From 9c5f05dfd4bd757ecdbeabe4bcd60caaf45a5789 Mon Sep 17 00:00:00 2001
From: "Pavel V. Shatov (Meister)" <meisterpaul1@yandex.ru>
Date: Tue, 17 Apr 2018 14:43:53 +0300
Subject: Additional test cases.

---
 ecdh_fpga_model.cpp                 | 24 ++++++++++++-----
 ecdh_fpga_model.h                   |  2 +-
 test_vectors/ecdh_test_vectors.h    | 54 +++++++++++++++++++++++++++++++++++++
 test_vectors/ecdh_test_vectors.v    | 18 +++++++++++++
 test_vectors/format_test_vectors.py | 26 +++++++++++++++---
 5 files changed, 114 insertions(+), 10 deletions(-)

diff --git a/ecdh_fpga_model.cpp b/ecdh_fpga_model.cpp
index 730292e..8d2be88 100644
--- a/ecdh_fpga_model.cpp
+++ b/ecdh_fpga_model.cpp
@@ -64,7 +64,7 @@ bool	compare_fpga_buffers			(FPGA_BUFFER *ax, FPGA_BUFFER *ay, FPGA_BUFFER *bx,
 int main()
 //------------------------------------------------------------------------------
 {
-	bool	ok_a, ok_b;		// flags
+	bool	ok_a, ok_b, ok_g;		// flags
 
 		//
 		// initialize buffers
@@ -116,9 +116,10 @@ int main()
 		//
 		// abuse point multiplier
 		//
+	ok_g = abuse_point_multiplier(&ecdsa_g_x, &ecdsa_g_y);
 	ok_a = abuse_point_multiplier(&ecdh_qa_x, &ecdh_qa_y);
 	ok_b = abuse_point_multiplier(&ecdh_qb_x, &ecdh_qb_y);
-	if (!ok_a || !ok_b) return EXIT_FAILURE;
+	if (!ok_g || !ok_a || !ok_b) return EXIT_FAILURE;
 
 
 		//
@@ -172,13 +173,24 @@ bool abuse_point_multiplier(FPGA_BUFFER *qx, FPGA_BUFFER *qy)
 {
 	bool ok;	// flag
 
-		// obtain quantity n + 2
-	FPGA_BUFFER two, n2;
-	fpga_modular_add(&ecdsa_one, &ecdsa_one, &two);	// n1 = n  + 1
-	fpga_modular_add(&ecdsa_n,   &two,       &n2);	// n2 = n1 + 1 = n + 2
+		// obtain quantity n + 1, n + 2
+	FPGA_BUFFER two, n1, n2;
+	fpga_modular_add(&ecdsa_one, &ecdsa_one, &two);	// n1 = n + 1
+	fpga_modular_add(&ecdsa_n,   &ecdsa_one, &n1);	// n1 = n + 1
+	fpga_modular_add(&n1,        &ecdsa_one, &n2);	// n2 = n1 + 1 = n + 2
 
 	printf("Trying to abuse point multiplier...\n\n");
 
+		// make sure, that (n + 1) * Q = Q
+	FPGA_BUFFER qn1_x, qn1_y;
+	fpga_curve_scalar_multiply(qx, qy, &n1, &qn1_x, &qn1_y);
+	ok = compare_fpga_buffers(qx, qy, &qn1_x, &qn1_y);
+	if (! ok)
+	{	printf("\n    ERROR\n\n");
+		return false;
+	}
+	else printf("\n    OK\n\n");
+
 		// we first calculate 2 * Q
 	FPGA_BUFFER q2a_x, q2a_y;
 	fpga_curve_scalar_multiply(qx, qy, &two, &q2a_x, &q2a_y);
diff --git a/ecdh_fpga_model.h b/ecdh_fpga_model.h
index 398d1d3..c6b6499 100644
--- a/ecdh_fpga_model.h
+++ b/ecdh_fpga_model.h
@@ -52,7 +52,7 @@
 //
 //------------------------------------------------------------------------------
 #ifndef USE_CURVE
-#define USE_CURVE	1
+#define USE_CURVE	2
 #endif
 
 
diff --git a/test_vectors/ecdh_test_vectors.h b/test_vectors/ecdh_test_vectors.h
index 7fbb746..930a124 100644
--- a/test_vectors/ecdh_test_vectors.h
+++ b/test_vectors/ecdh_test_vectors.h
@@ -32,6 +32,30 @@
 	{0x14ed5674, 0x62b6ba27, 0x2ba0e01b, 0x2647d725, \
 	 0x5919bf5e, 0xcbb542f7, 0x659d40de, 0x324524ac}
 
