Skip to content

Commit

Permalink
p224: add Wycheproof test vectors (#818)
Browse files Browse the repository at this point in the history 
Generated using the `wycheproof2blb` utility:

    $ cargo run ~/src/wycheproof secp224r1 224 wycheproof.blb desc.txt

This required a small change to `wycheproof2blb`:

RustCrypto/utils#891

Includes the following test vectors:

ECDSA case 1 [valid] signature malleability
ECDSA case 3 [valid] valid
ECDSA case 4 [invalid] long form encoding of length of sequence
ECDSA case 5 [invalid] length of sequence contains leading 0
ECDSA case 6 [invalid] wrong length of sequence
ECDSA case 7 [invalid] wrong length of sequence
ECDSA case 8 [invalid] uint32 overflow in length of sequence
ECDSA case 9 [invalid] uint64 overflow in length of sequence
ECDSA case 10 [invalid] length of sequence = 2**31 - 1
ECDSA case 11 [invalid] length of sequence = 2**32 - 1
ECDSA case 12 [invalid] length of sequence = 2**40 - 1
ECDSA case 13 [invalid] length of sequence = 2**64 - 1
ECDSA case 14 [invalid] incorrect length of sequence
ECDSA case 15 [invalid] indefinite length without termination
ECDSA case 16 [invalid] indefinite length without termination
ECDSA case 17 [invalid] indefinite length without termination
ECDSA case 18 [invalid] removing sequence
ECDSA case 19 [invalid] lonely sequence tag
ECDSA case 20 [invalid] appending 0's to sequence
ECDSA case 21 [invalid] prepending 0's to sequence
ECDSA case 22 [invalid] appending unused 0's to sequence
ECDSA case 23 [invalid] appending null value to sequence
ECDSA case 24 [invalid] including garbage
ECDSA case 25 [invalid] including garbage
ECDSA case 26 [invalid] including garbage
ECDSA case 27 [invalid] including garbage
ECDSA case 28 [invalid] including garbage
ECDSA case 29 [invalid] including garbage
ECDSA case 30 [invalid] including garbage
ECDSA case 31 [invalid] including garbage
ECDSA case 32 [invalid] including garbage
ECDSA case 33 [invalid] including undefined tags
ECDSA case 34 [invalid] including undefined tags
ECDSA case 35 [invalid] including undefined tags
ECDSA case 36 [invalid] including undefined tags
ECDSA case 37 [invalid] including undefined tags
ECDSA case 38 [invalid] including undefined tags
ECDSA case 39 [invalid] truncated length of sequence
ECDSA case 40 [invalid] using composition with indefinite length
ECDSA case 41 [invalid] using composition with indefinite length
ECDSA case 42 [invalid] using composition with indefinite length
ECDSA case 43 [invalid] using composition with wrong tag
ECDSA case 44 [invalid] using composition with wrong tag
ECDSA case 45 [invalid] using composition with wrong tag
ECDSA case 46 [invalid] Replacing sequence with NULL
ECDSA case 47 [invalid] changing tag value of sequence
ECDSA case 48 [invalid] changing tag value of sequence
ECDSA case 49 [invalid] changing tag value of sequence
ECDSA case 50 [invalid] changing tag value of sequence
ECDSA case 51 [invalid] changing tag value of sequence
ECDSA case 52 [invalid] dropping value of sequence
ECDSA case 53 [invalid] using composition for sequence
ECDSA case 54 [invalid] truncated sequence
ECDSA case 55 [invalid] truncated sequence
ECDSA case 56 [invalid] indefinite length
ECDSA case 57 [invalid] indefinite length with truncated delimiter
ECDSA case 58 [invalid] indefinite length with additional element
ECDSA case 59 [invalid] indefinite length with truncated element
ECDSA case 60 [invalid] indefinite length with garbage
ECDSA case 61 [invalid] indefinite length with nonempty EOC
ECDSA case 62 [invalid] prepend empty sequence
ECDSA case 63 [invalid] append empty sequence
ECDSA case 64 [invalid] append garbage with high tag number
ECDSA case 65 [invalid] sequence of sequence
ECDSA case 66 [invalid] truncated sequence: removed last 1 elements
ECDSA case 67 [invalid] repeating element in sequence
ECDSA case 68 [invalid] long form encoding of length of integer
ECDSA case 69 [invalid] long form encoding of length of integer
ECDSA case 70 [invalid] length of integer contains leading 0
ECDSA case 71 [invalid] length of integer contains leading 0
ECDSA case 72 [invalid] wrong length of integer
ECDSA case 73 [invalid] wrong length of integer
ECDSA case 74 [invalid] wrong length of integer
ECDSA case 75 [invalid] wrong length of integer
ECDSA case 76 [invalid] uint32 overflow in length of integer
