p384: add Wycheproof test vectors #574
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Generated using the `wycheproof2blb` utility:
$ cargo run ~/wycheproof secp384r1 384 wycheproof.blb desc.txt
This required a small change to `wycheproof2blb`:
RustCrypto/utils#767
Includes the following test vectors:
ECDSA case 1 [valid] signature malleability
ECDSA case 3 [valid] valid
ECDSA case 4 [invalid] long form encoding of length of sequence
ECDSA case 5 [invalid] length of sequence contains leading 0
ECDSA case 6 [invalid] wrong length of sequence
ECDSA case 7 [invalid] wrong length of sequence
ECDSA case 8 [invalid] uint32 overflow in length of sequence
ECDSA case 9 [invalid] uint64 overflow in length of sequence
ECDSA case 10 [invalid] length of sequence = 2**31 - 1
ECDSA case 11 [invalid] length of sequence = 2**32 - 1
ECDSA case 12 [invalid] length of sequence = 2**40 - 1
ECDSA case 13 [invalid] length of sequence = 2**64 - 1
ECDSA case 14 [invalid] incorrect length of sequence
ECDSA case 15 [invalid] indefinite length without termination
ECDSA case 16 [invalid] indefinite length without termination
ECDSA case 17 [invalid] indefinite length without termination
ECDSA case 18 [invalid] removing sequence
ECDSA case 19 [invalid] lonely sequence tag
ECDSA case 20 [invalid] appending 0's to sequence
ECDSA case 21 [invalid] prepending 0's to sequence
ECDSA case 22 [invalid] appending unused 0's to sequence
ECDSA case 23 [invalid] appending null value to sequence
ECDSA case 24 [invalid] including garbage
ECDSA case 25 [invalid] including garbage
ECDSA case 26 [invalid] including garbage
ECDSA case 27 [invalid] including garbage
ECDSA case 28 [invalid] including garbage
ECDSA case 29 [invalid] including garbage
ECDSA case 30 [invalid] including garbage
ECDSA case 31 [invalid] including garbage
ECDSA case 32 [invalid] including garbage
ECDSA case 33 [invalid] including undefined tags
ECDSA case 34 [invalid] including undefined tags
ECDSA case 35 [invalid] including undefined tags
ECDSA case 36 [invalid] including undefined tags
ECDSA case 37 [invalid] including undefined tags
ECDSA case 38 [invalid] including undefined tags
ECDSA case 39 [invalid] truncated length of sequence
ECDSA case 40 [invalid] using composition with indefinite length
ECDSA case 41 [invalid] using composition with indefinite length
ECDSA case 42 [invalid] using composition with indefinite length
ECDSA case 43 [invalid] using composition with wrong tag
ECDSA case 44 [invalid] using composition with wrong tag
ECDSA case 45 [invalid] using composition with wrong tag
ECDSA case 46 [invalid] Replacing sequence with NULL
ECDSA case 47 [invalid] changing tag value of sequence
ECDSA case 48 [invalid] changing tag value of sequence
ECDSA case 49 [invalid] changing tag value of sequence
ECDSA case 50 [invalid] changing tag value of sequence
ECDSA case 51 [invalid] changing tag value of sequence
ECDSA case 52 [invalid] dropping value of sequence
ECDSA case 53 [invalid] using composition for sequence
ECDSA case 54 [invalid] truncated sequence
ECDSA case 55 [invalid] truncated sequence
ECDSA case 56 [invalid] indefinite length
ECDSA case 57 [invalid] indefinite length with truncated delimiter
ECDSA case 58 [invalid] indefinite length with additional element
ECDSA case 59 [invalid] indefinite length with truncated element
ECDSA case 60 [invalid] indefinite length with garbage
ECDSA case 61 [invalid] indefinite length with nonempty EOC
ECDSA case 62 [invalid] prepend empty sequence
ECDSA case 63 [invalid] append empty sequence
ECDSA case 64 [invalid] append garbage with high tag number
ECDSA case 65 [invalid] sequence of sequence
ECDSA case 66 [invalid] truncated sequence: removed last 1 elements