+#define P_256_H_X \
+	{0x7cf27b18, 0x8d034f7e, 0x8a523803, 0x04b51ac3, \
+	 0xc08969e2, 0x77f21b35, 0xa60b48fc, 0x47669978}
+
+#define P_256_H_Y \
+	{0x07775510, 0xdb8ed040, 0x293d9ac6, 0x9f7430db, \
+	 0xba7dade6, 0x3ce98229, 0x9e04b79d, 0x227873d1}
+
+#define P_256_QA2_X \
+	{0x1aa13502, 0x273db88f, 0x21b4b0be, 0x688a06c6, \
+	 0x6a6019ef, 0x7a00eb42, 0x8e84a4b0, 0x1dac831a}
+
+#define P_256_QA2_Y \
+	{0x60b3485e, 0xf3357265, 0x37fb2896, 0x353d09c3, \
+	 0xe6b148bc, 0x2674f25a, 0x353be0d1, 0xc1fd615b}
+
+#define P_256_QB2_X \
+	{0x7f1985aa, 0x9dd4df67, 0x2e1b8673, 0xa0a9adf8, \
+	 0x1f42adde, 0xad136ffb, 0x0a89b382, 0xb741238f}
+
+#define P_256_QB2_Y \
+	{0x7281e72d, 0x4c2aef64, 0x048b04d5, 0xf7d3a824, \
+	 0x294e3da8, 0x2ddf43d7, 0x009a5760, 0xea0bc5a7}
+
 #define P_384_DA \
 	{0xe733d9db, 0xb8867b57, 0x3cbbc0bd, 0x899c88db, \
 	 0x669322e8, 0x0435c1a4, 0xe2b0ddb1, 0x5e757371, \
@@ -72,3 +96,33 @@
 	 0xf62be0a3, 0x73da36ef, 0x8992e7c9, 0x6cf7619d, \
 	 0xa2d6c0a2, 0xd31ad05d, 0xb3a16a95, 0x0cb7055f}
 
+#define P_384_H_X \
+	{0x08d99905, 0x7ba3d2d9, 0x69260045, 0xc55b97f0, \
+	 0x89025959, 0xa6f434d6, 0x51d207d1, 0x9fb96e9e, \
+	 0x4fe0e86e, 0xbe0e64f8, 0x5b96a9c7, 0x5295df61}
+
+#define P_384_H_Y \
+	{0x8e80f1fa, 0x5b1b3ced, 0xb7bfe8df, 0xfd6dba74, \
+	 0xb275d875, 0xbc6cc43e, 0x904e505f, 0x256ab425, \
+	 0x5ffd43e9, 0x4d39e22d, 0x61501e70, 0x0a940e80}
+
+#define P_384_QA2_X \
+	{0xa7b06d0d, 0xb185275b, 0xe0a76c9f, 0x0d7e1037, \
+	 0xb1b993a6, 0xb055426c, 0x82d1c569, 0xab12f11f, \
+	 0x78c9b620, 0xeeca809d, 0xfe7f31ed, 0xcef06af5}
+
+#define P_384_QA2_Y \
+	{0x1cfa89ed, 0x774860c8, 0x1ee725b0, 0x9773be94, \
+	 0x58c4e140, 0x8caa4964, 0xd0044b57, 0x92f5e0c9, \
+	 0x8fa62798, 0x86c1bcbc, 0x67ab059a, 0xc38a59a1}
+
+#define P_384_QB2_X \
+	{0xdf3317b1, 0xba767101, 0x33c69cd8, 0xc70de5b6, \
+	 0x68b78d56, 0xf0d851ec, 0xf1697b04, 0xd2ade0e8, \
+	 0x30a6e6d6, 0x2467d70d, 0xbe12e265, 0xaccdd5ed}
+
+#define P_384_QB2_Y \
+	{0x6d8c1907, 0xa63f3e87, 0xd186f8b5, 0x06fcf6d9, \
+	 0x2cc2a8a7, 0xd38fa0ee, 0xd9b67320, 0x7181bcf4, \
+	 0x408e0dd0, 0x25dfee03, 0x6916632a, 0x8335fba2}
+
diff --git a/test_vectors/ecdh_test_vectors.v b/test_vectors/ecdh_test_vectors.v
index 7a5ef26..bfc63b4 100644
--- a/test_vectors/ecdh_test_vectors.v
+++ b/test_vectors/ecdh_test_vectors.v
@@ -28,6 +28,14 @@ localparam [255:0] P_256_DB =
 	{32'h7159a43b, 32'he8322471, 32'h19feaeb2, 32'h7a92466e, 
 	 32'h2b07c8df, 32'h29bbd7ea, 32'hd3232af8, 32'h44995a95};
 
+localparam [255:0] P_256_QB_X =
+	{32'h0514608d, 32'hc2dc6a21, 32'h74b084d6, 32'h168aad13, 
+	 32'h4acd3f52, 32'h6e49dc32, 32'hbf9872aa, 32'ha4be99d9};
+
+localparam [255:0] P_256_QB_Y =
+	{32'h724afa75, 32'h4c672b71, 32'he87c9bda, 32'he1e2b15f, 
+	 32'h784f480f, 32'heb62040e, 32'h281953bd, 32'hea382946};
+
 localparam [255:0] P_256_QB2_X =
 	{32'h7f1985aa, 32'h9dd4df67, 32'h2e1b8673, 32'ha0a9adf8, 
 	 32'h1f42adde, 32'had136ffb, 32'h0a89b382, 32'hb741238f};
@@ -95,6 +103,16 @@ localparam [383:0] P_384_DB =
 	 32'h869e6abe, 32'h37ba2235, 32'h792af9f6, 32'ha9bf114a, 
 	 32'hd1fd319d, 32'hd8181e06, 32'h44f15448, 32'h4e73a75a};
 
