From 1f8d13bf8d2e813f0c5da653c4abffb7a817db9a Mon Sep 17 00:00:00 2001 From: "Pavel V. Shatov (Meister)" Date: Wed, 19 Dec 2018 16:03:08 +0300 Subject: * New hardware architecture * Randomized test vector --- test_vectors/charlie_p256.key | 8 + test_vectors/charlie_p384.key | 9 + test_vectors/ecdsa_test_vector_nsa.h | 56 +++++ test_vectors/ecdsa_test_vector_randomized.h | 29 +++ test_vectors/ecdsa_test_vector_randomized.vh | 29 +++ test_vectors/format_random_test_vector.py | 327 ++++++++++++++++++++++++++ test_vectors/regenerate_random_test_vector.py | 91 +++++++ 7 files changed, 549 insertions(+) create mode 100644 test_vectors/charlie_p256.key create mode 100644 test_vectors/charlie_p384.key create mode 100644 test_vectors/ecdsa_test_vector_nsa.h create mode 100644 test_vectors/ecdsa_test_vector_randomized.h create mode 100644 test_vectors/ecdsa_test_vector_randomized.vh create mode 100644 test_vectors/format_random_test_vector.py create mode 100644 test_vectors/regenerate_random_test_vector.py (limited to 'test_vectors') diff --git a/test_vectors/charlie_p256.key b/test_vectors/charlie_p256.key new file mode 100644 index 0000000..34b5c20 --- /dev/null +++ b/test_vectors/charlie_p256.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIFA+WK/POvMze/U0CURQErgftFSMTSsTAqYX+bHQDX3goAoGCCqGSM49 +AwEHoUQDQgAE2TSbSLDujDYTmx147cGRGyUId/t61Erhi7L4pvTcyuXgoFbotQkq +bHKPS8iQQ/vifCYnRN+9rxeD/C4BsGB3Gw== +-----END EC PRIVATE KEY----- diff --git a/test_vectors/charlie_p384.key b/test_vectors/charlie_p384.key new file mode 100644 index 0000000..8894220 --- /dev/null +++ b/test_vectors/charlie_p384.key @@ -0,0 +1,9 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAIg== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDC7SgnY5SfwYmZetNCzmh3OlNqixZNbMWOwkPB5PuNqWmKnBV1dhQ0b +FdxlbWXYs6KgBwYFK4EEACKhZANiAAS4Aj5grkLqFGMw8sOIMJbKlhsR9d/qSh1l +6Y5kszUn+1cibbSKUUMlHvBr3veOtXrTxmRpYlqqraNH4QM8FHS2NDqTaP8pRQG7 +1TscxJ/ZctpDnJ2oJ+IwJyDit43RT54= +-----END EC PRIVATE KEY----- diff --git a/test_vectors/ecdsa_test_vector_nsa.h b/test_vectors/ecdsa_test_vector_nsa.h new file mode 100644 index 0000000..762f284 --- /dev/null +++ b/test_vectors/ecdsa_test_vector_nsa.h @@ -0,0 +1,56 @@ +/* Values from "Suite B Implementer's Guide to FIPS 186-3 (ECDSA)" */ + +#define ECDSA_P256_D_NSA_INIT \ + {0x70a12c2d, 0xb16845ed, 0x56ff68cf, 0xc21a472b, \ + 0x3f04d7d6, 0x851bf634, 0x9f2d7d5b, 0x3452b38a} + +#define ECDSA_P256_QX_NSA_INIT \ + {0x8101ece4, 0x7464a6ea, 0xd70cf69a, 0x6e2bd3d8, \ + 0x8691a326, 0x2d22cba4, 0xf7635eaf, 0xf26680a8} + +#define ECDSA_P256_QY_NSA_INIT \ + {0xd8a12ba6, 0x1d599235, 0xf67d9cb4, 0xd58f1783, \ + 0xd3ca43e7, 0x8f0a5aba, 0xa6240799, 0x36c0c3a9} + +#define ECDSA_P256_K_NSA_INIT \ + {0x580ec00d, 0x85643433, 0x4cef3f71, 0xecaed496, \ + 0x5b12ae37, 0xfa47055b, 0x1965c7b1, 0x34ee45d0} + +#define ECDSA_P256_RX_NSA_INIT \ + {0x7214bc96, 0x47160bbd, 0x39ff2f80, 0x533f5dc6, \ + 0xddd70ddf, 0x86bb8156, 0x61e805d5, 0xd4e6f27c} + +#define ECDSA_P256_RY_NSA_INIT \ + {0x8b81e3e9, 0x77597110, 0xc7cf2633, 0x435b2294, \ + 0xb7264298, 0x7defd3d4, 0x007e1cfc, 0x5df84541} + + +#define ECDSA_P384_D_NSA_INIT \ + {0xc838b852, 0x53ef8dc7, 0x394fa580, 0x8a518398, \ + 0x1c7deef5, 0xa69ba8f4, 0xf2117ffe, 