Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for secp256k1 elliptic curve #457

Merged
merged 6 commits into from
Apr 13, 2022
Merged

Add support for secp256k1 elliptic curve #457

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7a1b109
add secp256k1
Apr 11, 2022
0e91f0c
Fix for the speed test
Apr 11, 2022
0a62144
Merge remote-tracking branch 'upstream/main' into add_secp256k1
Apr 12, 2022
993c818
Added more tests
Apr 13, 2022
76e6e10
Addressing CR
Apr 13, 2022
88fe6fe
Merge branch 'main' into add_secp256k1
dkostic Apr 13, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions crypto/evp_extra/evp_test.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -664,15 +664,22 @@ TEST(EVPTest, WycheproofECDSAP256) {
TEST(EVPTest, WycheproofECDSAP384) {
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp384r1_sha384_test.txt");
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt");
}

TEST(EVPTest, WycheproofECDSAP521) {
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt");
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp521r1_sha512_test.txt");
}

TEST(EVPTest, WycheproofECDSAsecp256k1) {
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp256k1_sha256_test.txt");
RunWycheproofVerifyTest(
"third_party/wycheproof_testvectors/ecdsa_secp256k1_sha512_test.txt");
}

TEST(EVPTest, WycheproofEdDSA) {
RunWycheproofVerifyTest("third_party/wycheproof_testvectors/eddsa_test.txt");
}
Expand Down
90 changes: 90 additions & 0 deletions crypto/fipsmodule/ec/ec_test.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,6 +378,48 @@ static const uint8_t kP521PublicKey_compressed_0x03[] = {
0x9f, 0x5f, 0xb4, 0xf8, 0xe7, 0x7b
};

static const uint8_t ksecp256k1PublicKey_uncompressed_0x02[] = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How were the new tests generated?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I used Sage to generate a random point :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For posterity, the Sage code to generate a random point on secp256k1. The setup of the curve is taken from this very useful webpage (that covers many other curves as well): https://neuromancer.sk/std/secg/secp256k1#

p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
K = GF(p)
a = K(0x0000000000000000000000000000000000000000000000000000000000000000)
b = K(0x0000000000000000000000000000000000000000000000000000000000000007)
E = EllipticCurve(K, (a, b))
G = E(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798, 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)
E.set_order(0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 * 0x1)

(x, y, z) = E.random_element()

/* uncompressed */
0x04,
/* x-coordinate */
0xc5, 0xea, 0xe6, 0x37, 0xf3, 0xbd, 0x76, 0xad, 0x09, 0x64, 0x54, 0x9d,
0x52, 0xa6, 0x00, 0x46, 0x7e, 0xdb, 0x30, 0x3d, 0x9c, 0x32, 0xa8, 0xab,
0x12, 0xd0, 0xed, 0x0a, 0x88, 0x67, 0x59, 0x0b,
/* y-coordinate */
0xfc, 0x97, 0x38, 0x6b, 0xc9, 0x8f, 0xf5, 0xfc, 0x2d, 0xa5, 0x77, 0x96,
0x62, 0xd2, 0x72, 0x69, 0x6a, 0xd2, 0xac, 0xa3, 0x7b, 0x4d, 0x5c, 0x84,
0x6c, 0xa4, 0x2c, 0xec, 0xb2, 0x4c, 0x3d, 0x94
};

static const uint8_t ksecp256k1PublicKey_compressed_0x02[] = {
0x02,
/* x-coordinate */
0xc5, 0xea, 0xe6, 0x37, 0xf3, 0xbd, 0x76, 0xad, 0x09, 0x64, 0x54, 0x9d,
0x52, 0xa6, 0x00, 0x46, 0x7e, 0xdb, 0x30, 0x3d, 0x9c, 0x32, 0xa8, 0xab,
0x12, 0xd0, 0xed, 0x0a, 0x88, 0x67, 0x59, 0x0b
};

