From f53117a8c42871ee8ae74ff8579347da8eacf7f6 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 14 Jan 2025 19:16:10 +0000 Subject: [PATCH 1/7] hacl-rs p256 ecdsa --- Cargo.toml | 2 + ecdsa/Cargo.toml | 15 + ecdsa/src/lib.rs | 21 + ecdsa/src/p256.rs | 267 ++++ p256/Cargo.toml | 18 + p256/src/lib.rs | 9 + p256/src/p256.rs | 2403 +++++++++++++++++++++++++++++++++ p256/src/p256_precomptable.rs | 1174 ++++++++++++++++ 8 files changed, 3909 insertions(+) create mode 100644 ecdsa/Cargo.toml create mode 100644 ecdsa/src/lib.rs create mode 100644 ecdsa/src/p256.rs create mode 100644 p256/Cargo.toml create mode 100644 p256/src/lib.rs create mode 100644 p256/src/p256.rs create mode 100644 p256/src/p256_precomptable.rs diff --git a/Cargo.toml b/Cargo.toml index 36b0ccb0a..3c672622f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,6 +26,8 @@ members = [ "poly1305", "chacha20poly1305", "rsa", + "ecdsa", + "p256", "blake2", ] diff --git a/ecdsa/Cargo.toml b/ecdsa/Cargo.toml new file mode 100644 index 000000000..7d84b8f61 --- /dev/null +++ b/ecdsa/Cargo.toml @@ -0,0 +1,15 @@ +[package] +name = "librux-ecdsa" +description = "Formally verified ECDSA signature library" + +version.workspace = true +authors.workspace = true +license.workspace = true +homepage.workspace = true +edition.workspace = true +repository.workspace = true +readme.workspace = true + +[dependencies] +libcrux-p256 = { version = "=0.0.2-beta.2", path = "../p256" } +rand = { version = "0.8" } diff --git a/ecdsa/src/lib.rs b/ecdsa/src/lib.rs new file mode 100644 index 000000000..aabbeabd5 --- /dev/null +++ b/ecdsa/src/lib.rs @@ -0,0 +1,21 @@ +//! # ECDSA +//! +//! A formally verified implementation of ECDSA on P-curves. +//! +//! For now only P-256 is supported. + +#![no_std] +#![forbid(unsafe_code)] + +pub mod p256; + +#[derive(Debug, PartialEq, Eq, Clone, Copy)] +pub enum Error { + InvalidInput, + InvalidScalar, + InvalidPoint, + NoCompressedPoint, + NoUnCompressedPoint, + SigningError, + InvalidSignature, +} diff --git a/ecdsa/src/p256.rs b/ecdsa/src/p256.rs new file mode 100644 index 000000000..a9b0a84e0 --- /dev/null +++ b/ecdsa/src/p256.rs @@ -0,0 +1,267 @@ +use libcrux_p256::{ + compressed_to_raw, ecdsa_sign_p256_sha2, ecdsa_verif_p256_sha2, uncompressed_to_raw, + validate_private_key, validate_public_key, +}; +use rand::{CryptoRng, RngCore}; + +use super::Error; + +/// A P-256 Signature +#[derive(Clone, Default)] +pub struct Signature { + r: [u8; 32], + s: [u8; 32], +} + +/// An ECDSA P-256 private key +pub struct PrivateKey([u8; 32]); + +#[derive(Debug)] +pub struct PublicKey(pub [u8; 64]); + +mod conversions { + use super::*; + + impl Signature { + /// Generate a signature from the raw values r and s. + pub fn from_raw(r: [u8; 32], s: [u8; 32]) -> Self { + Self { r, s } + } + + /// Generate a signature from the raw values r || s. + pub fn from_bytes(signature_bytes: [u8; 64]) -> Self { + Self { + r: signature_bytes[0..32].try_into().unwrap(), + s: signature_bytes[32..].try_into().unwrap(), + } + } + + /// Get the signature as the two raw 32 bytes `(r, s)`. + pub fn as_bytes(&self) -> (&[u8; 32], &[u8; 32]) { + (&self.r, &self.s) + } + } + + impl From<&[u8; 32]> for PrivateKey { + fn from(value: &[u8; 32]) -> Self { + Self(*value) + } + } + + impl TryFrom<&[u8]> for PrivateKey { + type Error = Error; + + fn try_from(value: &[u8]) -> Result { + Ok(Self(value.try_into().map_err(|_| Error::InvalidScalar)?)) + } + } + + impl AsRef<[u8]> for PrivateKey { + fn as_ref(&self) -> &[u8] { + &self.0 + } + } + + impl AsRef<[u8; 32]> for PrivateKey { + fn as_ref(&self) -> &[u8; 32] { + &self.0 + } + } + + impl From<&[u8; 64]> for PublicKey { + fn from(value: &[u8; 64]) -> Self { + Self(*value) + } + } + + impl TryFrom<&[u8]> for PublicKey { + type Error = Error; + + fn try_from(value: &[u8]) -> Result { + Ok(Self(value.try_into().map_err(|_| Error::InvalidPoint)?)) + } + } + + impl AsRef<[u8]> for PublicKey { + fn as_ref(&self) -> &[u8] { + &self.0 + } + } + + impl AsRef<[u8; 64]> for PublicKey { + fn as_ref(&self) -> &[u8; 64] { + &self.0 + } + } +} + +/// Parse an uncompressed P256 point and return the 64 byte array with the +/// concatenation of X||Y +pub fn uncompressed_to_coordinates(point: &[u8]) -> Result<[u8; 64], Error> { + let mut concat_point = [0u8; 64]; + if point.len() >= 65 { + if uncompressed_to_raw(point, &mut concat_point) { + Ok(concat_point) + } else { + Err(Error::InvalidInput) + } + } else { + Err(Error::NoCompressedPoint) + } +} + +/// Parse an compressed P256 point and return the 64 byte array with the +/// concatenation of `X` and `Y`. +pub fn compressed_to_coordinates(point: &[u8]) -> Result<[u8; 64], Error> { + let mut concat_point = [0u8; 64]; + if point.len() >= 33 { + if compressed_to_raw(point, &mut concat_point) { + Ok(concat_point) + } else { + Err(Error::InvalidInput) + } + } else { + Err(Error::NoUnCompressedPoint) + } +} + +/// Validate a P256 point, where `point` is a 64 byte array with the +/// concatenation of `X` and `Y`. +/// +/// Returns [`Error::InvalidPoint`] if the `point` is not valid. +pub fn validate_point(point: impl AsRef<[u8; 64]>) -> Result<(), Error> { + if validate_public_key(point.as_ref()) { + Ok(()) + } else { + Err(Error::InvalidPoint) + } +} + +/// Validate a P256 secret key (scalar). +/// +/// Returns [`Error::InvalidScalar`] if the `scalar` is not valid. +pub fn validate_scalar(scalar: &impl AsRef<[u8; 32]>) -> Result<(), Error> { + validate_scalar_(scalar.as_ref()) +} + +/// Validate a P256 secret key (scalar). +/// +/// Returns [`Error::InvalidScalar`] if the `scalar` is not valid. +fn validate_scalar_(scalar: &[u8; 32]) -> Result<(), Error> { + if scalar.as_ref().iter().all(|b| *b == 0) { + return Err(Error::InvalidScalar); + } + + // Ensure that the key is in range [1, p-1] + if validate_private_key(scalar.as_ref()) { + Ok(()) + } else { + Err(Error::InvalidScalar) + } +} + +/// Validate a P256 secret key (scalar). +fn validate_scalar_slice(scalar: &[u8]) -> Result { + if scalar.is_empty() { + return Err(Error::InvalidScalar); + } + + let mut private = [0u8; 32]; + // Force the length of `sk` to 32 bytes. + let sk_len = if scalar.len() >= 32 { 32 } else { scalar.len() }; + for i in 0..sk_len { + private[31 - i] = scalar[scalar.len() - 1 - i]; + } + + validate_scalar_(&private).map(|_| PrivateKey(private)) +} + +/// Prepare the nonce for EcDSA and validate the key +fn ecdsa_p256_sign_prep( + private_key: &[u8], + rng: &mut (impl CryptoRng + RngCore), +) -> Result<(PrivateKey, [u8; 32]), Error> { + let private_key = validate_scalar_slice(private_key).map_err(|_| Error::SigningError)?; + + let mut nonce = [0u8; 32]; + loop { + rng.try_fill_bytes(&mut nonce) + .map_err(|_| Error::SigningError)?; + + // Make sure it's a valid nonce. + if validate_scalar_slice(&nonce).is_ok() { + break; + } + } + + Ok((private_key, nonce)) +} + +/// Sign the `payload` with the `private_key`. +pub fn sign( + payload: &[u8], + private_key: &[u8], + rng: &mut (impl CryptoRng + RngCore), +) -> Result { + let (private_key, nonce) = ecdsa_p256_sign_prep(private_key, rng)?; + + let mut signature = [0u8; 64]; + let len = u32_len(payload)?; + + if !ecdsa_sign_p256_sha2(&mut signature, len, payload, private_key.as_ref(), &nonce) { + return Err(Error::SigningError); + } + + Ok(Signature { + r: signature[..32] + .try_into() + .map_err(|_| Error::SigningError)?, + s: signature[32..] + .try_into() + .map_err(|_| Error::SigningError)?, + }) +} + +fn u32_len(bytes: &[u8]) -> Result { + if bytes.len() > u32::MAX as usize { + return Err(Error::InvalidInput); + } else { + Ok(bytes.len() as u32) + } +} + +/// Prepare the public key for EcDSA +fn ecdsa_p256_verify_prep(public_key: &[u8]) -> Result<[u8; 64], Error> { + if public_key.is_empty() { + return Err(Error::SigningError); + } + + // Parse the public key. + let pk = if let Ok(pk) = uncompressed_to_coordinates(public_key) { + pk + } else { + // Might be uncompressed + if let Ok(pk) = compressed_to_coordinates(public_key) { + pk + } else { + // Might be a simple concatenation + public_key.try_into().map_err(|_| Error::InvalidSignature)? + } + }; + + validate_point(PublicKey(pk)).map(|()| pk) +} + +/// Verify the `payload` and `signature` with the `public_key`. +/// +/// Return `()` or [`Error::InvalidSignature`]. +pub fn verify(payload: &[u8], signature: &Signature, public_key: &PublicKey) -> Result<(), Error> { + let pk = ecdsa_p256_verify_prep(public_key.as_ref())?; + let len = u32_len(payload)?; + + if ecdsa_verif_p256_sha2(len, payload, &pk, &signature.r, &signature.s) { + Ok(()) + } else { + Err(Error::InvalidSignature) + } +} diff --git a/p256/Cargo.toml b/p256/Cargo.toml new file mode 100644 index 000000000..1871e9788 --- /dev/null +++ b/p256/Cargo.toml @@ -0,0 +1,18 @@ +[package] +name = "libcrux-p256" +description = "Formally verified P-256 implementation" + +version.workspace = true +authors.workspace = true +license.workspace = true +homepage.workspace = true +edition.workspace = true +repository.workspace = true +readme.workspace = true + +[dependencies] +libcrux-macros = { version = "=0.0.2-beta.2", path = "../macros" } +libcrux-hacl-rs = { version = "=0.0.2-beta.2", path = "../hacl-rs" } +libcrux-sha2 = { version = "=0.0.2-beta.2", path = "../sha2", features = [ + "expose-hacl", +] } diff --git a/p256/src/lib.rs b/p256/src/lib.rs new file mode 100644 index 000000000..633b14f8e --- /dev/null +++ b/p256/src/lib.rs @@ -0,0 +1,9 @@ +//! A P-256 implementation. +//! +//! This crate should not be used directly and is internal to libcrux. + +// HACL* generated code +mod p256; +mod p256_precomptable; + +pub use p256::*; diff --git a/p256/src/p256.rs b/p256/src/p256.rs new file mode 100644 index 000000000..972e85751 --- /dev/null +++ b/p256/src/p256.rs @@ -0,0 +1,2403 @@ +//! This file is auto-generated by HACL*. + +#![allow(non_snake_case)] + +use libcrux_hacl_rs::prelude::*; +use libcrux_macros as krml; + +#[inline] +fn bn_is_zero_mask4(f: &[u64]) -> u64 { + let bn_zero: [u64; 4] = [0u64; 4usize]; + let mut mask: [u64; 1] = [0xFFFFFFFFFFFFFFFFu64; 1usize]; + krml::unroll_for!(4, "i", 0u32, 1u32, { + let uu____0: u64 = fstar::uint64::eq_mask(f[i as usize], (&bn_zero)[i as usize]); + (&mut mask)[0usize] = uu____0 & (&mask)[0usize] + }); + let mask1: u64 = (&mask)[0usize]; + let res: u64 = mask1; + res +} + +#[inline] +fn bn_is_zero_vartime4(f: &[u64]) -> bool { + let m: u64 = crate::p256::bn_is_zero_mask4(f); + m == 0xFFFFFFFFFFFFFFFFu64 +} + +#[inline] +fn bn_is_eq_mask4(a: &[u64], b: &[u64]) -> u64 { + let mut mask: [u64; 1] = [0xFFFFFFFFFFFFFFFFu64; 1usize]; + krml::unroll_for!(4, "i", 0u32, 1u32, { + let uu____0: u64 = fstar::uint64::eq_mask(a[i as usize], b[i as usize]); + (&mut mask)[0usize] = uu____0 & (&mask)[0usize] + }); + let mask1: u64 = (&mask)[0usize]; + mask1 +} + +#[inline] +fn bn_is_eq_vartime4(a: &[u64], b: &[u64]) -> bool { + let m: u64 = crate::p256::bn_is_eq_mask4(a, b); + m == 0xFFFFFFFFFFFFFFFFu64 +} + +#[inline] +fn bn_cmovznz4(res: &mut [u64], cin: u64, x: &[u64], y: &[u64]) { + let mask: u64 = !fstar::uint64::eq_mask(cin, 0u64); + krml::unroll_for!(4, "i", 0u32, 1u32, { + let uu____0: u64 = x[i as usize]; + let x1: u64 = uu____0 ^ mask & (y[i as usize] ^ uu____0); + let os: (&mut [u64], &mut [u64]) = res.split_at_mut(0usize); + os.1[i as usize] = x1 + }) +} + +#[inline] +fn bn_add_mod4(res: &mut [u64], n: &[u64], x: &[u64], y: &[u64]) { + let mut c: [u64; 1] = [0u64; 1usize]; + { + let t1: u64 = x[4u32.wrapping_mul(0u32) as usize]; + let t2: u64 = y[4u32.wrapping_mul(0u32) as usize]; + let res_i: (&mut [u64], &mut [u64]) = res.split_at_mut(4u32.wrapping_mul(0u32) as usize); + (&mut c)[0usize] = lib::inttypes_intrinsics::add_carry_u64((&c)[0usize], t1, t2, res_i.1); + let t10: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let t20: u64 = y[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let res_i0: (&mut [u64], &mut [u64]) = res_i.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::add_carry_u64((&c)[0usize], t10, t20, res_i0.1); + let t11: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let t21: u64 = y[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let res_i1: (&mut [u64], &mut [u64]) = res_i0.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::add_carry_u64((&c)[0usize], t11, t21, res_i1.1); + let t12: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let t22: u64 = y[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let res_i2: (&mut [u64], &mut [u64]) = res_i1.1.split_at_mut(1usize); + (&mut c)[0usize] = lib::inttypes_intrinsics::add_carry_u64((&c)[0usize], t12, t22, res_i2.1) + }; + let c0: u64 = (&c)[0usize]; + let mut tmp: [u64; 4] = [0u64; 4usize]; + let mut c1: [u64; 1] = [0u64; 1usize]; + { + let t1: u64 = res[4u32.wrapping_mul(0u32) as usize]; + let t2: u64 = n[4u32.wrapping_mul(0u32) as usize]; + let res_i: (&mut [u64], &mut [u64]) = tmp.split_at_mut(4u32.wrapping_mul(0u32) as usize); + (&mut c1)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c1)[0usize], t1, t2, res_i.1); + let t10: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let t20: u64 = n[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let res_i0: (&mut [u64], &mut [u64]) = res_i.1.split_at_mut(1usize); + (&mut c1)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c1)[0usize], t10, t20, res_i0.1); + let t11: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let t21: u64 = n[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let res_i1: (&mut [u64], &mut [u64]) = res_i0.1.split_at_mut(1usize); + (&mut c1)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c1)[0usize], t11, t21, res_i1.1); + let t12: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let t22: u64 = n[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let res_i2: (&mut [u64], &mut [u64]) = res_i1.1.split_at_mut(1usize); + (&mut c1)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c1)[0usize], t12, t22, res_i2.1) + }; + let c10: u64 = (&c1)[0usize]; + let c2: u64 = c0.wrapping_sub(c10); + krml::unroll_for!(4, "i", 0u32, 1u32, { + let x1: u64 = c2 & res[i as usize] | !c2 & (&tmp)[i as usize]; + let os: (&mut [u64], &mut [u64]) = res.split_at_mut(0usize); + os.1[i as usize] = x1 + }) +} + +#[inline] +fn bn_sub4(res: &mut [u64], x: &[u64], y: &[u64]) -> u64 { + let mut c: [u64; 1] = [0u64; 1usize]; + { + let t1: u64 = x[4u32.wrapping_mul(0u32) as usize]; + let t2: u64 = y[4u32.wrapping_mul(0u32) as usize]; + let res_i: (&mut [u64], &mut [u64]) = res.split_at_mut(4u32.wrapping_mul(0u32) as usize); + (&mut c)[0usize] = lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t1, t2, res_i.1); + let t10: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let t20: u64 = y[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let res_i0: (&mut [u64], &mut [u64]) = res_i.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t10, t20, res_i0.1); + let t11: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let t21: u64 = y[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let res_i1: (&mut [u64], &mut [u64]) = res_i0.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t11, t21, res_i1.1); + let t12: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let t22: u64 = y[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let res_i2: (&mut [u64], &mut [u64]) = res_i1.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t12, t22, res_i2.1) + }; + let c0: u64 = (&c)[0usize]; + c0 +} + +#[inline] +fn bn_sub_mod4(res: &mut [u64], n: &[u64], x: &[u64], y: &[u64]) { + let mut c: [u64; 1] = [0u64; 1usize]; + { + let t1: u64 = x[4u32.wrapping_mul(0u32) as usize]; + let t2: u64 = y[4u32.wrapping_mul(0u32) as usize]; + let res_i: (&mut [u64], &mut [u64]) = res.split_at_mut(4u32.wrapping_mul(0u32) as usize); + (&mut c)[0usize] = lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t1, t2, res_i.1); + let t10: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let t20: u64 = y[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let res_i0: (&mut [u64], &mut [u64]) = res_i.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t10, t20, res_i0.1); + let t11: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let t21: u64 = y[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let res_i1: (&mut [u64], &mut [u64]) = res_i0.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t11, t21, res_i1.1); + let t12: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let t22: u64 = y[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let res_i2: (&mut [u64], &mut [u64]) = res_i1.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t12, t22, res_i2.1) + }; + let c0: u64 = (&c)[0usize]; + let mut tmp: [u64; 4] = [0u64; 4usize]; + let mut c1: [u64; 1] = [0u64; 1usize]; + { + let t1: u64 = res[4u32.wrapping_mul(0u32) as usize]; + let t2: u64 = n[4u32.wrapping_mul(0u32) as usize]; + let res_i: (&mut [u64], &mut [u64]) = tmp.split_at_mut(4u32.wrapping_mul(0u32) as usize); + (&mut c1)[0usize] = lib::inttypes_intrinsics::add_carry_u64((&c1)[0usize], t1, t2, res_i.1); + let t10: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let t20: u64 = n[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let res_i0: (&mut [u64], &mut [u64]) = res_i.1.split_at_mut(1usize); + (&mut c1)[0usize] = + lib::inttypes_intrinsics::add_carry_u64((&c1)[0usize], t10, t20, res_i0.1); + let t11: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let t21: u64 = n[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let res_i1: (&mut [u64], &mut [u64]) = res_i0.1.split_at_mut(1usize); + (&mut c1)[0usize] = + lib::inttypes_intrinsics::add_carry_u64((&c1)[0usize], t11, t21, res_i1.1); + let t12: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let t22: u64 = n[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let res_i2: (&mut [u64], &mut [u64]) = res_i1.1.split_at_mut(1usize); + (&mut c1)[0usize] = + lib::inttypes_intrinsics::add_carry_u64((&c1)[0usize], t12, t22, res_i2.1) + }; + let c10: u64 = (&c1)[0usize]; + lowstar::ignore::ignore::(c10); + let c2: u64 = 0u64.wrapping_sub(c0); + krml::unroll_for!(4, "i", 0u32, 1u32, { + let x1: u64 = c2 & (&tmp)[i as usize] | !c2 & res[i as usize]; + let os: (&mut [u64], &mut [u64]) = res.split_at_mut(0usize); + os.1[i as usize] = x1 + }) +} + +#[inline] +fn bn_mul4(res: &mut [u64], x: &[u64], y: &[u64]) { + (res[0usize..8usize]).copy_from_slice(&[0u64; 8usize]); + krml::unroll_for!(4, "i", 0u32, 1u32, { + let bj: u64 = y[i as usize]; + let res_j: (&mut [u64], &mut [u64]) = res.split_at_mut(i as usize); + let mut c: [u64; 1] = [0u64; 1usize]; + { + let a_i: u64 = x[4u32.wrapping_mul(0u32) as usize]; + let res_i: (&mut [u64], &mut [u64]) = + res_j.1.split_at_mut(4u32.wrapping_mul(0u32) as usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i, bj, (&c)[0usize], res_i.1); + let a_i0: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let res_i0: (&mut [u64], &mut [u64]) = res_i.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i0, bj, (&c)[0usize], res_i0.1); + let a_i1: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let res_i1: (&mut [u64], &mut [u64]) = res_i0.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i1, bj, (&c)[0usize], res_i1.1); + let a_i2: u64 = x[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let res_i2: (&mut [u64], &mut [u64]) = res_i1.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i2, bj, (&c)[0usize], res_i2.1) + }; + let r: u64 = (&c)[0usize]; + res[4u32.wrapping_add(i) as usize] = r + }) +} + +#[inline] +fn bn_sqr4(res: &mut [u64], x: &[u64]) { + (res[0usize..8usize]).copy_from_slice(&[0u64; 8usize]); + krml::unroll_for!(4, "i", 0u32, 1u32, { + let a_j: u64 = x[i as usize]; + let ab: (&[u64], &[u64]) = x.split_at(0usize); + let res_j: (&mut [u64], &mut [u64]) = res.split_at_mut(i as usize); + let mut c: [u64; 1] = [0u64; 1usize]; + for i0 in 0u32..i.wrapping_div(4u32) { + let a_i: u64 = ab.1[4u32.wrapping_mul(i0) as usize]; + let res_i: (&mut [u64], &mut [u64]) = + res_j.1.split_at_mut(4u32.wrapping_mul(i0) as usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i, a_j, (&c)[0usize], res_i.1); + let a_i0: u64 = ab.1[4u32.wrapping_mul(i0).wrapping_add(1u32) as usize]; + let res_i0: (&mut [u64], &mut [u64]) = res_i.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i0, a_j, (&c)[0usize], res_i0.1); + let a_i1: u64 = ab.1[4u32.wrapping_mul(i0).wrapping_add(2u32) as usize]; + let res_i1: (&mut [u64], &mut [u64]) = res_i0.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i1, a_j, (&c)[0usize], res_i1.1); + let a_i2: u64 = ab.1[4u32.wrapping_mul(i0).wrapping_add(3u32) as usize]; + let res_i2: (&mut [u64], &mut [u64]) = res_i1.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i2, a_j, (&c)[0usize], res_i2.1) + } + for i0 in i.wrapping_div(4u32).wrapping_mul(4u32)..i { + let a_i: u64 = ab.1[i0 as usize]; + let res_i: (&mut [u64], &mut [u64]) = res_j.1.split_at_mut(i0 as usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i, a_j, (&c)[0usize], res_i.1) + } + let r: u64 = (&c)[0usize]; + res[i.wrapping_add(i) as usize] = r + }); + let mut a_copy: [u64; 8] = [0u64; 8usize]; + let mut b_copy: [u64; 8] = [0u64; 8usize]; + ((&mut a_copy)[0usize..8usize]).copy_from_slice(&res[0usize..8usize]); + ((&mut b_copy)[0usize..8usize]).copy_from_slice(&res[0usize..8usize]); + let r: u64 = bignum::bignum_base::bn_add_eq_len_u64(8u32, &a_copy, &b_copy, res); + let c0: u64 = r; + lowstar::ignore::ignore::(c0); + let mut tmp: [u64; 8] = [0u64; 8usize]; + krml::unroll_for!(4, "i", 0u32, 1u32, { + let res1: fstar::uint128::uint128 = fstar::uint128::mul_wide(x[i as usize], x[i as usize]); + let hi: u64 = fstar::uint128::uint128_to_uint64(fstar::uint128::shift_right(res1, 64u32)); + let lo: u64 = fstar::uint128::uint128_to_uint64(res1); + (&mut tmp)[2u32.wrapping_mul(i) as usize] = lo; + (&mut tmp)[2u32.wrapping_mul(i).wrapping_add(1u32) as usize] = hi + }); + let mut a_copy0: [u64; 8] = [0u64; 8usize]; + let mut b_copy0: [u64; 8] = [0u64; 8usize]; + ((&mut a_copy0)[0usize..8usize]).copy_from_slice(&res[0usize..8usize]); + ((&mut b_copy0)[0usize..8usize]).copy_from_slice(&(&tmp)[0usize..8usize]); + let r0: u64 = bignum::bignum_base::bn_add_eq_len_u64(8u32, &a_copy0, &b_copy0, res); + let c1: u64 = r0; + lowstar::ignore::ignore::(c1) +} + +#[inline] +fn bn_to_bytes_be4(res: &mut [u8], f: &[u64]) { + let tmp: [u8; 32] = [0u8; 32usize]; + lowstar::ignore::ignore::<&[u8]>(&tmp); + krml::unroll_for!( + 4, + "i", + 0u32, + 1u32, + lowstar::endianness::store64_be( + &mut res[i.wrapping_mul(8u32) as usize..], + f[4u32.wrapping_sub(i).wrapping_sub(1u32) as usize] + ) + ) +} + +#[inline] +fn bn_from_bytes_be4(res: &mut [u64], b: &[u8]) { + krml::unroll_for!(4, "i", 0u32, 1u32, { + let u: u64 = lowstar::endianness::load64_be( + &b[4u32.wrapping_sub(i).wrapping_sub(1u32).wrapping_mul(8u32) as usize..], + ); + let x: u64 = u; + let os: (&mut [u64], &mut [u64]) = res.split_at_mut(0usize); + os.1[i as usize] = x + }) +} + +#[inline] +fn bn2_to_bytes_be4(res: &mut [u8], x: &[u64], y: &[u64]) { + crate::p256::bn_to_bytes_be4(&mut res[0usize..], x); + crate::p256::bn_to_bytes_be4(&mut res[32usize..], y) +} + +#[inline] +fn make_prime(n: &mut [u64]) { + n[0usize] = 0xffffffffffffffffu64; + n[1usize] = 0xffffffffu64; + n[2usize] = 0x0u64; + n[3usize] = 0xffffffff00000001u64 +} + +#[inline] +fn make_order(n: &mut [u64]) { + n[0usize] = 0xf3b9cac2fc632551u64; + n[1usize] = 0xbce6faada7179e84u64; + n[2usize] = 0xffffffffffffffffu64; + n[3usize] = 0xffffffff00000000u64 +} + +#[inline] +fn make_a_coeff(a: &mut [u64]) { + a[0usize] = 0xfffffffffffffffcu64; + a[1usize] = 0x3ffffffffu64; + a[2usize] = 0x0u64; + a[3usize] = 0xfffffffc00000004u64 +} + +#[inline] +fn make_b_coeff(b: &mut [u64]) { + b[0usize] = 0xd89cdf6229c4bddfu64; + b[1usize] = 0xacf005cd78843090u64; + b[2usize] = 0xe5a220abf7212ed6u64; + b[3usize] = 0xdc30061d04874834u64 +} + +#[inline] +fn make_g_x(n: &mut [u64]) { + n[0usize] = 0x79e730d418a9143cu64; + n[1usize] = 0x75ba95fc5fedb601u64; + n[2usize] = 0x79fb732b77622510u64; + n[3usize] = 0x18905f76a53755c6u64 +} + +#[inline] +fn make_g_y(n: &mut [u64]) { + n[0usize] = 0xddf25357ce95560au64; + n[1usize] = 0x8b4ab8e4ba19e45cu64; + n[2usize] = 0xd2e88688dd21f325u64; + n[3usize] = 0x8571ff1825885d85u64 +} + +#[inline] +fn make_fmont_R2(n: &mut [u64]) { + n[0usize] = 0x3u64; + n[1usize] = 0xfffffffbffffffffu64; + n[2usize] = 0xfffffffffffffffeu64; + n[3usize] = 0x4fffffffdu64 +} + +#[inline] +fn make_fzero(n: &mut [u64]) { + n[0usize] = 0u64; + n[1usize] = 0u64; + n[2usize] = 0u64; + n[3usize] = 0u64 +} + +#[inline] +fn make_fone(n: &mut [u64]) { + n[0usize] = 0x1u64; + n[1usize] = 0xffffffff00000000u64; + n[2usize] = 0xffffffffffffffffu64; + n[3usize] = 0xfffffffeu64 +} + +#[inline] +fn bn_is_lt_prime_mask4(f: &[u64]) -> u64 { + let mut tmp: [u64; 4] = [0u64; 4usize]; + crate::p256::make_prime(&mut tmp); + let mut y_copy: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy)[0usize..4usize]).copy_from_slice(&(&tmp)[0usize..4usize]); + let c: u64 = crate::p256::bn_sub4(&mut tmp, f, &y_copy); + let c0: u64 = c; + 0u64.wrapping_sub(c0) +} + +#[inline] +fn feq_mask(a: &[u64], b: &[u64]) -> u64 { + let r: u64 = crate::p256::bn_is_eq_mask4(a, b); + r +} + +#[inline] +fn fadd(res: &mut [u64], x: &[u64], y: &[u64]) { + let mut n: [u64; 4] = [0u64; 4usize]; + crate::p256::make_prime(&mut n); + crate::p256::bn_add_mod4(res, &n, x, y) +} + +#[inline] +fn fsub(res: &mut [u64], x: &[u64], y: &[u64]) { + let mut n: [u64; 4] = [0u64; 4usize]; + crate::p256::make_prime(&mut n); + crate::p256::bn_sub_mod4(res, &n, x, y) +} + +#[inline] +fn fnegate_conditional_vartime(f: &mut [u64], is_negate: bool) { + let zero: [u64; 4] = [0u64; 4usize]; + if is_negate { + let mut y_copy: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy)[0usize..4usize]).copy_from_slice(&f[0usize..4usize]); + crate::p256::fsub(f, &zero, &y_copy) + } +} + +#[inline] +fn mont_reduction(res: &mut [u64], x: &mut [u64]) { + let mut n: [u64; 4] = [0u64; 4usize]; + crate::p256::make_prime(&mut n); + let mut c0: [u64; 1] = [0u64; 1usize]; + krml::unroll_for!(4, "i", 0u32, 1u32, { + let qj: u64 = 1u64.wrapping_mul(x[i as usize]); + let res_j: (&mut [u64], &mut [u64]) = x.split_at_mut(i as usize); + let mut c: [u64; 1] = [0u64; 1usize]; + { + let a_i: u64 = (&n)[4u32.wrapping_mul(0u32) as usize]; + let res_i: (&mut [u64], &mut [u64]) = + res_j.1.split_at_mut(4u32.wrapping_mul(0u32) as usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i, qj, (&c)[0usize], res_i.1); + let a_i0: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let res_i0: (&mut [u64], &mut [u64]) = res_i.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i0, qj, (&c)[0usize], res_i0.1); + let a_i1: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let res_i1: (&mut [u64], &mut [u64]) = res_i0.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i1, qj, (&c)[0usize], res_i1.1); + let a_i2: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let res_i2: (&mut [u64], &mut [u64]) = res_i1.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i2, qj, (&c)[0usize], res_i2.1) + }; + let r: u64 = (&c)[0usize]; + let c1: u64 = r; + let res_j0: u64 = x[4u32.wrapping_add(i) as usize]; + let resb: (&mut [u64], &mut [u64]) = x.split_at_mut(i as usize + 4usize); + (&mut c0)[0usize] = + lib::inttypes_intrinsics::add_carry_u64((&c0)[0usize], c1, res_j0, resb.1) + }); + (res[0usize..4usize]).copy_from_slice(&(&x[4usize..])[0usize..4usize]); + let c00: u64 = (&c0)[0usize]; + let mut tmp: [u64; 4] = [0u64; 4usize]; + let mut c: [u64; 1] = [0u64; 1usize]; + { + let t1: u64 = res[4u32.wrapping_mul(0u32) as usize]; + let t2: u64 = (&n)[4u32.wrapping_mul(0u32) as usize]; + let res_i: (&mut [u64], &mut [u64]) = tmp.split_at_mut(4u32.wrapping_mul(0u32) as usize); + (&mut c)[0usize] = lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t1, t2, res_i.1); + let t10: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let t20: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let res_i0: (&mut [u64], &mut [u64]) = res_i.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t10, t20, res_i0.1); + let t11: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let t21: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let res_i1: (&mut [u64], &mut [u64]) = res_i0.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t11, t21, res_i1.1); + let t12: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let t22: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let res_i2: (&mut [u64], &mut [u64]) = res_i1.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t12, t22, res_i2.1) + }; + let c1: u64 = (&c)[0usize]; + let c2: u64 = c00.wrapping_sub(c1); + krml::unroll_for!(4, "i", 0u32, 1u32, { + let x1: u64 = c2 & res[i as usize] | !c2 & (&tmp)[i as usize]; + let os: (&mut [u64], &mut [u64]) = res.split_at_mut(0usize); + os.1[i as usize] = x1 + }) +} + +#[inline] +fn fmul(res: &mut [u64], x: &[u64], y: &[u64]) { + let mut tmp: [u64; 8] = [0u64; 8usize]; + crate::p256::bn_mul4(&mut tmp, x, y); + crate::p256::mont_reduction(res, &mut tmp) +} + +#[inline] +fn fsqr(res: &mut [u64], x: &[u64]) { + let mut tmp: [u64; 8] = [0u64; 8usize]; + crate::p256::bn_sqr4(&mut tmp, x); + crate::p256::mont_reduction(res, &mut tmp) +} + +#[inline] +fn from_mont(res: &mut [u64], a: &[u64]) { + let mut tmp: [u64; 8] = [0u64; 8usize]; + ((&mut tmp)[0usize..4usize]).copy_from_slice(&a[0usize..4usize]); + crate::p256::mont_reduction(res, &mut tmp) +} + +#[inline] +fn to_mont(res: &mut [u64], a: &[u64]) { + let mut r2modn: [u64; 4] = [0u64; 4usize]; + crate::p256::make_fmont_R2(&mut r2modn); + crate::p256::fmul(res, a, &r2modn) +} + +#[inline] +fn fmul_by_b_coeff(res: &mut [u64], x: &[u64]) { + let mut b_coeff: [u64; 4] = [0u64; 4usize]; + crate::p256::make_b_coeff(&mut b_coeff); + crate::p256::fmul(res, &b_coeff, x) +} + +#[inline] +fn fcube(res: &mut [u64], x: &[u64]) { + crate::p256::fsqr(res, x); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&res[0usize..4usize]); + crate::p256::fmul(res, &x_copy, x) +} + +#[inline] +fn finv(res: &mut [u64], a: &[u64]) { + let mut tmp: [u64; 16] = [0u64; 16usize]; + let x30: (&mut [u64], &mut [u64]) = tmp.split_at_mut(0usize); + let x2: (&mut [u64], &mut [u64]) = x30.1.split_at_mut(4usize); + let tmp1: (&mut [u64], &mut [u64]) = x2.1.split_at_mut(4usize); + let tmp2: (&mut [u64], &mut [u64]) = tmp1.1.split_at_mut(4usize); + (tmp1.0[0usize..4usize]).copy_from_slice(&a[0usize..4usize]); + { + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + crate::p256::fsqr(tmp1.0, &x_copy) + }; + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + crate::p256::fmul(tmp1.0, &x_copy, a); + (x2.0[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + { + let mut x_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy0)[0usize..4usize]).copy_from_slice(&x2.0[0usize..4usize]); + crate::p256::fsqr(x2.0, &x_copy0) + }; + let mut x_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy0)[0usize..4usize]).copy_from_slice(&x2.0[0usize..4usize]); + crate::p256::fmul(x2.0, &x_copy0, a); + (tmp2.0[0usize..4usize]).copy_from_slice(&x2.0[0usize..4usize]); + krml::unroll_for!(3, "_i", 0u32, 1u32, { + let mut x_copy1: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy1)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fsqr(tmp2.0, &x_copy1) + }); + let mut x_copy1: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy1)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fmul(tmp2.0, &x_copy1, x2.0); + (tmp2.1[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + krml::unroll_for!(6, "_i", 0u32, 1u32, { + let mut x_copy2: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy2)[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + crate::p256::fsqr(tmp2.1, &x_copy2) + }); + let mut x_copy2: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy2)[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + crate::p256::fmul(tmp2.1, &x_copy2, tmp2.0); + (tmp2.0[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + krml::unroll_for!(3, "_i", 0u32, 1u32, { + let mut x_copy3: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy3)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fsqr(tmp2.0, &x_copy3) + }); + let mut x_copy3: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy3)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fmul(tmp2.0, &x_copy3, x2.0); + (x2.0[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + krml::unroll_for!(15, "_i", 0u32, 1u32, { + let mut x_copy4: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy4)[0usize..4usize]).copy_from_slice(&x2.0[0usize..4usize]); + crate::p256::fsqr(x2.0, &x_copy4) + }); + let mut x_copy4: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy4)[0usize..4usize]).copy_from_slice(&x2.0[0usize..4usize]); + crate::p256::fmul(x2.0, &x_copy4, tmp2.0); + (tmp2.0[0usize..4usize]).copy_from_slice(&x2.0[0usize..4usize]); + krml::unroll_for!(2, "_i", 0u32, 1u32, { + let mut x_copy5: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy5)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fsqr(tmp2.0, &x_copy5) + }); + let mut x_copy5: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy5)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fmul(tmp2.0, &x_copy5, tmp1.0); + (tmp1.0[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + krml::unroll_for!(32, "_i", 0u32, 1u32, { + let mut x_copy6: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy6)[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + crate::p256::fsqr(tmp1.0, &x_copy6) + }); + let mut x_copy6: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy6)[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + crate::p256::fmul(tmp1.0, &x_copy6, a); + for _i in 0u32..128u32 { + let mut x_copy7: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy7)[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + crate::p256::fsqr(tmp1.0, &x_copy7) + } + let mut x_copy7: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy7)[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + crate::p256::fmul(tmp1.0, &x_copy7, tmp2.0); + krml::unroll_for!(32, "_i", 0u32, 1u32, { + let mut x_copy8: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy8)[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + crate::p256::fsqr(tmp1.0, &x_copy8) + }); + let mut x_copy8: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy8)[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + crate::p256::fmul(tmp1.0, &x_copy8, tmp2.0); + krml::unroll_for!(30, "_i", 0u32, 1u32, { + let mut x_copy9: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy9)[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + crate::p256::fsqr(tmp1.0, &x_copy9) + }); + let mut x_copy9: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy9)[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + crate::p256::fmul(tmp1.0, &x_copy9, x2.0); + krml::unroll_for!(2, "_i", 0u32, 1u32, { + let mut x_copy10: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy10)[0usize..4usize]).copy_from_slice(&tmp1.0[0usize..4usize]); + crate::p256::fsqr(tmp1.0, &x_copy10) + }); + crate::p256::fmul(tmp2.0, tmp1.0, a); + (res[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]) +} + +#[inline] +fn fsqrt(res: &mut [u64], a: &[u64]) { + let mut tmp: [u64; 8] = [0u64; 8usize]; + let tmp1: (&mut [u64], &mut [u64]) = tmp.split_at_mut(0usize); + let tmp2: (&mut [u64], &mut [u64]) = tmp1.1.split_at_mut(4usize); + (tmp2.0[0usize..4usize]).copy_from_slice(&a[0usize..4usize]); + { + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fsqr(tmp2.0, &x_copy) + }; + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fmul(tmp2.0, &x_copy, a); + (tmp2.1[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + krml::unroll_for!(2, "_i", 0u32, 1u32, { + let mut x_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy0)[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + crate::p256::fsqr(tmp2.1, &x_copy0) + }); + let mut x_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy0)[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + crate::p256::fmul(tmp2.1, &x_copy0, tmp2.0); + (tmp2.0[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + krml::unroll_for!(4, "_i", 0u32, 1u32, { + let mut x_copy1: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy1)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fsqr(tmp2.0, &x_copy1) + }); + let mut x_copy1: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy1)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fmul(tmp2.0, &x_copy1, tmp2.1); + (tmp2.1[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + krml::unroll_for!(8, "_i", 0u32, 1u32, { + let mut x_copy2: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy2)[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + crate::p256::fsqr(tmp2.1, &x_copy2) + }); + let mut x_copy2: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy2)[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + crate::p256::fmul(tmp2.1, &x_copy2, tmp2.0); + (tmp2.0[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + krml::unroll_for!(16, "_i", 0u32, 1u32, { + let mut x_copy3: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy3)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fsqr(tmp2.0, &x_copy3) + }); + let mut x_copy3: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy3)[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + crate::p256::fmul(tmp2.0, &x_copy3, tmp2.1); + (tmp2.1[0usize..4usize]).copy_from_slice(&tmp2.0[0usize..4usize]); + krml::unroll_for!