1*f0865ec9SKyle Evans /* 2*f0865ec9SKyle Evans * Copyright (C) 2022 - This file is part of libecc project 3*f0865ec9SKyle Evans * 4*f0865ec9SKyle Evans * Authors: 5*f0865ec9SKyle Evans * Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr> 6*f0865ec9SKyle Evans * Ryad BENADJILA <ryadbenadjila@gmail.com> 7*f0865ec9SKyle Evans * 8*f0865ec9SKyle Evans * This software is licensed under a dual BSD and GPL v2 license. 9*f0865ec9SKyle Evans * See LICENSE file at the root folder of the project. 10*f0865ec9SKyle Evans */ 11*f0865ec9SKyle Evans #ifndef __BIP0340_TEST_VECTORS_H__ 12*f0865ec9SKyle Evans #define __BIP0340_TEST_VECTORS_H__ 13*f0865ec9SKyle Evans 14*f0865ec9SKyle Evans #if defined(WITH_HASH_SHA256) && defined(WITH_CURVE_SECP256K1) 15*f0865ec9SKyle Evans /************************************************/ 16*f0865ec9SKyle Evans static const u8 bip0340_1_test_vectors_priv_key[] = { 17*f0865ec9SKyle Evans 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 18*f0865ec9SKyle Evans }; 19*f0865ec9SKyle Evans static const u8 bip0340_1_test_vectors_expected_sig[] = { 20*f0865ec9SKyle Evans 0xE9, 0x07, 0x83, 0x1F, 0x80, 0x84, 0x8D, 0x10, 0x69, 0xA5, 0x37, 0x1B, 0x40, 0x24, 0x10, 0x36, 0x4B, 0xDF, 0x1C, 0x5F, 0x83, 0x07, 0xB0, 0x08, 0x4C, 0x55, 0xF1, 0xCE, 0x2D, 0xCA, 0x82, 0x15, 0x25, 0xF6, 0x6A, 0x4A, 0x85, 0xEA, 0x8B, 0x71, 0xE4, 0x82, 0xA7, 0x4F, 0x38, 0x2D, 0x2C, 0xE5, 0xEB, 0xEE, 0xE8, 0xFD, 0xB2, 0x17, 0x2F, 0x47, 0x7D, 0xF4, 0x90, 0x0D, 0x31, 0x05, 0x36, 0xC0, 21*f0865ec9SKyle Evans }; 22*f0865ec9SKyle Evans static int bip0340_1_nn_random_test_vector(nn_t out, nn_src_t q) 23*f0865ec9SKyle Evans { 24*f0865ec9SKyle Evans int ret, cmp; 25*f0865ec9SKyle Evans 26*f0865ec9SKyle Evans /* 27*f0865ec9SKyle Evans * Fixed auxiliary random for BIP0340 28*f0865ec9SKyle Evans * Test vectors from: 29*f0865ec9SKyle Evans * https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv 30*f0865ec9SKyle Evans */ 31*f0865ec9SKyle Evans const u8 k_buf[] = { 32*f0865ec9SKyle Evans 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 33*f0865ec9SKyle Evans }; 34*f0865ec9SKyle Evans 35*f0865ec9SKyle Evans ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 36*f0865ec9SKyle Evans ret = nn_cmp(out, q, &cmp); EG(ret, err); 37*f0865ec9SKyle Evans 38*f0865ec9SKyle Evans ret = (cmp >= 0) ? -1 : 0; 39*f0865ec9SKyle Evans 40*f0865ec9SKyle Evans err: 41*f0865ec9SKyle Evans return ret; 42*f0865ec9SKyle Evans } 43*f0865ec9SKyle Evans 44*f0865ec9SKyle Evans static const ec_test_case bip0340_1_test_case = { 45*f0865ec9SKyle Evans .name = "BIP0340-SHA256/secp256k1 1", 46*f0865ec9SKyle Evans .ec_str_p = &secp256k1_str_params, 47*f0865ec9SKyle Evans .priv_key = bip0340_1_test_vectors_priv_key, 48*f0865ec9SKyle Evans .priv_key_len = sizeof(bip0340_1_test_vectors_priv_key), 49*f0865ec9SKyle Evans .nn_random = bip0340_1_nn_random_test_vector, 50*f0865ec9SKyle Evans .hash_type = SHA256, 51*f0865ec9SKyle Evans .msg = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 52*f0865ec9SKyle Evans .msglen = 32, 53*f0865ec9SKyle Evans .sig_type = BIP0340, 54*f0865ec9SKyle