studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity

chore: checkpoint before Python removal

Browse Source
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-26 22:33:59 +00:00
parent 683cec9307
commit e568ddf82a
29972 changed files with 11269302 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
vendor/p384/.cargo-checksum.json vendored Normal file
View File

@@ -0,0 +1 @@
{"files":{".cargo_vcs_info.json":"74300cce76b790d5777e8a8699a827761aae2ede789331fc035c80b4ca110d8d","CHANGELOG.md":"f435e4f7856912147bf2a2beb1a28a627460cfbcf362a6d3d10d26c4cb3429c1","Cargo.lock":"2681ddecd34ab09469602915d3a777465d8c9c4189f0780615686e35543392c5","Cargo.toml":"d0c0d4a64a3f2c5d9983430b95e475ff0cd065e079fdfc669f136c0b1eec7dd3","Cargo.toml.orig":"47318555486ab2db1c3964eb8f480dc0b91aca6eb8095b20e9c5b93a5f20e4de","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"02168781a5b59970e3da1784d2eb69f432598a3757f283dbffdafd9d483a9113","README.md":"2512548923d3d6456e62d3eb9636fd4da29a5869603801ef5641f080ce26c3c4","benches/field.rs":"54c4b208e912df33c8d4d5cd7cbdca1eee74af0947efa5ec28ae9af6c89c9f64","benches/scalar.rs":"78918113cfc3b95c482b559e1b1bbebd2a57773c016a5297ede9f0d7ed510d75","src/arithmetic.rs":"c002a95cff8864bbc020684a3a77db0fa051526813c2518e1126b0662e8f5e63","src/arithmetic/field.rs":"2312dcd61fec0efa21ccfc415ad11902a21f9187bfbb5f5fd554cb020295249b","src/arithmetic/field/p384_32.rs":"1def90836f25537e2805986677c81c81fe834d40b797e33ea731164e2d8f45d1","src/arithmetic/field/p384_64.rs":"9bcaf6827ff73466ad7f7ba39a293496f90d56bb02da5fe89a89da113749114e","src/arithmetic/hash2curve.rs":"7f832745e5d88b10341e6f30c6d67086c8a459029a7dbb8dee674c4ca36eebd6","src/arithmetic/macros.rs":"31dc0d8a146d05146075a6f4a5926473685b997484fb22fc04d2902ff3cf2b57","src/arithmetic/scalar.rs":"60d673ae33c06f17a6d32073f747dee51eb478d253c40dda49270490e17651a7","src/arithmetic/scalar/p384_scalar_32.rs":"58ee4d399abef049e60b3c4a3b93d2b55a06be7445ee9b093525a7d7044d1665","src/arithmetic/scalar/p384_scalar_64.rs":"95e7dca27530c0ec8fd603b3b11b63fd2e24856de037fb95fe5a87c4135429a3","src/ecdh.rs":"bb12ec4da320e90c31ac5a508586acb9cf0235c267d4f1dffd0bfe1032e193fa","src/ecdsa.rs":"4e6cf2ece8264f7c8d72b5bc27a6ffe66aec75c37eb27e0b2a53938ccf4735a7","src/lib.rs":"d3015d5d4c727be874e0062e0203abf18fa1041ba8c877fb6be5a84e95f57f0c","src/test_vectors.rs":"bf003ed537b66c01d30335035a1e5a2fe50a8fb0ae8b3061cc0ad6de86aceb45","src/test_vectors/data/wycheproof.blb":"d4918982427a6fe9a98c48a03bc6a414077da3599c6f9a5f967a6ff7814a3b49","src/test_vectors/ecdsa.rs":"595dae618074b5957c763a84846a8c3ff22083e4c223649590f0174766b8759b","src/test_vectors/group.rs":"60d64a2b9b81aa6c7f15771f55e51bbc099281da65cd7611a33ee95ff9fb3ee9","tests/affine.rs":"832877faa0741957ea774ab52d572041c625694f2161b497c83160e2f4a28e6f","tests/projective.rs":"8d507cdd37524f9859ec8daa1579d9c11a41aad891b820550b626533f5b05b7c"},"package":"fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6"}

6
vendor/p384/.cargo_vcs_info.json vendored Normal file
View File

@@ -0,0 +1,6 @@
{
"git": {
"sha1": "409fd29e00f91cea6cb4f7b632326670e0162388"
},
"path_in_vcs": "p384"
}

211
vendor/p384/CHANGELOG.md vendored Normal file
View File

@@ -0,0 +1,211 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## 0.13.1 (2025-02-06)
### Fixed
- Remove unused fiat-crypto variables ([#1035])
[#1035]: https://github.com/RustCrypto/elliptic-curves/pull/1035
## 0.13.0 (2023-03-03)
### Added
- `PrimeField` constants/tests ([#730], [#737], [#738])
- `const fn` inversions for all field elements ([#736])
### Changed
- `FieldBytesEncoding` trait impls ([#732])
- Update `hash2curve` implementations to new API ([#735])
- Impl `Invert` trait for `Scalar` types ([#741])
- Bump `ecdsa` dependency to v0.16 ([#770])
- Bump `elliptic-curve` dependency to v0.13 ([#770])
- Bump `primeorder` dependency to v0.13 ([#777])
### Fixed
- Point compactabtility check ([#772])
[#730]: https://github.com/RustCrypto/elliptic-curves/pull/730
[#732]: https://github.com/RustCrypto/elliptic-curves/pull/732
[#735]: https://github.com/RustCrypto/elliptic-curves/pull/735
[#736]: https://github.com/RustCrypto/elliptic-curves/pull/736
[#737]: https://github.com/RustCrypto/elliptic-curves/pull/737
[#738]: https://github.com/RustCrypto/elliptic-curves/pull/738
[#741]: https://github.com/RustCrypto/elliptic-curves/pull/741
[#770]: https://github.com/RustCrypto/elliptic-curves/pull/770
[#772]: https://github.com/RustCrypto/elliptic-curves/pull/772
[#777]: https://github.com/RustCrypto/elliptic-curves/pull/777
## 0.12.0 (2023-01-16)
### Added
- `alloc` feature ([#670])
- Constructors for `Scalar` from `u128` ([#709])
### Changed
- Use generic curve arithmetic implementation from `primeorder` crate ([#631], [#716])
- Use weak feature activation; MSRV 1.60 ([#701])
- Bump `ecdsa` dependency to v0.15 ([#713])
[#631]: https://github.com/RustCrypto/elliptic-curves/pull/631
[#670]: https://github.com/RustCrypto/elliptic-curves/pull/670
[#701]: https://github.com/RustCrypto/elliptic-curves/pull/701
[#709]: https://github.com/RustCrypto/elliptic-curves/pull/709
[#713]: https://github.com/RustCrypto/elliptic-curves/pull/713
[#716]: https://github.com/RustCrypto/elliptic-curves/pull/716
## 0.11.2 (2022-08-03)
### Added
- Re-export low-level `diffie_hellman` function ([#627])
[#627]: https://github.com/RustCrypto/elliptic-curves/pull/627
## 0.11.1 (2022-06-12)
### Added
- RFC6979 test vectors ([#591])
- Impl `serde::{Serialize, Deserialize}` for `Scalar` ([#604])
### Changed
- Use generic prime order formulas ([#601])
[#591]: https://github.com/RustCrypto/elliptic-curves/pull/591
[#601]: https://github.com/RustCrypto/elliptic-curves/pull/601
[#604]: https://github.com/RustCrypto/elliptic-curves/pull/604
## 0.11.0 (2022-06-03)
### Added
- Arithmetic implementation ([#565], [#573])
- Addition formulas from Renes-Costello-Batina 2015, adapted from
@str4d's implementation in the `p256` crate
- `FieldElement::{invert, sqrt}` implementations
- `Scalar::{invert, sqrt}` implementations
- Scalar field implementation generated using `fiat-crypto`
- Scalar multiplication using 4-bit window ala [#563]
- ECDH support using generic implementation from `elliptic-curve`
- ECDSA support using generic implementation from the `ecdsa` crate
- Wycheproof test vectors ([#574])
- `const fn` field arithmetic ([#589], [#590])
[#563]: https://github.com/RustCrypto/elliptic-curves/pull/563
[#565]: https://github.com/RustCrypto/elliptic-curves/pull/565
[#573]: https://github.com/RustCrypto/elliptic-curves/pull/573
[#574]: https://github.com/RustCrypto/elliptic-curves/pull/574
[#589]: https://github.com/RustCrypto/elliptic-curves/pull/589
[#590]: https://github.com/RustCrypto/elliptic-curves/pull/590
## 0.10.0 (2022-05-09)
### Changed
- Bump `digest` to v0.10 ([#515])
- Have `pkcs8` feature activate `ecdsa/pkcs8` ([#538])
- Bump `elliptic-curve` to v0.12 ([#544])
- Bump `ecdsa` to v0.14 ([#544])
[#515]: https://github.com/RustCrypto/elliptic-curves/pull/515
[#538]: https://github.com/RustCrypto/elliptic-curves/pull/538
[#544]: https://github.com/RustCrypto/elliptic-curves/pull/544
## 0.9.0 (2021-12-14)
### Added
- `serde` feature ([#463])
### Changed
- Use `sec1` crate for `EncodedPoint` type ([#435])
- Rust 2021 edition upgrade; MSRV 1.56+ ([#453])
- Bump `elliptic-curve` crate dependency to v0.11 ([#466])
- Bump `ecdsa` crate dependency to v0.13 ([#467])
[#435]: https://github.com/RustCrypto/elliptic-curves/pull/435
[#453]: https://github.com/RustCrypto/elliptic-curves/pull/453
[#463]: https://github.com/RustCrypto/elliptic-curves/pull/463
[#466]: https://github.com/RustCrypto/elliptic-curves/pull/466
[#467]: https://github.com/RustCrypto/elliptic-curves/pull/467
## 0.8.0 (2021-06-08)
### Changed
- Bump `elliptic-curve` to v0.10; MSRV 1.51+ ([#349])
- Bump `ecdsa` to v0.12 ([#349])
[#349]: https://github.com/RustCrypto/elliptic-curves/pull/349
## 0.7.0 (2021-04-29)
### Added
- `jwk` feature ([#279])
- `Order` constant ([#328])
### Changed
- Rename `ecdsa::Asn1Signature` to `::DerSignature` ([#288])
- Bump `elliptic-curve` crate dependency to v0.9 ([#293])
- Bump `pkcs8` crate dependency to v0.6 ([#319])
- Bump `ecdsa` crate dependency to v0.11 ([#330])
[#279]: https://github.com/RustCrypto/elliptic-curves/pull/279
[#288]: https://github.com/RustCrypto/elliptic-curves/pull/288
[#293]: https://github.com/RustCrypto/elliptic-curves/pull/293
[#319]: https://github.com/RustCrypto/elliptic-curves/pull/319
[#328]: https://github.com/RustCrypto/elliptic-curves/pull/328
[#330]: https://github.com/RustCrypto/elliptic-curves/pull/330
## 0.6.1 (2020-12-16)
### Fixed
- Trigger docs.rs rebuild with nightly bugfix ([RustCrypto/traits#412])
[RustCrypto/traits#412]: https://github.com/RustCrypto/traits/pull/412
## 0.6.0 (2020-12-16)
### Changed
- Bump `elliptic-curve` dependency to v0.8 ([#260])
- Bump `ecdsa` to v0.10 ([#260])
[#260]: https://github.com/RustCrypto/elliptic-curves/pull/260
## 0.5.0 (2020-12-06)
### Added
- PKCS#8 support ([#243], [#244])
### Changed
- Bump `elliptic-curve` crate dependency to v0.7; MSRV 1.46+ ([#247])
- Bump `ecdsa` crate dependency to v0.9 ([#247])
[#247]: https://github.com/RustCrypto/elliptic-curves/pull/247
[#244]: https://github.com/RustCrypto/elliptic-curves/pull/244
[#243]: https://github.com/RustCrypto/elliptic-curves/pull/243
## 0.4.1 (2020-10-08)
### Added
- `SecretValue` impl when `arithmetic` feature is disabled ([#222])
[#222]: https://github.com/RustCrypto/elliptic-curves/pull/222
## 0.4.0 (2020-09-18)
### Added
- `ecdsa::Asn1Signature` type alias ([#186])
### Changed
- Rename `ElementBytes` => `FieldBytes` ([#176])
- Rename `Curve::ElementSize` => `FieldSize` ([#150])
[#186]: https://github.com/RustCrypto/elliptic-curves/pull/186
[#176]: https://github.com/RustCrypto/elliptic-curves/pull/176
[#150]: https://github.com/RustCrypto/elliptic-curves/pull/150
## 0.3.0 (2020-08-10)
### Added
- ECDSA types ([#73])
- OID support ([#103], [#113])
### Changed
- Bump `elliptic-curve` crate dependency to v0.5 ([#126])
[#73]: https://github.com/RustCrypto/elliptic-curves/pull/73
[#103]: https://github.com/RustCrypto/elliptic-curves/pull/103
[#113]: https://github.com/RustCrypto/elliptic-curves/pull/113
[#126]: https://github.com/RustCrypto/elliptic-curves/pull/126
## 0.2.0 (2020-06-08)
### Changed
- Bump `elliptic-curve` crate dependency to v0.4 ([#39])
[#39]: https://github.com/RustCrypto/elliptic-curves/pull/39
## 0.1.0 (2020-01-15)
- Initial release