ECDSA case 77 [invalid] uint32 overflow in length of integer
ECDSA case 78 [invalid] uint64 overflow in length of integer
ECDSA case 79 [invalid] uint64 overflow in length of integer
ECDSA case 80 [invalid] length of integer = 2**31 - 1
ECDSA case 81 [invalid] length of integer = 2**31 - 1
ECDSA case 82 [invalid] length of integer = 2**32 - 1
ECDSA case 83 [invalid] length of integer = 2**32 - 1
ECDSA case 84 [invalid] length of integer = 2**40 - 1
ECDSA case 85 [invalid] length of integer = 2**40 - 1
ECDSA case 86 [invalid] length of integer = 2**64 - 1
ECDSA case 87 [invalid] length of integer = 2**64 - 1
ECDSA case 88 [invalid] incorrect length of integer
ECDSA case 89 [invalid] incorrect length of integer
ECDSA case 90 [invalid] removing integer
ECDSA case 91 [invalid] lonely integer tag
ECDSA case 92 [invalid] lonely integer tag
ECDSA case 93 [invalid] appending 0's to integer
ECDSA case 94 [invalid] appending 0's to integer
ECDSA case 95 [invalid] prepending 0's to integer
ECDSA case 96 [invalid] prepending 0's to integer
ECDSA case 97 [invalid] appending unused 0's to integer
ECDSA case 98 [invalid] appending null value to integer
ECDSA case 99 [invalid] appending null value to integer
ECDSA case 100 [invalid] truncated length of integer
ECDSA case 101 [invalid] truncated length of integer
ECDSA case 102 [invalid] Replacing integer with NULL
ECDSA case 103 [invalid] Replacing integer with NULL
ECDSA case 104 [invalid] changing tag value of integer
ECDSA case 105 [invalid] changing tag value of integer
ECDSA case 106 [invalid] changing tag value of integer
ECDSA case 107 [invalid] changing tag value of integer
ECDSA case 108 [invalid] changing tag value of integer
ECDSA case 109 [invalid] changing tag value of integer
ECDSA case 110 [invalid] changing tag value of integer
ECDSA case 111 [invalid] changing tag value of integer
ECDSA case 112 [invalid] changing tag value of integer
ECDSA case 113 [invalid] changing tag value of integer
ECDSA case 114 [invalid] dropping value of integer
ECDSA case 115 [invalid] dropping value of integer
ECDSA case 116 [invalid] using composition for integer
ECDSA case 117 [invalid] using composition for integer
ECDSA case 118 [invalid] modify first byte of integer
ECDSA case 119 [invalid] modify first byte of integer
ECDSA case 120 [invalid] modify last byte of integer
ECDSA case 121 [invalid] modify last byte of integer
ECDSA case 122 [invalid] truncated integer
ECDSA case 123 [invalid] truncated integer
ECDSA case 124 [invalid] truncated integer
ECDSA case 125 [invalid] leading ff in integer
ECDSA case 126 [invalid] leading ff in integer
ECDSA case 127 [invalid] replaced integer by infinity
ECDSA case 128 [invalid] replaced integer by infinity
ECDSA case 129 [invalid] replacing integer with zero
ECDSA case 130 [invalid] replacing integer with zero
ECDSA case 131 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 132 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 133 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 134 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 135 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 136 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 137 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 138 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 139 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 140 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 141 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 142 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 143 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 144 [invalid] Signature with special case values for r and s
ECDSA case 145 [invalid] Signature with special case values for r and s
ECDSA case 146 [invalid] Signature with special case values for r and s
ECDSA case 147 [invalid] Signature with special case values for r and s
ECDSA case 148 [invalid] Signature with special case values for r and s
ECDSA case 149 [invalid] Signature with special case values for r and s
ECDSA case 150 [invalid] Signature with special case values for r and s
ECDSA case 151 [invalid] Signature with special case values for r and s
ECDSA case 152 [invalid] Signature with special case values for r and s
ECDSA case 153 [invalid] Signature with special case values for r and s
