From 2a58a43264c7994c19a1f05d807e40ffd95644c2 Mon Sep 17 00:00:00 2001
From: Philipp Weber
Date: Wed, 27 Apr 2016 15:39:40 +0200
Subject: add ecies implementation according to iso-18033
---
src/tests/data/pubkey/ecies-18033.vec | 66 ++++++++++++++++++
src/tests/data/pubkey/ecies.vec | 126 ++++++++++++++++++++++++++++++++++
2 files changed, 192 insertions(+)
create mode 100644 src/tests/data/pubkey/ecies-18033.vec
create mode 100644 src/tests/data/pubkey/ecies.vec
(limited to 'src/tests/data')
diff --git a/src/tests/data/pubkey/ecies-18033.vec b/src/tests/data/pubkey/ecies-18033.vec
new file mode 100644
index 000000000..8937abd2c
--- /dev/null
+++ b/src/tests/data/pubkey/ecies-18033.vec
@@ -0,0 +1,66 @@
+# ISO/IEC 18033-2 2006
+# ECIES-KEM test vectors for ECModp-Group
+
+# ----------------------------------------------------------------------------------------------------
+
+# C.2.2
+# Kdf=Kdf1(Hash=Sha1())
+# Keylen=128
+# CofactorMode=0
+# OldCofactorMode=0
+# CheckMode=0
+# SingleHashMode=0
+
+format = uncompressed
+
+p = 0xfffffffffffffffffffffffffffffffeffffffffffffffff
+a = 0xfffffffffffffffffffffffffffffffefffffffffffffffc
+b = 0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1
+mu = 0xffffffffffffffffffffffff99def836146bc9b1b4d22831
+nu = 0x01
+gx = 0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012
+gy = 0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811
+
+# Public Key
+hx = 0x1cbc74a41b4e84a1509f935e2328a0bb06104d8dbb8d2130
+hy = 0x7b2ab1f10d76fde1ea046a4ad5fb903734190151bb30cec2
+
+# Private Key
+x = 0xb67048c28d2d26a73f713d5ebb994ac92588464e7fe7d3f3
+
+# Encoding format = uncompressed_fmt
+r = 0x083d4ac64f1960a9836a84f91ca211a185814fa43a2c8f21
+C0 = 04ccc9ea07b8b71d25646b22b0e251362a3fa9e993042315df047b2e07dd2ffb89359945f3d22ca8757874be2536e0f924
+K = 9a709adeb6c7590ccfc7d594670dd2d74fcdda3f8622f2dbcf0f0c02966d5d9002db578c989bf4a5cc896d2a11d74e0c51efc1f8ee784897ab9b865a7232b5661b7cac87cf4150bdf23b015d7b525b797cf6d533e9f6ad49a4c6de5e7089724c9cadf0adf13ee51b41be6713653fc1cb2c95a1d1b771cc7429189861d7a829f3
+
+# ----------------------------------------------------------------------------------------------------
+
+# C.2.3
+# Kdf=Kdf1(Hash=Sha1())
+# Keylen=128
+# CofactorMode=0
+# OldCofactorMode=0
+# CheckMode=0
+# SingleHashMode=0
+
+format = compressed
+
+p = 0xfffffffffffffffffffffffffffffffeffffffffffffffff
+a = 0xfffffffffffffffffffffffffffffffefffffffffffffffc
+b = 0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1
+mu = 0xffffffffffffffffffffffff99def836146bc9b1b4d22831
+nu = 0x01
+gx = 0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012
+gy = 0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811
+
+# Public Key
+hx = 0x1cbc74a41b4e84a1509f935e2328a0bb06104d8dbb8d2130
+hy = 0x7b2ab1f10d76fde1ea046a4ad5fb903734190151bb30cec2
+
+# Private Key
+x = 0xb67048c28d2d26a73f713d5ebb994ac92588464e7fe7d3f3
+
+# Encoding format = compressed_fmt
+r = 0x083d4ac64f1960a9836a84f91ca211a185814fa43a2c8f21
+C0 = 02ccc9ea07b8b71d25646b22b0e251362a3fa9e993042315df
+K = 8fbe0903fac2fa05df02278fe162708fb432f3cbf9bb14138d22be1d279f74bfb94f0843a153b708fcc8d9446c76f00e4ccabef85228195f732f4aedc5e48efcf2968c3a46f2df6f2afcbdf5ef79c958f233c6d208f3a7496e08f505d1c792b314b45ff647237b0aa186d0cdbab47a00fb4065d62cfc18f8a8d12c78ecbee3fd
diff --git a/src/tests/data/pubkey/ecies.vec b/src/tests/data/pubkey/ecies.vec
new file mode 100644
index 000000000..fcf0baf62
--- /dev/null
+++ b/src/tests/data/pubkey/ecies.vec
@@ -0,0 +1,126 @@
+# random keys created by botan
+
+# ciphertext created with bouncycastle 1.54. example:
+# public static void main( String[] args )
+# throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidCipherTextException
+# {