ECDSA case 67 [invalid] repeating element in sequence
ECDSA case 68 [invalid] long form encoding of length of integer
ECDSA case 69 [invalid] long form encoding of length of integer
ECDSA case 70 [invalid] length of integer contains leading 0
ECDSA case 71 [invalid] length of integer contains leading 0
ECDSA case 72 [invalid] wrong length of integer
ECDSA case 73 [invalid] wrong length of integer
ECDSA case 74 [invalid] wrong length of integer
ECDSA case 75 [invalid] wrong length of integer
ECDSA case 76 [invalid] uint32 overflow in length of integer
ECDSA case 77 [invalid] uint32 overflow in length of integer
ECDSA case 78 [invalid] uint64 overflow in length of integer
ECDSA case 79 [invalid] uint64 overflow in length of integer
ECDSA case 80 [invalid] length of integer = 2**31 - 1
ECDSA case 81 [invalid] length of integer = 2**31 - 1
ECDSA case 82 [invalid] length of integer = 2**32 - 1
ECDSA case 83 [invalid] length of integer = 2**32 - 1
ECDSA case 84 [invalid] length of integer = 2**40 - 1
ECDSA case 85 [invalid] length of integer = 2**40 - 1
ECDSA case 86 [invalid] length of integer = 2**64 - 1
ECDSA case 87 [invalid] length of integer = 2**64 - 1
ECDSA case 88 [invalid] incorrect length of integer
ECDSA case 89 [invalid] incorrect length of integer
ECDSA case 90 [invalid] removing integer
ECDSA case 91 [invalid] lonely integer tag
ECDSA case 92 [invalid] lonely integer tag
ECDSA case 93 [invalid] appending 0's to integer
ECDSA case 94 [invalid] appending 0's to integer
ECDSA case 95 [invalid] prepending 0's to integer
ECDSA case 96 [invalid] prepending 0's to integer
ECDSA case 97 [invalid] appending unused 0's to integer
ECDSA case 98 [invalid] appending null value to integer
ECDSA case 99 [invalid] appending null value to integer
ECDSA case 100 [invalid] truncated length of integer
ECDSA case 101 [invalid] truncated length of integer
ECDSA case 102 [invalid] Replacing integer with NULL
ECDSA case 103 [invalid] Replacing integer with NULL
ECDSA case 104 [invalid] changing tag value of integer
ECDSA case 105 [invalid] changing tag value of integer
ECDSA case 106 [invalid] changing tag value of integer
ECDSA case 107 [invalid] changing tag value of integer
ECDSA case 108 [invalid] changing tag value of integer
ECDSA case 109 [invalid] changing tag value of integer
ECDSA case 110 [invalid] changing tag value of integer
ECDSA case 111 [invalid] changing tag value of integer
ECDSA case 112 [invalid] changing tag value of integer
ECDSA case 113 [invalid] changing tag value of integer
ECDSA case 114 [invalid] dropping value of integer
ECDSA case 115 [invalid] dropping value of integer
ECDSA case 116 [invalid] using composition for integer
ECDSA case 117 [invalid] using composition for integer
ECDSA case 118 [invalid] modify first byte of integer
ECDSA case 119 [invalid] modify first byte of integer
ECDSA case 120 [invalid] modify last byte of integer
ECDSA case 121 [invalid] modify last byte of integer
ECDSA case 122 [invalid] truncated integer
ECDSA case 123 [invalid] truncated integer
ECDSA case 124 [invalid] truncated integer
ECDSA case 125 [invalid] leading ff in integer
ECDSA case 126 [invalid] leading ff in integer
ECDSA case 127 [invalid] replaced integer by infinity
ECDSA case 128 [invalid] replaced integer by infinity
ECDSA case 129 [invalid] replacing integer with zero
ECDSA case 130 [invalid] replacing integer with zero