0xa39cfcd9, \ + 0x0e95f6cb, 0xc854abac, 0xab701d50, 0xc1f3cf24} + +#define ECDSA_P384_QX_NSA_INIT \ + {0x1fbac8ee, 0xbd0cbf35, 0x640b39ef, 0xe0808dd7, \ + 0x74debff2, 0x0a2a329e, 0x91713baf, 0x7d7f3c3e, \ + 0x81546d88, 0x3730bee7, 0xe48678f8, 0x57b02ca0} + +#define ECDSA_P384_QY_NSA_INIT \ + {0xeb213103, 0xbd68ce34, 0x3365a8a4, 0xc3d4555f, \ + 0xa385f533, 0x0203bdd7, 0x6ffad1f3, 0xaffb9575, \ + 0x1c132007, 0xe1b24035, 0x3cb0a4cf, 0x1693bdf9} + +#define ECDSA_P384_K_NSA_INIT \ + {0xdc6b4403, 0x6989a196, 0xe39d1cda, 0xc000812f, \ + 0x4bdd8b2d, 0xb41bb33a, 0xf5137258, 0x5ebd1db6, \ + 0x3f0ce827, 0x5aa1fd45, 0xe2d2a735, 0xf8749359} + +#define ECDSA_P384_RX_NSA_INIT \ + {0xa0c27ec8, 0x93092dea, 0x1e1bd2cc, 0xfed3cf94, \ + 0x5c8134ed, 0x0c9f8131, 0x1a0f4a05, 0x942db8db, \ + 0xed8dd59f, 0x267471d5, 0x462aa14f, 0xe72de856} + +#define ECDSA_P384_RY_NSA_INIT \ + {0x85564940, 0x9815bb91, 0x424eaca5, 0xfd76c973, \ + 0x75d575d1, 0x422ec53d, 0x343bd33b, 0x847fdf0c, \ + 0x11569685, 0xb528ab25, 0x49301542, 0x8d7cf72b} diff --git a/test_vectors/ecdsa_test_vector_randomized.h b/test_vectors/ecdsa_test_vector_randomized.h new file mode 100644 index 0000000..1f334c2 --- /dev/null +++ b/test_vectors/ecdsa_test_vector_randomized.h @@ -0,0 +1,29 @@ +/* Generated automatically, do not edit. */ + +#define ECDSA_P256_D_RANDOM_INIT \ + {0x503e58af, 0xcf3af333, 0x7bf53409, 0x445012b8, \ + 0x1fb4548c, 0x4d2b1302, 0xa617f9b1, 0xd00d7de0} + +#define ECDSA_P256_QX_RANDOM_INIT \ + {0xd9349b48, 0xb0ee8c36, 0x139b1d78, 0xedc1911b, \ + 0x250877fb, 0x7ad44ae1, 0x8bb2f8a6, 0xf4dccae5} + +#define ECDSA_P256_QY_RANDOM_INIT \ + {0xe0a056e8, 0xb5092a6c, 0x728f4bc8, 0x9043fbe2, \ + 0x7c262744, 0xdfbdaf17, 0x83fc2e01, 0xb060771b} + +#define ECDSA_P384_D_RANDOM_INIT \ + {0xbb4a09d8, 0xe527f062, 0x665eb4d0, 0xb39a1dce, \ + 0x94daa2c5, 0x935b3163, 0xb090f079, 0x3ee36a5a, \ + 0x62a7055d, 0x5d850d1b, 0x15dc656d, 0x65d8b3a2} + +#define ECDSA_P384_QX_RANDOM_INIT \ + {0xb8023e60, 0xae42ea14, 0x6330f2c3, 0x883096ca, \ + 0x961b11f5, 0xdfea4a1d, 0x65e98e64, 0xb33527fb, \ + 0x57226db4, 0x8a514325, 0x1ef06bde, 0xf78eb57a} + +#define ECDSA_P384_QY_RANDOM_INIT \ + {0xd3c66469, 0x625aaaad, 0xa347e103, 0x3c1474b6, \ + 0x343a9368, 0xff294501, 0xbbd53b1c, 0xc49fd972, \ + 0xda439c9d, 0xa827e230, 0x2720e2b7, 0x8dd14f9e} + diff --git a/test_vectors/ecdsa_test_vector_randomized.vh b/test_vectors/ecdsa_test_vector_randomized.vh new file mode 100644 index 0000000..6c5cf80 --- /dev/null +++ b/test_vectors/ecdsa_test_vector_randomized.vh @@ -0,0 +1,29 @@ +/* Generated automatically, do not edit. */ + +localparam [255:0] ECDSA_P256_D_RANDOM = + {32'h503e58af, 32'hcf3af333, 32'h7bf53409, 32'h445012b8, + 32'h1fb4548c, 32'h4d2b1302, 32'ha617f9b1, 32'hd00d7de0}; + +localparam [255:0] ECDSA_P256_QX_RANDOM = + {32'hd9349b48, 32'hb0ee8c36, 32'h139b1d78, 32'hedc1911b, + 32'h250877fb, 32'h7ad44ae1, 32'h8bb2f8a6, 32'hf4dccae5}; + +localparam [255:0] ECDSA_P256_QY_RANDOM = + {32'he0a056e8, 32'hb5092a6c, 32'h728f4bc8, 32'h9043fbe2, + 32'h7c262744, 32'hdfbdaf17, 32'h83fc2e01, 32'hb060771b}; + +localparam [383:0] ECDSA_P384_D_RANDOM = + {32'hbb4a09d8, 32'he527f062, 32'h665eb4d0, 32'hb39a1dce, + 32'h94daa2c5, 32'h935b3163, 32'hb090f079, 32'h3ee36a5a, + 