+# X9ECParameters spec = SECNamedCurves.getByName( "secp160r1" );
+# ECDomainParameters ecDomain = new ECDomainParameters( spec.getCurve(), spec.getG(), spec.getN() );
+#
+# ECPrivateKeyParameters alice = new ECPrivateKeyParameters( new BigInteger( "1239488582848888730519239446720775754920686817364", 10 ), ecDomain );
+# ECPrivateKeyParameters bob = new ECPrivateKeyParameters( new BigInteger( "1255825134563225934367124570783723166851629196761", 10 ), ecDomain );
+# ECPublicKeyParameters alicePublicKey = new ECPublicKeyParameters( alice.getParameters().getG().multiply( alice.getD() ), alice.getParameters() );
+# ECPublicKeyParameters bobPublicKey = new ECPublicKeyParameters( bob.getParameters().getG().multiply( bob.getD() ), bob.getParameters() );
+#
+# byte[] d = new byte[ 0 ];
+# byte[] e = new byte[ 0 ];
+# byte[] iv = new byte[ 16 ];
+# CipherParameters p = new ParametersWithIV( new IESWithCipherParameters( d, e, 160, 256 ), iv );
+#
+# IESEngine ecies =
+# new IESEngine( new ECDHBasicAgreement(), new KDF2BytesGenerator( new SHA1Digest() ), new HMac( new SHA256Digest() ), new PaddedBufferedBlockCipher( new CBCBlockCipher(
+# new AESEngine() ) ) );
+# ecies.init( true, alice, bobPublicKey, p );
+#
+# byte[] message = Hex.decode( "00" );
+# byte[] result = ecies.processBlock( message, 0, message.length );
+#
+# byte[] ephPublicKey = alicePublicKey.getQ().getEncoded( true );
+# byte[] out = Arrays.concatenate( ephPublicKey, result );
+#
+# System.out.println( Hex.toHexString( out ) );
+# }
+
+Curve = secp160r1
+PrivateKey = 1239488582848888730519239446720775754920686817364
+OtherPrivateKey = 1255825134563225934367124570783723166851629196761
+Kdf = KDF2(SHA-1)
+Dem = AES-256/CBC
+DemKeyLen = 32
+Iv = 00000000000000000000000000000000
+Mac = HMAC(SHA-256)
+MacKeyLen = 20
+Format = compressed
+CofactorMode = 0
+OldCofactorMode = 0
+CheckMode = 0
+SingleHashMode = 1
+Label =
+Plaintext = 00
+Ciphertext = 02b26eafa6b51a39790c32a75c2f10b3e8e89d698a6da2667af153734225c8922800db5e10b73975848cceac0fc78cef589b2e93a81cc204dbc7b9b901cbaa4509e61141d7
+
+Curve = secp521r1
+PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823
+OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153
+Kdf = KDF2(SHA-1)
+Dem = Camellia-128/CBC
+DemKeyLen = 16
+Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+Mac = HMAC(SHA-256)
+MacKeyLen = 16
+Format = uncompressed
+CofactorMode = 0
+OldCofactorMode = 0
+CheckMode = 0
+SingleHashMode = 1
+Label = Test
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 0401519eaa0489ff9d51e98e4c22349463e2001cd06f8ce47d81d4007a79acf98e92c814686477cea666efc277dc84e15fc95e38aff8e16d478a44cd5c5f1517f8b1f300000591317f261c3d04a7207f01eae3ec70f23600f82c53cc0b85be7ac9f6ce79ef2ab416e5934d61ba9d346385d7545c57f77c7ea7c58e18c70cbfb0a24ae1b994eda8dbc666713558717077dde021d9252b7f68eef0bc369086f6a6cb991fcc2fbcac3671a122ba18541790974cef7420cb53e7d6f30d1b808dddd58a63413f7b
+
+# use secp112r2 - curve with cofactor != 1
+Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS-----
+PrivateKey = 656008468895526658474428975817604
+OtherPrivateKey = 563449446384594847151017584539074
+Kdf = KDF2(SHA-1)
+Dem = Camellia-128/CBC
+DemKeyLen = 16
+Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+Mac = HMAC(SHA-256)
+MacKeyLen = 16
+Format = uncompressed
+CofactorMode = 0
+OldCofactorMode = 1
+CheckMode = 0
+SingleHashMode = 1
+Label = Test
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 048c40bda0986dadeb651178b4a8e64b7735fb02f43e621151849ea761a0f79fbb500b76e4eb9cd65281b804406536d04059b60689ed286490afcbf8f7f32dfefff8d37d29d335cb11aef3cc5d65f87571e3c8799974038f9d377a2683
+
+# use secp112r2 - curve with cofactor != 1
+Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS-----
+PrivateKey = 656008468895526658474428975817604
