ecdsa: add more secp256k1 wycheproof cases #1061
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I'm still confused what IEEE P1363 is or how it's used here. Looks like Rust 1.80 broke |
|
@XuJiandong if you rebase it should fix the other errors on |
test data is generated from ecdsa_secp256k1_sha256_p1363_test.json with following command: wycheproof2blb ~/projects/wycheproof secp256k1-p1316 256 ./wycheproof-p1316.blb ./desc-p1316.txt
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The test data is generated from ecdsa_secp256k1_sha256_p1363_test.json with following command:
Require this PR: RustCrypto/utils#1092
The following cases are added:
ECDSA case 1 [valid] signature malleability
ECDSA case 2 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 3 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 4 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 5 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 6 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 7 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 8 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 9 [invalid] Signature with special case values for r and s
ECDSA case 10 [invalid] Signature with special case values for r and s
ECDSA case 11 [invalid] Signature with special case values for r and s
ECDSA case 12 [invalid] Signature with special case values for r and s
ECDSA case 13 [invalid] Signature with special case values for r and s
ECDSA case 14 [invalid] Signature with special case values for r and s
ECDSA case 15 [invalid] Signature with special case values for r and s
ECDSA case 16 [invalid] Signature with special case values for r and s
ECDSA case 17 [invalid] Signature with special case values for r and s
ECDSA case 18 [invalid] Signature with special case values for r and s
ECDSA case 19 [invalid] Signature with special case values for r and s
ECDSA case 20 [invalid] Signature with special case values for r and s
ECDSA case 21 [invalid] Signature with special case values for r and s
ECDSA case 22 [invalid] Signature with special case values for r and s
ECDSA case 23 [invalid] Signature with special case values for r and s
ECDSA case 24 [invalid] Signature with special case values for r and s
ECDSA case 25 [invalid] Signature with special case values for r and s
ECDSA case 26 [invalid] Signature with special case values for r and s
ECDSA case 27 [invalid] Signature with special case values for r and s
ECDSA case 28 [invalid] Signature with special case values for r and s
ECDSA case 29 [invalid] Signature with special case values for r and s
ECDSA case 30 [invalid] Signature with special case values for r and s
ECDSA case 31 [invalid] Signature with special case values for r and s
ECDSA case 32 [invalid] Signature with special case values for r and s
ECDSA case 33 [invalid] Signature with special case values for r and s
ECDSA case 34 [invalid] Signature with special case values for r and s
ECDSA case 35 [invalid] Signature with special case values for r and s
ECDSA case 36 [invalid] Signature with special case values for r and s
ECDSA case 37 [invalid] Signature with special case values for r and s
ECDSA case 38 [invalid] Signature with special case values for r and s
ECDSA case 39 [invalid] Signature with special case values for r and s
ECDSA case 40 [invalid] Signature with special case values for r and s
ECDSA case 41 [invalid] Signature with special case values for r and s
ECDSA case 42 [invalid] Signature with special case values for r and s
ECDSA case 43 [invalid] Signature with special case values for r and s
ECDSA case 44 [invalid] Signature with special case values for r and s
ECDSA case 45 [invalid] Signature with special case values for r and s
ECDSA case 46 [invalid] Signature with special case values for r and s
ECDSA case 47 [invalid] Signature with special case values for r and s
