-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
p384: add Wycheproof test vectors #574
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Generated using the `wycheproof2blb` utility: $ cargo run ~/wycheproof secp384r1 384 wycheproof.blb desc.txt This required a small change to `wycheproof2blb`: RustCrypto/utils#767 Includes the following test vectors: ECDSA case 1 [valid] signature malleability ECDSA case 3 [valid] valid ECDSA case 4 [invalid] long form encoding of length of sequence ECDSA case 5 [invalid] length of sequence contains leading 0 ECDSA case 6 [invalid] wrong length of sequence ECDSA case 7 [invalid] wrong length of sequence ECDSA case 8 [invalid] uint32 overflow in length of sequence ECDSA case 9 [invalid] uint64 overflow in length of sequence ECDSA case 10 [invalid] length of sequence = 2**31 - 1 ECDSA case 11 [invalid] length of sequence = 2**32 - 1 ECDSA case 12 [invalid] length of sequence = 2**40 - 1 ECDSA case 13 [invalid] length of sequence = 2**64 - 1 ECDSA case 14 [invalid] incorrect length of sequence ECDSA case 15 [invalid] indefinite length without termination ECDSA case 16 [invalid] indefinite length without termination ECDSA case 17 [invalid] indefinite length without termination ECDSA case 18 [invalid] removing sequence ECDSA case 19 [invalid] lonely sequence tag ECDSA case 20 [invalid] appending 0's to sequence ECDSA case 21 [invalid] prepending 0's to sequence ECDSA case 22 [invalid] appending unused 0's to sequence ECDSA case 23 [invalid] appending null value to sequence ECDSA case 24 [invalid] including garbage ECDSA case 25 [invalid] including garbage ECDSA case 26 [invalid] including garbage ECDSA case 27 [invalid] including garbage ECDSA case 28 [invalid] including garbage ECDSA case 29 [invalid] including garbage ECDSA case 30 [invalid] including garbage ECDSA case 31 [invalid] including garbage ECDSA case 32 [invalid] including garbage ECDSA case 33 [invalid] including undefined tags ECDSA case 34 [invalid] including undefined tags ECDSA case 35 [invalid] including undefined tags ECDSA case 36 [invalid] including undefined tags ECDSA case 37 [invalid] including undefined tags ECDSA case 38 [invalid] including undefined tags ECDSA case 39 [invalid] truncated length of sequence ECDSA case 40 [invalid] using composition with indefinite length ECDSA case 41 [invalid] using composition with indefinite length ECDSA case 42 [invalid] using composition with indefinite length ECDSA case 43 [invalid] using composition with wrong tag ECDSA case 44 [invalid] using composition with wrong tag ECDSA case 45 [invalid] using composition with wrong tag ECDSA case 46 [invalid] Replacing sequence with NULL ECDSA case 47 [invalid] changing tag value of sequence ECDSA case 48 [invalid] changing tag value of sequence ECDSA case 49 [invalid] changing tag value of sequence ECDSA case 50 [invalid] changing tag value of sequence ECDSA case 51 [invalid] changing tag value of sequence ECDSA case 52 [invalid] dropping value of sequence ECDSA case 53 [invalid] using composition for sequence ECDSA case 54 [invalid] truncated sequence ECDSA case 55 [invalid] truncated sequence ECDSA case 56 [invalid] indefinite length ECDSA case 57 [invalid] indefinite length with truncated delimiter ECDSA case 58 [invalid] indefinite length with additional element ECDSA case 59 [invalid] indefinite length with truncated element ECDSA case 60 [invalid] indefinite length with garbage ECDSA case 61 [invalid] indefinite length with nonempty EOC ECDSA case 62 [invalid] prepend empty sequence ECDSA case 63 [invalid] append empty sequence ECDSA case 64 [invalid] append garbage with high tag number ECDSA case 65 [invalid] sequence of sequence ECDSA case 66 [invalid] truncated sequence: removed last 1 elements ECDSA case 67 [invalid] repeating element in sequence ECDSA case 68 [invalid] long form encoding of length of integer ECDSA case 69 [invalid] long form encoding of length of integer ECDSA case 70 [invalid] length of integer contains leading 0 ECDSA case 71 [invalid] length of integer contains leading 0 ECDSA case 72 [invalid] wrong length of integer ECDSA case 73 [invalid] wrong length of integer ECDSA case 74 [invalid] wrong length of integer ECDSA case 75 [invalid] wrong length of integer ECDSA case 76 [invalid] uint32 overflow in length of integer ECDSA case 77 [invalid] uint32 overflow in length of integer ECDSA case 78 [invalid] uint64 overflow in length of integer ECDSA case 79 [invalid] uint64 overflow