1276
vendor/p384/Cargo.lock generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

197
vendor/p384/Cargo.toml vendored Normal file
View File

@@ -0,0 +1,197 @@
# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO
#
# When uploading crates to the registry Cargo will automatically
# "normalize" Cargo.toml files for maximal compatibility
# with all versions of Cargo and also rewrite `path` dependencies
# to registry (e.g., crates.io) dependencies.
#
# If you are reading this file be aware that the original Cargo.toml
# will likely look very different (and much more reasonable).
# See Cargo.toml.orig for the original contents.
[package]
edition = "2021"
rust-version = "1.65"
name = "p384"
version = "0.13.1"
authors = [
"RustCrypto Developers",
"Frank Denis <github@pureftpd.org>",
]
build = false
autolib = false
autobins = false
autoexamples = false
autotests = false
autobenches = false
description = """
Pure Rust implementation of the NIST P-384 (a.k.a. secp384r1) elliptic curve
as defined in SP 800-186 with support for ECDH, ECDSA signing/verification,
and general purpose curve arithmetic support.
"""
documentation = "https://docs.rs/p384"
readme = "README.md"
keywords = [
"crypto",
"ecc",
"nist",
"secp384r1",
]
categories = [
"cryptography",
"no-std",
]
license = "Apache-2.0 OR MIT"
repository = "https://github.com/RustCrypto/elliptic-curves/tree/master/p384"
[package.metadata.docs.rs]
rustdoc-args = [
"--cfg",
"docsrs",
]
[lib]
name = "p384"
path = "src/lib.rs"
[[test]]
name = "affine"
path = "tests/affine.rs"
[[test]]
name = "projective"
path = "tests/projective.rs"
[[bench]]
name = "field"
path = "benches/field.rs"
harness = false
required-features = ["expose-field"]
[[bench]]
name = "scalar"
path = "benches/scalar.rs"
harness = false
[dependencies.ecdsa-core]
version = "0.16"
features = ["der"]
optional = true
default-features = false
package = "ecdsa"
[dependencies.elliptic-curve]
version = "0.13"
features = [
"hazmat",
"sec1",
]
default-features = false
[dependencies.hex-literal]
version = "0.3"
optional = true
[dependencies.primeorder]
version = "0.13"
[dependencies.serdect]
version = "0.2"
optional = true
default-features = false
[dependencies.sha2]
version = "0.10"
optional = true
default-features = false
[dev-dependencies.blobby]
version = "0.3"
[dev-dependencies.criterion]
version = "0.4"
[dev-dependencies.ecdsa-core]
version = "0.16"
features = ["dev"]
default-features = false
package = "ecdsa"
[dev-dependencies.hex-literal]
version = "0.3"
[dev-dependencies.proptest]
version = "1.1"
[dev-dependencies.rand_core]
version = "0.6"
features = ["getrandom"]
[features]
alloc = [
"ecdsa-core?/alloc",
"elliptic-curve/alloc",
]
arithmetic = [
"elliptic-curve/arithmetic",
"elliptic-curve/digest",
]
bits = [
"arithmetic",
"elliptic-curve/bits",
]
default = [
"arithmetic",
"ecdh",
"ecdsa",
"pem",
"std",
]
digest = [
"ecdsa-core/digest",
"ecdsa-core/hazmat",
]
ecdh = [
"arithmetic",
"elliptic-curve/ecdh",
]
ecdsa = [
"arithmetic",
"ecdsa-core/signing",
"ecdsa-core/verifying",
"sha384",
]
expose-field = ["arithmetic"]
hash2curve = [
"arithmetic",
"elliptic-curve/hash2curve",
]
jwk = ["elliptic-curve/jwk"]
pem = [
"elliptic-curve/pem",
"ecdsa-core/pem",
"pkcs8",
]
pkcs8 = [
"ecdsa-core/pkcs8",
"elliptic-curve/pkcs8",
]
serde = [
"ecdsa-core/serde",
"elliptic-curve/serde",
"serdect",
]
sha384 = [
"digest",
"sha2",
]
std = [
"alloc",
"ecdsa-core?/std",
"elliptic-curve/std",
]
test-vectors = ["hex-literal"]
voprf = [
"elliptic-curve/voprf",
"sha2",
]

201
vendor/p384/LICENSE-APACHE vendored Normal file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

25
vendor/p384/LICENSE-MIT vendored Normal file
View File

@@ -0,0 +1,25 @@
Copyright (c) 2020-2021 RustCrypto Developers
Permission is hereby granted, free of charge, to any
person obtaining a copy of this software and associated
documentation files (the "Software"), to deal in the
Software without restriction, including without
limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software
is furnished to do so, subject to the following
conditions:
The above copyright notice and this permission notice
shall be included in all copies or substantial portions
of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

91
vendor/p384/README.md vendored Normal file
View File

@@ -0,0 +1,91 @@
# [RustCrypto]: NIST P-384 (secp384r1) elliptic curve
[![crate][crate-image]][crate-link]
[![Docs][docs-image]][docs-link]
[![Build Status][build-image]][build-link]
![Apache2/MIT licensed][license-image]
![Rust Version][rustc-image]
[![Project Chat][chat-image]][chat-link]
Pure Rust implementation of the NIST P-384 (a.k.a. secp384r1) elliptic curve
with support for ECDH, ECDSA signing/verification, and general purpose curve
arithmetic support implemented in terms of traits from the [`elliptic-curve`]
crate.
[Documentation][docs-link]
## ⚠️ Security Warning
The elliptic curve arithmetic contained in this crate has never been
independently audited!
This crate has been designed with the goal of ensuring that secret-dependent
operations are performed in constant time (using the `subtle` crate and
constant-time formulas). However, it has not been thoroughly assessed to ensure
that generated assembly is constant time on common CPU architectures.
USE AT YOUR OWN RISK!
## Supported Algorithms
- [Elliptic Curve Diffie-Hellman (ECDH)][ECDH]: gated under the `ecdh` feature.
- [Elliptic Curve Digital Signature Algorithm (ECDSA)][ECDSA]: gated under the
`ecdsa` feature.
## About P-384
NIST P-384 is a Weierstrass curve specified in [SP 800-186]:
Recommendations for Discrete Logarithm-based Cryptography:
Elliptic Curve Domain Parameters.
Also known as secp384r1 (SECG), it's included in the US National Security
Agency's "Suite B" and is widely used in protocols like TLS and the associated
X.509 PKI.
## Minimum Supported Rust Version
Rust **1.65** or higher.
Minimum supported Rust version can be changed in the future, but it will be
done with a minor version bump.
## SemVer Policy
- All on-by-default features of this library are covered by SemVer
- MSRV is considered exempt from SemVer as noted above
## License
All crates licensed under either of
* [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
* [MIT license](http://opensource.org/licenses/MIT)
at your option.
### Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted
for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
dual licensed as above, without any additional terms or conditions.
[//]: # (badges)
[crate-image]: https://img.shields.io/crates/v/p384?logo=rust
[crate-link]: https://crates.io/crates/p384
[docs-image]: https://docs.rs/p384/badge.svg
[docs-link]: https://docs.rs/p384/
[build-image]: https://github.com/RustCrypto/elliptic-curves/actions/workflows/p384.yml/badge.svg
[build-link]: https://github.com/RustCrypto/elliptic-curves/actions/workflows/p384.yml
[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
[rustc-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg
[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260040-elliptic-curves
[//]: # (general links)
[RustCrypto]: https://github.com/rustcrypto/
[`elliptic-curve`]: https://github.com/RustCrypto/traits/tree/master/elliptic-curve
[ECDH]: https://en.wikipedia.org/wiki/Elliptic-curve_Diffie-Hellman
[ECDSA]: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
[SP 800-186]: https://csrc.nist.gov/publications/detail/sp/800-186/final