+OtherPrivateKey = 563449446384594847151017584539074
+Kdf = KDF2(SHA-1)
+Dem = Camellia-128/CBC
+DemKeyLen = 16
+Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+Mac = HMAC(SHA-256)
+MacKeyLen = 16
+Format = uncompressed
+CofactorMode = 1
+OldCofactorMode = 0
+CheckMode = 0
+SingleHashMode = 1
+Label = Test
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 048c40bda0986dadeb651178b4a8e64b7735fb02f43e621151849ea761230f2bddf1ffa3262673bcb3f468dd8b92c31a32e23935cfd27dfcc123928a18bbc82bdcada733be6d42119d3fb968ac4b77fff9a47d336fa025bfad3ee54286
+
+# bouncycastle does not support aead ciphers with IESEngine -> empty ciphertext; the test suite asserts that the plaintext can be encrypted and decrypted properly
+
+Curve = brainpool512r1
+PrivateKey = 7978796978847894400103470063598909318992754342406974939475470191530421638356103244921001321651015274653183103561457607601257178840534133802655904526250737
+OtherPrivateKey = 2308129338363763325603164530220543667351108423592731601992535938718831256964324847657313285466745344259451280420400800014583532495130674675477133156417282
+Kdf = KDF2(SHA-1)
+Dem = Twofish/GCM
+DemKeyLen = 32
+Iv = 00000000000000000000000000000000
+Mac = HMAC(SHA-512)
+MacKeyLen = 64
+Format = compressed
+CofactorMode = 0
+OldCofactorMode = 0
+CheckMode = 0
+SingleHashMode = 0
+Label = Test
+Plaintext = 00
+Ciphertext =
--
cgit v1.2.3
From c951ad50c6af7d93c16f53dffb69b0be23f1c647 Mon Sep 17 00:00:00 2001
From: Philipp Weber
Date: Mon, 23 May 2016 14:39:18 +0200
Subject: ecies review change: add missing ciphertext to test vectors
---
src/tests/data/pubkey/ecies.vec | 4 ++--
src/tests/test_ecies.cpp | 5 +----
2 files changed, 3 insertions(+), 6 deletions(-)
(limited to 'src/tests/data')
diff --git a/src/tests/data/pubkey/ecies.vec b/src/tests/data/pubkey/ecies.vec
index fcf0baf62..7ae73c30f 100644
--- a/src/tests/data/pubkey/ecies.vec
+++ b/src/tests/data/pubkey/ecies.vec
@@ -105,7 +105,7 @@ Label = Test
Plaintext = 000102030405060708090A0B0C0D0E0F
Ciphertext = 048c40bda0986dadeb651178b4a8e64b7735fb02f43e621151849ea761230f2bddf1ffa3262673bcb3f468dd8b92c31a32e23935cfd27dfcc123928a18bbc82bdcada733be6d42119d3fb968ac4b77fff9a47d336fa025bfad3ee54286
-# bouncycastle does not support aead ciphers with IESEngine -> empty ciphertext; the test suite asserts that the plaintext can be encrypted and decrypted properly
+# bouncycastle does not support aead ciphers with IESEngine -> the following ciphertext has been created with botan (asserts deterministic ciphertext)
Curve = brainpool512r1
PrivateKey = 7978796978847894400103470063598909318992754342406974939475470191530421638356103244921001321651015274653183103561457607601257178840534133802655904526250737
@@ -123,4 +123,4 @@ CheckMode = 0
SingleHashMode = 0
Label = Test
Plaintext = 00
-Ciphertext =
+Ciphertext = 02407515774fad019b762e2ba4c04fa6ff35ba7acc356a167cdf83747e5438b5494a6727366f4d031f2c676eed78a99bf74da9e4edd808fc2360927d52213997d35cd8371d89195b5294da4f99ab1126c703093361c9f6067314b39b70762b13fff1d0fb5ad043a67074ad89176af7ea7d562a0f8c5b9f721192c5c5d338ceea8d59c492aebc3de551dd9ed6fc346c02c586
diff --git a/src/tests/test_ecies.cpp b/src/tests/test_ecies.cpp
index 0c6a31877..4f24c3350 100644
--- a/src/tests/test_ecies.cpp
+++ b/src/tests/test_ecies.cpp
@@ -71,10 +71,7 @@ void check_encrypt_decrypt(Test::Result& result, const Botan::ECDH_PrivateKey& p
try
{
const std::vector encrypted = ecies_enc.encrypt(plaintext, Test::rng());
- if(!ciphertext.empty())
- {
- result.test_eq("encrypted data", encrypted, ciphertext);
- }
+ result.test_eq("encrypted data", encrypted, ciphertext);
const Botan::secure_vector decrypted = ecies_dec.decrypt(encrypted);
result.test_eq("decrypted data equals plaintext", decrypted, plaintext);
}
--
cgit v1.2.3