771 .msglen = 15,
3772 .sig_type = ECGDSA,
3773 .exp_sig = ecgdsa_brainpoolp224r1_test_vectors_expected_sig,
3774 .exp_siglen = sizeof(ecgdsa_brainpoolp224r1_test_vectors_expected_sig),
3775 .adata = NULL,
3776 .adata_len = 0
3777 };
3778 #endif /* WITH_CURVE_BRAINPOOLP224R1 */
3779 #endif /* WITH_HASH_SHA224 */
3780
3781 #ifdef WITH_HASH_SHA256
3782 #ifdef WITH_CURVE_BRAINPOOLP256R1
3783 #define ECGDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
3784
3785 /* ECGDSA brainpoolp256r1 test vectors */
3786
ecgdsa_nn_random_iso14888_3_brainpoolp256r1_test_vector(nn_t out,nn_src_t q)3787 static int ecgdsa_nn_random_iso14888_3_brainpoolp256r1_test_vector(nn_t out,
3788 nn_src_t q)
3789 {
3790 int ret, cmp;
3791 const u8 k_buf[] = {
3792 0x0E, 0x64, 0x21, 0x27, 0x2D, 0xDA, 0xB9, 0xC2,
3793 0x07, 0xB1, 0x19, 0xBD, 0xD1, 0x0C, 0x03, 0x86,
3794 0x10, 0x05, 0x75, 0x2E, 0xEA, 0xBB, 0x3A, 0xC9,
3795 0x75, 0x13, 0x04, 0x1A, 0xDE, 0x62, 0x86, 0xD9
3796 };
3797
3798 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3799 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3800
3801 ret = (cmp >= 0) ? -1 : 0;
3802
3803 err:
3804 return ret;
3805 }
3806
3807 static const u8 ecgdsa_brainpoolp256r1_test_vectors_priv_key[] = {
3808 0x52, 0xB9, 0x29, 0xB4, 0x02, 0x97, 0x43, 0x7B,
3809 0x98, 0x97, 0x3A, 0x2C, 0x43, 0x7E, 0x8F, 0x03,
3810 0xA2, 0x31, 0xEB, 0x61, 0xE0, 0xCD, 0x38, 0xFD,
3811 0xAD, 0x80, 0x2F, 0x00, 0xD5, 0x5A, 0x13, 0xA3
3812 };
3813
3814 static const u8 ecgdsa_brainpoolp256r1_test_vectors_expected_sig[] = {
3815 0x82, 0x93, 0x49, 0xe3, 0xb6, 0xe1, 0xf3, 0xe5,
3816 0x15, 0xeb, 0x95, 0x81, 0xbe, 0x0f, 0x95, 0x8d,
3817 0xcc, 0xaa, 0xa6, 0xb6, 0x8d, 0x83, 0xba, 0x77,
3818 0x01, 0xdd, 0x7a, 0x08, 0x67, 0xe4, 0x4e, 0xa7,
3819 0x3d, 0xc2, 0xf1, 0x03, 0x29, 0x6a, 0x79, 0x3e,
3820 0x50, 0xdc, 0x22, 0x66, 0x65, 0x74, 0x70, 0xa4,
3821 0x0d, 0x2c, 0x9e, 0xa1, 0xca, 0x79, 0x7d, 0xea,
3822 0x61, 0x00, 0x42, 0xb7, 0x73, 0x0b, 0xbd, 0xce
3823 };
3824
3825 static const ec_test_case ecgdsa_brainpoolp256r1_test_case = {
3826 .name = "ECGDSA-SHA256/brainpoolp256r1",
3827 .ec_str_p = &brainpoolp256r1_str_params,
3828 .priv_key = ecgdsa_brainpoolp256r1_test_vectors_priv_key,
3829 .priv_key_len = sizeof(ecgdsa_brainpoolp256r1_test_vectors_priv_key),
3830 .nn_random = ecgdsa_nn_random_iso14888_3_brainpoolp256r1_test_vector,
3831 .hash_type = SHA256,
3832 .msg = "brainpoolP256r1",
3833 .msglen = 15,
3834 .sig_type = ECGDSA,
3835 .exp_sig = ecgdsa_brainpoolp256r1_test_vectors_expected_sig,
3836 .exp_siglen = sizeof(ecgdsa_brainpoolp256r1_test_vectors_expected_sig),
3837 .adata = NULL,
3838 .adata_len = 0
3839 };
3840 #endif /* WITH_CURVE_BRAINPOOLP256R1 */
3841 #endif /* WITH_HASH_SHA256 */
3842
3843 #ifdef WITH_HASH_SHA384
3844 #ifdef WITH_CURVE_BRAINPOOLP384R1
3845 #define ECGDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
3846
3847 /* ECGDSA brainpoolp384r1 test vectors */
3848
ecgdsa_nn_random_brainpoolp384r1_test_vector(nn_t out,nn_src_t q)3849 static int ecgdsa_nn_random_brainpoolp384r1_test_vector(nn_t out, nn_src_t q)
3850 {
3851 int ret, cmp;
3852
3853 const u8 k_buf[] = {
3854 0x39, 0x1c, 0x0c, 0xff, 0xe3, 0xaa, 0x7e, 0x95,
3855 0x47, 0xd2, 0x3e, 0xe9, 0x70, 0x36, 0x12, 0x55,
3856 0x15, 0xce, 0x74, 0xd6, 0xfe, 0x55, 0x44, 0x07,
3857 0x17, 0x79, 0x64, 0xfd, 0xee, 0xce, 0x9d, 0x88,
3858 0xb3, 0xeb, 0xdc, 0xed, 0x5e, 0xe6, 0x34, 0xf3,
3859 0x0c, 0x3a, 0x74, 0xaa, 0xad, 0x54, 0x57, 0x0a
3860 };
3861
3862 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3863 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3864
3865 ret = (cmp >= 0) ? -1 : 0;
3866
3867 err:
3868 return ret;
3869 }
3870
3871 static const u8 ecgdsa_brainpoolp384r1_test_vectors_priv_key[] = {
3872 0x70, 0x74, 0x93, 0xc8, 0x39, 0x9a, 0x07, 0x95,
3873 0xd1, 0xa3, 0xd2, 0x36, 0xae, 0x60, 0xa5, 0x46,
3874 0x86, 0xec, 0xc5, 0x7c, 0x1e, 0xc5, 0x51, 0xef,
3875 0x3f, 0x63, 0x19, 0x3a, 0x09, 0xd9, 0xb5, 0x9c,
3876 0xae, 0x50, 0x04, 0xee, 0x2d, 0x4d, 0x48, 0x71,
3877 0xf8, 0x5a, 0xcb, 0x1a, 0x60, 0x36, 0xbb, 0x68
3878 };
3879
3880 static const u8 ecgdsa_brainpoolp384r1_test_vectors_expected_sig[] = {
3881 0x3b, 0x34, 0xbe, 0xb7, 0xa6, 0x9e, 0x07, 0x6d,
3882 0xd9, 0x6f, 0x2d, 0x71, 0x2a, 0xfe, 0xe2, 0xf2,
3883 0x72, 0xa4, 0xd7, 0xad, 0xdf, 0x29, 0x1c, 0xa7,
3884 0x99, 0xed, 0x62, 0x49, 0xa9, 0xbb, 0x4e, 0xcd,
3885 0xcb, 0xe4, 0x44, 0x88, 0x31, 0xc5, 0x49, 0xb7,
3886 0x8f, 0xc7, 0x2b, 0xa5, 0x5a, 0x34, 0x66, 0xa6,
3887
3888 0x79, 0xa0, 0x47, 0x25, 0x3d, 0xad, 0x09, 0x80,
3889 0xe1, 0x3f, 0x99, 0xf3, 0x20, 0x4a, 0xd9, 0x7b,
3890 0xfe, 0x2c, 0xa2, 0x09, 0xdd, 0x33, 0xbe, 0xd5,
3891 0x7f, 0xe0, 0xb5, 0x1d, 0x52, 0x1d, 0x2e, 0x61,
3892 0xb2, 0x78, 0x81, 0x40, 0x90, 0x57, 0x02, 0xe5,
3893 0x1a, 0xdf, 0x44, 0x84, 0x9f, 0x0c, 0x4b, 0xce
3894 };
3895
3896 static const ec_test_case ecgdsa_brainpoolp384r1_test_case = {
3897 .name = "ECGDSA-SHA384/brainpoolp384r1",
3898 .ec_str_p = &brainpoolp384r1_str_params,
3899 .priv_key = ecgdsa_brainpoolp384r1_test_vectors_priv_key,
3900 .priv_key_len = sizeof(ecgdsa_brainpoolp384r1_test_vectors_priv_key),
3901 .nn_random = ecgdsa_nn_random_brainpoolp384r1_test_vector,
3902 .hash_type = SHA384,
3903 .msg = "brainpoolP384r1",
3904 .msglen = 15,
3905 .sig_type = ECGDSA,
3906 .exp_sig = ecgdsa_brainpoolp384r1_test_vectors_expected_sig,
3907 .exp_siglen = sizeof(ecgdsa_brainpoolp384r1_test_vectors_expected_sig),
3908 .adata = NULL,
3909 .adata_len = 0
3910 };
3911 #endif /* WITH_CURVE_BRAINPOOLP384R1 */
3912 #endif /* WITH_HASH_SHA384 */
3913 #endif /* WITH_SIG_ECGDSA */
3914
3915 /*******************************************************************
3916 ************** ECRDSA tests ***************************************
3917 *******************************************************************/
3918 /*
3919 * NOTE: ISO/IEC 14888-3 standard seems to diverge from the existing implementations
3920 * of ECRDSA when treating the message hash, and from the examples of certificates provided
3921 * in RFC 7091 and draft-deremin-rfc4491-bis. While in ISO/IEC 14888-3 it is explicitely asked
3922 * to proceed with the hash of the message as big endian, the RFCs derived from the Russian
3923 * standard expect the hash value to be treated as little endian when importing it as an integer
3924 * (this discrepancy is exhibited and confirmed by test vectors present in ISO/IEC 14888-3, and
3925 * by X.509 certificates present in the RFCs). This seems (to be confirmed) to be a discrepancy of
3926 * ISO/IEC 14888-3 algorithm description that must be fixed there.
3927 *
3928 * In order to be conservative, libecc uses the Russian standard behavior as expected to be in line with
3929 * other implemetations, but keeps the ISO/IEC 14888-3 behavior if forced/asked by the user using
3930 * the USE_ISO14888_3_ECRDSA toggle. This allows to keep backward compatibility with previous versions of the
3931 * library if needed.
3932 *
3933 */
3934
3935 #ifdef WITH_SIG_ECRDSA
3936
3937 #ifndef USE_ISO14888_3_ECRDSA
3938
3939 /*
3940 * All the follwing test vectors are extracted from draft-deremin-rfc4491-bis RFC draft
3941 * (https://datatracker.ietf.org/doc/html/draft-deremin-rfc4491-bis) where certificates signed with
3942 * GOST R 34.10-2012 using GOST R 34.11-2012 (256 and 512 bits) are provided. We can use them
3943 * as test vectors with the message being the TBS (To Be Signed) blob of the certificate.
3944 */
3945
3946 #ifdef WITH_HASH_STREEBOG256
3947 #ifdef WITH_CURVE_GOST256
3948 #define ECRDSA_STREEBOG256_GOST256_SELF_TEST
3949
ecrdsa_nn_random_rfc4491_bis_1_GOST_256bits_curve_test_vector(nn_t out,nn_src_t q)3950 static int ecrdsa_nn_random_rfc4491_bis_1_GOST_256bits_curve_test_vector(nn_t out, nn_src_t q){
3951 int ret, cmp;
3952 const u8 k_buf[] = {
3953 0x77, 0x10, 0x5c, 0x9b, 0x20, 0xbc, 0xd3, 0x12, 0x28, 0x23, 0xc8, 0xcf,
3954 0x6f, 0xcc, 0x7b, 0x95, 0x6d, 0xe3, 0x38, 0x14, 0xe9, 0x5b, 0x7f, 0xe6,
3955 0x4f, 0xed, 0x92, 0x45, 0x94, 0xdc, 0xea, 0xb3,
3956 };
3957 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
3958 ret = nn_cmp(out, q, &cmp); EG(ret, err);
3959
3960 ret = (cmp >= 0) ? -1 : 0;
3961
3962 err:
3963 return ret;
3964 }
3965 static const u8 ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_priv_key[] = {
3966 0x7a, 0x92, 0x9a, 0xde, 0x78, 0x9b, 0xb9, 0xbe, 0x10, 0xed,
3967 0x35, 0x9d, 0xd3, 0x9a, 0x72, 0xc1, 0x1b, 0x60, 0x96, 0x1f,
3968 0x49, 0x39, 0x7e, 0xee, 0x1d, 0x19, 0xce, 0x98, 0x91, 0xec,
3969 0x3b, 0x28,
3970 };
3971 static const u8 ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_expected_sig[] = {
3972 0x41, 0xaa, 0x28, 0xd2, 0xf1, 0xab, 0x14, 0x82, 0x80, 0xcd,
3973 0x9e, 0xd5, 0x6f, 0xed, 0xa4, 0x19, 0x74, 0x05, 0x35, 0x54,
3974 0xa4, 0x27, 0x67, 0xb8, 0x3a, 0xd0, 0x43, 0xfd, 0x39, 0xdc,
3975 0x04, 0x93,
3976 0x4d, 0x53, 0xf0, 0x12, 0xfe, 0x08, 0x17, 0x76, 0x50, 0x7d,
3977 0x4d, 0x9b, 0xb8, 0x1f, 0x00, 0xef, 0xdb, 0x4e, 0xef, 0xd4,
3978 0xab, 0x83, 0xba, 0xc4, 0xba, 0xcf, 0x73, 0x51, 0x73, 0xcf,
3979 0xa8, 0x1c,
3980 };
3981 static const unsigned char ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_message[] = {
3982 0x30, 0x81, 0xdb, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0a, 0x30,
3983 0x0a, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01, 0x01, 0x03, 0x02, 0x30,
3984 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x07,
3985 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x30, 0x20, 0x17, 0x0d, 0x30,
3986 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
3987 0x18, 0x0f, 0x32, 0x30, 0x35, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30, 0x30,
3988 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06,
3989 0x03, 0x55, 0x04, 0x03, 0x13, 0x07, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c,
3990 0x65, 0x30, 0x66, 0x30, 0x1f, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01,
3991 0x01, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02,
3992 0x23, 0x00, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01, 0x01, 0x02, 0x02,
3993 0x03, 0x43, 0x00, 0x04, 0x40, 0x0b, 0xd8, 0x6f, 0xe5, 0xd8, 0xdb, 0x89,
3994 0x66, 0x8f, 0x78, 0x9b, 0x4e, 0x1d, 0xba, 0x85, 0x85, 0xc5, 0x50, 0x8b,
3995 0x45, 0xec, 0x5b, 0x59, 0xd8, 0x90, 0x6d, 0xdb, 0x70, 0xe2, 0x49, 0x2b,
3996 0x7f, 0xda, 0x77, 0xff, 0x87, 0x1a, 0x10, 0xfb, 0xdf, 0x27, 0x66, 0xd2,
3997 0x93, 0xc5, 0xd1, 0x64, 0xaf, 0xbb, 0x3c, 0x7b, 0x97, 0x3a, 0x41, 0xc8,
3998 0x85, 0xd1, 0x1d, 0x70, 0xd6, 0x89, 0xb4, 0xf1, 0x26, 0xa3, 0x13, 0x30,
3999 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
4000 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
4001 };
4002 static const ec_test_case ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_case = {
4003 .name="ECRDSA-STREEBOG256/GOST-256-curve (RFC4491)",
4004 .ec_str_p = &GOST_256bits_curve_str_params,
4005 .priv_key = ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_priv_key,