in length of integer ECDSA case 80 [invalid] length of integer = 2**31 - 1 ECDSA case 81 [invalid] length of integer = 2**31 - 1 ECDSA case 82 [invalid] length of integer = 2**32 - 1 ECDSA case 83 [invalid] length of integer = 2**32 - 1 ECDSA case 84 [invalid] length of integer = 2**40 - 1 ECDSA case 85 [invalid] length of integer = 2**40 - 1 ECDSA case 86 [invalid] length of integer = 2**64 - 1 ECDSA case 87 [invalid] length of integer = 2**64 - 1 ECDSA case 88 [invalid] incorrect length of integer ECDSA case 89 [invalid] incorrect length of integer ECDSA case 90 [invalid] removing integer ECDSA case 91 [invalid] lonely integer tag ECDSA case 92 [invalid] lonely integer tag ECDSA case 93 [invalid] appending 0's to integer ECDSA case 94 [invalid] appending 0's to integer ECDSA case 95 [invalid] prepending 0's to integer ECDSA case 96 [invalid] prepending 0's to integer ECDSA case 97 [invalid] appending unused 0's to integer ECDSA case 98 [invalid] appending null value to integer ECDSA case 99 [invalid] appending null value to integer ECDSA case 100 [invalid] truncated length of integer ECDSA case 101 [invalid] truncated length of integer ECDSA case 102 [invalid] Replacing integer with NULL ECDSA case 103 [invalid] Replacing integer with NULL ECDSA case 104 [invalid] changing tag value of integer ECDSA case 105 [invalid] changing tag value of integer ECDSA case 106 [invalid] changing tag value of integer ECDSA case 107 [invalid] changing tag value of integer ECDSA case 108 [invalid] changing tag value of integer ECDSA case 109 [invalid] changing tag value of integer ECDSA case 110 [invalid] changing tag value of integer ECDSA case 111 [invalid] changing tag value of integer ECDSA case 112 [invalid] changing tag value of integer ECDSA case 113 [invalid] changing tag value of integer ECDSA case 114 [invalid] dropping value of integer ECDSA case 115 [invalid] dropping value of integer ECDSA case 116 [invalid] using composition for integer ECDSA case 117 [invalid] using composition for integer ECDSA case 118 [invalid] modify first byte of integer ECDSA case 119 [invalid] modify first byte of integer ECDSA case 120 [invalid] modify last byte of integer ECDSA case 121 [invalid] modify last byte of integer ECDSA case 122 [invalid] truncated integer ECDSA case 123 [invalid] truncated integer ECDSA case 124 [invalid] truncated integer ECDSA case 125 [invalid] leading ff in integer ECDSA case 126 [invalid] leading ff in integer ECDSA case 127 [invalid] replaced integer by infinity ECDSA case 128 [invalid] replaced integer by infinity ECDSA case 129 [invalid] replacing integer with zero ECDSA case 130 [invalid] replacing integer with zero ECDSA case 131 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 132 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 133 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 134 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 135 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 136 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 137 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 138 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 139 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 140 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 141 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 142 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 143 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group ECDSA case 144 [invalid] Signature with special case values for r and s ECDSA case 145 [invalid] Signature with special case values for r and s ECDSA case 146 [invalid] Signature with special case values for r and s ECDSA case 147 [invalid] Signature with special case values for r and s ECDSA case 148 [invalid] Signature with special case values for r and s ECDSA case 149 [invalid] Signature with special case values for r and s ECDSA case 150 [invalid] Signature with special case values for r and s ECDSA case 151 [invalid] Signature with special case values for r and s ECDSA case 152 [invalid] Signature with special case values for r and s ECDSA case 153 [invalid] Signature with special case values for r and s ECDSA case 154 [invalid] Signature with special case values for r and s ECDSA case 155 [invalid] Signature with special case values for r and s ECDSA case 156 [invalid] Signature with special case values for r and s ECDSA case 157 [invalid] Signature with special case values for r and s ECDSA case 158 [invalid] Signature