Home Explore Help
Sign In
cpp
/
ZeroTierOne
mirror of https://github.com/zerotier/ZeroTierOne
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

P-384 test vectors

Adam Ierymenko 6 years ago
parent
94ba242c33
commit
da2965cb4e
1 changed files with 27 additions and 3 deletions
Split View Show Diff Stats
  1. 27 3
      selftest.cpp

+ 27 - 3
selftest.cpp
View File 

@@ -79,6 +79,14 @@ using namespace ZeroTier;
 
 #define KNOWN_GOOD_IDENTITY "8e4df28b72:0:ac3d46abe0c21f3cfe7a6c8d6a85cfcffcb82fbd55af6a4d6350657c68200843fa2e16f9418bbd9702cae365f2af5fb4c420908b803a681d4daef6114d78a2d7:bd8dd6e4ce7022d2f812797a80c6ee8ad180dc4ebf301dec8b06d1be08832bddd63a2f1cfa7b2c504474c75bdc8898ba476ef92e8e2d0509f8441985171ff16e"
 
 #define KNOWN_BAD_IDENTITY "9e4df28b72:0:ac3d46abe0c21f3cfe7a6c8d6a85cfcffcb82fbd55af6a4d6350657c68200843fa2e16f9418bbd9702cae365f2af5fb4c420908b803a681d4daef6114d78a2d7:bd8dd6e4ce7022d2f812797a80c6ee8ad180dc4ebf301dec8b06d1be08832bddd63a2f1cfa7b2c504474c75bdc8898ba476ef92e8e2d0509f8441985171ff16e"
 
 
+// These were generated with some Go code using the NIST P-384 elliptic curve. There
 
+// are official P-384 test vectors but the format of these is funny and converting is
 
+// a pain, so this is easier. We assume the Go runtime's P-384 implementation is correct.
 
+#define ECC384_TEST_PUBLIC "02edbcbb1f239bbd9d3d7cef6b37a32669e94df42664fbac7640c22221a6a3df8c9681760f0e67abd45158b31563fb4971"
 
+#define ECC384_TEST_PRIVATE "62939b4a293cc68698c3d07fb7ff97a2fbc9368a1da5408e4913d41546cbb408fa8cb27fcc3f72f80d167bf0a4c329d3"
 
+#define ECC384_TEST_DH_SELF_AGREE "f696bd1bda5e528c1d56a36ed9bad784dd201b50c9d868b9529327ab17edc6ae895e7fd9461587f4c8472ef786f5870b"
 
+#define ECC384_TEST_SIG "98935f0a052cba3ad7d208de64e7772cbde6d91611d2ef03ba129f1498498c2d3650d9cfbb2beacb28e70b90439e018b52db46ecc7f6a95688003cdb4ffe04a1c74c3ffcb8c8704212f437facdb9172f608cb605c6ce37d6c9f00b233910290d"
 
+
 
 static const unsigned char s20TV0Key[32] = { 0x0f,0x62,0xb5,0x08,0x5b,0xae,0x01,0x54,0xa7,0xfa,0x4d,0xa0,0xf3,0x46,0x99,0xec,0x3f,0x92,0xe5,0x38,0x8b,0xde,0x31,0x84,0xd7,0x2a,0x7d,0xd0,0x23,0x76,0xc9,0x1c };
 
 static const unsigned char s20TV0Iv[8] = { 0x28,0x8f,0xf6,0x5d,0xc4,0x2b,0x92,0xf9 };
 
 static const unsigned char s20TV0Ks[64] = { 0x5e,0x5e,0x71,0xf9,0x01,0x99,0x34,0x03,0x04,0xab,0xb2,0x2a,0x37,0xb6,0x62,0x5b,0xf8,0x83,0xfb,0x89,0xce,0x3b,0x21,0xf5,0x4a,0x10,0xb8,0x10,0x66,0xef,0x87,0xda,0x30,0xb7,0x76,0x99,0xaa,0x73,0x79,0xda,0x59,0x5c,0x77,0xdd,0x59,0x54,0x2d,0xa2,0x08,0xe5,0x95,0x4f,0x89,0xe4,0x0e,0xb7,0xaa,0x80,0xa8,0x4a,0x61,0x76,0x66,0x3f };
 
@@ -315,16 +323,16 @@ static int testCrypto()
 
 		Utils::getSecureRandom(p384hash,sizeof(p384hash));
 
 		ECC384ECDSASign(p384priv,p384hash,p384sig);
 
 		if (!ECC384ECDSAVerify(p384pub,p384hash,p384sig)) {
 
-			std::cout << "[crypto]   Signature: FAILED (verify good signature)" << std::endl;
 
+			std::cout << "[crypto]   ECDSA Signature: FAILED (verify good signature)" << std::endl;
 
 			return -1;
 
 		}
 
 		++p384sig[0];
 
 		if (ECC384ECDSAVerify(p384pub,p384hash,p384sig)) {
 
-			std::cout << "[crypto]   Signature: FAILED (verify bad signature)" << std::endl;
 
+			std::cout << "[crypto]   ECDSA Signature: FAILED (verify bad signature)" << std::endl;
 
 			return -1;
 
 		}
 
 		--p384sig[0];
 
-		std::cout << "[crypto]   Signature: " << Utils::hex(p384sig,sizeof(p384sig),p384hex) << std::endl;
 
+		std::cout << "[crypto]   ECDSA Signature: " << Utils::hex(p384sig,sizeof(p384sig),p384hex) << std::endl;
 
 		uint8_t p384pub2[ZT_ECC384_PUBLIC_KEY_SIZE],p384priv2[ZT_ECC384_PRIVATE_KEY_SIZE],p384sec[ZT_ECC384_SHARED_SECRET_SIZE],p384sec2[ZT_ECC384_SHARED_SECRET_SIZE];
 
 		ECC384GenerateKey(p384pub2,p384priv2);
 
 		ECC384ECDH(p384pub,p384priv2,p384sec);
 
@@ -334,6 +342,22 @@ static int testCrypto()
 
 			return -1;
 
 		}
 
 		std::cout << "[crypto]   ECDH Agree: " << Utils::hex(p384sec,sizeof(p384sec),p384hex) << std::endl;
 
+
 
+		Utils::unhex(ECC384_TEST_PUBLIC,p384pub,sizeof(p384pub));
 
+		Utils::unhex(ECC384_TEST_PRIVATE,p384priv,sizeof(p384priv));
 
+		ECC384ECDH(p384pub,p384priv,p384sec);
 
+		Utils::unhex(ECC384_TEST_DH_SELF_AGREE,p384sec2,sizeof(p384sec2));
 
+		if (memcmp(p384sec,p384sec2,ZT_ECC384_SHARED_SECRET_SIZE)) {
 
+			std::cout << "[crypto]   ECDH Test Vector: FAILED (secrets do not match)" << std::endl;
 
+			return -1;
 
+		}
 
+		std::cout << "[crypto]   ECDH Test Vector: PASS" << std::endl;
 
+		Utils::unhex(ECC384_TEST_SIG,p384sig,sizeof(p384sig));
 
+		if (!ECC384ECDSAVerify(p384pub,p384pub,p384sig)) {
 
+			std::cout << "[crypto]   ECDSA Test Vector: FAILED (verify failed)" << std::endl;
 
+			return -1;
 
+		}
 
+		std::cout << "[crypto]   ECDSA Test Vector: PASS" << std::endl;
 
 	}
 
 
 	std::cout << "[crypto] Testing C25519 and Ed25519 against test vectors... "; std::cout.flush();