(32, "_i", 0u32, 1u32, { + let mut x_copy4: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy4)[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + crate::p256::fsqr(tmp2.1, &x_copy4) + }); + let mut x_copy4: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy4)[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + crate::p256::fmul(tmp2.1, &x_copy4, a); + for _i in 0u32..96u32 { + let mut x_copy5: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy5)[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + crate::p256::fsqr(tmp2.1, &x_copy5) + } + let mut x_copy5: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy5)[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + crate::p256::fmul(tmp2.1, &x_copy5, a); + for _i in 0u32..94u32 { + let mut x_copy6: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy6)[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]); + crate::p256::fsqr(tmp2.1, &x_copy6) + } + (res[0usize..4usize]).copy_from_slice(&tmp2.1[0usize..4usize]) +} + +#[inline] +fn make_base_point(p: &mut [u64]) { + let x: (&mut [u64], &mut [u64]) = p.split_at_mut(0usize); + let y: (&mut [u64], &mut [u64]) = x.1.split_at_mut(4usize); + let z: (&mut [u64], &mut [u64]) = y.1.split_at_mut(4usize); + crate::p256::make_g_x(y.0); + crate::p256::make_g_y(z.0); + crate::p256::make_fone(z.1) +} + +#[inline] +fn make_point_at_inf(p: &mut [u64]) { + let x: (&mut [u64], &mut [u64]) = p.split_at_mut(0usize); + let y: (&mut [u64], &mut [u64]) = x.1.split_at_mut(4usize); + let z: (&mut [u64], &mut [u64]) = y.1.split_at_mut(4usize); + crate::p256::make_fzero(y.0); + crate::p256::make_fone(z.0); + crate::p256::make_fzero(z.1) +} + +#[inline] +fn is_point_at_inf_vartime(p: &[u64]) -> bool { + let pz: (&[u64], &[u64]) = p.split_at(8usize); + crate::p256::bn_is_zero_vartime4(pz.1) +} + +#[inline] +fn to_aff_point(res: &mut [u64], p: &[u64]) { + let mut zinv: [u64; 4] = [0u64; 4usize]; + let px: (&[u64], &[u64]) = p.split_at(0usize); + let py: (&[u64], &[u64]) = px.1.split_at(4usize); + let pz: (&[u64], &[u64]) = py.1.split_at(4usize); + let x: (&mut [u64], &mut [u64]) = res.split_at_mut(0usize); + let y: (&mut [u64], &mut [u64]) = x.1.split_at_mut(4usize); + crate::p256::finv(&mut zinv, pz.1); + crate::p256::fmul(y.0, py.0, &zinv); + crate::p256::fmul(y.1, pz.0, &zinv); + let mut a_copy: [u64; 4] = [0u64; 4usize]; + ((&mut a_copy)[0usize..4usize]).copy_from_slice(&y.0[0usize..4usize]); + crate::p256::from_mont(y.0, &a_copy); + let mut a_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut a_copy0)[0usize..4usize]).copy_from_slice(&y.1[0usize..4usize]); + crate::p256::from_mont(y.1, &a_copy0) +} + +#[inline] +fn to_aff_point_x(res: &mut [u64], p: &[u64]) { + let mut zinv: [u64; 4] = [0u64; 4usize]; + let px: (&[u64], &[u64]) = p.split_at(0usize); + let pz: (&[u64], &[u64]) = px.1.split_at(8usize); + crate::p256::finv(&mut zinv, pz.1); + crate::p256::fmul(res, pz.0, &zinv); + let mut a_copy: [u64; 4] = [0u64; 4usize]; + ((&mut a_copy)[0usize..4usize]).copy_from_slice(&res[0usize..4usize]); + crate::p256::from_mont(res, &a_copy) +} + +#[inline] +fn to_proj_point(res: &mut [u64], p: &[u64]) { + let px: (&[u64], &[u64]) = p.split_at(0usize); + let py: (&[u64], &[u64]) = px.1.split_at(4usize); + let rx: (&mut [u64], &mut [u64]) = res.split_at_mut(0usize); + let ry: (&mut [u64], &mut [u64]) = rx.1.split_at_mut(4usize); + let rz: (&mut [u64], &mut [u64]) = ry.1.split_at_mut(4usize); + crate::p256::to_mont(ry.0, py.0); + crate::p256::to_mont(rz.0, py.1); + crate::p256::make_fone(rz.1) +} + +#[inline] +fn is_on_curve_vartime(p: &[u64]) -> bool { + let mut rp: [u64; 4] = [0u64; 4usize]; + let mut tx: [u64; 4] = [0u64; 4usize]; + let mut ty: [u64; 4] = [0u64; 4usize]; + let px: (&[u64], &[u64]) = p.split_at(0usize); + let py: (&[u64], &[u64]) = px.1.split_at(4usize); + crate::p256::to_mont(&mut tx, py.0); + crate::p256::to_mont(&mut ty, py.1); + let mut tmp: [u64; 4] = [0u64; 4usize]; + crate::p256::fcube(&mut rp, &tx); + crate::p256::make_a_coeff(&mut tmp); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&(&tmp)[0usize..4usize]); + crate::p256::fmul(&mut tmp, &x_copy, &tx); + let mut y_copy: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy)[0usize..4usize]).copy_from_slice(&(&rp)[0usize..4usize]); + crate::p256::fadd(&mut rp, &tmp, &y_copy); + crate::p256::make_b_coeff(&mut tmp); + let mut y_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy0)[0usize..4usize]).copy_from_slice(&(&rp)[0usize..4usize]); + crate::p256::fadd(&mut rp, &tmp, &y_copy0); + let mut x_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy0)[0usize..4usize]).copy_from_slice(&(&ty)[0usize..4usize]); + crate::p256::fsqr(&mut ty, &x_copy0); + let r: u64 = crate::p256::feq_mask(&ty, &rp); + let r0: bool = r == 0xFFFFFFFFFFFFFFFFu64; + r0 +} + +#[inline] +fn aff_point_store(res: &mut [u8], p: &[u64]) { + let px: (&[u64], &[u64]) = p.split_at(0usize); + let py: (&[u64], &[u64]) = px.1.split_at(4usize); + crate::p256::bn2_to_bytes_be4(res, py.0, py.1) +} + +#[inline] +fn point_store(res: &mut [u8], p: &[u64]) { + let mut aff_p: [u64; 8] = [0u64; 8usize]; + crate::p256::to_aff_point(&mut aff_p, p); + crate::p256::aff_point_store(res, &aff_p) +} + +#[inline] +fn aff_point_load_vartime(p: &mut [u64], b: &[u8]) -> bool { + let p_x: (&[u8], &[u8]) = b.split_at(0usize); + let p_y: (&[u8], &[u8]) = p_x.1.split_at(32usize); + let bn_p_x: (&mut [u64], &mut [u64]) = p.split_at_mut(0usize); + let bn_p_y: (&mut [u64], &mut [u64]) = bn_p_x.1.split_at_mut(4usize); + crate::p256::bn_from_bytes_be4(bn_p_y.0, p_y.0); + crate::p256::bn_from_bytes_be4(bn_p_y.1, p_y.1); + let px: (&[u64], &[u64]) = bn_p_y.0.split_at(0usize); + let py: (&[u64], &[u64]) = bn_p_y.1.split_at(0usize); + let lessX: u64 = crate::p256::bn_is_lt_prime_mask4(px.1); + let lessY: u64 = crate::p256::bn_is_lt_prime_mask4(py.1); + let res: u64 = lessX & lessY; + let is_xy_valid: bool = res == 0xFFFFFFFFFFFFFFFFu64; + if !is_xy_valid { + false + } else { + crate::p256::is_on_curve_vartime(p) + } +} + +#[inline] +fn load_point_vartime(p: &mut [u64], b: &[u8]) -> bool { + let mut p_aff: [u64; 8] = [0u64; 8usize]; + let res: bool = crate::p256::aff_point_load_vartime(&mut p_aff, b); + if res { + crate::p256::to_proj_point(p, &p_aff) + }; + res +} + +#[inline] +fn aff_point_decompress_vartime(x: &mut [u64], y: &mut [u64], s: &[u8]) -> bool { + let s0: u8 = s[0usize]; + let s01: u8 = s0; + if !(s01 == 0x02u8 || s01 == 0x03u8) { + false + } else { + let xb: (&[u8], &[u8]) = s.split_at(1usize); + crate::p256::bn_from_bytes_be4(x, xb.1); + let is_x_valid: u64 = crate::p256::bn_is_lt_prime_mask4(x); + let is_x_valid1: bool = is_x_valid == 0xFFFFFFFFFFFFFFFFu64; + let is_y_odd: bool = s01 == 0x03u8; + if !is_x_valid1 { + false + } else { + let mut y2M: [u64; 4] = [0u64; 4usize]; + let mut xM: [u64; 4] = [0u64; 4usize]; + let mut yM: [u64; 4] = [0u64; 4usize]; + crate::p256::to_mont(&mut xM, x); + let mut tmp: [u64; 4] = [0u64; 4usize]; + crate::p256::fcube(&mut y2M, &xM); + crate::p256::make_a_coeff(&mut tmp); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&(&tmp)[0usize..4usize]); + crate::p256::fmul(&mut tmp, &x_copy, &xM); + let mut y_copy: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy)[0usize..4usize]).copy_from_slice(&(&y2M)[0usize..4usize]); + crate::p256::fadd(&mut y2M, &tmp, &y_copy); + crate::p256::make_b_coeff(&mut tmp); + let mut y_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy0)[0usize..4usize]).copy_from_slice(&(&y2M)[0usize..4usize]); + crate::p256::fadd(&mut y2M, &tmp, &y_copy0); + crate::p256::fsqrt(&mut yM, &y2M); + crate::p256::from_mont(y, &yM); + let mut x_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy0)[0usize..4usize]).copy_from_slice(&(&yM)[0usize..4usize]); + crate::p256::fsqr(&mut yM, &x_copy0); + let r: u64 = crate::p256::feq_mask(&yM, &y2M); + let is_y_valid: bool = r == 0xFFFFFFFFFFFFFFFFu64; + let is_y_valid0: bool = is_y_valid; + if !is_y_valid0 { + false + } else { + let is_y_odd1: u64 = y[0usize] & 1u64; + let is_y_odd2: bool = is_y_odd1 == 1u64; + crate::p256::fnegate_conditional_vartime(y, is_y_odd2 != is_y_odd); + true + } + } + } +} + +#[inline] +fn point_double(res: &mut [u64], p: &[u64]) { + let mut tmp: [u64; 20] = [0u64; 20usize]; + let x3: (&mut [u64], &mut [u64]) = res.split_at_mut(0usize); + let y3: (&mut [u64], &mut [u64]) = x3.1.split_at_mut(4usize); + let z3: (&mut [u64], &mut [u64]) = y3.1.split_at_mut(4usize); + let t0: (&mut [u64], &mut [u64]) = tmp.split_at_mut(0usize); + let t1: (&mut [u64], &mut [u64]) = t0.1.split_at_mut(4usize); + let t2: (&mut [u64], &mut [u64]) = t1.1.split_at_mut(4usize); + let t3: (&mut [u64], &mut [u64]) = t2.1.split_at_mut(4usize); + let t4: (&mut [u64], &mut [u64]) = t3.1.split_at_mut(4usize); + let x: (&[u64], &[u64]) = p.split_at(0usize); + let y: (&[u64], &[u64]) = x.1.split_at(4usize); + let z: (&[u64], &[u64]) = y.1.split_at(4usize); + crate::p256::fsqr(t1.0, y.0); + crate::p256::fsqr(t2.0, z.0); + crate::p256::fsqr(t3.0, z.1); + crate::p256::fmul(t4.0, y.0, z.0); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&t4.0[0usize..4usize]); + crate::p256::fadd(t4.0, &x_copy, &x_copy); + crate::p256::fmul(t4.1, z.0, z.1); + let x0: (&[u64], &[u64]) = y.0.split_at(0usize); + let z0: (&[u64], &[u64]) = z.1.split_at(0usize); + crate::p256::fmul(z3.1, x0.1, z0.1); + let mut x_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy0)[0usize..4usize]).copy_from_slice(&z3.1[0usize..4usize]); + crate::p256::fadd(z3.1, &x_copy0, &x_copy0); + crate::p256::fmul_by_b_coeff(z3.0, t3.0); + let mut x_copy1: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy1)[0usize..4usize]).copy_from_slice(&z3.0[0usize..4usize]); + crate::p256::fsub(z3.0, &x_copy1, z3.1); + crate::p256::fadd(y3.0, z3.0, z3.0); + let mut y_copy: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy)[0usize..4usize]).copy_from_slice(&z3.0[0usize..4usize]); + crate::p256::fadd(z3.0, y3.0, &y_copy); + crate::p256::fsub(y3.0, t2.0, z3.0); + let mut y_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy0)[0usize..4usize]).copy_from_slice(&z3.0[0usize..4usize]); + crate::p256::fadd(z3.0, t2.0, &y_copy0); + let mut y_copy1: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy1)[0usize..4usize]).copy_from_slice(&z3.0[0usize..4usize]); + crate::p256::fmul(z3.0, y3.0, &y_copy1); + let mut x_copy2: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy2)[0usize..4usize]).copy_from_slice(&y3.0[0usize..4usize]); + crate::p256::fmul(y3.0, &x_copy2, t4.0); + crate::p256::fadd(t4.0, t3.0, t3.0); + let mut x_copy3: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy3)[0usize..4usize]).copy_from_slice(&t3.0[0usize..4usize]); + crate::p256::fadd(t3.0, &x_copy3, t4.0); + let mut x_copy4: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy4)[0usize..4usize]).copy_from_slice(&z3.1[0usize..4usize]); + crate::p256::fmul_by_b_coeff(z3.1, &x_copy4); + let mut x_copy5: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy5)[0usize..4usize]).copy_from_slice(&z3.1[0usize..4usize]); + crate::p256::fsub(z3.1, &x_copy5, t3.0); + let mut x_copy6: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy6)[0usize..4usize]).copy_from_slice(&z3.1[0usize..4usize]); + crate::p256::fsub(z3.1, &x_copy6, t1.0); + crate::p256::fadd(t4.0, z3.1, z3.1); + let mut x_copy7: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy7)[0usize..4usize]).copy_from_slice(&z3.1[0usize..4usize]); + crate::p256::fadd(z3.1, &x_copy7, t4.0); + crate::p256::fadd(t4.0, t1.0, t1.0); + let mut y_copy2: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy2)[0usize..4usize]).copy_from_slice(&t1.0[0usize..4usize]); + crate::p256::fadd(t1.0, t4.0, &y_copy2); + let mut x_copy8: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy8)[0usize..4usize]).copy_from_slice(&t1.0[0usize..4usize]); + crate::p256::fsub(t1.0, &x_copy8, t3.0); + let mut x_copy9: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy9)[0usize..4usize]).copy_from_slice(&t1.0[0usize..4usize]); + crate::p256::fmul(t1.0, &x_copy9, z3.1); + let mut x_copy10: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy10)[0usize..4usize]).copy_from_slice(&z3.0[0usize..4usize]); + crate::p256::fadd(z3.0, &x_copy10, t1.0); + crate::p256::fadd(t1.0, t4.1, t4.1); + let mut y_copy3: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy3)[0usize..4usize]).copy_from_slice(&z3.1[0usize..4usize]); + crate::p256::fmul(z3.1, t1.0, &y_copy3); + let mut x_copy11: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy11)[0usize..4usize]).copy_from_slice(&y3.0[0usize..4usize]); + crate::p256::fsub(y3.0, &x_copy11, z3.1); + crate::p256::fmul(z3.1, t1.0, t2.0); + let mut x_copy12: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy12)[0usize..4usize]).copy_from_slice(&z3.1[0usize..4usize]); + crate::p256::fadd(z3.1, &x_copy12, &x_copy12); + let mut x_copy13: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy13)[0usize..4usize]).copy_from_slice(&z3.1[0usize..4usize]); + crate::p256::fadd(z3.1, &x_copy13, &x_copy13) +} + +#[inline] +fn point_add(res: &mut [u64], p: &[u64], q: &[u64]) { + let mut tmp: [u64; 36] = [0u64; 36usize]; + let t0: (&mut [u64], &mut [u64]) = tmp.split_at_mut(0usize); + let t1: (&mut [u64], &mut [u64]) = t0.1.split_at_mut(24usize); + let x3: (&mut [u64], &mut [u64]) = t1.1.split_at_mut(0usize); + let y3: (&mut [u64], &mut [u64]) = x3.1.split_at_mut(4usize); + let z3: (&mut [u64], &mut [u64]) = y3.1.split_at_mut(4usize); + let t01: (&mut [u64], &mut [u64]) = t1.0.split_at_mut(0usize); + let t11: (&mut [u64], &mut [u64]) = t01.1.split_at_mut(4usize); + let t2: (&mut [u64], &mut [u64]) = t11.1.split_at_mut(4usize); + let t3: (&mut [u64], &mut [u64]) = t2.1.split_at_mut(4usize); + let t4: (&mut [u64], &mut [u64]) = t3.1.split_at_mut(4usize); + let t5: (&mut [u64], &mut [u64]) = t4.1.split_at_mut(4usize); + let x1: (&[u64], &[u64]) = p.split_at(0usize); + let y1: (&[u64], &[u64]) = x1.1.split_at(4usize); + let z1: (&[u64], &[u64]) = y1.1.split_at(4usize); + let x2: (&[u64], &[u64]) = q.split_at(0usize); + let y2: (&[u64], &[u64]) = x2.1.split_at(4usize); + let z2: (&[u64], &[u64]) = y2.1.split_at(4usize); + crate::p256::fmul(t11.0, y1.0, y2.0); + crate::p256::fmul(t2.0, z1.0, z2.0); + crate::p256::fmul(t3.0, z1.1, z2.1); + crate::p256::fadd(t4.0, y1.0, z1.0); + crate::p256::fadd(t5.0, y2.0, z2.0); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&t4.0[0usize..4usize]); + crate::p256::fmul(t4.0, &x_copy, t5.0); + crate::p256::fadd(t5.0, t11.0, t2.0); + let y10: (&[u64], &[u64]) = z1.0.split_at(0usize); + let z10: (&[u64], &[u64]) = z1.1.split_at(0usize); + let y20: (&[u64], &[u64]) = z2.0.split_at(0usize); + let z20: (&[u64], &[u64]) = z2.1.split_at(0usize); + let mut x_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy0)[0usize..4usize]).copy_from_slice(&t4.0[0usize..4usize]); + crate::p256::fsub(t4.0, &x_copy0, t5.0); + crate::p256::fadd(t5.0, y10.1, z10.1); + crate::p256::fadd(t5.1, y20.1, z20.1); + let mut x_copy1: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy1)[0usize..4usize]).copy_from_slice(&t5.0[0usize..4usize]); + crate::p256::fmul(t5.0, &x_copy1, t5.1); + crate::p256::fadd(t5.1, t2.0, t3.0); + let mut x_copy2: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy2)[0usize..4usize]).copy_from_slice(&t5.0[0usize..4usize]); + crate::p256::fsub(t5.0, &x_copy2, t5.1); + let x10: (&[u64], &[u64]) = y1.0.split_at(0usize); + let z11: (&[u64], &[u64]) = z10.1.split_at(0usize); + let x20: (&[u64], &[u64]) = y2.0.split_at(0usize); + let z21: (&[u64], &[u64]) = z20.1.split_at(0usize); + crate::p256::fadd(y3.0, x10.1, z11.1); + crate::p256::fadd(z3.0, x20.1, z21.1); + let mut x_copy3: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy3)[0usize..4usize]).copy_from_slice(&y3.0[0usize..4usize]); + crate::p256::fmul(y3.0, &x_copy3, z3.0); + crate::p256::fadd(z3.0, t11.0, t3.0); + let mut y_copy: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy)[0usize..4usize]).copy_from_slice(&z3.0[0usize..4usize]); + crate::p256::fsub(z3.0, y3.0, &y_copy); + crate::p256::fmul_by_b_coeff(z3.1, t3.0); + crate::p256::fsub(y3.0, z3.0, z3.1); + crate::p256::fadd(z3.1, y3.0, y3.0); + let mut x_copy4: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy4)[0usize..4usize]).copy_from_slice(&y3.0[0usize..4usize]); + crate::p256::fadd(y3.0, &x_copy4, z3.1); + crate::p256::fsub(z3.1, t2.0, y3.0); + let mut y_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy0)[0usize..4usize]).copy_from_slice(&y3.0[0usize..4usize]); + crate::p256::fadd(y3.0, t2.0, &y_copy0); + let mut x_copy5: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy5)[0usize..4usize]).copy_from_slice(&z3.0[0usize..4usize]); + crate::p256::fmul_by_b_coeff(z3.0, &x_copy5); + crate::p256::fadd(t2.0, t3.0, t3.0); + let mut y_copy1: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy1)[0usize..4usize]).copy_from_slice(&t3.0[0usize..4usize]); + crate::p256::fadd(t3.0, t2.0, &y_copy1); + let mut x_copy6: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy6)[0usize..4usize]).copy_from_slice(&z3.0[0usize..4usize]); + crate::p256::fsub(z3.0, &x_copy6, t3.0); + let mut x_copy7: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy7)[0usize..4usize]).copy_from_slice(&z3.0[0usize..4usize]); + crate::p256::fsub(z3.0, &x_copy7, t11.0); + crate::p256::fadd(t2.0, z3.0, z3.0); + let mut y_copy2: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy2)[0usize..4usize]).copy_from_slice(&z3.0[0usize..4usize]); + crate::p256::fadd(z3.0, t2.0, &y_copy2); + crate::p256::fadd(t2.0, t11.0, t11.0); + let mut y_copy3: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy3)[0usize..4usize]).copy_from_slice(&t11.0[0usize..4usize]); + crate::p256::fadd(t11.0, t2.0, &y_copy3); + let mut x_copy8: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy8)[0usize..4usize]).copy_from_slice(&t11.0[0usize..4usize]); + crate::p256::fsub(t11.0, &x_copy8, t3.0); + crate::p256::fmul(t2.0, t5.0, z3.0); + crate::p256::fmul(t3.0, t11.0, z3.0); + crate::p256::fmul(z3.0, y3.0, z3.1); + let mut x_copy9: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy9)[0usize..4usize]).copy_from_slice(&z3.0[0usize..4usize]); + crate::p256::fadd(z3.0, &x_copy9, t3.0); + let mut y_copy4: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy4)[0usize..4usize]).copy_from_slice(&y3.0[0usize..4usize]); + crate::p256::fmul(y3.0, t4.0, &y_copy4); + let mut x_copy10: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy10)[0usize..4usize]).copy_from_slice(&y3.0[0usize..4usize]); + crate::p256::fsub(y3.0, &x_copy10, t2.0); + let mut y_copy5: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy5)[0usize..4usize]).copy_from_slice(&z3.1[0usize..4usize]); + crate::p256::fmul(z3.1, t5.0, &y_copy5); + crate::p256::fmul(t2.0, t4.0, t11.0); + let mut x_copy11: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy11)[0usize..4usize]).copy_from_slice(&z3.1[0usize..4usize]); + crate::p256::fadd(z3.1, &x_copy11, t2.0); + (res[0usize..12usize]).copy_from_slice(&t1.1[0usize..12usize]) +} + +#[inline] +fn point_mul(res: &mut [u64], scalar: &[u64], p: &[u64]) { + let mut table: [u64; 192] = [0u64; 192usize]; + let mut tmp: [u64; 12] = [0u64; 12usize]; + let t0: (&mut [u64], &mut [u64]) = table.split_at_mut(0usize); + let t1: (&mut [u64], &mut [u64]) = t0.1.split_at_mut(12usize); + crate::p256::make_point_at_inf(t1.0); + (t1.1[0usize..12usize]).copy_from_slice(&p[0usize..12usize]); + lowstar::ignore::ignore::<&[u64]>(&table); + krml::unroll_for!(7, "i", 0u32, 1u32, { + let t11: (&[u64], &[u64]) = + table.split_at(i.wrapping_add(1u32).wrapping_mul(12u32) as usize); + let mut p_copy: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy)[0usize..12usize]).copy_from_slice(&t11.1[0usize..12usize]); + crate::p256::point_double(&mut tmp, &p_copy); + ((&mut table)[2u32.wrapping_mul(i).wrapping_add(2u32).wrapping_mul(12u32) as usize + ..2u32.wrapping_mul(i).wrapping_add(2u32).wrapping_mul(12u32) as usize + 12usize]) + .copy_from_slice(&(&tmp)[0usize..12usize]); + let t2: (&[u64], &[u64]) = + table.split_at(2u32.wrapping_mul(i).wrapping_add(2u32).wrapping_mul(12u32) as usize); + let mut p_copy0: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy0)[0usize..12usize]).copy_from_slice(&p[0usize..12usize]); + crate::p256::point_add(&mut tmp, &p_copy0, t2.1); + ((&mut table)[2u32.wrapping_mul(i).wrapping_add(3u32).wrapping_mul(12u32) as usize + ..2u32.wrapping_mul(i).wrapping_add(3u32).wrapping_mul(12u32) as usize + 12usize]) + .copy_from_slice(&(&tmp)[0usize..12usize]) + }); + crate::p256::make_point_at_inf(res); + let mut tmp0: [u64; 12] = [0u64; 12usize]; + for i in 0u32..64u32 { + krml::unroll_for!(4, "_i", 0u32, 1u32, { + let mut p_copy: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy)[0usize..12usize]).copy_from_slice(&res[0usize..12usize]); + crate::p256::point_double(res, &p_copy) + }); + let k: u32 = 256u32.wrapping_sub(4u32.wrapping_mul(i)).wrapping_sub(4u32); + let bits_l: u64 = bignum::bignum_base::bn_get_bits_u64(4u32, scalar, k, 4u32); + lowstar::ignore::ignore::<&[u64]>(&table); + ((&mut tmp0)[0usize..12usize]) + .copy_from_slice(&(&(&table)[0usize..] as &[u64])[0usize..12usize]); + krml::unroll_for!(15, "i0", 0u32, 1u32, { + let c: u64 = fstar::uint64::eq_mask(bits_l, i0.wrapping_add(1u32) as u64); + let res_j: (&[u64], &[u64]) = + table.split_at(i0.wrapping_add(1u32).wrapping_mul(12u32) as usize); + krml::unroll_for!(12, "i1", 0u32, 1u32, { + let x: u64 = c & res_j.1[i1 as usize] | !c & (&tmp0)[i1 as usize]; + let os: (&mut [u64], &mut [u64]) = tmp0.split_at_mut(0usize); + os.1[i1 as usize] = x + }) + }); + let mut p_copy: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy)[0usize..12usize]).copy_from_slice(&res[0usize..12usize]); + crate::p256::point_add(res, &p_copy, &tmp0) + } +} + +#[inline] +fn precomp_get_consttime(table: &[u64], bits_l: u64, tmp: &mut [u64]) { + (tmp[0usize..12usize]).copy_from_slice(&(&table[0usize..])[0usize..12usize]); + krml::unroll_for!(15, "i", 0u32, 1u32, { + let c: u64 = fstar::uint64::eq_mask(bits_l, i.wrapping_add(1u32) as u64); + let res_j: (&[u64], &[u64]) = + table.split_at(i.wrapping_add(1u32).wrapping_mul(12u32) as usize); + krml::unroll_for!(12, "i0", 0u32, 1u32, { + let x: u64 = c & res_j.1[i0 as usize] | !c & tmp[i0 as usize]; + let os: (&mut [u64], &mut [u64]) = tmp.split_at_mut(0usize); + os.1[i0 as usize] = x + }) + }) +} + +#[inline] +fn point_mul_g(res: &mut [u64], scalar: &[u64]) { + let mut q1: [u64; 12] = [0u64; 12usize]; + crate::p256::make_base_point(&mut q1); + let q2: [u64; 12] = [ + 1499621593102562565u64, + 16692369783039433128u64, + 15337520135922861848u64, + 5455737214495366228u64, + 17827017231032529600u64, + 12413621606240782649u64, + 2290483008028286132u64, + 15752017553340844820u64, + 4846430910634234874u64, + 10861682798464583253u64, + 15404737222404363049u64, + 363586619281562022u64, + ]; + let q3: [u64; 12] = [ + 14619254753077084366u64, + 13913835116514008593u64, + 15060744674088488145u64, + 17668414598203068685u64, + 10761169236902342334u64, + 15467027479157446221u64, + 14989185522423469618u64, + 14354539272510107003u64, + 14298211796392133693u64, + 13270323784253711450u64, + 13380964971965046957u64, + 8686204248456909699u64, + ]; + let q4: [u64; 12] = [ + 7870395003430845958u64, + 18001862936410067720u64, + 8006461232116967215u64, + 5921313779532424762u64, + 10702113371959864307u64, + 8070517410642379879u64, + 7139806720777708306u64, + 8253938546650739833u64, + 17490482834545705718u64, + 1065249776797037500u64, + 5018258455937968775u64, + 14100621120178668337u64, + ]; + let r1: (&[u64], &[u64]) = scalar.split_at(0usize); + let r2: (&[u64], &[u64]) = r1.1.split_at(1usize); + let r3: (&[u64], &[u64]) = r2.1.split_at(1usize); + let r4: (&[u64], &[u64]) = r3.1.split_at(1usize); + crate::p256::make_point_at_inf(res); + let mut tmp: [u64; 12] = [0u64; 12usize]; + krml::unroll_for!(16, "i", 0u32, 1u32, { + krml::unroll_for!(4, "_i", 0u32, 1u32, { + let mut p_copy: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy)[0usize..12usize]).copy_from_slice(&res[0usize..12usize]); + crate::p256::point_double(res, &p_copy) + }); + let k: u32 = 64u32.wrapping_sub(4u32.wrapping_mul(i)).wrapping_sub(4u32); + let bits_l: u64 = bignum::bignum_base::bn_get_bits_u64(1u32, r4.1, k, 4u32); + lowstar::ignore::ignore::<&[u64]>(&crate::p256_precomptable::precomp_g_pow2_192_table_w4); + crate::p256::precomp_get_consttime( + &crate::p256_precomptable::precomp_g_pow2_192_table_w4, + bits_l, + &mut tmp, + ); + let mut p_copy: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy)[0usize..12usize]).copy_from_slice(&res[0usize..12usize]); + crate::p256::point_add(res, &p_copy, &tmp); + let k0: u32 = 64u32.wrapping_sub(4u32.wrapping_mul(i)).wrapping_sub(4u32); + let bits_l0: u64 = bignum::bignum_base::bn_get_bits_u64(1u32, r4.0, k0, 4u32); + lowstar::ignore::ignore::<&[u64]>(&crate::p256_precomptable::precomp_g_pow2_128_table_w4); + crate::p256::precomp_get_consttime( + &crate::p256_precomptable::precomp_g_pow2_128_table_w4, + bits_l0, + &mut tmp, + ); + let mut p_copy0: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy0)[0usize..12usize]).copy_from_slice(&res[0usize..12usize]); + crate::p256::point_add(res, &p_copy0, &tmp); + let k1: u32 = 64u32.wrapping_sub(4u32.wrapping_mul(i)).wrapping_sub(4u32); + let bits_l1: u64 = bignum::bignum_base::bn_get_bits_u64(1u32, r3.0, k1, 4u32); + lowstar::ignore::ignore::<&[u64]>(&crate::p256_precomptable::precomp_g_pow2_64_table_w4); + crate::p256::precomp_get_consttime( + &crate::p256_precomptable::precomp_g_pow2_64_table_w4, + bits_l1, + &mut tmp, + ); + let mut p_copy1: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy1)[0usize..12usize]).copy_from_slice(&res[0usize..12usize]); + crate::p256::point_add(res, &p_copy1, &tmp); + let k2: u32 = 64u32.wrapping_sub(4u32.wrapping_mul(i)).wrapping_sub(4u32); + let bits_l2: u64 = bignum::bignum_base::bn_get_bits_u64(1u32, r2.0, k2, 4u32); + lowstar::ignore::ignore::<&[u64]>(&crate::p256_precomptable::precomp_basepoint_table_w4); + crate::p256::precomp_get_consttime( + &crate::p256_precomptable::precomp_basepoint_table_w4, + bits_l2, + &mut tmp, + ); + let mut p_copy2: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy2)[0usize..12usize]).copy_from_slice(&res[0usize..12usize]); + crate::p256::point_add(res, &p_copy2, &tmp) + }); + lowstar::ignore::ignore::<&[u64]>(&q1); + lowstar::ignore::ignore::<&[u64]>(&q2); + lowstar::ignore::ignore::<&[u64]>(&q3); + lowstar::ignore::ignore::<&[u64]>(&q4) +} + +#[inline] +fn point_mul_double_g(res: &mut [u64], scalar1: &[u64], scalar2: &[u64], q2: &[u64]) { + let mut q1: [u64; 12] = [0u64; 12usize]; + crate::p256::make_base_point(&mut q1); + let mut table2: [u64; 384] = [0u64; 384usize]; + let mut tmp: [u64; 12] = [0u64; 12usize]; + let t0: (&mut [u64], &mut [u64]) = table2.split_at_mut(0usize); + let t1: (&mut [u64], &mut [u64]) = t0.1.split_at_mut(12usize); + crate::p256::make_point_at_inf(t1.0); + (t1.1[0usize..12usize]).copy_from_slice(&q2[0usize..12usize]); + lowstar::ignore::ignore::<&[u64]>(&table2); + krml::unroll_for!(15, "i", 0u32, 1u32, { + let t11: (&[u64], &[u64]) = + table2.split_at(i.wrapping_add(1u32).wrapping_mul(12u32) as usize); + let mut p_copy: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy)[0usize..12usize]).copy_from_slice(&t11.1[0usize..12usize]); + crate::p256::point_double(&mut tmp, &p_copy); + ((&mut table2)[2u32.wrapping_mul(i).wrapping_add(2u32).wrapping_mul(12u32) as usize + ..2u32.wrapping_mul(i).wrapping_add(2u32).wrapping_mul(12u32) as usize + 12usize]) + .copy_from_slice(&(&tmp)[0usize..12usize]); + let t2: (&[u64], &[u64]) = + table2.split_at(2u32.wrapping_mul(i).wrapping_add(2u32).wrapping_mul(12u32) as usize); + let mut p_copy0: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy0)[0usize..12usize]).copy_from_slice(&q2[0usize..12usize]); + crate::p256::point_add(&mut tmp, &p_copy0, t2.1); + ((&mut table2)[2u32.wrapping_mul(i).wrapping_add(3u32).wrapping_mul(12u32) as usize + ..2u32.wrapping_mul(i).wrapping_add(3u32).wrapping_mul(12u32) as usize + 12usize]) + .copy_from_slice(&(&tmp)[0usize..12usize]) + }); + let mut tmp0: [u64; 12] = [0u64; 12usize]; + let i: u32 = 255u32; + let bits_c: u64 = bignum::bignum_base::bn_get_bits_u64(4u32, scalar1, i, 5u32); + let bits_l32: u32 = bits_c as u32; + let a_bits_l: &[u64] = &(&crate::p256_precomptable::precomp_basepoint_table_w5) + [bits_l32.wrapping_mul(12u32) as usize..]; + (res[0usize..12usize]).copy_from_slice(&a_bits_l[0usize..12usize]); + let i0: u32 = 255u32; + let bits_c0: u64 = bignum::bignum_base::bn_get_bits_u64(4u32, scalar2, i0, 5u32); + let bits_l320: u32 = bits_c0 as u32; + let a_bits_l0: (&[u64], &[u64]) = table2.split_at(bits_l320.wrapping_mul(12u32) as usize); + ((&mut tmp0)[0usize..12usize]).copy_from_slice(&a_bits_l0.1[0usize..12usize]); + let mut p_copy: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy)[0usize..12usize]).copy_from_slice(&res[0usize..12usize]); + crate::p256::point_add(res, &p_copy, &tmp0); + let mut tmp1: [u64; 12] = [0u64; 12usize]; + for i1 in 0u32..51u32 { + krml::unroll_for!(5, "_i", 0u32, 1u32, { + let mut p_copy0: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy0)[0usize..12usize]).copy_from_slice(&res[0usize..12usize]); + crate::p256::point_double(res, &p_copy0) + }); + let k: u32 = 255u32 + .wrapping_sub(5u32.wrapping_mul(i1)) + .wrapping_sub(5u32); + let bits_l: u64 = bignum::bignum_base::bn_get_bits_u64(4u32, scalar2, k, 5u32); + lowstar::ignore::ignore::<&[u64]>(&table2); + let bits_l321: u32 = bits_l as u32; + let a_bits_l1: (&[u64], &[u64]) = table2.split_at(bits_l321.wrapping_mul(12u32) as usize); + ((&mut tmp1)[0usize..12usize]).copy_from_slice(&a_bits_l1.1[0usize..12usize]); + let mut p_copy0: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy0)[0usize..12usize]).copy_from_slice(&res[0usize..12usize]); + crate::p256::point_add(res, &p_copy0, &tmp1); + let k0: u32 = 255u32 + .wrapping_sub(5u32.wrapping_mul(i1)) + .wrapping_sub(5u32); + let bits_l0: u64 = bignum::bignum_base::bn_get_bits_u64(4u32, scalar1, k0, 5u32); + lowstar::ignore::ignore::<&[u64]>(&crate::p256_precomptable::precomp_basepoint_table_w5); + let bits_l322: u32 = bits_l0 as u32; + let a_bits_l2: &[u64] = &(&crate::p256_precomptable::precomp_basepoint_table_w5) + [bits_l322.wrapping_mul(12u32) as usize..]; + ((&mut tmp1)[0usize..12usize]).copy_from_slice(&a_bits_l2[0usize..12usize]); + let mut p_copy1: [u64; 12] = [0u64; 12usize]; + ((&mut p_copy1)[0usize..12usize]).copy_from_slice(&res[0usize..12usize]); + crate::p256::point_add(res, &p_copy1, &tmp1) + } +} + +#[inline] +fn bn_is_lt_order_mask4(f: &[u64]) -> u64 { + let mut tmp: [u64; 4] = [0u64; 4usize]; + crate::p256::make_order(&mut tmp); + let mut y_copy: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy)[0usize..4usize]).copy_from_slice(&(&tmp)[0usize..4usize]); + let c: u64 = crate::p256::bn_sub4(&mut tmp, f, &y_copy); + let c0: u64 = c; + 0u64.wrapping_sub(c0) +} + +#[inline] +fn bn_is_lt_order_and_gt_zero_mask4(f: &[u64]) -> u64 { + let is_lt_order: u64 = crate::p256::bn_is_lt_order_mask4(f); + let is_eq_zero: u64 = crate::p256::bn_is_zero_mask4(f); + is_lt_order & !is_eq_zero +} + +#[inline] +fn qmod_short(res: &mut [u64], x: &[u64]) { + let mut tmp: [u64; 4] = [0u64; 4usize]; + crate::p256::make_order(&mut tmp); + let mut y_copy: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy)[0usize..4usize]).copy_from_slice(&(&tmp)[0usize..4usize]); + let c: u64 = crate::p256::bn_sub4(&mut tmp, x, &y_copy); + let c0: u64 = c; + crate::p256::bn_cmovznz4(res, c0, &tmp, x) +} + +#[inline] +fn qadd(res: &mut [u64], x: &[u64], y: &[u64]) { + let mut n: [u64; 4] = [0u64; 4usize]; + crate::p256::make_order(&mut n); + crate::p256::bn_add_mod4(res, &n, x, y) +} + +#[inline] +fn qmont_reduction(res: &mut [u64], x: &mut [u64]) { + let mut n: [u64; 4] = [0u64; 4usize]; + crate::p256::make_order(&mut n); + let mut c0: [u64; 1] = [0u64; 1usize]; + krml::unroll_for!(4, "i", 0u32, 1u32, { + let qj: u64 = 0xccd1c8aaee00bc4fu64.wrapping_mul(x[i as usize]); + let res_j: (&mut [u64], &mut [u64]) = x.split_at_mut(i as usize); + let mut c: [u64; 1] = [0u64; 1usize]; + { + let a_i: u64 = (&n)[4u32.wrapping_mul(0u32) as usize]; + let res_i: (&mut [u64], &mut [u64]) = + res_j.1.split_at_mut(4u32.wrapping_mul(0u32) as usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i, qj, (&c)[0usize], res_i.1); + let a_i0: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let res_i0: (&mut [u64], &mut [u64]) = res_i.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i0, qj, (&c)[0usize], res_i0.1); + let a_i1: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let res_i1: (&mut [u64], &mut [u64]) = res_i0.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i1, qj, (&c)[0usize], res_i1.1); + let a_i2: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let res_i2: (&mut [u64], &mut [u64]) = res_i1.1.split_at_mut(1usize); + (&mut c)[0usize] = + bignum::bignum_base::mul_wide_add2_u64(a_i2, qj, (&c)[0usize], res_i2.1) + }; + let r: u64 = (&c)[0usize]; + let c1: u64 = r; + let res_j0: u64 = x[4u32.wrapping_add(i) as usize]; + let resb: (&mut [u64], &mut [u64]) = x.split_at_mut(i as usize + 4usize); + (&mut c0)[0usize] = + lib::inttypes_intrinsics::add_carry_u64((&c0)[0usize], c1, res_j0, resb.1) + }); + (res[0usize..4usize]).copy_from_slice(&(&x[4usize..])[0usize..4usize]); + let c00: u64 = (&c0)[0usize]; + let mut tmp: [u64; 4] = [0u64; 4usize]; + let mut c: [u64; 1] = [0u64; 1usize]; + { + let t1: u64 = res[4u32.wrapping_mul(0u32) as usize]; + let t2: u64 = (&n)[4u32.wrapping_mul(0u32) as usize]; + let res_i: (&mut [u64], &mut [u64]) = tmp.split_at_mut(4u32.wrapping_mul(0u32) as usize); + (&mut c)[0usize] = lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t1, t2, res_i.1); + let t10: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let t20: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(1u32) as usize]; + let res_i0: (&mut [u64], &mut [u64]) = res_i.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t10, t20, res_i0.1); + let t11: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let t21: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(2u32) as usize]; + let res_i1: (&mut [u64], &mut [u64]) = res_i0.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t11, t21, res_i1.1); + let t12: u64 = res[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let t22: u64 = (&n)[4u32.wrapping_mul(0u32).wrapping_add(3u32) as usize]; + let res_i2: (&mut [u64], &mut [u64]) = res_i1.1.split_at_mut(1usize); + (&mut c)[0usize] = + lib::inttypes_intrinsics::sub_borrow_u64((&c)[0usize], t12, t22, res_i2.1) + }; + let c1: u64 = (&c)[0usize]; + let c2: u64 = c00.wrapping_sub(c1); + krml::unroll_for!(4, "i", 0u32, 1u32, { + let x1: u64 = c2 & res[i as usize] | !c2 & (&tmp)[i as usize]; + let os: (&mut [u64], &mut [u64]) = res.split_at_mut(0usize); + os.1[i as usize] = x1 + }) +} + +#[inline] +fn from_qmont(res: &mut [u64], x: &[u64]) { + let mut tmp: [u64; 8] = [0u64; 8usize]; + ((&mut tmp)[0usize..4usize]).copy_from_slice(&x[0usize..4usize]); + crate::p256::qmont_reduction(res, &mut tmp) +} + +#[inline] +fn qmul(res: &mut [u64], x: &[u64], y: &[u64]) { + let mut tmp: [u64; 8] = [0u64; 8usize]; + crate::p256::bn_mul4(&mut tmp, x, y); + crate::p256::qmont_reduction(res, &mut tmp) +} + +#[inline] +fn qsqr(res: &mut [u64], x: &[u64]) { + let mut tmp: [u64; 8] = [0u64; 8usize]; + crate::p256::bn_sqr4(&mut tmp, x); + crate::p256::qmont_reduction(res, &mut tmp) +} + +pub(crate) fn ecp256dh_i(public_key: &mut [u8], private_key: &[u8]) -> bool { + let mut tmp: [u64; 16] = [0u64; 16usize]; + let sk: (&mut [u64], &mut [u64]) = tmp.split_at_mut(0usize); + let pk: (&mut [u64], &mut [u64]) = sk.1.split_at_mut(4usize); + crate::p256::bn_from_bytes_be4(pk.0, private_key); + let is_b_valid: u64 = crate::p256::bn_is_lt_order_and_gt_zero_mask4(pk.0); + let mut oneq: [u64; 4] = [0u64; 4usize]; + (&mut oneq)[0usize] = 1u64; + (&mut oneq)[1usize] = 0u64; + (&mut oneq)[2usize] = 0u64; + (&mut oneq)[3usize] = 0u64; + krml::unroll_for!(4, "i", 0u32, 1u32, { + let uu____0: u64 = (&oneq)[i as usize]; + let x: u64 = uu____0 ^ is_b_valid & (pk.0[i as usize] ^ uu____0); + let os: (&mut [u64], &mut [u64]) = pk.0.split_at_mut(0usize); + os.1[i as usize] = x + }); + let is_sk_valid: u64 = is_b_valid; + crate::p256::point_mul_g(pk.1, pk.0); + crate::p256::point_store(public_key, pk.1); + is_sk_valid == 0xFFFFFFFFFFFFFFFFu64 +} + +pub(crate) fn ecp256dh_r( + shared_secret: &mut [u8], + their_pubkey: &[u8], + private_key: &[u8], +) -> bool { + let mut tmp: [u64; 16] = [0u64; 16usize]; + let sk: (&mut [u64], &mut [u64]) = tmp.split_at_mut(0usize); + let pk: (&mut [u64], &mut [u64]) = sk.1.split_at_mut(4usize); + let is_pk_valid: bool = crate::p256::load_point_vartime(pk.1, their_pubkey); + crate::p256::bn_from_bytes_be4(pk.0, private_key); + let is_b_valid: u64 = crate::p256::bn_is_lt_order_and_gt_zero_mask4(pk.0); + let mut oneq: [u64; 4] = [0u64; 4usize]; + (&mut oneq)[0usize] = 1u64; + (&mut oneq)[1usize] = 0u64; + (&mut oneq)[2usize] = 0u64; + (&mut oneq)[3usize] = 0u64; + krml::unroll_for!(4, "i", 0u32, 1u32, { + let uu____0: u64 = (&oneq)[i as usize]; + let x: u64 = uu____0 ^ is_b_valid & (pk.0[i as usize] ^ uu____0); + let os: (&mut [u64], &mut [u64]) = pk.0.split_at_mut(0usize); + os.1[i as usize] = x + }); + let is_sk_valid: u64 = is_b_valid; + let mut ss_proj: [u64; 12] = [0u64; 12usize]; + if is_pk_valid { + crate::p256::point_mul(&mut ss_proj, pk.0, pk.1); + crate::p256::point_store(shared_secret, &ss_proj) + }; + is_sk_valid == 0xFFFFFFFFFFFFFFFFu64 && is_pk_valid +} + +#[inline] +fn qinv(res: &mut [u64], r: &[u64]) { + let mut tmp: [u64; 28] = [0u64; 28usize]; + let x6: (&mut [u64], &mut [u64]) = tmp.split_at_mut(0usize); + let x_11: (&mut [u64], &mut [u64]) = x6.1.split_at_mut(4usize); + let x_101: (&mut [u64], &mut [u64]) = x_11.1.split_at_mut(4usize); + let x_111: (&mut [u64], &mut [u64]) = x_101.1.split_at_mut(4usize); + let x_1111: (&mut [u64], &mut [u64]) = x_111.1.split_at_mut(4usize); + let x_10101: (&mut [u64], &mut [u64]) = x_1111.1.split_at_mut(4usize); + let x_101111: (&mut [u64], &mut [u64]) = x_10101.1.split_at_mut(4usize); + (x_11.0[0usize..4usize]).copy_from_slice(&r[0usize..4usize]); + { + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]); + crate::p256::qsqr(x_11.0, &x_copy) + }; + crate::p256::qmul(x_101.0, x_11.0, r); + crate::p256::qmul(x_111.0, x_11.0, x_101.0); + crate::p256::qmul(x_1111.0, x_11.0, x_111.0); + (x_11.0[0usize..4usize]).copy_from_slice(&x_111.0[0usize..4usize]); + { + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]); + crate::p256::qsqr(x_11.0, &x_copy) + }; + crate::p256::qmul(x_10101.0, x_111.0, x_11.0); + { + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]); + crate::p256::qsqr(x_11.0, &x_copy) + }; + crate::p256::qmul(x_101111.0, x_11.0, r); + (x_11.0[0usize..4usize]).copy_from_slice(&x_101111.0[0usize..4usize]); + { + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]); + crate::p256::qsqr(x_11.0, &x_copy) + }; + crate::p256::qmul(x_101111.1, x_111.0, x_11.0); + let mut y_copy: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy)[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]); + crate::p256::qmul(x_11.0, x_101111.0, &y_copy); + let mut tmp1: [u64; 4] = [0u64; 4usize]; + krml::unroll_for!(2, "_i", 0u32, 1u32, { + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]); + crate::p256::qsqr(x_11.0, &x_copy) + }); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]); + crate::p256::qmul(x_11.0, &x_copy, x_101.0); + ((&mut tmp1)[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]); + krml::unroll_for!(8, "_i", 0u32, 1u32, { + let mut x_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy0)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy0) + }); + let mut x_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy0)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy0, x_11.0); + (x_11.0[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + krml::unroll_for!(16, "_i", 0u32, 1u32, { + let mut x_copy1: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy1)[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]); + crate::p256::qsqr(x_11.0, &x_copy1) + }); + let mut x_copy1: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy1)[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]); + crate::p256::qmul(x_11.0, &x_copy1, &tmp1); + ((&mut tmp1)[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]); + for _i in 0u32..64u32 { + let mut x_copy2: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy2)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy2) + } + let mut x_copy2: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy2)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy2, x_11.0); + krml::unroll_for!