4006 .priv_key_len = sizeof(ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_priv_key),
4007 .nn_random = ecrdsa_nn_random_rfc4491_bis_1_GOST_256bits_curve_test_vector,
4008 .hash_type = STREEBOG256,
4009 .msg = (const char*)ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_message,
4010 .msglen = sizeof(ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_message),
4011 .sig_type = ECRDSA,
4012 .exp_sig = ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_expected_sig,
4013 .exp_siglen = sizeof(ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_vector_expected_sig),
4014 .adata = NULL,
4015 .adata_len = 0
4016 };
4017
4018 #endif /* WITH_CURVE_GOST256 */
4019 #endif /* WITH_HASH_STREEBOG256 */
4020
4021 #ifdef WITH_HASH_STREEBOG256
4022 #ifdef WITH_CURVE_GOST_R3410_2012_256_PARAMSETA
4023 #define ECRDSA_STREEBOG256_GOST256_PARAMSETA_SELF_TEST
4024
ecrdsa_nn_random_rfc4491_bis_2_GOST_256bits_curve_test_vector(nn_t out,nn_src_t q)4025 static int ecrdsa_nn_random_rfc4491_bis_2_GOST_256bits_curve_test_vector(nn_t out, nn_src_t q){
4026 int ret, cmp;
4027 const u8 k_buf[] = {
4028 0x27, 0x10, 0x5c, 0x9b, 0x20, 0xbc, 0xd3, 0x12, 0x28, 0x23,
4029 0xc8, 0xcf, 0x6f, 0xcc, 0x7b, 0x95, 0x6d, 0xe3, 0x38, 0x14,
4030 0xe9, 0x5b, 0x7f, 0xe6, 0x4f, 0xed, 0x92, 0x45, 0x94, 0xdc,
4031 0xea, 0xb3,
4032 };
4033 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
4034 ret = nn_cmp(out, q, &cmp); EG(ret, err);
4035
4036 ret = (cmp >= 0) ? -1 : 0;
4037
4038 err:
4039 return ret;
4040 }
4041 static const u8 ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_priv_key[] = {
4042 0x3a, 0x92, 0x9a, 0xde, 0x78, 0x9b, 0xb9, 0xbe, 0x10,
4043 0xed, 0x35, 0x9d, 0xd3, 0x9a, 0x72, 0xc1, 0x0b, 0x87,
4044 0xc8, 0x3f, 0x80, 0xbe, 0x18, 0xb8, 0x5c, 0x04, 0x1f,
4045 0x43, 0x25, 0xb6, 0x2e, 0xc1,
4046 };
4047 static const u8 ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_expected_sig[] = {
4048 0x1d, 0x0e, 0x1d, 0xa5, 0xbe, 0x34, 0x7c, 0x6f, 0x1b,
4049 0x52, 0x56, 0xc7, 0xae, 0xac, 0x20, 0x0a, 0xd6, 0x4a,
4050 0xc7, 0x7a, 0x6f, 0x5b, 0x3a, 0x0e, 0x09, 0x73, 0x18,
4051 0xe7, 0xae, 0x6e, 0xe7, 0x69,
4052 0x14, 0x0b, 0x4d, 0xa9, 0x12, 0x4b, 0x09, 0xcb, 0x0d,
4053 0x5c, 0xe9, 0x28, 0xee, 0x87, 0x42, 0x73, 0xa3, 0x10,
4054 0x12, 0x94, 0x92, 0xec, 0x0e, 0x29, 0x36, 0x9e, 0x3b,
4055 0x79, 0x12, 0x48, 0x57, 0x8c,
4056 };
4057 static const unsigned char ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_message[] = {
4058 0x30, 0x81, 0xd3, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0a, 0x30,
4059 0x0a, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01, 0x01, 0x03, 0x02, 0x30,
4060 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x07,
4061 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x30, 0x20, 0x17, 0x0d, 0x30,
4062 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
4063 0x18, 0x0f, 0x32, 0x30, 0x35, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30, 0x30,
4064 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06,
4065 0x03, 0x55, 0x04, 0x03, 0x13, 0x07, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c,
4066 0x65, 0x30, 0x5e, 0x30, 0x17, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01,
4067 0x01, 0x01, 0x01, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x85, 0x03, 0x07, 0x01,
4068 0x02, 0x01, 0x01, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40, 0x74, 0x27, 0x95,
4069 0xd4, 0xbe, 0xe8, 0x84, 0xdd, 0xf2, 0x85, 0x0f, 0xec, 0x03, 0xea, 0x3f,
4070 0xaf, 0x18, 0x44, 0xe0, 0x1d, 0x9d, 0xa6, 0x0b, 0x64, 0x50, 0x93, 0xa5,
4071 0x5e, 0x26, 0xdf, 0xc3, 0x99, 0x78, 0xf5, 0x96, 0xcf, 0x4d, 0x4d, 0x0c,
4072 0x6c, 0xf1, 0xd1, 0x89, 0x43, 0xd9, 0x44, 0x93, 0xd1, 0x6b, 0x9e, 0xc0,
4073 0xa1, 0x6d, 0x51, 0x2d, 0x2e, 0x12, 0x7c, 0xc4, 0x69, 0x1a, 0x63, 0x18,
4074 0xe2, 0xa3, 0x13, 0x30, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13,
4075 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
4076 };
4077 static const ec_test_case ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_case = {
4078 .name="ECRDSA-STREEBOG256/GOST-256-curve-paramsetA (RFC4491)",
4079 .ec_str_p = &gost_R3410_2012_256_paramSetA_str_params,
4080 .priv_key = ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_priv_key,
4081 .priv_key_len = sizeof(ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_priv_key),
4082 .nn_random = ecrdsa_nn_random_rfc4491_bis_2_GOST_256bits_curve_test_vector,
4083 .hash_type = STREEBOG256,
4084 .msg = (const char*)ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_message,
4085 .msglen = sizeof(ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_message),
4086 .sig_type = ECRDSA,
4087 .exp_sig = ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_expected_sig,
4088 .exp_siglen = sizeof(ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_vector_expected_sig),
4089 .adata = NULL,
4090 .adata_len = 0
4091 };
4092
4093 #endif /* WITH_CURVE_GOST_R3410_2012_256_PARAMSETA */
4094 #endif /* WITH_HASH_STREEBOG256 */
4095
4096 #ifdef WITH_HASH_STREEBOG512
4097 #ifdef WITH_CURVE_GOST512
4098 #define ECRDSA_STREEBOG512_GOST512_SELF_TEST
4099
ecrdsa_nn_random_rfc4491_bis_1_GOST_512bits_curve_test_vector(nn_t out,nn_src_t q)4100 static int ecrdsa_nn_random_rfc4491_bis_1_GOST_512bits_curve_test_vector(nn_t out, nn_src_t q){
4101 int ret, cmp;
4102 const u8 k_buf[] = {
4103 0x03, 0x59, 0xe7, 0xf4, 0xb1, 0x41, 0x0f, 0xea, 0xcc,
4104 0x57, 0x04, 0x56, 0xc6, 0x80, 0x14, 0x96, 0x94, 0x63,
4105 0x12, 0x12, 0x0b, 0x39, 0xd0, 0x19, 0xd4, 0x55, 0x98,
4106 0x6e, 0x36, 0x4f, 0x36, 0x58, 0x86, 0x74, 0x8e, 0xd7,
4107 0xa4, 0x4b, 0x3e, 0x79, 0x44, 0x34, 0x00, 0x60, 0x11,
4108 0x84, 0x22, 0x86, 0x21, 0x22, 0x73, 0xa6, 0xd1, 0x4c,
4109 0xf7, 0x0e, 0xa3, 0xaf, 0x71, 0xbb, 0x1a, 0xe6, 0x79,
4110 0xf1,
4111 };
4112 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
4113 ret = nn_cmp(out, q, &cmp); EG(ret, err);
4114
4115 ret = (cmp >= 0) ? -1 : 0;
4116
4117 err:
4118 return ret;
4119 }
4120 static const u8 ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_priv_key[] = {
4121 0x0B, 0xA6, 0x04, 0x8A, 0xAD, 0xAE, 0x24, 0x1B, 0xA4,
4122 0x09, 0x36, 0xD4, 0x77, 0x56, 0xD7, 0xC9, 0x30, 0x91,
4123 0xA0, 0xE8, 0x51, 0x46, 0x69, 0x70, 0x0E, 0xE7, 0x50,
4124 0x8E, 0x50, 0x8B, 0x10, 0x20, 0x72, 0xE8, 0x12, 0x3B,
4125 0x22, 0x00, 0xA0, 0x56, 0x33, 0x22, 0xDA, 0xD2, 0x82,
4126 0x7E, 0x27, 0x14, 0xA2, 0x63, 0x6B, 0x7B, 0xFD, 0x18,
4127 0xAA, 0xDF, 0xC6, 0x29, 0x67, 0x82, 0x1F, 0xA1, 0x8D,
4128 0xD4,
4129 };
4130 static const u8 ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_expected_sig[] = {
4131 0x2f, 0x86, 0xfa, 0x60, 0xa0, 0x81, 0x09, 0x1a, 0x23,
4132 0xdd, 0x79, 0x5e, 0x1e, 0x3c, 0x68, 0x9e, 0xe5, 0x12,
4133 0xa3, 0xc8, 0x2e, 0xe0, 0xdc, 0xc2, 0x64, 0x3c, 0x78,
4134 0xee, 0xa8, 0xfc, 0xac, 0xd3, 0x54, 0x92, 0x55, 0x84,
4135 0x86, 0xb2, 0x0f, 0x1c, 0x9e, 0xc1, 0x97, 0xc9, 0x06,
4136 0x99, 0x85, 0x02, 0x60, 0xc9, 0x3b, 0xcb, 0xcd, 0x9c,
4137 0x5c, 0x33, 0x17, 0xe1, 0x93, 0x44, 0xe1, 0x73, 0xae,
4138 0x36,
4139 0x41, 0x57, 0x03, 0xd8, 0x92, 0xf1, 0xa5, 0xf3, 0xf6,
4140 0x8c, 0x43, 0x53, 0x18, 0x9a, 0x7e, 0xe2, 0x07, 0xb8,
4141 0x0b, 0x56, 0x31, 0xef, 0x9d, 0x49, 0x52, 0x9a, 0x4d,
4142 0x6b, 0x54, 0x2c, 0x2c, 0xfa, 0x15, 0xaa, 0x2e, 0xac,
4143 0xf1, 0x1f, 0x47, 0x0f, 0xde, 0x7d, 0x95, 0x48, 0x56,
4144 0x90, 0x3c, 0x35, 0xfd, 0x8f, 0x95, 0x5e, 0xf3, 0x00,
4145 0xd9, 0x5c, 0x77, 0x53, 0x4a, 0x72, 0x4a, 0x0e, 0xee,
4146 0x70,
4147 };
4148 static const unsigned char ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_message[] = {
4149 0x30, 0x82, 0x01, 0x16, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0b,
4150 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01, 0x01, 0x03, 0x03,
4151 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
4152 0x07, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x30, 0x20, 0x17, 0x0d,
4153 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
4154 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x35, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30,
4155 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e,
4156 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x07, 0x45, 0x78, 0x61, 0x6d, 0x70,
4157 0x6c, 0x65, 0x30, 0x81, 0xa0, 0x30, 0x17, 0x06, 0x08, 0x2a, 0x85, 0x03,
4158 0x07, 0x01, 0x01, 0x01, 0x02, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x85, 0x03,
4159 0x07, 0x01, 0x02, 0x01, 0x02, 0x00, 0x03, 0x81, 0x84, 0x00, 0x04, 0x81,
4160 0x80, 0xe1, 0xef, 0x30, 0xd5, 0x2c, 0x61, 0x33, 0xdd, 0xd9, 0x9d, 0x1d,
4161 0x5c, 0x41, 0x45, 0x5c, 0xf7, 0xdf, 0x4d, 0x8b, 0x4c, 0x92, 0x5b, 0xbc,
4162 0x69, 0xaf, 0x14, 0x33, 0xd1, 0x56, 0x58, 0x51, 0x5a, 0xdd, 0x21, 0x46,
4163 0x85, 0x0c, 0x32, 0x5c, 0x5b, 0x81, 0xc1, 0x33, 0xbe, 0x65, 0x5a, 0xa8,
4164 0xc4, 0xd4, 0x40, 0xe7, 0xb9, 0x8a, 0x8d, 0x59, 0x48, 0x7b, 0x0c, 0x76,
4165 0x96, 0xbc, 0xc5, 0x5d, 0x11, 0xec, 0xbe, 0x77, 0x36, 0xa9, 0xec, 0x35,
4166 0x7f, 0xf2, 0xfd, 0x39, 0x93, 0x1f, 0x4e, 0x11, 0x4c, 0xb8, 0xcd, 0xa3,
4167 0x59, 0x27, 0x0a, 0xc7, 0xf0, 0xe7, 0xff, 0x43, 0xd9, 0x41, 0x94, 0x19,
4168 0xea, 0x61, 0xfd, 0x2a, 0xb7, 0x7f, 0x5d, 0x9f, 0x63, 0x52, 0x3d, 0x3b,
4169 0x50, 0xa0, 0x4f, 0x63, 0xe2, 0xa0, 0xcf, 0x51, 0xb7, 0xc1, 0x3a, 0xdc,
4170 0x21, 0x56, 0x0f, 0x0b, 0xd4, 0x0c, 0xc9, 0xc7, 0x37, 0xa3, 0x13, 0x30,
4171 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
4172 0x05, 0x30, 0x03, 0x01, 0x01, 0xff
4173 };
4174 static const ec_test_case ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_case = {
4175 .name="ECRDSA-STREEBOG512/GOST-512-curve (RFC4491)",
4176 .ec_str_p = &GOST_512bits_curve_str_params,
4177 .priv_key = ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_priv_key,
4178 .priv_key_len = sizeof(ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_priv_key),
4179 .nn_random = ecrdsa_nn_random_rfc4491_bis_1_GOST_512bits_curve_test_vector,
4180 .hash_type = STREEBOG512,
4181 .msg = (const char*)ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_message,
4182 .msglen = sizeof(ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_message),
4183 .sig_type = ECRDSA,
4184 .exp_sig = ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_expected_sig,
4185 .exp_siglen = sizeof(ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_vector_expected_sig),
4186 .adata = NULL,
4187 .adata_len = 0
4188 };
4189
4190 #endif /* WITH_CURVE_GOST512 */
4191 #endif /* WITH_HASH_STREEBOG512 */
4192
4193
4194 #else /* !defined(USE_ISO14888_3_ECRDSA) */
4195 /*
4196 * Unlike other signature algorithms (defined in ISO 14888-3:2015) for
4197 * which tests vectors are based on secp* or brainpoolp* curves, EC-RDSA
4198 * tests vectors are based on custom curves. As a side note, the 256
4199 * curve (not the random signature param and key) appear in RFC 5832 and
4200 * RFC 7091, but discrepancies exist in the algorithm with the ISO/IEC 14888-3
4201 * description and test vectors (see above).