with special case values for r and s ECDSA case 159 [invalid] Signature with special case values for r and s ECDSA case 160 [invalid] Signature with special case values for r and s ECDSA case 161 [invalid] Signature with special case values for r and s ECDSA case 162 [invalid] Signature with special case values for r and s ECDSA case 163 [invalid] Signature with special case values for r and s ECDSA case 164 [invalid] Signature with special case values for r and s ECDSA case 165 [invalid] Signature with special case values for r and s ECDSA case 166 [invalid] Signature with special case values for r and s ECDSA case 167 [invalid] Signature with special case values for r and s ECDSA case 168 [invalid] Signature with special case values for r and s ECDSA case 169 [invalid] Signature with special case values for r and s ECDSA case 170 [invalid] Signature with special case values for r and s ECDSA case 171 [invalid] Signature with special case values for r and s ECDSA case 172 [invalid] Signature with special case values for r and s ECDSA case 173 [invalid] Signature with special case values for r and s ECDSA case 174 [invalid] Signature with special case values for r and s ECDSA case 175 [invalid] Signature with special case values for r and s ECDSA case 176 [invalid] Signature with special case values for r and s ECDSA case 177 [invalid] Signature with special case values for r and s ECDSA case 178 [invalid] Signature with special case values for r and s ECDSA case 179 [invalid] Signature with special case values for r and s ECDSA case 180 [invalid] Signature with special case values for r and s ECDSA case 181 [invalid] Signature with special case values for r and s ECDSA case 182 [invalid] Signature with special case values for r and s ECDSA case 183 [invalid] Signature with special case values for r and s ECDSA case 184 [invalid] Signature with special case values for r and s ECDSA case 185 [invalid] Signature with special case values for r and s ECDSA case 186 [invalid] Signature with special case values for r and s ECDSA case 187 [invalid] Signature with special case values for r and s ECDSA case 188 [invalid] Signature with special case values for r and s ECDSA case 189 [invalid] Signature with special case values for r and s ECDSA case 190 [invalid] Signature with special case values for r and s ECDSA case 191 [invalid] Signature with special case values for r and s ECDSA case 192 [invalid] Signature with special case values for r and s ECDSA case 193 [invalid] Signature with special case values for r and s ECDSA case 194 [invalid] Signature with special case values for r and s ECDSA case 195 [invalid] Signature with special case values for r and s ECDSA case 196 [invalid] Signature with special case values for r and s ECDSA case 197 [invalid] Signature with special case values for r and s ECDSA case 198 [invalid] Signature with special case values for r and s ECDSA case 199 [invalid] Signature with special case values for r and s ECDSA case 200 [invalid] Signature with special case values for r and s ECDSA case 201 [invalid] Signature with special case values for r and s ECDSA case 202 [invalid] Signature with special case values for r and s ECDSA case 203 [invalid] Signature with special case values for r and s ECDSA case 204 [invalid] Signature with special case values for r and s ECDSA case 205 [invalid] Signature with special case values for r and s ECDSA case 206 [invalid] Signature with special case values for r and s ECDSA case 207 [invalid] Signature with special case values for r and s ECDSA case 208 [invalid] Signature with special case values for r and s ECDSA case 209 [invalid] Signature with special case values for r and s ECDSA case 210 [invalid] Signature with special case values for r and s ECDSA case 211 [invalid] Signature with special case values for r and s ECDSA case 212 [invalid] Signature with special case values for r and s ECDSA case 213 [invalid] Signature with special case values for r and s ECDSA case 214 [invalid] Signature with special case values for r and s ECDSA case 215 [invalid] Signature with special case values for r and s ECDSA case 216 [invalid] Signature with special case values for r and s ECDSA case 217 [invalid] Signature with special case values for r and s ECDSA case 218 [invalid] Signature with special case values for r and s ECDSA case 219 [invalid] Signature with special case values for r and s ECDSA case 220 [invalid] Signature with special case