ECDSA case 131 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 132 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 133 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 134 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 135 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 136 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 137 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 138 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 139 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 140 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 141 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 142 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 143 [invalid] Modified r or s, e.g. by adding or subtracting the order of the group
ECDSA case 144 [invalid] Signature with special case values for r and s
ECDSA case 145 [invalid] Signature with special case values for r and s
ECDSA case 146 [invalid] Signature with special case values for r and s
ECDSA case 147 [invalid] Signature with special case values for r and s
ECDSA case 148 [invalid] Signature with special case values for r and s
ECDSA case 149 [invalid] Signature with special case values for r and s
ECDSA case 150 [invalid] Signature with special case values for r and s
ECDSA case 151 [invalid] Signature with special case values for r and s
ECDSA case 152 [invalid] Signature with special case values for r and s
ECDSA case 153 [invalid] Signature with special case values for r and s
ECDSA case 154 [invalid] Signature with special case values for r and s
ECDSA case 155 [invalid] Signature with special case values for r and s
ECDSA case 156 [invalid] Signature with special case values for r and s
ECDSA case 157 [invalid] Signature with special case values for r and s
ECDSA case 158 [invalid] Signature with special case values for r and s
ECDSA case 159 [invalid] Signature with special case values for r and s
ECDSA case 160 [invalid] Signature with special case values for r and s
ECDSA case 161 [invalid] Signature with special case values for r and s
ECDSA case 162 [invalid] Signature with special case values for r and s
ECDSA case 163 [invalid] Signature with special case values for r and s
ECDSA case 164 [invalid] Signature with special case values for r and s
ECDSA case 165 [invalid] Signature with special case values for r and s
ECDSA case 166 [invalid] Signature with special case values for r and s
ECDSA case 167 [invalid] Signature with special case values for r and s
ECDSA case 168 [invalid] Signature with special case values for r and s
ECDSA case 169 [invalid] Signature with special case values for r and s
ECDSA case 170 [invalid] Signature with special case values for r and s
ECDSA case 171 [invalid] Signature with special case values for r and s
ECDSA case 172 [invalid] Signature with special case values for r and s
ECDSA case 173 [invalid] Signature with special case values for r and s
ECDSA case 174 [invalid] Signature with special case values for r and s
ECDSA case 175 [invalid] Signature with special case values for r and s
ECDSA case 176 [invalid] Signature with special case values for r and s
ECDSA case 177 [invalid] Signature with special case values for r and s
ECDSA case 178 [invalid] Signature with special case values for r and s
ECDSA case 179 [invalid] Signature with special case values for r and s
ECDSA case 180 [invalid] Signature with special case values for r and s
ECDSA case 181 [invalid] Signature with special case values for r and s
ECDSA case 182 [invalid] Signature with special case values for r and s
ECDSA case 183 [invalid] Signature with special case values for r and s
ECDSA case 184 [invalid] Signature with special case values for r and s
ECDSA case 185 [invalid] Signature with special case values for r and s
ECDSA case 186 [invalid] Signature with special case values for r and s
ECDSA case 187 [invalid] Signature with special case values for r and s
ECDSA case 188 [invalid] Signature with special case values for r and s
ECDSA case 189 [invalid] Signature with special case values for r and s