4202 */
4203
4204 #ifdef WITH_HASH_SHA256
4205 #ifdef WITH_CURVE_GOST256
4206 #define ECRDSA_SHA256_GOST256_SELF_TEST
4207
4208 /* First, ECRDSA test vector on a 256-bit GOST curve */
4209
ecrdsa_nn_random_iso14888_3_GOST_256bits_curve_test_vector(nn_t out,nn_src_t q)4210 static int ecrdsa_nn_random_iso14888_3_GOST_256bits_curve_test_vector(nn_t out,
4211 nn_src_t q)
4212 {
4213 int ret, cmp;
4214 const u8 k_buf[] = {
4215 0x77, 0x10, 0x5C, 0x9B, 0x20, 0xBC, 0xD3, 0x12,
4216 0x28, 0x23, 0xC8, 0xCF, 0x6F, 0xCC, 0x7B, 0x95,
4217 0x6D, 0xE3, 0x38, 0x14, 0xE9, 0x5B, 0x7F, 0xE6,
4218 0x4F, 0xED, 0x92, 0x45, 0x94, 0xDC, 0xEA, 0xB3
4219 };
4220
4221 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
4222 ret = nn_cmp(out, q, &cmp); EG(ret, err);
4223
4224 ret = (cmp >= 0) ? -1 : 0;
4225
4226 err:
4227 return ret;
4228 }
4229
4230 static const u8 ecrdsa_GOST_256bits_curve_test_vectors_priv_key[] = {
4231 0x7A, 0x92, 0x9A, 0xDE, 0x78, 0x9B, 0xB9, 0xBE,
4232 0x10, 0xED, 0x35, 0x9D, 0xD3, 0x9A, 0x72, 0xC1,
4233 0x1B, 0x60, 0x96, 0x1F, 0x49, 0x39, 0x7E, 0xEE,
4234 0x1D, 0x19, 0xCE, 0x98, 0x91, 0xEC, 0x3B, 0x28
4235 };
4236
4237 static const u8 ecrdsa_GOST_256bits_curve_test_vectors_expected_sig[] = {
4238 0x41, 0xAA, 0x28, 0xD2, 0xF1, 0xAB, 0x14, 0x82,
4239 0x80, 0xCD, 0x9E, 0xD5, 0x6F, 0xED, 0xA4, 0x19,
4240 0x74, 0x05, 0x35, 0x54, 0xA4, 0x27, 0x67, 0xB8,
4241 0x3A, 0xD0, 0x43, 0xFD, 0x39, 0xDC, 0x04, 0x93,
4242 0x0A, 0x7B, 0xA4, 0x72, 0x2D, 0xA5, 0x69, 0x3F,
4243 0x22, 0x9D, 0x17, 0x5F, 0xAB, 0x6A, 0xFB, 0x85,
4244 0x7E, 0xC2, 0x27, 0x3B, 0x9F, 0x88, 0xDA, 0x58,
4245 0x92, 0xCE, 0xD3, 0x11, 0x7F, 0xCF, 0x1E, 0x36
4246 };
4247
4248 static const ec_test_case ecrdsa_GOST_256bits_curve_test_case = {
4249 .name = "ECRDSA-SHA256/GOST-256-curve",
4250 .ec_str_p = &GOST_256bits_curve_str_params,
4251 .priv_key = ecrdsa_GOST_256bits_curve_test_vectors_priv_key,
4252 .priv_key_len =
4253 sizeof(ecrdsa_GOST_256bits_curve_test_vectors_priv_key),
4254 .nn_random =
4255 ecrdsa_nn_random_iso14888_3_GOST_256bits_curve_test_vector,
4256 .hash_type = SHA256,
4257 .msg = "abc",
4258 .msglen = 3,
4259 .sig_type = ECRDSA,
4260 .exp_sig = ecrdsa_GOST_256bits_curve_test_vectors_expected_sig,
4261 .exp_siglen =
4262 sizeof(ecrdsa_GOST_256bits_curve_test_vectors_expected_sig),
4263 .adata = NULL,
4264 .adata_len = 0
4265 };
4266 #endif /* WITH_CURVE_GOST256 */
4267 #endif /* WITH_HASH_SHA256 */
4268
4269 /* NOTE: the test vectors present in the GOST 34.10-2012 standard and in the
4270 * associated RFC7091 do not provide messages as input, they instead provide the
4271 * value of the raw result of the hash function reduced modulo q. This is kinf of
4272 * useless here as we want to test the full GOST stack (i.e. hash digest plus curves),
4273 * hence we use the PyGOST Python library to generate some test vectors.
4274 */
4275 #ifdef WITH_HASH_STREEBOG256
4276 #ifdef WITH_CURVE_GOST256
4277 #define ECRDSA_STREEBOG256_GOST256_SELF_TEST
ecrdsa_nn_random_pygostlib_1_GOST_256bits_curve_test_vector(nn_t out,nn_src_t q)4278 static int ecrdsa_nn_random_pygostlib_1_GOST_256bits_curve_test_vector(nn_t out, nn_src_t q){
4279 int ret, cmp;
4280 const u8 k_buf[] = {
4281 0x4c, 0xe0, 0xe1, 0x2a, 0x2a, 0x35, 0x82, 0xa2, 0x1b, 0xe0,
4282 0xe7, 0x3f, 0xaf, 0xf2, 0xe2, 0xdb, 0x0c, 0xc2, 0x04, 0x80,
4283 0x33, 0x86, 0x36, 0xa2, 0x75, 0xcd, 0x12, 0xee, 0x0e, 0x3b,
4284 0x7a, 0xa7,
4285 };
4286 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
4287 ret = nn_cmp(out, q, &cmp); EG(ret, err);
4288
4289 ret = (cmp >= 0) ? -1 : 0;
4290
4291 err:
4292 return ret;
4293 }
4294 static const u8 ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_priv_key[] = {
4295 0x34, 0xce, 0x5e, 0x59, 0xef, 0x00, 0x78, 0x53, 0x06,
4296 0xe8, 0x4a, 0xfd, 0x53, 0x47, 0xab, 0xe5, 0x68, 0x92,
4297 0x4e, 0xfe, 0x26, 0x32, 0x11, 0x1d, 0x05, 0x6a, 0xf9,
4298 0x1c, 0x4d, 0x7d, 0x59, 0x9a,
4299 };
4300 static const u8 ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_expected_sig[] = {
4301 0x43, 0x3f, 0x32, 0xf8, 0xcb, 0xdb, 0x53, 0x3d, 0x1e,
4302 0x8f, 0x5f, 0x5b, 0xfa, 0xc8, 0x67, 0x90, 0x5d, 0x01,
4303 0x22, 0xa7, 0x40, 0x5d, 0x06, 0xa2, 0x06, 0xac, 0x6a,
4304 0xfb, 0x42, 0xf9, 0x9c, 0x66, 0x4a, 0xa8, 0xea, 0x8f,
4305 0x5c, 0xbc, 0x88, 0xf3, 0x3b, 0x66, 0x9f, 0x0d, 0xa6,
4306 0x21, 0xa9, 0xe2, 0x1c, 0xba, 0xcc, 0xca, 0x91, 0x97,
4307 0xe6, 0xdf, 0xcb, 0x14, 0x9a, 0x99, 0x26, 0xf2, 0xd7,
4308 0xd2,
4309 };
4310 static const char ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_message[] = {
4311 0x61, 0x62, 0x63,
4312 };
4313 static const ec_test_case ecrdsa_pygostlib_1_GOST_256bits_curve_test_case = {
4314 .name="ECRDSA-STREEBOG256/GOST-256-curve 1",
4315 .ec_str_p = &GOST_256bits_curve_str_params,
4316 .priv_key = ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_priv_key,
4317 .priv_key_len = sizeof(ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_priv_key),
4318 .nn_random = ecrdsa_nn_random_pygostlib_1_GOST_256bits_curve_test_vector,
4319 .hash_type = STREEBOG256,
4320 .msg = ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_message,
4321 .msglen = sizeof(ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_message),
4322 .sig_type = ECRDSA,
4323 .exp_sig = ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_expected_sig,
4324 .exp_siglen = sizeof(ecrdsa_pygostlib_1_GOST_256bits_curve_test_vector_expected_sig),
4325 .adata = NULL,
4326 .adata_len = 0
4327 };
4328
ecrdsa_nn_random_pygostlib_2_GOST_256bits_curve_test_vector(nn_t out,nn_src_t q)4329 static int ecrdsa_nn_random_pygostlib_2_GOST_256bits_curve_test_vector(nn_t out, nn_src_t q){
4330 int ret, cmp;
4331 const u8 k_buf[] = {
4332 0x1b, 0x91, 0xc9, 0xc8, 0xf3, 0x3d, 0x16, 0x2f, 0xe0,
4333 0x97, 0xf2, 0x8e, 0x1d, 0x8a, 0x52, 0xab, 0x8f, 0x31,
4334 0x91, 0x55, 0x08, 0xf7, 0x1c, 0x80, 0x65, 0xac, 0x50,
4335 0x61, 0xff, 0x20, 0x07, 0x07,
4336 };
4337 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
4338 ret = nn_cmp(out, q, &cmp); EG(ret, err);
4339
4340 ret = (cmp >= 0) ? -1 : 0;
4341
4342 err:
4343 return ret;
4344 }
4345 static const u8 ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_priv_key[] = {
4346 0x36, 0xf5, 0x26, 0x39, 0x79, 0x87, 0x88, 0x83, 0x06,
4347 0x56, 0x86, 0xd8, 0x7e, 0x04, 0xf0, 0x68, 0xbb, 0xf5,
4348 0x54, 0x18, 0xbf, 0xbf, 0x02, 0x1f, 0xa3, 0x0e, 0x9c,
4349 0xfb, 0xa7, 0x8d, 0x63, 0xef,
4350 };
4351 static const u8 ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_expected_sig[] = {
4352 0x24, 0x28, 0x81, 0x56, 0xe2, 0xaa, 0xb4, 0xd7, 0xbd,
4353 0x33, 0x2c, 0x50, 0x39, 0xe0, 0x84, 0x8a, 0x85, 0x2a,
4354 0xfd, 0xab, 0x36, 0x35, 0xea, 0x1e, 0xdd, 0xd0, 0x28,
4355 0xf3, 0x34, 0x5d, 0x68, 0xcf, 0x24, 0xaf, 0x4b, 0xe3,
4356 0x86, 0xc6, 0x95, 0x9c, 0xfb, 0xd5, 0x0e, 0x2e, 0x11,
4357 0x17, 0x65, 0x09, 0x18, 0xea, 0xe9, 0x3c, 0x60, 0x67,
4358 0x3f, 0xe2, 0xa2, 0xe9, 0xde, 0x33, 0xe7, 0xff, 0x79,
4359 0x0c,
4360 };
4361 static const char ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_message[] = {
4362 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4363 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4364 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4365 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4366 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4367 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4368 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4369 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4370 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4371 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4372 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4373 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4374 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4375 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4376 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4377 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4378 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4379 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4380 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4381 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4382 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4383 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4384 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4385 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4386 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4387 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4388 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4389 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4390 0x61, 0x62, 0x63, 0x64,
4391 };
4392 static const ec_test_case ecrdsa_pygostlib_2_GOST_256bits_curve_test_case = {
4393 .name="ECRDSA-STREEBOG256/GOST-256-curve 2",
4394 .ec_str_p = &GOST_256bits_curve_str_params,
4395 .priv_key = ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_priv_key,
4396 .priv_key_len = sizeof(ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_priv_key),
4397 .nn_random = ecrdsa_nn_random_pygostlib_2_GOST_256bits_curve_test_vector,
4398 .hash_type = STREEBOG256,
4399 .msg = ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_message,
4400 .msglen = sizeof(ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_message),
4401 .sig_type = ECRDSA,
4402 .exp_sig = ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_expected_sig,
4403 .exp_siglen = sizeof(ecrdsa_pygostlib_2_GOST_256bits_curve_test_vector_expected_sig),
4404 .adata = NULL,
4405 .adata_len = 0
4406 };
4407
4408 #endif /* WITH_CURVE_GOST256 */
4409 #endif /* WITH_HASH_STREEBOG256 */
4410
4411 #ifdef WITH_HASH_SHA512
4412 #ifdef WITH_CURVE_GOST512
4413 #define ECRDSA_SHA512_GOST512_SELF_TEST
4414
4415 /* Then, ECRDSA test vector on a GOST 512-bit curve */
4416
ecrdsa_nn_random_iso14888_3_GOST_512bits_curve_test_vector(nn_t out,nn_src_t q)4417 static int ecrdsa_nn_random_iso14888_3_GOST_512bits_curve_test_vector(nn_t out,
4418 nn_src_t q)
4419 {
4420 int ret, cmp;
4421 /*
4422 * Current version of ISO 14888-3:2015 has a bad k value in its
4423 * test vectors. The value of k is higher than q!!!! Instead of
4424 * reducing the wrong value each time, let's change that false
4425 * value for a correct one (i.e. the reduced one mod q).