Evans .exp_sig = bip0340_1_test_vectors_expected_sig, 55*f0865ec9SKyle Evans .exp_siglen = sizeof(bip0340_1_test_vectors_expected_sig), 56*f0865ec9SKyle Evans .adata = NULL, 57*f0865ec9SKyle Evans .adata_len = 0 58*f0865ec9SKyle Evans }; 59*f0865ec9SKyle Evans 60*f0865ec9SKyle Evans /************************************************/ 61*f0865ec9SKyle Evans static const u8 bip0340_2_test_vectors_priv_key[] = { 62*f0865ec9SKyle Evans 0xB7, 0xE1, 0x51, 0x62, 0x8A, 0xED, 0x2A, 0x6A, 0xBF, 0x71, 0x58, 0x80, 0x9C, 0xF4, 0xF3, 0xC7, 0x62, 0xE7, 0x16, 0x0F, 0x38, 0xB4, 0xDA, 0x56, 0xA7, 0x84, 0xD9, 0x04, 0x51, 0x90, 0xCF, 0xEF, 63*f0865ec9SKyle Evans }; 64*f0865ec9SKyle Evans static const u8 bip0340_2_test_vectors_expected_sig[] = { 65*f0865ec9SKyle Evans 0x68, 0x96, 0xBD, 0x60, 0xEE, 0xAE, 0x29, 0x6D, 0xB4, 0x8A, 0x22, 0x9F, 0xF7, 0x1D, 0xFE, 0x07, 0x1B, 0xDE, 0x41, 0x3E, 0x6D, 0x43, 0xF9, 0x17, 0xDC, 0x8D, 0xCF, 0x8C, 0x78, 0xDE, 0x33, 0x41, 0x89, 0x06, 0xD1, 0x1A, 0xC9, 0x76, 0xAB, 0xCC, 0xB2, 0x0B, 0x09, 0x12, 0x92, 0xBF, 0xF4, 0xEA, 0x89, 0x7E, 0xFC, 0xB6, 0x39, 0xEA, 0x87, 0x1C, 0xFA, 0x95, 0xF6, 0xDE, 0x33, 0x9E, 0x4B, 0x0A, 66*f0865ec9SKyle Evans }; 67*f0865ec9SKyle Evans static int bip0340_2_nn_random_test_vector(nn_t out, nn_src_t q) 68*f0865ec9SKyle Evans { 69*f0865ec9SKyle Evans int ret, cmp; 70*f0865ec9SKyle Evans 71*f0865ec9SKyle Evans /* 72*f0865ec9SKyle Evans * Fixed auxiliary random for BIP0340 73*f0865ec9SKyle Evans * Test vectors from: 74*f0865ec9SKyle Evans * https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv 75*f0865ec9SKyle Evans */ 76*f0865ec9SKyle Evans const u8 k_buf[] = { 77*f0865ec9SKyle Evans 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 78*f0865ec9SKyle Evans }; 79*f0865ec9SKyle Evans 80*f0865ec9SKyle Evans ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 81*f0865ec9SKyle Evans ret = nn_cmp(out, q, &cmp); EG(ret, err); 82*f0865ec9SKyle Evans 83*f0865ec9SKyle Evans ret = (cmp >= 0) ? -1 : 0; 84*f0865ec9SKyle Evans 85*f0865ec9SKyle Evans err: 86*f0865ec9SKyle Evans return ret; 87*f0865ec9SKyle Evans } 88*f0865ec9SKyle Evans 89*f0865ec9SKyle Evans static const ec_test_case bip0340_2_test_case = { 90*f0865ec9SKyle Evans .name = "BIP0340-SHA256/secp256k1 2", 91*f0865ec9SKyle Evans .ec_str_p = &secp256k1_str_params, 92*f0865ec9SKyle Evans .priv_key = bip0340_2_test_vectors_priv_key, 93*f0865ec9SKyle Evans .priv_key_len = sizeof(bip0340_2_test_vectors_priv_key), 94*f0865ec9SKyle Evans .nn_random = bip0340_2_nn_random_test_vector, 95*f0865ec9SKyle Evans .hash_type = SHA256, 96*f0865ec9SKyle Evans .msg = "\x24\x3F\x6A\x88\x85\xA3\x08\xD3\x13\x19\x8A\x2E\x03\x70\x73\x44\xA4\x09\x38\x22\x29\x9F\x31\xD0\x08\x2E\xFA\x98\xEC\x4E\x6C\x89", 97*f0865ec9SKyle Evans .msglen = 32, 98*f0865ec9SKyle Evans .sig_type = BIP0340, 99*f0865ec9SKyle Evans .exp_sig = bip0340_2_test_vectors_expected_sig, 100*f0865ec9SKyle Evans .exp_siglen = sizeof(bip0340_2_test_vectors_expected_sig), 101*f0865ec9SKyle Evans .adata = NULL, 102*f0865ec9SKyle Evans .adata_len = 0 103*f0865ec9SKyle Evans }; 