(32, "_i", 0u32, 1u32, { + let mut x_copy3: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy3)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy3) + }); + let mut x_copy3: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy3)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy3, x_11.0); + krml::unroll_for!(6, "_i", 0u32, 1u32, { + let mut x_copy4: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy4)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy4) + }); + let mut x_copy4: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy4)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy4, x_101111.1); + krml::unroll_for!(5, "_i", 0u32, 1u32, { + let mut x_copy5: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy5)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy5) + }); + let mut x_copy5: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy5)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy5, x_1111.0); + krml::unroll_for!(4, "_i", 0u32, 1u32, { + let mut x_copy6: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy6)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy6) + }); + let mut x_copy6: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy6)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy6, x_101.0); + krml::unroll_for!(5, "_i", 0u32, 1u32, { + let mut x_copy7: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy7)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy7) + }); + let mut x_copy7: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy7)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy7, x_10101.0); + krml::unroll_for!(5, "_i", 0u32, 1u32, { + let mut x_copy8: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy8)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy8) + }); + let mut x_copy8: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy8)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy8, x_101111.0); + krml::unroll_for!(4, "_i", 0u32, 1u32, { + let mut x_copy9: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy9)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy9) + }); + let mut x_copy9: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy9)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy9, x_111.0); + krml::unroll_for!(3, "_i", 0u32, 1u32, { + let mut x_copy10: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy10)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy10) + }); + let mut x_copy10: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy10)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy10, x_111.0); + krml::unroll_for!(3, "_i", 0u32, 1u32, { + let mut x_copy11: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy11)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy11) + }); + let mut x_copy11: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy11)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy11, x_111.0); + krml::unroll_for!(5, "_i", 0u32, 1u32, { + let mut x_copy12: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy12)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy12) + }); + let mut x_copy12: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy12)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy12, x_1111.0); + krml::unroll_for!(9, "_i", 0u32, 1u32, { + let mut x_copy13: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy13)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy13) + }); + let mut x_copy13: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy13)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy13, x_101111.1); + krml::unroll_for!(6, "_i", 0u32, 1u32, { + let mut x_copy14: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy14)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy14) + }); + let mut x_copy14: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy14)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy14, x_10101.0); + krml::unroll_for!(2, "_i", 0u32, 1u32, { + let mut x_copy15: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy15)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy15) + }); + let mut x_copy15: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy15)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy15, r); + krml::unroll_for!(5, "_i", 0u32, 1u32, { + let mut x_copy16: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy16)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy16) + }); + let mut x_copy16: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy16)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy16, r); + krml::unroll_for!(6, "_i", 0u32, 1u32, { + let mut x_copy17: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy17)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy17) + }); + let mut x_copy17: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy17)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy17, x_10101.0); + krml::unroll_for!(5, "_i", 0u32, 1u32, { + let mut x_copy18: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy18)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy18) + }); + let mut x_copy18: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy18)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy18, x_1111.0); + krml::unroll_for!(4, "_i", 0u32, 1u32, { + let mut x_copy19: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy19)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy19) + }); + let mut x_copy19: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy19)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy19, x_1111.0); + krml::unroll_for!(5, "_i", 0u32, 1u32, { + let mut x_copy20: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy20)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy20) + }); + let mut x_copy20: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy20)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy20, x_1111.0); + krml::unroll_for!(5, "_i", 0u32, 1u32, { + let mut x_copy21: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy21)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy21) + }); + let mut x_copy21: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy21)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy21, x_111.0); + krml::unroll_for!(3, "_i", 0u32, 1u32, { + let mut x_copy22: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy22)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy22) + }); + let mut x_copy22: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy22)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy22, x_101.0); + krml::unroll_for!(10, "_i", 0u32, 1u32, { + let mut x_copy23: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy23)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy23) + }); + let mut x_copy23: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy23)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy23, x_101111.1); + krml::unroll_for!(2, "_i", 0u32, 1u32, { + let mut x_copy24: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy24)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy24) + }); + let mut x_copy24: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy24)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy24, x_101.0); + krml::unroll_for!(5, "_i", 0u32, 1u32, { + let mut x_copy25: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy25)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy25) + }); + let mut x_copy25: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy25)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy25, x_101.0); + krml::unroll_for!(5, "_i", 0u32, 1u32, { + let mut x_copy26: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy26)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy26) + }); + let mut x_copy26: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy26)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy26, x_101.0); + krml::unroll_for!(3, "_i", 0u32, 1u32, { + let mut x_copy27: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy27)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy27) + }); + let mut x_copy27: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy27)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy27, r); + krml::unroll_for!(7, "_i", 0u32, 1u32, { + let mut x_copy28: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy28)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy28) + }); + let mut x_copy28: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy28)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy28, x_101111.0); + krml::unroll_for!(6, "_i", 0u32, 1u32, { + let mut x_copy29: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy29)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qsqr(&mut tmp1, &x_copy29) + }); + let mut x_copy29: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy29)[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + crate::p256::qmul(&mut tmp1, &x_copy29, x_10101.0); + (x_11.0[0usize..4usize]).copy_from_slice(&(&tmp1)[0usize..4usize]); + (res[0usize..4usize]).copy_from_slice(&x_11.0[0usize..4usize]) +} + +#[inline] +fn qmul_mont(sinv: &[u64], b: &[u64], res: &mut [u64]) { + let mut tmp: [u64; 4] = [0u64; 4usize]; + crate::p256::from_qmont(&mut tmp, b); + crate::p256::qmul(res, sinv, &tmp) +} + +#[inline] +fn ecdsa_verify_msg_as_qelem( + m_q: &[u64], + public_key: &[u8], + signature_r: &[u8], + signature_s: &[u8], +) -> bool { + let mut tmp: [u64; 28] = [0u64; 28usize]; + let pk: (&mut [u64], &mut [u64]) = tmp.split_at_mut(0usize); + let r_q: (&mut [u64], &mut [u64]) = pk.1.split_at_mut(12usize); + let s_q: (&mut [u64], &mut [u64]) = r_q.1.split_at_mut(4usize); + let u1: (&mut [u64], &mut [u64]) = s_q.1.split_at_mut(4usize); + let u2: (&mut [u64], &mut [u64]) = u1.1.split_at_mut(4usize); + let is_pk_valid: bool = crate::p256::load_point_vartime(r_q.0, public_key); + crate::p256::bn_from_bytes_be4(s_q.0, signature_r); + crate::p256::bn_from_bytes_be4(u1.0, signature_s); + let is_r_valid: u64 = crate::p256::bn_is_lt_order_and_gt_zero_mask4(s_q.0); + let is_s_valid: u64 = crate::p256::bn_is_lt_order_and_gt_zero_mask4(u1.0); + let is_rs_valid: bool = + is_r_valid == 0xFFFFFFFFFFFFFFFFu64 && is_s_valid == 0xFFFFFFFFFFFFFFFFu64; + if !(is_pk_valid && is_rs_valid) { + false + } else { + let mut sinv: [u64; 4] = [0u64; 4usize]; + crate::p256::qinv(&mut sinv, u1.0); + crate::p256::qmul_mont(&sinv, m_q, u2.0); + crate::p256::qmul_mont(&sinv, s_q.0, u2.1); + let mut res: [u64; 12] = [0u64; 12usize]; + crate::p256::point_mul_double_g(&mut res, u2.0, u2.1, r_q.0); + if crate::p256::is_point_at_inf_vartime(&res) { + false + } else { + let mut x: [u64; 4] = [0u64; 4usize]; + crate::p256::to_aff_point_x(&mut x, &res); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&(&x)[0usize..4usize]); + crate::p256::qmod_short(&mut x, &x_copy); + let res1: bool = crate::p256::bn_is_eq_vartime4(&x, s_q.0); + res1 + } + } +} + +#[inline] +fn ecdsa_sign_msg_as_qelem( + signature: &mut [u8], + m_q: &mut [u64], + private_key: &[u8], + nonce: &[u8], +) -> bool { + let mut rsdk_q: [u64; 16] = [0u64; 16usize]; + let r_q: (&mut [u64], &mut [u64]) = rsdk_q.split_at_mut(0usize); + let s_q: (&mut [u64], &mut [u64]) = r_q.1.split_at_mut(4usize); + let d_a: (&mut [u64], &mut [u64]) = s_q.1.split_at_mut(4usize); + let k_q: (&mut [u64], &mut [u64]) = d_a.1.split_at_mut(4usize); + crate::p256::bn_from_bytes_be4(k_q.0, private_key); + let is_b_valid: u64 = crate::p256::bn_is_lt_order_and_gt_zero_mask4(k_q.0); + let mut oneq: [u64; 4] = [0u64; 4usize]; + (&mut oneq)[0usize] = 1u64; + (&mut oneq)[1usize] = 0u64; + (&mut oneq)[2usize] = 0u64; + (&mut oneq)[3usize] = 0u64; + krml::unroll_for!(4, "i", 0u32, 1u32, { + let uu____0: u64 = (&oneq)[i as usize]; + let x: u64 = uu____0 ^ is_b_valid & (k_q.0[i as usize] ^ uu____0); + let os: (&mut [u64], &mut [u64]) = k_q.0.split_at_mut(0usize); + os.1[i as usize] = x + }); + let is_sk_valid: u64 = is_b_valid; + crate::p256::bn_from_bytes_be4(k_q.1, nonce); + let is_b_valid0: u64 = crate::p256::bn_is_lt_order_and_gt_zero_mask4(k_q.1); + let mut oneq0: [u64; 4] = [0u64; 4usize]; + (&mut oneq0)[0usize] = 1u64; + (&mut oneq0)[1usize] = 0u64; + (&mut oneq0)[2usize] = 0u64; + (&mut oneq0)[3usize] = 0u64; + krml::unroll_for!(4, "i", 0u32, 1u32, { + let uu____1: u64 = (&oneq0)[i as usize]; + let x: u64 = uu____1 ^ is_b_valid0 & (k_q.1[i as usize] ^ uu____1); + let os: (&mut [u64], &mut [u64]) = k_q.1.split_at_mut(0usize); + os.1[i as usize] = x + }); + let is_nonce_valid: u64 = is_b_valid0; + let are_sk_nonce_valid: u64 = is_sk_valid & is_nonce_valid; + let mut p: [u64; 12] = [0u64; 12usize]; + crate::p256::point_mul_g(&mut p, k_q.1); + crate::p256::to_aff_point_x(s_q.0, &p); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&s_q.0[0usize..4usize]); + crate::p256::qmod_short(s_q.0, &x_copy); + let mut kinv: [u64; 4] = [0u64; 4usize]; + crate::p256::qinv(&mut kinv, k_q.1); + crate::p256::qmul(d_a.0, s_q.0, k_q.0); + let mut x_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy0)[0usize..4usize]).copy_from_slice(&m_q[0usize..4usize]); + crate::p256::from_qmont(m_q, &x_copy0); + let mut y_copy: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy)[0usize..4usize]).copy_from_slice(&d_a.0[0usize..4usize]); + crate::p256::qadd(d_a.0, m_q, &y_copy); + let mut y_copy0: [u64; 4] = [0u64; 4usize]; + ((&mut y_copy0)[0usize..4usize]).copy_from_slice(&d_a.0[0usize..4usize]); + crate::p256::qmul(d_a.0, &kinv, &y_copy0); + crate::p256::bn2_to_bytes_be4(signature, s_q.0, d_a.0); + let is_r_zero: u64 = crate::p256::bn_is_zero_mask4(s_q.0); + let is_s_zero: u64 = crate::p256::bn_is_zero_mask4(d_a.0); + let m: u64 = are_sk_nonce_valid & (!is_r_zero & !is_s_zero); + let res: bool = m == 0xFFFFFFFFFFFFFFFFu64; + res +} + +/** +Create an ECDSA signature using SHA2-256. + + The function returns `true` for successful creation of an ECDSA signature and `false` otherwise. + + The outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `private_key` and `nonce` are valid: + • 0 < `private_key` < the order of the curve + • 0 < `nonce` < the order of the curve +*/ +pub fn ecdsa_sign_p256_sha2( + signature: &mut [u8], + msg_len: u32, + msg: &[u8], + private_key: &[u8], + nonce: &[u8], +) -> bool { + let mut m_q: [u64; 4] = [0u64; 4usize]; + let mut mHash: [u8; 32] = [0u8; 32usize]; + libcrux_sha2::hacl::hash_256(&mut mHash, msg, msg_len); + lowstar::ignore::ignore::(msg_len); + let mHash32: (&[u8], &[u8]) = mHash.split_at(0usize); + crate::p256::bn_from_bytes_be4(&mut m_q, mHash32.1); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&(&m_q)[0usize..4usize]); + crate::p256::qmod_short(&mut m_q, &x_copy); + let res: bool = crate::p256::ecdsa_sign_msg_as_qelem(signature, &mut m_q, private_key, nonce); + res +} + +/** +Create an ECDSA signature using SHA2-384. + + The function returns `true` for successful creation of an ECDSA signature and `false` otherwise. + + The outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `private_key` and `nonce` are valid: + • 0 < `private_key` < the order of the curve + • 0 < `nonce` < the order of the curve +*/ +pub fn ecdsa_sign_p256_sha384( + signature: &mut [u8], + msg_len: u32, + msg: &[u8], + private_key: &[u8], + nonce: &[u8], +) -> bool { + let mut m_q: [u64; 4] = [0u64; 4usize]; + let mut mHash: [u8; 48] = [0u8; 48usize]; + libcrux_sha2::hacl::hash_384(&mut mHash, msg, msg_len); + lowstar::ignore::ignore::(msg_len); + let mHash32: (&[u8], &[u8]) = mHash.split_at(0usize); + crate::p256::bn_from_bytes_be4(&mut m_q, mHash32.1); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&(&m_q)[0usize..4usize]); + crate::p256::qmod_short(&mut m_q, &x_copy); + let res: bool = crate::p256::ecdsa_sign_msg_as_qelem(signature, &mut m_q, private_key, nonce); + res +} + +/** +Create an ECDSA signature using SHA2-512. + + The function returns `true` for successful creation of an ECDSA signature and `false` otherwise. + + The outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `private_key` and `nonce` are valid: + • 0 < `private_key` < the order of the curve + • 0 < `nonce` < the order of the curve +*/ +pub fn ecdsa_sign_p256_sha512( + signature: &mut [u8], + msg_len: u32, + msg: &[u8], + private_key: &[u8], + nonce: &[u8], +) -> bool { + let mut m_q: [u64; 4] = [0u64; 4usize]; + let mut mHash: [u8; 64] = [0u8; 64usize]; + libcrux_sha2::hacl::hash_512(&mut mHash, msg, msg_len); + lowstar::ignore::ignore::(msg_len); + let mHash32: (&[u8], &[u8]) = mHash.split_at(0usize); + crate::p256::bn_from_bytes_be4(&mut m_q, mHash32.1); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&(&m_q)[0usize..4usize]); + crate::p256::qmod_short(&mut m_q, &x_copy); + let res: bool = crate::p256::ecdsa_sign_msg_as_qelem(signature, &mut m_q, private_key, nonce); + res +} + +/** +Create an ECDSA signature WITHOUT hashing first. + + This function is intended to receive a hash of the input. + For convenience, we recommend using one of the hash-and-sign combined functions above. + + The argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`). + + NOTE: The equivalent functions in OpenSSL and Fiat-Crypto both accept inputs + smaller than 32 bytes. These libraries left-pad the input with enough zeroes to + reach the minimum 32 byte size. Clients who need behavior identical to OpenSSL + need to perform the left-padding themselves. + + The function returns `true` for successful creation of an ECDSA signature and `false` otherwise. + + The outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `private_key` and `nonce` are valid values: + • 0 < `private_key` < the order of the curve + • 0 < `nonce` < the order of the curve +*/ +pub fn ecdsa_sign_p256_without_hash( + signature: &mut [u8], + msg_len: u32, + msg: &[u8], + private_key: &[u8], + nonce: &[u8], +) -> bool { + let mut m_q: [u64; 4] = [0u64; 4usize]; + let mut mHash: [u8; 32] = [0u8; 32usize]; + ((&mut mHash)[0usize..32usize]).copy_from_slice(&(&msg[0usize..])[0usize..32usize]); + lowstar::ignore::ignore::(msg_len); + let mHash32: (&[u8], &[u8]) = mHash.split_at(0usize); + crate::p256::bn_from_bytes_be4(&mut m_q, mHash32.1); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&(&m_q)[0usize..4usize]); + crate::p256::qmod_short(&mut m_q, &x_copy); + let res: bool = crate::p256::ecdsa_sign_msg_as_qelem(signature, &mut m_q, private_key, nonce); + res +} + +/** +Verify an ECDSA signature using SHA2-256. + + The function returns `true` if the signature is valid and `false` otherwise. + + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `public_key` is valid +*/ +pub fn ecdsa_verif_p256_sha2( + msg_len: u32, + msg: &[u8], + public_key: &[u8], + signature_r: &[u8], + signature_s: &[u8], +) -> bool { + let mut m_q: [u64; 4] = [0u64; 4usize]; + let mut mHash: [u8; 32] = [0u8; 32usize]; + libcrux_sha2::hacl::hash_256(&mut mHash, msg, msg_len); + lowstar::ignore::ignore::(msg_len); + let mHash32: (&[u8], &[u8]) = mHash.split_at(0usize); + crate::p256::bn_from_bytes_be4(&mut m_q, mHash32.1); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&(&m_q)[0usize..4usize]); + crate::p256::qmod_short(&mut m_q, &x_copy); + let res: bool = + crate::p256::ecdsa_verify_msg_as_qelem(&m_q, public_key, signature_r, signature_s); + res +} + +/** +Verify an ECDSA signature using SHA2-384. + + The function returns `true` if the signature is valid and `false` otherwise. + + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `public_key` is valid +*/ +pub fn ecdsa_verif_p256_sha384( + msg_len: u32, + msg: &[u8], + public_key: &[u8], + signature_r: &[u8], + signature_s: &[u8], +) -> bool { + let mut m_q: [u64; 4] = [0u64; 4usize]; + let mut mHash: [u8; 48] = [0u8; 48usize]; + libcrux_sha2::hacl::hash_384(&mut mHash, msg, msg_len); + lowstar::ignore::ignore::(msg_len); + let mHash32: (&[u8], &[u8]) = mHash.split_at(0usize); + crate::p256::bn_from_bytes_be4(&mut m_q, mHash32.1); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&(&m_q)[0usize..4usize]); + crate::p256::qmod_short(&mut m_q, &x_copy); + let res: bool = + crate::p256::ecdsa_verify_msg_as_qelem(&m_q, public_key, signature_r, signature_s); + res +} + +/** +Verify an ECDSA signature using SHA2-512. + + The function returns `true` if the signature is valid and `false` otherwise. + + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `public_key` is valid +*/ +pub fn ecdsa_verif_p256_sha512( + msg_len: u32, + msg: &[u8], + public_key: &[u8], + signature_r: &[u8], + signature_s: &[u8], +) -> bool { + let mut m_q: [u64; 4] = [0u64; 4usize]; + let mut mHash: [u8; 64] = [0u8; 64usize]; + libcrux_sha2::hacl::hash_512(&mut mHash, msg, msg_len); + lowstar::ignore::ignore::(msg_len); + let mHash32: (&[u8], &[u8]) = mHash.split_at(0usize); + crate::p256::bn_from_bytes_be4(&mut m_q, mHash32.1); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&(&m_q)[0usize..4usize]); + crate::p256::qmod_short(&mut m_q, &x_copy); + let res: bool = + crate::p256::ecdsa_verify_msg_as_qelem(&m_q, public_key, signature_r, signature_s); + res +} + +/** +Verify an ECDSA signature WITHOUT hashing first. + + This function is intended to receive a hash of the input. + For convenience, we recommend using one of the hash-and-verify combined functions above. + + The argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`). + + The function returns `true` if the signature is valid and `false` otherwise. + + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `public_key` is valid +*/ +pub fn ecdsa_verif_without_hash( + msg_len: u32, + msg: &[u8], + public_key: &[u8], + signature_r: &[u8], + signature_s: &[u8], +) -> bool { + let mut m_q: [u64; 4] = [0u64; 4usize]; + let mut mHash: [u8; 32] = [0u8; 32usize]; + ((&mut mHash)[0usize..32usize]).copy_from_slice(&(&msg[0usize..])[0usize..32usize]); + lowstar::ignore::ignore::(msg_len); + let mHash32: (&[u8], &[u8]) = mHash.split_at(0usize); + crate::p256::bn_from_bytes_be4(&mut m_q, mHash32.1); + let mut x_copy: [u64; 4] = [0u64; 4usize]; + ((&mut x_copy)[0usize..4usize]).copy_from_slice(&(&m_q)[0usize..4usize]); + crate::p256::qmod_short(&mut m_q, &x_copy); + let res: bool = + crate::p256::ecdsa_verify_msg_as_qelem(&m_q, public_key, signature_r, signature_s); + res +} + +/** +Public key validation. + + The function returns `true` if a public key is valid and `false` otherwise. + + The argument `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The public key (x || y) is valid (with respect to SP 800-56A): + • the public key is not the “point at infinity”, represented as O. + • the affine x and y coordinates of the point represented by the public key are + in the range [0, p – 1] where p is the prime defining the finite field. + • y^2 = x^3 + ax + b where a and b are the coefficients of the curve equation. + The last extract is taken from: https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/ +*/ +pub fn validate_public_key(public_key: &[u8]) -> bool { + let mut point_jac: [u64; 12] = [0u64; 12usize]; + let res: bool = crate::p256::load_point_vartime(&mut point_jac, public_key); + res +} + +/** +Private key validation. + + The function returns `true` if a private key is valid and `false` otherwise. + + The argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]. + + The private key is valid: + • 0 < `private_key` < the order of the curve +*/ +pub fn validate_private_key(private_key: &[u8]) -> bool { + let mut bn_sk: [u64; 4] = [0u64; 4usize]; + crate::p256::bn_from_bytes_be4(&mut bn_sk, private_key); + let res: u64 = crate::p256::bn_is_lt_order_and_gt_zero_mask4(&bn_sk); + res == 0xFFFFFFFFFFFFFFFFu64 +} + +/** +Convert a public key from uncompressed to its raw form. + + The function returns `true` for successful conversion of a public key and `false` otherwise. + + The outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `pk` points to 65 bytes of valid memory, i.e., uint8_t[65]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +pub fn uncompressed_to_raw(pk: &[u8], pk_raw: &mut [u8]) -> bool { + let pk0: u8 = pk[0usize]; + if pk0 != 0x04u8 { + false + } else { + (pk_raw[0usize..64usize]).copy_from_slice(&(&pk[1usize..])[0usize..64usize]); + true + } +} + +/** +Convert a public key from compressed to its raw form. + + The function returns `true` for successful conversion of a public key and `false` otherwise. + + The outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `pk` points to 33 bytes of valid memory, i.e., uint8_t[33]. + + The function also checks whether (x, y) is a valid point. +*/ +pub fn compressed_to_raw(pk: &[u8], pk_raw: &mut [u8]) -> bool { + let mut xa: [u64; 4] = [0u64; 4usize]; + let mut ya: [u64; 4] = [0u64; 4usize]; + let b: bool = crate::p256::aff_point_decompress_vartime(&mut xa, &mut ya, pk); + let pk_xb: (&[u8], &[u8]) = pk.split_at(1usize); + if b { + (pk_raw[0usize..32usize]).copy_from_slice(&pk_xb.1[0usize..32usize]); + crate::p256::bn_to_bytes_be4(&mut pk_raw[32usize..], &ya) + }; + b +} + +/** +Convert a public key from raw to its uncompressed form. + + The outparam `pk` points to 65 bytes of valid memory, i.e., uint8_t[65]. + The argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +pub fn raw_to_uncompressed(pk_raw: &[u8], pk: &mut [u8]) { + pk[0usize] = 0x04u8; + (pk[1usize..1usize + 64usize]).copy_from_slice(&pk_raw[0usize..64usize]) +} + +/** +Convert a public key from raw to its compressed form. + + The outparam `pk` points to 33 bytes of valid memory, i.e., uint8_t[33]. + The argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +pub fn raw_to_compressed(pk_raw: &[u8], pk: &mut [u8]) { + let pk_x: (&[u8], &[u8]) = pk_raw.split_at(0usize); + let pk_y: (&[u8], &[u8]) = pk_x.1.split_at(32usize); + let mut bn_f: [u64; 4] = [0u64; 4usize]; + crate::p256::bn_from_bytes_be4(&mut bn_f, pk_y.1); + let is_odd_f: u64 = (&bn_f)[0usize] & 1u64; + pk[0usize] = (is_odd_f as u8).wrapping_add(0x02u8); + (pk[1usize..1usize + 32usize]).copy_from_slice(&pk_y.0[0usize..32usize]) +} + +/** +Compute the public key from the private key. + + The function returns `true` if a private key is valid and `false` otherwise. + + The outparam `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]. + + The private key is valid: + • 0 < `private_key` < the order of the curve. +*/ +pub fn dh_initiator(public_key: &mut [u8], private_key: &[u8]) -> bool { + crate::p256::ecp256dh_i(public_key, private_key) +} + +/** +Execute the diffie-hellmann key exchange. + + The function returns `true` for successful creation of an ECDH shared secret and + `false` otherwise. + + The outparam `shared_secret` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `their_pubkey` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `private_key` and `their_pubkey` are valid. +*/ +pub fn dh_responder(shared_secret: &mut [u8], their_pubkey: &[u8], private_key: &[u8]) -> bool { + crate::p256::ecp256dh_r(shared_secret, their_pubkey, private_key) +} diff --git a/p256/src/p256_precomptable.rs b/p256/src/p256_precomptable.rs new file mode 100644 index 000000000..c0a6961e7 --- /dev/null +++ b/p256/src/p256_precomptable.rs @@ -0,0 +1,1174 @@ +//! This file is auto-generated by HACL*. + +#![allow(non_snake_case)] +#![allow(non_upper_case_globals)] +#![allow(non_camel_case_types)] +#![allow(unused_assignments)] +#![allow(unreachable_patterns)] + +pub(crate) const precomp_basepoint_table_w4: [u64; 192] = [ + 0u64, + 0u64, + 0u64, + 0u64, + 1u64, + 18446744069414584320u64, + 18446744073709551615u64, + 4294967294u64, + 0u64, + 0u64, + 0u64, + 0u64, + 8784043285714375740u64, + 8483257759279461889u64, + 8789745728267363600u64, + 1770019616739251654u64, + 15992936863339206154u64, + 10037038012062884956u64, + 15197544864945402661u64, + 9615747158586711429u64, + 1u64, + 18446744069414584320u64, + 18446744073709551615u64, + 4294967294u64, + 10634854829044225757u64, + 351552716085025155u64, + 10645315080955407736u64, + 3609262091244858135u64, + 15760741698986874125u64, + 14936374388219697827u64, + 15751360096993017895u64, + 18012233706239762398u64, + 1993877568177495041u64, + 10345888787846536528u64, + 7746511691117935375u64, + 14517043990409914413u64, + 14122549297570634151u64, + 16934610359517083771u64, + 5724511325497097418u64, + 8983432969107448705u64, + 2687429970334080245u64, + 16525396802810050288u64, + 7602596488871585854u64, + 4813919589149203084u64, + 7680395813780804519u64, + 6687709583048023590u64, + 18086445169104142027u64, + 9637814708330203929u64, + 14785108459960679090u64, + 3838023279095023581u64, + 3555615526157830307u64, + 5177066488380472871u64, + 18218186719108038403u64, + 16281556341699656105u64, + 1524227924561461191u64, + 4148060517641909597u64, + 2858290374115363433u64, + 8942772026334130620u64, + 3034451298319885113u64, + 8447866036736640940u64, + 11204933433076256578u64, + 18333595740249588297u64, + 8259597024804538246u64, + 9539734295777539786u64, + 9797290423046626413u64, + 5777303437849646537u64, + 8739356909899132020u64, + 14815960973766782158u64, + 15286581798204509801u64, + 17597362577777019682u64, + 13259283710820519742u64, + 10501322996899164670u64, + 1221138904338319642u64, + 14586685489551951885u64, + 895326705426031212u64, + 14398171728560617847u64, + 9592550823745097391u64, + 17240998489162206026u64, + 8085479283308189196u64, + 14844657737893882826u64, + 15923425394150618234u64, + 2997808084773249525u64, + 494323555453660587u64, + 1215695327517794764u64, + 9476207381098391690u64, + 7480789678419122995u64, + 15212230329321082489u64, + 436189395349576388u64, + 17377474396456660834u64, + 15237013929655017939u64, + 11444428846883781676u64, + 5112749694521428575u64, + 950829367509872073u64, + 17665036182057559519u64, + 17205133339690002313u64, + 16233765170251334549u64, + 10122775683257972591u64, + 3352514236455632420u64, + 9143148522359954691u64, + 601191684005658860u64, + 13398772186646349998u64, + 15512696600132928431u64, + 9128416073728948653u64, + 11233051033546138578u64, + 6769345682610122833u64, + 10823233224575054288u64, + 9997725227559980175u64, + 6733425642852897415u64, + 16302206918151466066u64, + 1669330822143265921u64, + 2661645605036546002u64, + 17182558479745802165u64, + 1165082692376932040u64, + 9470595929011488359u64, + 6142147329285324932u64, + 4829075085998111287u64, + 10231370681107338930u64, + 9591876895322495239u64, + 10316468561384076618u64, + 11592503647238064235u64, + 13395813606055179632u64, + 511127033980815508u64, + 12434976573147649880u64, + 3425094795384359127u64, + 6816971736303023445u64, + 15444670609021139344u64, + 9464349818322082360u64, + 16178216413042376883u64, + 9595540370774317348u64, + 7229365182662875710u64, + 4601177649460012843u64, + 5455046447382487090u64, + 10854066421606187521u64, + 15913416821879788071u64, + 2297365362023460173u64, + 2603252216454941350u64, + 6768791943870490934u64, + 15705936687122754810u64, + 9537096567546600694u64, + 17580538144855035062u64, + 4496542856965746638u64, + 8444341625922124942u64, + 12191263903636183168u64, + 17427332907535974165u64, + 14307569739254103736u64, + 13900598742063266169u64, + 7176996424355977650u64, + 5709008170379717479u64, + 14471312052264549092u64, + 1464519909491759867u64, + 3328154641049602121u64, + 13020349337171136774u64, + 2772166279972051938u64, + 10854476939425975292u64, + 1967189930534630940u64, + 2802919076529341959u64, + 14792226094833519208u64, + 14675640928566522177u64, + 14838974364643800837u64, + 17631460696099549980u64, + 17434186275364935469u64, + 2665648200587705473u64, + 13202122464492564051u64, + 7576287350918073341u64, + 2272206013910186424u64, + 14558761641743937843u64, + 5675729149929979729u64, + 9043135187561613166u64, + 11750149293830589225u64, + 740555197954307911u64, + 9871738005087190699u64, + 17178667634283502053u64, + 18046255991533013265u64, + 4458222096988430430u64, + 8452427758526311627u64, + 13825286929656615266u64, + 13956286357198391218u64, + 15875692916799995079u64, + 10634895319157013920u64, + 13230116118036304207u64, + 8795317393614625606u64, + 7001710806858862020u64, + 7949746088586183478u64, + 14677556044923602317u64, + 11184023437485843904u64, + 11215864722023085094u64, + 6444464081471519014u64, + 1706241174022415217u64, + 8243975633057550613u64, + 15502902453836085864u64, + 3799182188594003953u64, + 3538840175098724094u64, +]; + +pub(crate) const precomp_g_pow2_64_table_w4: [u64; 192] = [ + 0u64, + 0u64, + 0u64, + 0u64, + 1u64, + 18446744069414584320u64, + 18446744073709551615u64, + 4294967294u64, + 0u64, + 0u64, + 0u64, + 0u64, + 1499621593102562565u64, + 16692369783039433128u64, + 15337520135922861848u64, + 5455737214495366228u64, + 17827017231032529600u64, + 12413621606240782649u64, + 2290483008028286132u64, + 15752017553340844820u64, + 4846430910634234874u64, + 10861682798464583253u64, + 15404737222404363049u64, + 363586619281562022u64, + 9866710912401645115u64, + 1162548847543228595u64, + 7649967190445130486u64, + 5212340432230915749u64, + 7572620550182916491u64, + 14876145112448665096u64, + 2063227348838176167u64, + 3519435548295415847u64, + 8390400282019023103u64, + 17666843593163037841u64, + 9450204148816496323u64, + 8483374507652916768u64, + 6254661047265818424u64, + 16382127809582285023u64, + 125359443771153172u64, + 1374336701588437897u64, + 11362596098420127726u64, + 2101654420738681387u64, + 12772780342444840510u64, + 12546934328908550060u64, + 8331880412333790397u64, + 11687262051473819904u64, + 8926848496503457587u64, + 9603974142010467857u64, + 13199952163826973175u64, + 2189856264898797734u64, + 11356074861870267226u64, + 2027714896422561895u64, + 5261606367808050149u64, + 153855954337762312u64, + 6375919692894573986u64, + 12364041207536146533u64, + 1891896010455057160u64, + 1568123795087313171u64, + 18138710056556660101u64, + 6004886947510047736u64, + 4811859325589542932u64, + 3618763430148954981u64, + 11434521746258554122u64, + 10086341535864049427u64, + 8073421629570399570u64, + 12680586148814729338u64, + 9619958020761569612u64, + 15827203580658384478u64, + 12832694810937550406u64, + 14977975484447400910u64, + 5478002389061063653u64, + 14731136312639060880u64, + 4317867687275472033u64, + 6642650962855259884u64, + 2514254944289495285u64, + 14231405641534478436u64, + 4045448346091518946u64, + 8985477013445972471u64, + 8869039454457032149u64, + 4356978486208692970u64, + 10805288613335538577u64, + 12832353127812502042u64, + 4576590051676547490u64, + 6728053735138655107u64, + 17814206719173206184u64, + 79790138573994940u64, + 17920293215101822267u64, + 13422026625585728864u64, + 5018058010492547271u64, + 110232326023384102u64, + 10834264070056942976u64, + 15222249086119088588u64, + 15119439519142044997u64, + 11655511970063167313u64, + 1614477029450566107u64, + 3619322817271059794u64, + 9352862040415412867u64, + 14017522553242747074u64, + 13138513643674040327u64, + 3610195242889455765u64, + 8371069193996567291u64, + 12670227996544662654u64, + 1205961025092146303u64, + 13106709934003962112u64, + 4350113471327723407u64, + 15060941403739680459u64, + 13639127647823205030u64, + 10790943339357725715u64, + 498760574280648264u64, + 17922071907832082887u64, + 15122670976670152145u64, + 6275027991110214322u64, + 7250912847491816402u64, + 15206617260142982380u64, + 3385668313694152877u64, + 17522479771766801905u64, + 2965919117476170655u64, + 1553238516603269404u64, + 5820770015631050991u64, + 4999445222232605348u64, + 9245650860833717444u64, + 1508811811724230728u64, + 5190684913765614385u64, + 15692927070934536166u64, + 12981978499190500902u64, + 5143491963193394698u64, + 7705698092144084129u64, + 581120653055084783u64, + 13886552864486459714u64, + 6290301270652587255u64, + 8663431529954393128u64, + 17033405846475472443u64, + 5206780355442651635u64, + 12580364474736467688u64, + 17934601912005283310u64, + 15119491731028933652u64, + 17848231399859044858u64, + 4427673319524919329u64, + 2673607337074368008u64, + 14034876464294699949u64, + 10938948975420813697u64, + 15202340615298669183u64, + 5496603454069431071u64, + 2486526142064906845u64, + 4507882119510526802u64, + 13888151172411390059u64, + 15049027856908071726u64, + 9667231543181973158u64, + 6406671575277563202u64, + 3395801050331215139u64, + 9813607433539108308u64, + 2681417728820980381u64, + 18407064643927113994u64, + 7707177692113485527u64, + 14218149384635317074u64, + 3658668346206375919u64, + 15404713991002362166u64, + 10152074687696195207u64, + 10926946599582128139u64, + 16907298600007085320u64, + 16544287219664720279u64, + 11007075933432813205u64, + 8652245965145713599u64, + 7857626748965990384u64, + 5602306604520095870u64, + 2525139243938658618u64, + 14405696176872077447u64, + 18432270482137885332u64, + 9913880809120071177u64, + 16896141737831216972u64, + 7484791498211214829u64, + 15635259968266497469u64, + 8495118537612215624u64, + 4915477980562575356u64, + 16453519279754924350u64, + 14462108244565406969u64, + 14837837755237096687u64, + 14130171078892575346u64, + 15423793222528491497u64, + 5460399262075036084u64, + 16085440580308415349u64, + 26873200736954488u64, + 5603655807457499550u64, + 3342202915871129617u64, + 1604413932150236626u64, + 9684226585089458974u64, + 1213229904006618539u64, + 6782978662408837236u64, + 11197029877749307372u64, + 14085968786551657744u64, + 17352273610494009342u64, + 7876582961192434984u64, +]; + +pub(crate) const precomp_g_pow2_128_table_w4: [u64; 192] = [ + 0u64, + 0u64, + 0u64, + 0u64, + 1u64, + 18446744069414584320u64, + 18446744073709551615u64, + 4294967294u64, + 0u64, + 0u64, + 0u64, + 0u64, + 14619254753077084366u64, + 13913835116514008593u64, + 15060744674088488145u64, + 17668414598203068685u64, + 10761169236902342334u64, + 15467027479157446221u64, + 14989185522423469618u64, + 14354539272510107003u64, + 14298211796392133693u64, + 13270323784253711450u64, + 13380964971965046957u64, + 8686204248456909699u64, + 17434630286744937066u64, + 1355903775279084720u64, + 7554695053550308662u64, + 11354971222741863570u64, + 564601613420749879u64, + 8466325837259054896u64, + 10752965181772434263u64, + 11405876547368426319u64, + 13791894568738930940u64, + 8230587134406354675u64, + 12415514098722758608u64, + 18414183046995786744u64, + 15508000368227372870u64, + 5781062464627999307u64, + 15339429052219195590u64, + 16038703753810741903u64, + 9587718938298980714u64, + 4822658817952386407u64, + 1376351024833260660u64, + 1120174910554766702u64, + 1730170933262569274u64, + 5187428548444533500u64, + 16242053503368957131u64, + 3036811119519868279u64, + 1760267587958926638u64, + 170244572981065185u64, + 8063080791967388171u64, + 4824892826607692737u64, + 16286391083472040552u64, + 11945158615253358747u64, + 14096887760410224200u64, + 1613720831904557039u64, + 14316966673761197523u64, + 17411006201485445341u64, + 8112301506943158801u64, + 2069889233927989984u64, + 10082848378277483927u64, + 3609691194454404430u64, + 6110437205371933689u64, + 