ECDSA case 190 [invalid] Signature with special case values for r and s
ECDSA case 191 [invalid] Signature with special case values for r and s
ECDSA case 192 [invalid] Signature with special case values for r and s
ECDSA case 193 [invalid] Signature with special case values for r and s
ECDSA case 194 [invalid] Signature with special case values for r and s
ECDSA case 195 [invalid] Signature with special case values for r and s
ECDSA case 196 [invalid] Signature with special case values for r and s
ECDSA case 197 [invalid] Signature with special case values for r and s
ECDSA case 198 [invalid] Signature with special case values for r and s
ECDSA case 199 [invalid] Signature with special case values for r and s
ECDSA case 200 [invalid] Signature with special case values for r and s
ECDSA case 201 [invalid] Signature with special case values for r and s
ECDSA case 202 [invalid] Signature with special case values for r and s
ECDSA case 203 [invalid] Signature with special case values for r and s
ECDSA case 204 [invalid] Signature with special case values for r and s
ECDSA case 205 [invalid] Signature with special case values for r and s
ECDSA case 206 [invalid] Signature with special case values for r and s
ECDSA case 207 [invalid] Signature with special case values for r and s
ECDSA case 208 [invalid] Signature with special case values for r and s
ECDSA case 209 [invalid] Signature with special case values for r and s
ECDSA case 210 [invalid] Signature with special case values for r and s
ECDSA case 211 [invalid] Signature with special case values for r and s
ECDSA case 212 [invalid] Signature with special case values for r and s
ECDSA case 213 [invalid] Signature with special case values for r and s
ECDSA case 214 [invalid] Signature with special case values for r and s
ECDSA case 215 [invalid] Signature with special case values for r and s
ECDSA case 216 [invalid] Signature with special case values for r and s
ECDSA case 217 [invalid] Signature with special case values for r and s
ECDSA case 218 [invalid] Signature with special case values for r and s
ECDSA case 219 [invalid] Signature with special case values for r and s
ECDSA case 220 [invalid] Signature with special case values for r and s
ECDSA case 221 [invalid] Signature with special case values for r and s
ECDSA case 222 [invalid] Signature with special case values for r and s
ECDSA case 223 [invalid] Signature with special case values for r and s
ECDSA case 224 [invalid] Signature encoding contains wrong types.
ECDSA case 225 [invalid] Signature encoding contains wrong types.
ECDSA case 226 [invalid] Signature encoding contains wrong types.
ECDSA case 227 [invalid] Signature encoding contains wrong types.
ECDSA case 228 [invalid] Signature encoding contains wrong types.
ECDSA case 229 [invalid] Signature encoding contains wrong types.
ECDSA case 230 [valid] Edge case for Shamir multiplication
ECDSA case 231 [valid] special case hash
ECDSA case 232 [valid] special case hash
ECDSA case 233 [valid] special case hash
ECDSA case 234 [valid] special case hash
ECDSA case 235 [valid] special case hash
ECDSA case 236 [valid] special case hash
ECDSA case 237 [valid] special case hash
ECDSA case 238 [valid] special case hash
ECDSA case 239 [valid] special case hash
ECDSA case 240 [valid] special case hash
ECDSA case 241 [valid] special case hash
ECDSA case 242 [valid] special case hash
ECDSA case 243 [valid] special case hash
ECDSA case 244 [valid] special case hash
ECDSA case 245 [valid] special case hash
ECDSA case 246 [valid] special case hash
ECDSA case 247 [valid] special case hash
ECDSA case 248 [valid] special case hash
ECDSA case 249 [valid] special case hash
ECDSA case 250 [valid] special case hash