4426 *
4427
4428 const u8 k_buf[] = {
4429 0xC5, 0x73, 0xF6, 0xB3, 0x01, 0xD9, 0x9C, 0x24,
4430 0xC4, 0x22, 0xA4, 0x27, 0x1E, 0x9E, 0xC9, 0x3B,
4431 0xAE, 0xAA, 0x6E, 0xEF, 0x0D, 0xE8, 0x24, 0x77,
4432 0xD8, 0xB7, 0x39, 0x1F, 0x9F, 0x67, 0x90, 0xD9,
4433 0xDD, 0xE5, 0x14, 0x6F, 0x02, 0xEC, 0xA5, 0x67,
4434 0x2C, 0x38, 0xFC, 0x80, 0x9C, 0xF4, 0xCA, 0x88,
4435 0x93, 0x7C, 0x4B, 0x3A, 0x39, 0x36, 0xAD, 0xF9,
4436 0x90, 0x8F, 0x79, 0x6C, 0x86, 0xC0, 0x5C, 0x43
4437 };
4438
4439 */
4440
4441 const u8 k_buf[] = {
4442 0x3b, 0x10, 0x9d, 0x0f, 0x05, 0xd9, 0x54, 0x96,
4443 0x1a, 0x08, 0x57, 0x30, 0x48, 0x3e, 0xec, 0x3a,
4444 0x8a, 0x54, 0x45, 0x89, 0x0e, 0x76, 0x06, 0x6e,
4445 0x2e, 0xe0, 0x41, 0x0c, 0x33, 0xc1, 0xee, 0x1e,
4446 0x8d, 0x86, 0xb9, 0x71, 0x6c, 0xb1, 0x2f, 0xd8,
4447 0xf9, 0x18, 0x43, 0xc2, 0xc3, 0x6c, 0x82, 0xa4,
4448 0xe2, 0x9f, 0xff, 0x5e, 0xbc, 0xef, 0x22, 0xcd,
4449 0xe4, 0x06, 0x23, 0x89, 0x76, 0xf2, 0x8e, 0x85
4450 };
4451
4452 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
4453 ret = nn_cmp(out, q, &cmp); EG(ret, err);
4454
4455 ret = (cmp >= 0) ? -1 : 0;
4456
4457 err:
4458 return ret;
4459 }
4460
4461 static const u8 ecrdsa_GOST_512bits_curve_test_vectors_priv_key[] = {
4462 0x0B, 0xA6, 0x04, 0x8A, 0xAD, 0xAE, 0x24, 0x1B,
4463 0xA4, 0x09, 0x36, 0xD4, 0x77, 0x56, 0xD7, 0xC9,
4464 0x30, 0x91, 0xA0, 0xE8, 0x51, 0x46, 0x69, 0x70,
4465 0x0E, 0xE7, 0x50, 0x8E, 0x50, 0x8B, 0x10, 0x20,
4466 0x72, 0xE8, 0x12, 0x3B, 0x22, 0x00, 0xA0, 0x56,
4467 0x33, 0x22, 0xDA, 0xD2, 0x82, 0x7E, 0x27, 0x14,
4468 0xA2, 0x63, 0x6B, 0x7B, 0xFD, 0x18, 0xAA, 0xDF,
4469 0xC6, 0x29, 0x67, 0x82, 0x1F, 0xA1, 0x8D, 0xD4
4470 };
4471
4472 static const u8 ecrdsa_GOST_512bits_curve_test_vectors_expected_sig[] = {
4473 0x13, 0xc5, 0x65, 0x57, 0xe3, 0x00, 0x89, 0x8b,
4474 0xf6, 0xc9, 0x1a, 0x08, 0xaf, 0x0c, 0xaf, 0x80,
4475 0x10, 0x46, 0xa2, 0xdc, 0x58, 0xcf, 0x7e, 0x84,
4476 0xa1, 0x5d, 0xa3, 0xb6, 0x89, 0xc0, 0xeb, 0x29,
4477 0x73, 0xf5, 0xbe, 0x70, 0x27, 0xdb, 0xdd, 0x77,
4478 0xbc, 0xe5, 0xd3, 0x37, 0x6a, 0xd5, 0x79, 0x3c,
4479 0x21, 0x31, 0x57, 0x85, 0xaa, 0x6d, 0x25, 0x36,
4480 0xa2, 0x0c, 0x91, 0x58, 0x14, 0xf2, 0xad, 0xdc,
4481 0x32, 0xC0, 0xB1, 0x5B, 0xE3, 0x67, 0x58, 0x3B,
4482 0xB3, 0xFA, 0xEF, 0xF1, 0x49, 0xAF, 0x87, 0xD1,
4483 0x18, 0xBF, 0x18, 0xE1, 0x34, 0x87, 0xE0, 0xC6,
4484 0xAB, 0x75, 0x80, 0xB8, 0x62, 0xEC, 0x10, 0x4A,
4485 0x41, 0xEC, 0x9A, 0x5F, 0xB1, 0x7B, 0x0E, 0x0E,
4486 0xDB, 0xCF, 0xFD, 0x92, 0x0D, 0x6F, 0x62, 0x7E,
4487 0x70, 0x4A, 0x82, 0xCC, 0x53, 0x41, 0x27, 0xF6,
4488 0x44, 0xFD, 0xC9, 0x58, 0x98, 0x4D, 0xDC, 0xA0
4489 };
4490
4491 static const ec_test_case ecrdsa_GOST_512bits_curve_test_case = {
4492 .name = "ECRDSA-SHA512/GOST-512-curve",
4493 .ec_str_p = &GOST_512bits_curve_str_params,
4494 .priv_key = ecrdsa_GOST_512bits_curve_test_vectors_priv_key,
4495 .priv_key_len =
4496 sizeof(ecrdsa_GOST_512bits_curve_test_vectors_priv_key),
4497 .nn_random =
4498 ecrdsa_nn_random_iso14888_3_GOST_512bits_curve_test_vector,
4499 .hash_type = SHA512,
4500 .msg = "abc",
4501 .msglen = 3,
4502 .sig_type = ECRDSA,
4503 .exp_sig = ecrdsa_GOST_512bits_curve_test_vectors_expected_sig,
4504 .exp_siglen =
4505 sizeof(ecrdsa_GOST_512bits_curve_test_vectors_expected_sig),
4506 .adata = NULL,
4507 .adata_len = 0
4508 };
4509 #endif /* WITH_CURVE_GOST512 */
4510 #endif /* WITH_HASH_SHA512 */
4511
4512 #ifdef WITH_HASH_STREEBOG512
4513 #ifdef WITH_CURVE_GOST512
4514 #define ECRDSA_STREEBOG512_GOST512_SELF_TEST
4515
ecrdsa_nn_random_pygostlib_1_GOST_512bits_curve_test_vector(nn_t out,nn_src_t q)4516 static int ecrdsa_nn_random_pygostlib_1_GOST_512bits_curve_test_vector(nn_t out, nn_src_t q){
4517 int ret, cmp;
4518 const u8 k_buf[] = {
4519 0x03, 0xc3, 0xcb, 0xa3, 0x26, 0xc7, 0xdd, 0x44, 0x8e,
4520 0x98, 0xa1, 0x03, 0x37, 0x71, 0x4e, 0xf7, 0xa7, 0x9c,
4521 0xc1, 0x06, 0x30, 0x34, 0xb6, 0xcf, 0x63, 0x0c, 0x1d,
4522 0xe7, 0x7d, 0x80, 0xe0, 0x95, 0xc5, 0x7c, 0x5b, 0xa3,
4523 0x78, 0x01, 0x99, 0xde, 0x1f, 0x7c, 0xb0, 0x5b, 0x5b,
4524 0x08, 0x41, 0xd2, 0xcd, 0x88, 0x60, 0x8e, 0x75, 0xa8,
4525 0x8f, 0xe4, 0x9f, 0xee, 0xe8, 0xfd, 0xc2, 0x9f, 0x8b,
4526 0xa6,
4527 };
4528 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
4529 ret = nn_cmp(out, q, &cmp); EG(ret, err);
4530
4531 ret = (cmp >= 0) ? -1 : 0;
4532
4533 err:
4534 return ret;
4535 }
4536 static const u8 ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_priv_key[] = {
4537 0x0c, 0x18, 0x44, 0xa6, 0x1c, 0xbb, 0x08, 0xb7, 0xa1,
4538 0x86, 0x32, 0x1e, 0xf5, 0x53, 0x97, 0x7d, 0xef, 0x40,
4539 0x87, 0x7e, 0xd8, 0x98, 0xfb, 0xf6, 0xfd, 0x3e, 0xab,
4540 0xe4, 0xcf, 0xcf, 0xd3, 0x04, 0x21, 0xe5, 0xbf, 0xcb,
4541 0x73, 0xce, 0xd7, 0x35, 0x98, 0xa5, 0x4f, 0x9d, 0x9e,
4542 0x4b, 0x55, 0x83, 0xd6, 0x04, 0x65, 0x3c, 0xb3, 0x0a,
4543 0xbb, 0xe0, 0x56, 0x96, 0x3f, 0x08, 0xaf, 0x9a, 0x5b, 0x4f,
4544 };
4545 static const u8 ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_expected_sig[] = {
4546 0x0e, 0xf7, 0xf8, 0xcb, 0x41, 0x86, 0xce, 0xb5, 0x86,
4547 0x43, 0x53, 0x15, 0xec, 0x67, 0x48, 0xfe, 0x20, 0x58,
4548 0x35, 0x57, 0x51, 0xd3, 0xfe, 0x25, 0xe2, 0x42, 0xad,
4549 0x96, 0x58, 0xae, 0x55, 0x11, 0xef, 0xb3, 0x3f, 0x93,
4550 0x2d, 0x71, 0x0c, 0xea, 0xc9, 0xd7, 0x4e, 0x34, 0x98,
4551 0xde, 0x85, 0xc9, 0xf1, 0x31, 0x52, 0xfe, 0xf4, 0x65,
4552 0xa6, 0x57, 0x05, 0x78, 0x4d, 0x6d, 0x45, 0x40, 0x09,
4553 0x4b, 0x1f, 0x2f, 0xc0, 0x2b, 0x79, 0xc5, 0x85, 0x1a,
4554 0xc1, 0xc1, 0x4b, 0xaa, 0x63, 0x58, 0xab, 0x07, 0x6e,
4555 0x0b, 0xc7, 0xfd, 0x28, 0x98, 0xe9, 0x88, 0x90, 0x6c,
4556 0xd7, 0x14, 0x02, 0x30, 0x14, 0x8c, 0xa7, 0xe7, 0x24,
4557 0x9a, 0x64, 0x83, 0x63, 0x9c, 0x4f, 0x18, 0xf5, 0x84,
4558 0x7e, 0xce, 0x03, 0xad, 0x3f, 0x9f, 0x26, 0x2f, 0xcb,
4559 0xaa, 0x3c, 0x55, 0xf7, 0xee, 0xd2, 0x91, 0xb3, 0xe7,
4560 0xeb, 0x4b,
4561 };
4562 static const char ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_message[] = {
4563 0x61, 0x62, 0x63,
4564 };
4565 static const ec_test_case ecrdsa_pygostlib_1_GOST_512bits_curve_test_case = {
4566 .name="ECRDSA-STREEBOG512/GOST-512-curve 1",
4567 .ec_str_p = &GOST_512bits_curve_str_params,
4568 .priv_key = ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_priv_key,
4569 .priv_key_len = sizeof(ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_priv_key),
4570 .nn_random = ecrdsa_nn_random_pygostlib_1_GOST_512bits_curve_test_vector,
4571 .hash_type = STREEBOG512,
4572 .msg = ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_message,
4573 .msglen = sizeof(ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_message),
4574 .sig_type = ECRDSA,
4575 .exp_sig = ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_expected_sig,
4576 .exp_siglen = sizeof(ecrdsa_pygostlib_1_GOST_512bits_curve_test_vector_expected_sig),
4577 .adata = NULL,
4578 .adata_len = 0
4579 };
4580
ecrdsa_nn_random_pygostlib_2_GOST_512bits_curve_test_vector(nn_t out,nn_src_t q)4581 static int ecrdsa_nn_random_pygostlib_2_GOST_512bits_curve_test_vector(nn_t out, nn_src_t q){
4582 int ret, cmp;
4583 const u8 k_buf[] = {
4584 0x15, 0x56, 0x79, 0x4e, 0xed, 0x00, 0x7c, 0xdc, 0xc0,
4585 0xc1, 0x3f, 0xb3, 0x6b, 0xa3, 0xa3, 0x00, 0xdd, 0x16,
4586 0xce, 0x6d, 0x83, 0xf6, 0x49, 0xab, 0x8d, 0x7a, 0x06,
4587 0x38, 0x34, 0xf0, 0x8b, 0xaf, 0xbc, 0x4e, 0x2a, 0x30,
4588 0x25, 0xee, 0xa2, 0x59, 0x5a, 0xc6, 0x79, 0x57, 0x84,
4589 0xc9, 0x15, 0x65, 0xed, 0xcb, 0x33, 0x42, 0x8a, 0x7a,
4590 0xd0, 0xe7, 0x87, 0xfe, 0x3c, 0x16, 0xd1, 0xb5, 0x50,
4591 0x8a,
4592 };
4593 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
4594 ret = nn_cmp(out, q, &cmp); EG(ret, err);
4595
4596 ret = (cmp >= 0) ? -1 : 0;
4597
4598 err:
4599 return ret;
4600 }
4601 static const u8 ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_priv_key[] = {
4602 0x32, 0xb5, 0xda, 0xed, 0x49, 0x2e, 0x13, 0xc5, 0x8a, 0xb5, 0xa1, 0x41,
4603 0x9e, 0x01, 0x2f, 0x0c, 0x69, 0xc1, 0x4e, 0xf0, 0xcf, 0x84, 0xce, 0x81,
4604 0x4f, 0x76, 0x3b, 0x6f, 0xac, 0xd5, 0x7c, 0xd9, 0x42, 0xfe, 0x47, 0xe5,
4605 0x13, 0x38, 0xbd, 0xdd, 0xd5, 0x91, 0xe0, 0x38, 0xa6, 0x77, 0x17, 0x89,
4606 0x85, 0x9c, 0x55, 0x54, 0xa3, 0xd0, 0x94, 0x6d, 0x20, 0xb4, 0xd3, 0xfd,
4607 0x5c, 0xad, 0x17, 0xbc,
4608 };
4609 static const u8 ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_expected_sig[] = {
4610 0x06, 0xfa, 0x71, 0xf0, 0xf9, 0x5b, 0xab, 0x4f, 0x08, 0x5b, 0x81, 0x44,
4611 0x32, 0x3a, 0x79, 0xa3, 0x9f, 0xb6, 0x72, 0x7c, 0x5b, 0x14, 0x48, 0xcb,
4612 0x2b, 0x42, 0xc9, 0x75, 0xb8, 0x35, 0x63, 0xf0, 0x6f, 0x81, 0x02, 0x78,
4613 0xd3, 0x2d, 0x7b, 0x04, 0x91, 0x11, 0xb0, 0x69, 0xa0, 0xba, 0x62, 0x47,
4614 0x3c, 0x72, 0x29, 0xef, 0x1b, 0xc2, 0x5c, 0xe5, 0x94, 0x4a, 0xf4, 0xbb,
4615 0x64, 0xf8, 0x68, 0xb9, 0x2e, 0x29, 0xa4, 0x50, 0xd2, 0x38, 0xae, 0xc2,
4616 0x8f, 0x6c, 0x3f, 0xcf, 0x2b, 0x13, 0x5b, 0xf9, 0x73, 0x6a, 0xf8, 0xac,
4617 0x13, 0xff, 0xff, 0x60, 0x19, 0xbd, 0x89, 0xae, 0x4e, 0x29, 0xb8, 0x07,
4618 0xea, 0xa9, 0xe3, 0xf1, 0x78, 0xa2, 0x4f, 0x07, 0x3d, 0xd8, 0x6b, 0x9f,
4619 0x2e, 0xb7, 0x2d, 0x96, 0xd2, 0xea, 0xae, 0x68, 0x38, 0xdb, 0x0d, 0x42,
4620 0xa7, 0x73, 0xf5, 0x5b, 0xbd, 0x3c, 0xe8, 0x84,
4621 };
4622 static const char ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_message[] = {
4623 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4624 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4625 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4626 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4627 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4628 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4629 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4630 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4631 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4632 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4633 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4634 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4635 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4636 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4637 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4638 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4639 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4640 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4641 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4642 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4643 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4644 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4645 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4646 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4647 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61,
4648 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62,
4649 0x63, 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63,
4650 0x64, 0x61, 0x62, 0x63, 0x64, 0x61, 0x62, 0x63, 0x64,
4651 0x61, 0x62, 0x63, 0x64,
4652 };
4653 static const ec_test_case ecrdsa_pygostlib_2_GOST_512bits_curve_test_case = {
4654 .name="ECRDSA-STREEBOG512/GOST-512-curve 2",
4655 .ec_str_p = &GOST_512bits_curve_str_params,
4656 .priv_key = ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_priv_key,
4657 .priv_key_len = sizeof(ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_priv_key),
4658 .nn_random = ecrdsa_nn_random_pygostlib_2_GOST_512bits_curve_test_vector,
4659 .hash_type = STREEBOG512,
4660 .msg = ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_message,
4661 .msglen = sizeof(ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_message),
4662 .sig_type = ECRDSA,
4663 .exp_sig = ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_expected_sig,
4664 .exp_siglen = sizeof(ecrdsa_pygostlib_2_GOST_512bits_curve_test_vector_expected_sig),
4665 .adata = NULL,
4666 .adata_len = 0
4667 };
4668
4669 #endif /* WITH_CURVE_GOST512 */
4670 #endif /* WITH_HASH_STREEBOG512 */
4671
4672 #endif /* defined(USE_ISO14888_3_ECRDSA) */
4673
4674 #endif /* WITH_SIG_ECRDSA */
4675
4676 /*******************************************************************
4677 ************** SM2 tests ******************************************
4678 *******************************************************************/
4679
4680 /*
4681 * Unlike other signature algorithms (defined in ISO 14888-3:2015) for
4682 * which tests vectors are based on secp* or brainpoolp* curves, SM2
4683 * tests vectors are based on custom curves.