+localparam [383:0] P_384_QB_X =
+	{32'h37ab556d, 32'h0652c6b9, 32'he352c643, 32'h4502be19, 
+	 32'h9fb9c50f, 32'h2ade049b, 32'h06e50c30, 32'hcdab0673, 
+	 32'h69efe0c0, 32'h6e114a76, 32'hf1338175, 32'hdb4f4982};
+
+localparam [383:0] P_384_QB_Y =
+	{32'h21cddae0, 32'hf117b656, 32'h7c9d477b, 32'hc1fc5d24, 
+	 32'h3b26651e, 32'h1406f1ee, 32'hb3418552, 32'h739c9395, 
+	 32'h6774c84d, 32'h20cedc15, 32'h92fd5de0, 32'h4bbf98ad};
+
 localparam [383:0] P_384_QB2_X =
 	{32'hdf3317b1, 32'hba767101, 32'h33c69cd8, 32'hc70de5b6, 
 	 32'h68b78d56, 32'hf0d851ec, 32'hf1697b04, 32'hd2ade0e8, 
diff --git a/test_vectors/format_test_vectors.py b/test_vectors/format_test_vectors.py
index 2d4744a..e6e04c5 100644
--- a/test_vectors/format_test_vectors.py
+++ b/test_vectors/format_test_vectors.py
@@ -4,7 +4,7 @@
 # Formats test vectors for ecdsa_fpga_model
 #
 # Author: Pavel Shatov
-# Copyright (c) 2017, NORDUnet A/S
+# Copyright (c) 2017-2018, NORDUnet A/S
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -61,7 +61,13 @@ P384_BASE = keys.get_public_key(1, curve.P384)
 #
 # format one test vector
 #
-def format_c_header(f, curve, da, qax, qay, db, qbx, qby, sx, sy):
+def format_c_header(	f, curve,
+						da, qax, qay,
+						db, qbx, qby,
+						sx, sy,
+						hx, hy,
+						qa2x, qa2y,
+						qb2x, qb2y):
 
 	if curve == CURVE_P256: curve_str = "P_256"
 	if curve == CURVE_P384: curve_str = "P_384"
@@ -77,6 +83,15 @@ def format_c_header(f, curve, da, qax, qay, db, qbx, qby, sx, sy):
 
 	format_c_array(f, sx,  "#define " + curve_str + "_S_X"  + " \\\n")
 	format_c_array(f, sy,  "#define " + curve_str + "_S_Y"  + " \\\n")
+
+	format_c_array(f, hx,  "#define " + curve_str + "_H_X"  + " \\\n")
+	format_c_array(f, hy,  "#define " + curve_str + "_H_Y"  + " \\\n")
+
+	format_c_array(f, qa2x,  "#define " + curve_str + "_QA2_X"  + " \\\n")
+	format_c_array(f, qa2y,  "#define " + curve_str + "_QA2_Y"  + " \\\n")
+
+	format_c_array(f, qb2x,  "#define " + curve_str + "_QB2_X"  + " \\\n")
+	format_c_array(f, qb2y,  "#define " + curve_str + "_QB2_Y"  + " \\\n")
 	
 #
 # format one test vector
@@ -108,6 +123,8 @@ def format_verilog_include(	f, curve, n,
 	format_verilog_concatenation(f, qa2y, "localparam [" + msb_index + ":0] " + curve_str + "_QA2_Y" + " =\n")
 
 	format_verilog_concatenation(f, db,   "localparam [" + msb_index + ":0] " + curve_str + "_DB"    + " =\n")
+	format_verilog_concatenation(f, qbx,  "localparam [" + msb_index + ":0] " + curve_str + "_QB_X"  + " =\n")
+	format_verilog_concatenation(f, qby,  "localparam [" + msb_index + ":0] " + curve_str + "_QB_Y"  + " =\n")
 	format_verilog_concatenation(f, qb2x, "localparam [" + msb_index + ":0] " + curve_str + "_QB2_X" + " =\n")
 	format_verilog_concatenation(f, qb2y, "localparam [" + msb_index + ":0] " + curve_str + "_QB2_Y" + " =\n")
 
@@ -372,7 +389,10 @@ if __name__ == "__main__":
 		format_c_header(	file_h, next_curve,
 							da, qax, qay,
 							db, qbx, qby,
-							QAB.x, QBA.y)
+							QAB.x, QBA.y,
+							H.x, H.y,
+							QA2.x, QA2.y,
+							QB2.x, QB2.y)
 							
 		format_verilog_include(	file_v, next_curve, n,
 								da, qax, qay,
-- 
cgit v1.2.3