values for r and s ECDSA case 221 [invalid] Signature with special case values for r and s ECDSA case 222 [invalid] Signature with special case values for r and s ECDSA case 223 [invalid] Signature with special case values for r and s ECDSA case 224 [invalid] Signature encoding contains wrong types. ECDSA case 225 [invalid] Signature encoding contains wrong types. ECDSA case 226 [invalid] Signature encoding contains wrong types. ECDSA case 227 [invalid] Signature encoding contains wrong types. ECDSA case 228 [invalid] Signature encoding contains wrong types. ECDSA case 229 [invalid] Signature encoding contains wrong types. ECDSA case 230 [valid] Edge case for Shamir multiplication ECDSA case 231 [valid] special case hash ECDSA case 232 [valid] special case hash ECDSA case 233 [valid] special case hash ECDSA case 234 [valid] special case hash ECDSA case 235 [valid] special case hash ECDSA case 236 [valid] special case hash ECDSA case 237 [valid] special case hash ECDSA case 238 [valid] special case hash ECDSA case 239 [valid] special case hash ECDSA case 240 [valid] special case hash ECDSA case 241 [valid] special case hash ECDSA case 242 [valid] special case hash ECDSA case 243 [valid] special case hash ECDSA case 244 [valid] special case hash ECDSA case 245 [valid] special case hash ECDSA case 246 [valid] special case hash ECDSA case 247 [valid] special case hash ECDSA case 248 [valid] special case hash ECDSA case 249 [valid] special case hash ECDSA case 250 [valid] special case hash ECDSA case 251 [valid] special case hash ECDSA case 252 [valid] special case hash ECDSA case 253 [valid] special case hash ECDSA case 254 [valid] special case hash ECDSA case 255 [valid] special case hash ECDSA case 256 [valid] special case hash ECDSA case 257 [valid] special case hash ECDSA case 258 [valid] special case hash ECDSA case 259 [valid] special case hash ECDSA case 260 [valid] special case hash ECDSA case 261 [valid] special case hash ECDSA case 262 [valid] special case hash ECDSA case 263 [valid] special case hash ECDSA case 264 [valid] special case hash ECDSA case 265 [valid] special case hash ECDSA case 266 [valid] special case hash ECDSA case 267 [valid] special case hash ECDSA case 268 [valid] special case hash ECDSA case 269 [valid] special case hash ECDSA case 270 [valid] special case hash ECDSA case 271 [valid] special case hash ECDSA case 272 [valid] special case hash ECDSA case 273 [valid] special case hash ECDSA case 274 [valid] special case hash ECDSA case 275 [valid] special case hash ECDSA case 276 [valid] special case hash ECDSA case 277 [valid] special case hash ECDSA case 278 [valid] special case hash ECDSA case 279 [valid] special case hash ECDSA case 280 [valid] special case hash ECDSA case 281 [valid] special case hash ECDSA case 282 [valid] special case hash ECDSA case 283 [valid] special case hash ECDSA case 284 [valid] special case hash ECDSA case 285 [valid] special case hash ECDSA case 286 [valid] special case hash ECDSA case 287 [valid] special case hash ECDSA case 288 [valid] special case hash ECDSA case 289 [valid] special case hash ECDSA case 290 [valid] special case hash ECDSA case 291 [valid] special case hash ECDSA case 292 [valid] special case hash ECDSA case 293 [valid] special case hash ECDSA case 294 [valid] special case hash ECDSA case 295 [valid] special case hash ECDSA case 296 [valid] special case hash ECDSA case 297 [valid] special case hash ECDSA case 298 [valid] special case hash ECDSA case 299 [valid] special case hash ECDSA case 300 [valid] special case hash ECDSA case 301 [valid] special case hash ECDSA case 302 [valid] special case hash ECDSA case 303 [valid] special case hash ECDSA case 304 [valid] special case hash ECDSA case 305 [valid] special case hash ECDSA case 306 [valid] special case hash ECDSA case 307 [valid] special case hash ECDSA case 308 [valid] special case hash ECDSA case 309 [valid] special case hash ECDSA case 310 [valid] special case hash ECDSA case 311 [valid] special case hash ECDSA case 312 [valid] special case hash ECDSA case 313 [valid] special case hash ECDSA case 314 [valid] special case hash ECDSA case 315 [valid] special case hash ECDSA case 316 [valid] special case hash ECDSA case 317 [valid] k*G has a large x-coordinate ECDSA case 318 [invalid] r too large ECDSA case 319 [valid] r,s are large ECDSA case 320 [valid] r and s^-1 have a large Hamming weight ECDSA case 321 [valid] r and s^-1 have a large Hamming weight ECDSA case 322 [valid] small