4684 */
4685
4686 #ifdef WITH_SIG_SM2
4687 #ifdef WITH_HASH_SM3
4688
4689 #ifdef WITH_CURVE_SM2P256TEST
4690 #define SM2_SM3_CURVE_SM2P256TEST
4691
4692 /* First, SM2 test vector on a 256-bit SM2 TEST curve */
4693
sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vector(nn_t out,nn_src_t q)4694 static int sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vector(nn_t out,
4695 nn_src_t
4696 q)
4697 {
4698 int ret, cmp;
4699 const u8 k_buf[] = {
4700 0x6C, 0xB2, 0x8D, 0x99, 0x38, 0x5C, 0x17, 0x5C,
4701 0x94, 0xF9, 0x4E, 0x93, 0x48, 0x17, 0x66, 0x3F,
4702 0xC1, 0x76, 0xD9, 0x25, 0xDD, 0x72, 0xB7, 0x27,
4703 0x26, 0x0D, 0xBA, 0xAE, 0x1F, 0xB2, 0xF9, 0x6F
4704 };
4705 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
4706 ret = nn_cmp(out, q, &cmp); EG(ret, err);
4707
4708 ret = (cmp >= 0) ? -1 : 0;
4709
4710 err:
4711 return ret;
4712 }
4713
4714 static const u8 sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_priv_key[] = {
4715 0x12, 0x8B, 0x2F, 0xA8, 0xBD, 0x43, 0x3C, 0x6C,
4716 0x06, 0x8C, 0x8D, 0x80, 0x3D, 0xFF, 0x79, 0x79,
4717 0x2A, 0x51, 0x9A, 0x55, 0x17, 0x1B, 0x1B, 0x65,
4718 0x0C, 0x23, 0x66, 0x1D, 0x15, 0x89, 0x72, 0x63
4719 };
4720
4721 static const u8 sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_expected_sig[] = {
4722 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4,
4723 0x9E, 0x09, 0xDC, 0xEF, 0x49, 0x13, 0x0D, 0x41,
4724 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2, 0xCA, 0xA5,
4725 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
4726 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1,
4727 0x0C, 0x77, 0xDF, 0xB2, 0x0F, 0x7C, 0x2E, 0xB6,
4728 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0, 0x9E, 0xC5,
4729 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
4730 };
4731
4732 static const char sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_msg[] = "message digest";
4733
4734 static const char sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_adata[] = "ALICE123@YAHOO.COM";
4735
4736 static const ec_test_case sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_case = {
4737 .name = "SM2-SM3/SM2P256TEST",
4738 .ec_str_p = &sm2p256test_str_params,
4739 .priv_key = sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_priv_key,
4740 .priv_key_len = sizeof(sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_priv_key),
4741 .nn_random = sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vector,
4742 .hash_type = SM3,
4743 .msg = sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_msg,
4744 .msglen = 14,
4745 .sig_type = SM2,
4746 .exp_sig = sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_expected_sig,
4747 .exp_siglen = sizeof(sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_expected_sig),
4748 .adata = (const u8*)sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_vectors_adata,
4749 .adata_len = 18,
4750 };
4751 #endif /* WITH_CURVE_SM2P256TEST */
4752
4753 #ifdef WITH_CURVE_SM2P256V1
4754 #define SM2_SM3_CURVE_SM2P256V1
4755
4756 /* SM2 test vector on a 256-bit SM2 standardized curve */
4757
sm2_nn_random_sm2p256v1_test_vector(nn_t out,nn_src_t q)4758 static int sm2_nn_random_sm2p256v1_test_vector(nn_t out, nn_src_t q)
4759 {
4760 int ret, cmp;
4761 const u8 k_buf[] = {
4762 0x59, 0x27, 0x6E, 0x27, 0xD5, 0x06, 0x86, 0x1A, 0x16,
4763 0x68, 0x0F, 0x3A, 0xD9, 0xC0, 0x2D, 0xCC, 0xEF, 0x3C,
4764 0xC1, 0xFA, 0x3C, 0xDB, 0xE4, 0xCE, 0x6D, 0x54, 0xB8,
4765 0x0D, 0xEA, 0xC1, 0xBC, 0x21,
4766 };
4767 ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err);
4768 ret = nn_cmp(out, q, &cmp); EG(ret, err);
4769
4770 ret = (cmp >= 0) ? -1 : 0;
4771
4772 err:
4773 return ret;
4774 }
4775
4776 static const u8 sm2_nn_random_sm2p256v1_test_vectors_priv_key[] = {
4777 0x39, 0x45, 0x20, 0x8F, 0x7B, 0x21, 0x44, 0xB1, 0x3F, 0x36, 0xE3,
4778 0x8A, 0xC6, 0xD3, 0x9F, 0x95, 0x88, 0x93, 0x93, 0x69, 0x28, 0x60,
4779 0xB5, 0x1A, 0x42, 0xFB, 0x81, 0xEF, 0x4D, 0xF7, 0xC5, 0xB8,
4780 };
4781
4782 static const u8 sm2_nn_random_sm2p256v1_test_vectors_expected_sig[] = {
4783 0xF5, 0xA0, 0x3B, 0x06, 0x48, 0xD2, 0xC4, 0x63, 0x0E, 0xEA, 0xC5,
4784 0x13, 0xE1, 0xBB, 0x81, 0xA1, 0x59, 0x44, 0xDA, 0x38, 0x27, 0xD5,
4785 0xB7, 0x41, 0x43, 0xAC, 0x7E, 0xAC, 0xEE, 0xE7, 0x20, 0xB3, 0xB1,
4786 0xB6, 0xAA, 0x29, 0xDF, 0x21, 0x2F, 0xD8, 0x76, 0x31, 0x82, 0xBC,
4787 0x0D, 0x42, 0x1C, 0xA1, 0xBB, 0x90, 0x38, 0xFD, 0x1F, 0x7F, 0x42,
4788 0xD4, 0x84, 0x0B, 0x69, 0xC4, 0x85, 0xBB, 0xC1, 0xAA,
4789 };
4790
4791 static const u8 sm2_nn_random_sm2p256v1_test_vectors_adata[] = {
4792 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33,
4793 0x34, 0x35, 0x36, 0x37, 0x38,
4794 };
4795
4796 static const u8 tmp_msg_sm2_sm2p256v1[] = {
4797 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74,
4798 };
4799 static const ec_test_case sm2_nn_random_sm2p256v1_test_case = {
4800 .name = "SM2-SM3/SM2P256V1",
4801 .ec_str_p = &sm2p256v1_str_params,
4802 .priv_key = sm2_nn_random_sm2p256v1_test_vectors_priv_key,
4803 .priv_key_len = sizeof(sm2_nn_random_sm2p256v1_test_vectors_priv_key),
4804 .nn_random = sm2_nn_random_sm2p256v1_test_vector,
4805 .hash_type = SM3,
4806 .msg = (const char *)tmp_msg_sm2_sm2p256v1,
4807 .msglen = sizeof(tmp_msg_sm2_sm2p256v1),
4808 .sig_type = SM2,
4809 .exp_sig = sm2_nn_random_sm2p256v1_test_vectors_expected_sig,
4810 .exp_siglen = sizeof(sm2_nn_random_sm2p256v1_test_vectors_expected_sig),
4811 .adata = sm2_nn_random_sm2p256v1_test_vectors_adata,
4812 .adata_len = sizeof(sm2_nn_random_sm2p256v1_test_vectors_adata),
4813 };
4814 #endif /* WITH_CURVE_SM2P256TEST */
4815
4816
4817 #endif /* WITH_HASH_SM3 */
4818 #endif /* WITH_SIG_SM2 */
4819
4820
4821 /*******************************************************************
4822 ************** EdDSA tests ****************************************
4823 *******************************************************************/
4824 #ifdef WITH_SIG_EDDSA25519
4825 #ifdef WITH_HASH_SHA512
4826 #ifdef WITH_CURVE_WEI25519
4827 #define EDDSA25519_SHA512_WEI25519_SELF_TEST
4828
4829 #include "ed25519_test_vectors.h"
4830
4831 #define EDDSA25519PH_SHA512_WEI25519_SELF_TEST
4832
4833 #include "ed25519ph_test_vectors.h"
4834
4835 #define EDDSA25519CTX_SHA512_WEI25519_SELF_TEST
4836
4837 #include "ed25519ctx_test_vectors.h"
4838
4839 #endif /* WITH_CURVE_WEI25519 */
4840 #endif /* WITH_HASH_SHA512 */
4841 #endif /* WITH_SIG_EDDSA */
4842
4843 #ifdef WITH_SIG_EDDSA448
4844 #ifdef WITH_HASH_SHAKE256
4845 #ifdef WITH_CURVE_WEI448
4846 #define EDDSA448_SHAKE256_WEI448_SELF_TEST
4847
4848 #include "ed448_test_vectors.h"
4849
4850 #define EDDSA448PH_SHAKE256_WEI448_SELF_TEST
4851
4852 #include "ed448ph_test_vectors.h"
4853
4854 #endif /* WITH_CURVE_WEI448 */
4855 #endif /* WITH_HASH_SHAKE256 */
4856 #endif /* WITH_SIG_EDDSA */
4857
4858 /*********** Deterministic ECDSA tests taken from RFC6979 **************/
4859 #ifdef WITH_SIG_DECDSA
4860
4861 #include "decdsa_test_vectors.h"
4862
4863 #endif /* WITH_SIG_DECDSA */
4864
4865 #if defined(WITH_SIG_BIGN) && defined(WITH_CURVE_BIGN256V1)
4866
4867 /* NOTE: tests taken from STB 34.101.45-2013 */
4868 #include "bign_test_vectors.h"
4869
4870 #endif
4871
4872 #if defined(WITH_SIG_DBIGN) && defined(WITH_CURVE_BIGN256V1)
4873
4874 /* NOTE: tests taken from STB 34.101.45-2013 */
4875 #include "dbign_test_vectors.h"
4876
4877 #endif
4878
4879 #if defined(WITH_SIG_BIP0340) && defined(WITH_HASH_SHA256) && defined(WITH_CURVE_SECP256K1)
4880
4881 /* NOTE: tests taken from:
4882 * https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv
4883 */
4884 #include "bip0340_test_vectors.h"
4885
4886 #endif
4887
4888 /* ADD curve test vectors header here */
4889 /* XXX: Do not remove the comment above, as it is
4890 * used by external tools as a placeholder to add or
4891 * remove automatically generated code.
4892 */
4893
4894 /* Dummy empty test case to avoid empty array
4895 * when no test case is defined
4896 */
4897 static const ec_test_case dummy_test_case = {
4898 .name = "Dummy SIGN",
4899 .ec_str_p = NULL,
4900 .priv_key = NULL,
4901 .priv_key_len = 0,
4902 .nn_random = NULL,
4903 .hash_type = UNKNOWN_HASH_ALG,
4904 .msg = NULL,
4905 .msglen = 0,
4906 .sig_type = UNKNOWN_ALG,
4907 .exp_sig = NULL,
4908 .exp_siglen = 0,
4909 .adata = NULL,
4910 .adata_len = 0
4911 };
4912
4913 /* List of all test cases */
4914
4915 static const ec_test_case *ec_fixed_vector_tests[] = {
4916 /* ECDSA */
4917 #ifdef ECDSA_SHA224_SECP224R1_SELF_TEST
4918 &ecdsa_secp224r1_test_case,
4919 #endif
4920 #ifdef ECDSA_SHA256_SECP256R1_SELF_TEST
4921 &ecdsa_secp256r1_test_case,
4922 #endif
4923 #ifdef ECDSA_SHA512_SECP256R1_SELF_TEST
4924 &ecdsa_secp256r1_sha512_test_case,
4925 #endif
4926 #ifdef ECDSA_SHA384_SECP384R1_SELF_TEST
4927 &ecdsa_secp384r1_test_case,
4928 #endif
4929 #ifdef ECDSA_SHA512_SECP521R1_SELF_TEST
4930 &ecdsa_secp521r1_test_case,
4931 #endif
4932 #ifdef ECDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
4933 &ecdsa_brainpoolp256r1_test_case,
4934 #endif
4935 #ifdef ECDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
4936 &ecdsa_brainpoolp384r1_test_case,
4937 #endif
4938 #ifdef ECDSA_SHA512_BRAINPOOLP512R1_SELF_TEST
4939 &ecdsa_brainpoolp512r1_test_case,
4940 #endif
4941 #ifdef ECDSA_SHA256_FRP256V1_SELF_TEST
4942 &ecdsa_frp256v1_test_case,
4943 #endif
4944 #ifdef ECDSA_SHA3_224_SECP224R1_SELF_TEST
4945 &ecdsa_secp224r1_sha3_224_test_case,
4946 #endif
4947 #ifdef ECDSA_SHA3_256_SECP256R1_SELF_TEST
4948 &ecdsa_secp256r1_sha3_256_test_case,
4949 #endif
4950 #ifdef ECDSA_SHA3_512_SECP256R1_SELF_TEST
4951 &ecdsa_secp256r1_sha3_512_test_case,
4952 #endif
4953 #ifdef ECDSA_SHA3_384_SECP384R1_SELF_TEST
4954 &ecdsa_secp384r1_sha3_384_test_case,
4955 #endif
4956 #ifdef ECDSA_SHA3_512_SECP521R1_SELF_TEST
4957 &ecdsa_secp521r1_sha3_512_test_case,
4958 #endif
4959 #ifdef ECDSA_SHA224_SECP192R1_SELF_TEST
4960 &ecdsa_secp192r1_test_case,
4961 #endif
4962 /* ECKCDSA */
4963 #ifdef ECKCDSA_SHA224_SECP224R1_SELF_TEST
4964 &eckcdsa_secp224r1_test_case,
4965 #endif
4966 #ifdef ECKCDSA_SHA256_SECP224R1_SELF_TEST
4967 &eckcdsa_secp224r1_sha256_test_case,
4968 #endif
4969 #ifdef ECKCDSA_SHA256_SECP256R1_SELF_TEST
4970 &eckcdsa_secp256r1_test_case,
4971 #endif
4972 #ifdef ECKCDSA_SHA384_SECP384R1_SELF_TEST
4973 &eckcdsa_secp384r1_test_case,
4974 #endif
4975 #ifdef ECKCDSA_SHA512_SECP256R1_SELF_TEST
4976 &eckcdsa_secp256r1_sha512_test_case,
4977 #endif
4978 #ifdef ECKCDSA_SHA512_SECP521R1_SELF_TEST
4979 &eckcdsa_secp521r1_test_case,
4980 #endif
4981 #ifdef ECKCDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
4982 &eckcdsa_brainpoolp256r1_test_case,
4983 #endif
4984 #ifdef ECKCDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