9769135977342231601u64, + 11977962151783386478u64, + 18088718692559983573u64, + 11741637975753055u64, + 11110390325701582190u64, + 1341402251566067019u64, + 3028229550849726478u64, + 10438984083997451310u64, + 12730851885100145709u64, + 11524169532089894189u64, + 4523375903229602674u64, + 2028602258037385622u64, + 17082839063089388410u64, + 6103921364634113167u64, + 17066180888225306102u64, + 11395680486707876195u64, + 10952892272443345484u64, + 8792831960605859401u64, + 14194485427742325139u64, + 15146020821144305250u64, + 1654766014957123343u64, + 7955526243090948551u64, + 3989277566080493308u64, + 12229385116397931231u64, + 13430548930727025562u64, + 3434892688179800602u64, + 8431998794645622027u64, + 12132530981596299272u64, + 2289461608863966999u64, + 18345870950201487179u64, + 13517947207801901576u64, + 5213113244172561159u64, + 17632986594098340879u64, + 4405251818133148856u64, + 11783009269435447793u64, + 9332138983770046035u64, + 12863411548922539505u64, + 3717030292816178224u64, + 10026078446427137374u64, + 11167295326594317220u64, + 12425328773141588668u64, + 5760335125172049352u64, + 9016843701117277863u64, + 5657892835694680172u64, + 11025130589305387464u64, + 1368484957977406173u64, + 17361351345281258834u64, + 1907113641956152700u64, + 16439233413531427752u64, + 5893322296986588932u64, + 14000206906171746627u64, + 14979266987545792900u64, + 6926291766898221120u64, + 7162023296083360752u64, + 14762747553625382529u64, + 12610831658612406849u64, + 10462926899548715515u64, + 4794017723140405312u64, + 5234438200490163319u64, + 8019519110339576320u64, + 7194604241290530100u64, + 12626770134810813246u64, + 10793074474236419890u64, + 11323224347913978783u64, + 16831128015895380245u64, + 18323094195124693378u64, + 2361097165281567692u64, + 15755578675014279498u64, + 14289876470325854580u64, + 12856787656093616839u64, + 3578928531243900594u64, + 3847532758790503699u64, + 8377953190224748743u64, + 3314546646092744596u64, + 800810188859334358u64, + 4626344124229343596u64, + 6620381605850876621u64, + 11422073570955989527u64, + 12676813626484814469u64, + 16725029886764122240u64, + 16648497372773830008u64, + 9135702594931291048u64, + 16080949688826680333u64, + 11528096561346602947u64, + 2632498067099740984u64, + 11583842699108800714u64, + 8378404864573610526u64, + 1076560261627788534u64, + 13836015994325032828u64, + 11234295937817067909u64, + 5893659808396722708u64, + 11277421142886984364u64, + 8968549037166726491u64, + 14841374331394032822u64, + 9967344773947889341u64, + 8799244393578496085u64, + 5094686877301601410u64, + 8780316747074726862u64, + 9119697306829835718u64, + 15381243327921855368u64, + 2686250164449435196u64, + 16466917280442198358u64, + 13791704489163125216u64, + 16955859337117924272u64, + 17112836394923783642u64, + 4639176427338618063u64, + 16770029310141094964u64, + 11049953922966416185u64, + 12012669590884098968u64, + 4859326885929417214u64, + 896380084392586061u64, + 7153028362977034008u64, + 10540021163316263301u64, + 9318277998512936585u64, + 18344496977694796523u64, + 11374737400567645494u64, + 17158800051138212954u64, + 18343197867863253153u64, + 18204799297967861226u64, + 15798973531606348828u64, + 9870158263408310459u64, + 17578869832774612627u64, + 8395748875822696932u64, + 15310679007370670872u64, + 11205576736030808860u64, + 10123429210002838967u64, + 5910544144088393959u64, + 14016615653353687369u64, + 11191676704772957822u64, +]; + +pub(crate) const precomp_g_pow2_192_table_w4: [u64; 192] = [ + 0u64, + 0u64, + 0u64, + 0u64, + 1u64, + 18446744069414584320u64, + 18446744073709551615u64, + 4294967294u64, + 0u64, + 0u64, + 0u64, + 0u64, + 7870395003430845958u64, + 18001862936410067720u64, + 8006461232116967215u64, + 5921313779532424762u64, + 10702113371959864307u64, + 8070517410642379879u64, + 7139806720777708306u64, + 8253938546650739833u64, + 17490482834545705718u64, + 1065249776797037500u64, + 5018258455937968775u64, + 14100621120178668337u64, + 8392845221328116213u64, + 14630296398338540788u64, + 4268947906723414372u64, + 9231207002243517909u64, + 14261219637616504262u64, + 7786881626982345356u64, + 11412720751765882139u64, + 14119585051365330009u64, + 15281626286521302128u64, + 6350171933454266732u64, + 16559468304937127866u64, + 13200760478271693417u64, + 6733381546280350776u64, + 3801404890075189193u64, + 2741036364686993903u64, + 3218612940540174008u64, + 10894914335165419505u64, + 11862941430149998362u64, + 4223151729402839584u64, + 2913215088487087887u64, + 14562168920104952953u64, + 2170089393468287453u64, + 10520900655016579352u64, + 7040362608949989273u64, + 8376510559381705307u64, + 9142237200448131532u64, + 5696859948123854080u64, + 925422306716081180u64, + 11155545953469186421u64, + 1888208646862572812u64, + 11151095998248845721u64, + 15793503271680275267u64, + 7729877044494854851u64, + 6235134673193032913u64, + 7364280682182401564u64, + 5479679373325519985u64, + 17966037684582301763u64, + 14140891609330279185u64, + 5814744449740463867u64, + 5652588426712591652u64, + 774745682988690912u64, + 13228255573220500373u64, + 11949122068786859397u64, + 8021166392900770376u64, + 7994323710948720063u64, + 9924618472877849977u64, + 17618517523141194266u64, + 2750424097794401714u64, + 15481749570715253207u64, + 14646964509921760497u64, + 1037442848094301355u64, + 6295995947389299132u64, + 16915049722317579514u64, + 10493877400992990313u64, + 18391008753060553521u64, + 483942209623707598u64, + 2017775662838016613u64, + 5933251998459363553u64, + 11789135019970707407u64, + 5484123723153268336u64, + 13246954648848484954u64, + 4774374393926023505u64, + 14863995618704457336u64, + 13220153167104973625u64, + 5988445485312390826u64, + 17580359464028944682u64, + 7297100131969874771u64, + 379931507867989375u64, + 10927113096513421444u64, + 17688881974428340857u64, + 4259872578781463333u64, + 8573076295966784472u64, + 16389829450727275032u64, + 1667243868963568259u64, + 17730726848925960919u64, + 11408899874569778008u64, + 3576527582023272268u64, + 16492920640224231656u64, + 7906130545972460130u64, + 13878604278207681266u64, + 41446695125652041u64, + 8891615271337333503u64, + 2594537723613594470u64, + 7699579176995770924u64, + 147458463055730655u64, + 12120406862739088406u64, + 12044892493010567063u64, + 8554076749615475136u64, + 1005097692260929999u64, + 2687202654471188715u64, + 9457588752176879209u64, + 17472884880062444019u64, + 9792097892056020166u64, + 2525246678512797150u64, + 15958903035313115662u64, + 11336038170342247032u64, + 11560342382835141123u64, + 6212009033479929024u64, + 8214308203775021229u64, + 8475469210070503698u64, + 13287024123485719563u64, + 12956951963817520723u64, + 10693035819908470465u64, + 11375478788224786725u64, + 16934625208487120398u64, + 10094585729115874495u64, + 2763884524395905776u64, + 13535890148969964883u64, + 13514657411765064358u64, + 9903074440788027562u64, + 17324720726421199990u64, + 2273931039117368789u64, + 3442641041506157854u64, + 1119853641236409612u64, + 12037070344296077989u64, + 581736433335671746u64, + 6019150647054369174u64, + 14864096138068789375u64, + 6652995210998318662u64, + 12773883697029175304u64, + 12751275631451845119u64, + 11449095003038250478u64, + 1025805267334366480u64, + 2764432500300815015u64, + 18274564429002844381u64, + 10445634195592600351u64, + 11814099592837202735u64, + 5006796893679120289u64, + 6908397253997261914u64, + 13266696965302879279u64, + 7768715053015037430u64, + 3569923738654785686u64, + 5844853453464857549u64, + 1837340805629559110u64, + 1034657624388283114u64, + 711244516069456460u64, + 12519286026957934814u64, + 2613464944620837619u64, + 10003023321338286213u64, + 7291332092642881376u64, + 9832199564117004897u64, + 3280736694860799890u64, + 6416452202849179874u64, + 7326961381798642069u64, + 8435688798040635029u64, + 16630141263910982958u64, + 17222635514422533318u64, + 9482787389178881499u64, + 836561194658263905u64, + 3405319043337616649u64, + 2786146577568026518u64, + 7625483685691626321u64, + 6728084875304656716u64, + 1140997959232544268u64, + 12847384827606303792u64, + 1719121337754572070u64, + 12863589482936438532u64, + 3880712899640530862u64, + 2748456882813671564u64, + 4775988900044623019u64, + 8937847374382191162u64, + 3767367347172252295u64, + 13468672401049388646u64, + 14359032216842397576u64, + 2002555958685443975u64, + 16488678606651526810u64, + 11826135409597474760u64, + 15296495673182508601u64, +]; + +pub(crate) const precomp_basepoint_table_w5: [u64; 384] = [ + 0u64, + 0u64, + 0u64, + 0u64, + 1u64, + 18446744069414584320u64, + 18446744073709551615u64, + 4294967294u64, + 0u64, + 0u64, + 0u64, + 0u64, + 8784043285714375740u64, + 8483257759279461889u64, + 8789745728267363600u64, + 1770019616739251654u64, + 15992936863339206154u64, + 10037038012062884956u64, + 15197544864945402661u64, + 9615747158586711429u64, + 1u64, + 18446744069414584320u64, + 18446744073709551615u64, + 4294967294u64, + 10634854829044225757u64, + 351552716085025155u64, + 10645315080955407736u64, + 3609262091244858135u64, + 15760741698986874125u64, + 14936374388219697827u64, + 15751360096993017895u64, + 18012233706239762398u64, + 1993877568177495041u64, + 10345888787846536528u64, + 7746511691117935375u64, + 14517043990409914413u64, + 14122549297570634151u64, + 16934610359517083771u64, + 5724511325497097418u64, + 8983432969107448705u64, + 2687429970334080245u64, + 16525396802810050288u64, + 7602596488871585854u64, + 4813919589149203084u64, + 7680395813780804519u64, + 6687709583048023590u64, + 18086445169104142027u64, + 9637814708330203929u64, + 14785108459960679090u64, + 3838023279095023581u64, + 3555615526157830307u64, + 5177066488380472871u64, + 18218186719108038403u64, + 16281556341699656105u64, + 1524227924561461191u64, + 4148060517641909597u64, + 2858290374115363433u64, + 8942772026334130620u64, + 3034451298319885113u64, + 8447866036736640940u64, + 11204933433076256578u64, + 18333595740249588297u64, + 8259597024804538246u64, + 9539734295777539786u64, + 9797290423046626413u64, + 5777303437849646537u64, + 8739356909899132020u64, + 14815960973766782158u64, + 15286581798204509801u64, + 17597362577777019682u64, + 13259283710820519742u64, + 10501322996899164670u64, + 1221138904338319642u64, + 14586685489551951885u64, + 895326705426031212u64, + 14398171728560617847u64, + 9592550823745097391u64, + 17240998489162206026u64, + 8085479283308189196u64, + 14844657737893882826u64, + 15923425394150618234u64, + 2997808084773249525u64, + 494323555453660587u64, + 1215695327517794764u64, + 9476207381098391690u64, + 7480789678419122995u64, + 15212230329321082489u64, + 436189395349576388u64, + 17377474396456660834u64, + 15237013929655017939u64, + 11444428846883781676u64, + 5112749694521428575u64, + 950829367509872073u64, + 17665036182057559519u64, + 17205133339690002313u64, + 16233765170251334549u64, + 10122775683257972591u64, + 3352514236455632420u64, + 9143148522359954691u64, + 601191684005658860u64, + 13398772186646349998u64, + 15512696600132928431u64, + 9128416073728948653u64, + 11233051033546138578u64, + 6769345682610122833u64, + 10823233224575054288u64, + 9997725227559980175u64, + 6733425642852897415u64, + 16302206918151466066u64, + 1669330822143265921u64, + 2661645605036546002u64, + 17182558479745802165u64, + 1165082692376932040u64, + 9470595929011488359u64, + 6142147329285324932u64, + 4829075085998111287u64, + 10231370681107338930u64, + 9591876895322495239u64, + 10316468561384076618u64, + 11592503647238064235u64, + 13395813606055179632u64, + 511127033980815508u64, + 12434976573147649880u64, + 3425094795384359127u64, + 6816971736303023445u64, + 15444670609021139344u64, + 9464349818322082360u64, + 16178216413042376883u64, + 9595540370774317348u64, + 7229365182662875710u64, + 4601177649460012843u64, + 5455046447382487090u64, + 10854066421606187521u64, + 15913416821879788071u64, + 2297365362023460173u64, + 2603252216454941350u64, + 6768791943870490934u64, + 15705936687122754810u64, + 9537096567546600694u64, + 17580538144855035062u64, + 4496542856965746638u64, + 8444341625922124942u64, + 12191263903636183168u64, + 17427332907535974165u64, + 14307569739254103736u64, + 13900598742063266169u64, + 7176996424355977650u64, + 5709008170379717479u64, + 14471312052264549092u64, + 1464519909491759867u64, + 3328154641049602121u64, + 13020349337171136774u64, + 2772166279972051938u64, + 10854476939425975292u64, + 1967189930534630940u64, + 2802919076529341959u64, + 14792226094833519208u64, + 14675640928566522177u64, + 14838974364643800837u64, + 17631460696099549980u64, + 17434186275364935469u64, + 2665648200587705473u64, + 13202122464492564051u64, + 7576287350918073341u64, + 2272206013910186424u64, + 14558761641743937843u64, + 5675729149929979729u64, + 9043135187561613166u64, + 11750149293830589225u64, + 740555197954307911u64, + 9871738005087190699u64, + 17178667634283502053u64, + 18046255991533013265u64, + 4458222096988430430u64, + 8452427758526311627u64, + 13825286929656615266u64, + 13956286357198391218u64, + 15875692916799995079u64, + 10634895319157013920u64, + 13230116118036304207u64, + 8795317393614625606u64, + 7001710806858862020u64, + 7949746088586183478u64, + 14677556044923602317u64, + 11184023437485843904u64, + 11215864722023085094u64, + 6444464081471519014u64, + 1706241174022415217u64, + 8243975633057550613u64, + 15502902453836085864u64, + 3799182188594003953u64, + 3538840175098724094u64, + 13240193491554624643u64, + 12365034249541329920u64, + 2924326828590977357u64, + 5687195797140589099u64, + 16880427227292834531u64, + 9691471435758991112u64, + 16642385273732487288u64, + 12173806747523009914u64, + 13142722756877876849u64, + 8370377548305121979u64, + 17988526053752025426u64, + 4818750752684100334u64, + 5669241919350361655u64, + 4964810303238518540u64, + 16709712747671533191u64, + 4461414404267448242u64, + 3971798785139504238u64, + 6276818948740422136u64, + 1426735892164275762u64, + 7943622674892418919u64, + 9864274225563929680u64, + 57815533745003233u64, + 10893588105168960233u64, + 15739162732907069535u64, + 3923866849462073470u64, + 12279826158399226875u64, + 1533015761334846582u64, + 15860156818568437510u64, + 8252625373831297988u64, + 9666953804812706358u64, + 8767785238646914634u64, + 14382179044941403551u64, + 10401039907264254245u64, + 8584860003763157350u64, + 3120462679504470266u64, + 8670255778748340069u64, + 5313789577940369984u64, + 16977072364454789224u64, + 12199578693972188324u64, + 18211098771672599237u64, + 12868831556008795030u64, + 5310155061431048194u64, + 18114153238435112606u64, + 14482365809278304512u64, + 12520721662723001511u64, + 405943624021143002u64, + 8146944101507657423u64, + 181739317780393495u64, + 81743892273670099u64, + 14759561962550473930u64, + 4592623849546992939u64, + 6916440441743449719u64, + 1304610503530809833u64, + 5464930909232486441u64, + 15414883617496224671u64, + 8129283345256790u64, + 18294252198413739489u64, + 17394115281884857288u64, + 7808348415224731235u64, + 13195566655747230608u64, + 8568194219353949094u64, + 15329813048672122440u64, + 9604275495885785744u64, + 1577712551205219835u64, + 15964209008022052790u64, + 15087297920782098160u64, + 3946031512438511898u64, + 10050061168984440631u64, + 11382452014533138316u64, + 6313670788911952792u64, + 12015989229696164014u64, + 5946702628076168852u64, + 5219995658774362841u64, + 12230141881068377972u64, + 12361195202673441956u64, + 4732862275653856711u64, + 17221430380805252370u64, + 15397525953897375810u64, + 16557437297239563045u64, + 10101683801868971351u64, + 1402611372245592868u64, + 1931806383735563658u64, + 10991705207471512479u64, + 861333583207471392u64, + 15207766844626322355u64, + 9224628129811432393u64, + 3497069567089055613u64, + 11956632757898590316u64, + 8733729372586312960u64, + 18091521051714930927u64, + 77582787724373283u64, + 9922437373519669237u64, + 3079321456325704615u64, + 12171198408512478457u64, + 17179130884012147596u64, + 6839115479620367181u64, + 4421032569964105406u64, + 10353331468657256053u64, + 17400988720335968824u64, + 17138855889417480540u64, + 4507980080381370611u64, + 10703175719793781886u64, + 12598516658725890426u64, + 8353463412173898932u64, + 17703029389228422404u64, + 9313111267107226233u64, + 5441322942995154196u64, + 8952817660034465484u64, + 17571113341183703118u64, + 7375087953801067019u64, + 13381466302076453648u64, + 3218165271423914596u64, + 16956372157249382685u64, + 509080090049418841u64, + 13374233893294084913u64, + 2988537624204297086u64, + 4979195832939384620u64, + 3803931594068976394u64, + 10731535883829627646u64, + 12954845047607194278u64, + 10494298062560667399u64, + 4967351022190213065u64, + 13391917938145756456u64, + 951370484866918160u64, + 13531334179067685307u64, + 12868421357919390599u64, + 15918857042998130258u64, + 17769743831936974016u64, + 7137921979260368809u64, + 12461369180685892062u64, + 827476514081935199u64, + 15107282134224767230u64, + 10084765752802805748u64, + 3303739059392464407u64, + 17859532612136591428u64, + 10949414770405040164u64, + 12838613589371008785u64, + 5554397169231540728u64, + 18375114572169624408u64, + 15649286703242390139u64, + 2957281557463706877u64, + 14000350446219393213u64, + 14355199721749620351u64, + 2730856240099299695u64, + 17528131000714705752u64, + 2537498525883536360u64, + 6121058967084509393u64, + 16897667060435514221u64, + 12367869599571112440u64, + 3388831797050807508u64, + 16791449724090982798u64, + 2673426123453294928u64, + 11369313542384405846u64, + 15641960333586432634u64, + 15080962589658958379u64, + 7747943772340226569u64, + 8075023376199159152u64, + 8485093027378306528u64, + 13503706844122243648u64, + 8401961362938086226u64, + 8125426002124226402u64, + 9005399361407785203u64, + 6847968030066906634u64, + 11934937736309295197u64, + 5116750888594772351u64, + 2817039227179245227u64, + 17724206901239332980u64, + 4985702708254058578u64, + 5786345435756642871u64, + 17772527414940936938u64, + 1201320251272957006u64, + 15787430120324348129u64, + 6305488781359965661u64, + 12423900845502858433u64, + 17485949424202277720u64, + 2062237315546855852u64, + 10353639467860902375u64, + 2315398490451287299u64, + 15394572894814882621u64, + 232866113801165640u64, + 7413443736109338926u64, + 902719806551551191u64, + 16568853118619045174u64, + 14202214862428279177u64, + 11719595395278861192u64, + 5890053236389907647u64, + 9996196494965833627u64, + 12967056942364782577u64, + 9034128755157395787u64, + 17898204904710512655u64, + 8229373445062993977u64, + 13580036169519833644u64, +]; From 4e17e4076edb370878ddec52ef62186fdba61980 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 15 Jan 2025 08:05:28 +0000 Subject: [PATCH 2/7] started hacl-rs ecdh p256 --- libcrux-ecdh/src/ecdh.rs | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/libcrux-ecdh/src/ecdh.rs b/libcrux-ecdh/src/ecdh.rs index f2e8f2f74..d846109cf 100644 --- a/libcrux-ecdh/src/ecdh.rs +++ b/libcrux-ecdh/src/ecdh.rs @@ -1,12 +1,7 @@ //! # ECDH //! -//! Depending on the platform and available features the most efficient implementation -//! is chosen. -//! //! ## x25519 -//! For x25519 the portable HACL implementation is used unless running on an x64 -//! CPU with BMI2 and ADX support. In this case the libjade implementation is -//! used. +//! For x25519 the portable HACL implementation is used. //! //! ## P256 //! For P256 the portable HACL implementation is used. From 45dd960858e12c86e0720bc5da67d9a44d17e330 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 16 Jan 2025 13:49:32 +0100 Subject: [PATCH 3/7] p256 ecdh --- libcrux-ecdh/Cargo.toml | 5 +- libcrux-ecdh/src/ecdh.rs | 403 ++-------------------------------- libcrux-ecdh/src/hacl/p256.rs | 27 +-- 3 files changed, 31 insertions(+), 404 deletions(-) diff --git a/libcrux-ecdh/Cargo.toml b/libcrux-ecdh/Cargo.toml index fdd85df6c..d9540ae5d 100644 --- a/libcrux-ecdh/Cargo.toml +++ b/libcrux-ecdh/Cargo.toml @@ -14,8 +14,8 @@ path = "src/ecdh.rs" [dependencies] rand = { version = "0.8" } -libcrux-hacl = { version = "=0.0.2-beta.2", path = "../sys/hacl" } libcrux-curve25519 = { version = "=0.0.2-beta.2", path = "../curve25519" } +libcrux-p256 = { version = "=0.0.2-beta.2", path = "../p256" } [dev-dependencies] rand_core = { version = "0.6" } @@ -23,6 +23,3 @@ hex = { version = "0.4.3", features = ["serde"] } serde_json = { version = "1.0" } serde = { version = "1.0", features = ["derive"] } pretty_env_logger = "0.5" - -[lints.rust] -unexpected_cfgs = { level = "warn", check-cfg = ['cfg(adx)', 'cfg(bmi2)'] } diff --git a/libcrux-ecdh/src/ecdh.rs b/libcrux-ecdh/src/ecdh.rs index d846109cf..85a09f6c0 100644 --- a/libcrux-ecdh/src/ecdh.rs +++ b/libcrux-ecdh/src/ecdh.rs @@ -45,396 +45,35 @@ pub enum Algorithm { P521, } -pub(crate) mod x25519_internal { - use alloc::format; - use rand::{CryptoRng, Rng}; - - use super::Error; - - pub struct PrivateKey(pub [u8; 32]); - - #[derive(Debug)] - pub struct PublicKey(pub [u8; 32]); - - /// Output of a scalar multiplication between a public key and a secret key. - /// - /// This value is NOT (!) safe for use as a key and needs to be processed in a round of key - /// derivation, to ensure both that the output is uniformly random and that unkown key share - /// attacks can not happen. - pub struct SharedSecret(pub [u8; 32]); - - impl From<&[u8; 32]> for PublicKey { - fn from(value: &[u8; 32]) -> Self { - Self(*value) - } - } - - impl TryFrom<&[u8]> for PublicKey { - type Error = Error; - - fn try_from(value: &[u8]) -> Result { - Ok(Self(value.try_into().map_err(|_| Error::InvalidPoint)?)) - } - } - - impl From<&[u8; 32]> for PrivateKey { - fn from(value: &[u8; 32]) -> Self { - Self(*value) - } - } - - impl TryFrom<&[u8]> for PrivateKey { - type Error = Error; - - fn try_from(value: &[u8]) -> Result { - Ok(Self(value.try_into().map_err(|_| Error::InvalidScalar)?)) - } - } - - impl From<&[u8; 32]> for SharedSecret { - fn from(value: &[u8; 32]) -> Self { - Self(*value) - } - } - - impl TryFrom<&[u8]> for SharedSecret { - type Error = Error; - - fn try_from(value: &[u8]) -> Result { - Ok(Self(value.try_into().map_err(|_| Error::InvalidScalar)?)) - } - } - - impl AsRef<[u8]> for PrivateKey { - fn as_ref(&self) -> &[u8] { - &self.0 - } - } - - impl AsRef<[u8]> for PublicKey { - fn as_ref(&self) -> &[u8] { - &self.0 - } - } - - impl AsRef<[u8]> for SharedSecret { - fn as_ref(&self) -> &[u8] { - &self.0 - } - } - - impl AsRef<[u8; 32]> for PrivateKey { - fn as_ref(&self) -> &[u8; 32] { - &self.0 - } - } - - impl AsRef<[u8; 32]> for PublicKey { - fn as_ref(&self) -> &[u8; 32] { - &self.0 - } - } - - impl AsRef<[u8; 32]> for SharedSecret { - fn as_ref(&self) -> &[u8; 32] { - &self.0 - } - } - - #[cfg(all(bmi2, adx, target_arch = "x86_64"))] - pub fn derive(p: &PublicKey, s: &PrivateKey) -> Result { - use crate::hacl::curve25519; - use libcrux_platform::x25519_support; - // On x64 we use vale if available or hacl as fallback. - // Jasmin exists but is not verified yet. - - if x25519_support() { - curve25519::vale::ecdh(s, p) - .map_err(|e| Error::Custom(format!("HACL Error {:?}", e))) - .map(SharedSecret) - // XXX: not verified yet - // crate::jasmin::x25519::mulx::derive(s, p) - // .map_err(|e| Error::Custom(format!("Libjade Error {:?}", e))) - } else { - curve25519::ecdh(s, p) - .map_err(|e| Error::Custom(format!("HACL Error {:?}", e))) - .map(SharedSecret) - // XXX: not verified yet - // crate::jasmin::x25519::derive(s, p) - // .map_err(|e| Error::Custom(format!("Libjade Error {:?}", e))) - } - } - - #[cfg(any( - all(target_arch = "x86_64", any(not(bmi2), not(adx))), - target_arch = "x86" - ))] - pub fn derive(p: &PublicKey, s: &PrivateKey) -> Result { - use crate::hacl::curve25519; - // On x64 we use vale if available or hacl as fallback. - // Jasmin exists but is not verified yet. - - curve25519::ecdh(s, p) - .map_err(|e| Error::Custom(format!("HACL Error {:?}", e))) - .map(SharedSecret) - // XXX: not verified yet - // crate::jasmin::x25519::derive(s, p) - // .map_err(|e| Error::Custom(format!("Libjade Error {:?}", e))) - } - - #[cfg(not(any(target_arch = "x86", target_arch = "x86_64")))] - pub fn derive(p: &PublicKey, s: &PrivateKey) -> Result { - // On any other platform we use the portable HACL implementation. - use crate::hacl::curve25519; - - curve25519::ecdh(s, p) - .map_err(|e| Error::Custom(format!("HACL Error {:?}", e))) - .map(SharedSecret) - } - - // XXX: libjade's secret to public is broken on Windows (overflows the stack). - // #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] - // pub(super) fn secret_to_public(p: &PrivateKey) -> Result<[u8; 32], Error> { - // crate::jasmin::x25519::secret_to_public(s).map_err(|e| Error::Custom(format!("Libjade Error {:?}", e))) - // } - - // #[cfg(not(any(target_arch = "x86", target_arch = "x86_64")))] - pub(crate) fn secret_to_public(s: &PrivateKey) -> Result { - // On any other platform we use the portable HACL implementation. - use crate::hacl::curve25519; - - Ok(PublicKey(curve25519::secret_to_public(s))) - } - - /// Generate a new x25519 secret. - pub fn generate_secret(rng: &mut (impl CryptoRng + Rng)) -> Result { - const LIMIT: usize = 100; - for _ in 0..LIMIT { - let mut out = [0u8; 32]; - rng.try_fill_bytes(&mut out) - .map_err(|_| Error::KeyGenError)?; - - // We don't want a 0 key. - if out.iter().all(|&b| b == 0) { - continue; - } - - // We clamp the key already to make sure it can't be misused. - out[0] &= 248u8; - out[31] &= 127u8; - out[31] |= 64u8; - - return Ok(PrivateKey(out)); - } - - Err(Error::KeyGenError) - } - - /// Generate a new P256 key pair - pub fn key_gen(rng: &mut (impl CryptoRng + Rng)) -> Result<(PrivateKey, PublicKey), Error> { - let sk = generate_secret(rng)?; - let pk = secret_to_public(&sk)?; - Ok((sk, pk)) - } -} - -pub use x25519_internal::derive as x25519_derive; -pub use x25519_internal::generate_secret as x25519_generate_secret; -pub use x25519_internal::key_gen as x25519_key_gen; -pub use x25519_internal::PrivateKey as X25519PrivateKey; -pub use x25519_internal::PublicKey as X25519PublicKey; -pub use x25519_internal::SharedSecret as X25519SharedSecret; +/// The internal x25519 module +pub(crate) mod x25519; +pub use x25519::{ + derive as x25519_derive, generate_secret as x25519_generate_secret, key_gen as x25519_key_gen, + PrivateKey as X25519PrivateKey, PublicKey as X25519PublicKey, + SharedSecret as X25519SharedSecret, +}; pub mod curve25519 { use super::hacl; pub use hacl::curve25519::Error; } -pub(crate) mod p256_internal { - use alloc::format; - use rand::{CryptoRng, Rng}; - - // P256 we only have in HACL - use crate::hacl::p256; - - use super::Error; - - pub struct PrivateKey(pub [u8; 32]); - - #[derive(Debug)] - pub struct PublicKey(pub [u8; 64]); - - /// Output of a scalar multiplication between a public key and a secret key. - /// - /// This value is NOT (!) safe for use as a key and needs to be processed in a round of key - /// derivation, to ensure both that the output is uniformly random and that unkown key share - /// attacks can not happen. - pub struct SharedSecret(pub [u8; 64]); - - impl From<&[u8; 64]> for PublicKey { - fn from(value: &[u8; 64]) -> Self { - Self(*value) - } - } - - impl TryFrom<&[u8]> for PublicKey { - type Error = Error; - - fn try_from(value: &[u8]) -> Result { - Ok(Self(value.try_into().map_err(|_| Error::InvalidPoint)?)) - } - } - - impl From<&[u8; 32]> for PrivateKey { - fn from(value: &[u8; 32]) -> Self { - Self(*value) - } - } - - impl TryFrom<&[u8]> for PrivateKey { - type Error = Error; - - fn try_from(value: &[u8]) -> Result { - Ok(Self(value.try_into().map_err(|_| Error::InvalidScalar)?)) - } - } - - impl From<&[u8; 64]> for SharedSecret { - fn from(value: &[u8; 64]) -> Self { - Self(*value) - } - } - - impl TryFrom<&[u8]> for SharedSecret { - type Error = Error; - - fn try_from(value: &[u8]) -> Result { - Ok(Self(value.try_into().map_err(|_| Error::InvalidScalar)?)) - } - } - - impl AsRef<[u8]> for PrivateKey { - fn as_ref(&self) -> &[u8] { - &self.0 - } - } - - impl AsRef<[u8]> for PublicKey { - fn as_ref(&self) -> &[u8] { - &self.0 - } - } - - impl AsRef<[u8]> for SharedSecret { - fn as_ref(&self) -> &[u8] { - &self.0 - } - } - - impl AsRef<[u8; 32]> for PrivateKey { - fn as_ref(&self) -> &[u8; 32] { - &self.0 - } - } - - impl AsRef<[u8; 64]> for PublicKey { - fn as_ref(&self) -> &[u8; 64] { - &self.0 - } - } - - impl AsRef<[u8; 64]> for SharedSecret { - fn as_ref(&self) -> &[u8; 64] { - &self.0 - } - } - - pub(super) fn derive(p: &PublicKey, s: &PrivateKey) -> Result { - // We assume that the private key has been validated. - p256::ecdh(s, p) - .map_err(|e| Error::Custom(format!("HACL Error {:?}", e))) - .map(SharedSecret) - } - - pub(super) fn secret_to_public(s: &PrivateKey) -> Result { - p256::validate_scalar(s).map_err(|e| Error::Custom(format!("HACL Error {:?}", e)))?; - p256::secret_to_public(s) - .map_err(|e| Error::Custom(format!("HACL Error {:?}", e))) - .map(PublicKey) - } - - pub fn validate_scalar(s: &PrivateKey) -> Result<(), Error> { - p256::validate_scalar(s).map_err(|e| e.into()) - } - - #[allow(unused)] - pub fn validate_point(p: &PublicKey) -> Result<(), Error> { - p256::validate_point(p).map_err(|e| e.into()) - } - - pub(crate) fn prepare_public_key(public_key: &[u8]) -> Result { - if public_key.is_empty() { - return Err(Error::InvalidPoint); - } - - // Parse the public key. - let pk = if let Ok(pk) = p256::uncompressed_to_coordinates(public_key) { - pk - } else { - // Might be uncompressed - if public_key.len() == 33 { - p256::compressed_to_coordinates(public_key).map_err(|_| Error::InvalidPoint)? - } else { - // Might be a simple concatenation - public_key.try_into().map_err(|_| Error::InvalidPoint)? - } - }; - let pk = PublicKey(pk); - - p256::validate_point(&pk) - .map(|()| pk) - .map_err(|_| Error::InvalidPoint) - } - - /// Generate a new p256 secret (scalar) - pub fn generate_secret(rng: &mut (impl CryptoRng + Rng)) -> Result { - const LIMIT: usize = 100; - for _ in 0..LIMIT { - let mut out = [0u8; 32]; - rng.try_fill_bytes(&mut out) - .map_err(|_| Error::KeyGenError)?; - - let out = PrivateKey(out); - if validate_scalar(&out).is_ok() { - return Ok(out); - } - } - Err(Error::KeyGenError) - } - - /// Generate a new P256 key pair - pub fn key_gen(rng: &mut (impl CryptoRng + Rng)) -> Result<(PrivateKey, PublicKey), Error> { - let sk = generate_secret(rng)?; - let pk = secret_to_public(&sk)?; - Ok((sk, pk)) - } -} +/// The internal p256 module +pub(crate) mod p256_internal; pub mod p256 { use super::hacl; - pub use hacl::p256::compressed_to_coordinates; - pub use hacl::p256::uncompressed_to_coordinates; - pub use hacl::p256::validate_point; - pub use hacl::p256::validate_scalar_slice; - pub use hacl::p256::Error; + pub use hacl::p256::{ + compressed_to_coordinates, uncompressed_to_coordinates, validate_point, + validate_scalar_slice, Error, + }; } -pub use p256_internal::generate_secret as p256_generate_secret; -pub use p256_internal::key_gen as p256_key_gen; -pub use p256_internal::validate_scalar as p256_validate_scalar; -pub use p256_internal::PrivateKey as P256PrivateKey; -pub use p256_internal::PublicKey as P256PublicKey; -pub use p256_internal::SharedSecret as P256SharedSecret; +pub use p256_internal::{ + generate_secret as p256_generate_secret, key_gen as p256_key_gen, + validate_scalar as p256_validate_scalar, PrivateKey as P256PrivateKey, + PublicKey as P256PublicKey, SharedSecret as P256SharedSecret, +}; /// Derive the ECDH shared secret. /// Returns `Ok(point * scalar)` on the provided curve [`Algorithm`] or an error. @@ -445,7 +84,7 @@ pub fn derive( ) -> Result, Error> { match alg { Algorithm::X25519 => { - x25519_internal::derive(&point.as_ref().try_into()?, &scalar.as_ref().try_into()?) + x25519::derive(&point.as_ref().try_into()?, &scalar.as_ref().try_into()?) .map(|r| r.0.into()) } Algorithm::P256 => { @@ -473,7 +112,7 @@ pub fn p256_derive( pub fn secret_to_public(alg: Algorithm, scalar: impl AsRef<[u8]>) -> Result, Error> { match alg { Algorithm::X25519 => { - x25519_internal::secret_to_public(&scalar.as_ref().try_into()?).map(|r| r.0.into()) + x25519::secret_to_public(&scalar.as_ref().try_into()?).map(|r| r.0.into()) } Algorithm::P256 => { p256_internal::secret_to_public(&scalar.as_ref().try_into()?).map(|r| r.0.into()) @@ -505,7 +144,7 @@ use rand::{CryptoRng, Rng}; /// generate a new key. If this happens, the provided `rng` is probably faulty. pub fn generate_secret(alg: Algorithm, rng: &mut (impl CryptoRng + Rng)) -> Result, Error> { match alg { - Algorithm::X25519 => x25519_internal::generate_secret(rng).map(|k| k.0.to_vec()), + Algorithm::X25519 => x25519::generate_secret(rng).map(|k| k.0.to_vec()), Algorithm::P256 => p256_internal::generate_secret(rng).map(|k| k.0.to_vec()), _ => Err(Error::UnknownAlgorithm), } diff --git a/libcrux-ecdh/src/hacl/p256.rs b/libcrux-ecdh/src/hacl/p256.rs index f8cfe25e7..6f17db04b 100644 --- a/libcrux-ecdh/src/hacl/p256.rs +++ b/libcrux-ecdh/src/hacl/p256.rs @@ -1,6 +1,6 @@ -use libcrux_hacl::{ - Hacl_P256_compressed_to_raw, Hacl_P256_dh_initiator, Hacl_P256_dh_responder, - Hacl_P256_uncompressed_to_raw, Hacl_P256_validate_private_key, Hacl_P256_validate_public_key, +use libcrux_p256::{ + compressed_to_raw, dh_initiator, dh_responder, uncompressed_to_raw, validate_private_key, + validate_public_key, }; use crate::p256_internal::PrivateKey; @@ -19,9 +19,7 @@ pub enum Error { pub fn uncompressed_to_coordinates(point: &[u8]) -> Result<[u8; 64], Error> { let mut concat_point = [0u8; 64]; if point.len() >= 65 { - let ok = unsafe { - Hacl_P256_uncompressed_to_raw(point.as_ptr() as _, concat_point.as_mut_ptr()) - }; + let ok = uncompressed_to_raw(point, &mut concat_point); if ok { Ok(concat_point) } else { @@ -37,8 +35,7 @@ pub fn uncompressed_to_coordinates(point: &[u8]) -> Result<[u8; 64], Error> { pub fn compressed_to_coordinates(point: &[u8]) -> Result<[u8; 64], Error> { let mut concat_point = [0u8; 64]; if point.len() >= 33 { - let ok = - unsafe { Hacl_P256_compressed_to_raw(point.as_ptr() as _, concat_point.as_mut_ptr()) }; + let ok = compressed_to_raw(point, &mut concat_point); if ok { Ok(concat_point) } else { @@ -54,7 +51,7 @@ pub fn compressed_to_coordinates(point: &[u8]) -> Result<[u8; 64], Error> { /// /// Returns [`Error::InvalidPoint`] if the `point` is not valid. pub fn validate_point(point: impl AsRef<[u8; 64]>) -> Result<(), Error> { - if unsafe { Hacl_P256_validate_public_key(point.as_ref().as_ptr() as _) } { + if validate_public_key(point.as_ref()) { Ok(()) } else { Err(Error::InvalidPoint) @@ -77,7 +74,7 @@ pub fn validate_scalar_(scalar: &[u8; 32]) -> Result<(), Error> { } // Ensure that the key is in range [1, p-1] - if unsafe { Hacl_P256_validate_private_key(scalar.as_ref().as_ptr() as _) } { + if validate_private_key(scalar.as_ref()) { Ok(()) } else { Err(Error::InvalidScalar) @@ -108,13 +105,7 @@ pub fn ecdh( public_key: impl AsRef<[u8; 64]>, ) -> Result<[u8; 64], Error> { let mut shared = [0u8; 64]; - let ok = unsafe { - Hacl_P256_dh_responder( - shared.as_mut_ptr(), - public_key.as_ref().as_ptr() as _, - private_key.as_ref().as_ptr() as _, - ) - }; + let ok = dh_responder(&mut shared, public_key.as_ref(), private_key.as_ref()); if !ok { Err(Error::InvalidInput) } else { @@ -129,7 +120,7 @@ pub fn secret_to_public(s: impl AsRef<[u8; 32]>) -> Result<[u8; 64], Error> { validate_scalar(&s)?; let mut out = [0u8; 64]; - if unsafe { Hacl_P256_dh_initiator(out.as_mut_ptr(), s.as_ref().as_ptr() as _) } { + if dh_initiator(&mut out, s.as_ref()) { Ok(out) } else { Err(Error::InvalidScalar) From db4d804dfe4847de5a3c37a55a1b8dd70889a339 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 17 Jan 2025 11:20:11 +0100 Subject: [PATCH 4/7] wip ecdh p256 --- blake2/src/hacl/hash_blake2b.rs | 5 +- blake2/src/hacl/hash_blake2s.rs | 5 +- ecdsa/src/p256.rs | 2 + libcrux-ecdh/src/p256_internal.rs | 167 ++++++++++++++++++++++++++++++ libcrux-ecdh/src/x25519.rs | 143 +++++++++++++++++++++++++ rsa/src/impl_hacl.rs | 6 ++ sha2/src/impl_hacl.rs | 25 ++++- traits/src/lib.rs | 2 +- 8 files changed, 345 insertions(+), 10 deletions(-) create mode 100644 libcrux-ecdh/src/p256_internal.rs create mode 100644 libcrux-ecdh/src/x25519.rs diff --git a/blake2/src/hacl/hash_blake2b.rs b/blake2/src/hacl/hash_blake2b.rs index 44df297de..da1477bcb 100644 --- a/blake2/src/hacl/hash_blake2b.rs +++ b/blake2/src/hacl/hash_blake2b.rs @@ -1,10 +1,7 @@ #![allow(non_snake_case)] #![allow(non_upper_case_globals)] #![allow(non_camel_case_types)] -#![allow(unused_assignments)] -#![allow(unreachable_patterns)] -#![allow(clippy::match_single_binding)] -#![allow(clippy::needless_lifetimes)] +#![allow(dead_code)] use libcrux_hacl_rs::prelude::*; use libcrux_macros as krml; diff --git a/blake2/src/hacl/hash_blake2s.rs b/blake2/src/hacl/hash_blake2s.rs index f9f0cfd7a..e1eb4438a 100644 --- a/blake2/src/hacl/hash_blake2s.rs +++ b/blake2/src/hacl/hash_blake2s.rs @@ -1,10 +1,7 @@ #![allow(non_snake_case)] #![allow(non_upper_case_globals)] #![allow(non_camel_case_types)] -#![allow(unused_assignments)] -#![allow(unreachable_patterns)] -#![allow(clippy::match_single_binding)] -#![allow(clippy::needless_lifetimes)] +#![allow(dead_code)] use libcrux_hacl_rs::prelude::*; use libcrux_macros as krml; diff --git a/ecdsa/src/p256.rs b/ecdsa/src/p256.rs index a9b0a84e0..6f30a471b 100644 --- a/ecdsa/src/p256.rs +++ b/ecdsa/src/p256.rs @@ -1,3 +1,5 @@ +//! ECDSA on P-256 + use libcrux_p256::{ compressed_to_raw, ecdsa_sign_p256_sha2, ecdsa_verif_p256_sha2, uncompressed_to_raw, validate_private_key, validate_public_key, diff --git a/libcrux-ecdh/src/p256_internal.rs b/libcrux-ecdh/src/p256_internal.rs new file mode 100644 index 000000000..55085761d --- /dev/null +++ b/libcrux-ecdh/src/p256_internal.rs @@ -0,0 +1,167 @@ +use alloc::format; +use rand::{CryptoRng, Rng}; + +// P256 we only have in HACL +use crate::hacl::p256; + +use super::Error; + +pub struct PrivateKey(pub [u8; 32]); + +#[derive(Debug)] +pub struct PublicKey(pub [u8; 64]); + +/// Output of a scalar multiplication between a public key and a secret key. +/// +/// This value is NOT (!) safe for use as a key and needs to be processed in a round of key +/// derivation, to ensure both that the output is uniformly random and that unkown key share +/// attacks can not happen. +pub struct SharedSecret(pub [u8; 64]); + +impl From<&[u8; 64]> for PublicKey { + fn from(value: &[u8; 64]) -> Self { + Self(*value) + } +} + +impl TryFrom<&[u8]> for PublicKey { + type Error = Error; + + fn try_from(value: &[u8]) -> Result { + Ok(Self(value.try_into().map_err(|_| Error::InvalidPoint)?)) + } +} + +impl From<&[u8; 32]> for PrivateKey { + fn from(value: &[u8; 32]) -> Self { + Self(*value) + } +} + +impl TryFrom<&[u8]> for PrivateKey { + type Error = Error; + + fn try_from(value: &[u8]) -> Result { + Ok(Self(value.try_into().map_err(|_| Error::InvalidScalar)?)) + } +} + +impl From<&[u8; 64]> for SharedSecret { + fn from(value: &[u8; 64]) -> Self { + Self(*value) + } +} + +impl TryFrom<&[u8]> for SharedSecret { + type Error = Error; + + fn try_from(value: &[u8]) -> Result { + Ok(Self(value.try_into().map_err(|_| Error::InvalidScalar)?)) + } +} + +impl AsRef<[u8]> for PrivateKey { + fn as_ref(&self) -> &[u8] { + &self.0 + } +} + +impl AsRef<[u8]> for PublicKey { + fn as_ref(&self) -> &[u8] { + &self.0 + } +} + +impl AsRef<[u8]> for SharedSecret { + fn as_ref(&self) -> &[u8] { + &self.0 + } +} + +impl AsRef<[u8; 32]> for PrivateKey { + fn as_ref(&self) -> &[u8; 32] { + &self.0 + } +} + +impl AsRef<[u8; 64]> for PublicKey { + fn as_ref(&self) -> &[u8; 64] { + &self.0 + } +} + +impl AsRef<[u8; 64]> for SharedSecret { + fn as_ref(&self) -> &[u8; 64] { + &self.0 + } +} + +pub(super) fn derive(p: &PublicKey, s: &PrivateKey) -> Result { + // We assume that the private key has been validated. + p256::ecdh(s, p) + .map_err(|e| Error::Custom(format!