mleku/libsecp256k1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b4756543028065b3ae6f30e9e6d7f1ecf2bb08c6
libsecp256k1/tools/tests_wycheproof_generate_ecdh.py
RandomLattice e266ba11ae tests: Add Wycheproof ECDH vectors 
Adds a test for the ECDH module using the Wycheproof vectors.
We use a python script to convert the JSON-formatted vectors
into C code, in the same spirit as https://github.com/bitcoin-core/secp256k1/pull/1245

Co-authored-by: Sean Andersen <6730974+andozw@users.noreply.github.com>
2025-05-12 11:27:45 -04:00

167 lines
5.8 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/env python3
# Copyright (c) 2024 Random "Randy" Lattice and Sean Andersen
# Distributed under the MIT software license, see the accompanying
# file COPYING or https://www.opensource.org/licenses/mit-license.php.
'''
Generate a C file with ECDH testvectors from the Wycheproof project.
'''
import json
import sys
from binascii import hexlify, unhexlify
from wycheproof_utils import to_c_array
def should_skip_flags(test_vector_flags):
# skip these vectors because they are for ASN.1 encoding issues and other curves.
# for more details, see https://github.com/bitcoin-core/secp256k1/pull/1492#discussion_r1572491546
flags_to_skip = {"InvalidAsn", "WrongCurve"}
return any(flag in test_vector_flags for flag in flags_to_skip)
def should_skip_tcid(test_vector_tcid):
# We skip some test case IDs that have a public key whose custom ASN.1 representation explicitly
# encodes some curve parameters that are invalid. libsecp256k1 never parses this part so we do
# not care testing those. See https://github.com/bitcoin-core/secp256k1/pull/1492#discussion_r1572491546
tcids_to_skip = [496, 497, 502, 503, 504, 505, 507]
return test_vector_tcid in tcids_to_skip
# Rudimentary ASN.1 DER public key parser.
# This should not be used for anything other than parsing Wycheproof test vectors.
def parse_der_pk(s):
tag = s[0]
L = int(s[1])
offset = 0
if L & 0x80:
if L == 0x81:
L = int(s[2])
offset = 1
elif L == 0x82:
L = 256 * int(s[2]) + int(s[3])
offset = 2
else:
raise ValueError("invalid L")
value = s[(offset + 2):(L + 2 + offset)]
rest = s[(L + 2 + offset):]
if len(rest) > 0 or tag == 0x06: # OBJECT IDENTIFIER
return parse_der_pk(rest)
if tag == 0x03: # BIT STRING
return value
if tag == 0x30: # SEQUENCE
return parse_der_pk(value)
raise ValueError("unknown tag")
def parse_public_key(pk):
der_pub_key = parse_der_pk(unhexlify(pk)) # Convert back to str and strip off the `0x`
return hexlify(der_pub_key).decode()[2:]
def normalize_private_key(sk):
# Ensure the private key is at most 64 characters long, retaining the last 64 if longer.
# In the wycheproof test vectors, some private keys have leading zeroes
normalized = sk[-64:].zfill(64)
if len(normalized) != 64:
raise ValueError("private key must be exactly 64 characters long.")
return normalized
def normalize_expected_result(er):
result_mapping = {"invalid": 0, "valid": 1, "acceptable": 1}
return result_mapping[er]
filename_input = sys.argv[1]
with open(filename_input) as f:
doc = json.load(f)
num_vectors = 0
offset_sk_running, offset_pk_running, offset_shared = 0, 0, 0
test_vectors_out = ""
private_keys = ""
shared_secrets = ""
public_keys = ""
cache_sks = {}
cache_public_keys = {}
for group in doc['testGroups']:
assert group["type"] == "EcdhTest"
assert group["curve"] == "secp256k1"
for test_vector in group['tests']:
if should_skip_flags(test_vector['flags']) or should_skip_tcid(test_vector['tcId']):
continue
public_key = parse_public_key(test_vector['public'])
private_key = normalize_private_key(test_vector['private'])
expected_result = normalize_expected_result(test_vector['result'])
# // 2 to convert hex to byte length
shared_size = len(test_vector['shared']) // 2
sk_size = len(private_key) // 2
pk_size = len(public_key) // 2
new_sk = False
sk = to_c_array(private_key)
sk_offset = offset_sk_running
# check for repeated sk
if sk not in cache_sks:
if num_vectors != 0 and sk_size != 0:
private_keys += ",\n "
cache_sks[sk] = offset_sk_running
private_keys += sk
new_sk = True
else:
sk_offset = cache_sks[sk]
new_pk = False
pk = to_c_array(public_key) if public_key != '0x' else ''
pk_offset = offset_pk_running
# check for repeated pk
if pk not in cache_public_keys:
if num_vectors != 0 and len(pk) != 0:
public_keys += ",\n "
cache_public_keys[pk] = offset_pk_running
public_keys += pk
new_pk = True
else:
pk_offset = cache_public_keys[pk]
shared_secrets += ",\n " if num_vectors and shared_size else ""
shared_secrets += to_c_array(test_vector['shared'])
wycheproof_tcid = test_vector['tcId']
test_vectors_out += " /" + "* tcId: " + str(test_vector['tcId']) + ". " + test_vector['comment'] + " *" + "/\n"
test_vectors_out += f" {{{pk_offset}, {pk_size}, {sk_offset}, {sk_size}, {offset_shared}, {shared_size}, {expected_result}, {wycheproof_tcid} }},\n"
if new_sk:
offset_sk_running += sk_size
if new_pk:
offset_pk_running += pk_size
offset_shared += shared_size
num_vectors += 1
struct_definition = """
typedef struct {
size_t pk_offset;
size_t pk_len;
size_t sk_offset;
size_t sk_len;
size_t shared_offset;
size_t shared_len;
int expected_result;
int wycheproof_tcid;
} wycheproof_ecdh_testvector;
"""
print("/* Note: this file was autogenerated using tests_wycheproof_ecdh.py. Do not edit. */")
print(f"#define SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS ({num_vectors})")
print(struct_definition)
print("static const unsigned char wycheproof_ecdh_private_keys[] = { " + private_keys + "};\n")
print("static const unsigned char wycheproof_ecdh_public_keys[] = { " + public_keys + "};\n")
print("static const unsigned char wycheproof_ecdh_shared_secrets[] = { " + shared_secrets + "};\n")
print("static const wycheproof_ecdh_testvector testvectors[SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS] = {")
print(test_vectors_out)
print("};")
Reference in New Issue View Git Blame Copy Permalink