ECDSA case 154 [invalid] Signature with special case values for r and s
ECDSA case 155 [invalid] Signature with special case values for r and s
ECDSA case 156 [invalid] Signature with special case values for r and s
ECDSA case 157 [invalid] Signature with special case values for r and s
ECDSA case 158 [invalid] Signature with special case values for r and s
ECDSA case 159 [invalid] Signature with special case values for r and s
ECDSA case 160 [invalid] Signature with special case values for r and s
ECDSA case 161 [invalid] Signature with special case values for r and s
ECDSA case 162 [invalid] Signature with special case values for r and s
ECDSA case 163 [invalid] Signature with special case values for r and s
ECDSA case 164 [invalid] Signature with special case values for r and s
ECDSA case 165 [invalid] Signature with special case values for r and s
ECDSA case 166 [invalid] Signature with special case values for r and s
ECDSA case 167 [invalid] Signature with special case values for r and s
ECDSA case 168 [invalid] Signature with special case values for r and s
ECDSA case 169 [invalid] Signature with special case values for r and s
ECDSA case 170 [invalid] Signature with special case values for r and s
ECDSA case 171 [invalid] Signature with special case values for r and s
ECDSA case 172 [invalid] Signature with special case values for r and s
ECDSA case 173 [invalid] Signature with special case values for r and s
ECDSA case 174 [invalid] Signature with special case values for r and s
ECDSA case 175 [invalid] Signature with special case values for r and s
ECDSA case 176 [invalid] Signature with special case values for r and s
ECDSA case 177 [invalid] Signature with special case values for r and s
ECDSA case 178 [invalid] Signature with special case values for r and s
ECDSA case 179 [invalid] Signature with special case values for r and s
ECDSA case 180 [invalid] Signature with special case values for r and s
ECDSA case 181 [invalid] Signature with special case values for r and s
ECDSA case 182 [invalid] Signature with special case values for r and s
ECDSA case 183 [invalid] Signature with special case values for r and s
ECDSA case 184 [invalid] Signature with special case values for r and s
ECDSA case 185 [invalid] Signature with special case values for r and s
ECDSA case 186 [invalid] Signature with special case values for r and s
ECDSA case 187 [invalid] Signature with special case values for r and s
ECDSA case 188 [invalid] Signature with special case values for r and s
ECDSA case 189 [invalid] Signature with special case values for r and s
ECDSA case 190 [invalid] Signature with special case values for r and s
ECDSA case 191 [invalid] Signature with special case values for r and s
ECDSA case 192 [invalid] Signature with special case values for r and s
ECDSA case 193 [invalid] Signature with special case values for r and s
ECDSA case 194 [invalid] Signature with special case values for r and s
ECDSA case 195 [invalid] Signature with special case values for r and s
ECDSA case 196 [invalid] Signature with special case values for r and s
ECDSA case 197 [invalid] Signature with special case values for r and s
ECDSA case 198 [invalid] Signature with special case values for r and s
ECDSA case 199 [invalid] Signature with special case values for r and s
ECDSA case 200 [invalid] Signature with special case values for r and s
ECDSA case 201 [invalid] Signature with special case values for r and s
ECDSA case 202 [invalid] Signature with special case values for r and s
ECDSA case 203 [invalid] Signature with special case values for r and s
ECDSA case 204 [invalid] Signature with special case values for r and s
ECDSA case 205 [invalid] Signature with special case values for r and s
ECDSA case 206 [invalid] Signature with special case values for r and s
ECDSA case 207 [invalid] Signature with special case values for r and s
ECDSA case 208 [invalid] Signature with special case values for r and s
ECDSA case 209 [invalid] Signature with special case values for r and s
ECDSA case 210 [invalid] Signature with special case values for r and s
ECDSA case 211 [invalid] Signature with special case values for r and s
ECDSA case 212 [invalid] Signature with special case values for r and s
ECDSA case 213 [invalid] Signature with special case values for r and s