ECDSA case 48 [invalid] Signature with special case values for r and s
ECDSA case 49 [invalid] Signature with special case values for r and s
ECDSA case 50 [invalid] Signature with special case values for r and s
ECDSA case 51 [invalid] Signature with special case values for r and s
ECDSA case 52 [invalid] Signature with special case values for r and s
ECDSA case 53 [invalid] Signature with special case values for r and s
ECDSA case 54 [invalid] Signature with special case values for r and s
ECDSA case 55 [invalid] Signature with special case values for r and s
ECDSA case 56 [invalid] Signature with special case values for r and s
ECDSA case 57 [invalid] Signature with special case values for r and s
ECDSA case 58 [valid] Edge case for Shamir multiplication
ECDSA case 59 [valid] special case hash
ECDSA case 60 [valid] special case hash
ECDSA case 61 [valid] special case hash
ECDSA case 62 [valid] special case hash
ECDSA case 63 [valid] special case hash
ECDSA case 64 [valid] special case hash
ECDSA case 65 [valid] special case hash
ECDSA case 66 [valid] special case hash
ECDSA case 67 [valid] special case hash
ECDSA case 68 [valid] special case hash
ECDSA case 69 [valid] special case hash
ECDSA case 70 [valid] special case hash
ECDSA case 71 [valid] special case hash
ECDSA case 72 [valid] special case hash
ECDSA case 73 [valid] special case hash
ECDSA case 74 [valid] special case hash
ECDSA case 75 [valid] special case hash
ECDSA case 76 [valid] special case hash
ECDSA case 77 [valid] special case hash
ECDSA case 78 [valid] special case hash
ECDSA case 79 [valid] special case hash
ECDSA case 80 [valid] special case hash
ECDSA case 81 [valid] special case hash
ECDSA case 82 [valid] special case hash
ECDSA case 83 [valid] special case hash
ECDSA case 84 [valid] special case hash
ECDSA case 85 [valid] special case hash
ECDSA case 86 [valid] special case hash
ECDSA case 87 [valid] special case hash
ECDSA case 88 [valid] special case hash
ECDSA case 89 [valid] special case hash
ECDSA case 90 [valid] special case hash
ECDSA case 91 [valid] special case hash
ECDSA case 92 [valid] special case hash
ECDSA case 93 [valid] special case hash
ECDSA case 94 [valid] special case hash
ECDSA case 95 [valid] special case hash
ECDSA case 96 [valid] special case hash
ECDSA case 97 [valid] special case hash
ECDSA case 98 [valid] special case hash
ECDSA case 99 [valid] special case hash
ECDSA case 100 [valid] special case hash
ECDSA case 101 [valid] special case hash
ECDSA case 102 [valid] special case hash
ECDSA case 103 [valid] special case hash
ECDSA case 104 [valid] special case hash
ECDSA case 105 [valid] special case hash
ECDSA case 106 [valid] special case hash
ECDSA case 107 [valid] special case hash
ECDSA case 108 [valid] special case hash
ECDSA case 109 [valid] special case hash
ECDSA case 110 [valid] special case hash
ECDSA case 111 [valid] special case hash
ECDSA case 112 [valid] special case hash
ECDSA case 113 [valid] k*G has a large x-coordinate
ECDSA case 114 [invalid] r too large
ECDSA case 115 [valid] r,s are large
ECDSA case 116 [valid] r and s^-1 have a large Hamming weight
ECDSA case 117 [valid] r and s^-1 have a large Hamming weight
ECDSA case 118 [valid] small r and s
ECDSA case 120 [valid] small r and s
ECDSA case 122 [valid] small r and s
ECDSA case 124 [invalid] r is larger than n
ECDSA case 125 [invalid] s is larger than n
ECDSA case 126 [valid] small r and s^-1
ECDSA case 127 [valid] smallish r and s^-1
ECDSA case 128 [valid] 100-bit r and small s^-1
ECDSA case 129 [valid] small r and 100 bit s^-1
ECDSA case 130 [valid] 100-bit r and s^-1
ECDSA case 131 [valid] r and s^-1 are close to n
ECDSA case 132 [valid] s == 1
ECDSA case 133 [invalid] s == 0
ECDSA case 134 [invalid] point at infinity during verify
ECDSA case 135 [valid] edge case for signature malleability