("HACL Error {:?}", e))) + .map(SharedSecret) +} + +pub(super) fn secret_to_public(s: &PrivateKey) -> Result { + p256::validate_scalar(s).map_err(|e| Error::Custom(format!("HACL Error {:?}", e)))?; + p256::secret_to_public(s) + .map_err(|e| Error::Custom(format!("HACL Error {:?}", e))) + .map(PublicKey) +} + +pub fn validate_scalar(s: &PrivateKey) -> Result<(), Error> { + p256::validate_scalar(s).map_err(|e| e.into()) +} + +#[allow(unused)] +pub fn validate_point(p: &PublicKey) -> Result<(), Error> { + p256::validate_point(p).map_err(|e| e.into()) +} + +pub(crate) fn prepare_public_key(public_key: &[u8]) -> Result { + if public_key.is_empty() { + return Err(Error::InvalidPoint); + } + + // Parse the public key. + let pk = if let Ok(pk) = p256::uncompressed_to_coordinates(public_key) { + pk + } else { + // Might be uncompressed + if public_key.len() == 33 { + p256::compressed_to_coordinates(public_key).map_err(|_| Error::InvalidPoint)? + } else { + // Might be a simple concatenation + public_key.try_into().map_err(|_| Error::InvalidPoint)? + } + }; + let pk = PublicKey(pk); + + p256::validate_point(&pk) + .map(|()| pk) + .map_err(|_| Error::InvalidPoint) +} + +/// Generate a new p256 secret (scalar) +pub fn generate_secret(rng: &mut (impl CryptoRng + Rng)) -> Result { + const LIMIT: usize = 100; + for _ in 0..LIMIT { + let mut out = [0u8; 32]; + rng.try_fill_bytes(&mut out) + .map_err(|_| Error::KeyGenError)?; + + let out = PrivateKey(out); + if validate_scalar(&out).is_ok() { + return Ok(out); + } + } + Err(Error::KeyGenError) +} + +/// Generate a new P256 key pair +pub fn key_gen(rng: &mut (impl CryptoRng + Rng)) -> Result<(PrivateKey, PublicKey), Error> { + let sk = generate_secret(rng)?; + let pk = secret_to_public(&sk)?; + Ok((sk, pk)) +} diff --git a/libcrux-ecdh/src/x25519.rs b/libcrux-ecdh/src/x25519.rs new file mode 100644 index 000000000..41e837f50 --- /dev/null +++ b/libcrux-ecdh/src/x25519.rs @@ -0,0 +1,143 @@ +// XXX: This could be simplified with the pure Rust version now. + +use alloc::format; +use rand::{CryptoRng, Rng}; + +use super::Error; + +pub struct PrivateKey(pub [u8; 32]); + +#[derive(Debug)] +pub struct PublicKey(pub [u8; 32]); + +/// Output of a scalar multiplication between a public key and a secret key. +/// +/// This value is NOT (!) safe for use as a key and needs to be processed in a round of key +/// derivation, to ensure both that the output is uniformly random and that unkown key share +/// attacks can not happen. +pub struct SharedSecret(pub [u8; 32]); + +impl From<&[u8; 32]> for PublicKey { + fn from(value: &[u8; 32]) -> Self { + Self(*value) + } +} + +impl TryFrom<&[u8]> for PublicKey { + type Error = Error; + + fn try_from(value: &[u8]) -> Result { + Ok(Self(value.try_into().map_err(|_| Error::InvalidPoint)?)) + } +} + +impl From<&[u8; 32]> for PrivateKey { + fn from(value: &[u8; 32]) -> Self { + Self(*value) + } +} + +impl TryFrom<&[u8]> for PrivateKey { + type Error = Error; + + fn try_from(value: &[u8]) -> Result { + Ok(Self(value.try_into().map_err(|_| Error::InvalidScalar)?)) + } +} + +impl From<&[u8; 32]> for SharedSecret { + fn from(value: &[u8; 32]) -> Self { + Self(*value) + } +} + +impl TryFrom<&[u8]> for SharedSecret { + type Error = Error; + + fn try_from(value: &[u8]) -> Result { + Ok(Self(value.try_into().map_err(|_| Error::InvalidScalar)?)) + } +} + +impl AsRef<[u8]> for PrivateKey { + fn as_ref(&self) -> &[u8] { + &self.0 + } +} + +impl AsRef<[u8]> for PublicKey { + fn as_ref(&self) -> &[u8] { + &self.0 + } +} + +impl AsRef<[u8]> for SharedSecret { + fn as_ref(&self) -> &[u8] { + &self.0 + } +} + +impl AsRef<[u8; 32]> for PrivateKey { + fn as_ref(&self) -> &[u8; 32] { + &self.0 + } +} + +impl AsRef<[u8; 32]> for PublicKey { + fn as_ref(&self) -> &[u8; 32] { + &self.0 + } +} + +impl AsRef<[u8; 32]> for SharedSecret { + fn as_ref(&self) -> &[u8; 32] { + &self.0 + } +} + +pub fn derive(p: &PublicKey, s: &PrivateKey) -> Result { + // Use the portable HACL implementation. + use crate::hacl::curve25519; + + curve25519::ecdh(s, p) + .map_err(|e| Error::Custom(format!("HACL Error {:?}", e))) + .map(SharedSecret) +} + +pub(crate) fn secret_to_public(s: &PrivateKey) -> Result { + // Use the portable HACL implementation. + use crate::hacl::curve25519; + + Ok(PublicKey(curve25519::secret_to_public(s))) +} + +/// Generate a new x25519 secret. +pub fn generate_secret(rng: &mut (impl CryptoRng + Rng)) -> Result { + const LIMIT: usize = 100; + for _ in 0..LIMIT { + let mut out = [0u8; 32]; + rng.try_fill_bytes(&mut out) + .map_err(|_| Error::KeyGenError)?; + + // We don't want a 0 key. + if out.iter().all(|&b| b == 0) { + continue; + } + + // We clamp the key already to make sure it can't be misused. + out[0] &= 248u8; + out[31] &= 127u8; + out[31] |= 64u8; + + return Ok(PrivateKey(out)); + } + + Err(Error::KeyGenError) +} + +/// Generate a new P256 key pair +pub fn key_gen(rng: &mut (impl CryptoRng + Rng)) -> Result<(PrivateKey, PublicKey), Error> { + let sk = generate_secret(rng)?; + let pk = secret_to_public(&sk)?; + Ok((sk, pk)) +} diff --git a/rsa/src/impl_hacl.rs b/rsa/src/impl_hacl.rs index 94daf9e0e..70b7075fd 100644 --- a/rsa/src/impl_hacl.rs +++ b/rsa/src/impl_hacl.rs @@ -5,9 +5,15 @@ use crate::Error; pub struct Signature([u8; LEN]); impl Signature { + /// Create a new empty signature object. pub fn new() -> Self { Self([0u8; LEN]) } + + /// Get the raw bytes. + pub fn into_raw(self) -> [u8; LEN] { + self.0 + } } impl From<[u8; LEN]> for Signature { diff --git a/sha2/src/impl_hacl.rs b/sha2/src/impl_hacl.rs index 79f69be55..8e7f0d8b5 100644 --- a/sha2/src/impl_hacl.rs +++ b/sha2/src/impl_hacl.rs @@ -2,6 +2,28 @@ use super::*; use libcrux_hacl_rs::prelude::*; use libcrux_traits::Digest; +/// The different Sha2 algorithms. +pub enum Algorithm { + Sha224, + Sha256, + Sha384, + Sha512, +} + +impl Algorithm { + /// Sha2 + /// + /// Write the Sha2 hash of `payload` into `digest`. + pub fn hash(&self, payload: &[u8], digest: &mut [u8]) { + match self { + Algorithm::Sha224 => Sha224::hash(digest, payload), + Algorithm::Sha256 => Sha256::hash(digest, payload), + Algorithm::Sha384 => Sha384::hash(digest, payload), + Algorithm::Sha512 => Sha512::hash(digest, payload), + } + } +} + /// SHA2 224 /// Will panic if `payload` is longer than `u32::MAX` to ensure that hacl-rs can /// process it. @@ -63,7 +85,8 @@ macro_rules! impl_hash { /// Will panic if `payload` is longer than `u32::MAX` to ensure that hacl-rs can /// process it. #[inline(always)] - fn hash(digest: &mut [u8; $digest_size], payload: &[u8]) { + fn hash(digest: &mut [u8], payload: &[u8]) { + debug_assert!(digest.len() == $digest_size); let payload_len = payload.len().try_into().unwrap(); $hash(digest, payload, payload_len) } diff --git a/traits/src/lib.rs b/traits/src/lib.rs index b4e4fa113..67a136166 100644 --- a/traits/src/lib.rs +++ b/traits/src/lib.rs @@ -3,7 +3,7 @@ /// A Hash algorithm returning hashes of length `HASH_LEN`. pub trait Digest { /// Writes the digest for the given input byte slice, into `digest` in immediate mode. - fn hash(digest: &mut [u8; HASH_LEN], payload: &[u8]); + fn hash(digest: &mut [u8], payload: &[u8]); /// Add the `payload` to the digest. fn update(&mut self, payload: &[u8]); From ead63385a4d067aeab39afa595f7717cc879e091 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 30 Jan 2025 10:36:21 +0100 Subject: [PATCH 5/7] ecdsa p256 tests --- ecdsa/Cargo.toml | 13 +- ecdsa/src/lib.rs | 8 + ecdsa/src/p256.rs | 170 +- ecdsa/tests/ecdsa_secp256r1_sha256_test.json | 4578 ++++++++++++++++++ ecdsa/tests/self.rs | 33 + ecdsa/tests/util.rs | 49 + ecdsa/tests/wycheproof.rs | 148 + rsa/src/lib.rs | 2 +- sha2/src/impl_hacl.rs | 13 + 9 files changed, 4971 insertions(+), 43 deletions(-) create mode 100644 ecdsa/tests/ecdsa_secp256r1_sha256_test.json create mode 100644 ecdsa/tests/self.rs create mode 100644 ecdsa/tests/util.rs create mode 100644 ecdsa/tests/wycheproof.rs diff --git a/ecdsa/Cargo.toml b/ecdsa/Cargo.toml index 7d84b8f61..f960c577b 100644 --- a/ecdsa/Cargo.toml +++ b/ecdsa/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "librux-ecdsa" +name = "libcrux-ecdsa" description = "Formally verified ECDSA signature library" version.workspace = true @@ -12,4 +12,13 @@ readme.workspace = true [dependencies] libcrux-p256 = { version = "=0.0.2-beta.2", path = "../p256" } -rand = { version = "0.8" } +libcrux-sha2 = { version = "=0.0.2-beta.2", path = "../sha2" } +rand = { version = "0.8", optional = true } + +[features] +default = ["rand"] +rand = ["dep:rand"] + +[dev-dependencies] +serde = { version = "1.0.217", features = ["derive"] } +serde_json = "1.0.138" diff --git a/ecdsa/src/lib.rs b/ecdsa/src/lib.rs index aabbeabd5..c26bc4e9d 100644 --- a/ecdsa/src/lib.rs +++ b/ecdsa/src/lib.rs @@ -18,4 +18,12 @@ pub enum Error { NoUnCompressedPoint, SigningError, InvalidSignature, + RandError, + UnsupportedHash, } + +/// The hash algorithm used for signing or verifying. +pub type DigestAlgorithm = libcrux_sha2::Algorithm; + +/// The number of iteration for rejection sampling. +pub(crate) const RAND_LIMIT: usize = 100; diff --git a/ecdsa/src/p256.rs b/ecdsa/src/p256.rs index 6f30a471b..ed131799e 100644 --- a/ecdsa/src/p256.rs +++ b/ecdsa/src/p256.rs @@ -1,10 +1,12 @@ //! ECDSA on P-256 use libcrux_p256::{ - compressed_to_raw, ecdsa_sign_p256_sha2, ecdsa_verif_p256_sha2, uncompressed_to_raw, + compressed_to_raw, ecdsa_sign_p256_sha2, ecdsa_sign_p256_sha384, ecdsa_sign_p256_sha512, + ecdsa_verif_p256_sha2, ecdsa_verif_p256_sha384, ecdsa_verif_p256_sha512, uncompressed_to_raw, validate_private_key, validate_public_key, }; -use rand::{CryptoRng, RngCore}; + +use crate::DigestAlgorithm; use super::Error; @@ -15,9 +17,13 @@ pub struct Signature { s: [u8; 32], } +/// An ECDSA P-256 nonce +pub struct Nonce([u8; 32]); + /// An ECDSA P-256 private key pub struct PrivateKey([u8; 32]); +/// An ECDSA P-256 public key #[derive(Debug)] pub struct PublicKey(pub [u8; 64]); @@ -44,9 +50,11 @@ mod conversions { } } - impl From<&[u8; 32]> for PrivateKey { - fn from(value: &[u8; 32]) -> Self { - Self(*value) + impl TryFrom<&[u8; 32]> for PrivateKey { + type Error = Error; + + fn try_from(value: &[u8; 32]) -> Result { + validate_private_key_slice(value) } } @@ -54,7 +62,7 @@ mod conversions { type Error = Error; fn try_from(value: &[u8]) -> Result { - Ok(Self(value.try_into().map_err(|_| Error::InvalidScalar)?)) + validate_private_key_slice(value) } } @@ -70,9 +78,11 @@ mod conversions { } } - impl From<&[u8; 64]> for PublicKey { - fn from(value: &[u8; 64]) -> Self { - Self(*value) + impl TryFrom<&[u8; 64]> for PublicKey { + type Error = Error; + + fn try_from(value: &[u8; 64]) -> Result { + validate_pk(value) } } @@ -80,7 +90,7 @@ mod conversions { type Error = Error; fn try_from(value: &[u8]) -> Result { - Ok(Self(value.try_into().map_err(|_| Error::InvalidPoint)?)) + validate_pk(value) } } @@ -131,8 +141,8 @@ pub fn compressed_to_coordinates(point: &[u8]) -> Result<[u8; 64], Error> { /// concatenation of `X` and `Y`. /// /// Returns [`Error::InvalidPoint`] if the `point` is not valid. -pub fn validate_point(point: impl AsRef<[u8; 64]>) -> Result<(), Error> { - if validate_public_key(point.as_ref()) { +pub fn validate_point(point: &[u8]) -> Result<(), Error> { + if validate_public_key(point) { Ok(()) } else { Err(Error::InvalidPoint) @@ -162,8 +172,8 @@ fn validate_scalar_(scalar: &[u8; 32]) -> Result<(), Error> { } } -/// Validate a P256 secret key (scalar). -fn validate_scalar_slice(scalar: &[u8]) -> Result { +/// Validate a P256 secret key or nonce (scalar). +fn validate_scalar_slice(scalar: &[u8]) -> Result<[u8; 32], Error> { if scalar.is_empty() { return Err(Error::InvalidScalar); } @@ -175,42 +185,104 @@ fn validate_scalar_slice(scalar: &[u8]) -> Result { private[31 - i] = scalar[scalar.len() - 1 - i]; } - validate_scalar_(&private).map(|_| PrivateKey(private)) + validate_scalar_(&private).map(|_| private) +} + +fn validate_private_key_slice(scalar: &[u8]) -> Result { + validate_scalar_slice(scalar).map(|a| PrivateKey(a)) } /// Prepare the nonce for EcDSA and validate the key -fn ecdsa_p256_sign_prep( - private_key: &[u8], - rng: &mut (impl CryptoRng + RngCore), -) -> Result<(PrivateKey, [u8; 32]), Error> { - let private_key = validate_scalar_slice(private_key).map_err(|_| Error::SigningError)?; - - let mut nonce = [0u8; 32]; - loop { - rng.try_fill_bytes(&mut nonce) - .map_err(|_| Error::SigningError)?; - - // Make sure it's a valid nonce. - if validate_scalar_slice(&nonce).is_ok() { - break; +#[cfg(feature = "rand")] +pub mod rand { + use crate::RAND_LIMIT; + + use super::*; + use ::rand::{CryptoRng, RngCore}; + + /// Generate a random scalar for ECDSA. + /// + /// This can be a raw nonce or a private key. + /// + /// Use [`Nonce::random`] or [`PrivateKey::random`] to generate a nonce or + /// a private key instead. + pub fn random_scalar(rng: &mut (impl CryptoRng + RngCore)) -> Result<[u8; 32], Error> { + let mut value = [0u8; 32]; + for _ in 0..RAND_LIMIT { + rng.try_fill_bytes(&mut value) + .map_err(|_| Error::RandError)?; + + // Make sure it's a valid nonce. + if validate_scalar_slice(&value).is_ok() { + return Ok(value); + } + } + Err(Error::RandError) + } + + impl Nonce { + /// Generate a random nonce for ECDSA. + pub fn random(rng: &mut (impl CryptoRng + RngCore)) -> Result { + random_scalar(rng).map(|s| Self(s)) + } + } + + impl PrivateKey { + /// Generate a random [`PrivateKey`] for ECDSA. + pub fn random(rng: &mut (impl CryptoRng + RngCore)) -> Result { + random_scalar(rng).map(|s| Self(s)) } } - Ok((private_key, nonce)) + /// Sign the `payload` with the `private_key`. + pub fn sign( + hash: DigestAlgorithm, + payload: &[u8], + private_key: &PrivateKey, + rng: &mut (impl CryptoRng + RngCore), + ) -> Result { + let nonce = Nonce(random_scalar(rng)?); + + super::_sign(hash, payload, private_key, &nonce) + } } -/// Sign the `payload` with the `private_key`. +/// Sign the `payload` with the `private_key` and `nonce`. +/// +/// Returns an error if the `nonce` or `private_key` are invalid. pub fn sign( + hash: DigestAlgorithm, payload: &[u8], - private_key: &[u8], - rng: &mut (impl CryptoRng + RngCore), + private_key: &PrivateKey, + nonce: &Nonce, ) -> Result { - let (private_key, nonce) = ecdsa_p256_sign_prep(private_key, rng)?; + _sign(hash, payload, private_key, nonce) +} +/// Internal sign +fn _sign( + hash: DigestAlgorithm, + payload: &[u8], + private_key: &PrivateKey, + nonce: &Nonce, +) -> Result { let mut signature = [0u8; 64]; let len = u32_len(payload)?; - if !ecdsa_sign_p256_sha2(&mut signature, len, payload, private_key.as_ref(), &nonce) { + let success = match hash { + DigestAlgorithm::Sha256 => { + ecdsa_sign_p256_sha2(&mut signature, len, payload, private_key.as_ref(), &nonce.0) + } + DigestAlgorithm::Sha384 => { + ecdsa_sign_p256_sha384(&mut signature, len, payload, private_key.as_ref(), &nonce.0) + } + DigestAlgorithm::Sha512 => { + ecdsa_sign_p256_sha512(&mut signature, len, payload, private_key.as_ref(), &nonce.0) + } + libcrux_sha2::Algorithm::Sha224 => return Err(Error::UnsupportedHash), + }; + + if !success { return Err(Error::SigningError); } @@ -233,7 +305,7 @@ fn u32_len(bytes: &[u8]) -> Result { } /// Prepare the public key for EcDSA -fn ecdsa_p256_verify_prep(public_key: &[u8]) -> Result<[u8; 64], Error> { +fn validate_pk(public_key: &[u8]) -> Result { if public_key.is_empty() { return Err(Error::SigningError); } @@ -251,17 +323,35 @@ fn ecdsa_p256_verify_prep(public_key: &[u8]) -> Result<[u8; 64], Error> { } }; - validate_point(PublicKey(pk)).map(|()| pk) + let pk = PublicKey(pk); + validate_point(&pk.0).map(|_| pk) } /// Verify the `payload` and `signature` with the `public_key`. /// /// Return `()` or [`Error::InvalidSignature`]. -pub fn verify(payload: &[u8], signature: &Signature, public_key: &PublicKey) -> Result<(), Error> { - let pk = ecdsa_p256_verify_prep(public_key.as_ref())?; +pub fn verify( + hash: DigestAlgorithm, + payload: &[u8], + signature: &Signature, + public_key: &PublicKey, +) -> Result<(), Error> { let len = u32_len(payload)?; - if ecdsa_verif_p256_sha2(len, payload, &pk, &signature.r, &signature.s) { + let success = match hash { + libcrux_sha2::Algorithm::Sha256 => { + ecdsa_verif_p256_sha2(len, payload, &public_key.0, &signature.r, &signature.s) + } + libcrux_sha2::Algorithm::Sha384 => { + ecdsa_verif_p256_sha384(len, payload, &public_key.0, &signature.r, &signature.s) + } + libcrux_sha2::Algorithm::Sha512 => { + ecdsa_verif_p256_sha512(len, payload, &public_key.0, &signature.r, &signature.s) + } + libcrux_sha2::Algorithm::Sha224 => return Err(Error::UnsupportedHash), + }; + + if success { Ok(()) } else { Err(Error::InvalidSignature) diff --git a/ecdsa/tests/ecdsa_secp256r1_sha256_test.json b/ecdsa/tests/ecdsa_secp256r1_sha256_test.json new file mode 100644 index 000000000..0b8ab9f50 --- /dev/null +++ b/ecdsa/tests/ecdsa_secp256r1_sha256_test.json @@ -0,0 +1,4578 @@ +{ + "algorithm" : "ECDSA", + "generatorVersion" : "0.8r12", + "numberOfTests" : 387, + "header" : [ + "Test vectors of type EcdsaVerify are meant for the verification", + "of ASN encoded ECDSA signatures." + ], + "notes" : { + "BER" : "This is a signature with correct values for (r, s) but using some alternative BER encoding instead of DER encoding. Implementations should not accept such signatures to limit signature malleability.", + "EdgeCase" : "Edge case values such as r=1 and s=0 can lead to forgeries if the ECDSA implementation does not check boundaries and computes s^(-1)==0.", + "MissingZero" : "Some implementations of ECDSA and DSA incorrectly encode r and s by not including leading zeros in the ASN encoding of integers when necessary. Hence, some implementations (e.g. jdk) allow signatures with incorrect ASN encodings assuming that the signature is otherwise valid.", + "PointDuplication" : "Some implementations of ECDSA do not handle duplication and points at infinity correctly. This is a test vector that has been specially crafted to check for such an omission." + }, + "schema" : "ecdsa_verify_schema.json", + "testGroups" : [ + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838c7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e", + "wx" : "2927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838", + "wy" : "00c7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200042927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838c7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKSexBRK64+3c/kZ4KBKLrSkDJpkZ\n9whgacjE32xzKDjHeHlk6qwA5ZIfsUmKYPRgZ2az2WhQAVWNGpdOc0FRPg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 1, + "comment" : "signature malleability", + "msg" : "313233343030", + "sig" : "304402202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e1802204cd60b855d442f5b3c7b11eb6c4e0ae7525fe710fab9aa7c77a67f79e6fadd76", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 2, + "comment" : "Legacy:ASN encoding of s misses leading 0", + "msg" : "313233343030", + "sig" : "304402202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180220b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "acceptable", + "flags" : [ + "MissingZero" + ] + }, + { + "tcId" : 3, + "comment" : "valid", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 4, + "comment" : "long form encoding of length of sequence", + "msg" : "313233343030", + "sig" : "30814502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 5, + "comment" : "length of sequence contains leading 0", + "msg" : "313233343030", + "sig" : "3082004502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 6, + "comment" : "wrong length of sequence", + "msg" : "313233343030", + "sig" : "304602202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 7, + "comment" : "wrong length of sequence", + "msg" : "313233343030", + "sig" : "304402202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 8, + "comment" : "uint32 overflow in length of sequence", + "msg" : "313233343030", + "sig" : "3085010000004502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 9, + "comment" : "uint64 overflow in length of sequence", + "msg" : "313233343030", + "sig" : "308901000000000000004502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 10, + "comment" : "length of sequence = 2**31 - 1", + "msg" : "313233343030", + "sig" : "30847fffffff02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 11, + "comment" : "length of sequence = 2**32 - 1", + "msg" : "313233343030", + "sig" : "3084ffffffff02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 12, + "comment" : "length of sequence = 2**40 - 1", + "msg" : "313233343030", + "sig" : "3085ffffffffff02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 13, + "comment" : "length of sequence = 2**64 - 1", + "msg" : "313233343030", + "sig" : "3088ffffffffffffffff02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 14, + "comment" : "incorrect length of sequence", + "msg" : "313233343030", + "sig" : "30ff02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 15, + "comment" : "indefinite length without termination", + "msg" : "313233343030", + "sig" : "308002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 16, + "comment" : "indefinite length without termination", + "msg" : "313233343030", + "sig" : "304502802ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 17, + "comment" : "indefinite length without termination", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18028000b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 18, + "comment" : "removing sequence", + "msg" : "313233343030", + "sig" : "", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 19, + "comment" : "lonely sequence tag", + "msg" : "313233343030", + "sig" : "30", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 20, + "comment" : "appending 0's to sequence", + "msg" : "313233343030", + "sig" : "304702202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 21, + "comment" : "prepending 0's to sequence", + "msg" : "313233343030", + "sig" : "3047000002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 22, + "comment" : "appending unused 0's to sequence", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 23, + "comment" : "appending null value to sequence", + "msg" : "313233343030", + "sig" : "304702202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0500", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 24, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304a498177304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 25, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "30492500304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 26, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "3047304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0004deadbeef", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 27, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304a222549817702202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 28, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "30492224250002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 29, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304d222202202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180004deadbeef022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 30, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304a02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e182226498177022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 31, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304902202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e1822252500022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 32, + "comment" : "including garbage", + "msg" : "313233343030", + "sig" : "304d02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e182223022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0004deadbeef", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 33, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304daa00bb00cd00304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 34, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304baa02aabb304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 35, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304d2228aa00bb00cd0002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 36, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304b2226aa02aabb02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 37, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304d02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e182229aa00bb00cd00022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 38, + "comment" : "including undefined tags", + "msg" : "313233343030", + "sig" : "304b02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e182227aa02aabb022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 39, + "comment" : "truncated length of sequence", + "msg" : "313233343030", + "sig" : "3081", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 40, + "comment" : "using composition with indefinite length", + "msg" : "313233343030", + "sig" : "3080304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 41, + "comment" : "using composition with indefinite length", + "msg" : "313233343030", + "sig" : "3049228002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180000022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 42, + "comment" : "using composition with indefinite length", + "msg" : "313233343030", + "sig" : "304902202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e182280022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 43, + "comment" : "using composition with wrong tag", + "msg" : "313233343030", + "sig" : "3080314502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 44, + "comment" : "using composition with wrong tag", + "msg" : "313233343030", + "sig" : "3049228003202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180000022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 45, + "comment" : "using composition with wrong tag", + "msg" : "313233343030", + "sig" : "304902202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e182280032100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 46, + "comment" : "Replacing sequence with NULL", + "msg" : "313233343030", + "sig" : "0500", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 47, + "comment" : "changing tag value of sequence", + "msg" : "313233343030", + "sig" : "2e4502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 48, + "comment" : "changing tag value of sequence", + "msg" : "313233343030", + "sig" : "2f4502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 49, + "comment" : "changing tag value of sequence", + "msg" : "313233343030", + "sig" : "314502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 50, + "comment" : "changing tag value of sequence", + "msg" : "313233343030", + "sig" : "324502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 51, + "comment" : "changing tag value of sequence", + "msg" : "313233343030", + "sig" : "ff4502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 52, + "comment" : "dropping value of sequence", + "msg" : "313233343030", + "sig" : "3000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 53, + "comment" : "using composition for sequence", + "msg" : "313233343030", + "sig" : "30493001023044202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 54, + "comment" : "truncated sequence", + "msg" : "313233343030", + "sig" : "304402202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 55, + "comment" : "truncated sequence", + "msg" : "313233343030", + "sig" : "3044202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 56, + "comment" : "indefinite length", + "msg" : "313233343030", + "sig" : "308002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0000", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 57, + "comment" : "indefinite length with truncated delimiter", + "msg" : "313233343030", + "sig" : "308002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db00", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 58, + "comment" : "indefinite length with additional element", + "msg" : "313233343030", + "sig" : "308002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db05000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 59, + "comment" : "indefinite length with truncated element", + "msg" : "313233343030", + "sig" : "308002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db060811220000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 60, + "comment" : "indefinite length with garbage", + "msg" : "313233343030", + "sig" : "308002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0000fe02beef", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 61, + "comment" : "indefinite length with nonempty EOC", + "msg" : "313233343030", + "sig" : "308002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0002beef", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 62, + "comment" : "prepend empty sequence", + "msg" : "313233343030", + "sig" : "3047300002202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 63, + "comment" : "append empty sequence", + "msg" : "313233343030", + "sig" : "304702202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db3000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 64, + "comment" : "append garbage with high tag number", + "msg" : "313233343030", + "sig" : "304802202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847dbbf7f00", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 65, + "comment" : "sequence of sequence", + "msg" : "313233343030", + "sig" : "3047304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 66, + "comment" : "truncated sequence: removed last 1 elements", + "msg" : "313233343030", + "sig" : "302202202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 67, + "comment" : "repeating element in sequence", + "msg" : "313233343030", + "sig" : "306802202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 68, + "comment" : "long form encoding of length of integer", + "msg" : "313233343030", + "sig" : "30460281202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 69, + "comment" : "long form encoding of length of integer", + "msg" : "313233343030", + "sig" : "304602202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e1802812100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 70, + "comment" : "length of integer contains leading 0", + "msg" : "313233343030", + "sig" : "3047028200202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 71, + "comment" : "length of integer contains leading 0", + "msg" : "313233343030", + "sig" : "304702202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180282002100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 72, + "comment" : "wrong length of integer", + "msg" : "313233343030", + "sig" : "304502212ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 73, + "comment" : "wrong length of integer", + "msg" : "313233343030", + "sig" : "3045021f2ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 74, + "comment" : "wrong length of integer", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022200b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 75, + "comment" : "wrong length of integer", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022000b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 76, + "comment" : "uint32 overflow in length of integer", + "msg" : "313233343030", + "sig" : "304a028501000000202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 77, + "comment" : "uint32 overflow in length of integer", + "msg" : "313233343030", + "sig" : "304a02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180285010000002100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 78, + "comment" : "uint64 overflow in length of integer", + "msg" : "313233343030", + "sig" : "304e02890100000000000000202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 79, + "comment" : "uint64 overflow in length of integer", + "msg" : "313233343030", + "sig" : "304e02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18028901000000000000002100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 80, + "comment" : "length of integer = 2**31 - 1", + "msg" : "313233343030", + "sig" : "304902847fffffff2ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 81, + "comment" : "length of integer = 2**31 - 1", + "msg" : "313233343030", + "sig" : "304902202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e1802847fffffff00b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 82, + "comment" : "length of integer = 2**32 - 1", + "msg" : "313233343030", + "sig" : "30490284ffffffff2ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 83, + "comment" : "length of integer = 2**32 - 1", + "msg" : "313233343030", + "sig" : "304902202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180284ffffffff00b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 84, + "comment" : "length of integer = 2**40 - 1", + "msg" : "313233343030", + "sig" : "304a0285ffffffffff2ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 85, + "comment" : "length of integer = 2**40 - 1", + "msg" : "313233343030", + "sig" : "304a02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180285ffffffffff00b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 86, + "comment" : "length of integer = 2**64 - 1", + "msg" : "313233343030", + "sig" : "304d0288ffffffffffffffff2ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 87, + "comment" : "length of integer = 2**64 - 1", + "msg" : "313233343030", + "sig" : "304d02202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180288ffffffffffffffff00b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 88, + "comment" : "incorrect length of integer", + "msg" : "313233343030", + "sig" : "304502ff2ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 89, + "comment" : "incorrect length of integer", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e1802ff00b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 90, + "comment" : "removing integer", + "msg" : "313233343030", + "sig" : "3023022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 91, + "comment" : "lonely integer tag", + "msg" : "313233343030", + "sig" : "302402022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 92, + "comment" : "lonely integer tag", + "msg" : "313233343030", + "sig" : "302302202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e1802", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 93, + "comment" : "appending 0's to integer", + "msg" : "313233343030", + "sig" : "304702222ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180000022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 94, + "comment" : "appending 0's to integer", + "msg" : "313233343030", + "sig" : "304702202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022300b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 95, + "comment" : "prepending 0's to integer", + "msg" : "313233343030", + "sig" : "3047022200002ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 96, + "comment" : "prepending 0's to integer", + "msg" : "313233343030", + "sig" : "304702202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180223000000b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [ + "BER" + ] + }, + { + "tcId" : 97, + "comment" : "appending unused 0's to integer", + "msg" : "313233343030", + "sig" : "304702202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180000022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 98, + "comment" : "appending null value to integer", + "msg" : "313233343030", + "sig" : "304702222ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180500022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 99, + "comment" : "appending null value to integer", + "msg" : "313233343030", + "sig" : "304702202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022300b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db0500", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 100, + "comment" : "truncated length of integer", + "msg" : "313233343030", + "sig" : "30250281022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 101, + "comment" : "truncated length of integer", + "msg" : "313233343030", + "sig" : "302402202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180281", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 102, + "comment" : "Replacing integer with NULL", + "msg" : "313233343030", + "sig" : "30250500022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 103, + "comment" : "Replacing integer with NULL", + "msg" : "313233343030", + "sig" : "302402202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180500", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 104, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "304500202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 105, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "304501202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 106, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "304503202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 107, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "304504202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 108, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "3045ff202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 109, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18002100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 110, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18012100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 111, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18032100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 112, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18042100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 113, + "comment" : "changing tag value of integer", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18ff2100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 114, + "comment" : "dropping value of integer", + "msg" : "313233343030", + "sig" : "30250200022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 115, + "comment" : "dropping value of