diff --git a/group/expander.go b/group/expander.go new file mode 100644 index 00000000..7de85abd --- /dev/null +++ b/group/expander.go @@ -0,0 +1,147 @@ +package group + +import ( + "crypto" + "encoding/binary" + "errors" + "io" + + "github.com/cloudflare/circl/xof" +) + +type Expander interface { + // Expand generates a pseudo-random byte string of a determined length by + // expanding an input string. + Expand(in []byte, length uint) (pseudo []byte) +} + +type expanderMD struct { + h crypto.Hash + dst []byte +} + +// NewExpanderMD returns a hash function based on a Merkle-Damgård hash function. +func NewExpanderMD(h crypto.Hash, dst []byte) *expanderMD { + return &expanderMD{h, dst} +} + +func (e *expanderMD) calcDSTPrime() []byte { + var dstPrime []byte + if l := len(e.dst); l > maxDSTLength { + H := e.h.New() + mustWrite(H, longDSTPrefix[:]) + mustWrite(H, e.dst) + dstPrime = H.Sum(nil) + } else { + dstPrime = make([]byte, l, l+1) + copy(dstPrime, e.dst) + } + return append(dstPrime, byte(len(dstPrime))) +} + +func (e *expanderMD) Expand(in []byte, n uint) []byte { + H := e.h.New() + bLen := uint(H.Size()) + ell := (n + (bLen - 1)) / bLen + if ell > 255 { + panic(errorLongOutput) + } + + zPad := make([]byte, H.BlockSize()) + libStr := []byte{0, 0} + libStr[0] = byte((n >> 8) & 0xFF) + libStr[1] = byte(n & 0xFF) + dstPrime := e.calcDSTPrime() + + H.Reset() + mustWrite(H, zPad) + mustWrite(H, in) + mustWrite(H, libStr) + mustWrite(H, []byte{0}) + mustWrite(H, dstPrime) + b0 := H.Sum(nil) + + H.Reset() + mustWrite(H, b0) + mustWrite(H, []byte{1}) + mustWrite(H, dstPrime) + bi := H.Sum(nil) + pseudo := append([]byte{}, bi...) + for i := uint(2); i <= ell; i++ { + H.Reset() + for i := range b0 { + bi[i] ^= b0[i] + } + mustWrite(H, bi) + mustWrite(H, []byte{byte(i)}) + mustWrite(H, dstPrime) + bi = H.Sum(nil) + pseudo = append(pseudo, bi...) + } + return pseudo[0:n] +} + +// expanderXOF is based on an extendable output function. +type expanderXOF struct { + id xof.ID + kSecLevel uint + dst []byte +} + +// NewExpanderXOF returns an Expander based on an extendable output function. +// The kSecLevel parameter is the target security level in bits, and dst is +// a domain separation string. +func NewExpanderXOF(id xof.ID, kSecLevel uint, dst []byte) *expanderXOF { + return &expanderXOF{id, kSecLevel, dst} +} + +// Expand panics if output's length is longer than 2^16 bytes. +func (e *expanderXOF) Expand(in []byte, n uint) []byte { + bLen := []byte{0, 0} + binary.BigEndian.PutUint16(bLen, uint16(n)) + pseudo := make([]byte, n) + dstPrime := e.calcDSTPrime() + + H := e.id.New() + mustWrite(H, in) + mustWrite(H, bLen) + mustWrite(H, dstPrime) + mustReadFull(H, pseudo) + return pseudo +} + +func (e *expanderXOF) calcDSTPrime() []byte { + var dstPrime []byte + if l := len(e.dst); l > maxDSTLength { + H := e.id.New() + mustWrite(H, longDSTPrefix[:]) + mustWrite(H, e.dst) + max := ((2 * e.kSecLevel) + 7) / 8 + dstPrime = make([]byte, max, max+1) + mustReadFull(H, dstPrime) + } else { + dstPrime = make([]byte, l, l+1) + copy(dstPrime, e.dst) + } + return append(dstPrime, byte(len(dstPrime))) +} + +func mustWrite(w io.Writer, b []byte) { + if n, err := w.Write(b); err != nil || n != len(b) { + panic(err) + } +} + +func mustReadFull(r io.Reader, b []byte) { + if n, err := io.ReadFull(r, b); err != nil || n != len(b) { + panic(err) + } +} + +const maxDSTLength = 255 + +var ( + longDSTPrefix = [17]byte{'H', '2', 'C', '-', 'O', 'V', 'E', 'R', 'S', 'I', 'Z', 'E', '-', 'D', 'S', 'T', '-'} + + errorLongOutput = errors.New("requested too many bytes") +) diff --git a/group/expander_test.go b/group/expander_test.go new file mode 100644 index 00000000..e8d587fb --- /dev/null +++ b/group/expander_test.go @@ -0,0 +1,112 @@ +package group_test + +import ( + "bytes" + "crypto" + "encoding/hex" + "encoding/json" + "fmt" + "os" + "path/filepath" + "strconv" + "testing" + + "github.com/cloudflare/circl/group" + "github.com/cloudflare/circl/internal/test" + "github.com/cloudflare/circl/xof" +) + +func TestExpander(t *testing.T) { + fileNames, err := filepath.Glob("./testdata/expand*.json") + if err != nil { + t.Fatal(err) + } + + for _, fileName := range fileNames { + f, err := os.Open(fileName) + if err != nil { + t.Fatal(err) + } + dec := json.NewDecoder(f) + var v vectorExpanderSuite + err = dec.Decode(&v) + if err != nil { + t.Fatal(err) + } + f.Close() + + t.Run(v.Name+"/"+v.Hash, func(t *testing.T) { testExpander(t, &v) }) + } +} + +func testExpander(t *testing.T, vs *vectorExpanderSuite) { + var exp group.Expander + switch vs.Hash { + case "SHA256": + exp = group.NewExpanderMD(crypto.SHA256, []byte(vs.DST)) + case "SHA512": + exp = group.NewExpanderMD(crypto.SHA512, []byte(vs.DST)) + case "SHAKE128": + exp = group.NewExpanderXOF(xof.SHAKE128, 0, []byte(vs.DST)) + case "SHAKE256": + exp = group.NewExpanderXOF(xof.SHAKE256, 0, []byte(vs.DST)) + default: + t.Skip("hash not supported: " + vs.Hash) + } + + for i, v := range vs.Tests { + lenBytes, err := strconv.ParseUint(v.Len, 0, 64) + if err != nil { + t.Fatal(err) + } + + got := exp.Expand([]byte(v.Msg), uint(lenBytes)) + want, err := hex.DecodeString(v.UniformBytes) + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(got, want) { + test.ReportError(t, got, want, i) + } + } +} + +type vectorExpanderSuite struct { + DST string `json:"DST"` + Hash string `json:"hash"` + Name string `json:"name"` + Tests []struct { + DstPrime string `json:"DST_prime"` + Len string `json:"len_in_bytes"` + Msg string `json:"msg"` + MsgPrime string `json:"msg_prime"` + UniformBytes string `json:"uniform_bytes"` + } `json:"tests"` +} + +func BenchmarkExpander(b *testing.B) { + in := []byte("input") + dst := []byte("dst") + + for _, v := range []struct { + Name string + Exp group.Expander + }{ + {"XMD", group.NewExpanderMD(crypto.SHA256, dst)}, + {"XOF", group.NewExpanderXOF(xof.SHAKE128, 0, dst)}, + } { + exp := v.Exp + for l := 8; l <= 10; l++ { + max := int64(1) << uint(l) + + b.Run(fmt.Sprintf("%v/%v", v.Name, max), func(b *testing.B) { + b.SetBytes(max) + b.ResetTimer() + for i := 0; i < b.N; i++ { + exp.Expand(in, uint(max)) + } + }) + } + } +} diff --git a/group/group.go b/group/group.go index 1ad58465..1650861d 100644 --- a/group/group.go +++ b/group/group.go @@ -2,21 +2,9 @@ package group import ( - "crypto/elliptic" "encoding" "errors" "io" - - "github.com/cloudflare/circl/ecc/p384" -) - -var ( - // P256 is the group generated by P-256 elliptic curve. - P256 Group = wG{elliptic.P256()} - // P384 is the group generated by P-384 elliptic curve. - P384 Group = wG{p384.P384()} - // P521 is the group generated by P-521 elliptic curve. - P521 Group = wG{elliptic.P521()} ) type Params struct { @@ -36,6 +24,7 @@ type Group interface { RandomElement(io.Reader) Element RandomScalar(io.Reader) Scalar HashToElement(data, dst []byte) Element + HashToElementNonUniform(b, dst []byte) Element HashToScalar(data, dst []byte) Scalar } diff --git a/group/group_test.go b/group/group_test.go index e34c2c28..89e74afe 100644 --- a/group/group_test.go +++ b/group/group_test.go @@ -10,14 +10,16 @@ import ( "github.com/cloudflare/circl/internal/test" ) +var allGroups = []group.Group{ + group.P256, + group.P384, + group.P521, + group.Ristretto255, +} + func TestGroup(t *testing.T) { const testTimes = 1 << 7 - for _, g := range []group.Group{ - group.P256, - group.P384, - group.P521, - group.Ristretto255, - } { + for _, g := range allGroups { g := g n := g.(fmt.Stringer).String() t.Run(n+"/Add", func(tt *testing.T) { testAdd(tt, testTimes, g) }) @@ -126,14 +128,16 @@ func isZero(b []byte) bool { func testMarshal(t *testing.T, testTimes int, g group.Group) { params := g.Params() I := g.Identity() - got, _ := I.MarshalBinary() + got, err := I.MarshalBinary() + test.CheckNoErr(t, err, "error on MarshalBinary") if !isZero(got) { test.ReportError(t, got, "Non-zero identity") } if l := uint(len(got)); !