ECDSA case 251 [valid] special case hash
ECDSA case 252 [valid] special case hash
ECDSA case 253 [valid] special case hash
ECDSA case 254 [valid] special case hash
ECDSA case 255 [valid] special case hash
ECDSA case 256 [valid] special case hash
ECDSA case 257 [valid] special case hash
ECDSA case 258 [valid] special case hash
ECDSA case 259 [valid] special case hash
ECDSA case 260 [valid] special case hash
ECDSA case 261 [valid] special case hash
ECDSA case 262 [valid] special case hash
ECDSA case 263 [valid] special case hash
ECDSA case 264 [valid] special case hash
ECDSA case 265 [valid] special case hash
ECDSA case 266 [valid] special case hash
ECDSA case 267 [valid] special case hash
ECDSA case 268 [valid] special case hash
ECDSA case 269 [valid] special case hash
ECDSA case 270 [valid] special case hash
ECDSA case 271 [valid] special case hash
ECDSA case 272 [valid] special case hash
ECDSA case 273 [valid] special case hash
ECDSA case 274 [valid] special case hash
ECDSA case 275 [valid] special case hash
ECDSA case 276 [valid] special case hash
ECDSA case 277 [valid] special case hash
ECDSA case 278 [valid] special case hash
ECDSA case 279 [valid] special case hash
ECDSA case 280 [valid] special case hash
ECDSA case 281 [valid] special case hash
ECDSA case 282 [valid] special case hash
ECDSA case 283 [valid] special case hash
ECDSA case 284 [valid] special case hash
ECDSA case 285 [valid] special case hash
ECDSA case 286 [valid] special case hash
ECDSA case 287 [valid] special case hash
ECDSA case 288 [valid] special case hash
ECDSA case 289 [valid] special case hash
ECDSA case 290 [valid] special case hash
ECDSA case 291 [valid] special case hash
ECDSA case 292 [valid] special case hash
ECDSA case 293 [valid] special case hash
ECDSA case 294 [valid] special case hash
ECDSA case 295 [valid] special case hash
ECDSA case 296 [valid] special case hash
ECDSA case 297 [valid] special case hash
ECDSA case 298 [valid] special case hash
ECDSA case 299 [valid] special case hash
ECDSA case 300 [valid] special case hash
ECDSA case 301 [valid] special case hash
ECDSA case 302 [valid] special case hash
ECDSA case 303 [valid] special case hash
ECDSA case 304 [valid] special case hash
ECDSA case 305 [valid] special case hash
ECDSA case 306 [valid] special case hash
ECDSA case 307 [valid] special case hash
ECDSA case 308 [valid] special case hash
ECDSA case 309 [valid] special case hash
ECDSA case 310 [valid] special case hash
ECDSA case 311 [valid] special case hash
ECDSA case 312 [valid] special case hash
ECDSA case 313 [valid] special case hash
ECDSA case 314 [valid] special case hash
ECDSA case 315 [valid] special case hash
ECDSA case 316 [valid] special case hash
ECDSA case 317 [valid] k*G has a large x-coordinate
ECDSA case 318 [invalid] r too large
ECDSA case 319 [valid] r,s are large
ECDSA case 320 [valid] r and s^-1 have a large Hamming weight
ECDSA case 321 [valid] r and s^-1 have a large Hamming weight
ECDSA case 322 [valid] small r and s
ECDSA case 323 [valid] small r and s
ECDSA case 324 [valid] small r and s
ECDSA case 325 [invalid] r is larger than n
ECDSA case 326 [invalid] s is larger than n
ECDSA case 327 [valid] small r and s^-1
ECDSA case 328 [valid] smallish r and s^-1
ECDSA case 329 [valid] 100-bit r and small s^-1
ECDSA case 330 [valid] small r and 100 bit s^-1
ECDSA case 331 [valid] 100-bit r and s^-1
ECDSA case 332 [valid] r and s^-1 are close to n
ECDSA case 333 [valid] s == 1
ECDSA case 334 [invalid] s == 0
ECDSA case 335 [invalid] point at infinity during verify
ECDSA case 336 [valid] edge case for signature malleability
ECDSA case 337 [valid] edge case for signature malleability
ECDSA case 338 [valid] u1 == 1
ECDSA case 339 [valid] u1 == n - 1