r and s ECDSA case 323 [valid] small r and s ECDSA case 324 [valid] small r and s ECDSA case 325 [invalid] r is larger than n ECDSA case 326 [invalid] s is larger than n ECDSA case 327 [valid] small r and s^-1 ECDSA case 328 [valid] smallish r and s^-1 ECDSA case 329 [valid] 100-bit r and small s^-1 ECDSA case 330 [valid] small r and 100 bit s^-1 ECDSA case 331 [valid] 100-bit r and s^-1 ECDSA case 332 [valid] r and s^-1 are close to n ECDSA case 333 [valid] s == 1 ECDSA case 334 [invalid] s == 0 ECDSA case 335 [invalid] point at infinity during verify ECDSA case 336 [valid] edge case for signature malleability ECDSA case 337 [valid] edge case for signature malleability ECDSA case 338 [valid] u1 == 1 ECDSA case 339 [valid] u1 == n - 1 ECDSA case 340 [valid] u2 == 1 ECDSA case 341 [valid] u2 == n - 1 ECDSA case 342 [valid] edge case for u1 ECDSA case 343 [valid] edge case for u1 ECDSA case 344 [valid] edge case for u1 ECDSA case 345 [valid] edge case for u1 ECDSA case 346 [valid] edge case for u1 ECDSA case 347 [valid] edge case for u1 ECDSA case 348 [valid] edge case for u1 ECDSA case 349 [valid] edge case for u1 ECDSA case 350 [valid] edge case for u1 ECDSA case 351 [valid] edge case for u1 ECDSA case 352 [valid] edge case for u1 ECDSA case 353 [valid] edge case for u1 ECDSA case 354 [valid] edge case for u2 ECDSA case 355 [valid] edge case for u2 ECDSA case 356 [valid] edge case for u2 ECDSA case 357 [valid] edge case for u2 ECDSA case 358 [valid] edge case for u2 ECDSA case 359 [valid] edge case for u2 ECDSA case 360 [valid] edge case for u2 ECDSA case 361 [valid] edge case for u2 ECDSA case 362 [valid] edge case for u2 ECDSA case 363 [valid] edge case for u2 ECDSA case 364 [valid] edge case for u2 ECDSA case 365 [valid] edge case for u2 ECDSA case 366 [valid] point duplication during verification ECDSA case 367 [invalid] duplication bug ECDSA case 368 [invalid] point with x-coordinate 0 ECDSA case 369 [invalid] point with x-coordinate 0 ECDSA case 370 [invalid] comparison with point at infinity ECDSA case 371 [valid] extreme value for k and edgecase s ECDSA case 372 [valid] extreme value for k and s^-1 ECDSA case 373 [valid] extreme value for k and s^-1 ECDSA case 374 [valid] extreme value for k and s^-1 ECDSA case 375 [valid] extreme value for k and s^-1 ECDSA case 376 [valid] extreme value for k ECDSA case 377 [valid] extreme value for k and edgecase s ECDSA case 378 [valid] extreme value for k and s^-1 ECDSA case 379 [valid] extreme value for k and s^-1 ECDSA case 380 [valid] extreme value for k and s^-1 ECDSA case 381 [valid] extreme value for k and s^-1 ECDSA case 382 [valid] extreme value for k ECDSA case 383 [invalid] testing point duplication ECDSA case 384 [invalid] testing point duplication ECDSA case 385 [invalid] testing point duplication ECDSA case 386 [invalid] testing point duplication ECDSA case 387 [valid] pseudorandom signature ECDSA case 388 [valid] pseudorandom signature ECDSA case 389 [valid] pseudorandom signature ECDSA case 390 [valid] pseudorandom signature ECDSA case 391 [valid] x-coordinate of the public key is large ECDSA case 392 [valid] x-coordinate of the public key is large ECDSA case 393 [valid] x-coordinate of the public key is large ECDSA case 394 [valid] y-coordinate of the public key has many trailing 0's ECDSA case 395 [valid] y-coordinate of the public key has many trailing 0's ECDSA case 396 [valid] y-coordinate of the public key has many trailing 0's ECDSA case 397 [valid] x-coordinate of the public key has many trailing 0's ECDSA case 398 [valid] x-coordinate of the public key has many trailing 0's ECDSA case 399 [valid] x-coordinate of the public key has many trailing 0's ECDSA case 400 [valid] x-coordinate of the public key is small ECDSA case 401 [valid] x-coordinate of the public key is small ECDSA case 402 [valid] x-coordinate of the public key is small ECDSA case 403 [valid] y-coordinate of the public key is small ECDSA case 404 [valid] y-coordinate of the public key is small ECDSA case 405 [valid] y-coordinate of the public key is small ECDSA case 406 [valid] y-coordinate of the public key is large ECDSA case 407 [valid] y-coordinate of the public key is large ECDSA case 408 [valid] y-coordinate of the public key is large
This was referenced May 28, 2022
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated using the
wycheproof2blb
utility:This required a small change to
wycheproof2blb
:RustCrypto/utils#767
Includes the following test vectors: