From 5c26d791ba611a00af3a6010c014694f6582bf12 Mon Sep 17 00:00:00 2001
From: "Pavel V. Shatov (Meister)" <meisterpaul1@yandex.ru>
Date: Fri, 6 Apr 2018 21:52:21 +0300
Subject:  * Follow more closely what Verilog does  * Don't use hardcoded
 numbers, use the ones built into fastecdsa package  * Generate more test
 vectors to really abuse the core and trigger the rarely    used code path in
 the point addition procedure

---
 test_vectors/format_test_vectors.py | 93 ++++++++++++++++++++++++++-----------
 1 file changed, 67 insertions(+), 26 deletions(-)

(limited to 'test_vectors/format_test_vectors.py')

diff --git a/test_vectors/format_test_vectors.py b/test_vectors/format_test_vectors.py
index 57f2de1..2d4744a 100644
--- a/test_vectors/format_test_vectors.py
+++ b/test_vectors/format_test_vectors.py
@@ -44,8 +44,8 @@
 #
 import sys
 import subprocess
-from fastecdsa.curve import P256
-from fastecdsa.curve import P384
+from fastecdsa import keys, curve
+from fastecdsa.curve import P256, P384
 from fastecdsa.point import Point
 
 # list of curve names of interest
@@ -53,12 +53,10 @@ CURVE_P256 = "p256"
 CURVE_P384 = "p384"
 
 # the base point for p-256
-P256_GX = 0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296
-P256_GY = 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5
+P256_BASE = keys.get_public_key(1, curve.P256)
 
 # the base point for p-384
-P384_GX = 0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7
-P384_GY = 0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f  
+P384_BASE = keys.get_public_key(1, curve.P384)
 
 #
 # format one test vector
@@ -83,7 +81,14 @@ def format_c_header(f, curve, da, qax, qay, db, qbx, qby, sx, sy):
 #
 # format one test vector
 #
-def format_verilog_include(f, curve, da, qax, qay, db, qbx, qby, sx, sy):
+def format_verilog_include(	f, curve, n,
+							da, qax, qay,
+							db, qbx, qby,
+							sx, sy,
+							gx, gy,
+							hx, hy,
+							qa2x, qa2y,
+							qb2x, qb2y):
 
 	if curve == CURVE_P256:
 		curve_str = "P_256"
@@ -94,16 +99,26 @@ def format_verilog_include(f, curve, da, qax, qay, db, qbx, qby, sx, sy):
 		msb_index = "383"
 
 		# write all numbers in vector
-	format_verilog_concatenation(f, da,  "localparam [" + msb_index + ":0] " + curve_str + "_DA"   + " =\n")
-	format_verilog_concatenation(f, qax, "localparam [" + msb_index + ":0] " + curve_str + "_QA_X" + " =\n")
-	format_verilog_concatenation(f, qay, "localparam [" + msb_index + ":0] " + curve_str + "_QA_Y" + " =\n")
+	format_verilog_concatenation(f, n,    "localparam [" + msb_index + ":0] " + curve_str + "_N"     + " =\n")
 
-	format_verilog_concatenation(f, db,  "localparam [" + msb_index + ":0] " + curve_str + "_DB"   + " =\n")
-	format_verilog_concatenation(f, qbx, "localparam [" + msb_index + ":0] " + curve_str + "_QB_X" + " =\n")
-	format_verilog_concatenation(f, qby, "localparam [" + msb_index + ":0] " + curve_str + "_QB_Y" + " =\n")
+	format_verilog_concatenation(f, da,   "localparam [" + msb_index + ":0] " + curve_str + "_DA"    + " =\n")
+	format_verilog_concatenation(f, qax,  "localparam [" + msb_index + ":0] " + curve_str + "_QA_X"  + " =\n")
+	format_verilog_concatenation(f, qay,  "localparam [" + msb_index + ":0] " + curve_str + "_QA_Y"  + " =\n")
+	format_verilog_concatenation(f, qa2x, "localparam [" + msb_index + ":0] " + curve_str + "_QA2_X" + " =\n")
+	format_verilog_concatenation(f, qa2y, "localparam [" + msb_index + ":0] " + curve_str + "_QA2_Y" + " =\n")
 
