Add test vector for ZKP verification

This commit is contained in:
Manuel Pégourié-Gonnard 2015-08-12 10:09:55 +02:00
parent 6029a85572
commit 967cd7192d

View File

@ -255,37 +255,25 @@ int mbedtls_ecjpake_self_test( int verbose )
}
#else
static const unsigned char ecjpake_test_G[] = {
0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6,
0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33,
0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42,
0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e,
0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40,
0x68, 0x37, 0xbf, 0x51, 0xf5
};
static const unsigned char ecjpake_test_V[] = {
0x04, 0xfa, 0x9a, 0x24, 0x9d, 0x73, 0x6e, 0x30, 0x28, 0xd1, 0x2d, 0xf1,
0xdc, 0xfa, 0x22, 0xd1, 0xed, 0x62, 0x82, 0xbf, 0xab, 0x27, 0x7c, 0x7c,
0x52, 0x56, 0xf3, 0xfd, 0x38, 0x07, 0xa5, 0xae, 0xe0, 0x72, 0xfb, 0x4d,
0x9c, 0x2b, 0xd6, 0xa4, 0x70, 0xf7, 0xb4, 0xd0, 0xbd, 0xfb, 0x4a, 0x94,
0x96, 0xcf, 0xcd, 0xd3, 0x53, 0xf9, 0x90, 0x3c, 0x0a, 0x69, 0xa4, 0x4b,
0x18, 0xc6, 0xd2, 0x9b, 0xb8
};
static const unsigned char ecjpake_test_X[] = {
0x04, 0x52, 0xa4, 0xda, 0x90, 0xa5, 0x15, 0x7f, 0xc0, 0xe5, 0x1f, 0x79,
0x4b, 0xe3, 0xbb, 0x3f, 0x1d, 0xf8, 0xdf, 0xb1, 0xe3, 0x18, 0xa8, 0x10,
0xf2, 0x05, 0x2e, 0x64, 0xa8, 0xe8, 0x35, 0x64, 0xe8, 0xe2, 0x8c, 0x17,
0x15, 0xab, 0xf7, 0x8d, 0x1f, 0x8b, 0x18, 0x99, 0x6d, 0x6a, 0xb7, 0xbd,
0xcc, 0xbe, 0x52, 0x08, 0x1a, 0x3a, 0xe7, 0x65, 0x4b, 0xdf, 0x66, 0x62,
0xf5, 0x74, 0xe0, 0xfd, 0x80
0x04, 0xac, 0xcf, 0x01, 0x06, 0xef, 0x85, 0x8f, 0xa2, 0xd9, 0x19, 0x33,
0x13, 0x46, 0x80, 0x5a, 0x78, 0xb5, 0x8b, 0xba, 0xd0, 0xb8, 0x44, 0xe5,
0xc7, 0x89, 0x28, 0x79, 0x14, 0x61, 0x87, 0xdd, 0x26, 0x66, 0xad, 0xa7,
0x81, 0xbb, 0x7f, 0x11, 0x13, 0x72, 0x25, 0x1a, 0x89, 0x10, 0x62, 0x1f,
0x63, 0x4d, 0xf1, 0x28, 0xac, 0x48, 0xe3, 0x81, 0xfd, 0x6e, 0xf9, 0x06,
0x07, 0x31, 0xf6, 0x94, 0xa4
};
static const unsigned char ecjpake_test_h[] = {
0xec, 0xf3, 0x24, 0x46, 0x16, 0xce, 0xa5, 0x34, 0x58, 0x46, 0xd2, 0x45,
0xba, 0x27, 0x63, 0x36, 0x50, 0xc4, 0x70, 0x3d, 0x56, 0x0c, 0x7a, 0x7c,
0x51, 0x69, 0xfe, 0xa7, 0xa3, 0xf7, 0x79, 0x10
static const unsigned char ecjpake_test_zkp[] = {
0x41, 0x04, 0x1d, 0xd0, 0xbd, 0x5d, 0x45, 0x66, 0xc9, 0xbe, 0xd9, 0xce,
0x7d, 0xe7, 0x01, 0xb5, 0xe8, 0x2e, 0x08, 0xe8, 0x4b, 0x73, 0x04, 0x66,
0x01, 0x8a, 0xb9, 0x03, 0xc7, 0x9e, 0xb9, 0x82, 0x17, 0x22, 0x36, 0xc0,
0xc1, 0x72, 0x8a, 0xe4, 0xbf, 0x73, 0x61, 0x0d, 0x34, 0xde, 0x44, 0x24,
0x6e, 0xf3, 0xd9, 0xc0, 0x5a, 0x22, 0x36, 0xfb, 0x66, 0xa6, 0x58, 0x3d,
0x74, 0x49, 0x30, 0x8b, 0xab, 0xce, 0x20, 0x72, 0xfe, 0x16, 0x66, 0x29,
0x92, 0xe9, 0x23, 0x5c, 0x25, 0x00, 0x2f, 0x11, 0xb1, 0x50, 0x87, 0xb8,
0x27, 0x38, 0xe0, 0x3c, 0x94, 0x5b, 0xf7, 0xa2, 0x99, 0x5d, 0xda, 0x1e,
0x98, 0x34, 0x58
};
/* For tests we don't need a secure RNG;
@ -314,18 +302,15 @@ int mbedtls_ecjpake_self_test( int verbose )
{
int ret;
mbedtls_ecp_group grp;