static const uint8_t ksecp256k1PublicKey_uncompressed_0x03[] = {
/* uncompressed */
0x04,
/* x-coordinate */
0xad, 0xa8, 0x37, 0xe6, 0x83, 0x94, 0x67, 0xbf, 0x79, 0xa8, 0xa8, 0x3b,
0x17, 0x3d, 0x4a, 0x56, 0x07, 0xa0, 0x57, 0x66, 0x19, 0xc6, 0x67, 0x56,
0xa2, 0x48, 0x8c, 0x6d, 0xff, 0xda, 0xf2, 0xa9,
/* y-coordinate */
0x50, 0xd1, 0x4b, 0xff, 0x7a, 0x83, 0xb7, 0x02, 0x4c, 0xeb, 0x29, 0x2e,
0xc8, 0x32, 0xa0, 0x16, 0xc5, 0x83, 0x74, 0x80, 0x1a, 0xf6, 0xc8, 0xb8,
0xb8, 0x1d, 0x6a, 0xa6, 0xdc, 0xae, 0xfe, 0x63
};

static const uint8_t ksecp256k1PublicKey_compressed_0x03[] = {
0x03,
/* x-coordinate */
0xad, 0xa8, 0x37, 0xe6, 0x83, 0x94, 0x67, 0xbf, 0x79, 0xa8, 0xa8, 0x3b,
0x17, 0x3d, 0x4a, 0x56, 0x07, 0xa0, 0x57, 0x66, 0x19, 0xc6, 0x67, 0x56,
0xa2, 0x48, 0x8c, 0x6d, 0xff, 0xda, 0xf2, 0xa9
};