54
vendor/p384/benches/field.rs vendored Normal file
View File

@@ -0,0 +1,54 @@
//! secp384r1 field element benchmarks
use criterion::{
criterion_group, criterion_main, measurement::Measurement, BenchmarkGroup, Criterion,
};
use hex_literal::hex;
use p384::FieldElement;
fn test_field_element_x() -> FieldElement {
FieldElement::from_bytes(
hex!("c2b47944fb5de342d03285880177ca5f7d0f2fcad7678cce4229d6e1932fcac11bfc3c3e97d942a3c56bf34123013dbf").into()
)
.unwrap()
}
fn test_field_element_y() -> FieldElement {
FieldElement::from_bytes(
hex!("37257906a8223866eda0743c519616a76a758ae58aee81c5fd35fbf3a855b7754a36d4a0672df95d6c44a81cf7620c2d").into()
)
.unwrap()
}
fn bench_field_element_mul<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
let x = test_field_element_x();
let y = test_field_element_y();
group.bench_function("mul", |b| b.iter(|| &x * &y));
}
fn bench_field_element_square<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
let x = test_field_element_x();
group.bench_function("square", |b| b.iter(|| x.square()));
}
fn bench_field_element_sqrt<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
let x = test_field_element_x();
group.bench_function("sqrt", |b| b.iter(|| x.sqrt()));
}
fn bench_field_element_invert<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
let x = test_field_element_x();
group.bench_function("invert", |b| b.iter(|| x.invert()));
}
fn bench_field_element(c: &mut Criterion) {
let mut group = c.benchmark_group("field element operations");
bench_field_element_mul(&mut group);
bench_field_element_square(&mut group);
bench_field_element_invert(&mut group);
bench_field_element_sqrt(&mut group);
group.finish();
}
criterion_group!(benches, bench_field_element);
criterion_main!(benches);

73
vendor/p384/benches/scalar.rs vendored Normal file
View File

@@ -0,0 +1,73 @@
//! secp384r1 scalar arithmetic benchmarks
use criterion::{
criterion_group, criterion_main, measurement::Measurement, BenchmarkGroup, Criterion,
};
use hex_literal::hex;
use p384::{elliptic_curve::group::ff::PrimeField, ProjectivePoint, Scalar};
fn test_scalar_x() -> Scalar {
Scalar::from_repr(
hex!("201b432d8df14324182d6261db3e4b3f46a8284482d52e370da41e6cbdf45ec2952f5db7ccbce3bc29449f4fb080ac97").into()
).unwrap()
}
fn test_scalar_y() -> Scalar {
Scalar::from_repr(
hex!("23d9f4ea6d87b7d6163d64256e3449255db14786401a51daa7847161bf56d494325ad2ac8ba928394e01061d882c3528").into()
).unwrap()
}
fn bench_point_mul<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
let p = ProjectivePoint::GENERATOR;
let m = test_scalar_x();
let s = Scalar::from_repr(m.into()).unwrap();
group.bench_function("point-scalar mul", |b| b.iter(|| &p * &s));
}
fn bench_scalar_sub<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
let x = test_scalar_x();
let y = test_scalar_y();
group.bench_function("sub", |b| b.iter(|| &x - &y));
}
fn bench_scalar_add<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
let x = test_scalar_x();
let y = test_scalar_y();
group.bench_function("add", |b| b.iter(|| &x + &y));
}
fn bench_scalar_mul<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
let x = test_scalar_x();
let y = test_scalar_y();
group.bench_function("mul", |b| b.iter(|| &x * &y));
}
fn bench_scalar_negate<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
let x = test_scalar_x();
group.bench_function("negate", |b| b.iter(|| -x));
}
fn bench_scalar_invert<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
let x = test_scalar_x();
group.bench_function("invert", |b| b.iter(|| x.invert()));
}
fn bench_point(c: &mut Criterion) {
let mut group = c.benchmark_group("point operations");
bench_point_mul(&mut group);
group.finish();
}
fn bench_scalar(c: &mut Criterion) {
let mut group = c.benchmark_group("scalar operations");
bench_scalar_sub(&mut group);
bench_scalar_add(&mut group);
bench_scalar_mul(&mut group);
bench_scalar_negate(&mut group);
bench_scalar_invert(&mut group);
group.finish();
}
criterion_group!(benches, bench_point, bench_scalar);
criterion_main!(benches);

64
vendor/p384/src/arithmetic.rs vendored Normal file
View File

@@ -0,0 +1,64 @@
//! Pure Rust implementation of group operations on secp384r1.
//!
//! Curve parameters can be found in [NIST SP 800-186] § G.1.3: Curve P-384.
//!
//! [NIST SP 800-186]: https://csrc.nist.gov/publications/detail/sp/800-186/final
#[macro_use]
mod macros;
pub(crate) mod field;
#[cfg(feature = "hash2curve")]
mod hash2curve;
pub(crate) mod scalar;
use self::{field::FieldElement, scalar::Scalar};
use crate::NistP384;
use elliptic_curve::{CurveArithmetic, PrimeCurveArithmetic};
use primeorder::{point_arithmetic, PrimeCurveParams};
/// Elliptic curve point in affine coordinates.
pub type AffinePoint = primeorder::AffinePoint<NistP384>;
/// Elliptic curve point in projective coordinates.
pub type ProjectivePoint = primeorder::ProjectivePoint<NistP384>;
impl CurveArithmetic for NistP384 {
type AffinePoint = AffinePoint;
type ProjectivePoint = ProjectivePoint;
type Scalar = Scalar;
}
impl PrimeCurveArithmetic for NistP384 {
type CurveGroup = ProjectivePoint;
}
/// Adapted from [NIST SP 800-186] § G.1.3: Curve P-384.
///
/// [NIST SP 800-186]: https://csrc.nist.gov/publications/detail/sp/800-186/final
impl PrimeCurveParams for NistP384 {
type FieldElement = FieldElement;
type PointArithmetic = point_arithmetic::EquationAIsMinusThree;
/// a = -3 (0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc)
const EQUATION_A: FieldElement = FieldElement::from_u64(3).neg();
/// b = b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112
/// 0314088f 5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef
const EQUATION_B: FieldElement = FieldElement::from_hex("b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef");
/// Base point of P-384.
///
/// Defined in NIST SP 800-186 § G.1.3: Curve P-384.
///
/// ```text
/// Gₓ = aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98
/// 59f741e0 82542a38 5502f25d bf55296c 3a545e38 72760ab7
/// Gᵧ = 3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c
/// e9da3113 b5f0b8c0 0a60b1ce 1d7e819d 7a431d7c 90ea0e5f
/// ```
const GENERATOR: (FieldElement, FieldElement) = (
FieldElement::from_hex("aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"),
FieldElement::from_hex("3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"),
);
}