integer", + "msg" : "313233343030", + "sig" : "302402202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180200", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 116, + "comment" : "using composition for integer", + "msg" : "313233343030", + "sig" : "3049222402012b021fa3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 117, + "comment" : "using composition for integer", + "msg" : "313233343030", + "sig" : "304902202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e1822250201000220b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 118, + "comment" : "modify first byte of integer", + "msg" : "313233343030", + "sig" : "3045022029a3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 119, + "comment" : "modify first byte of integer", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022102b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 120, + "comment" : "modify last byte of integer", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e98022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 121, + "comment" : "modify last byte of integer", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b491568475b", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 122, + "comment" : "truncated integer", + "msg" : "313233343030", + "sig" : "3044021f2ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 123, + "comment" : "truncated integer", + "msg" : "313233343030", + "sig" : "3044021fa3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 124, + "comment" : "truncated integer", + "msg" : "313233343030", + "sig" : "304402202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022000b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 125, + "comment" : "leading ff in integer", + "msg" : "313233343030", + "sig" : "30460221ff2ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 126, + "comment" : "leading ff in integer", + "msg" : "313233343030", + "sig" : "304602202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180222ff00b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 127, + "comment" : "replaced integer by infinity", + "msg" : "313233343030", + "sig" : "3026090180022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 128, + "comment" : "replaced integer by infinity", + "msg" : "313233343030", + "sig" : "302502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18090180", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 129, + "comment" : "replacing integer with zero", + "msg" : "313233343030", + "sig" : "3026020100022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 130, + "comment" : "replacing integer with zero", + "msg" : "313233343030", + "sig" : "302502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18020100", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 131, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "30460221012ba3a8bd6b94d5ed80a6d9d1190a436ebccc0833490686deac8635bcb9bf5369022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 132, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "30460221ff2ba3a8bf6b94d5eb80a6d9d1190a436f42fe12d7fad749d4c512a036c0f908c7022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 133, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "30450220d45c5741946b2a137f59262ee6f5bc91001af27a5e1117a64733950642a3d1e8022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 134, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "3046022100d45c5740946b2a147f59262ee6f5bc90bd01ed280528b62b3aed5fc93f06f739022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 135, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "30460221fed45c5742946b2a127f59262ee6f5bc914333f7ccb6f979215379ca434640ac97022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 136, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "30460221012ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 137, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "3046022100d45c5741946b2a137f59262ee6f5bc91001af27a5e1117a64733950642a3d1e8022100b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 138, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022101b329f478a2bbd0a6c384ee1493b1f518276e0e4a5375928d6fcd160c11cb6d2c", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 139, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "304402202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180220b329f47aa2bbd0a4c384ee1493b1f518ada018ef05465583885980861905228a", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 140, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180221ff4cd60b865d442f5a3c7b11eb6c4e0ae79578ec6353a20bf783ecb4b6ea97b825", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 141, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e180221fe4cd60b875d442f593c7b11eb6c4e0ae7d891f1b5ac8a6d729032e9f3ee3492d4", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 142, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "304502202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18022101b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 143, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "304402202ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e1802204cd60b865d442f5a3c7b11eb6c4e0ae79578ec6353a20bf783ecb4b6ea97b825", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 144, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020100020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 145, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020100020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 146, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201000201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 147, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020100022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 148, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020100022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 149, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020100022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 150, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020100022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 151, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020100022100ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 152, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3008020100090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 153, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020100090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 154, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020101020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 155, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020101020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 156, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201010201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 157, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020101022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 158, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020101022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 159, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020101022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 160, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 161, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026020101022100ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 162, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3008020101090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 163, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3006020101090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 164, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201ff020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 165, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201ff020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 166, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201ff0201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 167, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30260201ff022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 168, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30260201ff022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 169, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30260201ff022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 170, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30260201ff022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 171, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30260201ff022100ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 172, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30080201ff090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 173, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "30060201ff090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 174, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 175, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 176, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325510201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 177, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 178, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 179, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 180, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 181, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551022100ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 182, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3028022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 183, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 184, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 185, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 186, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325500201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 187, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 188, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 189, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 190, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 191, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550022100ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 192, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3028022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 193, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 194, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 195, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 196, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325520201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 197, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 198, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 199, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 200, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 201, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552022100ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 202, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3028022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 203, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 204, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 205, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 206, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff0201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 207, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 208, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 209, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 210, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 211, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff022100ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 212, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3028022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 213, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 214, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000001000000000000000000000001000000000000000000000000020100", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 215, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000001000000000000000000000001000000000000000000000000020101", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 216, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff000000010000000000000000000000010000000000000000000000000201ff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 217, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000001000000000000000000000001000000000000000000000000022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 218, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000001000000000000000000000001000000000000000000000000022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 219, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000001000000000000000000000001000000000000000000000000022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 220, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000001000000000000000000000001000000000000000000000000022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 221, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000001000000000000000000000001000000000000000000000000022100ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 222, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3028022100ffffffff00000001000000000000000000000001000000000000000000000000090380fe01", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 223, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000001000000000000000000000001000000000000000000000000090142", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 224, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "30060201010c0130", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 225, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "30050201010c00", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 226, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "30090c0225730c03732573", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 227, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "30080201013003020100", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 228, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "3003020101", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 229, + "comment" : "Signature encoding contains wrong types.", + "msg" : "313233343030", + "sig" : "3006020101010100", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 230, + "comment" : "Edge case for Shamir multiplication", + "msg" : "3639383139", + "sig" : "3044022064a1aab5000d0e804f3e2fc02bdee9be8ff312334e2ba16d11547c97711c898e02206af015971cc30be6d1a206d4e013e0997772a2f91d73286ffd683b9bb2cf4f1b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 231, + "comment" : "special case hash", + "msg" : "343236343739373234", + "sig" : "3044022016aea964a2f6506d6f78c81c91fc7e8bded7d397738448de1e19a0ec580bf2660220252cd762130c6667cfe8b7bc47d27d78391e8e80c578d1cd38c3ff033be928e9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 232, + "comment" : "special case hash", + "msg" : "37313338363834383931", + "sig" : "30450221009cc98be2347d469bf476dfc26b9b733df2d26d6ef524af917c665baccb23c8820220093496459effe2d8d70727b82462f61d0ec1b7847929d10ea631dacb16b56c32", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 233, + "comment" : "special case hash", + "msg" : "3130333539333331363638", + "sig" : "3044022073b3c90ecd390028058164524dde892703dce3dea0d53fa8093999f07ab8aa4302202f67b0b8e20636695bb7d8bf0a651c802ed25a395387b5f4188c0c4075c88634", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 234, + "comment" : "special case hash", + "msg" : "33393439343031323135", + "sig" : "3046022100bfab3098252847b328fadf2f89b95c851a7f0eb390763378f37e90119d5ba3dd022100bdd64e234e832b1067c2d058ccb44d978195ccebb65c2aaf1e2da9b8b4987e3b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 235, + "comment" : "special case hash", + "msg" : "31333434323933303739", + "sig" : "30440220204a9784074b246d8bf8bf04a4ceb1c1f1c9aaab168b1596d17093c5cd21d2cd022051cce41670636783dc06a759c8847868a406c2506fe17975582fe648d1d88b52", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 236, + "comment" : "special case hash", + "msg" : "33373036323131373132", + "sig" : "3046022100ed66dc34f551ac82f63d4aa4f81fe2cb0031a91d1314f835027bca0f1ceeaa0302210099ca123aa09b13cd194a422e18d5fda167623c3f6e5d4d6abb8953d67c0c48c7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 237, + "comment" : "special case hash", + "msg" : "333433363838373132", + "sig" : "30450220060b700bef665c68899d44f2356a578d126b062023ccc3c056bf0f60a237012b0221008d186c027832965f4fcc78a3366ca95dedbb410cbef3f26d6be5d581c11d3610", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 238, + "comment" : "special case hash", + "msg" : "31333531353330333730", + "sig" : "30460221009f6adfe8d5eb5b2c24d7aa7934b6cf29c93ea76cd313c9132bb0c8e38c96831d022100b26a9c9e40e55ee0890c944cf271756c906a33e66b5bd15e051593883b5e9902", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 239, + "comment" : "special case hash", + "msg" : "36353533323033313236", + "sig" : "3045022100a1af03ca91677b673ad2f33615e56174a1abf6da168cebfa8868f4ba273f16b7022020aa73ffe48afa6435cd258b173d0c2377d69022e7d098d75caf24c8c5e06b1c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 240, + "comment" : "special case hash", + "msg" : "31353634333436363033", + "sig" : "3045022100fdc70602766f8eed11a6c99a71c973d5659355507b843da6e327a28c11893db902203df5349688a085b137b1eacf456a9e9e0f6d15ec0078ca60a7f83f2b10d21350", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 241, + "comment" : "special case hash", + "msg" : "34343239353339313137", + "sig" : "3046022100b516a314f2fce530d6537f6a6c49966c23456f63c643cf8e0dc738f7b876e675022100d39ffd033c92b6d717dd536fbc5efdf1967c4bd80954479ba66b0120cd16fff2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 242, + "comment" : "special case hash", + "msg" : "3130393533323631333531", + "sig" : "304402203b2cbf046eac45842ecb7984d475831582717bebb6492fd0a485c101e29ff0a802204c9b7b47a98b0f82de512bc9313aaf51701099cac5f76e68c8595fc1c1d99258", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 243, + "comment" : "special case hash", + "msg" : "35393837333530303431", + "sig" : "3044022030c87d35e636f540841f14af54e2f9edd79d0312cfa1ab656c3fb15bfde48dcf022047c15a5a82d24b75c85a692bd6ecafeb71409ede23efd08e0db9abf6340677ed", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 244, + "comment" : "special case hash", + "msg" : "33343633303036383738", + "sig" : "3044022038686ff0fda2cef6bc43b58cfe6647b9e2e8176d168dec3c68ff262113760f520220067ec3b651f422669601662167fa8717e976e2db5e6a4cf7c2ddabb3fde9d67d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 245, + "comment" : "special case hash", + "msg" : "39383137333230323837", + "sig" : "3044022044a3e23bf314f2b344fc25c7f2de8b6af3e17d27f5ee844b225985ab6e2775cf02202d48e223205e98041ddc87be532abed584f0411f5729500493c9cc3f4dd15e86", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 246, + "comment" : "special case hash", + "msg" : "33323232303431303436", + "sig" : "304402202ded5b7ec8e90e7bf11f967a3d95110c41b99db3b5aa8d330eb9d638781688e902207d5792c53628155e1bfc46fb1a67e3088de049c328ae1f44ec69238a009808f9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 247, + "comment" : "special case hash", + "msg" : "36363636333037313034", + "sig" : "3046022100bdae7bcb580bf335efd3bc3d31870f923eaccafcd40ec2f605976f15137d8b8f022100f6dfa12f19e525270b0106eecfe257499f373a4fb318994f24838122ce7ec3c7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 248, + "comment" : "special case hash", + "msg" : "31303335393531383938", + "sig" : "3045022050f9c4f0cd6940e162720957ffff513799209b78596956d21ece251c2401f1c6022100d7033a0a787d338e889defaaabb106b95a4355e411a59c32aa5167dfab244726", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 249, + "comment" : "special case hash", + "msg" : "31383436353937313935", + "sig" : "3045022100f612820687604fa01906066a378d67540982e29575d019aabe90924ead5c860d02203f9367702dd7dd4f75ea98afd20e328a1a99f4857b316525328230ce294b0fef", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 250, + "comment" : "special case hash", + "msg" : "33313336303436313839", + "sig" : "30460221009505e407657d6e8bc93db5da7aa6f5081f61980c1949f56b0f2f507da5782a7a022100c60d31904e3669738ffbeccab6c3656c08e0ed5cb92b3cfa5e7f71784f9c5021", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 251, + "comment" : "special case hash", + "msg" : "32363633373834323534", + "sig" : "3046022100bbd16fbbb656b6d0d83e6a7787cd691b08735aed371732723e1c68a40404517d0221009d8e35dba96028b7787d91315be675877d2d097be5e8ee34560e3e7fd25c0f00", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 252, + "comment" : "special case hash", + "msg" : "31363532313030353234", + "sig" : "304402202ec9760122db98fd06ea76848d35a6da442d2ceef7559a30cf57c61e92df327e02207ab271da90859479701fccf86e462ee3393fb6814c27b760c4963625c0a19878", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 253, + "comment" : "special case hash", + "msg" : "35373438303831363936", + "sig" : "3044022054e76b7683b6650baa6a7fc49b1c51eed9ba9dd463221f7a4f1005a89fe00c5902202ea076886c773eb937ec1cc8374b7915cfd11b1c1ae1166152f2f7806a31c8fd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 254, + "comment" : "special case hash", + "msg" : "36333433393133343638", + "sig" : "304402205291deaf24659ffbbce6e3c26f6021097a74abdbb69be4fb10419c0c496c9466022065d6fcf336d27cc7cdb982bb4e4ecef5827f84742f29f10abf83469270a03dc3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 255, + "comment" : "special case hash", + "msg" : "31353431313033353938", + "sig" : "30450220207a3241812d75d947419dc58efb05e8003b33fc17eb50f9d15166a88479f107022100cdee749f2e492b213ce80b32d0574f62f1c5d70793cf55e382d5caadf7592767", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 256, + "comment" : "special case hash", + "msg" : "3130343738353830313238", + "sig" : "304502206554e49f82a855204328ac94913bf01bbe84437a355a0a37c0dee3cf81aa7728022100aea00de2507ddaf5c94e1e126980d3df16250a2eaebc8be486effe7f22b4f929", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 257, + "comment" : "special case hash", + "msg" : "3130353336323835353638", + "sig" : "3046022100a54c5062648339d2bff06f71c88216c26c6e19b4d80a8c602990ac82707efdfc022100e99bbe7fcfafae3e69fd016777517aa01056317f467ad09aff09be73c9731b0d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 258, + "comment" : "special case hash", + "msg" : "393533393034313035", + "sig" : "3045022100975bd7157a8d363b309f1f444012b1a1d23096593133e71b4ca8b059cff37eaf02207faa7a28b1c822baa241793f2abc930bd4c69840fe090f2aacc46786bf919622", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 259, + "comment" : "special case hash", + "msg" : "393738383438303339", + "sig" : "304402205694a6f84b8f875c276afd2ebcfe4d61de9ec90305afb1357b95b3e0da43885e02200dffad9ffd0b757d8051dec02ebdf70d8ee2dc5c7870c0823b6ccc7c679cbaa4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 260, + "comment" : "special case hash", + "msg" : "33363130363732343432", + "sig" : "3045022100a0c30e8026fdb2b4b4968a27d16a6d08f7098f1a98d21620d7454ba9790f1ba602205e470453a8a399f15baf463f9deceb53acc5ca64459149688bd2760c65424339", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 261, + "comment" : "special case hash", + "msg" : "31303534323430373035", + "sig" : "30440220614ea84acf736527dd73602cd4bb4eea1dfebebd5ad8aca52aa0228cf7b99a880220737cc85f5f2d2f60d1b8183f3ed490e4de14368e96a9482c2a4dd193195c902f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 262, + "comment" : "special case hash", + "msg" : "35313734343438313937", + "sig" : "3045022100bead6734ebe44b810d3fb2ea00b1732945377338febfd439a8d74dfbd0f942fa02206bb18eae36616a7d3cad35919fd21a8af4bbe7a10f73b3e036a46b103ef56e2a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 263, + "comment" : "special case hash", + "msg" : "31393637353631323531", + "sig" : "30440220499625479e161dacd4db9d9ce64854c98d922cbf212703e9654fae182df9bad2022042c177cf37b8193a0131108d97819edd9439936028864ac195b64fca76d9d693", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 264, + "comment" : "special case hash", + "msg" : "33343437323533333433", + "sig" : "3045022008f16b8093a8fb4d66a2c8065b541b3d31e3bfe694f6b89c50fb1aaa6ff6c9b20221009d6455e2d5d1779748573b611cb95d4a21f967410399b39b535ba3e5af81ca2e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 265, + "comment" : "special case hash", + "msg" : "333638323634333138", + "sig" : "3046022100be26231b6191658a19dd72ddb99ed8f8c579b6938d19bce8eed8dc2b338cb5f8022100e1d9a32ee56cffed37f0f22b2dcb57d5c943c14f79694a03b9c5e96952575c89", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 266, + "comment" : "special case hash", + "msg" : "33323631313938363038", + "sig" : "3045022015e76880898316b16204ac920a02d58045f36a229d4aa4f812638c455abe0443022100e74d357d3fcb5c8c5337bd6aba4178b455ca10e226e13f9638196506a1939123", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 267, + "comment" : "special case hash", + "msg" : "39363738373831303934", + "sig" : "30440220352ecb53f8df2c503a45f9846fc28d1d31e6307d3ddbffc1132315cc07f16dad02201348dfa9c482c558e1d05c5242ca1c39436726ecd28258b1899792887dd0a3c6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 268, + "comment" : "special case hash", + "msg" : "34393538383233383233", + "sig" : "304402204a40801a7e606ba78a0da9882ab23c7677b8642349ed3d652c5bfa5f2a9558fb02203a49b64848d682ef7f605f2832f7384bdc24ed2925825bf8ea77dc5981725782", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 269, + "comment" : "special case hash", + "msg" : "383234363337383337", + "sig" : "3045022100eacc5e1a8304a74d2be412b078924b3bb3511bac855c05c9e5e9e44df3d61e9602207451cd8e18d6ed1885dd827714847f96ec4bb0ed4c36ce9808db8f714204f6d1", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 270, + "comment" : "special case hash", + "msg" : "3131303230383333373736", + "sig" : "304502202f7a5e9e5771d424f30f67fdab61e8ce4f8cd1214882adb65f7de94c31577052022100ac4e69808345809b44acb0b2bd889175fb75dd050c5a449ab9528f8f78daa10c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 271, + "comment" : "special case hash", + "msg" : "313333383731363438", + "sig" : "3045022100ffcda40f792ce4d93e7e0f0e95e1a2147dddd7f6487621c30a03d710b3300219022079938b55f8a17f7ed7ba9ade8f2065a1fa77618f0b67add8d58c422c2453a49a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 272, + "comment" : "special case hash", + "msg" : "333232313434313632", + "sig" : "304602210081f2359c4faba6b53d3e8c8c3fcc16a948350f7ab3a588b28c17603a431e39a8022100cd6f6a5cc3b55ead0ff695d06c6860b509e46d99fccefb9f7f9e101857f74300", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 273, + "comment" : "special case hash", + "msg" : "3130363836363535353436", + "sig" : "3045022100dfc8bf520445cbb8ee1596fb073ea283ea130251a6fdffa5c3f5f2aaf75ca8080220048e33efce147c9dd92823640e338e68bfd7d0dc7a4905b3a7ac711e577e90e7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 274, + "comment" : "special case hash", + "msg" : "3632313535323436", + "sig" : "3046022100ad019f74c6941d20efda70b46c53db166503a0e393e932f688227688ba6a576202210093320eb7ca0710255346bdbb3102cdcf7964ef2e0988e712bc05efe16c199345", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 275, + "comment" : "special case hash", + "msg" : "37303330383138373734", + "sig" : "3046022100ac8096842e8add68c34e78ce11dd71e4b54316bd3ebf7fffdeb7bd5a3ebc1883022100f5ca2f4f23d674502d4caf85d187215d36e3ce9f0ce219709f21a3aac003b7a8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 276, + "comment" : "special case hash", + "msg" : "35393234353233373434", + "sig" : "30440220677b2d3a59b18a5ff939b70ea002250889ddcd7b7b9d776854b4943693fb92f702206b4ba856ade7677bf30307b21f3ccda35d2f63aee81efd0bab6972cc0795db55", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 277, + "comment" : "special case hash", + "msg" : "31343935353836363231", + "sig" : "30450220479e1ded14bcaed0379ba8e1b73d3115d84d31d4b7c30e1f05e1fc0d5957cfb0022100918f79e35b3d89487cf634a4f05b2e0c30857ca879f97c771e877027355b2443", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 278, + "comment" : "special case hash", + "msg" : "34303035333134343036", + "sig" : "3044022043dfccd0edb9e280d9a58f01164d55c3d711e14b12ac5cf3b64840ead512a0a302201dbe33fa8ba84533cd5c4934365b3442ca1174899b78ef9a3199f49584389772", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 279, + "comment" : "special case hash", + "msg" : "33303936343537353132", + "sig" : "304402205b09ab637bd4caf0f4c7c7e4bca592fea20e9087c259d26a38bb4085f0bbff11022045b7eb467b6748af618e9d80d6fdcd6aa24964e5a13f885bca8101de08eb0d75", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 280, + "comment" : "special case hash", + "msg" : "32373834303235363230", + "sig" : "304502205e9b1c5a028070df5728c5c8af9b74e0667afa570a6cfa0114a5039ed15ee06f022100b1360907e2d9785ead362bb8d7bd661b6c29eeffd3c5037744edaeb9ad990c20", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 281, + "comment" : "special case hash", + "msg" : "32363138373837343138", + "sig" : "304502200671a0a85c2b72d54a2fb0990e34538b4890050f5a5712f6d1a7a5fb8578f32e022100db1846bab6b7361479ab9c3285ca41291808f27fd5bd4fdac720e5854713694c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 282, + "comment" : "special case hash", + "msg" : "31363432363235323632", + "sig" : "304402207673f8526748446477dbbb0590a45492c5d7d69859d301abbaedb35b2095103a02203dc70ddf9c6b524d886bed9e6af02e0e4dec0d417a414fed3807ef4422913d7c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 283, + "comment" : "special case hash", + "msg" : "36383234313839343336", + "sig" : "304402207f085441070ecd2bb21285089ebb1aa6450d1a06c36d3ff39dfd657a796d12b50220249712012029870a2459d18d47da9aa492a5e6cb4b2d8dafa9e4c5c54a2b9a8b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 284, + "comment" : "special case hash", + "msg" : "343834323435343235", + "sig" : "3046022100914c67fb61dd1e27c867398ea7322d5ab76df04bc5aa6683a8e0f30a5d287348022100fa07474031481dda4953e3ac1959ee8cea7e66ec412b38d6c96d28f6d37304ea", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "040ad99500288d466940031d72a9f5445a4d43784640855bf0a69874d2de5fe103c5011e6ef2c42dcd50d5d3d29f99ae6eba2c80c9244f4c5422f0979ff0c3ba5e", + "wx" : "0ad99500288d466940031d72a9f5445a4d43784640855bf0a69874d2de5fe103", + "wy" : "00c5011e6ef2c42dcd50d5d3d29f99ae6eba2c80c9244f4c5422f0979ff0c3ba5e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200040ad99500288d466940031d72a9f5445a4d43784640855bf0a69874d2de5fe103c5011e6ef2c42dcd50d5d3d29f99ae6eba2c80c9244f4c5422f0979ff0c3ba5e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECtmVACiNRmlAAx1yqfVEWk1DeEZA\nhVvwpph00t5f4QPFAR5u8sQtzVDV09Kfma5uuiyAySRPTFQi8Jef8MO6Xg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 285, + "comment" : "k*G has a large x-coordinate", + "msg" : "313233343030", + "sig" : "303502104319055358e8617b0c46353d039cdaab022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 286, + "comment" : "r too large", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000001000000000000000000000000fffffffffffffffffffffffc022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254e", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04ab05fd9d0de26b9ce6f4819652d9fc69193d0aa398f0fba8013e09c58220455419235271228c786759095d12b75af0692dd4103f19f6a8c32f49435a1e9b8d45", + "wx" : "00ab05fd9d0de26b9ce6f4819652d9fc69193d0aa398f0fba8013e09c582204554", + "wy" : "19235271228c786759095d12b75af0692dd4103f19f6a8c32f49435a1e9b8d45" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004ab05fd9d0de26b9ce6f4819652d9fc69193d0aa398f0fba8013e09c58220455419235271228c786759095d12b75af0692dd4103f19f6a8c32f49435a1e9b8d45", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqwX9nQ3ia5zm9IGWUtn8aRk9CqOY\n8PuoAT4JxYIgRVQZI1JxIox4Z1kJXRK3WvBpLdQQPxn2qMMvSUNaHpuNRQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 287, + "comment" : "r,s are large", + "msg" : "313233343030", + "sig" : "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0480984f39a1ff38a86a68aa4201b6be5dfbfecf876219710b07badf6fdd4c6c5611feb97390d9826e7a06dfb41871c940d74415ed3cac2089f1445019bb55ed95", + "wx" : "0080984f39a1ff38a86a68aa4201b6be5dfbfecf876219710b07badf6fdd4c6c56", + "wy" : "11feb97390d9826e7a06dfb41871c940d74415ed3cac2089f1445019bb55ed95" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000480984f39a1ff38a86a68aa4201b6be5dfbfecf876219710b07badf6fdd4c6c5611feb97390d9826e7a06dfb41871c940d74415ed3cac2089f1445019bb55ed95", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgJhPOaH/OKhqaKpCAba+Xfv+z4di\nGXELB7rfb91MbFYR/rlzkNmCbnoG37QYcclA10QV7TysIInxRFAZu1XtlQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 288, + "comment" : "r and s^-1 have a large Hamming weight", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022100909135bdb6799286170f5ead2de4f6511453fe50914f3df2de54a36383df8dd4", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "044201b4272944201c3294f5baa9a3232b6dd687495fcc19a70a95bc602b4f7c0595c37eba9ee8171c1bb5ac6feaf753bc36f463e3aef16629572c0c0a8fb0800e", + "wx" : "4201b4272944201c3294f5baa9a3232b6dd687495fcc19a70a95bc602b4f7c05", + "wy" : "0095c37eba9ee8171c1bb5ac6feaf753bc36f463e3aef16629572c0c0a8fb0800e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200044201b4272944201c3294f5baa9a3232b6dd687495fcc19a70a95bc602b4f7c0595c37eba9ee8171c1bb5ac6feaf753bc36f463e3aef16629572c0c0a8fb0800e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQgG0JylEIBwylPW6qaMjK23Wh0lf\nzBmnCpW8YCtPfAWVw366nugXHBu1rG/q91O8NvRj467xZilXLAwKj7CADg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 289, + "comment" : "r and s^-1 have a large Hamming weight", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022027b4577ca009376f71303fd5dd227dcef5deb773ad5f5a84360644669ca249a5", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04a71af64de5126a4a4e02b7922d66ce9415ce88a4c9d25514d91082c8725ac9575d47723c8fbe580bb369fec9c2665d8e30a435b9932645482e7c9f11e872296b", + "wx" : "00a71af64de5126a4a4e02b7922d66ce9415ce88a4c9d25514d91082c8725ac957", + "wy" : "5d47723c8fbe580bb369fec9c2665d8e30a435b9932645482e7c9f11e872296b" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004a71af64de5126a4a4e02b7922d66ce9415ce88a4c9d25514d91082c8725ac9575d47723c8fbe580bb369fec9c2665d8e30a435b9932645482e7c9f11e872296b", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpxr2TeUSakpOAreSLWbOlBXOiKTJ\n0lUU2RCCyHJayVddR3I8j75YC7Np/snCZl2OMKQ1uZMmRUgufJ8R6HIpaw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 290, + "comment" : "small r and s", + "msg" : "313233343030", + "sig" : "3006020105020101", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046627cec4f0731ea23fc2931f90ebe5b7572f597d20df08fc2b31ee8ef16b15726170ed77d8d0a14fc5c9c3c4c9be7f0d3ee18f709bb275eaf2073e258fe694a5", + "wx" : "6627cec4f0731ea23fc2931f90ebe5b7572f597d20df08fc2b31ee8ef16b1572", + "wy" : "6170ed77d8d0a14fc5c9c3c4c9be7f0d3ee18f709bb275eaf2073e258fe694a5" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200046627cec4f0731ea23fc2931f90ebe5b7572f597d20df08fc2b31ee8ef16b15726170ed77d8d0a14fc5c9c3c4c9be7f0d3ee18f709bb275eaf2073e258fe694a5", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZifOxPBzHqI/wpMfkOvlt1cvWX0g\n3wj8KzHujvFrFXJhcO132NChT8XJw8TJvn8NPuGPcJuyderyBz4lj+aUpQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 291, + "comment" : "small r and s", + "msg" : "313233343030", + "sig" : "3006020105020103", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045a7c8825e85691cce1f5e7544c54e73f14afc010cb731343262ca7ec5a77f5bfef6edf62a4497c1bd7b147fb6c3d22af3c39bfce95f30e13a16d3d7b2812f813", + "wx" : "5a7c8825e85691cce1f5e7544c54e73f14afc010cb731343262ca7ec5a77f5bf", + "wy" : "00ef6edf62a4497c1bd7b147fb6c3d22af3c39bfce95f30e13a16d3d7b2812f813" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045a7c8825e85691cce1f5e7544c54e73f14afc010cb731343262ca7ec5a77f5bfef6edf62a4497c1bd7b147fb6c3d22af3c39bfce95f30e13a16d3d7b2812f813", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWnyIJehWkczh9edUTFTnPxSvwBDL\ncxNDJiyn7Fp39b/vbt9ipEl8G9exR/tsPSKvPDm/zpXzDhOhbT17KBL4Ew==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 292, + "comment" : "small r and s", + "msg" : "313233343030", + "sig" : "3006020105020105", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04cbe0c29132cd738364fedd603152990c048e5e2fff996d883fa6caca7978c73770af6a8ce44cb41224b2603606f4c04d188e80bff7cc31ad5189d4ab0d70e8c1", + "wx" : "00cbe0c29132cd738364fedd603152990c048e5e2fff996d883fa6caca7978c737", + "wy" : "70af6a8ce44cb41224b2603606f4c04d188e80bff7cc31ad5189d4ab0d70e8c1" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004cbe0c29132cd738364fedd603152990c048e5e2fff996d883fa6caca7978c73770af6a8ce44cb41224b2603606f4c04d188e80bff7cc31ad5189d4ab0d70e8c1", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy+DCkTLNc4Nk/t1gMVKZDASOXi//\nmW2IP6bKynl4xzdwr2qM5Ey0EiSyYDYG9MBNGI6Av/fMMa1RidSrDXDowQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 293, + "comment" : "small r and s", + "msg" : "313233343030", + "sig" : "3006020105020106", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 294, + "comment" : "r is larger than n", + "msg" : "313233343030", + "sig" : "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632556020106", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "044be4178097002f0deab68f0d9a130e0ed33a6795d02a20796db83444b037e13920f13051e0eecdcfce4dacea0f50d1f247caa669f193c1b4075b51ae296d2d56", + "wx" : "4be4178097002f0deab68f0d9a130e0ed33a6795d02a20796db83444b037e139", + "wy" : "20f13051e0eecdcfce4dacea0f50d1f247caa669f193c1b4075b51ae296d2d56" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200044be4178097002f0deab68f0d9a130e0ed33a6795d02a20796db83444b037e13920f13051e0eecdcfce4dacea0f50d1f247caa669f193c1b4075b51ae296d2d56", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAES+QXgJcALw3qto8NmhMODtM6Z5XQ\nKiB5bbg0RLA34Tkg8TBR4O7Nz85NrOoPUNHyR8qmafGTwbQHW1GuKW0tVg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 295, + "comment" : "s is larger than n", + "msg" : "313233343030", + "sig" : "3026020105022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc75fbd8", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d0f73792203716afd4be4329faa48d269f15313ebbba379d7783c97bf3e890d9971f4a3206605bec21782bf5e275c714417e8f566549e6bc68690d2363c89cc1", + "wx" : "00d0f73792203716afd4be4329faa48d269f15313ebbba379d7783c97bf3e890d9", + "wy" : "00971f4a3206605bec21782bf5e275c714417e8f566549e6bc68690d2363c89cc1" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d0f73792203716afd4be4329faa48d269f15313ebbba379d7783c97bf3e890d9971f4a3206605bec21782bf5e275c714417e8f566549e6bc68690d2363c89cc1", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0Pc3kiA3Fq/UvkMp+qSNJp8VMT67\nujedd4PJe/PokNmXH0oyBmBb7CF4K/XidccUQX6PVmVJ5rxoaQ0jY8icwQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 296, + "comment" : "small r and s^-1", + "msg" : "313233343030", + "sig" : "3027020201000221008f1e3c7862c58b16bb76eddbb76eddbb516af4f63f2d74d76e0d28c9bb75ea88", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "044838b2be35a6276a80ef9e228140f9d9b96ce83b7a254f71ccdebbb8054ce05ffa9cbc123c919b19e00238198d04069043bd660a828814051fcb8aac738a6c6b", + "wx" : "4838b2be35a6276a80ef9e228140f9d9b96ce83b7a254f71ccdebbb8054ce05f", + "wy" : "00fa9cbc123c919b19e00238198d04069043bd660a828814051fcb8aac738a6c6b" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200044838b2be35a6276a80ef9e228140f9d9b96ce83b7a254f71ccdebbb8054ce05ffa9cbc123c919b19e00238198d04069043bd660a828814051fcb8aac738a6c6b", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESDiyvjWmJ2qA754igUD52bls6Dt6\nJU9xzN67uAVM4F/6nLwSPJGbGeACOBmNBAaQQ71mCoKIFAUfy4qsc4psaw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 297, + "comment" : "smallish r and s^-1", + "msg" : "313233343030", + "sig" : "302c02072d9b4d347952d6022100ef3043e7329581dbb3974497710ab11505ee1c87ff907beebadd195a0ffe6d7a", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "047393983ca30a520bbc4783dc9960746aab444ef520c0a8e771119aa4e74b0f64e9d7be1ab01a0bf626e709863e6a486dbaf32793afccf774e2c6cd27b1857526", + "wx" : "7393983ca30a520bbc4783dc9960746aab444ef520c0a8e771119aa4e74b0f64", + "wy" : "00e9d7be1ab01a0bf626e709863e6a486dbaf32793afccf774e2c6cd27b1857526" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200047393983ca30a520bbc4783dc9960746aab444ef520c0a8e771119aa4e74b0f64e9d7be1ab01a0bf626e709863e6a486dbaf32793afccf774e2c6cd27b1857526", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEc5OYPKMKUgu8R4PcmWB0aqtETvUg\nwKjncRGapOdLD2Tp174asBoL9ibnCYY+akhtuvMnk6/M93Tixs0nsYV1Jg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 298, + "comment" : "100-bit r and small s^-1", + "msg" : "313233343030", + "sig" : "3032020d1033e67e37b32b445580bf4eff0221008b748b74000000008b748b748b748b7466e769ad4a16d3dcd87129b8e91d1b4d", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045ac331a1103fe966697379f356a937f350588a05477e308851b8a502d5dfcdc5fe9993df4b57939b2b8da095bf6d794265204cfe03be995a02e65d408c871c0b", + "wx" : "5ac331a1103fe966697379f356a937f350588a05477e308851b8a502d5dfcdc5", + "wy" : "00fe9993df4b57939b2b8da095bf6d794265204cfe03be995a02e65d408c871c0b" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045ac331a1103fe966697379f356a937f350588a05477e308851b8a502d5dfcdc5fe9993df4b57939b2b8da095bf6d794265204cfe03be995a02e65d408c871c0b", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWsMxoRA/6WZpc3nzVqk381BYigVH\nfjCIUbilAtXfzcX+mZPfS1eTmyuNoJW/bXlCZSBM/gO+mVoC5l1AjIccCw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 299, + "comment" : "small r and 100 bit s^-1", + "msg" : "313233343030", + "sig" : "302702020100022100ef9f6ba4d97c09d03178fa20b4aaad83be3cf9cb824a879fec3270fc4b81ef5b", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "041d209be8de2de877095a399d3904c74cc458d926e27bb8e58e5eae5767c41509dd59e04c214f7b18dce351fc2a549893a6860e80163f38cc60a4f2c9d040d8c9", + "wx" : "1d209be8de2de877095a399d3904c74cc458d926e27bb8e58e5eae5767c41509", + "wy" : "00dd59e04c214f7b18dce351fc2a549893a6860e80163f38cc60a4f2c9d040d8c9" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200041d209be8de2de877095a399d3904c74cc458d926e27bb8e58e5eae5767c41509dd59e04c214f7b18dce351fc2a549893a6860e80163f38cc60a4f2c9d040d8c9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHSCb6N4t6HcJWjmdOQTHTMRY2Sbi\ne7jljl6uV2fEFQndWeBMIU97GNzjUfwqVJiTpoYOgBY/OMxgpPLJ0EDYyQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 300, + "comment" : "100-bit r and s^-1", + "msg" : "313233343030", + "sig" : "3032020d062522bbd3ecbe7c39e93e7c25022100ef9f6ba4d97c09d03178fa20b4aaad83be3cf9cb824a879fec3270fc4b81ef5b", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04083539fbee44625e3acaafa2fcb41349392cef0633a1b8fabecee0c133b10e99915c1ebe7bf00df8535196770a58047ae2a402f26326bb7d41d4d7616337911e", + "wx" : "083539fbee44625e3acaafa2fcb41349392cef0633a1b8fabecee0c133b10e99", + "wy" : "00915c1ebe7bf00df8535196770a58047ae2a402f26326bb7d41d4d7616337911e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004083539fbee44625e3acaafa2fcb41349392cef0633a1b8fabecee0c133b10e99915c1ebe7bf00df8535196770a58047ae2a402f26326bb7d41d4d7616337911e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECDU5++5EYl46yq+i/LQTSTks7wYz\nobj6vs7gwTOxDpmRXB6+e/AN+FNRlncKWAR64qQC8mMmu31B1NdhYzeRHg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 301, + "comment" : "r and s^-1 are close to n", + "msg" : "313233343030", + "sig" : "3045022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6324d50220555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "048aeb368a7027a4d64abdea37390c0c1d6a26f399e2d9734de1eb3d0e1937387405bd13834715e1dbae9b875cf07bd55e1b6691c7f7536aef3b19bf7a4adf576d", + "wx" : "008aeb368a7027a4d64abdea37390c0c1d6a26f399e2d9734de1eb3d0e19373874", + "wy" : "05bd13834715e1dbae9b875cf07bd55e1b6691c7f7536aef3b19bf7a4adf576d" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200048aeb368a7027a4d64abdea37390c0c1d6a26f399e2d9734de1eb3d0e1937387405bd13834715e1dbae9b875cf07bd55e1b6691c7f7536aef3b19bf7a4adf576d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEius2inAnpNZKveo3OQwMHWom85ni\n2XNN4es9Dhk3OHQFvRODRxXh266bh1zwe9VeG2aRx/dTau87Gb96St9XbQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 302, + "comment" : "s == 1", + "msg" : "313233343030", + "sig" : "30250220555555550000000055555555555555553ef7a8e48d07df81a693439654210c70020101", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 303, + "comment" : "s == 0", + "msg" : "313233343030", + "sig" : "30250220555555550000000055555555555555553ef7a8e48d07df81a693439654210c70020100", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04b533d4695dd5b8c5e07757e55e6e516f7e2c88fa0239e23f60e8ec07dd70f2871b134ee58cc583278456863f33c3a85d881f7d4a39850143e29d4eaf009afe47", + "wx" : "00b533d4695dd5b8c5e07757e55e6e516f7e2c88fa0239e23f60e8ec07dd70f287", + "wy" : "1b134ee58cc583278456863f33c3a85d881f7d4a39850143e29d4eaf009afe47" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004b533d4695dd5b8c5e07757e55e6e516f7e2c88fa0239e23f60e8ec07dd70f2871b134ee58cc583278456863f33c3a85d881f7d4a39850143e29d4eaf009afe47", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtTPUaV3VuMXgd1flXm5Rb34siPoC\nOeI/YOjsB91w8ocbE07ljMWDJ4RWhj8zw6hdiB99SjmFAUPinU6vAJr+Rw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 304, + "comment" : "point at infinity during verify", + "msg" : "313233343030", + "sig" : "304402207fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a80220555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04f50d371b91bfb1d7d14e1323523bc3aa8cbf2c57f9e284de628c8b4536787b86f94ad887ac94d527247cd2e7d0c8b1291c553c9730405380b14cbb209f5fa2dd", + "wx" : "00f50d371b91bfb1d7d14e1323523bc3aa8cbf2c57f9e284de628c8b4536787b86", + "wy" : "00f94ad887ac94d527247cd2e7d0c8b1291c553c9730405380b14cbb209f5fa2dd" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004f50d371b91bfb1d7d14e1323523bc3aa8cbf2c57f9e284de628c8b4536787b86f94ad887ac94d527247cd2e7d0c8b1291c553c9730405380b14cbb209f5fa2dd", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9Q03G5G/sdfRThMjUjvDqoy/LFf5\n4oTeYoyLRTZ4e4b5StiHrJTVJyR80ufQyLEpHFU8lzBAU4CxTLsgn1+i3Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 305, + "comment" : "edge case for signature malleability", + "msg" : "313233343030", + "sig" : "304402207fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a902207fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a8", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0468ec6e298eafe16539156ce57a14b04a7047c221bafc3a582eaeb0d857c4d94697bed1af17850117fdb39b2324f220a5698ed16c426a27335bb385ac8ca6fb30", + "wx" : "68ec6e298eafe16539156ce57a14b04a7047c221bafc3a582eaeb0d857c4d946", + "wy" : "0097bed1af17850117fdb39b2324f220a5698ed16c426a27335bb385ac8ca6fb30" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000468ec6e298eafe16539156ce57a14b04a7047c221bafc3a582eaeb0d857c4d94697bed1af17850117fdb39b2324f220a5698ed16c426a27335bb385ac8ca6fb30", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaOxuKY6v4WU5FWzlehSwSnBHwiG6\n/DpYLq6w2FfE2UaXvtGvF4UBF/2zmyMk8iClaY7RbEJqJzNbs4WsjKb7MA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 306, + "comment" : "edge case for signature malleability", + "msg" : "313233343030", + "sig" : "304402207fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a902207fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a9", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0469da0364734d2e530fece94019265fefb781a0f1b08f6c8897bdf6557927c8b866d2d3c7dcd518b23d726960f069ad71a933d86ef8abbcce8b20f71e2a847002", + "wx" : "69da0364734d2e530fece94019265fefb781a0f1b08f6c8897bdf6557927c8b8", + "wy" : "66d2d3c7dcd518b23d726960f069ad71a933d86ef8abbcce8b20f71e2a847002" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000469da0364734d2e530fece94019265fefb781a0f1b08f6c8897bdf6557927c8b866d2d3c7dcd518b23d726960f069ad71a933d86ef8abbcce8b20f71e2a847002", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEadoDZHNNLlMP7OlAGSZf77eBoPGw\nj2yIl732VXknyLhm0tPH3NUYsj1yaWDwaa1xqTPYbvirvM6LIPceKoRwAg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 307, + "comment" : "u1 == 1", + "msg" : "313233343030", + "sig" : "30450220555555550000000055555555555555553ef7a8e48d07df81a693439654210c70022100bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d8adc00023a8edc02576e2b63e3e30621a471e2b2320620187bf067a1ac1ff3233e2b50ec09807accb36131fff95ed12a09a86b4ea9690aa32861576ba2362e1", + "wx" : "00d8adc00023a8edc02576e2b63e3e30621a471e2b2320620187bf067a1ac1ff32", + "wy" : "33e2b50ec09807accb36131fff95ed12a09a86b4ea9690aa32861576ba2362e1" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d8adc00023a8edc02576e2b63e3e30621a471e2b2320620187bf067a1ac1ff3233e2b50ec09807accb36131fff95ed12a09a86b4ea9690aa32861576ba2362e1", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2K3AACOo7cAlduK2Pj4wYhpHHisj\nIGIBh78GehrB/zIz4rUOwJgHrMs2Ex//le0SoJqGtOqWkKoyhhV2uiNi4Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 308, + "comment" : "u1 == n - 1", + "msg" : "313233343030", + "sig" : "30440220555555550000000055555555555555553ef7a8e48d07df81a693439654210c70022044a5ad0ad0636d9f12bc9e0a6bdd5e1cbcb012ea7bf091fcec15b0c43202d52e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043623ac973ced0a56fa6d882f03a7d5c7edca02cfc7b2401fab3690dbe75ab7858db06908e64b28613da7257e737f39793da8e713ba0643b92e9bb3252be7f8fe", + "wx" : "3623ac973ced0a56fa6d882f03a7d5c7edca02cfc7b2401fab3690dbe75ab785", + "wy" : "008db06908e64b28613da7257e737f39793da8e713ba0643b92e9bb3252be7f8fe" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200043623ac973ced0a56fa6d882f03a7d5c7edca02cfc7b2401fab3690dbe75ab7858db06908e64b28613da7257e737f39793da8e713ba0643b92e9bb3252be7f8fe", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENiOslzztClb6bYgvA6fVx+3KAs/H\nskAfqzaQ2+dat4WNsGkI5ksoYT2nJX5zfzl5PajnE7oGQ7kum7MlK+f4/g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 309, + "comment" : "u2 == 1", + "msg" : "313233343030", + "sig" : "30440220555555550000000055555555555555553ef7a8e48d07df81a693439654210c700220555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04cf04ea77e9622523d894b93ff52dc3027b31959503b6fa3890e5e04263f922f1e8528fb7c006b3983c8b8400e57b4ed71740c2f3975438821199bedeaecab2e9", + "wx" : "00cf04ea77e9622523d894b93ff52dc3027b31959503b6fa3890e5e04263f922f1", + "wy" : "00e8528fb7c006b3983c8b8400e57b4ed71740c2f3975438821199bedeaecab2e9" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004cf04ea77e9622523d894b93ff52dc3027b31959503b6fa3890e5e04263f922f1e8528fb7c006b3983c8b8400e57b4ed71740c2f3975438821199bedeaecab2e9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzwTqd+liJSPYlLk/9S3DAnsxlZUD\ntvo4kOXgQmP5IvHoUo+3wAazmDyLhADle07XF0DC85dUOIIRmb7ersqy6Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 310, + "comment" : "u2 == n - 1", + "msg" : "313233343030", + "sig" : "30450220555555550000000055555555555555553ef7a8e48d07df81a693439654210c70022100aaaaaaaa00000000aaaaaaaaaaaaaaaa7def51c91a0fbf034d26872ca84218e1", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04db7a2c8a1ab573e5929dc24077b508d7e683d49227996bda3e9f78dbeff773504f417f3bc9a88075c2e0aadd5a13311730cf7cc76a82f11a36eaf08a6c99a206", + "wx" : "00db7a2c8a1ab573e5929dc24077b508d7e683d49227996bda3e9f78dbeff77350", + "wy" : "4f417f3bc9a88075c2e0aadd5a13311730cf7cc76a82f11a36eaf08a6c99a206" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004db7a2c8a1ab573e5929dc24077b508d7e683d49227996bda3e9f78dbeff773504f417f3bc9a88075c2e0aadd5a13311730cf7cc76a82f11a36eaf08a6c99a206", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE23osihq1c+WSncJAd7UI1+aD1JIn\nmWvaPp942+/3c1BPQX87yaiAdcLgqt1aEzEXMM98x2qC8Ro26vCKbJmiBg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 311, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022100e91e1ba60fdedb76a46bcb51dc0b8b4b7e019f0a28721885fa5d3a8196623397", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04dead11c7a5b396862f21974dc4752fadeff994efe9bbd05ab413765ea80b6e1f1de3f0640e8ac6edcf89cff53c40e265bb94078a343736df07aa0318fc7fe1ff", + "wx" : "00dead11c7a5b396862f21974dc4752fadeff994efe9bbd05ab413765ea80b6e1f", + "wy" : "1de3f0640e8ac6edcf89cff53c40e265bb94078a343736df07aa0318fc7fe1ff" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004dead11c7a5b396862f21974dc4752fadeff994efe9bbd05ab413765ea80b6e1f1de3f0640e8ac6edcf89cff53c40e265bb94078a343736df07aa0318fc7fe1ff", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3q0Rx6WzloYvIZdNxHUvre/5lO/p\nu9BatBN2XqgLbh8d4/BkDorG7c+Jz/U8QOJlu5QHijQ3Nt8HqgMY/H/h/w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 312, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022100fdea5843ffeb73af94313ba4831b53fe24f799e525b1e8e8c87b59b95b430ad9", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d0bc472e0d7c81ebaed3a6ef96c18613bb1fea6f994326fbe80e00dfde67c7e9986c723ea4843d48389b946f64ad56c83ad70ff17ba85335667d1bb9fa619efd", + "wx" : "00d0bc472e0d7c81ebaed3a6ef96c18613bb1fea6f994326fbe80e00dfde67c7e9", + "wy" : "00986c723ea4843d48389b946f64ad56c83ad70ff17ba85335667d1bb9fa619efd" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d0bc472e0d7c81ebaed3a6ef96c18613bb1fea6f994326fbe80e00dfde67c7e9986c723ea4843d48389b946f64ad56c83ad70ff17ba85335667d1bb9fa619efd", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0LxHLg18geuu06bvlsGGE7sf6m+Z\nQyb76A4A395nx+mYbHI+pIQ9SDiblG9krVbIOtcP8XuoUzVmfRu5+mGe/Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 313, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022003ffcabf2f1b4d2a65190db1680d62bb994e41c5251cd73b3c3dfc5e5bafc035", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04a0a44ca947d66a2acb736008b9c08d1ab2ad03776e02640f78495d458dd51c326337fe5cf8c4604b1f1c409dc2d872d4294a4762420df43a30a2392e40426add", + "wx" : "00a0a44ca947d66a2acb736008b9c08d1ab2ad03776e02640f78495d458dd51c32", + "wy" : "6337fe5cf8c4604b1f1c409dc2d872d4294a4762420df43a30a2392e40426add" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004a0a44ca947d66a2acb736008b9c08d1ab2ad03776e02640f78495d458dd51c326337fe5cf8c4604b1f1c409dc2d872d4294a4762420df43a30a2392e40426add", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoKRMqUfWairLc2AIucCNGrKtA3du\nAmQPeEldRY3VHDJjN/5c+MRgSx8cQJ3C2HLUKUpHYkIN9DowojkuQEJq3Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 314, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd02204dfbc401f971cd304b33dfdb17d0fed0fe4c1a88ae648e0d2847f74977534989", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04c9c2115290d008b45fb65fad0f602389298c25420b775019d42b62c3ce8a96b73877d25a8080dc02d987ca730f0405c2c9dbefac46f9e601cc3f06e9713973fd", + "wx" : "00c9c2115290d008b45fb65fad0f602389298c25420b775019d42b62c3ce8a96b7", + "wy" : "3877d25a8080dc02d987ca730f0405c2c9dbefac46f9e601cc3f06e9713973fd" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004c9c2115290d008b45fb65fad0f602389298c25420b775019d42b62c3ce8a96b73877d25a8080dc02d987ca730f0405c2c9dbefac46f9e601cc3f06e9713973fd", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEycIRUpDQCLRftl+tD2AjiSmMJUIL\nd1AZ1Ctiw86Klrc4d9JagIDcAtmHynMPBAXCydvvrEb55gHMPwbpcTlz/Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 315, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022100bc4024761cd2ffd43dfdb17d0fed112b988977055cd3a8e54971eba9cda5ca71", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045eca1ef4c287dddc66b8bccf1b88e8a24c0018962f3c5e7efa83bc1a5ff6033e5e79c4cb2c245b8c45abdce8a8e4da758d92a607c32cd407ecaef22f1c934a71", + "wx" : "5eca1ef4c287dddc66b8bccf1b88e8a24c0018962f3c5e7efa83bc1a5ff6033e", + "wy" : "5e79c4cb2c245b8c45abdce8a8e4da758d92a607c32cd407ecaef22f1c934a71" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045eca1ef4c287dddc66b8bccf1b88e8a24c0018962f3c5e7efa83bc1a5ff6033e5e79c4cb2c245b8c45abdce8a8e4da758d92a607c32cd407ecaef22f1c934a71", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXsoe9MKH3dxmuLzPG4jookwAGJYv\nPF5++oO8Gl/2Az5eecTLLCRbjEWr3Oio5Np1jZKmB8Ms1AfsrvIvHJNKcQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 316, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0220788048ed39a5ffa77bfb62fa1fda2257742bf35d128fb3459f2a0c909ee86f91", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045caaa030e7fdf0e4936bc7ab5a96353e0a01e4130c3f8bf22d473e317029a47adeb6adc462f7058f2a20d371e9702254e9b201642005b3ceda926b42b178bef9", + "wx" : "5caaa030e7fdf0e4936bc7ab5a96353e0a01e4130c3f8bf22d473e317029a47a", + "wy" : "00deb6adc462f7058f2a20d371e9702254e9b201642005b3ceda926b42b178bef9" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045caaa030e7fdf0e4936bc7ab5a96353e0a01e4130c3f8bf22d473e317029a47adeb6adc462f7058f2a20d371e9702254e9b201642005b3ceda926b42b178bef9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXKqgMOf98OSTa8erWpY1PgoB5BMM\nP4vyLUc+MXAppHretq3EYvcFjyog03HpcCJU6bIBZCAFs87akmtCsXi++Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 317, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0220476d9131fd381bd917d0fed112bc9e0a5924b5ed5b11167edd8b23582b3cb15e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04c2fd20bac06e555bb8ac0ce69eb1ea20f83a1fc3501c8a66469b1a31f619b0986237050779f52b615bd7b8d76a25fc95ca2ed32525c75f27ffc87ac397e6cbaf", + "wx" : "00c2fd20bac06e555bb8ac0ce69eb1ea20f83a1fc3501c8a66469b1a31f619b098", + "wy" : "6237050779f52b615bd7b8d76a25fc95ca2ed32525c75f27ffc87ac397e6cbaf" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004c2fd20bac06e555bb8ac0ce69eb1ea20f83a1fc3501c8a66469b1a31f619b0986237050779f52b615bd7b8d76a25fc95ca2ed32525c75f27ffc87ac397e6cbaf", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwv0gusBuVVu4rAzmnrHqIPg6H8NQ\nHIpmRpsaMfYZsJhiNwUHefUrYVvXuNdqJfyVyi7TJSXHXyf/yHrDl+bLrw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 318, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0221008374253e3e21bd154448d0a8f640fe46fafa8b19ce78d538f6cc0a19662d3601", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043fd6a1ca7f77fb3b0bbe726c372010068426e11ea6ae78ce17bedae4bba86ced03ce5516406bf8cfaab8745eac1cd69018ad6f50b5461872ddfc56e0db3c8ff4", + "wx" : "3fd6a1ca7f77fb3b0bbe726c372010068426e11ea6ae78ce17bedae4bba86ced", + "wy" : "03ce5516406bf8cfaab8745eac1cd69018ad6f50b5461872ddfc56e0db3c8ff4" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200043fd6a1ca7f77fb3b0bbe726c372010068426e11ea6ae78ce17bedae4bba86ced03ce5516406bf8cfaab8745eac1cd69018ad6f50b5461872ddfc56e0db3c8ff4", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP9ahyn93+zsLvnJsNyAQBoQm4R6m\nrnjOF77a5LuobO0DzlUWQGv4z6q4dF6sHNaQGK1vULVGGHLd/Fbg2zyP9A==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 319, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0220357cfd3be4d01d413c5b9ede36cba5452c11ee7fe14879e749ae6a2d897a52d6", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "049cb8e51e27a5ae3b624a60d6dc32734e4989db20e9bca3ede1edf7b086911114b4c104ab3c677e4b36d6556e8ad5f523410a19f2e277aa895fc57322b4427544", + "wx" : "009cb8e51e27a5ae3b624a60d6dc32734e4989db20e9bca3ede1edf7b086911114", + "wy" : "00b4c104ab3c677e4b36d6556e8ad5f523410a19f2e277aa895fc57322b4427544" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200049cb8e51e27a5ae3b624a60d6dc32734e4989db20e9bca3ede1edf7b086911114b4c104ab3c677e4b36d6556e8ad5f523410a19f2e277aa895fc57322b4427544", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLjlHielrjtiSmDW3DJzTkmJ2yDp\nvKPt4e33sIaRERS0wQSrPGd+SzbWVW6K1fUjQQoZ8uJ3qolfxXMitEJ1RA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 320, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022029798c5c0ee287d4a5e8e6b799fd86b8df5225298e6ffc807cd2f2bc27a0a6d8", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04a3e52c156dcaf10502620b7955bc2b40bc78ef3d569e1223c262512d8f49602a4a2039f31c1097024ad3cc86e57321de032355463486164cf192944977df147f", + "wx" : "00a3e52c156dcaf10502620b7955bc2b40bc78ef3d569e1223c262512d8f49602a", + "wy" : "4a2039f31c1097024ad3cc86e57321de032355463486164cf192944977df147f" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004a3e52c156dcaf10502620b7955bc2b40bc78ef3d569e1223c262512d8f49602a4a2039f31c1097024ad3cc86e57321de032355463486164cf192944977df147f", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEo+UsFW3K8QUCYgt5VbwrQLx47z1W\nnhIjwmJRLY9JYCpKIDnzHBCXAkrTzIblcyHeAyNVRjSGFkzxkpRJd98Ufw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 321, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd02200b70f22c781092452dca1a5711fa3a5a1f72add1bf52c2ff7cae4820b30078dd", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04f19b78928720d5bee8e670fb90010fb15c37bf91b58a5157c3f3c059b2655e88cf701ec962fb4a11dcf273f5dc357e58468560c7cfeb942d074abd4329260509", + "wx" : "00f19b78928720d5bee8e670fb90010fb15c37bf91b58a5157c3f3c059b2655e88", + "wy" : "00cf701ec962fb4a11dcf273f5dc357e58468560c7cfeb942d074abd4329260509" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004f19b78928720d5bee8e670fb90010fb15c37bf91b58a5157c3f3c059b2655e88cf701ec962fb4a11dcf273f5dc357e58468560c7cfeb942d074abd4329260509", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8Zt4kocg1b7o5nD7kAEPsVw3v5G1\nilFXw/PAWbJlXojPcB7JYvtKEdzyc/XcNX5YRoVgx8/rlC0HSr1DKSYFCQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 322, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022016e1e458f021248a5b9434ae23f474b43ee55ba37ea585fef95c90416600f1ba", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0483a744459ecdfb01a5cf52b27a05bb7337482d242f235d7b4cb89345545c90a8c05d49337b9649813287de9ffe90355fd905df5f3c32945828121f37cc50de6e", + "wx" : "0083a744459ecdfb01a5cf52b27a05bb7337482d242f235d7b4cb89345545c90a8", + "wy" : "00c05d49337b9649813287de9ffe90355fd905df5f3c32945828121f37cc50de6e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000483a744459ecdfb01a5cf52b27a05bb7337482d242f235d7b4cb89345545c90a8c05d49337b9649813287de9ffe90355fd905df5f3c32945828121f37cc50de6e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg6dERZ7N+wGlz1KyegW7czdILSQv\nI117TLiTRVRckKjAXUkze5ZJgTKH3p/+kDVf2QXfXzwylFgoEh83zFDebg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 323, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd02202252d6856831b6cf895e4f0535eeaf0e5e5809753df848fe760ad86219016a97", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04dd13c6b34c56982ddae124f039dfd23f4b19bbe88cee8e528ae51e5d6f3a21d7bfad4c2e6f263fe5eb59ca974d039fc0e4c3345692fb5320bdae4bd3b42a45ff", + "wx" : "00dd13c6b34c56982ddae124f039dfd23f4b19bbe88cee8e528ae51e5d6f3a21d7", + "wy" : "00bfad4c2e6f263fe5eb59ca974d039fc0e4c3345692fb5320bdae4bd3b42a45ff" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004dd13c6b34c56982ddae124f039dfd23f4b19bbe88cee8e528ae51e5d6f3a21d7bfad4c2e6f263fe5eb59ca974d039fc0e4c3345692fb5320bdae4bd3b42a45ff", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3RPGs0xWmC3a4STwOd/SP0sZu+iM\n7o5SiuUeXW86Ide/rUwubyY/5etZypdNA5/A5MM0VpL7UyC9rkvTtCpF/w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 324, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd02210081ffe55f178da695b28c86d8b406b15dab1a9e39661a3ae017fbe390ac0972c3", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0467e6f659cdde869a2f65f094e94e5b4dfad636bbf95192feeed01b0f3deb7460a37e0a51f258b7aeb51dfe592f5cfd5685bbe58712c8d9233c62886437c38ba0", + "wx" : "67e6f659cdde869a2f65f094e94e5b4dfad636bbf95192feeed01b0f3deb7460", + "wy" : "00a37e0a51f258b7aeb51dfe592f5cfd5685bbe58712c8d9233c62886437c38ba0" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000467e6f659cdde869a2f65f094e94e5b4dfad636bbf95192feeed01b0f3deb7460a37e0a51f258b7aeb51dfe592f5cfd5685bbe58712c8d9233c62886437c38ba0", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZ+b2Wc3ehpovZfCU6U5bTfrWNrv5\nUZL+7tAbDz3rdGCjfgpR8li3rrUd/lkvXP1WhbvlhxLI2SM8YohkN8OLoA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 325, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd02207fffffffaaaaaaaaffffffffffffffffe9a2538f37b28a2c513dee40fecbb71a", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042eb6412505aec05c6545f029932087e490d05511e8ec1f599617bb367f9ecaaf805f51efcc4803403f9b1ae0124890f06a43fedcddb31830f6669af292895cb0", + "wx" : "2eb6412505aec05c6545f029932087e490d05511e8ec1f599617bb367f9ecaaf", + "wy" : "00805f51efcc4803403f9b1ae0124890f06a43fedcddb31830f6669af292895cb0" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200042eb6412505aec05c6545f029932087e490d05511e8ec1f599617bb367f9ecaaf805f51efcc4803403f9b1ae0124890f06a43fedcddb31830f6669af292895cb0", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELrZBJQWuwFxlRfApkyCH5JDQVRHo\n7B9Zlhe7Nn+eyq+AX1HvzEgDQD+bGuASSJDwakP+3N2zGDD2ZprykolcsA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 326, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022100b62f26b5f2a2b26f6de86d42ad8a13da3ab3cccd0459b201de009e526adf21f2", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0484db645868eab35e3a9fd80e056e2e855435e3a6b68d75a50a854625fe0d7f356d2589ac655edc9a11ef3e075eddda9abf92e72171570ef7bf43a2ee39338cfe", + "wx" : "0084db645868eab35e3a9fd80e056e2e855435e3a6b68d75a50a854625fe0d7f35", + "wy" : "6d2589ac655edc9a11ef3e075eddda9abf92e72171570ef7bf43a2ee39338cfe" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000484db645868eab35e3a9fd80e056e2e855435e3a6b68d75a50a854625fe0d7f356d2589ac655edc9a11ef3e075eddda9abf92e72171570ef7bf43a2ee39338cfe", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhNtkWGjqs146n9gOBW4uhVQ146a2\njXWlCoVGJf4NfzVtJYmsZV7cmhHvPgde3dqav5LnIXFXDve/Q6LuOTOM/g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 327, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022100bb1d9ac949dd748cd02bbbe749bd351cd57b38bb61403d700686aa7b4c90851e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0491b9e47c56278662d75c0983b22ca8ea6aa5059b7a2ff7637eb2975e386ad66349aa8ff283d0f77c18d6d11dc062165fd13c3c0310679c1408302a16854ecfbd", + "wx" : "0091b9e47c56278662d75c0983b22ca8ea6aa5059b7a2ff7637eb2975e386ad663", + "wy" : "49aa8ff283d0f77c18d6d11dc062165fd13c3c0310679c1408302a16854ecfbd" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000491b9e47c56278662d75c0983b22ca8ea6aa5059b7a2ff7637eb2975e386ad66349aa8ff283d0f77c18d6d11dc062165fd13c3c0310679c1408302a16854ecfbd", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkbnkfFYnhmLXXAmDsiyo6mqlBZt6\nL/djfrKXXjhq1mNJqo/yg9D3fBjW0R3AYhZf0Tw8AxBnnBQIMCoWhU7PvQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 328, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022066755a00638cdaec1c732513ca0234ece52545dac11f816e818f725b4f60aaf2", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04f3ec2f13caf04d0192b47fb4c5311fb6d4dc6b0a9e802e5327f7ec5ee8e4834df97e3e468b7d0db867d6ecfe81e2b0f9531df87efdb47c1338ac321fefe5a432", + "wx" : "00f3ec2f13caf04d0192b47fb4c5311fb6d4dc6b0a9e802e5327f7ec5ee8e4834d", + "wy" : "00f97e3e468b7d0db867d6ecfe81e2b0f9531df87efdb47c1338ac321fefe5a432" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004f3ec2f13caf04d0192b47fb4c5311fb6d4dc6b0a9e802e5327f7ec5ee8e4834df97e3e468b7d0db867d6ecfe81e2b0f9531df87efdb47c1338ac321fefe5a432", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8+wvE8rwTQGStH+0xTEfttTcawqe\ngC5TJ/fsXujkg035fj5Gi30NuGfW7P6B4rD5Ux34fv20fBM4rDIf7+WkMg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 329, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022055a00c9fcdaebb6032513ca0234ecfffe98ebe492fdf02e48ca48e982beb3669", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d92b200aefcab6ac7dafd9acaf2fa10b3180235b8f46b4503e4693c670fccc885ef2f3aebf5b317475336256768f7c19efb7352d27e4cccadc85b6b8ab922c72", + "wx" : "00d92b200aefcab6ac7dafd9acaf2fa10b3180235b8f46b4503e4693c670fccc88", + "wy" : "5ef2f3aebf5b317475336256768f7c19efb7352d27e4cccadc85b6b8ab922c72" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d92b200aefcab6ac7dafd9acaf2fa10b3180235b8f46b4503e4693c670fccc885ef2f3aebf5b317475336256768f7c19efb7352d27e4cccadc85b6b8ab922c72", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2SsgCu/Ktqx9r9msry+hCzGAI1uP\nRrRQPkaTxnD8zIhe8vOuv1sxdHUzYlZ2j3wZ77c1LSfkzMrchba4q5Iscg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 330, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022100ab40193f9b5d76c064a27940469d9fffd31d7c925fbe05c919491d3057d66cd2", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "040a88361eb92ecca2625b38e5f98bbabb96bf179b3d76fc48140a3bcd881523cde6bdf56033f84a5054035597375d90866aa2c96b86a41ccf6edebf47298ad489", + "wx" : "0a88361eb92ecca2625b38e5f98bbabb96bf179b3d76fc48140a3bcd881523cd", + "wy" : "00e6bdf56033f84a5054035597375d90866aa2c96b86a41ccf6edebf47298ad489" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200040a88361eb92ecca2625b38e5f98bbabb96bf179b3d76fc48140a3bcd881523cde6bdf56033f84a5054035597375d90866aa2c96b86a41ccf6edebf47298ad489", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECog2HrkuzKJiWzjl+Yu6u5a/F5s9\ndvxIFAo7zYgVI83mvfVgM/hKUFQDVZc3XZCGaqLJa4akHM9u3r9HKYrUiQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 331, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022100ca0234ebb5fdcb13ca0234ecffffffffcb0dadbbc7f549f8a26b4408d0dc8600", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d0fb17ccd8fafe827e0c1afc5d8d80366e2b20e7f14a563a2ba50469d84375e868612569d39e2bb9f554355564646de99ac602cc6349cf8c1e236a7de7637d93", + "wx" : "00d0fb17ccd8fafe827e0c1afc5d8d80366e2b20e7f14a563a2ba50469d84375e8", + "wy" : "68612569d39e2bb9f554355564646de99ac602cc6349cf8c1e236a7de7637d93" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d0fb17ccd8fafe827e0c1afc5d8d80366e2b20e7f14a563a2ba50469d84375e868612569d39e2bb9f554355564646de99ac602cc6349cf8c1e236a7de7637d93", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0PsXzNj6/oJ+DBr8XY2ANm4rIOfx\nSlY6K6UEadhDdehoYSVp054rufVUNVVkZG3pmsYCzGNJz4weI2p952N9kw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 332, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022100bfffffff3ea3677e082b9310572620ae19933a9e65b285598711c77298815ad3", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04836f33bbc1dc0d3d3abbcef0d91f11e2ac4181076c9af0a22b1e4309d3edb2769ab443ff6f901e30c773867582997c2bec2b0cb8120d760236f3a95bbe881f75", + "wx" : "00836f33bbc1dc0d3d3abbcef0d91f11e2ac4181076c9af0a22b1e4309d3edb276", + "wy" : "009ab443ff6f901e30c773867582997c2bec2b0cb8120d760236f3a95bbe881f75" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004836f33bbc1dc0d3d3abbcef0d91f11e2ac4181076c9af0a22b1e4309d3edb2769ab443ff6f901e30c773867582997c2bec2b0cb8120d760236f3a95bbe881f75", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg28zu8HcDT06u87w2R8R4qxBgQds\nmvCiKx5DCdPtsnaatEP/b5AeMMdzhnWCmXwr7CsMuBINdgI286lbvogfdQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 333, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0220266666663bbbbbbbe6666666666666665b37902e023fab7c8f055d86e5cc41f4", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0492f99fbe973ed4a299719baee4b432741237034dec8d72ba5103cb33e55feeb8033dd0e91134c734174889f3ebcf1b7a1ac05767289280ee7a794cebd6e69697", + "wx" : "0092f99fbe973ed4a299719baee4b432741237034dec8d72ba5103cb33e55feeb8", + "wy" : "033dd0e91134c734174889f3ebcf1b7a1ac05767289280ee7a794cebd6e69697" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000492f99fbe973ed4a299719baee4b432741237034dec8d72ba5103cb33e55feeb8033dd0e91134c734174889f3ebcf1b7a1ac05767289280ee7a794cebd6e69697", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkvmfvpc+1KKZcZuu5LQydBI3A03s\njXK6UQPLM+Vf7rgDPdDpETTHNBdIifPrzxt6GsBXZyiSgO56eUzr1uaWlw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 334, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022100bfffffff36db6db7a492492492492492146c573f4c6dfc8d08a443e258970b09", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d35ba58da30197d378e618ec0fa7e2e2d12cffd73ebbb2049d130bba434af09eff83986e6875e41ea432b7585a49b3a6c77cbb3c47919f8e82874c794635c1d2", + "wx" : "00d35ba58da30197d378e618ec0fa7e2e2d12cffd73ebbb2049d130bba434af09e", + "wy" : "00ff83986e6875e41ea432b7585a49b3a6c77cbb3c47919f8e82874c794635c1d2" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d35ba58da30197d378e618ec0fa7e2e2d12cffd73ebbb2049d130bba434af09eff83986e6875e41ea432b7585a49b3a6c77cbb3c47919f8e82874c794635c1d2", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE01uljaMBl9N45hjsD6fi4tEs/9c+\nu7IEnRMLukNK8J7/g5huaHXkHqQyt1haSbOmx3y7PEeRn46Ch0x5RjXB0g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 335, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304502207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd022100bfffffff2aaaaaab7fffffffffffffffc815d0e60b3e596ecb1ad3a27cfd49c4", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "048651ce490f1b46d73f3ff475149be29136697334a519d7ddab0725c8d0793224e11c65bd8ca92dc8bc9ae82911f0b52751ce21dd9003ae60900bd825f590cc28", + "wx" : "008651ce490f1b46d73f3ff475149be29136697334a519d7ddab0725c8d0793224", + "wy" : "00e11c65bd8ca92dc8bc9ae82911f0b52751ce21dd9003ae60900bd825f590cc28" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200048651ce490f1b46d73f3ff475149be29136697334a519d7ddab0725c8d0793224e11c65bd8ca92dc8bc9ae82911f0b52751ce21dd9003ae60900bd825f590cc28", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhlHOSQ8bRtc/P/R1FJvikTZpczSl\nGdfdqwclyNB5MiThHGW9jKktyLya6CkR8LUnUc4h3ZADrmCQC9gl9ZDMKA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 336, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd02207fffffff55555555ffffffffffffffffd344a71e6f651458a27bdc81fd976e37", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046d8e1b12c831a0da8795650ff95f101ed921d9e2f72b15b1cdaca9826b9cfc6def6d63e2bc5c089570394a4bc9f892d5e6c7a6a637b20469a58c106ad486bf37", + "wx" : "6d8e1b12c831a0da8795650ff95f101ed921d9e2f72b15b1cdaca9826b9cfc6d", + "wy" : "00ef6d63e2bc5c089570394a4bc9f892d5e6c7a6a637b20469a58c106ad486bf37" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200046d8e1b12c831a0da8795650ff95f101ed921d9e2f72b15b1cdaca9826b9cfc6def6d63e2bc5c089570394a4bc9f892d5e6c7a6a637b20469a58c106ad486bf37", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbY4bEsgxoNqHlWUP+V8QHtkh2eL3\nKxWxzaypgmuc/G3vbWPivFwIlXA5SkvJ+JLV5sempjeyBGmljBBq1Ia/Nw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 337, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd02203fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192aa", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "040ae580bae933b4ef2997cbdbb0922328ca9a410f627a0f7dff24cb4d920e15428911e7f8cc365a8a88eb81421a361ccc2b99e309d8dcd9a98ba83c3949d893e3", + "wx" : "0ae580bae933b4ef2997cbdbb0922328ca9a410f627a0f7dff24cb4d920e1542", + "wy" : "008911e7f8cc365a8a88eb81421a361ccc2b99e309d8dcd9a98ba83c3949d893e3" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200040ae580bae933b4ef2997cbdbb0922328ca9a410f627a0f7dff24cb4d920e15428911e7f8cc365a8a88eb81421a361ccc2b99e309d8dcd9a98ba83c3949d893e3", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECuWAuukztO8pl8vbsJIjKMqaQQ9i\neg99/yTLTZIOFUKJEef4zDZaiojrgUIaNhzMK5njCdjc2amLqDw5SdiT4w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 338, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "304402207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd02205d8ecd64a4eeba466815ddf3a4de9a8e6abd9c5db0a01eb80343553da648428f", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc46963838a40f2a36092e9004e92d8d940cf5638550ce672ce8b8d4e15eba5499249e9", + "wx" : "5b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc46963", + "wy" : "00838a40f2a36092e9004e92d8d940cf5638550ce672ce8b8d4e15eba5499249e9" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc46963838a40f2a36092e9004e92d8d940cf5638550ce672ce8b8d4e15eba5499249e9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW4Ev1SGq+mmDWoSczm+962mDtELS\nRE/nDhNMAn/EaWODikDyo2CS6QBOktjZQM9WOFUM5nLOi41OFeulSZJJ6Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 339, + "comment" : "point duplication during verification", + "msg" : "313233343030", + "sig" : "304502206f2347cab7dd76858fe0555ac3bc99048c4aacafdfb6bcbe05ea6c42c4934569022100bb726660235793aa9957a61e76e00c2c435109cf9a15dd624d53f4301047856b", + "result" : "valid", + "flags" : [ + "PointDuplication" + ] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc469637c75bf0c5c9f6d17ffb16d2726bf30a9c7aaf31a8d317472b1ea145ab66db616", + "wx" : "5b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc46963", + "wy" : "7c75bf0c5c9f6d17ffb16d2726bf30a9c7aaf31a8d317472b1ea145ab66db616" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc469637c75bf0c5c9f6d17ffb16d2726bf30a9c7aaf31a8d317472b1ea145ab66db616", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW4Ev1SGq+mmDWoSczm+962mDtELS\nRE/nDhNMAn/EaWN8db8MXJ9tF/+xbScmvzCpx6rzGo0xdHKx6hRatm22Fg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 340, + "comment" : "duplication bug", + "msg" : "313233343030", + "sig" : "304502206f2347cab7dd76858fe0555ac3bc99048c4aacafdfb6bcbe05ea6c42c4934569022100bb726660235793aa9957a61e76e00c2c435109cf9a15dd624d53f4301047856b", + "result" : "invalid", + "flags" : [ + "PointDuplication" + ] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046adda82b90261b0f319faa0d878665a6b6da497f09c903176222c34acfef72a647e6f50dcc40ad5d9b59f7602bb222fad71a41bf5e1f9df4959a364c62e488d9", + "wx" : "6adda82b90261b0f319faa0d878665a6b6da497f09c903176222c34acfef72a6", + "wy" : "47e6f50dcc40ad5d9b59f7602bb222fad71a41bf5e1f9df4959a364c62e488d9" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200046adda82b90261b0f319faa0d878665a6b6da497f09c903176222c34acfef72a647e6f50dcc40ad5d9b59f7602bb222fad71a41bf5e1f9df4959a364c62e488d9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEat2oK5AmGw8xn6oNh4ZlprbaSX8J\nyQMXYiLDSs/vcqZH5vUNzECtXZtZ92ArsiL61xpBv14fnfSVmjZMYuSI2Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 341, + "comment" : "point with x-coordinate 0", + "msg" : "313233343030", + "sig" : "30250201010220555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042fca0d0a47914de77ed56e7eccc3276a601120c6df0069c825c8f6a01c9f382065f3450a1d17c6b24989a39beb1c7decfca8384fbdc294418e5d807b3c6ed7de", + "wx" : "2fca0d0a47914de77ed56e7eccc3276a601120c6df0069c825c8f6a01c9f3820", + "wy" : "65f3450a1d17c6b24989a39beb1c7decfca8384fbdc294418e5d807b3c6ed7de" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200042fca0d0a47914de77ed56e7eccc3276a601120c6df0069c825c8f6a01c9f382065f3450a1d17c6b24989a39beb1c7decfca8384fbdc294418e5d807b3c6ed7de", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEL8oNCkeRTed+1W5+zMMnamARIMbf\nAGnIJcj2oByfOCBl80UKHRfGskmJo5vrHH3s/Kg4T73ClEGOXYB7PG7X3g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 