104*f0865ec9SKyle Evans 105*f0865ec9SKyle Evans /************************************************/ 106*f0865ec9SKyle Evans static const u8 bip0340_3_test_vectors_priv_key[] = { 107*f0865ec9SKyle Evans 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x14, 0xE5, 0xC9, 108*f0865ec9SKyle Evans }; 109*f0865ec9SKyle Evans static const u8 bip0340_3_test_vectors_expected_sig[] = { 110*f0865ec9SKyle Evans 0x58, 0x31, 0xAA, 0xEE, 0xD7, 0xB4, 0x4B, 0xB7, 0x4E, 0x5E, 0xAB, 0x94, 0xBA, 0x9D, 0x42, 0x94, 0xC4, 0x9B, 0xCF, 0x2A, 0x60, 0x72, 0x8D, 0x8B, 0x4C, 0x20, 0x0F, 0x50, 0xDD, 0x31, 0x3C, 0x1B, 0xAB, 0x74, 0x58, 0x79, 0xA5, 0xAD, 0x95, 0x4A, 0x72, 0xC4, 0x5A, 0x91, 0xC3, 0xA5, 0x1D, 0x3C, 0x7A, 0xDE, 0xA9, 0x8D, 0x82, 0xF8, 0x48, 0x1E, 0x0E, 0x1E, 0x03, 0x67, 0x4A, 0x6F, 0x3F, 0xB7, 111*f0865ec9SKyle Evans }; 112*f0865ec9SKyle Evans static int bip0340_3_nn_random_test_vector(nn_t out, nn_src_t q) 113*f0865ec9SKyle Evans { 114*f0865ec9SKyle Evans int ret, cmp; 115*f0865ec9SKyle Evans 116*f0865ec9SKyle Evans /* 117*f0865ec9SKyle Evans * Fixed auxiliary random for BIP0340 118*f0865ec9SKyle Evans * Test vectors from: 119*f0865ec9SKyle Evans * https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv 120*f0865ec9SKyle Evans */ 121*f0865ec9SKyle Evans const u8 k_buf[] = { 122*f0865ec9SKyle Evans 0xC8, 0x7A, 0xA5, 0x38, 0x24, 0xB4, 0xD7, 0xAE, 0x2E, 0xB0, 0x35, 0xA2, 0xB5, 0xBB, 0xBC, 0xCC, 0x08, 0x0E, 0x76, 0xCD, 0xC6, 0xD1, 0x69, 0x2C, 0x4B, 0x0B, 0x62, 0xD7, 0x98, 0xE6, 0xD9, 0x06, 123*f0865ec9SKyle Evans }; 124*f0865ec9SKyle Evans 125*f0865ec9SKyle Evans ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 126*f0865ec9SKyle Evans ret = nn_cmp(out, q, &cmp); EG(ret, err); 127*f0865ec9SKyle Evans 128*f0865ec9SKyle Evans ret = (cmp >= 0) ? -1 : 0; 129*f0865ec9SKyle Evans 130*f0865ec9SKyle Evans err: 131*f0865ec9SKyle Evans return ret; 132*f0865ec9SKyle Evans } 133*f0865ec9SKyle Evans 134*f0865ec9SKyle Evans static const ec_test_case bip0340_3_test_case = { 135*f0865ec9SKyle Evans .name = "BIP0340-SHA256/secp256k1 3", 136*f0865ec9SKyle Evans .ec_str_p = &secp256k1_str_params, 137*f0865ec9SKyle Evans .priv_key = bip0340_3_test_vectors_priv_key, 138*f0865ec9SKyle Evans .priv_key_len = sizeof(bip0340_3_test_vectors_priv_key), 139*f0865ec9SKyle Evans .nn_random = bip0340_3_nn_random_test_vector, 140*f0865ec9SKyle Evans .hash_type = SHA256, 141*f0865ec9SKyle Evans .msg = "\x7E\x2D\x58\xD8\xB3\xBC\xDF\x1A\xBA\xDE\xC7\x82\x90\x54\xF9\x0D\xDA\x98\x05\xAA\xB5\x6C\x77\x33\x30\x24\xB9\xD0\xA5\x08\xB7\x5C", 142*f0865ec9SKyle Evans .msglen = 32, 143*f0865ec9SKyle Evans .sig_type = BIP0340, 144*f0865ec9SKyle Evans .exp_sig = bip0340_3_test_vectors_expected_sig, 145*f0865ec9SKyle Evans .exp_siglen = sizeof(bip0340_3_test_vectors_expected_sig), 146*f0865ec9SKyle Evans .adata = NULL, 147*f0865ec9SKyle Evans .adata_len = 0 148*f0865ec9SKyle Evans }; 149*f0865ec9SKyle Evans 150*f0865ec9SKyle Evans /************************************************/ 151*f0865ec9SKyle Evans static const u8 bip0340_4_test_vectors_priv_key[] = { 152*f0865ec9SKyle Evans 0x0B, 