195
vendor/p384/src/arithmetic/field.rs vendored Normal file
View File

@@ -0,0 +1,195 @@
//! Field arithmetic modulo p = 2^{384} 2^{128} 2^{96} + 2^{32} 1
//!
//! Arithmetic implementations are extracted Rust code from the Coq fiat-crypto
//! libraries.
//!
//! # License
//!
//! Copyright (c) 2015-2020 the fiat-crypto authors
//!
//! fiat-crypto is distributed under the terms of the MIT License, the
//! Apache License (Version 2.0), and the BSD 1-Clause License;
//! users may pick which license to apply.
#![allow(
clippy::should_implement_trait,
clippy::suspicious_op_assign_impl,
clippy::unused_unit,
clippy::unnecessary_cast,
clippy::too_many_arguments,
clippy::identity_op
)]
#[cfg_attr(target_pointer_width = "32", path = "field/p384_32.rs")]
#[cfg_attr(target_pointer_width = "64", path = "field/p384_64.rs")]
mod field_impl;
use self::field_impl::*;
use crate::{FieldBytes, NistP384};
use core::{
iter::{Product, Sum},
ops::{AddAssign, MulAssign, Neg, SubAssign},
};
use elliptic_curve::{
bigint::{self, Limb, U384},
ff::PrimeField,
subtle::{Choice, ConstantTimeEq, CtOption},
};
/// Constant representing the modulus
/// p = 2^{384} 2^{128} 2^{96} + 2^{32} 1
pub(crate) const MODULUS: U384 = U384::from_be_hex(FieldElement::MODULUS);
/// Element of the secp384r1 base field used for curve coordinates.
#[derive(Clone, Copy, Debug)]
pub struct FieldElement(pub(super) U384);
primeorder::impl_mont_field_element!(
NistP384,
FieldElement,
FieldBytes,
U384,
MODULUS,
fiat_p384_montgomery_domain_field_element,
fiat_p384_from_montgomery,
fiat_p384_to_montgomery,
fiat_p384_add,
fiat_p384_sub,
fiat_p384_mul,
fiat_p384_opp,
fiat_p384_square
);
impl FieldElement {
/// Compute [`FieldElement`] inversion: `1 / self`.
pub fn invert(&self) -> CtOption<Self> {
CtOption::new(self.invert_unchecked(), !self.is_zero())
}
/// Returns the multiplicative inverse of self.
///
/// Does not check that self is non-zero.
const fn invert_unchecked(&self) -> Self {
let words = impl_field_invert!(
self.to_canonical().as_words(),
Self::ONE.0.to_words(),
Limb::BITS,
bigint::nlimbs!(U384::BITS),
fiat_p384_mul,
fiat_p384_opp,
fiat_p384_divstep_precomp,
fiat_p384_divstep,
fiat_p384_msat,
fiat_p384_selectznz,
);
Self(U384::from_words(words))
}
/// Returns the square root of self mod p, or `None` if no square root
/// exists.
pub fn sqrt(&self) -> CtOption<Self> {
// p mod 4 = 3 -> compute sqrt(x) using x^((p+1)/4) =
// x^9850501549098619803069760025035903451269934817616361666987073351061430442874217582261816522064734500465401743278080
let t1 = *self;
let t10 = t1.square();
let t11 = t1 * t10;
let t110 = t11.square();
let t111 = t1 * t110;
let t111000 = t111.sqn(3);
let t111111 = t111 * t111000;
let t1111110 = t111111.square();
let t1111111 = t1 * t1111110;
let x12 = t1111110.sqn(5) * t111111;
let x24 = x12.sqn(12) * x12;
let x31 = x24.sqn(7) * t1111111;
let x32 = x31.square() * t1;
let x63 = x32.sqn(31) * x31;
let x126 = x63.sqn(63) * x63;
let x252 = x126.sqn(126) * x126;
let x255 = x252.sqn(3) * t111;
let x = ((x255.sqn(33) * x32).sqn(64) * t1).sqn(30);
CtOption::new(x, x.square().ct_eq(&t1))
}
/// Returns self^(2^n) mod p.
fn sqn(&self, n: usize) -> Self {
let mut x = *self;
for _ in 0..n {
x = x.square();
}
x
}
}
impl PrimeField for FieldElement {
type Repr = FieldBytes;
const MODULUS: &'static str = "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff";
const NUM_BITS: u32 = 384;
const CAPACITY: u32 = 383;
const TWO_INV: Self = Self::from_u64(2).invert_unchecked();
const MULTIPLICATIVE_GENERATOR: Self = Self::from_u64(19);
const S: u32 = 1;
const ROOT_OF_UNITY: Self = Self::from_hex("fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe");
const ROOT_OF_UNITY_INV: Self = Self::ROOT_OF_UNITY.invert_unchecked();
const DELTA: Self = Self::from_u64(49);
#[inline]
fn from_repr(bytes: FieldBytes) -> CtOption<Self> {
Self::from_bytes(&bytes)
}
#[inline]
fn to_repr(&self) -> FieldBytes {
self.to_bytes()
}
#[inline]
fn is_odd(&self) -> Choice {
self.is_odd()
}
}
#[cfg(test)]
mod tests {
use super::FieldElement;
use elliptic_curve::ff::PrimeField;
use primeorder::impl_primefield_tests;
/// t = (modulus - 1) >> S
const T: [u64; 6] = [
0x000000007fffffff,
0x7fffffff80000000,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x7fffffffffffffff,
];
impl_primefield_tests!(FieldElement, T);
/// Basic tests that field inversion works.
#[test]
fn invert() {
let one = FieldElement::ONE;
assert_eq!(one.invert().unwrap(), one);
let three = one + &one + &one;
let inv_three = three.invert().unwrap();
assert_eq!(three * &inv_three, one);
let minus_three = -three;
let inv_minus_three = minus_three.invert().unwrap();
assert_eq!(inv_minus_three, -inv_three);
assert_eq!(three * &inv_minus_three, -one);
}
#[test]
fn sqrt() {
let one = FieldElement::ONE;
let two = one + &one;
let four = two.square();
assert_eq!(four.sqrt().unwrap(), two);
}
}

4062
vendor/p384/src/arithmetic/field/p384_32.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1798
vendor/p384/src/arithmetic/field/p384_64.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