mbedtls_ecp_point G, V, X;
mbedtls_mpi x, h, h_ref;
mbedtls_ecp_point X;
mbedtls_mpi x;
const mbedtls_md_info_t *md_info;
unsigned char buf[1000];
unsigned char *p;
const unsigned char *end;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &G );
mbedtls_ecp_point_init( &V );
mbedtls_ecp_point_init( &X );
mbedtls_mpi_init( &h_ref );
mbedtls_mpi_init( &h );
mbedtls_mpi_init( &x );
/* Common to all tests */
@ -333,24 +318,30 @@ int mbedtls_ecjpake_self_test( int verbose )
MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP256R1 ) );
if( verbose != 0 )
mbedtls_printf( " ECJPAKE test #1 (hash): " );
mbedtls_printf( " ECJPAKE test #1 (zkp read): " );
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &grp, &G, ecjpake_test_G,
sizeof( ecjpake_test_G ) ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &grp, &V, ecjpake_test_V,
sizeof( ecjpake_test_V ) ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &grp, &X, ecjpake_test_X,
sizeof( ecjpake_test_X ) ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &h_ref, ecjpake_test_h,
sizeof( ecjpake_test_h ) ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &grp, &X,
ecjpake_test_X,
sizeof( ecjpake_test_X ) ) );
MBEDTLS_MPI_CHK( ecjpake_hash( md_info, &grp, &G, &V, &X, "client", &h ) );
p = (unsigned char *) ecjpake_test_zkp;
end = ecjpake_test_zkp + sizeof( ecjpake_test_zkp );
MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, &grp, &grp.G, &X, "client",
&p, end ) );
if( mbedtls_mpi_cmp_mpi( &h, &h_ref ) != 0 )
/* Corrupt proof */
memcpy( buf, ecjpake_test_zkp, sizeof( ecjpake_test_zkp ) );
buf[sizeof( ecjpake_test_zkp ) - 1]--;
p = buf;
end = buf + sizeof( ecjpake_test_zkp );
ret = ecjpake_zkp_read( md_info, &grp, &grp.G, &X, "client", &p, end );
if( ret != MBEDTLS_ERR_ECP_VERIFY_FAILED )
{
ret = 1;
goto cleanup;
}
ret = 0;
if( verbose != 0 )
mbedtls_printf( "passed\n" );
@ -358,16 +349,16 @@ int mbedtls_ecjpake_self_test( int verbose )
if( verbose != 0 )
mbedtls_printf( " ECJPAKE test #2 (zkp write/read): " );
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( &grp, &G, &x, &X,
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( &grp, &grp.G, &x, &X,
ecjpake_lgc, NULL ) );
p = buf;
MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_info, &grp, &G, &x, &X, "client",
MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_info, &grp, &grp.G, &x, &X, "client",
&p, buf + sizeof( buf ),
ecjpake_lgc, NULL ) );
p = buf;
MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, &grp, &G, &X, "client",
MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, &grp, &grp.G, &X, "client",
&p, buf + sizeof( buf ) ) );
if( verbose != 0 )
@ -375,11 +366,7 @@ int mbedtls_ecjpake_self_test( int verbose )
cleanup:
mbedtls_ecp_group_free( &grp );
mbedtls_ecp_point_free( &G );
mbedtls_ecp_point_free( &V );
mbedtls_ecp_point_free( &X );
mbedtls_mpi_free( &h_ref );
mbedtls_mpi_free( &h );
mbedtls_mpi_free( &x );
if( ret != 0 )