(l == 1 || l == params.ElementLength) { test.ReportError(t, l, params.ElementLength) } - got, _ = I.MarshalBinaryCompress() + got, err = I.MarshalBinaryCompress() + test.CheckNoErr(t, err, "error on MarshalBinaryCompress") if !isZero(got) { test.ReportError(t, got, "Non-zero identity") } @@ -141,7 +145,7 @@ func testMarshal(t *testing.T, testTimes int, g group.Group) { test.ReportError(t, l, params.CompressedElementLength) } II := g.NewElement() - err := II.UnmarshalBinary(got) + err = II.UnmarshalBinary(got) if err != nil || !I.IsEqual(II) { test.ReportError(t, I, II) } @@ -203,11 +207,7 @@ func testScalar(t *testing.T, testTimes int, g group.Group) { } func BenchmarkElement(b *testing.B) { - for _, g := range []group.Group{ - group.P256, - group.P384, - group.P521, - } { + for _, g := range allGroups { x := g.RandomElement(rand.Reader) y := g.RandomElement(rand.Reader) n := g.RandomScalar(rand.Reader) @@ -236,11 +236,7 @@ func BenchmarkElement(b *testing.B) { } func BenchmarkScalar(b *testing.B) { - for _, g := range []group.Group{ - group.P256, - group.P384, - group.P521, - } { + for _, g := range allGroups { x := g.RandomScalar(rand.Reader) y := g.RandomScalar(rand.Reader) name := g.(fmt.Stringer).String() @@ -261,24 +257,3 @@ func BenchmarkScalar(b *testing.B) { }) } } - -func BenchmarkHash(b *testing.B) { - for _, g := range []group.Group{ - group.P256, - group.P384, - group.P521, - } { - g := g - name := g.(fmt.Stringer).String() - b.Run(name+"/HashToElement", func(b *testing.B) { - for i := 0; i < b.N; i++ { - g.HashToElement(nil, nil) - } - }) - b.Run(name+"/HashToScalar", func(b *testing.B) { - for i := 0; i < b.N; i++ { - g.HashToScalar(nil, nil) - } - }) - } -} diff --git a/group/hash.go b/group/hash.go index f0eab8d7..c805f29e 100644 --- a/group/hash.go +++ b/group/hash.go @@ -1,9 +1,6 @@ package group -import ( - "crypto" - "math/big" -) +import "math/big" // HashToField generates a set of elements {u1,..., uN} = Hash(b) where each // u in GF(p) and L is the security parameter. @@ -15,75 +12,3 @@ func HashToField(u []big.Int, b []byte, e Expander, p *big.Int, L uint) { u[i].Mod(u[i].SetBytes(bytes[j:j+L]), p) } } - -const maxDSTLength = 255 - -var longDSTPrefix = [17]byte{'H', '2', 'C', '-', 'O', 'V', 'E', 'R', 'S', 'I', 'Z', 'E', '-', 'D', 'S', 'T', '-'} - -type Expander interface { - // Expand generates a pseudo-random byte string of a determined length by - // expanding an input string. - Expand(in []byte, length uint) (pseudo []byte) -} - -type expanderXMD struct { - h crypto.Hash - dst []byte -} - -// NewExpanderMD returns a hash function based on a Merkle-Damgård hash function. -func NewExpanderMD(h crypto.Hash, dst []byte) Expander { - var dstPrime []byte - if l := len(dst); l > maxDSTLength { - H := h.New() - _, _ = H.Write(longDSTPrefix[:]) - _, _ = H.Write(dst) - dstPrime = H.Sum(nil) - } else { - dstPrime = make([]byte, l, l+1) - copy(dstPrime, dst) - } - dstPrime = append(dstPrime, byte(len(dstPrime))) - return expanderXMD{h, dstPrime} -} - -func (e expanderXMD) Expand(in []byte, n uint) []byte { - H := e.h.New() - bLen := uint(H.Size()) - ell := (n + (bLen - 1)) / bLen - if ell > 255 { - panic("too big") - } - - zPad := make([]byte, H.BlockSize()) - libStr := []byte{0, 0} - libStr[0] = byte((n >> 8) & 0xFF) - libStr[1] = byte(n & 0xFF) - - H.Reset() - _, _ = H.Write(zPad) - _, _ = H.Write(in) - _, _ = H.Write(libStr) - _, _ = H.Write([]byte{0}) - _, _ = H.Write(e.dst) - b0 := H.Sum(nil) - - H.Reset() - _, _ = H.Write(b0) - _, _ = H.Write([]byte{1}) - _, _ = H.Write(e.dst) - bi := H.Sum(nil) - pseudo := append([]byte{}, bi...) - for i := uint(2); i <= ell; i++ { - H.Reset() - for i := range b0 { - bi[i] ^= b0[i] - } - _, _ = H.Write(bi) - _, _ = H.Write([]byte{byte(i)}) - _, _ = H.Write(e.dst) - bi = H.Sum(nil) - pseudo = append(pseudo, bi...) - } - return pseudo[0:n] -} diff --git a/group/hash_test.go b/group/hash_test.go new file mode 100644 index 00000000..51b44ad7 --- /dev/null +++ b/group/hash_test.go @@ -0,0 +1,136 @@ +package group_test + +import ( + "encoding/hex" + "encoding/json" + "fmt" + "os" + "path/filepath" + "testing" + + "github.com/cloudflare/circl/group" + "github.com/cloudflare/circl/internal/test" +) + +func TestHashToElement(t *testing.T) { + fileNames, err := filepath.Glob("./testdata/P*.json") + if err != nil { + t.Fatal(err) + } + + for _, fileName := range fileNames { + f, err := os.Open(fileName) + if err != nil { + t.Fatal(err) + } + dec := json.NewDecoder(f) + var v vectorSuite + err = dec.Decode(&v) + if err != nil { + t.Fatal(err) + } + f.Close() + + t.Run(v.Ciphersuite, func(t *testing.T) { testHashing(t, &v) }) + } +} + +func testHashing(t *testing.T, vs *vectorSuite) { + var G group.Group + switch vs.Ciphersuite[0:4] { + case "P256": + G = group.P256 + case "P384": + G = group.P384 + case "P521": + G = group.P521 + default: + t.Fatal("non supported suite") + } + + hashFunc := G.HashToElement + if !vs.RandomOracle { + hashFunc = G.HashToElementNonUniform + } + + want := G.NewElement() + for i, v := range vs.Vectors { + got := hashFunc([]byte(v.Msg), []byte(vs.Dst)) + err := want.UnmarshalBinary(v.P.toBytes()) + if err != nil { + t.Fatal(err) + } + + if !got.IsEqual(want) { + test.ReportError(t, got, want, i) + } + } +} + +type vectorSuite struct { + L string `json:"L"` + Z string `json:"Z"` + Ciphersuite string `json:"ciphersuite"` + Curve string `json:"curve"` + Dst string `json:"dst"` + Expand string `json:"expand"` + Field struct { + M string `json:"m"` + P string `json:"p"` + } `json:"field"` + Hash string `json:"hash"` + K string `json:"k"` + Map struct { + Name string `json:"name"` + } `json:"map"` + RandomOracle bool `json:"randomOracle"` + Vectors []vector `json:"vectors"` +} + +type point struct { + X string `json:"x"` + Y string `json:"y"` +} + +func (p point) toBytes() []byte { + x, err := hex.DecodeString(p.X[2:]) + if err != nil { + panic(err) + } + y, err := hex.DecodeString(p.Y[2:]) + if err != nil { + panic(err) + } + return append(append([]byte{0x04}, x...), y...) +} + +type vector struct { + P point `json:"P"` + Q0 point `json:"Q0,omitempty"` + Q1 point `json:"Q1,omitempty"` + Q point `json:"Q,omitempty"` + Msg string `json:"msg"` + U []string `json:"u"` +} + +func BenchmarkHash(b *testing.B) { + for _, g := range allGroups { + g := g + name := g.(fmt.Stringer).String() + b.Run(name+"/HashToElement", func(b *testing.B) { + for i := 0; i < b.N; i++ { + g.HashToElement(nil, nil) + } + }) + b.Run(name+"/HashToElementNonUniform", func(b *testing.B) { + for i := 0; i < b.N; i++ { + g.HashToElementNonUniform(nil, nil) + } + }) + b.Run(name+"/HashToScalar", func(b *testing.B) { + for i := 0; i < b.N; i++ { + g.HashToScalar(nil, nil) + } + }) + } +} diff --git a/group/ristretto255.go b/group/ristretto255.go index 61f8cc77..9f5babfc 100644 --- a/group/ristretto255.go +++ b/group/ristretto255.go @@ -9,6 +9,7 @@ import ( ) var ( + // Ristretto255 is a quotient group generated from edwards25519 curve. Ristretto255 Group = ristrettoGroup{} ) @@ -81,7 +82,9 @@ func (g ristrettoGroup) RandomScalar(r io.Reader) Scalar { s: x, } } - +func (g ristrettoGroup) HashToElementNonUniform(b, dst []byte) Element { + return g.HashToElement(b, dst) +} func (g ristrettoGroup) HashToElement(msg, dst []byte) Element { xmd := NewExpanderMD(crypto.SHA512, dst) data := xmd.Expand(msg, 64) diff --git a/group/short.go b/group/short.go index d0a60fe2..5750cbbe 100644 --- a/group/short.go +++ b/group/short.go @@ -9,6 +9,17 @@ import ( "fmt" "io" "math/big" + + "github.com/cloudflare/circl/ecc/p384" +) + +var ( + // P256 is the group generated by P-256 elliptic curve. + P256 Group = wG{elliptic.P256()} + // P384 is the group generated by P-384 elliptic curve. + P384 Group = wG{p384.P384()} + // P521 is the group generated by P-521 elliptic curve. + P521 Group = wG{elliptic.P521()} ) type wG struct { @@ -16,22 +27,27 @@ type wG struct { } func (g wG) String() string { return g.c.Params().Name } -func (g wG) NewElement() Element { return g.Identity() } -func (g wG) NewScalar() Scalar { return &wScl{g, nil} } -func (g wG) Identity() Element { return &wElt{g, new(big.Int), new(big.Int)} } +func (g wG) NewElement() Element { return g.zeroElement() } +func (g wG) NewScalar() Scalar { return g.zeroScalar() } +func (g wG) Identity() Element { return g.zeroElement() } +func (g wG) zeroScalar() *wScl { return &wScl{g, nil} } +func (g wG) zeroElement() *wElt { return &wElt{g, new(big.Int), new(big.Int)} } func (g wG) Generator() Element { return &wElt{g, g.c.Params().Gx, g.c.Params().Gy} } func (g wG) Order() Scalar { s := &wScl{g, nil}; s.fromBig(g.c.Params().N); return s } func (g wG) RandomElement(rd io.Reader) Element { b := make([]byte, (g.c.Params().BitSize+7)/8) - _, _ = io.ReadFull(rd, b) + mustReadFull(rd, b) return g.HashToElement(b, nil) } func (g wG) RandomScalar(rd io.Reader) Scalar { b := make([]byte, (g.c.Params().BitSize+7)/8) - _, _ = io.ReadFull(rd, b) + mustReadFull(rd, b) return g.HashToScalar(b, nil) } func (g wG) cvtElt(e Element) *wElt { + if e == nil { + return g.zeroElement() + } ee, ok := e.(*wElt) if !ok || g.c.Params().BitSize != ee.c.Params().BitSize { panic(ErrType) @@ -39,6 +55,9 @@ func (g wG) cvtElt(e Element) *wElt { return ee } func (g wG) cvtScl(s Scalar) *wScl { + if s == nil { + return g.zeroScalar() + } ss, ok := s.(*wScl) if !ok || g.c.Params().BitSize != ss.c.Params().BitSize { panic(ErrType) @@ -53,6 +72,13 @@ func (g wG) Params() *Params { ScalarLength: fieldLen, } } +func (g wG) HashToElementNonUniform(b, dst []byte) Element { + var u [1]big.Int + mapping, h, L := g.mapToCurveParams() + xmd := NewExpanderMD(h, dst) + HashToField(u[:], b, xmd, g.c.Params().P, L) + return mapping(&u[0]) +} func (g wG) HashToElement(b, dst []byte) Element { var u [2]big.Int mapping, h, L := g.mapToCurveParams() @@ -175,7 +201,9 @@ func (s *wScl) IsEqual(a Scalar) bool { return subtle.ConstantTimeCompare(s.k, aa.k) == 1 } func (s *wScl) fromBig(b *big.Int) { - _ = s.UnmarshalBinary(b.Bytes()) + if err := s.UnmarshalBinary(b.Bytes()); err != nil { + panic(err) + } } func (s *wScl) Add(a, b Scalar) Scalar { aa, bb := s.cvtScl(a), s.cvtScl(b) diff --git a/group/testdata/P256_XMD:SHA-256_SSWU_NU_.json b/group/testdata/P256_XMD:SHA-256_SSWU_NU_.json new file mode 100644 index 00000000..f88c4605 --- /dev/null +++ b/group/testdata/P256_XMD:SHA-256_SSWU_NU_.json @@ -0,0 +1,90 @@ +{ + "L": "0x30", + "Z": "0xffffffff00000001000000000000000000000000fffffffffffffffffffffff5", + "ciphersuite": "P256_XMD:SHA-256_SSWU_NU_", + "curve": "NIST P-256", + "dst": "QUUX-V01-CS02-with-P256_XMD:SHA-256_SSWU_NU_", + "expand": "XMD", + "field": { + "m": "0x1", + "p": "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff" + }, + "hash": "sha256", + "k": "0x80", + "map": { + "name": "SSWU" + }, + "randomOracle": false, + "vectors": [ + { + "P": { + "x": "0xf871caad25ea3b59c16cf87c1894902f7e7b2c822c3d3f73596c5ace8ddd14d1", + "y": "0x87b9ae23335bee057b99bac1e68588b18b5691af476234b8971bc4f011ddc99b" + }, + "Q": { + "x": "0xf871caad25ea3b59c16cf87c1894902f7e7b2c822c3d3f73596c5ace8ddd14d1", + "y": "0x87b9ae23335bee057b99bac1e68588b18b5691af476234b8971bc4f011ddc99b" + }, + "msg": "", + "u": [ + "0xb22d487045f80e9edcb0ecc8d4bf77833e2bf1f3a54004d7df1d57f4802d311f" + ] + }, + { + "P": { + "x": "0xfc3f5d734e8dce41ddac49f47dd2b8a57257522a865c124ed02b92b5237befa4", + "y": "0xfe4d197ecf5a62645b9690599e1d80e82c500b22ac705a0b421fac7b47157866" + }, + "Q": { + "x": "0xfc3f5d734e8dce41ddac49f47dd2b8a57257522a865c124ed02b92b5237befa4", + "y": "0xfe4d197ecf5a62645b9690599e1d80e82c500b22ac705a0b421fac7b47157866" + }, + "msg": "abc", + "u": [ + "0xc7f96eadac763e176629b09ed0c11992225b3a5ae99479760601cbd69c221e58" + ] + }, + { + "P": { + "x": "0xf164c6674a02207e414c257ce759d35eddc7f55be6d7f415e2cc177e5d8faa84", + "y": "0x3aa274881d30db70485368c0467e97da0e73c18c1d00f34775d012b6fcee7f97" + }, + "Q": { + "x": "0xf164c6674a02207e414c257ce759d35eddc7f55be6d7f415e2cc177e5d8faa84", + "y": "0x3aa274881d30db70485368c0467e97da0e73c18c1d00f34775d012b6fcee7f97" + }, + "msg": "abcdef0123456789", + "u": [ + "0x314e8585fa92068b3ea2c3bab452d4257b38be1c097d58a21890456c2929614d" + ] + }, + { + "P": { + "x": "0x324532006312be4f162614076460315f7a54a6f85544da773dc659aca0311853", + "y": "0x8d8197374bcd52de2acfefc8a54fe2c8d8bebd2a39f16be9b710e4b1af6ef883" + }, + "Q": { + "x": "0x324532006312be4f162614076460315f7a54a6f85544da773dc659aca0311853", + "y": "0x8d8197374bcd52de2acfefc8a54fe2c8d8bebd2a39f16be9b710e4b1af6ef883" + }, + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "u": [ + "0x752d8eaa38cd785a799a31d63d99c2ae4261823b4a367b133b2c6627f48858ab" + ] + }, + { + "P": { + "x": "0x5c4bad52f81f39c8e8de1260e9a06d72b8b00a0829a8ea004a610b0691bea5d9", + "y": "0xc801e7c0782af1f74f24fc385a8555da0582032a3ce038de637ccdcb16f7ef7b" + }, + "Q": { + "x": "0x5c4bad52f81f39c8e8de1260e9a06d72b8b00a0829a8ea004a610b0691bea5d9", + "y": "0xc801e7c0782af1f74f24fc385a8555da0582032a3ce038de637ccdcb16f7ef7b" + }, + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "u": [ + "0x0e1527840b9df2dfbef966678ff167140f2b27c4dccd884c25014dce0e41dfa3" + ] + } + ] +} diff --git a/group/testdata/P256_XMD:SHA-256_SSWU_RO_.json b/group/testdata/P256_XMD:SHA-256_SSWU_RO_.json new file mode 100644 index 00000000..cf5736ad --- /dev/null +++ b/group/testdata/P256_XMD:SHA-256_SSWU_RO_.json @@ -0,0 +1,115 @@ +{ + "L": "0x30", + "Z": "0xffffffff00000001000000000000000000000000fffffffffffffffffffffff5", + "ciphersuite": "P256_XMD:SHA-256_SSWU_RO_", + "curve": "NIST P-256", + "dst": "QUUX-V01-CS02-with-P256_XMD:SHA-256_SSWU_RO_", + "expand": "XMD", + "field": { + "m": "0x1", + "p": "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff" + }, + "hash": "sha256", + "k": "0x80", + "map": { + "name": "SSWU" + }, + "randomOracle": true, + "vectors": [ + { + "P": { + "x": "0x2c15230b26dbc6fc9a37051158c95b79656e17a1a920b11394ca91c44247d3e4", + "y": "0x8a7a74985cc5c776cdfe4b1f19884970453912e9d31528c060be9ab5c43e8415" + }, + "Q0": { + "x": "0xab640a12220d3ff283510ff3f4b1953d09fad35795140b1c5d64f313967934d5", + "y": "0xdccb558863804a881d4fff3455716c836cef230e5209594ddd33d85c565b19b1" + }, + "Q1": { + "x": "0x51cce63c50d972a6e51c61334f0f4875c9ac1cd2d3238412f84e31da7d980ef5", + "y": "0xb45d1a36d00ad90e5ec7840a60a4de411917fbe7c82c3949a6e699e5a1b66aac" + }, + "msg": "", + "u": [ + "0xad5342c66a6dd0ff080df1da0ea1c04b96e0330dd89406465eeba11582515009", + "0x8c0f1d43204bd6f6ea70ae8013070a1518b43873bcd850aafa0a9e220e2eea5a" + ] + }, + { + "P": { + "x": "0x0bb8b87485551aa43ed54f009230450b492fead5f1cc91658775dac4a3388a0f", + "y": "0x5c41b3d0731a27a7b14bc0bf0ccded2d8751f83493404c84a88e71ffd424212e" + }, + "Q0": { + "x": "0x5219ad0ddef3cc49b714145e91b2f7de6ce0a7a7dc7406c7726c7e373c58cb48", + "y": "0x7950144e52d30acbec7b624c203b1996c99617d0b61c2442354301b191d93ecf" + }, + "Q1": { + "x": "0x019b7cb4efcfeaf39f738fe638e31d375ad6837f58a852d032ff60c69ee3875f", + "y": "0x589a62d2b22357fed5449bc38065b760095ebe6aeac84b01156ee4252715446e" + }, + "msg": "abc", + "u": [ + "0xafe47f2ea2b10465cc26ac403194dfb68b7f5ee865cda61e9f3e07a537220af1", + "0x379a27833b0bfe6f7bdca08e1e83c760bf9a338ab335542704edcd69ce9e46e0" + ] + }, + { + "P": { + "x": "0x65038ac8f2b1def042a5df0b33b1f4eca6bff7cb0f9c6c1526811864e544ed80", + "y": "0xcad44d40a656e7aff4002a8de287abc8ae0482b5ae825822bb870d6df9b56ca3" + }, + "Q0": { + "x": "0xa17bdf2965eb88074bc01157e644ed409dac97cfcf0c61c998ed0fa45e79e4a2", + "y": "0x4f1bc80c70d411a3cc1d67aeae6e726f0f311639fee560c7f5a664554e3c9c2e" + }, + "Q1": { + "x": "0x7da48bb67225c1a17d452c983798113f47e438e4202219dd0715f8419b274d66", + "y": "0xb765696b2913e36db3016c47edb99e24b1da30e761a8a3215dc0ec4d8f96e6f9" + }, + "msg": "abcdef0123456789", + "u": [ + "0x0fad9d125a9477d55cf9357105b0eb3a5c4259809bf87180aa01d651f53d312c", + "0xb68597377392cd3419d8fcc7d7660948c8403b19ea78bbca4b133c9d2196c0fb" + ] + }, + { + "P": { + "x": "0x4be61ee205094282ba8a2042bcb48d88dfbb609301c49aa8b078533dc65a0b5d", + "y": "0x98f8df449a072c4721d241a3b1236d3caccba603f916ca680f4539d2bfb3c29e" + }, + "Q0": { + "x": "0xc76aaa823aeadeb3f356909cb08f97eee46ecb157c1f56699b5efebddf0e6398", + "y": "0x776a6f45f528a0e8d289a4be12c4fab80762386ec644abf2bffb9b627e4352b1" + }, + "Q1": { + "x": "0x418ac3d85a5ccc4ea8dec14f750a3a9ec8b85176c95a7022f391826794eb5a75", + "y": "0xfd6604f69e9d9d2b74b072d14ea13050db72c932815523305cb9e807cc900aff" + }, + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "u": [ + "0x3bbc30446f39a7befad080f4d5f32ed116b9534626993d2cc5033f6f8d805919", + "0x76bb02db019ca9d3c1e02f0c17f8baf617bbdae5c393a81d9ce11e3be1bf1d33" + ] + }, + { + "P": { + "x": "0x457ae2981f70ca85d8e24c308b14db22f3e3862c5ea0f652ca38b5e49cd64bc5", + "y": "0xecb9f0eadc9aeed232dabc53235368c1394c78de05dd96893eefa62b0f4757dc" + }, + "Q0": { + "x": "0xd88b989ee9d1295df413d4456c5c850b8b2fb0f5402cc5c4c7e815412e926db8", + "y": "0xbb4a1edeff506cf16def96afff41b16fc74f6dbd55c2210e5b8f011ba32f4f40" + }, + "Q1": { + "x": "0xa281e34e628f3a4d2a53fa87ff973537d68ad4fbc28d3be5e8d9f6a2571c5a4b", + "y": "0xf6ed88a7aab56a488100e6f1174fa9810b47db13e86be999644922961206e184" + }, + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "u": [ + "0x4ebc95a6e839b1ae3c63b847798e85cb3c12d3817ec6ebc10af6ee51adb29fec", + "0x4e21af88e22ea80156aff790750121035b3eefaa96b425a8716e0d20b4e269ee" + ] + } + ] +} diff --git a/group/testdata/P384_XMD:SHA-512_SSWU_NU_.json b/group/testdata/P384_XMD:SHA-512_SSWU_NU_.json new file mode 100644 index 00000000..254f4649 --- /dev/null +++ b/group/testdata/P384_XMD:SHA-512_SSWU_NU_.json @@ -0,0 +1,90 @@ +{ + "L": "0x48", + "Z": "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffff3", + "ciphersuite": "P384_XMD:SHA-512_SSWU_NU_", + "curve": "NIST P-384", + "dst": "QUUX-V01-CS02-with-P384_XMD:SHA-512_SSWU_NU_", + "expand": "XMD", + "field": { + "m": "0x1", + "p": "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff" + }, + "hash": "sha512", + "k": "0xc0", + "map": { + "name": "SSWU" + }, + "randomOracle": false, + "vectors": [ + { + "P": { + "x": "0x5b87392cdbf306d62141cf266a1fcc8b6a8129469b1e4a56a16db6371b70279d3155514580300f77a23dbeaa70eeda32", + "y": "0x9094b16177a04f5c5afac87efc78b6e65a2583a5adc91c04cd508fd602d528530eb54932dff8b7e156d470996606cd9c" + }, + "Q": { + "x": "0x5b87392cdbf306d62141cf266a1fcc8b6a8129469b1e4a56a16db6371b70279d3155514580300f77a23dbeaa70eeda32", + "y": "0x9094b16177a04f5c5afac87efc78b6e65a2583a5adc91c04cd508fd602d528530eb54932dff8b7e156d470996606cd9c" + }, + "msg": "", + "u": [ + "0xfcbb8741d963930b5e6438a9724db6023c157d6091c113d80bd9fa05ea70d677a3cd81aa6efbeccc8f6ef3404cc87468" + ] + }, + { + "P": { + "x": "0x496ed56a37cb85a82826a4234948dd3ceee17da6412c87242165b7f798b702f2292237bddac386cfcfa8f22e7b85ca2d", + "y": "0x9524181274d1313c12872ea835c7ddc9444124d22aae6e474d55b1fe68e480250374e689e6c2745323da7222732d2cce" + }, + "Q": { + "x": "0x496ed56a37cb85a82826a4234948dd3ceee17da6412c87242165b7f798b702f2292237bddac386cfcfa8f22e7b85ca2d", + "y": "0x9524181274d1313c12872ea835c7ddc9444124d22aae6e474d55b1fe68e480250374e689e6c2745323da7222732d2cce" + }, + "msg": "abc", + "u": [ + "0x7dadfed8a179c844a0a1a50f0754353693ccce9234244477c3749c1c9adc7fc6fa049829dd070952efb8931118068fe2" + ] + }, + { + "P": { + "x": "0xa1289920ba2c52de5f384b1316788438ac5564a20c2e0f7ff0ff2fa34cb4488bd4683c0cc45ee6234b4a515ddda31f99", + "y": "0xb5e24b855275729db25cecc83ec5fc1dcf8f055ad981a0901448d84c6278cd10a28f65316db5ae1f5738ed06ae9c2f55" + }, + "Q": { + "x": "0xa1289920ba2c52de5f384b1316788438ac5564a20c2e0f7ff0ff2fa34cb4488bd4683c0cc45ee6234b4a515ddda31f99", + "y": "0xb5e24b855275729db25cecc83ec5fc1dcf8f055ad981a0901448d84c6278cd10a28f65316db5ae1f5738ed06ae9c2f55" + }, + "msg": "abcdef0123456789", + "u": [ + "0xce74ea70fd691ab87dca4cb630484521030bc4065f4dcc7fef9618c84fdf8d55520cd1372d96546b56c5a29a996cc3f1" + ] + }, + { + "P": { + "x": "0xa0ed20ca2c7c69a6b7a3e5b9cf77d8f9bd979aa83a7f75e5f90d6becd107925e5dcbbd96978ab74a7b5e96b48135d04c", + "y": "0x4c9ed613516ae3e818139b6c9aea2ac42063c06ff0303a38c101ab822c15d5fe6413e64adbac82a0da770cf110d7ace9" + }, + "Q": { + "x": "0xa0ed20ca2c7c69a6b7a3e5b9cf77d8f9bd979aa83a7f75e5f90d6becd107925e5dcbbd96978ab74a7b5e96b48135d04c", + "y": "0x4c9ed613516ae3e818139b6c9aea2ac42063c06ff0303a38c101ab822c15d5fe6413e64adbac82a0da770cf110d7ace9" + }, + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "u": [ + "0xa5b9f4ed453690db8efdebf31bf33371519a4ba8756ac02060cbca44ef882d0fe9ce8439965a83f17b11e58a1f537b19" + ] + }, + { + "P": { + "x": "0xbc36cda196f8084052fc41a5c4ef5c9e1c724cc0bd83ef8eaef07bb2cbc3db99ff5cdb31ba3018a6afe59b0db040c980", + "y": "0x5106450163d90d99d3191bc92f8a3d116f15b18b23eff8e9996481c6878bd16c8e202f44abc3d09325c2016b5dacc8f0" + }, + "Q": { + "x": "0xbc36cda196f8084052fc41a5c4ef5c9e1c724cc0bd83ef8eaef07bb2cbc3db99ff5cdb31ba3018a6afe59b0db040c980", + "y": "0x5106450163d90d99d3191bc92f8a3d116f15b18b23eff8e9996481c6878bd16c8e202f44abc3d09325c2016b5dacc8f0" + }, + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "u": [ + "0x99523632b22588d852f02eac546df4a69f966cba55c82937f13cc26b316e561459c5d6ddadac7b782b5ab8d15efe23ee" + ] + } + ] +} diff --git a/group/testdata/P384_XMD:SHA-512_SSWU_RO_.json b/group/testdata/P384_XMD:SHA-512_SSWU_RO_.json new file mode 100644 index 00000000..280931e2 --- /dev/null +++ b/group/testdata/P384_XMD:SHA-512_SSWU_RO_.json @@ -0,0 +1,115 @@ +{ + "L": "0x48", + "Z": "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffff3", + "ciphersuite": "P384_XMD:SHA-512_SSWU_RO_", + "curve": "NIST P-384", + "dst": "QUUX-V01-CS02-with-P384_XMD:SHA-512_SSWU_RO_", + "expand": "XMD", + "field": { + "m": "0x1", + "p": "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff" + }, + "hash": "sha512", + "k": "0xc0", + "map": { + "name": "SSWU" + }, + "randomOracle": true, + "vectors": [ + { + "P": { + "x": "0xc3144d47428d071d4169420c91006a0bd48d7259d492af86e7f82d98e3497519d8550045557b7d55cc2a0f339df088b9", + "y": "0xaa5f165f0146101363d1b34fe65bcf638532e3b2eb1744cdbd60e9384c6c1838bbaea988963cc9f0f0902798e9f8058a" + }, + "Q0": { + "x": "0x4589af7986491d42b7ee23726c57abeade65c7b8eba12d07fbce48065a01a78c4b018c739034d9fabc2c4ef6176c7c40", + "y": "0x5b2985027c29802bf2afdb8a3c95fa655ad3189a2118209bd285d420268bf71e610c9533e3f4f438ba4b64f66f6fbed9" + }, + "Q1": { + "x": "0xcbd6c34a12a266b447b444b303d577cd5d61e3c0af19d4676ababb470bb795741ebf167caa9f0910a4fcc899134596d7", + "y": "0x63df08d5d3aa8090cbb94222b34aad35e1b11414d3aef8f1a26205c81b4d15bbbe4faf25d77924705bf09afd8812d2f0" + }, + "msg": "", + "u": [ + "0x425c1d0b099ffa6c15069b08299e6e21a204e08c2a0627f5afc24215d19e45bc47d70da5972ff77e33f176b5e18e8485", + "0xcbefdd543ed48b5a9bbbd460f559d23b388aa72157279ba02069231881eb2a947d887a5b1e0a6173bc92a5700f679a14" + ] + }, + { + "P": { + "x": "0x7bce42d575e64bc7828478f1bba94000c3ddb02ac03052061a7b7ff81479823350e2a8e1da74e17be3016ab163094bcf", + "y": "0x6634b2f0acb32b84b75ecfad96c676b3863cb3cec4f76c9bccef1894a650830e60cd1c0f20c9d05e9ee58d8a611db87d" + }, + "Q0": { + "x": "0x89e5ab0cbd8a4b55a8a6cad0bce5352b63162d2dc7b93174efb1d8e0efe2045aa024f86f4209cf71112baad18f520dac", + "y": "0xef156b7a53500b97c2a556c91d3b62229380dba699cfcbddec4dcb0c1321ca667ba0ee08e04d52ddb9fb1c8722ba0456" + }, + "Q1": { + "x": "0x7ffc595738280f4af3eb33e547b104998620123244b23343b039e6b0c911bd100f1640cf0b5d121eeb21dd9390b7d4de", + "y": "0x440d05c93be24f3ae979e9e224716123a7f43faae9b9961784331c297b24618a2235c055966c6c1c5fc8f8e8dd5e5027" + }, + "msg": "abc", + "u": [ + "0x5f1149c405f484c16e09954f174ac12fb658a3fc38862b97f8e4fc04c184ddd0d311acc1645b9bc34f1fd422614ef660", + "0xba4fd167774b14ec3242029b05905b55529b14d349f7645b5edeb1c49485066f404a949df7d16b65738cb0ef6d233fb5" + ] + }, + { + "P": { + "x": "0xaf1a87bee29167676e41d8eb0518a9e44e570207519c11fa126c33f32d62bbf6d312fd5812b182d59389f26ea496e58d", + "y": "0x76ab30527be12a53a3bd63457072840ea516aa945fbe2dc48a42cfbd031c3f93896e4a66093b2f56cc9da4694ec95f27" + }, + "Q0": { + "x": "0xd2e7df676ceaf3db77ef48d823da1d05d00f424d2b8d0e785f8f59721fb3fa24f744fde77a896f692d8997d2dc52f72c", + "y": "0x4cf7e647de29c60d852b0103f636bed22e67e83476be1e285dae54d03d5ea05212a0f23b1ca233d85055244572740c6b" + }, + "Q1": { + "x": "0x675c9b73a8b3e3c873da720eddc23cbb19895990f049174ccabd3031c7167841858247864ddd717dea77b6d4d8c7836b", + "y": "0x8b6a2d1de2a46354737393a7b69c21d97b7f9f7671e94cfadcea2dfea3f8b2793cfffea5addb10a491ad55f0e47b2494" + }, + "msg": "abcdef0123456789", + "u": [ + "0x0ba98fc5c84360aa67eabc374cb64df3bd21835adb57d8f83d5f34fb13d0b7d9af036d28804175cba83facb79fa1969d", + "0xa6f12666eca45f0d206eea969e91ae2ffe375669f43c917326b2631f5e57c578ca6e64ff5a3a290cdc377114f33d1924" + ] + }, + { + "P": { + "x": "0x5c24f67b2175279f4e94a0af9cf09213f0e7e2e3ccb6d4feae9403281c1962507ba0588ef895c9b7c6cff28ce1d15a1f", + "y": "0x259ce2c65f35f5fb3a611e5bbf56d2979ce9de429afd6271fbda57c3d412c78292d0cb6f27e0ee96f91fba9f0af54327" + }, + "Q0": { + "x": "0x8285def22b86477eee1c2e38accd2ed2ad88c95932d6add09fbd531f4359bee33d0ab804ee728efe56d0dd17f08bfd5b", + "y": "0x6364bd0542c5709dbf0cada4b14b85a68c9eae4b4bc3ec45034b2d4abdc95f7cafe466deac1f6246f16d3c16f89c4d6a" + }, + "Q1": { + "x": "0x4cf8c46511ade2c91caaaddd23a7a6fee04f76c8bc9467b39e3bddacb3ce852c9783b7d2cefa872e42e520f59895d404", + "y": "0xc399b62266a0e827c7bd15774d2203b967e994d8323eb89bddda5d1c7a44270f62b1152d9f44cdc960ea4c7ea190ff4b" + }, + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "u": [ + "0xc9e58d977e7cb5def41070f5c3b17aaf56602ace0ed8db0a2a3297976a5c0bb4bc10579179f6438ff0d8d80b5def127c", + "0xa9c2015bd301a3add705f1a2174ea4a536cbfa1600bd7de0cec8d6ce39fdd6bcaa377341093bf281e1f4dd767e0a0983" + ] + }, + { + "P": { + "x": "0xed18cea59aabd90a3c84b48eeb09b42409f42340aec2ec1b70687215fa4befc64fd4de4620d12e70b9890ad9a70e6ee8", + "y": "0xdbc9b0e5e718539c785b7b787829a1c01b92591aed954e08b853dc96fb303ba4bc8aad06712b8b3b4fae2047d6269d68" + }, + "Q0": { + "x": "0xbb5b5001c801fcf9d3e94cabef753cab38f1334b73846a38f9c3eabe8aa8935776daf4493d211164ac5b7f7a9237146b", + "y": "0x46cd40a76fa001a70586b7e598d8c5eefcb54e53aa3df37cb4628799cffb73e722af2884a78d49721e821cc3a9ab0053" + }, + "Q1": { + "x": "0xd199c3954dd57dadb5c7dd37aa985d7f4dbda9adca98046387440039bf702b2f8f97747f46759a733ab2e3be9b6f488e", + "y": "0xb34a05bce9b77fdfde16568356f987a8d26438b6ad9a05bfe0d5bb2aea36173316df7191ba40acdf476f778f0ffdef7e" + }, + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "u": [ + "0xc4acd5ba90917a13ae55ee8d82443d40e65b6e77348d96cf6292f4de7da2eb5ffdbfcb9fe0887726462891c67956f177", + "0x9da4e1ee3cc2e688e1ddf8cfa42317e122347d4c9db9fc298d2ab2a5b82c8ce1544712865a2c32d2851dfef51be99542" + ] + } + ] +} diff --git a/group/testdata/P521_XMD:SHA-512_SSWU_NU_.json b/group/testdata/P521_XMD:SHA-512_SSWU_NU_.json new file mode 100644 index 00000000..2c93d77b --- /dev/null +++ b/group/testdata/P521_XMD:SHA-512_SSWU_NU_.json @@ -0,0 +1,90 @@ +{ + "L": "0x62", + "Z": "0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffb", + "ciphersuite": "P521_XMD:SHA-512_SSWU_NU_", + "curve": "NIST P-521", + "dst": "QUUX-V01-CS02-with-P521_XMD:SHA-512_SSWU_NU_", + "expand": "XMD", + "field": { + "m": "0x1", + "p": "0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + }, + "hash": "sha512", + "k": "0x100", + "map": { + "name": "SSWU" + }, + "randomOracle": false, + "vectors": [ + { + "P": { + "x": "0x01ec604b4e1e3e4c7449b7a41e366e876655538acf51fd40d08b97be066f7d020634e906b1b6942f9174b417027c953d75fb6ec64b8cee2a3672d4f1987d13974705", + "y": "0x00944fc439b4aad2463e5c9cfa0b0707af3c9a42e37c5a57bb4ecd12fef9fb21508568aedcdd8d2490472df4bbafd79081c81e99f4da3286eddf19be47e9c4cf0e91" + }, + "Q": { + "x": "0x01ec604b4e1e3e4c7449b7a41e366e876655538acf51fd40d08b97be066f7d020634e906b1b6942f9174b417027c953d75fb6ec64b8cee2a3672d4f1987d13974705", + "y": "0x00944fc439b4aad2463e5c9cfa0b0707af3c9a42e37c5a57bb4ecd12fef9fb21508568aedcdd8d2490472df4bbafd79081c81e99f4da3286eddf19be47e9c4cf0e91" + }, + "msg": "", + "u": [ + "0x01e4947fe62a4e47792cee2798912f672fff820b2556282d9843b4b465940d7683a986f93ccb0e9a191fbc09a6e770a564490d2a4ae51b287ca39f69c3d910ba6a4f" + ] + }, + { + "P": { + "x": "0x00c720ab56aa5a7a4c07a7732a0a4e1b909e32d063ae1b58db5f0eb5e09f08a9884bff55a2bef4668f715788e692c18c1915cd034a6b998311fcf46924ce66a2be9a", + "y": "0x003570e87f91a4f3c7a56be2cb2a078ffc153862a53d5e03e5dad5bccc6c529b8bab0b7dbb157499e1949e4edab21cf5d10b782bc1e945e13d7421ad8121dbc72b1d" + }, + "Q": { + "x": "0x00c720ab56aa5a7a4c07a7732a0a4e1b909e32d063ae1b58db5f0eb5e09f08a9884bff55a2bef4668f715788e692c18c1915cd034a6b998311fcf46924ce66a2be9a", + "y": "0x003570e87f91a4f3c7a56be2cb2a078ffc153862a53d5e03e5dad5bccc6c529b8bab0b7dbb157499e1949e4edab21cf5d10b782bc1e945e13d7421ad8121dbc72b1d" + }, + "msg": "abc", + "u": [ + "0x0019b85ef78596efc84783d42799e80d787591fe7432dee1d9fa2b7651891321be732ddf653fa8fefa34d86fb728db569d36b5b6ed3983945854b2fc2dc6a75aa25b" + ] + }, + { + "P": { + "x": "0x00bcaf32a968ff7971b3bbd9ce8edfbee1309e2019d7ff373c38387a782b005dce6ceffccfeda5c6511c8f7f312f343f3a891029c5858f45ee0bf370aba25fc990cc", + "y": "0x00923517e767532d82cb8a0b59705eec2b7779ce05f9181c7d5d5e25694ef8ebd4696343f0bc27006834d2517215ecf79482a84111f50c1bae25044fe1dd77744bbd" + }, + "Q": { + "x": "0x00bcaf32a968ff7971b3bbd9ce8edfbee1309e2019d7ff373c38387a782b005dce6ceffccfeda5c6511c8f7f312f343f3a891029c5858f45ee0bf370aba25fc990cc", + "y": "0x00923517e767532d82cb8a0b59705eec2b7779ce05f9181c7d5d5e25694ef8ebd4696343f0bc27006834d2517215ecf79482a84111f50c1bae25044fe1dd77744bbd" + }, + "msg": "abcdef0123456789", + "u": [ + "0x01dba0d7fa26a562ee8a9014ebc2cca4d66fd9de036176aca8fc11ef254cd1bc208847ab7701dbca7af328b3f601b11a1737a899575a5c14f4dca5aaca45e9935e07" + ] + }, + { + "P": { + "x": "0x001ac69014869b6c4ad7aa8c443c255439d36b0e48a0f57b03d6fe9c40a66b4e2eaed2a93390679a5cc44b3a91862b34b673f0e92c83187da02bf3db967d867ce748", + "y": "0x00d5603d530e4d62b30fccfa1d90c2206654d74291c1db1c25b86a051ee3fffc294e5d56f2e776853406bd09206c63d40f37ad8829524cf89ad70b5d6e0b4a3b7341" + }, + "Q": { + "x": "0x001ac69014869b6c4ad7aa8c443c255439d36b0e48a0f57b03d6fe9c40a66b4e2eaed2a93390679a5cc44b3a91862b34b673f0e92c83187da02bf3db967d867ce748", + "y": "0x00d5603d530e4d62b30fccfa1d90c2206654d74291c1db1c25b86a051ee3fffc294e5d56f2e776853406bd09206c63d40f37ad8829524cf89ad70b5d6e0b4a3b7341" + }, + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "u": [ + "0x00844da980675e1244cb209dcf3ea0aabec23bd54b2cda69fff86eb3acc318bf3d01bae96e9cd6f4c5ceb5539df9a7ad7fcc5e9d54696081ba9782f3a0f6d14987e3" + ] + }, + { + "P": { + "x": "0x01801de044c517a80443d2bd4f503a9e6866750d2f94a22970f62d721f96e4310e4a828206d9cdeaa8f2d476705cc3bbc490a6165c687668f15ec178a17e3d27349b", + "y": "0x0068889ea2e1442245fe42bfda9e58266828c0263119f35a61631a3358330f3bb84443fcb54fcd53a1d097fccbe310489b74ee143fc2938959a83a1f7dd4a6fd395b" + }, + "Q": { + "x": "0x01801de044c517a80443d2bd4f503a9e6866750d2f94a22970f62d721f96e4310e4a828206d9cdeaa8f2d476705cc3bbc490a6165c687668f15ec178a17e3d27349b", + "y": "0x0068889ea2e1442245fe42bfda9e58266828c0263119f35a61631a3358330f3bb84443fcb54fcd53a1d097fccbe310489b74ee143fc2938959a83a1f7dd4a6fd395b" + }, + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "u": [ + "0x01aab1fb7e5cd44ba4d9f32353a383cb1bb9eb763ed40b32bdd5f666988970205998c0e44af6e2b5f6f8e48e969b3f649cae3c6ab463e1b274d968d91c02f00cce91" + ] + } + ] +} diff --git a/group/testdata/P521_XMD:SHA-512_SSWU_RO_.json b/group/testdata/P521_XMD:SHA-512_SSWU_RO_.json new file mode 100644 index 00000000..0736b8bc --- /dev/null +++ b/group/testdata/P521_XMD:SHA-512_SSWU_RO_.json @@ -0,0 +1,115 @@ +{ + "L": "0x62", + "Z": "0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffb", + "ciphersuite": "P521_XMD:SHA-512_SSWU_RO_", + "curve": "NIST P-521", + "dst": "QUUX-V01-CS02-with-P521_XMD:SHA-512_SSWU_RO_", + "expand": "XMD", + "field": { + "m": "0x1", + "p": "0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + }, + "hash": "sha512", + "k": "0x100", + "map": { + "name": "SSWU" + }, + "randomOracle": true, + "vectors": [ + { + "P": { + "x": "0x00fd767cebb2452030358d0e9cf907f525f50920c8f607889a6a35680727f64f4d66b161fafeb2654bea0d35086bec0a10b30b14adef3556ed9f7f1bc23cecc9c088", + "y": "0x0169ba78d8d851e930680322596e39c78f4fe31b97e57629ef6460ddd68f8763fd7bd767a4e94a80d3d21a3c2ee98347e024fc73ee1c27166dc3fe5eeef782be411d" + }, + "Q0": { + "x": "0x00b70ae99b6339fffac19cb9bfde2098b84f75e50ac1e80d6acb954e4534af5f0e9c4a5b8a9c10317b8e6421574bae2b133b4f2b8c6ce4b3063da1d91d34fa2b3a3c", + "y": "0x007f368d98a4ddbf381fb354de40e44b19e43bb11a1278759f4ea7b485e1b6db33e750507c071250e3e443c1aaed61f2c28541bb54b1b456843eda1eb15ec2a9b36e" + }, + "Q1": { + "x": "0x01143d0e9cddcdacd6a9aafe1bcf8d218c0afc45d4451239e821f5d2a56df92be942660b532b2aa59a9c635ae6b30e803c45a6ac871432452e685d661cd41cf67214", + "y": "0x00ff75515df265e996d702a5380defffab1a6d2bc232234c7bcffa433cd8aa791fbc8dcf667f08818bffa739ae25773b32073213cae9a0f2a917a0b1301a242dda0c" + }, + "msg": "", + "u": [ + "0x01e5f09974e5724f25286763f00ce76238c7a6e03dc396600350ee2c4135fb17dc555be99a4a4bae0fd303d4f66d984ed7b6a3ba386093752a855d26d559d69e7e9e", + "0x00ae593b42ca2ef93ac488e9e09a5fe5a2f6fb330d18913734ff602f2a761fcaaf5f596e790bcc572c9140ec03f6cccc38f767f1c1975a0b4d70b392d95a0c7278aa" + ] + }, + { + "P": { + "x": "0x002f89a1677b28054b50d15e1f81ed6669b5a2158211118ebdef8a6efc77f8ccaa528f698214e4340155abc1fa08f8f613ef14a043717503d57e267d57155cf784a4", + "y": "0x010e0be5dc8e753da8ce51091908b72396d3deed14ae166f66d8ebf0a4e7059ead169ea4bead0232e9b700dd380b316e9361cfdba55a08c73545563a80966ecbb86d" + }, + "Q0": { + "x": "0x01b254e1c99c835836f0aceebba7d77750c48366ecb07fb658e4f5b76e229ae6ca5d271bb0006ffcc42324e15a6d3daae587f9049de2dbb0494378ffb60279406f56", + "y": "0x01845f4af72fc2b1a5a2fe966f6a97298614288b456cfc385a425b686048b25c952fbb5674057e1eb055d04568c0679a8e2dda3158dc16ac598dbb1d006f5ad915b0" + }, + "Q1": { + "x": "0x007f08e813c620e527c961b717ffc74aac7afccb9158cebc347d5715d5c2214f952c97e194f11d114d80d3481ed766ac0a3dba3eb73f6ff9ccb9304ad10bbd7b4a36", + "y": "0x0022468f92041f9970a7cc025d71d5b647f822784d29ca7b3bc3b0829d6bb8581e745f8d0cc9dc6279d0450e779ac2275c4c3608064ad6779108a7828ebd9954caeb" + }, + "msg": "abc", + "u": [ + "0x003d00c37e95f19f358adeeaa47288ec39998039c3256e13c2a4c00a7cb61a34c8969472960150a27276f2390eb5e53e47ab193351c2d2d9f164a85c6a5696d94fe8", + "0x01f3cbd3df3893a45a2f1fecdac4d525eb16f345b03e2820d69bc580f5cbe9cb89196fdf720ef933c4c0361fcfe29940fd0db0a5da6bafb0bee8876b589c41365f15" + ] + }, + { + "P": { + "x": "0x006e200e276a4a81760099677814d7f8794a4a5f3658442de63c18d2244dcc957c645e94cb0754f95fcf103b2aeaf94411847c24187b89fb7462ad3679066337cbc4", + "y": "0x001dd8dfa9775b60b1614f6f169089d8140d4b3e4012949b52f98db2deff3e1d97bf73a1fa4d437d1dcdf39b6360cc518d8ebcc0f899018206fded7617b654f6b168" + }, + "Q0": { + "x": "0x0021482e8622aac14da60e656043f79a6a110cbae5012268a62dd6a152c41594549f373910ebed170ade892dd5a19f5d687fae7095a461d583f8c4295f7aaf8cd7da", + "y": "0x0177e2d8c6356b7de06e0b5712d8387d529b848748e54a8bc0ef5f1475aa569f8f492fa85c3ad1c5edc51faf7911f11359bfa2a12d2ef0bd73df9cb5abd1b101c8b1" + }, + "Q1": { + "x": "0x00abeafb16fdbb5eb95095678d5a65c1f293291dfd20a3751dbe05d0a9bfe2d2eef19449fe59ec32cdd4a4adc3411177c0f2dffd0159438706159a1bbd0567d9b3d0", + "y": "0x007cc657f847db9db651d91c801741060d63dab4056d0a1d3524e2eb0e819954d8f677aa353bd056244a88f00017e00c3ce8beeedb4382d83d74418bd48930c6c182" + }, + "msg": "abcdef0123456789", + "u": [ + "0x00183ee1a9bbdc37181b09ec336bcaa34095f91ef14b66b1485c166720523dfb81d5c470d44afcb52a87b704dbc5c9bc9d0ef524dec29884a4795f55c1359945baf3", + "0x00504064fd137f06c81a7cf0f84aa7e92b6b3d56c2368f0a08f44776aa8930480da1582d01d7f52df31dca35ee0a7876500ece3d8fe0293cd285f790c9881c998d5e" + ] + }, + { + "P": { + "x": "0x01b264a630bd6555be537b000b99a06761a9325c53322b65bdc41bf196711f9708d58d34b3b90faf12640c27b91c70a507998e55940648caa8e71098bf2bc8d24664", + "y": "0x01ea9f445bee198b3ee4c812dcf7b0f91e0881f0251aab272a12201fd89b1a95733fd2a699c162b639e9acdcc54fdc2f6536129b6beb0432be01aa8da02df5e59aaa" + }, + "Q0": { + "x": "0x0005eac7b0b81e38727efcab1e375f6779aea949c3e409b53a1d37aa2acbac87a7e6ad24aafbf3c52f82f7f0e21b872e88c55e17b7fa21ce08a94ea2121c42c2eb73", + "y": "0x00a173b6a53a7420dbd61d4a21a7c0a52de7a5c6ce05f31403bef747d16cc8604a039a73bdd6e114340e55dacd6bea8e217ffbadfb8c292afa3e1b2afc839a6ce7bb" + }, + "Q1": { + "x": "0x01881e3c193a69e4d88d8180a6879b74782a0bc7e529233e9f84bf7f17d2f319c36920ffba26f9e57a1e045cc7822c834c239593b6e142a694aa00c757b0db79e5e8", + "y": "0x01558b16d396d866e476e001f2dd0758927655450b84e12f154032c7c2a6db837942cd9f44b814f79b4d729996ced61eec61d85c675139cbffe3fbf071d2c21cfecb" + }, + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "u": [ + "0x0159871e222689aad7694dc4c3480a49807b1eedd9c8cb4ae1b219d5ba51655ea5b38e2e4f56b36bf3e3da44a7b139849d28f598c816fe1bc7ed15893b22f63363c3", + "0x004ef0cffd475152f3858c0a8ccbdf7902d8261da92744e98df9b7fadb0a5502f29c5086e76e2cf498f47321434a40b1504911552ce44ad7356a04e08729ad9411f5" + ] + }, + { + "P": { + "x": "0x00c12bc3e28db07b6b4d2a2b1167ab9e26fc2fa85c7b0498a17b0347edf52392856d7e28b8fa7a2dd004611159505835b687ecf1a764857e27e9745848c436ef3925", + "y": "0x01cd287df9a50c22a9231beb452346720bb163344a41c5f5a24e8335b6ccc595fd436aea89737b1281aecb411eb835f0b939073fdd1dd4d5a2492e91ef4a3c55bcbd" + }, + "Q0": { + "x": "0x00041f6eb92af8777260718e4c22328a7d74203350c6c8f5794d99d5789766698f459b83d5068276716f01429934e40af3d1111a22780b1e07e72238d2207e5386be", + "y": "0x001c712f0182813942b87cab8e72337db017126f52ed797dd234584ac9ae7e80dfe7abea11db02cf1855312eae1447dbaecc9d7e8c880a5e76a39f6258074e1bc2e0" + }, + "Q1": { + "x": "0x0125c0b69bcf55eab49280b14f707883405028e05c927cd7625d4e04115bd0e0e6323b12f5d43d0d6d2eff16dbcf244542f84ec058911260dc3bb6512ab5db285fbd", + "y": "0x008bddfb803b3f4c761458eb5f8a0aee3e1f7f68e9d7424405fa69172919899317fb6ac1d6903a432d967d14e0f80af63e7035aaae0c123e56862ce969456f99f102" + }, + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "u": [ + "0x0033d06d17bc3b9a3efc081a05d65805a14a3050a0dd4dfb4884618eb5c73980a59c5a246b18f58ad022dd3630faa22889fbb8ba1593466515e6ab4aeb7381c26334", + "0x0092290ab99c3fea1a5b8fb2ca49f859994a04faee3301cefab312d34227f6a2d0c3322cf76861c6a3683bdaa2dd2a6daa5d6906c663e065338b2344d20e313f1114" + ] + } + ] +} diff --git a/group/testdata/expand_message_xmd_SHA256.json b/group/testdata/expand_message_xmd_SHA256.json new file mode 100644 index 00000000..24c4243f --- /dev/null +++ b/group/testdata/expand_message_xmd_SHA256.json @@ -0,0 +1,77 @@ +{ + "DST": "QUUX-V01-CS02-with-expander", + "hash": "SHA256", + "name": "expand_message_xmd", + "tests": [ + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "", + "msg_prime": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "f659819a6473c1835b25ea59e3d38914c98b374f0970b7e4c92181df928fca88" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "abc", + "msg_prime": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000616263002000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "1c38f7c211ef233367b2420d04798fa4698080a8901021a795a1151775fe4da7" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "abcdef0123456789", + "msg_prime": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000061626364656630313233343536373839002000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "8f7e7b66791f0da0dbb5ec7c22ec637f79758c0a48170bfb7c4611bd304ece89" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "msg_prime": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000713132385f7171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171002000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "72d5aa5ec810370d1f0013c0df2f1d65699494ee2a39f72e1716b1b964e1c642" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "msg_prime": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000613531325f6161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161002000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "3b8e704fc48336aca4c2a12195b720882f2162a4b7b13a9c350db46f429b771b" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "", + "msg_prime": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "8bcffd1a3cae24cf9cd7ab85628fd111bb17e3739d3b53f89580d217aa79526f1708354a76a402d3569d6a9d19ef3de4d0b991e4f54b9f20dcde9b95a66824cbdf6c1a963a1913d43fd7ac443a02fc5d9d8d77e2071b86ab114a9f34150954a7531da568a1ea8c760861c0cde2005afc2c114042ee7b5848f5303f0611cf297f" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "abc", + "msg_prime": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000616263008000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "fe994ec51bdaa821598047b3121c149b364b178606d5e72bfbb713933acc29c186f316baecf7ea22212f2496ef3f785a27e84a40d8b299cec56032763eceeff4c61bd1fe65ed81decafff4a31d0198619c0aa0c6c51fca15520789925e813dcfd318b542f8799441271f4db9ee3b8092a7a2e8d5b75b73e28fb1ab6b4573c192" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "abcdef0123456789", + "msg_prime": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000061626364656630313233343536373839008000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "c9ec7941811b1e19ce98e21db28d22259354d4d0643e301175e2f474e030d32694e9dd5520dde93f3600d8edad94e5c364903088a7228cc9eff685d7eaac50d5a5a8229d083b51de4ccc3733917f4b9535a819b445814890b7029b5de805bf62b33a4dc7e24acdf2c924e9fe50d55a6b832c8c84c7f82474b34e48c6d43867be" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "msg_prime": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000713132385f7171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171008000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "48e256ddba722053ba462b2b93351fc966026e6d6db493189798181c5f3feea377b5a6f1d8368d7453faef715f9aecb078cd402cbd548c0e179c4ed1e4c7e5b048e0a39d31817b5b24f50db58bb3720fe96ba53db947842120a068816ac05c159bb5266c63658b4f000cbf87b1209a225def8ef1dca917bcda79a1e42acd8069" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "msg_prime": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000613531325f6161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161008000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "396962db47f749ec3b5042ce2452b619607f27fd3939ece2746a7614fb83a1d097f554df3927b084e55de92c7871430d6b95c2a13896d8a33bc48587b1f66d21b128a1a8240d5b0c26dfe795a1a842a0807bb148b77c2ef82ed4b6c9f7fcb732e7f94466c8b51e52bf378fba044a31f5cb44583a892f5969dcd73b3fa128816e" + } + ] +} diff --git a/group/testdata/expand_message_xmd_SHA512.json b/group/testdata/expand_message_xmd_SHA512.json new file mode 100644 index 00000000..249f5791 --- /dev/null +++ b/group/testdata/expand_message_xmd_SHA512.json @@ -0,0 +1,77 @@ +{ + "DST": "QUUX-V01-CS02-with-expander", + "hash": "SHA512", + "name": "expand_message_xmd", + "tests": [ + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "", + "msg_prime": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "2eaa1f7b5715f4736e6a5dbe288257abf1faa028680c1d938cd62ac699ead642" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "abc", + "msg_prime": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000616263002000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "0eeda81f69376c80c0f8986496f22f21124cb3c562cf1dc608d2c13005553b0f" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "abcdef0123456789", + "msg_prime": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000061626364656630313233343536373839002000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "2e375fc05e05e80dbf3083796fde2911789d9e8847e1fcebf4ca4b36e239b338" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "msg_prime": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000713132385f7171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171002000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "c37f9095fe7fe4f01c03c3540c1229e6ac8583b07510085920f62ec66acc0197" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "msg_prime": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000613531325f6161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161002000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "af57a7f56e9ed2aa88c6eab45c8c6e7638ae02da7c92cc04f6648c874ebd560e" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "", + "msg_prime": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "0687ce02eba5eb3faf1c3c539d1f04babd3c0f420edae244eeb2253b6c6d6865145c31458e824b4e87ca61c3442dc7c8c9872b0b7250aa33e0668ccebbd2b386de658ca11a1dcceb51368721ae6dcd2d4bc86eaebc4e0d11fa02ad053289c9b28a03da6c942b2e12c14e88dbde3b0ba619d6214f47212b628f3e1b537b66efcf" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "abc", + "msg_prime": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000616263008000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "779ae4fd8a92f365e4df96b9fde97b40486bb005c1a2096c86f55f3d92875d89045fbdbc4a0e9f2d3e1e6bcd870b2d7131d868225b6fe72881a81cc5166b5285393f71d2e68bb0ac603479959370d06bdbe5f0d8bfd9af9494d1e4029bd68ab35a561341dd3f866b3ef0c95c1fdfaab384ce24a23427803dda1db0c7d8d5344a" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "abcdef0123456789", + "msg_prime": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000061626364656630313233343536373839008000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "f0953d28846a50e9f88b7ae35b643fc43733c9618751b569a73960c655c068db7b9f044ad5a40d49d91c62302eaa26163c12abfa982e2b5d753049e000adf7630ae117aeb1fb9b61fc724431ac68b369e12a9481b4294384c3c890d576a79264787bc8076e7cdabe50c044130e480501046920ff090c1a091c88391502f0fbac" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "msg_prime": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000713132385f7171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171008000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "64d3e59f0bc3c5e653011c914b419ba8310390a9585311fddb26791d26663bd71971c347e1b5e88ba9274d2445ed9dcf48eea9528d807b7952924159b7c27caa4f25a2ea94df9508e70a7012dfce0e8021b37e59ea21b80aa9af7f1a1f2efa4fbe523c4266ce7d342acaacd438e452c501c131156b4945515e9008d2b155c258" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "msg_prime": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000613531325f6161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161008000515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "01524feea5b22f6509f6b1e805c97df94faf4d821b01aadeebc89e9daaed0733b4544e50852fd3e019d58eaad6d267a134c8bc2c08bc46c10bfeff3ee03110bcd8a0d695d75a34092bd8b677bdd369a13325549abab54f4ac907b712bdd3567f38c4554c51902b735b81f43a7ef6f938c7690d107c052c7e7b795ac635b3200a" + } + ] +} diff --git a/group/testdata/expand_message_xof_SHAKE128.json b/group/testdata/expand_message_xof_SHAKE128.json new file mode 100644 index 00000000..ca6324f0 --- /dev/null +++ b/group/testdata/expand_message_xof_SHAKE128.json @@ -0,0 +1,77 @@ +{ + "DST": "QUUX-V01-CS02-with-expander", + "hash": "SHAKE128", + "name": "expand_message_xof", + "tests": [ + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "", + "msg_prime": "0020515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "eca3fe8f7f5f1d52d7ed3691c321adc7d2a0fef1f843d221f7002530070746de" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "abc", + "msg_prime": "6162630020515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "c79b8ea0af10fd8871eda98334ea9d54e9e5282be97521678f987718b187bc08" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "abcdef0123456789", + "msg_prime": "616263646566303132333435363738390020515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "fb6f4af2a83f6276e9d41784f1e29da5e27566167c33e5cf2682c30096878b73" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "msg_prime": "713132385f71717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171710020515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "125d05850db915e0683d17d044d87477e6e7b3f70a450dd097761e18d1d1dcdf" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "msg_prime": "613531325f61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161610020515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "beafd026cb942c86f6a2b31bb8e6bf7173fb1b0caf3c21ea4b3b9d05d904fd23" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "", + "msg_prime": "0080515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "15733b3fb22fac0e0902c220aeea48e5e47d39f36c2cc03eac34367c48f2a3ebbcb3baa8a0cf17ab12fff4defc7ce22aed47188b6c163e828741473bd89cc646a082cb68b8e835b1374ea9a6315d61db0043f4abf506c26386e84668e077c85ebd9d632f4390559b979e70e9e7affbd0ac2a212c03b698efbbe940f2d164732b" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "abc", + "msg_prime": "6162630080515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "4ccafb6d95b91537798d1fbb25b9fbe1a5bbe1683f43a4f6f03ef540b811235317bfc0aefb217faca055e1b8f32dfde9eb102cdc026ed27caa71530e361b3adbb92ccf68da35aed8b9dc7e4e6b5db0666c607a31df05513ddaf4c8ee23b0ee7f395a6e8be32eb13ca97da289f2643616ac30fe9104bb0d3a67a0a525837c2dc6" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "abcdef0123456789", + "msg_prime": "616263646566303132333435363738390080515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "c8ee0e12736efbc9b47781db9d1e5db9c853684344a6776eb362d75b354f4b74cf60ba1373dc2e22c68efb76a022ed5391f67c77990802018c8cdc7af6d00c86b66a3b3ccad3f18d90f4437a165186f6601cf0bb281ea5d80d1de20fe22bb2e2d8acab0c043e76e3a0f34e0a1e66c9ade4fef9ef3b431130ad6f232babe9fe68" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "msg_prime": "713132385f71717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171710080515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "3eebe6721b2ec746629856dc2dd3f03a830dabfefd7e2d1e72aaf2127d6ad17c988b5762f32e6edf61972378a4106dc4b63fa108ad03b793eedf4588f34c4df2a95b30995a464cb3ee31d6dca30adbfc90ffdf5414d7893082c55b269d9ec9cd6d2a715b9c4fad4eb70ed56f878b55a17b5994ef0de5b338675aad35354195cd" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "msg_prime": "613531325f61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161610080515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "858cb4a6a5668a97d0f7039b5d6d574dde18dd2323cf6b203945c66df86477d1f747b46401903b3fa66d1276108ea7187b4411b7499acf4600080ce34ff6d21555c2af16f091adf8b285c8439f2e47fa0553c3a6ef5a4227a13f34406241b7d7fd8853a080bad25ec4804cdfe4fda500e1c872e71b8c61a8e160691894b96058" + } + ] +} diff --git a/group/testdata/expand_message_xof_SHAKE256.json b/group/testdata/expand_message_xof_SHAKE256.json new file mode 100644 index 00000000..ab92fbb2 --- /dev/null +++ b/group/testdata/expand_message_xof_SHAKE256.json @@ -0,0 +1,77 @@ +{ + "DST": "QUUX-V01-CS02-with-expander", + "hash": "SHAKE256", + "name": "expand_message_xof", + "tests": [ + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "", + "msg_prime": "0020515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "58e90433d81860c47d350b0bb6fb94f98f6b0f9657efd04d410ae743260c096d" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "abc", + "msg_prime": "6162630020515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "c7f5e3c044790033707e24f21d971aaa03a760dfda6215bf0c8634da9012c8f8" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "abcdef0123456789", + "msg_prime": "616263646566303132333435363738390020515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "f46930964d5d5006ef992f5878d7c255c9a92aed1032c9b9d4743ec1470a91e8" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "msg_prime": "713132385f71717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171710020515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "885baaf4841ad28aa853022289cb4841cc6c1bf200c579e8aebb8d005a8ff37f" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x20", + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "msg_prime": "613531325f61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161610020515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "4a9884b31a64772244df05622222db6cb9942034370d2400e39bb853cca727f7" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "", + "msg_prime": "0080515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "4cbc65744a4a26c059472822a4647887abb4a3220d5c1e1155c4180a04c69541d437b77676fc5b6450faa5cb906d88a8fa7e1c6807d0a66f0092cc022812368e75ba41dcb4daab00a17e752d485f5e21f835ac36f05b9d0217c79376045e1360faa4652db9d7752af1ffb76ae14cf6aabd7b08b19032d213415d2cef8cd6b62f" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "abc", + "msg_prime": "6162630080515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "c5f366dc668697014a0a90a40ae27c19edcb8500f6ad5d4234fbf4204f64df524a44adaecb42102fffeb7686949aa6785142b2510a419dd29dadf1f2b455688c043f6bc2fd76b101dd8e41cca4042514a6b15d137d958735961e3c32a49e0640ad564d533d20adc203c5befdb1186ca18646b729a5cb4531922d24a17b4389ea" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "abcdef0123456789", + "msg_prime": "616263646566303132333435363738390080515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "34dcc64cee945b94c5e29a9aa6b859b8a9705fe020bf7443eaab4c8269e739904e2703cef64e1823b5c848570db97b28da7869f52c24573d8f759b7181726e186dcff940eea5f70a11ebd14b4c90c3b17805ce91dc3157ce635e9d11fe56d86dfa76a79e84c11e253653350d2f954922077f2ea6a17104dd0fd963d7fe4568d3" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq", + "msg_prime": "713132385f71717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171710080515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "b0adc10a4326ae3ddf11c42afb89058625f8812c76b2a0fb17570f7a2acb030e8dd20036d1326984fd0d973197d80fbf461fe18ef394b9a22e609e61d710df43476ddf3a8ca4d32b737bc265d14a204f32173e447db74bc68938b6a6a08e3e9a31968e5d05a0ca213c977e94cffc9a535b5c5198a6c5892bbce1a35ecc7ab2bd" + }, + { + "DST_prime": "515555582d5630312d435330322d776974682d657870616e6465721b", + "len_in_bytes": "0x80", + "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "msg_prime": "613531325f61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161610080515555582d5630312d435330322d776974682d657870616e6465721b", + "uniform_bytes": "50a0cb335f3102a15f3dfed981b0a5fecb3136112532e129d39369a2a92c32a9b0a0181af9839039c0e98a3b66a0d209fa019134991055284c3f475c9f7c91169dea57aad442f0c98418d36e50fad68e8863109dac6d8cfc6c5fa63e8f1c0468af9980066e87b62caa87f4b3feef0dba8ef894f2957105d111439597d3265b1f" + } + ] +}