326
vendor/p384/src/arithmetic/hash2curve.rs vendored Normal file
View File

@@ -0,0 +1,326 @@
use super::FieldElement;
use crate::{AffinePoint, FieldBytes, NistP384, ProjectivePoint, Scalar};
use elliptic_curve::{
bigint::{ArrayEncoding, U384},
consts::U72,
generic_array::GenericArray,
hash2curve::{FromOkm, GroupDigest, MapToCurve, OsswuMap, OsswuMapParams, Sgn0},
ops::Reduce,
point::DecompressPoint,
subtle::Choice,
};
impl GroupDigest for NistP384 {
type FieldElement = FieldElement;
}
impl FromOkm for FieldElement {
type Length = U72;
fn from_okm(data: &GenericArray<u8, Self::Length>) -> Self {
const F_2_288: FieldElement = FieldElement::from_hex(
"000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000",
);
let mut d0 = FieldBytes::default();
d0[12..].copy_from_slice(&data[0..36]);
let d0 = FieldElement::from_uint_unchecked(U384::from_be_byte_array(d0));
let mut d1 = FieldBytes::default();
d1[12..].copy_from_slice(&data[36..]);
let d1 = FieldElement::from_uint_unchecked(U384::from_be_byte_array(d1));
d0 * F_2_288 + d1
}
}
impl Sgn0 for FieldElement {
fn sgn0(&self) -> Choice {
self.is_odd()
}
}
impl OsswuMap for FieldElement {
const PARAMS: OsswuMapParams<Self> = OsswuMapParams {
c1: &[
0x0000_0000_3fff_ffff,
0xbfff_ffff_c000_0000,
0xffff_ffff_ffff_ffff,
0xffff_ffff_ffff_ffff,
0xffff_ffff_ffff_ffff,
0x3fff_ffff_ffff_ffff,
],
c2: FieldElement::from_hex(
"019877cc1041b7555743c0ae2e3a3e61fb2aaa2e0e87ea557a563d8b598a0940d0a697a9e0b9e92cfaa314f583c9d066",
),
map_a: FieldElement::from_hex(
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc",
),
map_b: FieldElement::from_hex(
"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef",
),
z: FieldElement::from_hex(
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffff3",
),
};
}
impl MapToCurve for FieldElement {
type Output = ProjectivePoint;
fn map_to_curve(&self) -> Self::Output {
let (qx, qy) = self.osswu();
// TODO(tarcieri): assert that `qy` is correct? less circuitous conversion?
AffinePoint::decompress(&qx.to_bytes(), qy.is_odd())
.unwrap()
.into()
}
}
impl FromOkm for Scalar {
type Length = U72;
fn from_okm(data: &GenericArray<u8, Self::Length>) -> Self {
const F_2_288: Scalar = Scalar::from_hex(
"000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000",
);
let mut d0 = FieldBytes::default();
d0[12..].copy_from_slice(&data[0..36]);
let d0 = Scalar::reduce(U384::from_be_byte_array(d0));
let mut d1 = FieldBytes::default();
d1[12..].copy_from_slice(&data[36..]);
let d1 = Scalar::reduce(U384::from_be_byte_array(d1));
d0 * F_2_288 + d1
}
}
#[cfg(test)]
mod tests {
use crate::{FieldElement, NistP384, Scalar};
use elliptic_curve::{
bigint::{ArrayEncoding, NonZero, U384, U576},
consts::U72,
generic_array::GenericArray,
group::cofactor::CofactorGroup,
hash2curve::{self, ExpandMsgXmd, FromOkm, GroupDigest, MapToCurve},
ops::Reduce,
sec1::{self, ToEncodedPoint},
Curve,
};
use hex_literal::hex;
use proptest::{num::u64::ANY, prelude::ProptestConfig, proptest};
use sha2::Sha384;
#[test]
fn hash_to_curve() {
struct TestVector {
msg: &'static [u8],
p_x: [u8; 48],
p_y: [u8; 48],
u_0: [u8; 48],
u_1: [u8; 48],
q0_x: [u8; 48],
q0_y: [u8; 48],
q1_x: [u8; 48],
q1_y: [u8; 48],
}
const DST: &[u8] = b"QUUX-V01-CS02-with-P384_XMD:SHA-384_SSWU_RO_";
const TEST_VECTORS: &[TestVector] = &[
TestVector {
msg: b"",
p_x: hex!("eb9fe1b4f4e14e7140803c1d99d0a93cd823d2b024040f9c067a8eca1f5a2eeac9ad604973527a356f3fa3aeff0e4d83"),
p_y: hex!("0c21708cff382b7f4643c07b105c2eaec2cead93a917d825601e63c8f21f6abd9abc22c93c2bed6f235954b25048bb1a"),
u_0: hex!("25c8d7dc1acd4ee617766693f7f8829396065d1b447eedb155871feffd9c6653279ac7e5c46edb7010a0e4ff64c9f3b4"),
u_1: hex!("59428be4ed69131df59a0c6a8e188d2d4ece3f1b2a3a02602962b47efa4d7905945b1e2cc80b36aa35c99451073521ac"),
q0_x: hex!("e4717e29eef38d862bee4902a7d21b44efb58c464e3e1f0d03894d94de310f8ffc6de86786dd3e15a1541b18d4eb2846"),
q0_y: hex!("6b95a6e639822312298a47526bb77d9cd7bcf76244c991c8cd70075e2ee6e8b9a135c4a37e3c0768c7ca871c0ceb53d4"),
q1_x: hex!("509527cfc0750eedc53147e6d5f78596c8a3b7360e0608e2fab0563a1670d58d8ae107c9f04bcf90e89489ace5650efd"),
q1_y: hex!("33337b13cb35e173fdea4cb9e8cce915d836ff57803dbbeb7998aa49d17df2ff09b67031773039d09fbd9305a1566bc4"),
},
TestVector {
msg: b"abc",
p_x: hex!("e02fc1a5f44a7519419dd314e29863f30df55a514da2d655775a81d413003c4d4e7fd59af0826dfaad4200ac6f60abe1"),
p_y: hex!("01f638d04d98677d65bef99aef1a12a70a4cbb9270ec55248c04530d8bc1f8f90f8a6a859a7c1f1ddccedf8f96d675f6"),
u_0: hex!("53350214cb6bef0b51abb791b1c4209a2b4c16a0c67e1ab1401017fad774cd3b3f9a8bcdf7f6229dd8dd5a075cb149a0"),
u_1: hex!("c0473083898f63e03f26f14877a2407bd60c75ad491e7d26cbc6cc5ce815654075ec6b6898c7a41d74ceaf720a10c02e"),
q0_x: hex!("fc853b69437aee9a19d5acf96a4ee4c5e04cf7b53406dfaa2afbdd7ad2351b7f554e4bbc6f5db4177d4d44f933a8f6ee"),
q0_y: hex!("7e042547e01834c9043b10f3a8221c4a879cb156f04f72bfccab0c047a304e30f2aa8b2e260d34c4592c0c33dd0c6482"),
q1_x: hex!("57912293709b3556b43a2dfb137a315d256d573b82ded120ef8c782d607c05d930d958e50cb6dc1cc480b9afc38c45f1"),
q1_y: hex!("de9387dab0eef0bda219c6f168a92645a84665c4f2137c14270fb424b7532ff84843c3da383ceea24c47fa343c227bb8"),
},
TestVector {
msg: b"abcdef0123456789",
p_x: hex!("bdecc1c1d870624965f19505be50459d363c71a699a496ab672f9a5d6b78676400926fbceee6fcd1780fe86e62b2aa89"),
p_y: hex!("57cf1f99b5ee00f3c201139b3bfe4dd30a653193778d89a0accc5e0f47e46e4e4b85a0595da29c9494c1814acafe183c"),
u_0: hex!("aab7fb87238cf6b2ab56cdcca7e028959bb2ea599d34f68484139dde85ec6548a6e48771d17956421bdb7790598ea52e"),
u_1: hex!("26e8d833552d7844d167833ca5a87c35bcfaa5a0d86023479fb28e5cd6075c18b168bf1f5d2a0ea146d057971336d8d1"),
q0_x: hex!("0ceece45b73f89844671df962ad2932122e878ad2259e650626924e4e7f132589341dec1480ebcbbbe3509d11fb570b7"),
q0_y: hex!("fafd71a3115298f6be4ae5c6dfc96c400cfb55760f185b7b03f3fa45f3f91eb65d27628b3c705cafd0466fafa54883ce"),
q1_x: hex!("dea1be8d3f9be4cbf4fab9d71d549dde76875b5d9b876832313a083ec81e528cbc2a0a1d0596b3bcb0ba77866b129776"),
q1_y: hex!("eb15fe71662214fb03b65541f40d3eb0f4cf5c3b559f647da138c9f9b7484c48a08760e02c16f1992762cb7298fa52cf"),
},
TestVector {
msg: b"q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq",
p_x: hex!("03c3a9f401b78c6c36a52f07eeee0ec1289f178adf78448f43a3850e0456f5dd7f7633dd31676d990eda32882ab486c0"),
p_y: hex!("cc183d0d7bdfd0a3af05f50e16a3f2de4abbc523215bf57c848d5ea662482b8c1f43dc453a93b94a8026db58f3f5d878"),
u_0: hex!("04c00051b0de6e726d228c85bf243bf5f4789efb512b22b498cde3821db9da667199b74bd5a09a79583c6d353a3bb41c"),
u_1: hex!("97580f218255f899f9204db64cd15e6a312cb4d8182375d1e5157c8f80f41d6a1a4b77fb1ded9dce56c32058b8d5202b"),
q0_x: hex!("051a22105e0817a35d66196338c8d85bd52690d79bba373ead8a86dd9899411513bb9f75273f6483395a7847fb21edb4"),
q0_y: hex!("f168295c1bbcff5f8b01248e9dbc885335d6d6a04aea960f7384f746ba6502ce477e624151cc1d1392b00df0f5400c06"),
q1_x: hex!("6ad7bc8ed8b841efd8ad0765c8a23d0b968ec9aa360a558ff33500f164faa02bee6c704f5f91507c4c5aad2b0dc5b943"),
q1_y: hex!("47313cc0a873ade774048338fc34ca5313f96bbf6ae22ac6ef475d85f03d24792dc6afba8d0b4a70170c1b4f0f716629"),
},
TestVector {
msg: b"a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
p_x: hex!("7b18d210b1f090ac701f65f606f6ca18fb8d081e3bc6cbd937c5604325f1cdea4c15c10a54ef303aabf2ea58bd9947a4"),
p_y: hex!("ea857285a33abb516732915c353c75c576bf82ccc96adb63c094dde580021eddeafd91f8c0bfee6f636528f3d0c47fd2"),
u_0: hex!("480cb3ac2c389db7f9dac9c396d2647ae946db844598971c26d1afd53912a1491199c0a5902811e4b809c26fcd37a014"),
u_1: hex!("d28435eb34680e148bf3908536e42231cba9e1f73ae2c6902a222a89db5c49c97db2f8fa4d4cd6e424b17ac60bdb9bb6"),
q0_x: hex!("42e6666f505e854187186bad3011598d9278b9d6e3e4d2503c3d236381a56748dec5d139c223129b324df53fa147c4df"),
q0_y: hex!("8ee51dbda46413bf621838cc935d18d617881c6f33f3838a79c767a1e5618e34b22f79142df708d2432f75c7366c8512"),
q1_x: hex!("4ff01ceeba60484fa1bc0d825fe1e5e383d8f79f1e5bb78e5fb26b7a7ef758153e31e78b9d60ce75c5e32e43869d4e12"),
q1_y: hex!("0f84b978fac8ceda7304b47e229d6037d32062e597dc7a9b95bcd9af441f3c56c619a901d21635f9ec6ab4710b9fcd0e"),
},
];
for test_vector in TEST_VECTORS {
// in parts
let mut u = [FieldElement::default(), FieldElement::default()];
hash2curve::hash_to_field::<ExpandMsgXmd<Sha384>, FieldElement>(
&[test_vector.msg],
&[DST],
&mut u,
)
.unwrap();
/// Assert that the provided projective point matches the given test vector.
// TODO(tarcieri): use coordinate APIs. See zkcrypto/group#30
macro_rules! assert_point_eq {
($actual:expr, $expected_x:expr, $expected_y:expr) => {
let point = $actual.to_affine().to_encoded_point(false);
let (actual_x, actual_y) = match point.coordinates() {
sec1::Coordinates::Uncompressed { x, y } => (x, y),
_ => unreachable!(),
};
assert_eq!(&$expected_x, actual_x.as_slice());
assert_eq!(&$expected_y, actual_y.as_slice());
};
}
assert_eq!(u[0].to_bytes().as_slice(), test_vector.u_0);
assert_eq!(u[1].to_bytes().as_slice(), test_vector.u_1);
let q0 = u[0].map_to_curve();
assert_point_eq!(q0, test_vector.q0_x, test_vector.q0_y);
let q1 = u[1].map_to_curve();
assert_point_eq!(q1, test_vector.q1_x, test_vector.q1_y);
let p = q0.clear_cofactor() + q1.clear_cofactor();
assert_point_eq!(p, test_vector.p_x, test_vector.p_y);
// complete run
let pt = NistP384::hash_from_bytes::<ExpandMsgXmd<Sha384>>(&[test_vector.msg], &[DST])
.unwrap();
assert_point_eq!(pt, test_vector.p_x, test_vector.p_y);
}
}
/// Taken from <https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-16.html#name-oprfp-384-sha-384-2>.
#[test]
fn hash_to_scalar_voprf() {
struct TestVector {
dst: &'static [u8],
key_info: &'static [u8],
seed: &'static [u8],
sk_sm: &'static [u8],
}
const TEST_VECTORS: &[TestVector] = &[
TestVector {
dst: b"DeriveKeyPairVOPRF10-\x00\x00\x04",
key_info: b"test key",
seed: &hex!("a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3"),
sk_sm: &hex!("c0503759ddd1e31d8c7eae9304c9b1c16f83d1f6d962e3e7b789cd85fd581800e96c5c4256131aafcff9a76919abbd55"),
},
TestVector {
dst: b"DeriveKeyPairVOPRF10-\x01\x00\x04",
key_info: b"test key",
seed: &hex!("a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3"),
sk_sm: &hex!("514fb6fe2e66af1383840759d56f71730331280f062930ee2a2f7ea42f935acf94087355699d788abfdf09d19a5c85ac"),
},
TestVector {
dst: b"DeriveKeyPairVOPRF10-\x02\x00\x04",
key_info: b"test key",
seed: &hex!("a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3"),
sk_sm: &hex!("0fcba4a204f67d6c13f780e613915f755319aaa3cb03cd20a5a4a6c403a4812a4fff5d3223e2c309aa66b05cb7611fd4"),
},
];
'outer: for test_vector in TEST_VECTORS {
let key_info_len = u16::try_from(test_vector.key_info.len())
.unwrap()
.to_be_bytes();
for counter in 0_u8..=u8::MAX {
let scalar = NistP384::hash_to_scalar::<ExpandMsgXmd<Sha384>>(
&[
test_vector.seed,
&key_info_len,
test_vector.key_info,
&counter.to_be_bytes(),
],
&[test_vector.dst],
)
.unwrap();
if !bool::from(scalar.is_zero()) {
assert_eq!(scalar.to_bytes().as_slice(), test_vector.sk_sm);
continue 'outer;
}
}
panic!("deriving key failed");
}
}
#[test]
fn from_okm_fuzz() {
let mut wide_order = GenericArray::default();
wide_order[24..].copy_from_slice(&NistP384::ORDER.to_be_byte_array());
let wide_order = NonZero::new(U576::from_be_byte_array(wide_order)).unwrap();
let simple_from_okm = move |data: GenericArray<u8, U72>| -> Scalar {
let data = U576::from_be_slice(&data);
let scalar = data % wide_order;
let reduced_scalar = U384::from_be_slice(&scalar.to_be_byte_array()[24..]);
Scalar::reduce(reduced_scalar)
};
proptest!(ProptestConfig::with_cases(1000), |(b0 in ANY, b1 in ANY, b2 in ANY, b3 in ANY, b4 in ANY, b5 in ANY, b6 in ANY, b7 in ANY, b8 in ANY)| {
let mut data = GenericArray::default();
data[..8].copy_from_slice(&b0.to_be_bytes());
data[8..16].copy_from_slice(&b1.to_be_bytes());
data[16..24].copy_from_slice(&b2.to_be_bytes());
data[24..32].copy_from_slice(&b3.to_be_bytes());
data[32..40].copy_from_slice(&b4.to_be_bytes());
data[40..48].copy_from_slice(&b5.to_be_bytes());
data[48..56].copy_from_slice(&b6.to_be_bytes());
data[56..64].copy_from_slice(&b7.to_be_bytes());
data[64..].copy_from_slice(&b8.to_be_bytes());
let from_okm = Scalar::from_okm(&data);
let simple_from_okm = simple_from_okm(data);
assert_eq!(from_okm, simple_from_okm);
});
}
}

51
vendor/p384/src/arithmetic/macros.rs vendored Normal file
View File

@@ -0,0 +1,51 @@
/// Implement field element inversion.
macro_rules! impl_field_invert {
(
$a:expr,
$one:expr,
$word_bits:expr,
$nlimbs:expr,
$mul:ident,
$neg:ident,
$divstep_precomp:ident,
$divstep:ident,
$msat:ident,
$selectznz:ident,
) => {{
const ITERATIONS: usize = (49 * $nlimbs * $word_bits + 57) / 17;
let mut d = 1;
let mut f = $msat();
let mut g = [0; $nlimbs + 1];
let mut v = [0; $nlimbs];
let mut r = $one;
let mut i = 0;
let mut j = 0;
while j < $nlimbs {
g[j] = $a[j];
j += 1;
}
while i < ITERATIONS - ITERATIONS % 2 {
let (out1, out2, out3, out4, out5) = $divstep(d, &f, &g, &v, &r);
let (out1, out2, out3, out4, out5) = $divstep(out1, &out2, &out3, &out4, &out5);
d = out1;
f = out2;
g = out3;
v = out4;
r = out5;
i += 2;
}
if ITERATIONS % 2 != 0 {
let (_out1, out2, _out3, out4, _out5) = $divstep(d, &f, &g, &v, &r);
v = out4;
f = out2;
}
let s = ((f[f.len() - 1] >> $word_bits - 1) & 1) as u8;
let v = $selectznz(s, &v, &$neg(&v));
$mul(&v, &$divstep_precomp())
}};
}

430
vendor/p384/src/arithmetic/scalar.rs vendored Normal file
View File

@@ -0,0 +1,430 @@
//! secp384r1 scalar field elements.
#![allow(clippy::unusual_byte_groupings)]
#[cfg_attr(target_pointer_width = "32", path = "scalar/p384_scalar_32.rs")]
#[cfg_attr(target_pointer_width = "64", path = "scalar/p384_scalar_64.rs")]
#[allow(
clippy::identity_op,
clippy::too_many_arguments,
clippy::unnecessary_cast
)]
mod scalar_impl;
use self::scalar_impl::*;
use crate::{FieldBytes, NistP384, SecretKey, ORDER_HEX, U384};
use core::{
iter::{Product, Sum},
ops::{AddAssign, MulAssign, Neg, Shr, ShrAssign, SubAssign},
};
use elliptic_curve::{
bigint::{self, ArrayEncoding, Limb},
ff::PrimeField,
ops::{Invert, Reduce},
scalar::{FromUintUnchecked, IsHigh},
subtle::{Choice, ConditionallySelectable, ConstantTimeEq, ConstantTimeGreater, CtOption},
Curve as _, Error, Result, ScalarPrimitive,
};
#[cfg(feature = "bits")]
use {crate::ScalarBits, elliptic_curve::group::ff::PrimeFieldBits};
#[cfg(feature = "serde")]
use serdect::serde::{de, ser, Deserialize, Serialize};
#[cfg(doc)]
use core::ops::{Add, Mul, Sub};
/// Scalars are elements in the finite field modulo `n`.
///
/// # Trait impls
///
/// Much of the important functionality of scalars is provided by traits from
/// the [`ff`](https://docs.rs/ff/) crate, which is re-exported as
/// `p384::elliptic_curve::ff`:
///
/// - [`Field`](https://docs.rs/ff/latest/ff/trait.Field.html) -
/// represents elements of finite fields and provides:
/// - [`Field::random`](https://docs.rs/ff/latest/ff/trait.Field.html#tymethod.random) -
/// generate a random scalar
/// - `double`, `square`, and `invert` operations
/// - Bounds for [`Add`], [`Sub`], [`Mul`], and [`Neg`] (as well as `*Assign` equivalents)
/// - Bounds for [`ConditionallySelectable`] from the `subtle` crate
/// - [`PrimeField`](https://docs.rs/ff/latest/ff/trait.PrimeField.html) -
/// represents elements of prime fields and provides:
/// - `from_repr`/`to_repr` for converting field elements from/to big integers.
/// - `multiplicative_generator` and `root_of_unity` constants.
/// - [`PrimeFieldBits`](https://docs.rs/ff/latest/ff/trait.PrimeFieldBits.html) -
/// operations over field elements represented as bits (requires `bits` feature)
///
/// Please see the documentation for the relevant traits for more information.
///
/// # `serde` support
///
/// When the `serde` feature of this crate is enabled, the `Serialize` and
/// `Deserialize` traits are impl'd for this type.
///
/// The serialization is a fixed-width big endian encoding. When used with
/// textual formats, the binary data is encoded as hexadecimal.
#[derive(Clone, Copy, Debug, PartialOrd, Ord)]
pub struct Scalar(U384);
primeorder::impl_mont_field_element!(
NistP384,
Scalar,
FieldBytes,
U384,
NistP384::ORDER,
fiat_p384_scalar_montgomery_domain_field_element,
fiat_p384_scalar_from_montgomery,
fiat_p384_scalar_to_montgomery,
fiat_p384_scalar_add,
fiat_p384_scalar_sub,
fiat_p384_scalar_mul,
fiat_p384_scalar_opp,
fiat_p384_scalar_square
);
impl Scalar {
/// Compute [`Scalar`] inversion: `1 / self`.
pub fn invert(&self) -> CtOption<Self> {
CtOption::new(self.invert_unchecked(), !self.is_zero())
}
/// Returns the multiplicative inverse of self.
///
/// Does not check that self is non-zero.
const fn invert_unchecked(&self) -> Self {
let words = impl_field_invert!(
self.to_canonical().as_words(),
Self::ONE.0.to_words(),
Limb::BITS,
bigint::nlimbs!(U384::BITS),
fiat_p384_scalar_mul,
fiat_p384_scalar_opp,
fiat_p384_scalar_divstep_precomp,
fiat_p384_scalar_divstep,
fiat_p384_scalar_msat,
fiat_p384_scalar_selectznz,
);
Self(U384::from_words(words))
}
/// Compute modular square root.
pub fn sqrt(&self) -> CtOption<Self> {
// p mod 4 = 3 -> compute sqrt(x) using x^((p+1)/4) =
// x^9850501549098619803069760025035903451269934817616361666986726319906914849778315892349739077038073728388608413485661
let t1 = *self;
let t10 = t1.square();
let t11 = *self * t10;
let t101 = t10 * t11;
let t111 = t10 * t101;
let t1001 = t10 * t111;
let t1011 = t10 * t1001;
let t1101 = t10 * t1011;
let t1111 = t10 * t1101;
let t11110 = t1111.square();
let t11111 = t1 * t11110;
let t1111100 = t11111.sqn(2);
let t11111000 = t1111100.square();
let i14 = t11111000.square();
let i20 = i14.sqn(5) * i14;
let i31 = i20.sqn(10) * i20;
let i58 = (i31.sqn(4) * t11111000).sqn(21) * i31;
let i110 = (i58.sqn(3) * t1111100).sqn(47) * i58;
let x194 = i110.sqn(95) * i110 * t1111;
let i225 = ((x194.sqn(6) * t111).sqn(3) * t11).sqn(7);
let i235 = ((t1101 * i225).sqn(6) * t1101).square() * t1;
let i258 = ((i235.sqn(11) * t11111).sqn(2) * t1).sqn(8);
let i269 = ((t1101 * i258).sqn(2) * t11).sqn(6) * t1011;
let i286 = ((i269.sqn(4) * t111).sqn(6) * t11111).sqn(5);
let i308 = ((t1011 * i286).sqn(10) * t1101).sqn(9) * t1101;
let i323 = ((i308.sqn(4) * t1011).sqn(6) * t1001).sqn(3);
let i340 = ((t1 * i323).sqn(7) * t1011).sqn(7) * t101;
let i357 = ((i340.sqn(5) * t111).sqn(5) * t1111).sqn(5);
let i369 = ((t1011 * i357).sqn(4) * t1011).sqn(5) * t111;
let i387 = ((i369.sqn(3) * t11).sqn(7) * t11).sqn(6);
let i397 = ((t1011 * i387).sqn(4) * t101).sqn(3) * t11;
let i413 = ((i397.sqn(4) * t11).sqn(4) * t11).sqn(6);
let i427 = ((t101 * i413).sqn(5) * t101).sqn(6) * t1011;
let x = i427.sqn(3) * t101;
CtOption::new(x, x.square().ct_eq(&t1))
}
fn sqn(&self, n: usize) -> Self {
let mut x = *self;
for _ in 0..n {
x = x.square();
}
x
}
/// Right shifts the scalar.
///
/// Note: not constant-time with respect to the `shift` parameter.
pub const fn shr_vartime(&self, shift: usize) -> Scalar {
Self(self.0.shr_vartime(shift))
}
}
impl AsRef<Scalar> for Scalar {
fn as_ref(&self) -> &Scalar {
self
}
}
impl FromUintUnchecked for Scalar {
type Uint = U384;
fn from_uint_unchecked(uint: Self::Uint) -> Self {
Self::from_uint_unchecked(uint)
}
}
impl Invert for Scalar {
type Output = CtOption<Self>;
fn invert(&self) -> CtOption<Self> {
self.invert()
}
}
impl IsHigh for Scalar {
fn is_high(&self) -> Choice {
const MODULUS_SHR1: U384 = NistP384::ORDER.shr_vartime(1);
self.to_canonical().ct_gt(&MODULUS_SHR1)
}
}
impl Shr<usize> for Scalar {
type Output = Self;
fn shr(self, rhs: usize) -> Self::Output {
self.shr_vartime(rhs)
}
}
impl Shr<usize> for &Scalar {
type Output = Scalar;
fn shr(self, rhs: usize) -> Self::Output {
self.shr_vartime(rhs)
}
}
impl ShrAssign<usize> for Scalar {
fn shr_assign(&mut self, rhs: usize) {
*self = *self >> rhs;
}
}
impl PrimeField for Scalar {
type Repr = FieldBytes;
const MODULUS: &'static str = ORDER_HEX;
const CAPACITY: u32 = 383;
const NUM_BITS: u32 = 384;
const TWO_INV: Self = Self::from_u64(2).invert_unchecked();
const MULTIPLICATIVE_GENERATOR: Self = Self::from_u64(2);
const S: u32 = 1;
const ROOT_OF_UNITY: Self = Self::from_hex("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52972");
const ROOT_OF_UNITY_INV: Self = Self::ROOT_OF_UNITY.invert_unchecked();
const DELTA: Self = Self::from_u64(4);
#[inline]
fn from_repr(bytes: FieldBytes) -> CtOption<Self> {
Self::from_bytes(&bytes)
}
#[inline]
fn to_repr(&self) -> FieldBytes {
self.to_bytes()
}
#[inline]
fn is_odd(&self) -> Choice {
self.is_odd()
}
}
#[cfg(feature = "bits")]
impl PrimeFieldBits for Scalar {
type ReprBits = fiat_p384_scalar_montgomery_domain_field_element;
fn to_le_bits(&self) -> ScalarBits {
self.to_canonical().to_words().into()
}
fn char_le_bits() -> ScalarBits {
NistP384::ORDER.to_words().into()
}
}
impl Reduce<U384> for Scalar {
type Bytes = FieldBytes;
fn reduce(w: U384) -> Self {
let (r, underflow) = w.sbb(&NistP384::ORDER, Limb::ZERO);
let underflow = Choice::from((underflow.0 >> (Limb::BITS - 1)) as u8);
Self::from_uint_unchecked(U384::conditional_select(&w, &r, !underflow))
}
#[inline]
fn reduce_bytes(bytes: &FieldBytes) -> Self {
Self::reduce(U384::from_be_byte_array(*bytes))
}
}
impl From<ScalarPrimitive<NistP384>> for Scalar {
fn from(w: ScalarPrimitive<NistP384>) -> Self {
Scalar::from(&w)
}
}
impl From<&ScalarPrimitive<NistP384>> for Scalar {
fn from(w: &ScalarPrimitive<NistP384>) -> Scalar {
Scalar::from_uint_unchecked(*w.as_uint())
}
}
impl From<Scalar> for ScalarPrimitive<NistP384> {
fn from(scalar: Scalar) -> ScalarPrimitive<NistP384> {
ScalarPrimitive::from(&scalar)
}
}
impl From<&Scalar> for ScalarPrimitive<NistP384> {
fn from(scalar: &Scalar) -> ScalarPrimitive<NistP384> {
ScalarPrimitive::new(scalar.into()).unwrap()
}
}
impl From<Scalar> for FieldBytes {
fn from(scalar: Scalar) -> Self {
scalar.to_repr()
}
}
impl From<&Scalar> for FieldBytes {
fn from(scalar: &Scalar) -> Self {
scalar.to_repr()
}
}
impl From<Scalar> for U384 {
fn from(scalar: Scalar) -> U384 {
U384::from(&scalar)
}
}
impl From<&Scalar> for U384 {
fn from(scalar: &Scalar) -> U384 {
scalar.to_canonical()
}
}
impl From<&SecretKey> for Scalar {
fn from(secret_key: &SecretKey) -> Scalar {
*secret_key.to_nonzero_scalar()
}
}
impl TryFrom<U384> for Scalar {
type Error = Error;
fn try_from(w: U384) -> Result<Self> {
Option::from(Self::from_uint(w)).ok_or(Error)
}
}
#[cfg(feature = "serde")]
impl Serialize for Scalar {
fn serialize<S>(&self, serializer: S) -> core::result::Result<S::Ok, S::Error>
where
S: ser::Serializer,
{
ScalarPrimitive::from(self).serialize(serializer)
}
}
#[cfg(feature = "serde")]
impl<'de> Deserialize<'de> for Scalar {
fn deserialize<D>(deserializer: D) -> core::result::Result<Self, D::Error>
where
D: de::Deserializer<'de>,
{
Ok(ScalarPrimitive::deserialize(deserializer)?.into())
}
}
#[cfg(test)]
mod tests {
use super::Scalar;
use crate::FieldBytes;
use elliptic_curve::ff::PrimeField;
use primeorder::impl_primefield_tests;
/// t = (modulus - 1) >> S
const T: [u64; 6] = [
0x76760cb5666294b9,
0xac0d06d9245853bd,
0xe3b1a6c0fa1b96ef,
0xffffffffffffffff,
0xffffffffffffffff,
0x7fffffffffffffff,
];
impl_primefield_tests!(Scalar, T);
#[test]
fn from_to_bytes_roundtrip() {
let k: u64 = 42;
let mut bytes = FieldBytes::default();
bytes[40..].copy_from_slice(k.to_be_bytes().as_ref());
let scalar = Scalar::from_repr(bytes).unwrap();
assert_eq!(bytes, scalar.to_bytes());
}
/// Basic tests that multiplication works.
#[test]
fn multiply() {
let one = Scalar::ONE;
let two = one + one;
let three = two + one;
let six = three + three;
assert_eq!(six, two * three);
let minus_two = -two;
let minus_three = -three;
assert_eq!(two, -minus_two);
assert_eq!(minus_three * minus_two, minus_two * minus_three);
assert_eq!(six, minus_two * minus_three);
}
/// Basic tests that scalar inversion works.
#[test]
fn invert() {
let one = Scalar::ONE;
let three = one + one + one;
let inv_three = three.invert().unwrap();
assert_eq!(three * inv_three, one);
let minus_three = -three;
let inv_minus_three = minus_three.invert().unwrap();
assert_eq!(inv_minus_three, -inv_three);
assert_eq!(three * inv_minus_three, -one);
}
/// Basic tests that sqrt works.
#[test]
fn sqrt() {
for &n in &[1u64, 4, 9, 16, 25, 36, 49, 64] {
let scalar = Scalar::from(n);
let sqrt = scalar.sqrt().unwrap();
assert_eq!(sqrt.square(), scalar);
}
}
}

