From 2a58a43264c7994c19a1f05d807e40ffd95644c2 Mon Sep 17 00:00:00 2001 From: Philipp Weber Date: Wed, 27 Apr 2016 15:39:40 +0200 Subject: add ecies implementation according to iso-18033 --- src/tests/data/pubkey/ecies-18033.vec | 66 ++++++++++++++++++ src/tests/data/pubkey/ecies.vec | 126 ++++++++++++++++++++++++++++++++++ 2 files changed, 192 insertions(+) create mode 100644 src/tests/data/pubkey/ecies-18033.vec create mode 100644 src/tests/data/pubkey/ecies.vec (limited to 'src/tests/data') diff --git a/src/tests/data/pubkey/ecies-18033.vec b/src/tests/data/pubkey/ecies-18033.vec new file mode 100644 index 000000000..8937abd2c --- /dev/null +++ b/src/tests/data/pubkey/ecies-18033.vec @@ -0,0 +1,66 @@ +# ISO/IEC 18033-2 2006 +# ECIES-KEM test vectors for ECModp-Group + +# ---------------------------------------------------------------------------------------------------- + +# C.2.2 +# Kdf=Kdf1(Hash=Sha1()) +# Keylen=128 +# CofactorMode=0 +# OldCofactorMode=0 +# CheckMode=0 +# SingleHashMode=0 + +format = uncompressed + +p = 0xfffffffffffffffffffffffffffffffeffffffffffffffff +a = 0xfffffffffffffffffffffffffffffffefffffffffffffffc +b = 0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1 +mu = 0xffffffffffffffffffffffff99def836146bc9b1b4d22831 +nu = 0x01 +gx = 0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012 +gy = 0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811 + +# Public Key +hx = 0x1cbc74a41b4e84a1509f935e2328a0bb06104d8dbb8d2130 +hy = 0x7b2ab1f10d76fde1ea046a4ad5fb903734190151bb30cec2 + +# Private Key +x = 0xb67048c28d2d26a73f713d5ebb994ac92588464e7fe7d3f3 + +# Encoding format = uncompressed_fmt +r = 0x083d4ac64f1960a9836a84f91ca211a185814fa43a2c8f21 +C0 = 04ccc9ea07b8b71d25646b22b0e251362a3fa9e993042315df047b2e07dd2ffb89359945f3d22ca8757874be2536e0f924 +K = 9a709adeb6c7590ccfc7d594670dd2d74fcdda3f8622f2dbcf0f0c02966d5d9002db578c989bf4a5cc896d2a11d74e0c51efc1f8ee784897ab9b865a7232b5661b7cac87cf4150bdf23b015d7b525b797cf6d533e9f6ad49a4c6de5e7089724c9cadf0adf13ee51b41be6713653fc1cb2c95a1d1b771cc7429189861d7a829f3 + +# ---------------------------------------------------------------------------------------------------- + +# C.2.3 +# Kdf=Kdf1(Hash=Sha1()) +# Keylen=128 +# CofactorMode=0 +# OldCofactorMode=0 +# CheckMode=0 +# SingleHashMode=0 + +format = compressed + +p = 0xfffffffffffffffffffffffffffffffeffffffffffffffff +a = 0xfffffffffffffffffffffffffffffffefffffffffffffffc +b = 0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1 +mu = 0xffffffffffffffffffffffff99def836146bc9b1b4d22831 +nu = 0x01 +gx = 0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012 +gy = 0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811 + +# Public Key +hx = 0x1cbc74a41b4e84a1509f935e2328a0bb06104d8dbb8d2130 +hy = 0x7b2ab1f10d76fde1ea046a4ad5fb903734190151bb30cec2 + +# Private Key +x = 0xb67048c28d2d26a73f713d5ebb994ac92588464e7fe7d3f3 + +# Encoding format = compressed_fmt +r = 0x083d4ac64f1960a9836a84f91ca211a185814fa43a2c8f21 +C0 = 02ccc9ea07b8b71d25646b22b0e251362a3fa9e993042315df +K = 8fbe0903fac2fa05df02278fe162708fb432f3cbf9bb14138d22be1d279f74bfb94f0843a153b708fcc8d9446c76f00e4ccabef85228195f732f4aedc5e48efcf2968c3a46f2df6f2afcbdf5ef79c958f233c6d208f3a7496e08f505d1c792b314b45ff647237b0aa186d0cdbab47a00fb4065d62cfc18f8a8d12c78ecbee3fd diff --git a/src/tests/data/pubkey/ecies.vec b/src/tests/data/pubkey/ecies.vec new file mode 100644 index 000000000..fcf0baf62 --- /dev/null +++ b/src/tests/data/pubkey/ecies.vec @@ -0,0 +1,126 @@ +# random keys created by botan + +# ciphertext created with bouncycastle 1.54. example: +# public static void main( String[] args ) +# throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidCipherTextException +# { +# X9ECParameters spec = SECNamedCurves.getByName( "secp160r1" ); +# ECDomainParameters ecDomain = new ECDomainParameters( spec.getCurve(), spec.getG(), spec.getN() ); +# +# ECPrivateKeyParameters alice = new ECPrivateKeyParameters( new BigInteger( "1239488582848888730519239446720775754920686817364", 10 ), ecDomain ); +# ECPrivateKeyParameters bob = new ECPrivateKeyParameters( new BigInteger( "1255825134563225934367124570783723166851629196761", 10 ), ecDomain ); +# ECPublicKeyParameters alicePublicKey = new ECPublicKeyParameters( alice.getParameters().getG().multiply( alice.getD() ), alice.getParameters() ); +# ECPublicKeyParameters bobPublicKey = new ECPublicKeyParameters( bob.getParameters().getG().multiply( bob.getD() ), bob.getParameters() ); +# +# byte[] d = new byte[ 0 ]; +# byte[] e = new byte[ 0 ]; +# byte[] iv = new byte[ 16 ]; +# CipherParameters p = new ParametersWithIV( new IESWithCipherParameters( d, e, 160, 256 ), iv ); +# +# IESEngine ecies = +# new IESEngine( new ECDHBasicAgreement(), new KDF2BytesGenerator( new SHA1Digest() ), new HMac( new SHA256Digest() ), new PaddedBufferedBlockCipher( new CBCBlockCipher( +# new AESEngine() ) ) ); +# ecies.init( true, alice, bobPublicKey, p ); +# +# byte[] message = Hex.decode( "00" ); +# byte[] result = ecies.processBlock( message, 0, message.length ); +# +# byte[] ephPublicKey = alicePublicKey.getQ().getEncoded( true ); +# byte[] out = Arrays.concatenate( ephPublicKey, result ); +# +# System.out.println( Hex.toHexString( out ) ); +# } + +Curve = secp160r1 +PrivateKey = 1239488582848888730519239446720775754920686817364 +OtherPrivateKey = 1255825134563225934367124570783723166851629196761 +Kdf = KDF2(SHA-1) +Dem = AES-256/CBC +DemKeyLen = 32 +Iv = 00000000000000000000000000000000 +Mac = HMAC(SHA-256) +MacKeyLen = 20 +Format = compressed +CofactorMode = 0 +OldCofactorMode = 0 +CheckMode = 0 +SingleHashMode = 1 +Label = +Plaintext = 00 +Ciphertext = 02b26eafa6b51a39790c32a75c2f10b3e8e89d698a6da2667af153734225c8922800db5e10b73975848cceac0fc78cef589b2e93a81cc204dbc7b9b901cbaa4509e61141d7 + +Curve = secp521r1 +PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823 +OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153 +Kdf = KDF2(SHA-1) +Dem = Camellia-128/CBC +DemKeyLen = 16 +Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Mac = HMAC(SHA-256) +MacKeyLen = 16 +Format = uncompressed +CofactorMode = 0 +OldCofactorMode = 0 +CheckMode = 0 +SingleHashMode = 1 +Label = Test +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 0401519eaa0489ff9d51e98e4c22349463e2001cd06f8ce47d81d4007a79acf98e92c814686477cea666efc277dc84e15fc95e38aff8e16d478a44cd5c5f1517f8b1f300000591317f261c3d04a7207f01eae3ec70f23600f82c53cc0b85be7ac9f6ce79ef2ab416e5934d61ba9d346385d7545c57f77c7ea7c58e18c70cbfb0a24ae1b994eda8dbc666713558717077dde021d9252b7f68eef0bc369086f6a6cb991fcc2fbcac3671a122ba18541790974cef7420cb53e7d6f30d1b808dddd58a63413f7b + +# use secp112r2 - curve with cofactor != 1 +Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS----- +PrivateKey = 656008468895526658474428975817604 +OtherPrivateKey = 563449446384594847151017584539074 +Kdf = KDF2(SHA-1) +Dem = Camellia-128/CBC +DemKeyLen = 16 +Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Mac = HMAC(SHA-256) +MacKeyLen = 16 +Format = uncompressed +CofactorMode = 0 +OldCofactorMode = 1 +CheckMode = 0 +SingleHashMode = 1 +Label = Test +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 048c40bda0986dadeb651178b4a8e64b7735fb02f43e621151849ea761a0f79fbb500b76e4eb9cd65281b804406536d04059b60689ed286490afcbf8f7f32dfefff8d37d29d335cb11aef3cc5d65f87571e3c8799974038f9d377a2683 + +# use secp112r2 - curve with cofactor != 1 +Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS----- +PrivateKey = 656008468895526658474428975817604 +OtherPrivateKey = 563449446384594847151017584539074 +Kdf = KDF2(SHA-1) +Dem = Camellia-128/CBC +DemKeyLen = 16 +Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Mac = HMAC(SHA-256) +MacKeyLen = 16 +Format = uncompressed +CofactorMode = 1 +OldCofactorMode = 0 +CheckMode = 0 +SingleHashMode = 1 +Label = Test +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 048c40bda0986dadeb651178b4a8e64b7735fb02f43e621151849ea761230f2bddf1ffa3262673bcb3f468dd8b92c31a32e23935cfd27dfcc123928a18bbc82bdcada733be6d42119d3fb968ac4b77fff9a47d336fa025bfad3ee54286 + +# bouncycastle does not support aead ciphers with IESEngine -> empty ciphertext; the test suite asserts that the plaintext can be encrypted and decrypted properly + +Curve = brainpool512r1 +PrivateKey = 7978796978847894400103470063598909318992754342406974939475470191530421638356103244921001321651015274653183103561457607601257178840534133802655904526250737 +OtherPrivateKey = 2308129338363763325603164530220543667351108423592731601992535938718831256964324847657313285466745344259451280420400800014583532495130674675477133156417282 +Kdf = KDF2(SHA-1) +Dem = Twofish/GCM +DemKeyLen = 32 +Iv = 00000000000000000000000000000000 +Mac = HMAC(SHA-512) +MacKeyLen = 64 +Format = compressed +CofactorMode = 0 +OldCofactorMode = 0 +CheckMode = 0 +SingleHashMode = 0 +Label = Test +Plaintext = 00 +Ciphertext = -- cgit v1.2.3 From c951ad50c6af7d93c16f53dffb69b0be23f1c647 Mon Sep 17 00:00:00 2001 From: Philipp Weber Date: Mon, 23 May 2016 14:39:18 +0200 Subject: ecies review change: add missing ciphertext to test vectors --- src/tests/data/pubkey/ecies.vec | 4 ++-- src/tests/test_ecies.cpp | 5 +---- 2 files changed, 3 insertions(+), 6 deletions(-) (limited to 'src/tests/data') diff --git a/src/tests/data/pubkey/ecies.vec b/src/tests/data/pubkey/ecies.vec index fcf0baf62..7ae73c30f 100644 --- a/src/tests/data/pubkey/ecies.vec +++ b/src/tests/data/pubkey/ecies.vec @@ -105,7 +105,7 @@ Label = Test Plaintext = 000102030405060708090A0B0C0D0E0F Ciphertext = 048c40bda0986dadeb651178b4a8e64b7735fb02f43e621151849ea761230f2bddf1ffa3262673bcb3f468dd8b92c31a32e23935cfd27dfcc123928a18bbc82bdcada733be6d42119d3fb968ac4b77fff9a47d336fa025bfad3ee54286 -# bouncycastle does not support aead ciphers with IESEngine -> empty ciphertext; the test suite asserts that the plaintext can be encrypted and decrypted properly +# bouncycastle does not support aead ciphers with IESEngine -> the following ciphertext has been created with botan (asserts deterministic ciphertext) Curve = brainpool512r1 PrivateKey = 7978796978847894400103470063598909318992754342406974939475470191530421638356103244921001321651015274653183103561457607601257178840534133802655904526250737 @@ -123,4 +123,4 @@ CheckMode = 0 SingleHashMode = 0 Label = Test Plaintext = 00 -Ciphertext = +Ciphertext = 02407515774fad019b762e2ba4c04fa6ff35ba7acc356a167cdf83747e5438b5494a6727366f4d031f2c676eed78a99bf74da9e4edd808fc2360927d52213997d35cd8371d89195b5294da4f99ab1126c703093361c9f6067314b39b70762b13fff1d0fb5ad043a67074ad89176af7ea7d562a0f8c5b9f721192c5c5d338ceea8d59c492aebc3de551dd9ed6fc346c02c586 diff --git a/src/tests/test_ecies.cpp b/src/tests/test_ecies.cpp index 0c6a31877..4f24c3350 100644 --- a/src/tests/test_ecies.cpp +++ b/src/tests/test_ecies.cpp @@ -71,10 +71,7 @@ void check_encrypt_decrypt(Test::Result& result, const Botan::ECDH_PrivateKey& p try { const std::vector encrypted = ecies_enc.encrypt(plaintext, Test::rng()); - if(!ciphertext.empty()) - { - result.test_eq("encrypted data", encrypted, ciphertext); - } + result.test_eq("encrypted data", encrypted, ciphertext); const Botan::secure_vector decrypted = ecies_dec.decrypt(encrypted); result.test_eq("decrypted data equals plaintext", decrypted, plaintext); } -- cgit v1.2.3