ECDSA case 136 [valid] edge case for signature malleability
ECDSA case 137 [valid] u1 == 1
ECDSA case 138 [valid] u1 == n - 1
ECDSA case 139 [valid] u2 == 1
ECDSA case 140 [valid] u2 == n - 1
ECDSA case 141 [valid] edge case for u1
ECDSA case 142 [valid] edge case for u1
ECDSA case 143 [valid] edge case for u1
ECDSA case 144 [valid] edge case for u1
ECDSA case 145 [valid] edge case for u1
ECDSA case 146 [valid] edge case for u1
ECDSA case 147 [valid] edge case for u1
ECDSA case 148 [valid] edge case for u1
ECDSA case 149 [valid] edge case for u1
ECDSA case 150 [valid] edge case for u1
ECDSA case 151 [valid] edge case for u1
ECDSA case 152 [valid] edge case for u1
ECDSA case 153 [valid] edge case for u1
ECDSA case 154 [valid] edge case for u1
ECDSA case 155 [valid] edge case for u1
ECDSA case 156 [valid] edge case for u2
ECDSA case 157 [valid] edge case for u2
ECDSA case 158 [valid] edge case for u2
ECDSA case 159 [valid] edge case for u2
ECDSA case 160 [valid] edge case for u2
ECDSA case 161 [valid] edge case for u2
ECDSA case 162 [valid] edge case for u2
ECDSA case 163 [valid] edge case for u2
ECDSA case 164 [valid] edge case for u2
ECDSA case 165 [valid] edge case for u2
ECDSA case 166 [valid] edge case for u2
ECDSA case 167 [valid] edge case for u2
ECDSA case 168 [valid] edge case for u2
ECDSA case 169 [valid] edge case for u2
ECDSA case 170 [valid] edge case for u2
ECDSA case 171 [valid] point duplication during verification
ECDSA case 172 [invalid] duplication bug
ECDSA case 173 [invalid] comparison with point at infinity
ECDSA case 174 [valid] extreme value for k and edgecase s
ECDSA case 175 [valid] extreme value for k and s^-1
ECDSA case 176 [valid] extreme value for k and s^-1
ECDSA case 177 [valid] extreme value for k and s^-1
ECDSA case 178 [valid] extreme value for k and s^-1
ECDSA case 179 [valid] extreme value for k
ECDSA case 180 [valid] extreme value for k and edgecase s
ECDSA case 181 [valid] extreme value for k and s^-1
ECDSA case 182 [valid] extreme value for k and s^-1
ECDSA case 183 [valid] extreme value for k and s^-1
ECDSA case 184 [valid] extreme value for k and s^-1
ECDSA case 185 [valid] extreme value for k
ECDSA case 186 [invalid] testing point duplication
ECDSA case 187 [invalid] testing point duplication
ECDSA case 188 [invalid] testing point duplication
ECDSA case 189 [invalid] testing point duplication
ECDSA case 190 [valid] pseudorandom signature
ECDSA case 191 [valid] pseudorandom signature
ECDSA case 192 [valid] pseudorandom signature
ECDSA case 193 [valid] pseudorandom signature
ECDSA case 194 [valid] y-coordinate of the public key is small
ECDSA case 195 [valid] y-coordinate of the public key is small
ECDSA case 196 [valid] y-coordinate of the public key is small
ECDSA case 197 [valid] y-coordinate of the public key is large
ECDSA case 198 [valid] y-coordinate of the public key is large
ECDSA case 199 [valid] y-coordinate of the public key is large
ECDSA case 200 [valid] x-coordinate of the public key is small
ECDSA case 201 [valid] x-coordinate of the public key is small
ECDSA case 202 [valid] x-coordinate of the public key is small
ECDSA case 203 [valid] x-coordinate of the public key has many trailing 1's
ECDSA case 204 [valid] x-coordinate of the public key has many trailing 1's
ECDSA case 205 [valid] x-coordinate of the public key has many trailing 1's
ECDSA case 206 [valid] y-coordinate of the public key has many trailing 1's
ECDSA case 207 [valid] y-coordinate of the public key has many trailing 1's
ECDSA case 208 [valid] y-coordinate of the public key has many trailing 1's
ECDSA case 209 [valid] x-coordinate of the public key has many trailing 0's
ECDSA case 210 [valid] x-coordinate of the public key has many trailing 0's
ECDSA case 211 [valid] x-coordinate of the public key has many trailing 0's