ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-02-21 10:01:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

P-384 test vectors

Browse Source
This commit is contained in:
Adam Ierymenko 2019-07-16 17:25:25 -05:00
parent 94ba242c33
commit da2965cb4e
1 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
selftest.cpp
View File

@ -79,6 +79,14 @@ using namespace ZeroTier;
#define KNOWN_GOOD_IDENTITY "8e4df28b72:0:ac3d46abe0c21f3cfe7a6c8d6a85cfcffcb82fbd55af6a4d6350657c68200843fa2e16f9418bbd9702cae365f2af5fb4c420908b803a681d4daef6114d78a2d7:bd8dd6e4ce7022d2f812797a80c6ee8ad180dc4ebf301dec8b06d1be08832bddd63a2f1cfa7b2c504474c75bdc8898ba476ef92e8e2d0509f8441985171ff16e"
#define KNOWN_BAD_IDENTITY "9e4df28b72:0:ac3d46abe0c21f3cfe7a6c8d6a85cfcffcb82fbd55af6a4d6350657c68200843fa2e16f9418bbd9702cae365f2af5fb4c420908b803a681d4daef6114d78a2d7:bd8dd6e4ce7022d2f812797a80c6ee8ad180dc4ebf301dec8b06d1be08832bddd63a2f1cfa7b2c504474c75bdc8898ba476ef92e8e2d0509f8441985171ff16e"
// These were generated with some Go code using the NIST P-384 elliptic curve. There
// are official P-384 test vectors but the format of these is funny and converting is
// a pain, so this is easier. We assume the Go runtime's P-384 implementation is correct.
#define ECC384_TEST_PUBLIC "02edbcbb1f239bbd9d3d7cef6b37a32669e94df42664fbac7640c22221a6a3df8c9681760f0e67abd45158b31563fb4971"
#define ECC384_TEST_PRIVATE "62939b4a293cc68698c3d07fb7ff97a2fbc9368a1da5408e4913d41546cbb408fa8cb27fcc3f72f80d167bf0a4c329d3"
#define ECC384_TEST_DH_SELF_AGREE "f696bd1bda5e528c1d56a36ed9bad784dd201b50c9d868b9529327ab17edc6ae895e7fd9461587f4c8472ef786f5870b"
#define ECC384_TEST_SIG "98935f0a052cba3ad7d208de64e7772cbde6d91611d2ef03ba129f1498498c2d3650d9cfbb2beacb28e70b90439e018b52db46ecc7f6a95688003cdb4ffe04a1c74c3ffcb8c8704212f437facdb9172f608cb605c6ce37d6c9f00b233910290d"
static const unsigned char s20TV0Key[32] = { 0x0f,0x62,0xb5,0x08,0x5b,0xae,0x01,0x54,0xa7,0xfa,0x4d,0xa0,0xf3,0x46,0x99,0xec,0x3f,0x92,0xe5,0x38,0x8b,0xde,0x31,0x84,0xd7,0x2a,0x7d,0xd0,0x23,0x76,0xc9,0x1c };
static const unsigned char s20TV0Iv[8] = { 0x28,0x8f,0xf6,0x5d,0xc4,0x2b,0x92,0xf9 };
static const unsigned char s20TV0Ks[64] = { 0x5e,0x5e,0x71,0xf9,0x01,0x99,0x34,0x03,0x04,0xab,0xb2,0x2a,0x37,0xb6,0x62,0x5b,0xf8,0x83,0xfb,0x89,0xce,0x3b,0x21,0xf5,0x4a,0x10,0xb8,0x10,0x66,0xef,0x87,0xda,0x30,0xb7,0x76,0x99,0xaa,0x73,0x79,0xda,0x59,0x5c,0x77,0xdd,0x59,0x54,0x2d,0xa2,0x08,0xe5,0x95,0x4f,0x89,0xe4,0x0e,0xb7,0xaa,0x80,0xa8,0x4a,0x61,0x76,0x66,0x3f };
@ -315,16 +323,16 @@ static int testCrypto()
Utils::getSecureRandom(p384hash,sizeof(p384hash));
ECC384ECDSASign(p384priv,p384hash,p384sig);
if (!ECC384ECDSAVerify(p384pub,p384hash,p384sig)) {
std::cout << "[crypto] Signature: FAILED (verify good signature)" << std::endl;
std::cout << "[crypto] ECDSA Signature: FAILED (verify good signature)" << std::endl;
return -1;
}
++p384sig[0];
if (ECC384ECDSAVerify(p384pub,p384hash,p384sig)) {
std::cout << "[crypto] Signature: FAILED (verify bad signature)" << std::endl;
std::cout << "[crypto] ECDSA Signature: FAILED (verify bad signature)" << std::endl;
return -1;
}
--p384sig[0];
std::cout << "[crypto] Signature: " << Utils::hex(p384sig,sizeof(p384sig),p384hex) << std::endl;
std::cout << "[crypto] ECDSA Signature: " << Utils::hex(p384sig,sizeof(p384sig),p384hex) << std::endl;
uint8_t p384pub2[ZT_ECC384_PUBLIC_KEY_SIZE],p384priv2[ZT_ECC384_PRIVATE_KEY_SIZE],p384sec[ZT_ECC384_SHARED_SECRET_SIZE],p384sec2[ZT_ECC384_SHARED_SECRET_SIZE];
ECC384GenerateKey(p384pub2,p384priv2);
ECC384ECDH(p384pub,p384priv2,p384sec);
@ -334,6 +342,22 @@ static int testCrypto()
return -1;
}
std::cout << "[crypto] ECDH Agree: " << Utils::hex(p384sec,sizeof(p384sec),p384hex) << std::endl;
Utils::unhex(ECC384_TEST_PUBLIC,p384pub,sizeof(p384pub));
Utils::unhex(ECC384_TEST_PRIVATE,p384priv,sizeof(p384priv));
ECC384ECDH(p384pub,p384priv,p384sec);
Utils::unhex(ECC384_TEST_DH_SELF_AGREE,p384sec2,sizeof(p384sec2));
if (memcmp(p384sec,p384sec2,ZT_ECC384_SHARED_SECRET_SIZE)) {
std::cout << "[crypto] ECDH Test Vector: FAILED (secrets do not match)" << std::endl;
return -1;
}
std::cout << "[crypto] ECDH Test Vector: PASS" << std::endl;
Utils::unhex(ECC384_TEST_SIG,p384sig,sizeof(p384sig));
if (!ECC384ECDSAVerify(p384pub,p384pub,p384sig)) {
std::cout << "[crypto] ECDSA Test Vector: FAILED (verify failed)" << std::endl;
return -1;
}
std::cout << "[crypto] ECDSA Test Vector: PASS" << std::endl;
}
std::cout << "[crypto] Testing C25519 and Ed25519 against test vectors... "; std::cout.flush();