From 12cc9a4fcbc628b908652c8a47ae9cf9add56fa3 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 25 Apr 2015 18:06:22 +0100 Subject: Script for generating SECP256K1 vectors --- .../custom-vectors/secp256k1/generate_secp256k1.py | 89 ++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 docs/development/custom-vectors/secp256k1/generate_secp256k1.py (limited to 'docs/development') diff --git a/docs/development/custom-vectors/secp256k1/generate_secp256k1.py b/docs/development/custom-vectors/secp256k1/generate_secp256k1.py new file mode 100644 index 00000000..502a3ff6 --- /dev/null +++ b/docs/development/custom-vectors/secp256k1/generate_secp256k1.py @@ -0,0 +1,89 @@ +from __future__ import absolute_import, print_function + +import hashlib +import os +from binascii import hexlify +from collections import defaultdict + +from ecdsa import SECP256k1, SigningKey +from ecdsa.util import sigdecode_der, sigencode_der + +from cryptography_vectors import open_vector_file + +from tests.utils import ( + load_fips_ecdsa_signing_vectors, load_vectors_from_file +) + +HASHLIB_HASH_TYPES = { + "SHA-1": hashlib.sha1, + "SHA-224": hashlib.sha224, + "SHA-256": hashlib.sha256, + "SHA-384": hashlib.sha384, + "SHA-512": hashlib.sha512, +} + + +class TruncatedHash(object): + def __init__(self, hasher): + self.hasher = hasher + + def __call__(self, data): + self.hasher.update(data) + return self + + def digest(self): + return self.hasher.digest()[:256 // 8] + + +def build_vectors(fips_vectors): + vectors = defaultdict(list) + for vector in fips_vectors: + vectors[vector['digest_algorithm']].append(vector['message']) + + for digest_algorithm, messages in vectors.items(): + if digest_algorithm not in HASHLIB_HASH_TYPES: + continue + + yield "" + yield "[K-256,{0}]".format(digest_algorithm) + yield "" + + for message in messages: + # Make a hash context + hash_func = TruncatedHash(HASHLIB_HASH_TYPES[digest_algorithm]()) + + # Sign the message using warner/ecdsa + secret_key = SigningKey.generate(curve=SECP256k1) + public_key = secret_key.get_verifying_key() + signature = secret_key.sign(message, hashfunc=hash_func, + sigencode=sigencode_der) + + r, s = sigdecode_der(signature, None) + + yield "Msg = {0}".format(hexlify(message)) + yield "d = {0:x}".format(secret_key.privkey.secret_multiplier) + yield "Qx = {0:x}".format(public_key.pubkey.point.x()) + yield "Qy = {0:x}".format(public_key.pubkey.point.y()) + yield "R = {0:x}".format(r) + yield "S = {0:x}".format(s) + yield "" + + +def write_file(lines, dest): + for line in lines: + print(line) + print(line, file=dest) + +source_path = os.path.join("asymmetric", "ECDSA", "FIPS_186-3", "SigGen.txt") +dest_path = os.path.join("asymmetric", "ECDSA", "SECP256K1", "SigGen.txt") + +fips_vectors = load_vectors_from_file( + source_path, + load_fips_ecdsa_signing_vectors +) + +with open_vector_file(dest_path, "w") as dest_file: + write_file( + build_vectors(fips_vectors), + dest_file + ) -- cgit v1.2.3 From fddf29ff64919ea6b885469e0bb47045f6ea22b9 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sun, 3 May 2015 12:15:55 +0100 Subject: Verification script --- .../custom-vectors/secp256k1/verify_secp256k1.py | 59 ++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 docs/development/custom-vectors/secp256k1/verify_secp256k1.py (limited to 'docs/development') diff --git a/docs/development/custom-vectors/secp256k1/verify_secp256k1.py b/docs/development/custom-vectors/secp256k1/verify_secp256k1.py new file mode 100644 index 00000000..3d2c25b9 --- /dev/null +++ b/docs/development/custom-vectors/secp256k1/verify_secp256k1.py @@ -0,0 +1,59 @@ +from __future__ import absolute_import, print_function + +import os + +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.hazmat.primitives.asymmetric.utils import ( + encode_rfc6979_signature +) + +from tests.utils import ( + load_fips_ecdsa_signing_vectors, load_vectors_from_file +) + +CRYPTOGRAPHY_HASH_TYPES = { + "SHA-1": hashes.SHA1, + "SHA-224": hashes.SHA224, + "SHA-256": hashes.SHA256, + "SHA-384": hashes.SHA384, + "SHA-512": hashes.SHA512, +} + + +def verify_one_vector(vector): + digest_algorithm = vector['digest_algorithm'] + message = vector['message'] + x = vector['x'] + y = vector['y'] + signature = encode_rfc6979_signature(vector['r'], vector['s']) + + numbers = ec.EllipticCurvePublicNumbers( + x, y, + ec.SECP256K1() + ) + + key = numbers.public_key(default_backend()) + + verifier = key.verifier( + signature, + ec.ECDSA(CRYPTOGRAPHY_HASH_TYPES[digest_algorithm]()) + ) + verifier.update(message) + return verifier.verify() + + +def verify_vectors(vectors): + for vector in vectors: + assert verify_one_vector(vector) + + +vector_path = os.path.join("asymmetric", "ECDSA", "SECP256K1", "SigGen.txt") + +secp256k1_vectors = load_vectors_from_file( + vector_path, + load_fips_ecdsa_signing_vectors +) + +verify_vectors(secp256k1_vectors) -- cgit v1.2.3 From b0deb444efc01677bedad99c89f2c64c632e0096 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 3 May 2015 10:53:45 -0500 Subject: add AKI vector --- docs/development/test-vectors.