4985 &eckcdsa_brainpoolp384r1_test_case,
4986 #endif
4987 #ifdef ECKCDSA_SHA512_BRAINPOOLP512R1_SELF_TEST
4988 &eckcdsa_brainpoolp512r1_test_case,
4989 #endif
4990 #ifdef ECKCDSA_SHA256_FRP256V1_SELF_TEST
4991 &eckcdsa_frp256v1_test_case,
4992 #endif
4993 /* ECSDSA */
4994 #ifdef ECSDSA_SHA224_SECP224R1_SELF_TEST
4995 &ecsdsa_secp224r1_test_case,
4996 #endif
4997 #ifdef ECSDSA_SHA256_SECP256R1_SELF_TEST
4998 &ecsdsa_secp256r1_test_case,
4999 #endif
5000 #ifdef ECSDSA_SHA384_SECP384R1_SELF_TEST
5001 &ecsdsa_secp384r1_test_case,
5002 #endif
5003 #ifdef ECSDSA_SHA512_SECP521R1_SELF_TEST
5004 &ecsdsa_secp521r1_test_case,
5005 #endif
5006 #ifdef ECSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
5007 &ecsdsa_brainpoolp256r1_test_case,
5008 #endif
5009 #ifdef ECSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
5010 &ecsdsa_brainpoolp384r1_test_case,
5011 #endif
5012 #ifdef ECSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST
5013 &ecsdsa_brainpoolp512r1_test_case,
5014 #endif
5015 #ifdef ECSDSA_SHA256_FRP256V1_SELF_TEST
5016 &ecsdsa_frp256v1_test_case,
5017 #endif
5018 /* ECOSDSA */
5019 #ifdef ECOSDSA_SHA224_SECP224R1_SELF_TEST
5020 &ecosdsa_secp224r1_test_case,
5021 #endif
5022 #ifdef ECOSDSA_SHA256_SECP256R1_SELF_TEST
5023 &ecosdsa_secp256r1_test_case,
5024 #endif
5025 #ifdef ECOSDSA_SHA384_SECP384R1_SELF_TEST
5026 &ecosdsa_secp384r1_test_case,
5027 #endif
5028 #ifdef ECOSDSA_SHA512_SECP521R1_SELF_TEST
5029 &ecosdsa_secp521r1_test_case,
5030 #endif
5031 #ifdef ECOSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
5032 &ecosdsa_brainpoolp256r1_test_case,
5033 #endif
5034 #ifdef ECOSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
5035 &ecosdsa_brainpoolp384r1_test_case,
5036 #endif
5037 #ifdef ECOSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST
5038 &ecosdsa_brainpoolp512r1_test_case,
5039 #endif
5040 #ifdef ECOSDSA_SHA256_FRP256V1_SELF_TEST
5041 &ecosdsa_frp256v1_test_case,
5042 #endif
5043 /* ECFSDSA */
5044 #ifdef ECFSDSA_SHA224_SECP224R1_SELF_TEST
5045 &ecfsdsa_secp224r1_test_case,
5046 #endif
5047 #ifdef ECFSDSA_SHA256_SECP256R1_SELF_TEST
5048 &ecfsdsa_secp256r1_test_case,
5049 #endif
5050 #ifdef ECFSDSA_SHA384_SECP384R1_SELF_TEST
5051 &ecfsdsa_secp384r1_test_case,
5052 #endif
5053 #ifdef ECFSDSA_SHA512_SECP521R1_SELF_TEST
5054 &ecfsdsa_secp521r1_test_case,
5055 #endif
5056 #ifdef ECFSDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
5057 &ecfsdsa_brainpoolp256r1_test_case,
5058 #endif
5059 #ifdef ECFSDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
5060 &ecfsdsa_brainpoolp384r1_test_case,
5061 #endif
5062 #ifdef ECFSDSA_SHA512_BRAINPOOLP512R1_SELF_TEST
5063 &ecfsdsa_brainpoolp512r1_test_case,
5064 #endif
5065 #ifdef ECFSDSA_SHA256_FRP256V1_SELF_TEST
5066 &ecfsdsa_frp256v1_test_case,
5067 #endif
5068 /* ECGDSA */
5069 #ifdef ECGDSA_SHA256_BRAINPOOLP192R1_SELF_TEST
5070 &ecgdsa_brainpoolp192r1_test_case,
5071 #endif
5072 #ifdef ECGDSA_SHA224_BRAINPOOLP224R1_SELF_TEST
5073 &ecgdsa_brainpoolp224r1_test_case,
5074 #endif
5075 #ifdef ECGDSA_SHA256_BRAINPOOLP256R1_SELF_TEST
5076 &ecgdsa_brainpoolp256r1_test_case,
5077 #endif
5078 #ifdef ECGDSA_SHA384_BRAINPOOLP384R1_SELF_TEST
5079 &ecgdsa_brainpoolp384r1_test_case,
5080 #endif
5081 /* ECRDSA */
5082 #ifndef USE_ISO14888_3_ECRDSA
5083 #ifdef ECRDSA_STREEBOG256_GOST256_SELF_TEST
5084 &ecrdsa_rfc4491_bis_1_GOST_256bits_curve_test_case,
5085 #endif
5086 #ifdef ECRDSA_STREEBOG256_GOST256_PARAMSETA_SELF_TEST
5087 &ecrdsa_rfc4491_bis_2_GOST_256bits_curve_test_case,
5088 #endif
5089 #ifdef ECRDSA_STREEBOG512_GOST512_SELF_TEST
5090 &ecrdsa_rfc4491_bis_1_GOST_512bits_curve_test_case,
5091 #endif
5092 /**/
5093 #else /* defined(USE_ISO14888_3_ECRDSA) */
5094 #ifdef ECRDSA_SHA256_GOST256_SELF_TEST
5095 &ecrdsa_GOST_256bits_curve_test_case,
5096 #endif
5097 #ifdef ECRDSA_SHA512_GOST512_SELF_TEST
5098 &ecrdsa_GOST_512bits_curve_test_case,
5099 #endif
5100 #ifdef ECRDSA_STREEBOG256_GOST256_SELF_TEST
5101 &ecrdsa_pygostlib_1_GOST_256bits_curve_test_case,
5102 &ecrdsa_pygostlib_2_GOST_256bits_curve_test_case,
5103 #endif
5104 #ifdef ECRDSA_STREEBOG512_GOST512_SELF_TEST
5105 &ecrdsa_pygostlib_1_GOST_512bits_curve_test_case,
5106 &ecrdsa_pygostlib_2_GOST_512bits_curve_test_case,
5107 #endif
5108 #endif /* defined(USE_ISO14888_3_ECRDSA) */
5109 #ifdef SM2_SM3_CURVE_SM2P256TEST
5110 &sm2_nn_random_iso14888_3_SM2_256bits_test_curve_test_case,
5111 #endif
5112 #ifdef SM2_SM3_CURVE_SM2P256V1
5113 &sm2_nn_random_sm2p256v1_test_case,
5114 #endif
5115 /* EdDSA Ed25519 */
5116 #ifdef EDDSA25519_SHA512_WEI25519_SELF_TEST
5117 EDDSA25519_SHA512_WEI25519_ALL_TESTS()
5118 #endif
5119 /* EdDSA Ed25519ph */
5120 #ifdef EDDSA25519PH_SHA512_WEI25519_SELF_TEST
5121 EDDSA25519PH_SHA512_WEI25519_ALL_TESTS()
5122 #endif
5123 /* EdDSA Ed25519ctx */
5124 #ifdef EDDSA25519CTX_SHA512_WEI25519_SELF_TEST
5125 EDDSA25519CTX_SHA512_WEI25519_ALL_TESTS()
5126 #endif
5127 /* EdDSA Ed448 */
5128 #ifdef EDDSA448_SHAKE256_WEI448_SELF_TEST
5129 EDDSA448_SHAKE256_WEI448_ALL_TESTS()
5130 #endif
5131 /* EdDSA Ed448PH */
5132 #ifdef EDDSA448PH_SHAKE256_WEI448_SELF_TEST
5133 EDDSA448PH_SHAKE256_WEI448_ALL_TESTS()
5134 #endif
5135 #ifdef DECDSA_SHA224_SECP192R1_SELF_TEST_0
5136 &decdsa_rfc6979_SECP192R1_SHA224_0_test_case,
5137 #endif /* DECDSA_SHA224_SECP192R1_SELF_TEST_0 */
5138 #ifdef DECDSA_SHA256_SECP192R1_SELF_TEST_0
5139 &decdsa_rfc6979_SECP192R1_SHA256_0_test_case,
5140 #endif /* DECDSA_SHA256_SECP192R1_SELF_TEST_0 */
5141 #ifdef DECDSA_SHA384_SECP192R1_SELF_TEST_0
5142 &decdsa_rfc6979_SECP192R1_SHA384_0_test_case,
5143 #endif /* DECDSA_SHA384_SECP192R1_SELF_TEST_0 */
5144 #ifdef DECDSA_SHA512_SECP192R1_SELF_TEST_0
5145 &decdsa_rfc6979_SECP192R1_SHA512_0_test_case,
5146 #endif /* DECDSA_SHA512_SECP192R1_SELF_TEST_0 */
5147 #ifdef DECDSA_SHA224_SECP192R1_SELF_TEST_1
5148 &decdsa_rfc6979_SECP192R1_SHA224_1_test_case,
5149 #endif /* DECDSA_SHA224_SECP192R1_SELF_TEST_1 */
5150 #ifdef DECDSA_SHA256_SECP192R1_SELF_TEST_1
5151 &decdsa_rfc6979_SECP192R1_SHA256_1_test_case,
5152 #endif /* DECDSA_SHA256_SECP192R1_SELF_TEST_1 */
5153 #ifdef DECDSA_SHA384_SECP192R1_SELF_TEST_1
5154 &decdsa_rfc6979_SECP192R1_SHA384_1_test_case,
5155 #endif /* DECDSA_SHA384_SECP192R1_SELF_TEST_1 */
5156 #ifdef DECDSA_SHA512_SECP192R1_SELF_TEST_1
5157 &decdsa_rfc6979_SECP192R1_SHA512_1_test_case,
5158 #endif /* DECDSA_SHA512_SECP192R1_SELF_TEST_1 */
5159 #ifdef DECDSA_SHA224_SECP256R1_SELF_TEST_0
5160 &decdsa_rfc6979_SECP256R1_SHA224_0_test_case,
5161 #endif /* DECDSA_SHA224_SECP256R1_SELF_TEST_0 */
5162 #ifdef DECDSA_SHA256_SECP256R1_SELF_TEST_0
5163 &decdsa_rfc6979_SECP256R1_SHA256_0_test_case,
5164 #endif /* DECDSA_SHA256_SECP256R1_SELF_TEST_0 */
5165 #ifdef DECDSA_SHA384_SECP256R1_SELF_TEST_0
5166 &decdsa_rfc6979_SECP256R1_SHA384_0_test_case,
5167 #endif /* DECDSA_SHA384_SECP256R1_SELF_TEST_0 */
5168 #ifdef DECDSA_SHA512_SECP256R1_SELF_TEST_0
5169 &decdsa_rfc6979_SECP256R1_SHA512_0_test_case,
5170 #endif /* DECDSA_SHA512_SECP256R1_SELF_TEST_0 */
5171 #ifdef DECDSA_SHA224_SECP256R1_SELF_TEST_1
5172 &decdsa_rfc6979_SECP256R1_SHA224_1_test_case,
5173 #endif /* DECDSA_SHA224_SECP256R1_SELF_TEST_1 */
5174 #ifdef DECDSA_SHA256_SECP256R1_SELF_TEST_1
5175 &decdsa_rfc6979_SECP256R1_SHA256_1_test_case,
5176 #endif /* DECDSA_SHA256_SECP256R1_SELF_TEST_1 */
5177 #ifdef DECDSA_SHA384_SECP256R1_SELF_TEST_1
5178 &decdsa_rfc6979_SECP256R1_SHA384_1_test_case,
5179 #endif /* DECDSA_SHA384_SECP256R1_SELF_TEST_1 */
5180 #ifdef DECDSA_SHA512_SECP256R1_SELF_TEST_1
5181 &decdsa_rfc6979_SECP256R1_SHA512_1_test_case,
5182 #endif /* DECDSA_SHA512_SECP256R1_SELF_TEST_1 */
5183 #ifdef DECDSA_SHA224_SECP384R1_SELF_TEST_0
5184 &decdsa_rfc6979_SECP384R1_SHA224_0_test_case,
5185 #endif /* DECDSA_SHA224_SECP384R1_SELF_TEST_0 */
5186 #ifdef DECDSA_SHA256_SECP384R1_SELF_TEST_0
5187 &decdsa_rfc6979_SECP384R1_SHA256_0_test_case,
5188 #endif /* DECDSA_SHA256_SECP384R1_SELF_TEST_0 */
5189 #ifdef DECDSA_SHA384_SECP384R1_SELF_TEST_0
5190 &decdsa_rfc6979_SECP384R1_SHA384_0_test_case,
5191 #endif /* DECDSA_SHA384_SECP384R1_SELF_TEST_0 */
5192 #ifdef DECDSA_SHA512_SECP384R1_SELF_TEST_0
5193 &decdsa_rfc6979_SECP384R1_SHA512_0_test_case,
5194 #endif /* DECDSA_SHA512_SECP384R1_SELF_TEST_0 */
5195 #ifdef DECDSA_SHA224_SECP384R1_SELF_TEST_1
5196 &decdsa_rfc6979_SECP384R1_SHA224_1_test_case,
5197 #endif /* DECDSA_SHA224_SECP384R1_SELF_TEST_1 */
5198 #ifdef DECDSA_SHA256_SECP384R1_SELF_TEST_1
5199 &decdsa_rfc6979_SECP384R1_SHA256_1_test_case,
5200 #endif /* DECDSA_SHA256_SECP384R1_SELF_TEST_1 */
5201 #ifdef DECDSA_SHA384_SECP384R1_SELF_TEST_1
5202 &decdsa_rfc6979_SECP384R1_SHA384_1_test_case,
5203 #endif /* DECDSA_SHA384_SECP384R1_SELF_TEST_1 */
5204 #ifdef DECDSA_SHA512_SECP384R1_SELF_TEST_1
5205 &decdsa_rfc6979_SECP384R1_SHA512_1_test_case,
5206 #endif /* DECDSA_SHA512_SECP384R1_SELF_TEST_1 */
5207 #ifdef DECDSA_SHA224_SECP521R1_SELF_TEST_0
5208 &decdsa_rfc6979_SECP521R1_SHA224_0_test_case,
5209 #endif /* DECDSA_SHA224_SECP521R1_SELF_TEST_0 */
5210 #ifdef DECDSA_SHA256_SECP521R1_SELF_TEST_0
5211 &decdsa_rfc6979_SECP521R1_SHA256_0_test_case,
5212 #endif /* DECDSA_SHA256_SECP521R1_SELF_TEST_0 */
5213 #ifdef DECDSA_SHA384_SECP521R1_SELF_TEST_0
5214 &decdsa_rfc6979_SECP521R1_SHA384_0_test_case,
5215 #endif /* DECDSA_SHA384_SECP521R1_SELF_TEST_0 */
5216 #ifdef DECDSA_SHA512_SECP521R1_SELF_TEST_0
5217 &decdsa_rfc6979_SECP521R1_SHA512_0_test_case,
5218 #endif /* DECDSA_SHA512_SECP521R1_SELF_TEST_0 */
5219 #ifdef DECDSA_SHA224_SECP521R1_SELF_TEST_1
5220 &decdsa_rfc6979_SECP521R1_SHA224_1_test_case,
5221 #endif /* DECDSA_SHA224_SECP521R1_SELF_TEST_1 */
5222 #ifdef DECDSA_SHA256_SECP521R1_SELF_TEST_1
5223 &decdsa_rfc6979_SECP521R1_SHA256_1_test_case,
5224 #endif /* DECDSA_SHA256_SECP521R1_SELF_TEST_1 */
5225 #ifdef DECDSA_SHA384_SECP521R1_SELF_TEST_1
5226 &decdsa_rfc6979_SECP521R1_SHA384_1_test_case,
5227 #endif /* DECDSA_SHA384_SECP521R1_SELF_TEST_1 */
5228 #ifdef DECDSA_SHA512_SECP521R1_SELF_TEST_1
5229 &decdsa_rfc6979_SECP521R1_SHA512_1_test_case,
5230 #endif /* DECDSA_SHA512_SECP521R1_SELF_TEST_1 */
5231 #if defined(WITH_SIG_BIGN) && defined(WITH_CURVE_BIGN256V1)
5232 BIGN_ALL_TESTS()
5233 #endif
5234 #if defined(WITH_SIG_DBIGN) && defined(WITH_CURVE_BIGN256V1)
5235 DBIGN_ALL_TESTS()
5236 #endif
5237 #if defined(WITH_SIG_BIP0340) && defined(WITH_HASH_SHA256) && defined(WITH_CURVE_SECP256K1)
5238 BIP0340_ALL_TESTS()
5239 #endif
5240
5241 /* Dummy empty test case to avoid empty array
5242 * when no test case is defined */
5243 &dummy_test_case,
5244
5245 /* ADD curve test case here */
5246 /* XXX: Do not remove the comment above, as it is
5247 * used by external tools as a placeholder to add or
5248 * remove automatically generated code.
5249 */
5250 };
5251
5252 #define EC_FIXED_VECTOR_NUM_TESTS \
5253 (sizeof(ec_fixed_vector_tests) / sizeof(ec_fixed_vector_tests[0]))
5254
5255
5256 /* Dummy empty test case to avoid empty array
5257 * when no test case is defined
5258 */
5259 static const ecdh_test_case ecdh_dummy_test_case = {
5260 .name = "Dummy ECDH",
5261 .ecdh_type = UNKNOWN_ALG,
5262 .ec_str_p = NULL,
5263 .our_priv_key = NULL,
5264 .our_priv_key_len = 0,
5265 .peer_pub_key = NULL,
5266 .peer_pub_key_len = 0,
5267 .exp_our_pub_key = NULL,
5268 .exp_our_pub_key_len = 0,
5269 .exp_shared_secret = NULL,
5270 .exp_shared_secret_len = 0,
5271 };
5272
5273 /*******************************************************************
5274 ************** ECCCDH tests ***************************************
5275 *******************************************************************/
5276 #ifdef WITH_ECCCDH
5277 /* NOTE: these tests are taken from the NIST CAVS 14.1 test suite
5278 * on curves P-192 P-224 P-256 P-384 P-521
5279 */
5280 #include "ecccdh_test_vectors.h"
5281 #endif /* WITH_ECCCDH */
5282
5283 #ifdef WITH_X25519
5284 /* NOTE: tests taken from RFC7748 and https://tools.ietf.org/id/draft-ietf-ipsecme-safecurves-03.xml */
5285 #include "x25519_test_vectors.h"
5286 #endif /* WITH_X25519 */
5287
5288 #ifdef WITH_X448
5289 /* NOTE: tests taken from RFC7748 */
5290 #include "x448_test_vectors.h"
5291 #endif /* WITH_X448 */
5292
5293 #if defined(WITH_ECCCDH) || defined(WITH_X25519) || defined(WITH_X448)
5294 static const ecdh_test_case *ecdh_fixed_vector_tests[] = {
5295 #ifdef ECCCDH_SECP192R1_SELF_TEST_0
5296 &ecccdh_SECP192R1_0_test_case,
5297 #endif /* ECCCDH_SECP192R1_SELF_TEST_0 */
5298 #ifdef ECCCDH_SECP192R1_SELF_TEST_1
5299 &ecccdh_SECP192R1_1_test_case,
5300 #endif /* ECCCDH_SECP192R1_SELF_TEST_1 */
5301 #ifdef ECCCDH_SECP192R1_SELF_TEST_2
5302 &ecccdh_SECP192R1_2_test_case,
5303 #endif /* ECCCDH_SECP192R1_SELF_TEST_2 */
5304 #ifdef ECCCDH_SECP192R1_SELF_TEST_3
5305 &ecccdh_SECP192R1_3_test_case,
5306 #endif /* ECCCDH_SECP192R1_SELF_TEST_3 */
5307 #ifdef ECCCDH_SECP192R1_SELF_TEST_4
5308 &ecccdh_SECP192R1_4_test_case,
5309 #endif /* ECCCDH_SECP192R1_SELF_TEST_4 */
5310 #ifdef ECCCDH_SECP192R1_SELF_TEST_5
5311 &ecccdh_SECP192R1_5_test_case,
5312 #endif /* ECCCDH_SECP192R1_SELF_TEST_5 */
5313 #ifdef ECCCDH_SECP192R1_SELF_TEST_6
5314 &ecccdh_SECP192R1_6_test_case,
5315 #endif /* ECCCDH_SECP192R1_SELF_TEST_6 */
5316 #ifdef ECCCDH_SECP192R1_SELF_TEST_7
5317 &ecccdh_SECP192R1_7_test_case,
5318 #endif /* ECCCDH_SECP192R1_SELF_TEST_7 */
5319 #ifdef ECCCDH_SECP192R1_SELF_TEST_8
5320 &ecccdh_SECP192R1_8_test_case,
5321 #endif /* ECCCDH_SECP192R1_SELF_TEST_8 */
5322 #ifdef ECCCDH_SECP192R1_SELF_TEST_9
5323 &ecccdh_SECP192R1_9_test_case,
5324 #endif /* ECCCDH_SECP192R1_SELF_TEST_9 */
5325 #ifdef ECCCDH_SECP192R1_SELF_TEST_10
5326 &ecccdh_SECP192R1_10_test_case,
5327 #endif /* ECCCDH_SECP192R1_SELF_TEST_10 */
5328 #ifdef ECCCDH_SECP192R1_SELF_TEST_11
5329 &ecccdh_SECP192R1_11_test_case,
5330 #endif /* ECCCDH_SECP192R1_SELF_TEST_11 */
5331 #ifdef ECCCDH_SECP192R1_SELF_TEST_12
5332 &ecccdh_SECP192R1_12_test_case,
5333 #endif /* ECCCDH_SECP192R1_SELF_TEST_12 */
5334 #ifdef ECCCDH_SECP192R1_SELF_TEST_13
5335 &ecccdh_SECP192R1_13_test_case,
5336 #endif /* ECCCDH_SECP192R1_SELF_TEST_13 */
5337 #ifdef ECCCDH_SECP192R1_SELF_TEST_14
5338 &ecccdh_SECP192R1_14_test_case,
5339 #endif /* ECCCDH_SECP192R1_SELF_TEST_14 */
5340 #ifdef ECCCDH_SECP192R1_SELF_TEST_15
5341 &ecccdh_SECP192R1_15_test_case,
5342 #endif /* ECCCDH_SECP192R1_SELF_TEST_15 */
5343 #ifdef ECCCDH_SECP192R1_SELF_TEST_16
5344 &ecccdh_SECP192R1_16_test_case,
5345 #endif /* ECCCDH_SECP192R1_SELF_TEST_16 */
5346 #ifdef ECCCDH_SECP192R1_SELF_TEST_17
5347 &ecccdh_SECP192R1_17_test_case,
5348 #endif /* ECCCDH_SECP192R1_SELF_TEST_17 */
5349 #ifdef ECCCDH_SECP192R1_SELF_TEST_18
5350 &ecccdh_SECP192R1_18_test_case,
5351 #endif /* ECCCDH_SECP192R1_SELF_TEST_18 */
5352 #ifdef ECCCDH_SECP192R1_SELF_TEST_19
5353 &ecccdh_SECP192R1_19_test_case,
5354 #endif /* ECCCDH_SECP192R1_SELF_TEST_19 */
5355 #ifdef ECCCDH_SECP192R1_SELF_TEST_20
5356 &ecccdh_SECP192R1_20_test_case,
5357 #endif /* ECCCDH_SECP192R1_SELF_TEST_20 */
5358 #ifdef ECCCDH_SECP192R1_SELF_TEST_21
5359 &ecccdh_SECP192R1_21_test_case,
5360 #endif /* ECCCDH_SECP192R1_SELF_TEST_21 */
5361 #ifdef ECCCDH_SECP192R1_SELF_TEST_22
5362 &ecccdh_SECP192R1_22_test_case,
5363 #endif /* ECCCDH_SECP192R1_SELF_TEST_22 */
5364 #ifdef ECCCDH_SECP192R1_SELF_TEST_23
5365 &ecccdh_SECP192R1_23_test_case,
5366 #endif /* ECCCDH_SECP192R1_SELF_TEST_23 */
5367 #ifdef ECCCDH_SECP192R1_SELF_TEST_24
5368 &ecccdh_SECP192R1_24_test_case,
5369 #endif /* ECCCDH_SECP192R1_SELF_TEST_24 */
5370 #ifdef ECCCDH_SECP224R1_SELF_TEST_0
5371 &ecccdh_SECP224R1_0_test_case,
5372 #endif /* ECCCDH_SECP224R1_SELF_TEST_0 */
5373 #ifdef ECCCDH_SECP224R1_SELF_TEST_1
5374 &ecccdh_SECP224R1_1_test_case,
5375 #endif /* ECCCDH_SECP224R1_SELF_TEST_1 */
5376 #ifdef ECCCDH_SECP224R1_SELF_TEST_2
5377 &ecccdh_SECP224R1_2_test_case,
5378 #endif /* ECCCDH_SECP224R1_SELF_TEST_2 */
5379 #ifdef ECCCDH_SECP224R1_SELF_TEST_3
5380 &ecccdh_SECP224R1_3_test_case,
5381 #endif /* ECCCDH_SECP224R1_SELF_TEST_3 */
5382 #ifdef ECCCDH_SECP224R1_SELF_TEST_4
5383 &ecccdh_SECP224R1_4_test_case,
5384 #endif /* ECCCDH_SECP224R1_SELF_TEST_4 */
5385 #ifdef ECCCDH_SECP224R1_SELF_TEST_5
5386 &ecccdh_SECP224R1_5_test_case,
5387 #endif /* ECCCDH_SECP224R1_SELF_TEST_5 */
5388 #ifdef ECCCDH_SECP224R1_SELF_TEST_6
5389 &ecccdh_SECP224R1_6_test_case,
5390 #endif /* ECCCDH_SECP224R1_SELF_TEST_6 */
5391 #ifdef ECCCDH_SECP224R1_SELF_TEST_7
5392 &ecccdh_SECP224R1_7_test_case,
5393 #endif /* ECCCDH_SECP224R1_SELF_TEST_7 */
5394 #ifdef ECCCDH_SECP224R1_SELF_TEST_8
5395 &ecccdh_SECP224R1_8_test_case,
5396 #endif /* ECCCDH_SECP224R1_SELF_TEST_8 */
5397 #ifdef ECCCDH_SECP224R1_SELF_TEST_9
5398 &ecccdh_SECP224R1_9_test_case,
5399 #endif /* ECCCDH_SECP224R1_SELF_TEST_9 */
5400 #ifdef ECCCDH_SECP224R1_SELF_TEST_10
5401 &ecccdh_SECP224R1_10_test_case,
5402 #endif /* ECCCDH_SECP224R1_SELF_TEST_10 */
5403 #ifdef ECCCDH_SECP224R1_SELF_TEST_11
5404 &ecccdh_SECP224R1_11_test_case,
5405 #endif /* ECCCDH_SECP224R1_SELF_TEST_11 */
5406 #ifdef ECCCDH_SECP224R1_SELF_TEST_12
5407 &ecccdh_SECP224R1_12_test_case,
5408 #endif /* ECCCDH_SECP224R1_SELF_TEST_12 */
5409 #ifdef ECCCDH_SECP224R1_SELF_TEST_13
5410 &ecccdh_SECP224R1_13_test_case,
5411 #endif /* ECCCDH_SECP224R1_SELF_TEST_13 */
5412 #ifdef ECCCDH_SECP224R1_SELF_TEST_14
5413 &ecccdh_SECP224R1_14_test_case,
5414 #endif /* ECCCDH_SECP224R1_SELF_TEST_14 */
5415 #ifdef ECCCDH_SECP224R1_SELF_TEST_15
5416 &ecccdh_SECP224R1_15_test_case,
5417 #endif /* ECCCDH_SECP224R1_SELF_TEST_15 */
5418 #ifdef ECCCDH_SECP224R1_SELF_TEST_16
5419 &ecccdh_SECP224R1_16_test_case,
5420 #endif /* ECCCDH_SECP224R1_SELF_TEST_16 */
5421 #ifdef ECCCDH_SECP224R1_SELF_TEST_17
5422 &ecccdh_SECP224R1_17_test_case,
5423 #endif /* ECCCDH_SECP224R1_SELF_TEST_17 */
5424 #ifdef ECCCDH_SECP224R1_SELF_TEST_18
5425 &ecccdh_SECP224R1_18_test_case,
5426 #endif /* ECCCDH_SECP224R1_SELF_TEST_18 */
5427 #ifdef ECCCDH_SECP224R1_SELF_TEST_19
5428 &ecccdh_SECP224R1_19_test_case,
5429 #endif /* ECCCDH_SECP224R1_SELF_TEST_19 */
5430 #ifdef ECCCDH_SECP224R1_SELF_TEST_20
5431 &ecccdh_SECP224R1_20_test_case,
5432 #endif /* ECCCDH_SECP224R1_SELF_TEST_20 */
5433 #ifdef ECCCDH_SECP224R1_SELF_TEST_21
5434 &ecccdh_SECP224R1_21_test_case,
5435 #endif /* ECCCDH_SECP224R1_SELF_TEST_21 */
5436 #ifdef ECCCDH_SECP224R1_SELF_TEST_22
5437 &ecccdh_SECP224R1_22_test_case,
5438 #endif /* ECCCDH_SECP224R1_SELF_TEST_22 */
5439 #ifdef ECCCDH_SECP224R1_SELF_TEST_23
5440 &ecccdh_SECP224R1_23_test_case,
5441 #endif /* ECCCDH_SECP224R1_SELF_TEST_23 */
5442 #ifdef ECCCDH_SECP224R1_SELF_TEST_24
5443 &ecccdh_SECP224R1_24_test_case,
5444 #endif /* ECCCDH_SECP224R1_SELF_TEST_24 */
5445 #ifdef ECCCDH_SECP256R1_SELF_TEST_0
5446 &ecccdh_SECP256R1_0_test_case,
5447 #endif /* ECCCDH_SECP256R1_SELF_TEST_0 */
5448 #ifdef ECCCDH_SECP256R1_SELF_TEST_1
5449 &ecccdh_SECP256R1_1_test_case,
5450 #endif /* ECCCDH_SECP256R1_SELF_TEST_1 */
5451 #ifdef ECCCDH_SECP256R1_SELF_TEST_2
5452 &ecccdh_SECP256R1_2_test_case,
5453 #endif /* ECCCDH_SECP256R1_SELF_TEST_2 */
5454 #ifdef ECCCDH_SECP256R1_SELF_TEST_3
5455 &ecccdh_SECP256R1_3_test_case,
5456 #endif /* ECCCDH_SECP256R1_SELF_TEST_3 */
5457 #ifdef ECCCDH_SECP256R1_SELF_TEST_4
5458 &ecccdh_SECP256R1_4_test_case,
5459 #endif /* ECCCDH_SECP256R1_SELF_TEST_4 */
5460 #ifdef ECCCDH_SECP256R1_SELF_TEST_5
5461 &ecccdh_SECP256R1_5_test_case,
5462 #endif /* ECCCDH_SECP256R1_SELF_TEST_5 */
5463 #ifdef ECCCDH_SECP256R1_SELF_TEST_6
5464 &ecccdh_SECP256R1_6_test_case,
5465 #endif /* ECCCDH_SECP256R1_SELF_TEST_6 */
5466 #ifdef ECCCDH_SECP256R1_SELF_TEST_7
5467 &ecccdh_SECP256R1_7_test_case,
5468 #endif /* ECCCDH_SECP256R1_SELF_TEST_7 */
5469 #ifdef ECCCDH_SECP256R1_SELF_TEST_8
5470 &ecccdh_SECP256R1_8_test_case,
5471 #endif /* ECCCDH_SECP256R1_SELF_TEST_8 */
5472 #ifdef ECCCDH_SECP256R1_SELF_TEST_9
5473 &ecccdh_SECP256R1_9_test_case,
5474 #endif /* ECCCDH_SECP256R1_SELF_TEST_9 */
5475 #ifdef ECCCDH_SECP256R1_SELF_TEST_10
5476 &ecccdh_SECP256R1_10_test_case,
5477 #endif /* ECCCDH_SECP256R1_SELF_TEST_10 */
5478 #ifdef ECCCDH_SECP256R1_SELF_TEST_11
5479 &ecccdh_SECP256R1_11_test_case,
5480 #endif /* ECCCDH_SECP256R1_SELF_TEST_11 */
5481 #ifdef ECCCDH_SECP256R1_SELF_TEST_12
5482 &ecccdh_SECP256R1_12_test_case,
5483 #endif /* ECCCDH_SECP256R1_SELF_TEST_12 */
5484 #ifdef ECCCDH_SECP256R1_SELF_TEST_13
5485 &ecccdh_SECP256R1_13_test_case,
5486 #endif /* ECCCDH_SECP256R1_SELF_TEST_13 */
5487 #ifdef ECCCDH_SECP256R1_SELF_TEST_14
5488 &ecccdh_SECP256R1_14_test_case,
5489 #endif /* ECCCDH_SECP256R1_SELF_TEST_14 */
5490 #ifdef ECCCDH_SECP256R1_SELF_TEST_15
5491 &ecccdh_SECP256R1_15_test_case,
5492 #endif /* ECCCDH_SECP256R1_SELF_TEST_15 */
5493 #ifdef ECCCDH_SECP256R1_SELF_TEST_16
5494 &ecccdh_SECP256R1_16_test_case,
5495 #endif /* ECCCDH_SECP256R1_SELF_TEST_16 */
5496 #ifdef ECCCDH_SECP256R1_SELF_TEST_17
5497 &ecccdh_SECP256R1_17_test_case,
5498 #endif /* ECCCDH_SECP256R1_SELF_TEST_17 */
5499 #ifdef ECCCDH_SECP256R1_SELF_TEST_18
5500 &ecccdh_SECP256R1_18_test_case,
5501 #endif /* ECCCDH_SECP256R1_SELF_TEST_18 */