ECDSA case 214 [invalid] Signature with special case values for r and s
ECDSA case 215 [invalid] Signature with special case values for r and s
ECDSA case 216 [invalid] Signature with special case values for r and s
ECDSA case 217 [invalid] Signature with special case values for r and s
ECDSA case 218 [invalid] Signature with special case values for r and s
ECDSA case 219 [invalid] Signature with special case values for r and s
ECDSA case 220 [invalid] Signature with special case values for r and s
ECDSA case 221 [invalid] Signature with special case values for r and s
ECDSA case 222 [invalid] Signature with special case values for r and s
ECDSA case 223 [invalid] Signature with special case values for r and s
ECDSA case 224 [invalid] Signature encoding contains wrong types.
ECDSA case 225 [invalid] Signature encoding contains wrong types.
ECDSA case 226 [invalid] Signature encoding contains wrong types.
ECDSA case 227 [invalid] Signature encoding contains wrong types.
ECDSA case 228 [invalid] Signature encoding contains wrong types.
ECDSA case 229 [invalid] Signature encoding contains wrong types.
ECDSA case 230 [valid] Edge case for Shamir multiplication
ECDSA case 231 [valid] special case hash
ECDSA case 232 [valid] special case hash
ECDSA case 233 [valid] special case hash
ECDSA case 234 [valid] special case hash
ECDSA case 235 [valid] special case hash
ECDSA case 236 [valid] special case hash
ECDSA case 237 [valid] special case hash
ECDSA case 238 [valid] special case hash
ECDSA case 239 [valid] special case hash
ECDSA case 240 [valid] special case hash
ECDSA case 241 [valid] special case hash
ECDSA case 242 [valid] special case hash
ECDSA case 243 [valid] special case hash
ECDSA case 244 [valid] special case hash
ECDSA case 245 [valid] special case hash
ECDSA case 246 [valid] special case hash
ECDSA case 247 [valid] special case hash
ECDSA case 248 [valid] special case hash
ECDSA case 249 [valid] special case hash
ECDSA case 250 [valid] special case hash
ECDSA case 251 [valid] special case hash
ECDSA case 252 [valid] special case hash
ECDSA case 253 [valid] special case hash
ECDSA case 254 [valid] special case hash
ECDSA case 255 [valid] special case hash
ECDSA case 256 [valid] special case hash
ECDSA case 257 [valid] k*G has a large x-coordinate
ECDSA case 258 [invalid] r too large
ECDSA case 259 [valid] r,s are large
ECDSA case 260 [valid] r and s^-1 have a large Hamming weight
ECDSA case 261 [valid] r and s^-1 have a large Hamming weight
ECDSA case 262 [valid] small r and s
ECDSA case 263 [valid] small r and s
ECDSA case 264 [valid] small r and s
ECDSA case 265 [invalid] r is larger than n
ECDSA case 266 [invalid] s is larger than n
ECDSA case 267 [valid] small r and s^-1
ECDSA case 268 [valid] smallish r and s^-1
ECDSA case 269 [valid] 100-bit r and small s^-1
ECDSA case 270 [valid] small r and 100 bit s^-1
ECDSA case 271 [valid] 100-bit r and s^-1
ECDSA case 272 [valid] r and s^-1 are close to n
ECDSA case 273 [valid] s == 1
ECDSA case 274 [invalid] s == 0
ECDSA case 275 [invalid] point at infinity during verify
ECDSA case 276 [valid] edge case for signature malleability
ECDSA case 277 [valid] edge case for signature malleability
ECDSA case 278 [valid] u1 == 1
ECDSA case 279 [valid] u1 == n - 1
ECDSA case 280 [valid] u2 == 1
ECDSA case 281 [valid] u2 == n - 1
ECDSA case 282 [valid] edge case for u1
ECDSA case 283 [valid] edge case for u1
ECDSA case 284 [valid] edge case for u1
ECDSA case 285 [valid] edge case for u1
ECDSA case 286 [valid] edge case for u1
ECDSA case 287 [valid] edge case for u1
ECDSA case 288 [valid] edge case for u1
ECDSA case 289 [valid] edge case for u1
ECDSA case 290 [valid] edge case for u1
ECDSA case 291 [valid] edge case for u1
ECDSA case 292 [valid] edge case for u1
ECDSA case 293 [valid] edge case for u2
ECDSA case 294 [valid] edge case for u2
ECDSA case 295 [valid] edge case for u2
ECDSA case 296 [valid] edge case for u2
ECDSA case 297 [valid] edge case for u2
ECDSA case 298 [valid] edge case for u2
ECDSA case 299 [valid] edge case for u2
ECDSA case 300 [valid] edge case for u2
ECDSA case 301 [valid] edge case for u2
ECDSA case 302 [valid] edge case for u2
ECDSA case 303 [valid] edge case for u2
ECDSA case 304 [valid] point duplication during verification
ECDSA case 305 [invalid] duplication bug
ECDSA case 306 [invalid] comparison with point at infinity
ECDSA case 307 [valid] extreme value for k and edgecase s
ECDSA case 308 [valid] extreme value for k and s^-1
ECDSA case 309 [valid] extreme value for k and s^-1
ECDSA case 310 [valid] extreme value for k and s^-1
ECDSA case 311 [valid] extreme value for k and s^-1
ECDSA case 312 [valid] extreme value for k
ECDSA case 313 [valid] extreme value for k and edgecase s
ECDSA case 314 [valid] extreme value for k and s^-1
ECDSA case 315 [valid] extreme value for k and s^-1
ECDSA case 316 [valid] extreme value for k and s^-1
ECDSA case 317 [valid] extreme value for k and s^-1
ECDSA case 318 [valid] extreme value for k
ECDSA case 319 [invalid] testing point duplication
ECDSA case 320 [invalid] testing point duplication
ECDSA case 321 [invalid] testing point duplication
ECDSA case 322 [invalid] testing point duplication
ECDSA case 323 [valid] pseudorandom signature
ECDSA case 324 [valid] pseudorandom signature
ECDSA case 325 [valid] pseudorandom signature
ECDSA case 326 [valid] pseudorandom signature
ECDSA case 327 [valid] y-coordinate of the public key has many trailing 0's
ECDSA case 328 [valid] y-coordinate of the public key has many trailing 0's
ECDSA case 329 [valid] y-coordinate of the public key has many trailing 0's
ECDSA case 330 [valid] y-coordinate of the public key has many trailing 1's
ECDSA case 331 [valid] y-coordinate of the public key has many trailing 1's
ECDSA case 332 [valid] y-coordinate of the public key has many trailing 1's
ECDSA case 333 [valid] x-coordinate of the public key has many trailing 0's
ECDSA case 334 [valid] x-coordinate of the public key has many trailing 0's
ECDSA case 335 [valid] x-coordinate of the public key has many trailing 0's
ECDSA case 336 [valid] x-coordinate of the public key has many trailing 1's
ECDSA case 337 [valid] x-coordinate of the public key has many trailing 1's
ECDSA case 338 [valid] x-coordinate of the public key has many trailing 1's
ECDSA case 339 [valid] y-coordinate of the public key is small
ECDSA case 340 [valid] y-coordinate of the public key is small
ECDSA case 341 [valid] y-coordinate of the public key is small
ECDSA case 342 [valid] y-coordinate of the public key is large
ECDSA case 343 [valid] y-coordinate of the public key is large
ECDSA case 344 [valid] y-coordinate of the public key is large
ECDSA case 345 [valid] x-coordinate of the public key is small
ECDSA case 346 [valid] x-coordinate of the public key is small
ECDSA case 347 [valid] x-coordinate of the public key is small
ECDSA case 348 [valid] x-coordinate of the public key is large
ECDSA case 349 [valid] x-coordinate of the public key is large
ECDSA case 350 [valid] x-coordinate of the public key is large
ECDSA case 351 [valid] y-coordinate of the public key is small
ECDSA case 352 [valid] y-coordinate of the public key is small
ECDSA case 353 [valid] y-coordinate of the public key is small
ECDSA case 354 [valid] y-coordinate of the public key is large
ECDSA case 355 [valid] y-coordinate of the public key is large
ECDSA case 356 [valid] y-coordinate of the public key is large
  • Loading branch information
@tarcieri
tarcieri authored Apr 10, 2023
1 parent 5e36b71 commit 0440777
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 0 deletions.
1 change: 1 addition & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions p224/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ primeorder = { version = "0.13", optional = true, path = "../primeorder" }
sha2 = { version = "0.10", optional = true, default-features = false }

[dev-dependencies]
blobby = "0.3"
ecdsa-core = { version = "0.16", package = "ecdsa", default-features = false, features = ["dev"] }
hex-literal = "0.4"
primeorder = { version = "0.13", features = ["dev"], path = "../primeorder" }
Expand Down
5 changes: 5 additions & 0 deletions p224/src/ecdsa.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,4 +110,9 @@ mod tests {
use crate::{test_vectors::ecdsa::ECDSA_TEST_VECTORS, NistP224};
ecdsa_core::new_verification_test!(NistP224, ECDSA_TEST_VECTORS);
}

mod wycheproof {
use crate::NistP224;
ecdsa_core::new_wycheproof_test!(wycheproof, "wycheproof", NistP224);
}
}
Binary file added p224/src/test_vectors/data/wycheproof.blb
View file
Binary file not shown.

0 comments on commit 0440777

Please sign in to comment.