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs/development') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index f6eecfec..bc7cd640 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -160,6 +160,9 @@ Custom X.509 Vectors containing an inhibit any policy extension with the value 5. * ``inhibit_any_policy_negative.pem`` - An RSA 2048 bit self-signed certificate containing an inhibit any policy extension with the value -1. +* ``authority_key_identifier.pem`` - An RSA 2048 bit self-signed certificate + containing an authority key identifier extension with key identifier, + authority certificate issuer, and authority certificate serial number fields. Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 0d52e2a50b21f0f491a9a14a1bbe77667eab593e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 3 May 2015 11:17:12 -0500 Subject: add another authority key identifier vector --- docs/development/test-vectors.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs/development') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index bc7cd640..a170142c 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -163,6 +163,9 @@ Custom X.509 Vectors * ``authority_key_identifier.pem`` - An RSA 2048 bit self-signed certificate containing an authority key identifier extension with key identifier, authority certificate issuer, and authority certificate serial number fields. +* ``authority_key_identifier_no_keyid.pem`` - An RSA 2048 bit self-signed + certificate containing an authority key identifier extension with authority + certificate issuer and authority certificate serial number fields. Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From e54478f5194474ea1be4f4a3e3ca2dde9b3df2ed Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sun, 3 May 2015 11:38:36 +0100 Subject: Docs for custom secp256k1 vectors --- docs/development/custom-vectors/secp256k1.rst | 32 +++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 docs/development/custom-vectors/secp256k1.rst (limited to 'docs/development') diff --git a/docs/development/custom-vectors/secp256k1.rst b/docs/development/custom-vectors/secp256k1.rst new file mode 100644 index 00000000..b19bf4e4 --- /dev/null +++ b/docs/development/custom-vectors/secp256k1.rst @@ -0,0 +1,32 @@ +SECP256K1 vector creation +========================= + +This page documents the code that was used to generate the SECP256K1 elliptic +curve test vectors as well as code used to verify them against another +implementation. + + +Creation +-------- + +The vectors are generated using a `pure Python ecdsa`_ implementation. The test +messages and combinations of algorithms are derived from the NIST vector data. + +.. literalinclude:: /development/custom-vectors/secp256k1/generate_secp256k1.py + +Download link: :download:`generate_secp256k1.py +` + + +Verification +------------ + +``cryptography`` was modified to support the SECP256K1 curve. Then +the following python script was run to generate the vector files. + +.. literalinclude:: /development/custom-vectors/secp256k1/verify_secp256k1.py + +Download link: :download:`verify_secp256k1.py +` + +.. _`pure Python ecdsa`: https://pypi.python.org/pypi/ecdsa -- cgit v1.2.3 From e0afa5d8394e32369a0bec9486b5eb44193412b6 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sun, 3 May 2015 18:14:20 +0100 Subject: Add new vectors to the docs --- docs/development/test-vectors.rst | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'docs/development') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index f6eecfec..7edf01ab 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -37,9 +37,14 @@ Asymmetric ciphers Ruby test suite. -Custom Asymmetric Vectors +Custom asymmetric vectors ~~~~~~~~~~~~~~~~~~~~~~~~~ +.. toctree:: + :maxdepth: 1 + + custom-vectors/secp256k1 + * ``asymmetric/PEM_Serialization/ec_private_key.pem`` and ``asymmetric/DER_Serialization/ec_private_key.der`` - Contains an Elliptic Curve key generated by OpenSSL from the curve ``secp256r1``. @@ -78,6 +83,7 @@ Custom Asymmetric Vectors ``asymmetric/public/PKCS1/rsa.pub.der`` are PKCS1 conversions of the public key from ``asymmetric/PKCS8/unenc-rsa-pkcs8.pem`` using PEM and DER encoding. + Key exchange ~~~~~~~~~~~~ -- cgit v1.2.3 From 64c82e0f20a1908c6f73549c261373d369d1202e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 4 May 2015 17:38:52 -0500 Subject: add some authority information access x509 vectors --- docs/development/test-vectors.rst | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'docs/development') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 77ec6259..41531f7b 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -172,6 +172,13 @@ Custom X.509 Vectors * ``authority_key_identifier_no_keyid.pem`` - An RSA 2048 bit self-signed certificate containing an authority key identifier extension with authority certificate issuer and authority certificate serial number fields. +* ``aia_ocsp_ca_issuers.pem`` - An RSA 2048 bit self-signed certificate + containing an authority information access extension with two OCSP and one + CA issuers entry. +* ``aia_ocsp.pem`` - An RSA 2048 bit self-signed certificate + containing an authority information access extension with an OCSP entry. +* ``aia_ca_issuers.pem`` - An RSA 2048 bit self-signed certificate + containing an authority information access extension with a CA issuers entry. Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 28d5421f61050ea601e14b713496024ef50a94bb Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 10 May 2015 14:58:21 -0500 Subject: add CRL distribution points vectors --- docs/development/test-vectors.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'docs/development') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 41531f7b..40331f89 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -179,6 +179,11 @@ Custom X.509 Vectors containing an authority information access extension with an OCSP entry. * ``aia_ca_issuers.pem`` - An RSA 2048 bit self-signed certificate containing an authority information access extension with a CA issuers entry. +* ``cdp_fullname_reasons_crl_issuer.pem`` - An RSA 1024 bit certificate + containing a CRL distribution points extension with ``fullName``, + ``cRLIssuer``, and ``reasons`` data. +* ``cdp_crl_issuer.pem`` - An RSA 1024 bit certificate containing a CRL + distribution points extension with ``cRLIssuer`` data. Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From cdfe0f987ac853b77094693923bf9f7d43917d39 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 11 May 2015 20:00:29 -0500 Subject: add certificate policies vectors --- docs/development/test-vectors.rst | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'docs/development') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 40331f89..3d49801d 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -184,6 +184,14 @@ Custom X.509 Vectors ``cRLIssuer``, and ``reasons`` data. * ``cdp_crl_issuer.pem`` - An RSA 1024 bit certificate containing a CRL distribution points extension with ``cRLIssuer`` data. +* ``cp_user_notice_with_notice_reference.pem`` - An RSA 2048 bit self-signed + certificate containing a certificate policies extension with a + notice reference in the user notice. +* ``cp_user_notice_with_explicit_text.pem`` - An RSA 2048 bit self-signed + certificate containing a certificate policies extension with explicit + text and no notice reference. +* ``cp_cps_uri.pem`` - An RSA 2048 bit self-signed certificate containing a + certificate policies extension with a CPS URI and no user notice. Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 5ac41547b893dbb69b1b02fb21214d6b8115a843 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 12 May 2015 16:04:52 -0500 Subject: add another certificate policies test vector --- docs/development/test-vectors.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs/development') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 3d49801d..824fb57f 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -192,6 +192,9 @@ Custom X.509 Vectors text and no notice reference. * ``cp_cps_uri.pem`` - An RSA 2048 bit self-signed certificate containing a certificate policies extension with a CPS URI and no user notice. +* ``cp_user_notice_no_explicit_text.pem`` - An RSA 2048 bit self-signed + certificate containing a certificate policies extension with a user notice + with no explicit text. Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 208d678f3b172d33748647be3389a2482bb87163 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 12 May 2015 23:09:13 -0500 Subject: more CDP vectors! --- docs/development/test-vectors.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'docs/development') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 824fb57f..6f61a7ee 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -184,6 +184,11 @@ Custom X.509 Vectors ``cRLIssuer``, and ``reasons`` data. * ``cdp_crl_issuer.pem`` - An RSA 1024 bit certificate containing a CRL distribution points extension with ``cRLIssuer`` data. +* ``cdp_all_reasons.pem`` - An RSA 1024 bit certificate containing a CRL + distribution points extension with all ``reasons`` bits set. +* ``cdp_reason_aa_compromise.pem`` - An RSA 1024 bit certificate containing a + CRL distribution points extension with the ``AACompromise`` ``reasons`` bit + set. * ``cp_user_notice_with_notice_reference.pem`` - An RSA 2048 bit self-signed certificate containing a certificate policies extension with a notice reference in the user notice. -- cgit v1.2.3