ECDSA case 340 [valid] u2 == 1
ECDSA case 341 [valid] u2 == n - 1
ECDSA case 342 [valid] edge case for u1
ECDSA case 343 [valid] edge case for u1
ECDSA case 344 [valid] edge case for u1
ECDSA case 345 [valid] edge case for u1
ECDSA case 346 [valid] edge case for u1
ECDSA case 347 [valid] edge case for u1
ECDSA case 348 [valid] edge case for u1
ECDSA case 349 [valid] edge case for u1
ECDSA case 350 [valid] edge case for u1
ECDSA case 351 [valid] edge case for u1
ECDSA case 352 [valid] edge case for u1
ECDSA case 353 [valid] edge case for u1
ECDSA case 354 [valid] edge case for u2
ECDSA case 355 [valid] edge case for u2
ECDSA case 356 [valid] edge case for u2
ECDSA case 357 [valid] edge case for u2
ECDSA case 358 [valid] edge case for u2
ECDSA case 359 [valid] edge case for u2
ECDSA case 360 [valid] edge case for u2
ECDSA case 361 [valid] edge case for u2
ECDSA case 362 [valid] edge case for u2
ECDSA case 363 [valid] edge case for u2
ECDSA case 364 [valid] edge case for u2
ECDSA case 365 [valid] edge case for u2
ECDSA case 366 [valid] point duplication during verification
ECDSA case 367 [invalid] duplication bug
ECDSA case 368 [invalid] point with x-coordinate 0
ECDSA case 369 [invalid] point with x-coordinate 0
ECDSA case 370 [invalid] comparison with point at infinity
ECDSA case 371 [valid] extreme value for k and edgecase s
ECDSA case 372 [valid] extreme value for k and s^-1
ECDSA case 373 [valid] extreme value for k and s^-1
ECDSA case 374 [valid] extreme value for k and s^-1
ECDSA case 375 [valid] extreme value for k and s^-1
ECDSA case 376 [valid] extreme value for k
ECDSA case 377 [valid] extreme value for k and edgecase s
ECDSA case 378 [valid] extreme value for k and s^-1
ECDSA case 379 [valid] extreme value for k and s^-1
ECDSA case 380 [valid] extreme value for k and s^-1
ECDSA case 381 [valid] extreme value for k and s^-1
ECDSA case 382 [valid] extreme value for k
ECDSA case 383 [invalid] testing point duplication
ECDSA case 384 [invalid] testing point duplication
ECDSA case 385 [invalid] testing point duplication
ECDSA case 386 [invalid] testing point duplication
ECDSA case 387 [valid] pseudorandom signature
ECDSA case 388 [valid] pseudorandom signature
ECDSA case 389 [valid] pseudorandom signature
ECDSA case 390 [valid] pseudorandom signature
ECDSA case 391 [valid] x-coordinate of the public key is large
ECDSA case 392 [valid] x-coordinate of the public key is large
ECDSA case 393 [valid] x-coordinate of the public key is large
ECDSA case 394 [valid] y-coordinate of the public key has many trailing 0's
ECDSA case 395 [valid] y-coordinate of the public key has many trailing 0's
ECDSA case 396 [valid] y-coordinate of the public key has many trailing 0's
ECDSA case 397 [valid] x-coordinate of the public key has many trailing 0's
ECDSA case 398 [valid] x-coordinate of the public key has many trailing 0's
ECDSA case 399 [valid] x-coordinate of the public key has many trailing 0's
ECDSA case 400 [valid] x-coordinate of the public key is small
ECDSA case 401 [valid] x-coordinate of the public key is small
ECDSA case 402 [valid] x-coordinate of the public key is small
ECDSA case 403 [valid] y-coordinate of the public key is small
ECDSA case 404 [valid] y-coordinate of the public key is small
ECDSA case 405 [valid] y-coordinate of the public key is small
ECDSA case 406 [valid] y-coordinate of the public key is large
ECDSA case 407 [valid] y-coordinate of the public key is large
ECDSA case 408 [valid] y-coordinate of the public key is large
This was referenced May 28, 2022
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated using the
wycheproof2blbutility:This required a small change to
wycheproof2blb:RustCrypto/utils#767
Includes the following test vectors: