From da2965cb4ec1866710ccd44ecfd04e3501728d70 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 16 Jul 2019 17:25:25 -0500 Subject: [PATCH] P-384 test vectors --- selftest.cpp | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/selftest.cpp b/selftest.cpp index b63bf4bde..9ddd6953b 100644 --- a/selftest.cpp +++ b/selftest.cpp @@ -79,6 +79,14 @@ using namespace ZeroTier; #define KNOWN_GOOD_IDENTITY "8e4df28b72:0:ac3d46abe0c21f3cfe7a6c8d6a85cfcffcb82fbd55af6a4d6350657c68200843fa2e16f9418bbd9702cae365f2af5fb4c420908b803a681d4daef6114d78a2d7:bd8dd6e4ce7022d2f812797a80c6ee8ad180dc4ebf301dec8b06d1be08832bddd63a2f1cfa7b2c504474c75bdc8898ba476ef92e8e2d0509f8441985171ff16e" #define KNOWN_BAD_IDENTITY "9e4df28b72:0:ac3d46abe0c21f3cfe7a6c8d6a85cfcffcb82fbd55af6a4d6350657c68200843fa2e16f9418bbd9702cae365f2af5fb4c420908b803a681d4daef6114d78a2d7:bd8dd6e4ce7022d2f812797a80c6ee8ad180dc4ebf301dec8b06d1be08832bddd63a2f1cfa7b2c504474c75bdc8898ba476ef92e8e2d0509f8441985171ff16e" +// These were generated with some Go code using the NIST P-384 elliptic curve. There +// are official P-384 test vectors but the format of these is funny and converting is +// a pain, so this is easier. We assume the Go runtime's P-384 implementation is correct. +#define ECC384_TEST_PUBLIC "02edbcbb1f239bbd9d3d7cef6b37a32669e94df42664fbac7640c22221a6a3df8c9681760f0e67abd45158b31563fb4971" +#define ECC384_TEST_PRIVATE "62939b4a293cc68698c3d07fb7ff97a2fbc9368a1da5408e4913d41546cbb408fa8cb27fcc3f72f80d167bf0a4c329d3" +#define ECC384_TEST_DH_SELF_AGREE "f696bd1bda5e528c1d56a36ed9bad784dd201b50c9d868b9529327ab17edc6ae895e7fd9461587f4c8472ef786f5870b" +#define ECC384_TEST_SIG "98935f0a052cba3ad7d208de64e7772cbde6d91611d2ef03ba129f1498498c2d3650d9cfbb2beacb28e70b90439e018b52db46ecc7f6a95688003cdb4ffe04a1c74c3ffcb8c8704212f437facdb9172f608cb605c6ce37d6c9f00b233910290d" + static const unsigned char s20TV0Key[32] = { 0x0f,0x62,0xb5,0x08,0x5b,0xae,0x01,0x54,0xa7,0xfa,0x4d,0xa0,0xf3,0x46,0x99,0xec,0x3f,0x92,0xe5,0x38,0x8b,0xde,0x31,0x84,0xd7,0x2a,0x7d,0xd0,0x23,0x76,0xc9,0x1c }; static const unsigned char s20TV0Iv[8] = { 0x28,0x8f,0xf6,0x5d,0xc4,0x2b,0x92,0xf9 }; static const unsigned char s20TV0Ks[64] = { 0x5e,0x5e,0x71,0xf9,0x01,0x99,0x34,0x03,0x04,0xab,0xb2,0x2a,0x37,0xb6,0x62,0x5b,0xf8,0x83,0xfb,0x89,0xce,0x3b,0x21,0xf5,0x4a,0x10,0xb8,0x10,0x66,0xef,0x87,0xda,0x30,0xb7,0x76,0x99,0xaa,0x73,0x79,0xda,0x59,0x5c,0x77,0xdd,0x59,0x54,0x2d,0xa2,0x08,0xe5,0x95,0x4f,0x89,0xe4,0x0e,0xb7,0xaa,0x80,0xa8,0x4a,0x61,0x76,0x66,0x3f }; @@ -315,16 +323,16 @@ static int testCrypto() Utils::getSecureRandom(p384hash,sizeof(p384hash)); ECC384ECDSASign(p384priv,p384hash,p384sig); if (!ECC384ECDSAVerify(p384pub,p384hash,p384sig)) { - std::cout << "[crypto] Signature: FAILED (verify good signature)" << std::endl; + std::cout << "[crypto] ECDSA Signature: FAILED (verify good signature)" << std::endl; return -1; } ++p384sig[0]; if (ECC384ECDSAVerify(p384pub,p384hash,p384sig)) { - std::cout << "[crypto] Signature: FAILED (verify bad signature)" << std::endl; + std::cout << "[crypto] ECDSA Signature: FAILED (verify bad signature)" << std::endl; return -1; } --p384sig[0]; - std::cout << "[crypto] Signature: " << Utils::hex(p384sig,sizeof(p384sig),p384hex) << std::endl; + std::cout << "[crypto] ECDSA Signature: " << Utils::hex(p384sig,sizeof(p384sig),p384hex) << std::endl; uint8_t p384pub2[ZT_ECC384_PUBLIC_KEY_SIZE],p384priv2[ZT_ECC384_PRIVATE_KEY_SIZE],p384sec[ZT_ECC384_SHARED_SECRET_SIZE],p384sec2[ZT_ECC384_SHARED_SECRET_SIZE]; ECC384GenerateKey(p384pub2,p384priv2); ECC384ECDH(p384pub,p384priv2,p384sec); @@ -334,6 +342,22 @@ static int testCrypto() return -1; } std::cout << "[crypto] ECDH Agree: " << Utils::hex(p384sec,sizeof(p384sec),p384hex) << std::endl; + + Utils::unhex(ECC384_TEST_PUBLIC,p384pub,sizeof(p384pub)); + Utils::unhex(ECC384_TEST_PRIVATE,p384priv,sizeof(p384priv)); + ECC384ECDH(p384pub,p384priv,p384sec); + Utils::unhex(ECC384_TEST_DH_SELF_AGREE,p384sec2,sizeof(p384sec2)); + if (memcmp(p384sec,p384sec2,ZT_ECC384_SHARED_SECRET_SIZE)) { + std::cout << "[crypto] ECDH Test Vector: FAILED (secrets do not match)" << std::endl; + return -1; + } + std::cout << "[crypto] ECDH Test Vector: PASS" << std::endl; + Utils::unhex(ECC384_TEST_SIG,p384sig,sizeof(p384sig)); + if (!ECC384ECDSAVerify(p384pub,p384pub,p384sig)) { + std::cout << "[crypto] ECDSA Test Vector: FAILED (verify failed)" << std::endl; + return -1; + } + std::cout << "[crypto] ECDSA Test Vector: PASS" << std::endl; } std::cout << "[crypto] Testing C25519 and Ed25519 against test vectors... "; std::cout.flush();