4596
vendor/p384/src/arithmetic/scalar/p384_scalar_32.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1883
vendor/p384/src/arithmetic/scalar/p384_scalar_64.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

47
vendor/p384/src/ecdh.rs vendored Normal file
View File

@@ -0,0 +1,47 @@
//! Elliptic Curve Diffie-Hellman (Ephemeral) Support.
//!
//! This module contains a high-level interface for performing ephemeral
//! Diffie-Hellman key exchanges using the secp384 elliptic curve.
//!
//! # Usage
//!
//! This usage example is from the perspective of two participants in the
//! exchange, nicknamed "Alice" and "Bob".
//!
//! ```
//! use p384::{EncodedPoint, PublicKey, ecdh::EphemeralSecret};
//! use rand_core::OsRng; // requires 'getrandom' feature
//!
//! // Alice
//! let alice_secret = EphemeralSecret::random(&mut OsRng);
//! let alice_pk_bytes = EncodedPoint::from(alice_secret.public_key());
//!
//! // Bob
//! let bob_secret = EphemeralSecret::random(&mut OsRng);
//! let bob_pk_bytes = EncodedPoint::from(bob_secret.public_key());
//!
//! // Alice decodes Bob's serialized public key and computes a shared secret from it
//! let bob_public = PublicKey::from_sec1_bytes(bob_pk_bytes.as_ref())
//! .expect("bob's public key is invalid!"); // In real usage, don't panic, handle this!
//!
//! let alice_shared = alice_secret.diffie_hellman(&bob_public);
//!
//! // Bob decodes Alice's serialized public key and computes the same shared secret
//! let alice_public = PublicKey::from_sec1_bytes(alice_pk_bytes.as_ref())
//! .expect("alice's public key is invalid!"); // In real usage, don't panic, handle this!
//!
//! let bob_shared = bob_secret.diffie_hellman(&alice_public);
//!
//! // Both participants arrive on the same shared secret
//! assert_eq!(alice_shared.raw_secret_bytes(), bob_shared.raw_secret_bytes());
//! ```
pub use elliptic_curve::ecdh::diffie_hellman;
use crate::NistP384;
/// NIST P-384 Ephemeral Diffie-Hellman Secret.
pub type EphemeralSecret = elliptic_curve::ecdh::EphemeralSecret<NistP384>;
/// Shared secret value computed via ECDH key agreement.
pub type SharedSecret = elliptic_curve::ecdh::SharedSecret<NistP384>;