32'h62a7055d, 32'h5d850d1b, 32'h15dc656d, 32'h65d8b3a2}; + +localparam [383:0] ECDSA_P384_QX_RANDOM = + {32'hb8023e60, 32'hae42ea14, 32'h6330f2c3, 32'h883096ca, + 32'h961b11f5, 32'hdfea4a1d, 32'h65e98e64, 32'hb33527fb, + 32'h57226db4, 32'h8a514325, 32'h1ef06bde, 32'hf78eb57a}; + +localparam [383:0] ECDSA_P384_QY_RANDOM = + {32'hd3c66469, 32'h625aaaad, 32'ha347e103, 32'h3c1474b6, + 32'h343a9368, 32'hff294501, 32'hbbd53b1c, 32'hc49fd972, + 32'hda439c9d, 32'ha827e230, 32'h2720e2b7, 32'h8dd14f9e}; + diff --git a/test_vectors/format_random_test_vector.py b/test_vectors/format_random_test_vector.py new file mode 100644 index 0000000..861bab5 --- /dev/null +++ b/test_vectors/format_random_test_vector.py @@ -0,0 +1,327 @@ +# +# format_random_test_vector.py +# ------------------------------------------ +# Formats test vector for ecdsa_fpga_model +# +# Author: Pavel Shatov +# Copyright (c) 2017-2018, NORDUnet A/S +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# - Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# - Neither the name of the NORDUnet nor the names of its contributors may +# be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + + +# +USAGE = "USAGE: format_random_test_vector.py [openssl_binary]" +# + + +# +# This script reads the test vector generated by the script +# regenerate_random_test_vector.py and writes nicely formatted C header file +# and Verilog include file. +# + + +# +# imports +# +import sys +import subprocess + + +# +# list of curve names of interest +# +CURVE_P256 = "p256" +CURVE_P384 = "p384" + + +# +# variables +# +OPENSSL = "" + + +# +# format one test vector +# +def format_c_header(f, curve, da, qax, qay): + + if curve == CURVE_P256: curve_str = "ECDSA_P256" + if curve == CURVE_P384: curve_str = "ECDSA_P384" + + # write all numbers in vector + format_c_array(f, da, "#define " + curve_str + "_D_RANDOM_INIT" + " \\\n") + format_c_array(f, qax, "#define " + curve_str + "_QX_RANDOM_INIT" + " \\\n") + format_c_array(f, qay, "#define " + curve_str + "_QY_RANDOM_INIT" + " \\\n") + + +# +# format one test vector +# +def format_verilog_include(f, curve, da, qax, qay): + + if curve == CURVE_P256: curve_str, msb_index = "ECDSA_P256", "255" + if curve == CURVE_P384: curve_str, msb_index = "ECDSA_P384", "383" + + # write all numbers in vector + format_verilog_concatenation(f, da, "localparam [" + msb_index + ":0] " + curve_str + "_D_RANDOM " + " =\n") + format_verilog_concatenation(f, qax, "localparam [" + msb_index + ":0] " + curve_str + "_QX_RANDOM" + " =\n") + format_verilog_concatenation(f, qay, "localparam [" + msb_index + ":0] " + curve_str + "_QY_RANDOM" + " =\n") + + +# +# nicely format multi-word integer into C array initializer +# +def format_c_array(f, n, s): + + # print '#define XYZ \' + f.write(s) + + # convert number to hex string and prepend it with zeroes if necessary + n_hex = hex(n).lstrip("0x").rstrip("L") + while (len(n_hex) % 8) > 0: + n_hex = "0" + n_hex + + # get number of 32-bit words + num_words = len(n_hex) // 8 + + # print all words in n + w = 0 + while w < num_words: + + n_part = "" + + # add tab for every new line + if w == 0: + n_part += "\t{" + elif (w % 4) == 0: + n_part += "\t " + + # add current word + n_part += "0x" + n_hex[8 * w : 8 * (w + 1)] + + # add separator or newline + if (w + 1) == num_words: + n_part += "}\n" + else: + n_part += ", " + if (w % 4) == 3: + n_part += "\\\n" + + w += 1 + + # write current part + f.write(n_part) + + # write final newline + f.write("\n") + + +def format_verilog_concatenation(f, n, s): + + # print 'localparam ZZZ =' + f.write(s) + + # convert number to hex string and prepend it with zeroes if necessary + n_hex = hex(n).split("0x")[1] + while (len(n_hex) % 8) > 0: + n_hex = "0" + n_hex + + # get number of 32-bit words + num_words = len(n_hex) // 8 + + # print all words in n + w = 0 + while w < num_words: + + n_part = "" + + if w == 0: + n_part += "\t{" + elif (w % 4) == 0: + n_part += "\t " + + n_part += "32'h" + n_hex[8 * w : 8 * (w + 1)] + + if (w + 1) == num_words: + n_part += "};\n" + else: + n_part += ", " + if (w % 4) == 3: + n_part += "\n" + w += 1 + + f.write(n_part) + + f.write("\n") + + + # + # returns d, qx, qy, where + # d is private key and qx, qy is the corresponding public key + # +def get_key(openssl, party, curve): + + # generate private key filename + key_file = party + "_" + curve + ".key" + + # retrieve key components using openssl + openssl_command = [openssl, "ec", "-in", key_file, "-noout", "-text"] + openssl_stdout = subprocess.check_output(openssl_command).decode("utf-8") + stdout_lines = openssl_stdout.splitlines() + + found_priv = False + found_pub = False + + key_priv = "" + key_pub = "" + + # process lines looking for "priv:" and "pub:" markers + for line in stdout_lines: + + # found private key marker? + if line.strip() == "priv:": + found_priv = True + found_pub = False + continue + + # found public key marker? + if line.strip() == "pub:": # openssl 1.0.2g prints 'pub: ' (extra space before newline), + found_pub = True # so we need to compare against line.strip(), not just line + found_priv = False + continue + + # found part of private key? + if found_priv: + if not line.startswith(" "): + found_priv = False + continue + else: + key_priv += line.strip() + + # found part of public key? + if found_pub: + if not line.startswith(" "): + found_pub = False + continue + else: + key_pub += line.strip() + + # do some cleanup and sanity checking on private key + # * remove extra leading zero byte if present + # * remove colons + # * check length (256 bits or 384 bits) + while key_priv.startswith("00"): + key_priv = key_priv[2:] + + key_priv = key_priv.replace(":", "") + + if curve == CURVE_P256 and len(key_priv) != 256 / 4: sys.exit() + if curve == CURVE_P384 and len(key_priv) != 384 / 4: sys.exit() + + # do some cleanup and sanity checking on public key + # * make sure, that uncompressed form marker (0x04) is present and + # then remove it + # * remove colons + # * check length (2x256 or 2x384 bits) + if not key_pub.startswith("04"): sys.exit() + + key_pub = key_pub[2:] + key_pub = key_pub.replace(":", "") + + if curve == CURVE_P256 and len(key_pub) != 2 * 256 / 4: sys.exit() + if curve == CURVE_P384 and len(key_pub) != 2 * 384 / 4: sys.exit() + + # split public key into parts + if curve == CURVE_P256: + key_pub_x = key_pub[ 0: 64] + key_pub_y = key_pub[ 64:128] + + if curve == CURVE_P384: + key_pub_x = key_pub[ 0: 96] + key_pub_y = key_pub[ 96:192] + + # convert from strings to integers + key_priv = int(key_priv, 16) + key_pub_x = int(key_pub_x, 16) + key_pub_y = int(key_pub_y, 16) + + # done + return key_priv, key_pub_x, key_pub_y + + +if __name__ == "__main__": + + # detect whether user requested some specific binary + if len(sys.argv) == 1: + OPENSSL = "openssl" + print("Using system OpenSSL library.") + elif len(sys.argv) == 2: + OPENSSL = sys.argv[1] + print("Using OpenSSL binary '" + OPENSSL + "'...") + else: + print(USAGE) + + if len(OPENSSL) > 0: + + # list of curves to process + curves = [CURVE_P256, CURVE_P384] + + # open output files + file_h = open('ecdsa_test_vector_randomized.h', 'w') + file_v = open('ecdsa_test_vector_randomized.vh', 'w') + + # write headers + file_h.write("/* Generated automatically, do not edit. */\n\n") + file_v.write("/* Generated automatically, do not edit. */\n\n") + + # process all the keys + for next_curve in curves: + + # load keys + da, qax, qay = get_key(OPENSSL, "charlie", next_curve) + + # format numbers and write to files + + format_c_header(file_h, next_curve, + da, qax, qay); + + format_verilog_include(file_v, next_curve, + da, qax, qay); + + # done + file_h.close() + file_v.close() + + # everything went just fine + print("Test vector formatted.") + +# +# End of file +# diff --git a/test_vectors/regenerate_random_test_vector.py b/test_vectors/regenerate_random_test_vector.py new file mode 100644 index 0000000..75cb761 --- /dev/null +++ b/test_vectors/regenerate_random_test_vector.py @@ -0,0 +1,91 @@ +# +# regenerate_test_vector.py +# ----------------------------------------------------------- +# Generates a new randomized test vector for ecdsa_fpga_model +# +# Author: Pavel Shatov +# Copyright (c) 2017-2018, NORDUnet A/S +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# - Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# - Neither the name of the NORDUnet nor the names of its contributors may +# be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +USAGE = "USAGE: regenerate_test_vector.py [openssl_binary]" +# + +# This script generates a test vector. The test vector contains two +# private keys. One is for P-256, the other one is for P-384. +# + +# +# imports +# +import sys +import subprocess + +OPENSSL = "" + +CURVE_P256 = "prime256v1" +CURVE_P384 = "secp384r1" + +SECRET_CHARLIE_256 = "charlie_p256.key" +SECRET_CHARLIE_384 = "charlie_p384.key" + +def openssl_ecparam_genkey(openssl, curve, file): + subprocess.call([openssl, "ecparam", "-genkey", "-name", curve, "-out", file]) + +# +# __main__ +# +if __name__ == "__main__": + + # detect whether user requested some specific binary + if len(sys.argv) == 1: + OPENSSL = "openssl" + print("Using system OpenSSL library.") + elif len(sys.argv) == 2: + OPENSSL = sys.argv[1] + print("Using OpenSSL binary '" + OPENSSL + "'...") + else: + print(USAGE) + + if len(OPENSSL) > 0: + + # generate a new private key for P-256 curve + openssl_ecparam_genkey(OPENSSL, CURVE_P256, SECRET_CHARLIE_256) + + # generate a new private key for P-384 curve + openssl_ecparam_genkey(OPENSSL, CURVE_P384, SECRET_CHARLIE_384) + + # done + print("New randomized test vector generated.") + + +# +# End of file +# -- cgit v1.2.3