-	format_verilog_concatenation(f, sx,  "localparam [" + msb_index + ":0] " + curve_str + "_S_X"  + " =\n")
-	format_verilog_concatenation(f, sy,  "localparam [" + msb_index + ":0] " + curve_str + "_S_Y"  + " =\n")
+	format_verilog_concatenation(f, db,   "localparam [" + msb_index + ":0] " + curve_str + "_DB"    + " =\n")
+	format_verilog_concatenation(f, qb2x, "localparam [" + msb_index + ":0] " + curve_str + "_QB2_X" + " =\n")
+	format_verilog_concatenation(f, qb2y, "localparam [" + msb_index + ":0] " + curve_str + "_QB2_Y" + " =\n")
+
+	format_verilog_concatenation(f, sx,   "localparam [" + msb_index + ":0] " + curve_str + "_S_X"   + " =\n")
+	format_verilog_concatenation(f, sy,   "localparam [" + msb_index + ":0] " + curve_str + "_S_Y"   + " =\n")
+
+	format_verilog_concatenation(f, gx,   "localparam [" + msb_index + ":0] " + curve_str + "_G_X"   + " =\n")
+	format_verilog_concatenation(f, gy,   "localparam [" + msb_index + ":0] " + curve_str + "_G_Y"   + " =\n")
+
+	format_verilog_concatenation(f, hx,   "localparam [" + msb_index + ":0] " + curve_str + "_H_X"   + " =\n")
+	format_verilog_concatenation(f, hy,   "localparam [" + msb_index + ":0] " + curve_str + "_H_Y"   + " =\n")
 
 #
 # nicely format multi-word integer into C array initializer
@@ -283,11 +298,11 @@ def get_key(party, curve):
 	
 		# another sanity check (make sure, that Q is actually d * G)
 	if curve == CURVE_P256:
-		G = Point(P256_GX, P256_GY, curve=P256)
+		G = P256_BASE
 		Q = Point(key_pub_x, key_pub_y, curve=P256)
 
 	if curve == CURVE_P384:
-		G = Point(P384_GX, P384_GY, curve=P384)
+		G = P384_BASE
 		Q = Point(key_pub_x, key_pub_y, curve=P384)
 	
 		# multiply using fastecdsa
@@ -314,19 +329,34 @@ if __name__ == "__main__":
 	file_v.write("/* Generated automatically, do not edit. */\n\n")
 	
 		# process all the keys
-	for curve in curves:
+	for next_curve in curves:
 
 			# load keys
-		da, qax, qay = get_key("alice", curve)
-		db, qbx, qby = get_key("bob",   curve)
+		da, qax, qay = get_key("alice", next_curve)
+		db, qbx, qby = get_key("bob",   next_curve)
 		
 			# Alice's public key
-		if (curve == CURVE_P256): QA = Point(qax, qay, curve=P256)
-		if (curve == CURVE_P384): QA = Point(qax, qay, curve=P384)
+		if (next_curve == CURVE_P256): QA = Point(qax, qay, curve=P256)
+		if (next_curve == CURVE_P384): QA = Point(qax, qay, curve=P384)
 
 			# Bob's public key
-		if (curve == CURVE_P256): QB = Point(qbx, qby, curve=P256)
-		if (curve == CURVE_P384): QB = Point(qbx, qby, curve=P384)
+		if (next_curve == CURVE_P256): QB = Point(qbx, qby, curve=P256)
+		if (next_curve == CURVE_P384): QB = Point(qbx, qby, curve=P384)
+		
+			# the base point
+		if (next_curve == CURVE_P256): G = P256_BASE
+		if (next_curve == CURVE_P384): G = P384_BASE
+		
+			# double of the base point
+		H = 2 * G
+		
+			# doubles of QA and QB
+		QA2 = 2 * QA
+		QB2 = 2 * QB
+		
+			# order of the base point
+		if (next_curve == CURVE_P256): n = curve.P256.q
+		if (next_curve == CURVE_P384): n = curve.P384.q
 		
 			# we derive the shared secret two different ways (from Alice's and
 			# from Bob's perspective, they must be identical of course
@@ -339,8 +369,19 @@ if __name__ == "__main__":
 		print("Derived shared secret.");
 
 			# format numbers and write to file
-		format_c_header(file_h, curve, da, qax, qay, db, qbx, qby, QAB.x, QBA.y)
-		format_verilog_include(file_v, curve, da, qax, qay, db, qbx, qby, QAB.x, QBA.y)
+		format_c_header(	file_h, next_curve,
+							da, qax, qay,
+							db, qbx, qby,
+							QAB.x, QBA.y)
+							
+		format_verilog_include(	file_v, next_curve, n,
+								da, qax, qay,
+								db, qbx, qby,
+								QAB.x, QBA.y,
+								G.x, G.y,
+								H.x, H.y,
+								QA2.x, QA2.y,
+								QB2.x, QB2.y)
 
 		# done
 	file_h.close()
-- 
cgit v1.2.3