struct ECPublicKeyTestInput {
const uint8_t *input_key;
size_t input_key_len;
Expand Down Expand Up @@ -411,6 +453,12 @@ struct ECPublicKeyTestInput {
kP521PublicKey_uncompressed_0x02, sizeof(kP521PublicKey_uncompressed_0x02),
NID_secp521r1
},
{
ksecp256k1PublicKey_uncompressed_0x02, sizeof(ksecp256k1PublicKey_uncompressed_0x02),
POINT_CONVERSION_UNCOMPRESSED,
ksecp256k1PublicKey_uncompressed_0x02, sizeof(ksecp256k1PublicKey_uncompressed_0x02),
NID_secp256k1
},
{
kP224PublicKey_uncompressed_0x03, sizeof(kP224PublicKey_uncompressed_0x03),
POINT_CONVERSION_UNCOMPRESSED,
Expand All @@ -435,6 +483,12 @@ struct ECPublicKeyTestInput {
kP521PublicKey_uncompressed_0x03, sizeof(kP521PublicKey_uncompressed_0x03),
NID_secp521r1
},
{
ksecp256k1PublicKey_uncompressed_0x03, sizeof(ksecp256k1PublicKey_uncompressed_0x03),
POINT_CONVERSION_UNCOMPRESSED,
ksecp256k1PublicKey_uncompressed_0x03, sizeof(ksecp256k1PublicKey_uncompressed_0x03),
NID_secp256k1
},
/* Test 2: decode compressed |EC_KEY|, and then encode with the same |conv_form|. */
{
kP224PublicKey_compressed_0x02, sizeof(kP224PublicKey_compressed_0x02),
Expand All @@ -460,6 +514,12 @@ struct ECPublicKeyTestInput {
kP521PublicKey_compressed_0x02, sizeof(kP521PublicKey_compressed_0x02),
NID_secp521r1
},
{
ksecp256k1PublicKey_compressed_0x02, sizeof(ksecp256k1PublicKey_compressed_0x02),
POINT_CONVERSION_COMPRESSED,
ksecp256k1PublicKey_compressed_0x02, sizeof(ksecp256k1PublicKey_compressed_0x02),
NID_secp256k1
},
{
kP224PublicKey_compressed_0x03, sizeof(kP224PublicKey_compressed_0x03),
POINT_CONVERSION_COMPRESSED,
Expand All @@ -484,6 +544,12 @@ struct ECPublicKeyTestInput {
kP521PublicKey_compressed_0x03, sizeof(kP521PublicKey_compressed_0x03),
NID_secp521r1
},
{
ksecp256k1PublicKey_compressed_0x03, sizeof(ksecp256k1PublicKey_compressed_0x03),
POINT_CONVERSION_COMPRESSED,
ksecp256k1PublicKey_compressed_0x03, sizeof(ksecp256k1PublicKey_compressed_0x03),
NID_secp256k1
},
/* Test 3: decode compressed |EC_KEY|, and then encode with uncompressed |conv_form|. */
{
kP224PublicKey_compressed_0x02, sizeof(kP224PublicKey_compressed_0x02),
Expand All @@ -509,6 +575,12 @@ struct ECPublicKeyTestInput {
kP521PublicKey_uncompressed_0x02, sizeof(kP521PublicKey_uncompressed_0x02),
NID_secp521r1
},
{
ksecp256k1PublicKey_compressed_0x02, sizeof(ksecp256k1PublicKey_compressed_0x02),
POINT_CONVERSION_UNCOMPRESSED,
ksecp256k1PublicKey_uncompressed_0x02, sizeof(ksecp256k1PublicKey_uncompressed_0x02),
NID_secp256k1
},
{
kP224PublicKey_compressed_0x03, sizeof(kP224PublicKey_compressed_0x03),
POINT_CONVERSION_UNCOMPRESSED,
Expand All @@ -533,6 +605,12 @@ struct ECPublicKeyTestInput {
kP521PublicKey_uncompressed_0x03, sizeof(kP521PublicKey_uncompressed_0x03),
NID_secp521r1
},
{
ksecp256k1PublicKey_compressed_0x03, sizeof(ksecp256k1PublicKey_compressed_0x03),
POINT_CONVERSION_UNCOMPRESSED,
ksecp256k1PublicKey_uncompressed_0x03, sizeof(ksecp256k1PublicKey_uncompressed_0x03),
NID_secp256k1
},
/* Test 4: decode uncompressed |EC_KEY|, and then encode with compressed |conv_form|. */
{
kP224PublicKey_uncompressed_0x02, sizeof(kP224PublicKey_uncompressed_0x02),
Expand All @@ -558,6 +636,12 @@ struct ECPublicKeyTestInput {
kP521PublicKey_compressed_0x02, sizeof(kP521PublicKey_compressed_0x02),
NID_secp521r1
},
{
ksecp256k1PublicKey_uncompressed_0x02, sizeof(ksecp256k1PublicKey_uncompressed_0x02),
POINT_CONVERSION_COMPRESSED,
ksecp256k1PublicKey_compressed_0x02, sizeof(ksecp256k1PublicKey_compressed_0x02),
NID_secp256k1
},
{
kP224PublicKey_uncompressed_0x03, sizeof(kP224PublicKey_uncompressed_0x03),
POINT_CONVERSION_COMPRESSED,
Expand All @@ -581,6 +665,12 @@ struct ECPublicKeyTestInput {
POINT_CONVERSION_COMPRESSED,
kP521PublicKey_compressed_0x03, sizeof(kP521PublicKey_compressed_0x03),
NID_secp521r1
},
{
ksecp256k1PublicKey_uncompressed_0x03, sizeof(ksecp256k1PublicKey_uncompressed_0x03),
POINT_CONVERSION_COMPRESSED,
ksecp256k1PublicKey_compressed_0x03, sizeof(ksecp256k1PublicKey_compressed_0x03),
NID_secp256k1
}
};

Expand Down
2 changes: 2 additions & 0 deletions sources.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,8 @@ set(
third_party/wycheproof_testvectors/ecdsa_secp384r1_sha384_test.txt
third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt
third_party/wycheproof_testvectors/ecdsa_secp521r1_sha512_test.txt
third_party/wycheproof_testvectors/ecdsa_secp256k1_sha256_test.txt
third_party/wycheproof_testvectors/ecdsa_secp256k1_sha512_test.txt
third_party/wycheproof_testvectors/eddsa_test.txt
third_party/wycheproof_testvectors/hkdf_sha1_test.txt
third_party/wycheproof_testvectors/hkdf_sha256_test.txt
Expand Down
Loading