5502 #ifdef ECCCDH_SECP256R1_SELF_TEST_19
5503 &ecccdh_SECP256R1_19_test_case,
5504 #endif /* ECCCDH_SECP256R1_SELF_TEST_19 */
5505 #ifdef ECCCDH_SECP256R1_SELF_TEST_20
5506 &ecccdh_SECP256R1_20_test_case,
5507 #endif /* ECCCDH_SECP256R1_SELF_TEST_20 */
5508 #ifdef ECCCDH_SECP256R1_SELF_TEST_21
5509 &ecccdh_SECP256R1_21_test_case,
5510 #endif /* ECCCDH_SECP256R1_SELF_TEST_21 */
5511 #ifdef ECCCDH_SECP256R1_SELF_TEST_22
5512 &ecccdh_SECP256R1_22_test_case,
5513 #endif /* ECCCDH_SECP256R1_SELF_TEST_22 */
5514 #ifdef ECCCDH_SECP256R1_SELF_TEST_23
5515 &ecccdh_SECP256R1_23_test_case,
5516 #endif /* ECCCDH_SECP256R1_SELF_TEST_23 */
5517 #ifdef ECCCDH_SECP256R1_SELF_TEST_24
5518 &ecccdh_SECP256R1_24_test_case,
5519 #endif /* ECCCDH_SECP256R1_SELF_TEST_24 */
5520 #ifdef ECCCDH_SECP384R1_SELF_TEST_0
5521 &ecccdh_SECP384R1_0_test_case,
5522 #endif /* ECCCDH_SECP384R1_SELF_TEST_0 */
5523 #ifdef ECCCDH_SECP384R1_SELF_TEST_1
5524 &ecccdh_SECP384R1_1_test_case,
5525 #endif /* ECCCDH_SECP384R1_SELF_TEST_1 */
5526 #ifdef ECCCDH_SECP384R1_SELF_TEST_2
5527 &ecccdh_SECP384R1_2_test_case,
5528 #endif /* ECCCDH_SECP384R1_SELF_TEST_2 */
5529 #ifdef ECCCDH_SECP384R1_SELF_TEST_3
5530 &ecccdh_SECP384R1_3_test_case,
5531 #endif /* ECCCDH_SECP384R1_SELF_TEST_3 */
5532 #ifdef ECCCDH_SECP384R1_SELF_TEST_4
5533 &ecccdh_SECP384R1_4_test_case,
5534 #endif /* ECCCDH_SECP384R1_SELF_TEST_4 */
5535 #ifdef ECCCDH_SECP384R1_SELF_TEST_5
5536 &ecccdh_SECP384R1_5_test_case,
5537 #endif /* ECCCDH_SECP384R1_SELF_TEST_5 */
5538 #ifdef ECCCDH_SECP384R1_SELF_TEST_6
5539 &ecccdh_SECP384R1_6_test_case,
5540 #endif /* ECCCDH_SECP384R1_SELF_TEST_6 */
5541 #ifdef ECCCDH_SECP384R1_SELF_TEST_7
5542 &ecccdh_SECP384R1_7_test_case,
5543 #endif /* ECCCDH_SECP384R1_SELF_TEST_7 */
5544 #ifdef ECCCDH_SECP384R1_SELF_TEST_8
5545 &ecccdh_SECP384R1_8_test_case,
5546 #endif /* ECCCDH_SECP384R1_SELF_TEST_8 */
5547 #ifdef ECCCDH_SECP384R1_SELF_TEST_9
5548 &ecccdh_SECP384R1_9_test_case,
5549 #endif /* ECCCDH_SECP384R1_SELF_TEST_9 */
5550 #ifdef ECCCDH_SECP384R1_SELF_TEST_10
5551 &ecccdh_SECP384R1_10_test_case,
5552 #endif /* ECCCDH_SECP384R1_SELF_TEST_10 */
5553 #ifdef ECCCDH_SECP384R1_SELF_TEST_11
5554 &ecccdh_SECP384R1_11_test_case,
5555 #endif /* ECCCDH_SECP384R1_SELF_TEST_11 */
5556 #ifdef ECCCDH_SECP384R1_SELF_TEST_12
5557 &ecccdh_SECP384R1_12_test_case,
5558 #endif /* ECCCDH_SECP384R1_SELF_TEST_12 */
5559 #ifdef ECCCDH_SECP384R1_SELF_TEST_13
5560 &ecccdh_SECP384R1_13_test_case,
5561 #endif /* ECCCDH_SECP384R1_SELF_TEST_13 */
5562 #ifdef ECCCDH_SECP384R1_SELF_TEST_14
5563 &ecccdh_SECP384R1_14_test_case,
5564 #endif /* ECCCDH_SECP384R1_SELF_TEST_14 */
5565 #ifdef ECCCDH_SECP384R1_SELF_TEST_15
5566 &ecccdh_SECP384R1_15_test_case,
5567 #endif /* ECCCDH_SECP384R1_SELF_TEST_15 */
5568 #ifdef ECCCDH_SECP384R1_SELF_TEST_16
5569 &ecccdh_SECP384R1_16_test_case,
5570 #endif /* ECCCDH_SECP384R1_SELF_TEST_16 */
5571 #ifdef ECCCDH_SECP384R1_SELF_TEST_17
5572 &ecccdh_SECP384R1_17_test_case,
5573 #endif /* ECCCDH_SECP384R1_SELF_TEST_17 */
5574 #ifdef ECCCDH_SECP384R1_SELF_TEST_18
5575 &ecccdh_SECP384R1_18_test_case,
5576 #endif /* ECCCDH_SECP384R1_SELF_TEST_18 */
5577 #ifdef ECCCDH_SECP384R1_SELF_TEST_19
5578 &ecccdh_SECP384R1_19_test_case,
5579 #endif /* ECCCDH_SECP384R1_SELF_TEST_19 */
5580 #ifdef ECCCDH_SECP384R1_SELF_TEST_20
5581 &ecccdh_SECP384R1_20_test_case,
5582 #endif /* ECCCDH_SECP384R1_SELF_TEST_20 */
5583 #ifdef ECCCDH_SECP384R1_SELF_TEST_21
5584 &ecccdh_SECP384R1_21_test_case,
5585 #endif /* ECCCDH_SECP384R1_SELF_TEST_21 */
5586 #ifdef ECCCDH_SECP384R1_SELF_TEST_22
5587 &ecccdh_SECP384R1_22_test_case,
5588 #endif /* ECCCDH_SECP384R1_SELF_TEST_22 */
5589 #ifdef ECCCDH_SECP384R1_SELF_TEST_23
5590 &ecccdh_SECP384R1_23_test_case,
5591 #endif /* ECCCDH_SECP384R1_SELF_TEST_23 */
5592 #ifdef ECCCDH_SECP384R1_SELF_TEST_24
5593 &ecccdh_SECP384R1_24_test_case,
5594 #endif /* ECCCDH_SECP384R1_SELF_TEST_24 */
5595 #ifdef ECCCDH_SECP521R1_SELF_TEST_0
5596 &ecccdh_SECP521R1_0_test_case,
5597 #endif /* ECCCDH_SECP521R1_SELF_TEST_0 */
5598 #ifdef ECCCDH_SECP521R1_SELF_TEST_1
5599 &ecccdh_SECP521R1_1_test_case,
5600 #endif /* ECCCDH_SECP521R1_SELF_TEST_1 */
5601 #ifdef ECCCDH_SECP521R1_SELF_TEST_2
5602 &ecccdh_SECP521R1_2_test_case,
5603 #endif /* ECCCDH_SECP521R1_SELF_TEST_2 */
5604 #ifdef ECCCDH_SECP521R1_SELF_TEST_3
5605 &ecccdh_SECP521R1_3_test_case,
5606 #endif /* ECCCDH_SECP521R1_SELF_TEST_3 */
5607 #ifdef ECCCDH_SECP521R1_SELF_TEST_4
5608 &ecccdh_SECP521R1_4_test_case,
5609 #endif /* ECCCDH_SECP521R1_SELF_TEST_4 */
5610 #ifdef ECCCDH_SECP521R1_SELF_TEST_5
5611 &ecccdh_SECP521R1_5_test_case,
5612 #endif /* ECCCDH_SECP521R1_SELF_TEST_5 */
5613 #ifdef ECCCDH_SECP521R1_SELF_TEST_6
5614 &ecccdh_SECP521R1_6_test_case,
5615 #endif /* ECCCDH_SECP521R1_SELF_TEST_6 */
5616 #ifdef ECCCDH_SECP521R1_SELF_TEST_7
5617 &ecccdh_SECP521R1_7_test_case,
5618 #endif /* ECCCDH_SECP521R1_SELF_TEST_7 */
5619 #ifdef ECCCDH_SECP521R1_SELF_TEST_8
5620 &ecccdh_SECP521R1_8_test_case,
5621 #endif /* ECCCDH_SECP521R1_SELF_TEST_8 */
5622 #ifdef ECCCDH_SECP521R1_SELF_TEST_9
5623 &ecccdh_SECP521R1_9_test_case,
5624 #endif /* ECCCDH_SECP521R1_SELF_TEST_9 */
5625 #ifdef ECCCDH_SECP521R1_SELF_TEST_10
5626 &ecccdh_SECP521R1_10_test_case,
5627 #endif /* ECCCDH_SECP521R1_SELF_TEST_10 */
5628 #ifdef ECCCDH_SECP521R1_SELF_TEST_11
5629 &ecccdh_SECP521R1_11_test_case,
5630 #endif /* ECCCDH_SECP521R1_SELF_TEST_11 */
5631 #ifdef ECCCDH_SECP521R1_SELF_TEST_12
5632 &ecccdh_SECP521R1_12_test_case,
5633 #endif /* ECCCDH_SECP521R1_SELF_TEST_12 */
5634 #ifdef ECCCDH_SECP521R1_SELF_TEST_13
5635 &ecccdh_SECP521R1_13_test_case,
5636 #endif /* ECCCDH_SECP521R1_SELF_TEST_13 */
5637 #ifdef ECCCDH_SECP521R1_SELF_TEST_14
5638 &ecccdh_SECP521R1_14_test_case,
5639 #endif /* ECCCDH_SECP521R1_SELF_TEST_14 */
5640 #ifdef ECCCDH_SECP521R1_SELF_TEST_15
5641 &ecccdh_SECP521R1_15_test_case,
5642 #endif /* ECCCDH_SECP521R1_SELF_TEST_15 */
5643 #ifdef ECCCDH_SECP521R1_SELF_TEST_16
5644 &ecccdh_SECP521R1_16_test_case,
5645 #endif /* ECCCDH_SECP521R1_SELF_TEST_16 */
5646 #ifdef ECCCDH_SECP521R1_SELF_TEST_17
5647 &ecccdh_SECP521R1_17_test_case,
5648 #endif /* ECCCDH_SECP521R1_SELF_TEST_17 */
5649 #ifdef ECCCDH_SECP521R1_SELF_TEST_18
5650 &ecccdh_SECP521R1_18_test_case,
5651 #endif /* ECCCDH_SECP521R1_SELF_TEST_18 */
5652 #ifdef ECCCDH_SECP521R1_SELF_TEST_19
5653 &ecccdh_SECP521R1_19_test_case,
5654 #endif /* ECCCDH_SECP521R1_SELF_TEST_19 */
5655 #ifdef ECCCDH_SECP521R1_SELF_TEST_20
5656 &ecccdh_SECP521R1_20_test_case,
5657 #endif /* ECCCDH_SECP521R1_SELF_TEST_20 */
5658 #ifdef ECCCDH_SECP521R1_SELF_TEST_21
5659 &ecccdh_SECP521R1_21_test_case,
5660 #endif /* ECCCDH_SECP521R1_SELF_TEST_21 */
5661 #ifdef ECCCDH_SECP521R1_SELF_TEST_22
5662 &ecccdh_SECP521R1_22_test_case,
5663 #endif /* ECCCDH_SECP521R1_SELF_TEST_22 */
5664 #ifdef ECCCDH_SECP521R1_SELF_TEST_23
5665 &ecccdh_SECP521R1_23_test_case,
5666 #endif /* ECCCDH_SECP521R1_SELF_TEST_23 */
5667 #ifdef ECCCDH_SECP521R1_SELF_TEST_24
5668 &ecccdh_SECP521R1_24_test_case,
5669 #endif /* ECCCDH_SECP521R1_SELF_TEST_24 */
5670 #if defined(WITH_X25519) && defined(WITH_CURVE_WEI25519)
5671 &x25519_WEI25519_0_test_case,
5672 &x25519_WEI25519_1_test_case,
5673 &x25519_WEI25519_2_test_case,
5674 &x25519_WEI25519_3_test_case,
5675 #endif
5676 #if defined(WITH_X448) && defined(WITH_CURVE_WEI448)
5677 &x448_WEI448_0_test_case,
5678 &x448_WEI448_1_test_case,
5679 #endif
5680
5681 /* Dummy empty test case to avoid empty array
5682 * when no test case is defined */
5683 &ecdh_dummy_test_case,
5684 };
5685 #endif /* !(defined(WITH_ECCCDH) || defined(WITH_X25519) || defined(WITH_X448)) */
5686
5687 #define ECDH_FIXED_VECTOR_NUM_TESTS \
5688 (sizeof(ecdh_fixed_vector_tests) / sizeof(ecdh_fixed_vector_tests[0]))
5689
5690 /*
5691 * A fixed test can fail in various ways. The way we report the failure
5692 * to the caller is by returning a non-zero value, in which we encode
5693 * some informations on the failure: curve, sig alg, hash alg, operation
5694 * (key import, signature, sig comparison, verification). Those 4 pieces
5695 * of information are each encoded on 8 bits in that order on the 28 LSB
5696 * of the return value. The function below produces a meaningful negative
5697 * return value in that specific format.
5698 */
5699 typedef enum {
5700 TEST_KEY_IMPORT_ERROR = 1,
5701 TEST_SIG_ERROR = 2,
5702 TEST_SIG_COMP_ERROR = 3,
5703 TEST_VERIF_ERROR = 4,
5704 TEST_ECDH_ERROR = 5,
5705 TEST_ECDH_COMP_ERROR = 6,
5706 } test_err_kind;
5707
encode_error_value(const ec_test_case * c,test_err_kind failed_test,u32 * err_val)5708 static int encode_error_value(const ec_test_case *c, test_err_kind failed_test, u32 *err_val)
5709 {
5710 ec_curve_type ctype;
5711 ec_alg_type stype = c->sig_type;
5712 hash_alg_type htype = c->hash_type;
5713 test_err_kind etype = failed_test;
5714 int ret;
5715
5716 MUST_HAVE((c != NULL) && (err_val != NULL), ret, err);
5717
5718 ret = ec_get_curve_type_by_name(c->ec_str_p->name->buf,
5719 c->ec_str_p->name->buflen, &ctype); EG(ret, err);
5720
5721 *err_val = (((u32)ctype << 24) |
5722 ((u32)stype << 16) |
5723 ((u32)htype << 8) |
5724 ((u32)etype));
5725 ret = 0;
5726
5727 err:
5728 return ret;
5729 }
5730
ecdh_encode_error_value(const ecdh_test_case * c,test_err_kind failed_test,u32 * err_val)5731 static inline int ecdh_encode_error_value(const ecdh_test_case *c, test_err_kind failed_test, u32 *err_val)
5732 {
5733 ec_curve_type ctype;
5734 ec_alg_type stype = c->ecdh_type;
5735 test_err_kind etype = failed_test;
5736 int ret;
5737
5738 MUST_HAVE((c != NULL) && (err_val != NULL), ret, err);
5739
5740 ret = ec_get_curve_type_by_name(c->ec_str_p->name->buf,
5741 c->ec_str_p->name->buflen, &ctype); EG(ret, err);
5742
5743 *err_val = (((u32)ctype << 24) |
5744 ((u32)stype << 16) |
5745 ((u32)0 << 8) |
5746 ((u32)etype));
5747 ret = 0;
5748
5749 err:
5750 return ret;
5751 }
5752
5753 int perform_known_test_vectors_test(const char *sig, const char *hash, const char *curve);
5754 int perform_random_sig_verif_test(const char *sig, const char *hash, const char *curve);
5755 int perform_performance_test(const char *sig, const char *hash, const char *curve);
5756
5757 #endif /* __EC_SELF_TESTS_CORE_H__ */
5758