0x43, 0x2B, 0x26, 0x77, 0x93, 0x73, 0x81, 0xAE, 0xF0, 0x5B, 0xB0, 0x2A, 0x66, 0xEC, 0xD0, 0x12, 0x77, 0x30, 0x62, 0xCF, 0x3F, 0xA2, 0x54, 0x9E, 0x44, 0xF5, 0x8E, 0xD2, 0x40, 0x17, 0x10, 153*f0865ec9SKyle Evans }; 154*f0865ec9SKyle Evans static const u8 bip0340_4_test_vectors_expected_sig[] = { 155*f0865ec9SKyle Evans 0x7E, 0xB0, 0x50, 0x97, 0x57, 0xE2, 0x46, 0xF1, 0x94, 0x49, 0x88, 0x56, 0x51, 0x61, 0x1C, 0xB9, 0x65, 0xEC, 0xC1, 0xA1, 0x87, 0xDD, 0x51, 0xB6, 0x4F, 0xDA, 0x1E, 0xDC, 0x96, 0x37, 0xD5, 0xEC, 0x97, 0x58, 0x2B, 0x9C, 0xB1, 0x3D, 0xB3, 0x93, 0x37, 0x05, 0xB3, 0x2B, 0xA9, 0x82, 0xAF, 0x5A, 0xF2, 0x5F, 0xD7, 0x88, 0x81, 0xEB, 0xB3, 0x27, 0x71, 0xFC, 0x59, 0x22, 0xEF, 0xC6, 0x6E, 0xA3, 156*f0865ec9SKyle Evans }; 157*f0865ec9SKyle Evans static int bip0340_4_nn_random_test_vector(nn_t out, nn_src_t q) 158*f0865ec9SKyle Evans { 159*f0865ec9SKyle Evans int ret, cmp; 160*f0865ec9SKyle Evans 161*f0865ec9SKyle Evans /* 162*f0865ec9SKyle Evans * Fixed auxiliary random for BIP0340 163*f0865ec9SKyle Evans * Test vectors from: 164*f0865ec9SKyle Evans * https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv 165*f0865ec9SKyle Evans */ 166*f0865ec9SKyle Evans const u8 k_buf[] = { 167*f0865ec9SKyle Evans 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 168*f0865ec9SKyle Evans }; 169*f0865ec9SKyle Evans 170*f0865ec9SKyle Evans ret = nn_init_from_buf(out, k_buf, sizeof(k_buf)); EG(ret, err); 171*f0865ec9SKyle Evans ret = nn_cmp(out, q, &cmp); EG(ret, err); 172*f0865ec9SKyle Evans 173*f0865ec9SKyle Evans ret = (cmp >= 0) ? -1 : 0; 174*f0865ec9SKyle Evans 175*f0865ec9SKyle Evans err: 176*f0865ec9SKyle Evans return ret; 177*f0865ec9SKyle Evans } 178*f0865ec9SKyle Evans 179*f0865ec9SKyle Evans static const ec_test_case bip0340_4_test_case = { 180*f0865ec9SKyle Evans .name = "BIP0340-SHA256/secp256k1 4", 181*f0865ec9SKyle Evans .ec_str_p = &secp256k1_str_params, 182*f0865ec9SKyle Evans .priv_key = bip0340_4_test_vectors_priv_key, 183*f0865ec9SKyle Evans .priv_key_len = sizeof(bip0340_4_test_vectors_priv_key), 184*f0865ec9SKyle Evans .nn_random = bip0340_4_nn_random_test_vector, 185*f0865ec9SKyle Evans .hash_type = SHA256, 186*f0865ec9SKyle Evans .msg = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 187*f0865ec9SKyle Evans .msglen = 32, 188*f0865ec9SKyle Evans .sig_type = BIP0340, 189*f0865ec9SKyle Evans .exp_sig = bip0340_4_test_vectors_expected_sig, 190*f0865ec9SKyle Evans .exp_siglen = sizeof(bip0340_4_test_vectors_expected_sig), 191*f0865ec9SKyle Evans .adata = NULL, 192*f0865ec9SKyle Evans .adata_len = 0 193*f0865ec9SKyle Evans }; 194*f0865ec9SKyle Evans 195*f0865ec9SKyle Evans #endif 196*f0865ec9SKyle Evans 197*f0865ec9SKyle Evans /************************************************/ 198*f0865ec9SKyle Evans #define BIP0340_ALL_TESTS() \ 199*f0865ec9SKyle Evans &bip0340_1_test_case, \ 200*f0865ec9SKyle Evans &bip0340_2_test_case, \ 201*f0865ec9SKyle Evans &bip0340_3_test_case, \ 202*f0865ec9SKyle Evans &bip0340_4_test_case, 203*f0865ec9SKyle Evans 204*f0865ec9SKyle Evans #endif /* __BIP0340_TEST_VECTORS_H__ */ 205