342, + "comment" : "point with x-coordinate 0", + "msg" : "313233343030", + "sig" : "3045022101000000000000000000000000000000000000000000000000000000000000000002203333333300000000333333333333333325c7cbbc549e52e763f1f55a327a3aa9", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04dd86d3b5f4a13e8511083b78002081c53ff467f11ebd98a51a633db76665d25045d5c8200c89f2fa10d849349226d21d8dfaed6ff8d5cb3e1b7e17474ebc18f7", + "wx" : "00dd86d3b5f4a13e8511083b78002081c53ff467f11ebd98a51a633db76665d250", + "wy" : "45d5c8200c89f2fa10d849349226d21d8dfaed6ff8d5cb3e1b7e17474ebc18f7" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004dd86d3b5f4a13e8511083b78002081c53ff467f11ebd98a51a633db76665d25045d5c8200c89f2fa10d849349226d21d8dfaed6ff8d5cb3e1b7e17474ebc18f7", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3YbTtfShPoURCDt4ACCBxT/0Z/Ee\nvZilGmM9t2Zl0lBF1cggDIny+hDYSTSSJtIdjfrtb/jVyz4bfhdHTrwY9w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 343, + "comment" : "comparison with point at infinity ", + "msg" : "313233343030", + "sig" : "30440220555555550000000055555555555555553ef7a8e48d07df81a693439654210c7002203333333300000000333333333333333325c7cbbc549e52e763f1f55a327a3aa9", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "044fea55b32cb32aca0c12c4cd0abfb4e64b0f5a516e578c016591a93f5a0fbcc5d7d3fd10b2be668c547b212f6bb14c88f0fecd38a8a4b2c785ed3be62ce4b280", + "wx" : "4fea55b32cb32aca0c12c4cd0abfb4e64b0f5a516e578c016591a93f5a0fbcc5", + "wy" : "00d7d3fd10b2be668c547b212f6bb14c88f0fecd38a8a4b2c785ed3be62ce4b280" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200044fea55b32cb32aca0c12c4cd0abfb4e64b0f5a516e578c016591a93f5a0fbcc5d7d3fd10b2be668c547b212f6bb14c88f0fecd38a8a4b2c785ed3be62ce4b280", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET+pVsyyzKsoMEsTNCr+05ksPWlFu\nV4wBZZGpP1oPvMXX0/0Qsr5mjFR7IS9rsUyI8P7NOKiksseF7TvmLOSygA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 344, + "comment" : "extreme value for k and edgecase s", + "msg" : "313233343030", + "sig" : "304402207cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc476699780220555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04c6a771527024227792170a6f8eee735bf32b7f98af669ead299802e32d7c3107bc3b4b5e65ab887bbd343572b3e5619261fe3a073e2ffd78412f726867db589e", + "wx" : "00c6a771527024227792170a6f8eee735bf32b7f98af669ead299802e32d7c3107", + "wy" : "00bc3b4b5e65ab887bbd343572b3e5619261fe3a073e2ffd78412f726867db589e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004c6a771527024227792170a6f8eee735bf32b7f98af669ead299802e32d7c3107bc3b4b5e65ab887bbd343572b3e5619261fe3a073e2ffd78412f726867db589e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExqdxUnAkIneSFwpvju5zW/Mrf5iv\nZp6tKZgC4y18MQe8O0teZauIe700NXKz5WGSYf46Bz4v/XhBL3JoZ9tYng==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 345, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "304502207cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978022100b6db6db6249249254924924924924924625bd7a09bec4ca81bcdd9f8fd6b63cc", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04851c2bbad08e54ec7a9af99f49f03644d6ec6d59b207fec98de85a7d15b956efcee9960283045075684b410be8d0f7494b91aa2379f60727319f10ddeb0fe9d6", + "wx" : "00851c2bbad08e54ec7a9af99f49f03644d6ec6d59b207fec98de85a7d15b956ef", + "wy" : "00cee9960283045075684b410be8d0f7494b91aa2379f60727319f10ddeb0fe9d6" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004851c2bbad08e54ec7a9af99f49f03644d6ec6d59b207fec98de85a7d15b956efcee9960283045075684b410be8d0f7494b91aa2379f60727319f10ddeb0fe9d6", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhRwrutCOVOx6mvmfSfA2RNbsbVmy\nB/7JjehafRW5Vu/O6ZYCgwRQdWhLQQvo0PdJS5GqI3n2BycxnxDd6w/p1g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 346, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "304502207cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978022100cccccccc00000000cccccccccccccccc971f2ef152794b9d8fc7d568c9e8eaa7", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04f6417c8a670584e388676949e53da7fc55911ff68318d1bf3061205acb19c48f8f2b743df34ad0f72674acb7505929784779cd9ac916c3669ead43026ab6d43f", + "wx" : "00f6417c8a670584e388676949e53da7fc55911ff68318d1bf3061205acb19c48f", + "wy" : "008f2b743df34ad0f72674acb7505929784779cd9ac916c3669ead43026ab6d43f" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004f6417c8a670584e388676949e53da7fc55911ff68318d1bf3061205acb19c48f8f2b743df34ad0f72674acb7505929784779cd9ac916c3669ead43026ab6d43f", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9kF8imcFhOOIZ2lJ5T2n/FWRH/aD\nGNG/MGEgWssZxI+PK3Q980rQ9yZ0rLdQWSl4R3nNmskWw2aerUMCarbUPw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 347, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "304402207cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc4766997802203333333300000000333333333333333325c7cbbc549e52e763f1f55a327a3aaa", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04501421277be45a5eefec6c639930d636032565af420cf3373f557faa7f8a06438673d6cb6076e1cfcdc7dfe7384c8e5cac08d74501f2ae6e89cad195d0aa1371", + "wx" : "501421277be45a5eefec6c639930d636032565af420cf3373f557faa7f8a0643", + "wy" : "008673d6cb6076e1cfcdc7dfe7384c8e5cac08d74501f2ae6e89cad195d0aa1371" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004501421277be45a5eefec6c639930d636032565af420cf3373f557faa7f8a06438673d6cb6076e1cfcdc7dfe7384c8e5cac08d74501f2ae6e89cad195d0aa1371", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUBQhJ3vkWl7v7GxjmTDWNgMlZa9C\nDPM3P1V/qn+KBkOGc9bLYHbhz83H3+c4TI5crAjXRQHyrm6JytGV0KoTcQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 348, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "304402207cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978022049249248db6db6dbb6db6db6db6db6db5a8b230d0b2b51dcd7ebf0c9fef7c185", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "040d935bf9ffc115a527735f729ca8a4ca23ee01a4894adf0e3415ac84e808bb343195a3762fea29ed38912bd9ea6c4fde70c3050893a4375850ce61d82eba33c5", + "wx" : "0d935bf9ffc115a527735f729ca8a4ca23ee01a4894adf0e3415ac84e808bb34", + "wy" : "3195a3762fea29ed38912bd9ea6c4fde70c3050893a4375850ce61d82eba33c5" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200040d935bf9ffc115a527735f729ca8a4ca23ee01a4894adf0e3415ac84e808bb343195a3762fea29ed38912bd9ea6c4fde70c3050893a4375850ce61d82eba33c5", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDZNb+f/BFaUnc19ynKikyiPuAaSJ\nSt8ONBWshOgIuzQxlaN2L+op7TiRK9nqbE/ecMMFCJOkN1hQzmHYLrozxQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 349, + "comment" : "extreme value for k", + "msg" : "313233343030", + "sig" : "304402207cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978022016a4502e2781e11ac82cbc9d1edd8c981584d13e18411e2f6e0478c34416e3bb", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045e59f50708646be8a589355014308e60b668fb670196206c41e748e64e4dca215de37fee5c97bcaf7144d5b459982f52eeeafbdf03aacbafef38e213624a01de", + "wx" : "5e59f50708646be8a589355014308e60b668fb670196206c41e748e64e4dca21", + "wy" : "5de37fee5c97bcaf7144d5b459982f52eeeafbdf03aacbafef38e213624a01de" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045e59f50708646be8a589355014308e60b668fb670196206c41e748e64e4dca215de37fee5c97bcaf7144d5b459982f52eeeafbdf03aacbafef38e213624a01de", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXln1Bwhka+iliTVQFDCOYLZo+2cB\nliBsQedI5k5NyiFd43/uXJe8r3FE1bRZmC9S7ur73wOqy6/vOOITYkoB3g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 350, + "comment" : "extreme value for k and edgecase s", + "msg" : "313233343030", + "sig" : "304402206b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2960220555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04169fb797325843faff2f7a5b5445da9e2fd6226f7ef90ef0bfe924104b02db8e7bbb8de662c7b9b1cf9b22f7a2e582bd46d581d68878efb2b861b131d8a1d667", + "wx" : "169fb797325843faff2f7a5b5445da9e2fd6226f7ef90ef0bfe924104b02db8e", + "wy" : "7bbb8de662c7b9b1cf9b22f7a2e582bd46d581d68878efb2b861b131d8a1d667" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004169fb797325843faff2f7a5b5445da9e2fd6226f7ef90ef0bfe924104b02db8e7bbb8de662c7b9b1cf9b22f7a2e582bd46d581d68878efb2b861b131d8a1d667", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFp+3lzJYQ/r/L3pbVEXani/WIm9+\n+Q7wv+kkEEsC2457u43mYse5sc+bIvei5YK9RtWB1oh477K4YbEx2KHWZw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 351, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "304502206b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296022100b6db6db6249249254924924924924924625bd7a09bec4ca81bcdd9f8fd6b63cc", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04271cd89c000143096b62d4e9e4ca885aef2f7023d18affdaf8b7b548981487540a1c6e954e32108435b55fa385b0f76481a609b9149ccb4b02b2ca47fe8e4da5", + "wx" : "271cd89c000143096b62d4e9e4ca885aef2f7023d18affdaf8b7b54898148754", + "wy" : "0a1c6e954e32108435b55fa385b0f76481a609b9149ccb4b02b2ca47fe8e4da5" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004271cd89c000143096b62d4e9e4ca885aef2f7023d18affdaf8b7b548981487540a1c6e954e32108435b55fa385b0f76481a609b9149ccb4b02b2ca47fe8e4da5", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJxzYnAABQwlrYtTp5MqIWu8vcCPR\niv/a+Le1SJgUh1QKHG6VTjIQhDW1X6OFsPdkgaYJuRScy0sCsspH/o5NpQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 352, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "304502206b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296022100cccccccc00000000cccccccccccccccc971f2ef152794b9d8fc7d568c9e8eaa7", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043d0bc7ed8f09d2cb7ddb46ebc1ed799ab1563a9ab84bf524587a220afe499c12e22dc3b3c103824a4f378d96adb0a408abf19ce7d68aa6244f78cb216fa3f8df", + "wx" : "3d0bc7ed8f09d2cb7ddb46ebc1ed799ab1563a9ab84bf524587a220afe499c12", + "wy" : "00e22dc3b3c103824a4f378d96adb0a408abf19ce7d68aa6244f78cb216fa3f8df" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200043d0bc7ed8f09d2cb7ddb46ebc1ed799ab1563a9ab84bf524587a220afe499c12e22dc3b3c103824a4f378d96adb0a408abf19ce7d68aa6244f78cb216fa3f8df", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPQvH7Y8J0st920brwe15mrFWOpq4\nS/UkWHoiCv5JnBLiLcOzwQOCSk83jZatsKQIq/Gc59aKpiRPeMshb6P43w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 353, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "304402206b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29602203333333300000000333333333333333325c7cbbc549e52e763f1f55a327a3aaa", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04a6c885ade1a4c566f9bb010d066974abb281797fa701288c721bcbd23663a9b72e424b690957168d193a6096fc77a2b004a9c7d467e007e1f2058458f98af316", + "wx" : "00a6c885ade1a4c566f9bb010d066974abb281797fa701288c721bcbd23663a9b7", + "wy" : "2e424b690957168d193a6096fc77a2b004a9c7d467e007e1f2058458f98af316" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004a6c885ade1a4c566f9bb010d066974abb281797fa701288c721bcbd23663a9b72e424b690957168d193a6096fc77a2b004a9c7d467e007e1f2058458f98af316", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpsiFreGkxWb5uwENBml0q7KBeX+n\nASiMchvL0jZjqbcuQktpCVcWjRk6YJb8d6KwBKnH1GfgB+HyBYRY+YrzFg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 354, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "304402206b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296022049249248db6db6dbb6db6db6db6db6db5a8b230d0b2b51dcd7ebf0c9fef7c185", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "048d3c2c2c3b765ba8289e6ac3812572a25bf75df62d87ab7330c3bdbad9ebfa5c4c6845442d66935b238578d43aec54f7caa1621d1af241d4632e0b780c423f5d", + "wx" : "008d3c2c2c3b765ba8289e6ac3812572a25bf75df62d87ab7330c3bdbad9ebfa5c", + "wy" : "4c6845442d66935b238578d43aec54f7caa1621d1af241d4632e0b780c423f5d" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200048d3c2c2c3b765ba8289e6ac3812572a25bf75df62d87ab7330c3bdbad9ebfa5c4c6845442d66935b238578d43aec54f7caa1621d1af241d4632e0b780c423f5d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjTwsLDt2W6gonmrDgSVyolv3XfYt\nh6tzMMO9utnr+lxMaEVELWaTWyOFeNQ67FT3yqFiHRryQdRjLgt4DEI/XQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 355, + "comment" : "extreme value for k", + "msg" : "313233343030", + "sig" : "304402206b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296022016a4502e2781e11ac82cbc9d1edd8c981584d13e18411e2f6e0478c34416e3bb", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", + "wx" : "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", + "wy" : "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaxfR8uEsQkf4vOblY6RA8ncDfYEt\n6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 356, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "3045022100bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca6050230220249249246db6db6ddb6db6db6db6db6dad4591868595a8ee6bf5f864ff7be0c2", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 357, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "3044022044a5ad0ad0636d9f12bc9e0a6bdd5e1cbcb012ea7bf091fcec15b0c43202d52e0220249249246db6db6ddb6db6db6db6db6dad4591868595a8ee6bf5f864ff7be0c2", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296b01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a", + "wx" : "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", + "wy" : "00b01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296b01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaxfR8uEsQkf4vOblY6RA8ncDfYEt\n6zOg9KE5RdiYwpawHL0cAeWAZXEYFLWD8GHp1DHMqZTOoTE0Sb+XyECuCg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 358, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "3045022100bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca6050230220249249246db6db6ddb6db6db6db6db6dad4591868595a8ee6bf5f864ff7be0c2", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 359, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "3044022044a5ad0ad0636d9f12bc9e0a6bdd5e1cbcb012ea7bf091fcec15b0c43202d52e0220249249246db6db6ddb6db6db6db6db6dad4591868595a8ee6bf5f864ff7be0c2", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0404aaec73635726f213fb8a9e64da3b8632e41495a944d0045b522eba7240fad587d9315798aaa3a5ba01775787ced05eaaf7b4e09fc81d6d1aa546e8365d525d", + "wx" : "04aaec73635726f213fb8a9e64da3b8632e41495a944d0045b522eba7240fad5", + "wy" : "0087d9315798aaa3a5ba01775787ced05eaaf7b4e09fc81d6d1aa546e8365d525d" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000404aaec73635726f213fb8a9e64da3b8632e41495a944d0045b522eba7240fad587d9315798aaa3a5ba01775787ced05eaaf7b4e09fc81d6d1aa546e8365d525d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBKrsc2NXJvIT+4qeZNo7hjLkFJWp\nRNAEW1IuunJA+tWH2TFXmKqjpboBd1eHztBeqve04J/IHW0apUboNl1SXQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 360, + "comment" : "pseudorandom signature", + "msg" : "", + "sig" : "3045022100b292a619339f6e567a305c951c0dcbcc42d16e47f219f9e98e76e09d8770b34a02200177e60492c5a8242f76f07bfe3661bde59ec2a17ce5bd2dab2abebdf89a62e2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 361, + "comment" : "pseudorandom signature", + "msg" : "4d7367", + "sig" : "30450220530bd6b0c9af2d69ba897f6b5fb59695cfbf33afe66dbadcf5b8d2a2a6538e23022100d85e489cb7a161fd55ededcedbf4cc0c0987e3e3f0f242cae934c72caa3f43e9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 362, + "comment" : "pseudorandom signature", + "msg" : "313233343030", + "sig" : "3046022100a8ea150cb80125d7381c4c1f1da8e9de2711f9917060406a73d7904519e51388022100f3ab9fa68bd47973a73b2d40480c2ba50c22c9d76ec217257288293285449b86", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 363, + "comment" : "pseudorandom signature", + "msg" : "0000000000000000000000000000000000000000", + "sig" : "3045022100986e65933ef2ed4ee5aada139f52b70539aaf63f00a91f29c69178490d57fb7102203dafedfb8da6189d372308cbf1489bbbdabf0c0217d1c0ff0f701aaa7a694b9c", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "044f337ccfd67726a805e4f1600ae2849df3807eca117380239fbd816900000000ed9dea124cc8c396416411e988c30f427eb504af43a3146cd5df7ea60666d685", + "wx" : "4f337ccfd67726a805e4f1600ae2849df3807eca117380239fbd816900000000", + "wy" : "00ed9dea124cc8c396416411e988c30f427eb504af43a3146cd5df7ea60666d685" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200044f337ccfd67726a805e4f1600ae2849df3807eca117380239fbd816900000000ed9dea124cc8c396416411e988c30f427eb504af43a3146cd5df7ea60666d685", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETzN8z9Z3JqgF5PFgCuKEnfOAfsoR\nc4Ajn72BaQAAAADtneoSTMjDlkFkEemIww9CfrUEr0OjFGzV336mBmbWhQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 364, + "comment" : "x-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "3046022100d434e262a49eab7781e353a3565e482550dd0fd5defa013c7f29745eff3569f10221009b0c0a93f267fb6052fd8077be769c2b98953195d7bc10de844218305c6ba17a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 365, + "comment" : "x-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "304402200fe774355c04d060f76d79fd7a772e421463489221bf0a33add0be9b1979110b0220500dcba1c69a8fbd43fa4f57f743ce124ca8b91a1f325f3fac6181175df55737", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 366, + "comment" : "x-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "3045022100bb40bf217bed3fb3950c7d39f03d36dc8e3b2cd79693f125bfd06595ee1135e30220541bf3532351ebb032710bdb6a1bf1bfc89a1e291ac692b3fa4780745bb55677", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f49726500493584fa174d791c72bf2ce3880a8960dd2a7c7a1338a82f85a9e59cdbde80000000", + "wx" : "3cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f497265004935", + "wy" : "0084fa174d791c72bf2ce3880a8960dd2a7c7a1338a82f85a9e59cdbde80000000" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200043cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f49726500493584fa174d791c72bf2ce3880a8960dd2a7c7a1338a82f85a9e59cdbde80000000", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPPA9YU2JOc/UmaB4c/rCgWGPBrj/\nh+gBXD9JcmUASTWE+hdNeRxyvyzjiAqJYN0qfHoTOKgvhanlnNvegAAAAA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 367, + "comment" : "y-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "30440220664eb7ee6db84a34df3c86ea31389a5405badd5ca99231ff556d3e75a233e73a022059f3c752e52eca46137642490a51560ce0badc678754b8f72e51a2901426a1bd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 368, + "comment" : "y-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "304502204cd0429bbabd2827009d6fcd843d4ce39c3e42e2d1631fd001985a79d1fd8b430221009638bf12dd682f60be7ef1d0e0d98f08b7bca77a1a2b869ae466189d2acdabe3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 369, + "comment" : "y-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "3046022100e56c6ea2d1b017091c44d8b6cb62b9f460e3ce9aed5e5fd41e8added97c56c04022100a308ec31f281e955be20b457e463440b4fcf2b80258078207fc1378180f89b55", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f4972650049357b05e8b186e38d41d31c77f5769f22d58385ecc857d07a561a6324217fffffff", + "wx" : "3cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f497265004935", + "wy" : "7b05e8b186e38d41d31c77f5769f22d58385ecc857d07a561a6324217fffffff" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200043cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f4972650049357b05e8b186e38d41d31c77f5769f22d58385ecc857d07a561a6324217fffffff", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPPA9YU2JOc/UmaB4c/rCgWGPBrj/\nh+gBXD9JcmUASTV7BeixhuONQdMcd/V2nyLVg4XsyFfQelYaYyQhf////w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 370, + "comment" : "y-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "304402201158a08d291500b4cabed3346d891eee57c176356a2624fb011f8fbbf34668300220228a8c486a736006e082325b85290c5bc91f378b75d487dda46798c18f285519", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 371, + "comment" : "y-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "3045022100b1db9289649f59410ea36b0c0fc8d6aa2687b29176939dd23e0dde56d309fa9d02203e1535e4280559015b0dbd987366dcf43a6d1af5c23c7d584e1c3f48a1251336", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 372, + "comment" : "y-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "3046022100b7b16e762286cb96446aa8d4e6e7578b0a341a79f2dd1a220ac6f0ca4e24ed86022100ddc60a700a139b04661c547d07bbb0721780146df799ccf55e55234ecb8f12bc", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042829c31faa2e400e344ed94bca3fcd0545956ebcfe8ad0f6dfa5ff8effffffffa01aafaf000e52585855afa7676ade284113099052df57e7eb3bd37ebeb9222e", + "wx" : "2829c31faa2e400e344ed94bca3fcd0545956ebcfe8ad0f6dfa5ff8effffffff", + "wy" : "00a01aafaf000e52585855afa7676ade284113099052df57e7eb3bd37ebeb9222e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200042829c31faa2e400e344ed94bca3fcd0545956ebcfe8ad0f6dfa5ff8effffffffa01aafaf000e52585855afa7676ade284113099052df57e7eb3bd37ebeb9222e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKCnDH6ouQA40TtlLyj/NBUWVbrz+\nitD236X/jv////+gGq+vAA5SWFhVr6dnat4oQRMJkFLfV+frO9N+vrkiLg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 373, + "comment" : "x-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "3045022100d82a7c2717261187c8e00d8df963ff35d796edad36bc6e6bd1c91c670d9105b402203dcabddaf8fcaa61f4603e7cbac0f3c0351ecd5988efb23f680d07debd139929", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 374, + "comment" : "x-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "304402205eb9c8845de68eb13d5befe719f462d77787802baff30ce96a5cba063254af7802202c026ae9be2e2a5e7ca0ff9bbd92fb6e44972186228ee9a62b87ddbe2ef66fb5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 375, + "comment" : "x-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "304602210096843dd03c22abd2f3b782b170239f90f277921becc117d0404a8e4e36230c28022100f2be378f526f74a543f67165976de9ed9a31214eb4d7e6db19e1ede123dd991d", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04fffffff948081e6a0458dd8f9e738f2665ff9059ad6aac0708318c4ca9a7a4f55a8abcba2dda8474311ee54149b973cae0c0fb89557ad0bf78e6529a1663bd73", + "wx" : "00fffffff948081e6a0458dd8f9e738f2665ff9059ad6aac0708318c4ca9a7a4f5", + "wy" : "5a8abcba2dda8474311ee54149b973cae0c0fb89557ad0bf78e6529a1663bd73" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004fffffff948081e6a0458dd8f9e738f2665ff9059ad6aac0708318c4ca9a7a4f55a8abcba2dda8474311ee54149b973cae0c0fb89557ad0bf78e6529a1663bd73", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE////+UgIHmoEWN2PnnOPJmX/kFmt\naqwHCDGMTKmnpPVairy6LdqEdDEe5UFJuXPK4MD7iVV60L945lKaFmO9cw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 376, + "comment" : "x-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "30440220766456dce1857c906f9996af729339464d27e9d98edc2d0e3b760297067421f60220402385ecadae0d8081dccaf5d19037ec4e55376eced699e93646bfbbf19d0b41", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 377, + "comment" : "x-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "3046022100c605c4b2edeab20419e6518a11b2dbc2b97ed8b07cced0b19c34f777de7b9fd9022100edf0f612c5f46e03c719647bc8af1b29b2cde2eda700fb1cff5e159d47326dba", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 378, + "comment" : "x-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "3046022100d48b68e6cabfe03cf6141c9ac54141f210e64485d9929ad7b732bfe3b7eb8a84022100feedae50c61bd00e19dc26f9b7e2265e4508c389109ad2f208f0772315b6c941", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0400000003fa15f963949d5f03a6f5c7f86f9e0015eeb23aebbff1173937ba748e1099872070e8e87c555fa13659cca5d7fadcfcb0023ea889548ca48af2ba7e71", + "wx" : "03fa15f963949d5f03a6f5c7f86f9e0015eeb23aebbff1173937ba748e", + "wy" : "1099872070e8e87c555fa13659cca5d7fadcfcb0023ea889548ca48af2ba7e71" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000400000003fa15f963949d5f03a6f5c7f86f9e0015eeb23aebbff1173937ba748e1099872070e8e87c555fa13659cca5d7fadcfcb0023ea889548ca48af2ba7e71", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAAAAA/oV+WOUnV8DpvXH+G+eABXu\nsjrrv/EXOTe6dI4QmYcgcOjofFVfoTZZzKXX+tz8sAI+qIlUjKSK8rp+cQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 379, + "comment" : "x-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "3046022100b7c81457d4aeb6aa65957098569f0479710ad7f6595d5874c35a93d12a5dd4c7022100b7961a0b652878c2d568069a432ca18a1a9199f2ca574dad4b9e3a05c0a1cdb3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 380, + "comment" : "x-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "304402206b01332ddb6edfa9a30a1321d5858e1ee3cf97e263e669f8de5e9652e76ff3f702205939545fced457309a6a04ace2bd0f70139c8f7d86b02cb1cc58f9e69e96cd5a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 381, + "comment" : "x-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "3046022100efdb884720eaeadc349f9fc356b6c0344101cd2fd8436b7d0e6a4fb93f106361022100f24bee6ad5dc05f7613975473aadf3aacba9e77de7d69b6ce48cb60d8113385d", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015000000001352bb4a0fa2ea4cceb9ab63dd684ade5a1127bcf300a698a7193bc2", + "wx" : "00bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015", + "wy" : "1352bb4a0fa2ea4cceb9ab63dd684ade5a1127bcf300a698a7193bc2" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015000000001352bb4a0fa2ea4cceb9ab63dd684ade5a1127bcf300a698a7193bc2", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvLspFMefBF6qbsu8YSgWs75dLWeW\ncH2BJen4UcGK8BUAAAAAE1K7Sg+i6kzOuatj3WhK3loRJ7zzAKaYpxk7wg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 382, + "comment" : "y-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "3044022031230428405560dcb88fb5a646836aea9b23a23dd973dcbe8014c87b8b20eb0702200f9344d6e812ce166646747694a41b0aaf97374e19f3c5fb8bd7ae3d9bd0beff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 383, + "comment" : "y-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "3046022100caa797da65b320ab0d5c470cda0b36b294359c7db9841d679174db34c4855743022100cf543a62f23e212745391aaf7505f345123d2685ee3b941d3de6d9b36242e5a0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 384, + "comment" : "y-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "304502207e5f0ab5d900d3d3d7867657e5d6d36519bc54084536e7d21c336ed8001859450221009450c07f201faec94b82dfb322e5ac676688294aad35aa72e727ff0b19b646aa", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015fffffffeecad44b6f05d15b33146549c2297b522a5eed8430cff596758e6c43d", + "wx" : "00bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015", + "wy" : "00fffffffeecad44b6f05d15b33146549c2297b522a5eed8430cff596758e6c43d" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015fffffffeecad44b6f05d15b33146549c2297b522a5eed8430cff596758e6c43d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvLspFMefBF6qbsu8YSgWs75dLWeW\ncH2BJen4UcGK8BX////+7K1EtvBdFbMxRlScIpe1IqXu2EMM/1lnWObEPQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaVerify", + "tests" : [ + { + "tcId" : 385, + "comment" : "y-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "3046022100d7d70c581ae9e3f66dc6a480bf037ae23f8a1e4a2136fe4b03aa69f0ca25b35602210089c460f8a5a5c2bbba962c8a3ee833a413e85658e62a59e2af41d9127cc47224", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 386, + "comment" : "y-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "30440220341c1b9ff3c83dd5e0dfa0bf68bcdf4bb7aa20c625975e5eeee34bb396266b34022072b69f061b750fd5121b22b11366fad549c634e77765a017902a67099e0a4469", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 387, + "comment" : "y-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "3045022070bebe684cdcb5ca72a42f0d873879359bd1781a591809947628d313a3814f67022100aec03aca8f5587a4d535fa31027bbe9cc0e464b1c3577f4c2dcde6b2094798a9", + "result" : "valid", + "flags" : [] + } + ] + } + ] +} diff --git a/ecdsa/tests/self.rs b/ecdsa/tests/self.rs new file mode 100644 index 000000000..24160e7bc --- /dev/null +++ b/ecdsa/tests/self.rs @@ -0,0 +1,33 @@ +mod util; +use rand::rngs::OsRng; +use util::*; + +use libcrux_ecdsa::{ + p256::{Nonce, PrivateKey, PublicKey}, + *, +}; + +#[test] +fn test_self() { + // From https://tools.ietf.org/html/rfc6979#appendix-A.2.5 + const PK_HEX: &str = "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299"; + const SK_HEX: &str = "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721"; + + let mut rng = OsRng; + + let pk = hex_str_to_bytes(PK_HEX); + let pk = PublicKey::try_from(pk.as_slice()).unwrap(); + let sk: [u8; 32] = hex_str_to_array(SK_HEX); + let sk = PrivateKey::try_from(&sk).unwrap(); + let nonce = Nonce::random(&mut rng).unwrap(); + let msg = b"sample"; + + let sig = p256::sign(DigestAlgorithm::Sha256, &msg[..], &sk, &nonce).unwrap(); + p256::verify(DigestAlgorithm::Sha256, &msg[..], &sig, &pk).unwrap(); + + let new_msg = b"a different message"; + let sig = p256::sign(DigestAlgorithm::Sha256, &new_msg[..], &sk, &nonce).unwrap(); + let error = p256::verify(DigestAlgorithm::Sha256, &msg[..], &sig, &pk) + .expect_err("The message is wrong for the signature"); + assert!(matches!(error, Error::InvalidSignature)); +} diff --git a/ecdsa/tests/util.rs b/ecdsa/tests/util.rs new file mode 100644 index 000000000..3e299dd0f --- /dev/null +++ b/ecdsa/tests/util.rs @@ -0,0 +1,49 @@ +#![allow(dead_code)] + +pub use serde::{self, de::DeserializeOwned, Deserialize, Serialize}; +pub use serde_json::Value; +pub use std::fs::File; +pub use std::io::{prelude::*, BufReader}; + +use std::num::ParseIntError; + +// use evercrypt::aead::Nonce; + +pub(crate) trait ReadFromFile { + fn from_file(file: &'static str) -> T { + let file = match File::open(file) { + Ok(f) => f, + Err(_) => panic!("Couldn't open file {}.", file), + }; + let reader = BufReader::new(file); + match serde_json::from_reader(reader) { + Ok(r) => r, + Err(e) => { + println!("{:?}", e); + panic!("Error reading file.") + } + } + } +} + +pub(crate) fn hex_str_to_bytes(val: &str) -> Vec { + let b: Result, ParseIntError> = (0..val.len()) + .step_by(2) + .map(|i| u8::from_str_radix(&val[i..i + 2], 16)) + .collect(); + b.expect("Error parsing hex string") +} + +pub(crate) fn hex_str_to_array(val: &str) -> A +where + A: Default + AsMut<[u8]>, +{ + let b: Result, ParseIntError> = (0..val.len()) + .step_by(2) + .map(|i| u8::from_str_radix(&val[i..i + 2], 16)) + .collect(); + let b = b.expect("Error parsing hex string"); + let mut out = A::default(); + A::as_mut(&mut out).clone_from_slice(&b); + out +} diff --git a/ecdsa/tests/wycheproof.rs b/ecdsa/tests/wycheproof.rs new file mode 100644 index 000000000..eed4ad996 --- /dev/null +++ b/ecdsa/tests/wycheproof.rs @@ -0,0 +1,148 @@ +mod util; +use libcrux_ecdsa::{ + p256::{self, PublicKey}, + DigestAlgorithm, Error, +}; +use util::*; + +#[derive(Serialize, Deserialize, Debug, Clone)] +#[allow(non_snake_case)] +struct P256TestVector { + algorithm: String, + generatorVersion: String, + numberOfTests: usize, + notes: Option, // text notes (might not be present), keys correspond to flags + header: Vec, // not used + testGroups: Vec, +} + +#[derive(Serialize, Deserialize, Debug, Clone)] +#[allow(non_snake_case)] +struct TestGroup { + key: Key, + keyDer: String, + keyPem: String, + sha: String, + r#type: String, + tests: Vec, +} + +#[derive(Serialize, Deserialize, Debug, Clone)] +#[allow(non_snake_case)] +struct Key { + curve: String, + r#type: String, + keySize: usize, + uncompressed: String, + wx: String, + wy: String, +} + +#[derive(Serialize, Deserialize, Debug, Clone)] +#[allow(non_snake_case)] +struct Test { + tcId: usize, + comment: String, + msg: String, + sig: String, + result: String, + flags: Vec, +} + +impl ReadFromFile for P256TestVector {} + +fn make_fixed_length(b: &[u8]) -> [u8; 32] { + let mut out = [0u8; 32]; + let b_len = if b.len() >= 32 { 32 } else { b.len() }; + for i in 0..b_len { + out[31 - i] = b[b.len() - 1 - i]; + } + out +} + +// A very simple ASN1 parser for ecdsa signatures. +fn decode_signature(sig: &[u8]) -> p256::Signature { + let mut index = 0; + let (seq, seq_len) = (sig[index], sig[index + 1] as usize); + assert_eq!(0x30, seq); + assert_eq!(seq_len, sig.len() - 2); + index += 2; + + let (x_int, x_int_len) = (sig[index], sig[index + 1] as usize); + assert_eq!(0x02, x_int); + assert!(index + x_int_len + 2 < sig.len()); + index += 2; + let r = &sig[index..index + x_int_len]; + index += x_int_len; + + let (y_int, y_int_len) = (sig[index], sig[index + 1] as usize); + assert_eq!(0x02, y_int); + assert!(index + y_int_len + 2 == sig.len()); + index += 2; + let s = &sig[index..index + y_int_len as usize]; + index += y_int_len; + assert_eq!(sig.len(), index); + + p256::Signature::from_raw(make_fixed_length(r), make_fixed_length(s)) +} + +#[allow(non_snake_case)] +#[test] +fn test_wycheproof() { + let tests: P256TestVector = P256TestVector::from_file("tests/ecdsa_secp256r1_sha256_test.json"); + // TODO: add SHA512 tests + + assert_eq!(tests.algorithm, "ECDSA"); + + let num_tests = tests.numberOfTests; + let mut tests_run = 0; + let mut tests_skipped = 0; + + for testGroup in tests.testGroups.iter() { + assert_eq!(testGroup.key.curve, "secp256r1"); + assert_eq!(testGroup.key.r#type, "EcPublicKey"); + assert_eq!(testGroup.r#type, "EcdsaVerify"); + + assert_eq!(testGroup.sha, "SHA-256"); + + let pk = hex_str_to_bytes(&testGroup.key.uncompressed); + let pk = PublicKey::try_from(pk.as_slice()).unwrap(); + + for test in testGroup.tests.iter() { + println!("Test {:?}: {:?}", test.tcId, test.comment); + + let valid = test.result.eq("valid") || test.result.eq("acceptable"); + let hash = DigestAlgorithm::Sha256; + + // Skip invalid for now + if !valid { + tests_skipped += 1; + continue; + } + + let msg = hex_str_to_bytes(&test.msg); + let sig = hex_str_to_bytes(&test.sig); + + // The signature is ASN.1 encoded. + let signature = decode_signature(&sig); + + match p256::verify(hash, &msg, &signature, &pk) { + Ok(_) => { + assert!(valid); + } + Err(e) => { + println!("Error case ({:?}", e); + assert!(!valid); + } + } + + tests_run += 1; + } + } + // Check that we ran all tests. + println!( + "Ran {} out of {} tests and skipped {}.", + tests_run, num_tests, tests_skipped + ); + assert_eq!(num_tests - tests_skipped, tests_run); +} diff --git a/rsa/src/lib.rs b/rsa/src/lib.rs index cea603c40..8b9f2c3a3 100644 --- a/rsa/src/lib.rs +++ b/rsa/src/lib.rs @@ -33,7 +33,7 @@ pub enum DigestAlgorithm { impl DigestAlgorithm { // using u8 so it can be safely coerced into any uint type - fn hash_len(&self) -> u8 { + const fn hash_len(&self) -> u8 { match self { DigestAlgorithm::Sha2_256 => 32, DigestAlgorithm::Sha2_384 => 48, diff --git a/sha2/src/impl_hacl.rs b/sha2/src/impl_hacl.rs index 8e7f0d8b5..2e6fe32bb 100644 --- a/sha2/src/impl_hacl.rs +++ b/sha2/src/impl_hacl.rs @@ -3,6 +3,7 @@ use libcrux_hacl_rs::prelude::*; use libcrux_traits::Digest; /// The different Sha2 algorithms. +#[derive(Clone, Copy, Debug)] pub enum Algorithm { Sha224, Sha256, @@ -10,6 +11,18 @@ pub enum Algorithm { Sha512, } +impl Algorithm { + // The length of the digest by algorithm. + pub const fn hash_len(&self) -> usize { + match self { + Algorithm::Sha224 => SHA224_LENGTH, + Algorithm::Sha256 => SHA256_LENGTH, + Algorithm::Sha384 => SHA384_LENGTH, + Algorithm::Sha512 => SHA512_LENGTH, + } + } +} + impl Algorithm { /// Sha2 /// From 8143a628526de57876d84cbda9d034d5564cae04 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 30 Jan 2025 10:37:24 +0100 Subject: [PATCH 6/7] drop vale from ecdh --- libcrux-ecdh/src/hacl/curve25519.rs | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/libcrux-ecdh/src/hacl/curve25519.rs b/libcrux-ecdh/src/hacl/curve25519.rs index b5e56e57c..6edbefe3c 100644 --- a/libcrux-ecdh/src/hacl/curve25519.rs +++ b/libcrux-ecdh/src/hacl/curve25519.rs @@ -28,32 +28,3 @@ pub fn secret_to_public(private_key: impl AsRef<[u8; 32]>) -> [u8; 32] { libcrux_curve25519::secret_to_public(&mut public, private_key.as_ref()); public } - -#[cfg(all(bmi2, adx, target_arch = "x86_64"))] -pub mod vale { - use super::Error; - use libcrux_hacl::Hacl_Curve25519_64_ecdh; - - /// Compute the ECDH with the `private_key` and `public_key`. - /// - /// Returns the 32 bytes shared key. - #[inline(always)] - pub fn ecdh( - private_key: impl AsRef<[u8; 32]>, - public_key: impl AsRef<[u8; 32]>, - ) -> Result<[u8; 32], Error> { - let mut shared = [0u8; 32]; - let ok = unsafe { - Hacl_Curve25519_64_ecdh( - shared.as_mut_ptr(), - private_key.as_ref().as_ptr() as _, - public_key.as_ref().as_ptr() as _, - ) - }; - if !ok { - Err(Error::InvalidInput) - } else { - Ok(shared) - } - } -} From 2765c2efeb726f47dc840f8eec6abb832baac4d3 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 4 Feb 2025 17:04:18 +0100 Subject: [PATCH 7/7] feature gate p256 crate code --- ecdsa/Cargo.toml | 4 +++- ecdsa/src/p256.rs | 2 +- ecdsa/tests/util.rs | 2 -- libcrux-ecdh/Cargo.toml | 4 +++- p256/Cargo.toml | 3 +++ p256/src/lib.rs | 2 ++ 6 files changed, 12 insertions(+), 5 deletions(-) diff --git a/ecdsa/Cargo.toml b/ecdsa/Cargo.toml index f960c577b..d2216eb26 100644 --- a/ecdsa/Cargo.toml +++ b/ecdsa/Cargo.toml @@ -11,7 +11,9 @@ repository.workspace = true readme.workspace = true [dependencies] -libcrux-p256 = { version = "=0.0.2-beta.2", path = "../p256" } +libcrux-p256 = { version = "=0.0.2-beta.2", path = "../p256", features = [ + "expose-hacl", +] } libcrux-sha2 = { version = "=0.0.2-beta.2", path = "../sha2" } rand = { version = "0.8", optional = true } diff --git a/ecdsa/src/p256.rs b/ecdsa/src/p256.rs index ed131799e..98b88f1a7 100644 --- a/ecdsa/src/p256.rs +++ b/ecdsa/src/p256.rs @@ -172,7 +172,7 @@ fn validate_scalar_(scalar: &[u8; 32]) -> Result<(), Error> { } } -/// Validate a P256 secret key or nonce (scalar). +/// Validate a P256 secret key or nonce (scalar). fn validate_scalar_slice(scalar: &[u8]) -> Result<[u8; 32], Error> { if scalar.is_empty() { return Err(Error::InvalidScalar); diff --git a/ecdsa/tests/util.rs b/ecdsa/tests/util.rs index 3e299dd0f..011820758 100644 --- a/ecdsa/tests/util.rs +++ b/ecdsa/tests/util.rs @@ -7,8 +7,6 @@ pub use std::io::{prelude::*, BufReader}; use std::num::ParseIntError; -// use evercrypt::aead::Nonce; - pub(crate) trait ReadFromFile { fn from_file(file: &'static str) -> T { let file = match File::open(file) { diff --git a/libcrux-ecdh/Cargo.toml b/libcrux-ecdh/Cargo.toml index d9540ae5d..5086cd441 100644 --- a/libcrux-ecdh/Cargo.toml +++ b/libcrux-ecdh/Cargo.toml @@ -15,7 +15,9 @@ path = "src/ecdh.rs" [dependencies] rand = { version = "0.8" } libcrux-curve25519 = { version = "=0.0.2-beta.2", path = "../curve25519" } -libcrux-p256 = { version = "=0.0.2-beta.2", path = "../p256" } +libcrux-p256 = { version = "=0.0.2-beta.2", path = "../p256", features = [ + "expose-hacl", +] } [dev-dependencies] rand_core = { version = "0.6" } diff --git a/p256/Cargo.toml b/p256/Cargo.toml index 1871e9788..e03f6b784 100644 --- a/p256/Cargo.toml +++ b/p256/Cargo.toml @@ -16,3 +16,6 @@ libcrux-hacl-rs = { version = "=0.0.2-beta.2", path = "../hacl-rs" } libcrux-sha2 = { version = "=0.0.2-beta.2", path = "../sha2", features = [ "expose-hacl", ] } + +[features] +expose-hacl = [] diff --git a/p256/src/lib.rs b/p256/src/lib.rs index 633b14f8e..8aa9c4fa1 100644 --- a/p256/src/lib.rs +++ b/p256/src/lib.rs @@ -1,9 +1,11 @@ //! A P-256 implementation. //! //! This crate should not be used directly and is internal to libcrux. +//! By default this crate is empty. // HACL* generated code mod p256; mod p256_precomptable; +#[cfg(feature = "expose-hacl")] pub use p256::*;