185
vendor/p384/src/ecdsa.rs vendored Normal file
View File

@@ -0,0 +1,185 @@
//! Elliptic Curve Digital Signature Algorithm (ECDSA)
//!
//! This module contains support for computing and verifying ECDSA signatures.
//! To use it, you will need to enable one of the two following Cargo features:
//!
//! - `ecdsa-core`: provides only the [`Signature`] type (which represents an
//! ECDSA/P-384 signature). Does not require the `arithmetic` feature. This is
//! useful for 3rd-party crates which wish to use the `Signature` type for
//! interoperability purposes (particularly in conjunction with the
//! [`signature::Signer`] trait. Example use cases for this include other
//! software implementations of ECDSA/P-384 and wrappers for cloud KMS
//! services or hardware devices (HSM or crypto hardware wallet).
//! - `ecdsa`: provides `ecdsa-core` features plus the [`SigningKey`] and
//! [`VerifyingKey`] types which natively implement ECDSA/P-384 signing and
//! verification.
//!
//! ## Signing/Verification Example
//!
//! This example requires the `ecdsa` Cargo feature is enabled:
//!
//! ```
//! # #[cfg(feature = "ecdsa")]
//! # {
//! use p384::ecdsa::{signature::Signer, Signature, SigningKey};
//! use rand_core::OsRng; // requires 'getrandom' feature
//!
//! // Signing
//! let signing_key = SigningKey::random(&mut OsRng); // Serialize with `::to_bytes()`
//! let message = b"ECDSA proves knowledge of a secret number in the context of a single message";
//! let signature: Signature = signing_key.sign(message);
//!
//! // Verification
//! use p384::ecdsa::{signature::Verifier, VerifyingKey};
//!
//! let verifying_key = VerifyingKey::from(&signing_key); // Serialize with `::to_encoded_point()`
//! assert!(verifying_key.verify(message, &signature).is_ok());
//! # }
//! ```
pub use ecdsa_core::signature::{self, Error};
#[cfg(feature = "ecdsa")]
use {
crate::{AffinePoint, Scalar},
ecdsa_core::hazmat::{SignPrimitive, VerifyPrimitive},
};
use super::NistP384;
/// ECDSA/P-384 signature (fixed-size)
pub type Signature = ecdsa_core::Signature<NistP384>;
/// ECDSA/P-384 signature (ASN.1 DER encoded)
pub type DerSignature = ecdsa_core::der::Signature<NistP384>;
/// ECDSA/P-384 signing key
#[cfg(feature = "ecdsa")]
pub type SigningKey = ecdsa_core::SigningKey<NistP384>;
/// ECDSA/P-384 verification key (i.e. public key)
#[cfg(feature = "ecdsa")]
pub type VerifyingKey = ecdsa_core::VerifyingKey<NistP384>;
#[cfg(feature = "sha384")]
impl ecdsa_core::hazmat::DigestPrimitive for NistP384 {
type Digest = sha2::Sha384;
}
#[cfg(feature = "ecdsa")]
impl SignPrimitive<NistP384> for Scalar {}
#[cfg(feature = "ecdsa")]
impl VerifyPrimitive<NistP384> for AffinePoint {}
#[cfg(all(test, feature = "ecdsa"))]
mod tests {
use crate::{
ecdsa::{
signature::hazmat::{PrehashSigner, PrehashVerifier},
signature::Signer,
Signature, SigningKey, VerifyingKey,
},
AffinePoint, EncodedPoint, SecretKey,
};
use elliptic_curve::{generic_array::GenericArray, sec1::FromEncodedPoint};
use hex_literal::hex;
use sha2::Digest;
// Test vector from RFC 6979 Appendix 2.6 (NIST P-384 + SHA-384)
// <https://tools.ietf.org/html/rfc6979#appendix-A.2.6>
#[test]
fn rfc6979() {
let x = hex!("6b9d3dad2e1b8c1c05b19875b6659f4de23c3b667bf297ba9aa47740787137d896d5724e4c70a825f872c9ea60d2edf5");
let signer = SigningKey::from_bytes(&x.into()).unwrap();
let signature: Signature = signer.sign(b"sample");
assert_eq!(
signature.to_bytes().as_slice(),
&hex!(
"94edbb92a5ecb8aad4736e56c691916b3f88140666ce9fa73d64c4ea95ad133c81a648152e44acf96e36dd1e80fabe46
99ef4aeb15f178cea1fe40db2603138f130e740a19624526203b6351d0a3a94fa329c145786e679e7b82c71a38628ac8"
)
);
let signature: Signature = signer.sign(b"test");
assert_eq!(
signature.to_bytes().as_slice(),
&hex!(
"8203b63d3c853e8d77227fb377bcf7b7b772e97892a80f36ab775d509d7a5feb0542a7f0812998da8f1dd3ca3cf023db
ddd0760448d42d8a43af45af836fce4de8be06b485e9b61b827c2f13173923e06a739f040649a667bf3b828246baa5a5"
)
);
}
// Test signing with PrehashSigner using SHA-256 which output is smaller than P-384 field size.
#[test]
fn prehash_signer_signing_with_sha256() {
let x = hex!("6b9d3dad2e1b8c1c05b19875b6659f4de23c3b667bf297ba9aa47740787137d896d5724e4c70a825f872c9ea60d2edf5");
let signer = SigningKey::from_bytes(&x.into()).unwrap();
let digest = sha2::Sha256::digest(b"test");
let signature: Signature = signer.sign_prehash(&digest).unwrap();
assert_eq!(
signature.to_bytes().as_slice(),
&hex!(
"010c3ab1a300f8c9d63eafa9a41813f0c5416c08814bdfc0236458d6c2603d71c4941f4696e60aff5717476170bb6ab4
03c4ad6274c61691346b2178def879424726909af308596ffb6355a042f48a114e2eb28eaa6918592b4727961057c0c1"
)
);
}
// Test verifying with PrehashVerifier using SHA-256 which output is smaller than P-384 field size.
#[test]
fn prehash_signer_verification_with_sha256() {
// The following test vector adapted from the FIPS 186-4 ECDSA test vectors
// (P-384, SHA-256, from `SigGen.txt` in `186-4ecdsatestvectors.zip`)
// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/digital-signatures>
let verifier = VerifyingKey::from_affine(
AffinePoint::from_encoded_point(
&EncodedPoint::from_affine_coordinates(
GenericArray::from_slice(&hex!("0400193b21f07cd059826e9453d3e96dd145041c97d49ff6b7047f86bb0b0439e909274cb9c282bfab88674c0765bc75")),
GenericArray::from_slice(&hex!("f70d89c52acbc70468d2c5ae75c76d7f69b76af62dcf95e99eba5dd11adf8f42ec9a425b0c5ec98e2f234a926b82a147")),
false,
),
).unwrap()
).unwrap();
let signature = Signature::from_scalars(
GenericArray::clone_from_slice(&hex!("b11db00cdaf53286d4483f38cd02785948477ed7ebc2ad609054551da0ab0359978c61851788aa2ec3267946d440e878")),
GenericArray::clone_from_slice(&hex!("16007873c5b0604ce68112a8fee973e8e2b6e3319c683a762ff5065a076512d7c98b27e74b7887671048ac027df8cbf2")),
).unwrap();
let result = verifier.verify_prehash(
&hex!("bbbd0a5f645d3fda10e288d172b299455f9dff00e0fbc2833e18cd017d7f3ed1"),
&signature,
);
assert!(result.is_ok());
}
#[test]
fn signing_secret_key_equivalent() {
let raw_sk: [u8; 48] = [
32, 52, 118, 9, 96, 116, 119, 172, 168, 251, 251, 197, 230, 33, 132, 85, 243, 25, 150,
105, 121, 46, 248, 180, 102, 250, 168, 123, 220, 103, 121, 129, 68, 200, 72, 221, 3,
102, 30, 237, 90, 198, 36, 97, 52, 12, 234, 150,
];
let seck = SecretKey::from_bytes(&raw_sk.into()).unwrap();
let sigk = SigningKey::from_bytes(&raw_sk.into()).unwrap();
assert_eq!(seck.to_bytes().as_slice(), &raw_sk);
assert_eq!(sigk.to_bytes().as_slice(), &raw_sk);
}
mod sign {
use crate::{test_vectors::ecdsa::ECDSA_TEST_VECTORS, NistP384};
ecdsa_core::new_signing_test!(NistP384, ECDSA_TEST_VECTORS);
}
mod verify {
use crate::{test_vectors::ecdsa::ECDSA_TEST_VECTORS, NistP384};
ecdsa_core::new_verification_test!(NistP384, ECDSA_TEST_VECTORS);
}
mod wycheproof {
use crate::NistP384;
ecdsa_core::new_wycheproof_test!(wycheproof, "wycheproof", NistP384);
}
}

136
vendor/p384/src/lib.rs vendored Normal file
View File

@@ -0,0 +1,136 @@
#![no_std]
#![cfg_attr(docsrs, feature(doc_auto_cfg))]
#![doc(
html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg"
)]
#![forbid(unsafe_code)]
#![warn(missing_docs, rust_2018_idioms, unused_qualifications)]
#![doc = include_str!("../README.md")]
//! ## `serde` support
//!
//! When the `serde` feature of this crate is enabled, `Serialize` and
//! `Deserialize` are impl'd for the following types:
//!
//! - [`AffinePoint`]
//! - [`Scalar`]
//! - [`ecdsa::VerifyingKey`]
//!
//! Please see type-specific documentation for more information.
#[cfg(feature = "arithmetic")]
mod arithmetic;
#[cfg(feature = "ecdh")]
pub mod ecdh;
#[cfg(feature = "ecdsa-core")]
pub mod ecdsa;
#[cfg(any(feature = "test-vectors", test))]
pub mod test_vectors;
pub use elliptic_curve::{self, bigint::U384, consts::U48};
#[cfg(feature = "arithmetic")]
pub use arithmetic::{scalar::Scalar, AffinePoint, ProjectivePoint};
#[cfg(feature = "expose-field")]
pub use arithmetic::field::FieldElement;
#[cfg(feature = "pkcs8")]
pub use elliptic_curve::pkcs8;
use elliptic_curve::{
bigint::ArrayEncoding, consts::U49, generic_array::GenericArray, FieldBytesEncoding,
};
/// Order of NIST P-384's elliptic curve group (i.e. scalar modulus) in hexadecimal.
const ORDER_HEX: &str = "ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973";
/// NIST P-384 elliptic curve.
#[derive(Copy, Clone, Debug, Default, Eq, PartialEq, PartialOrd, Ord)]
pub struct NistP384;
impl elliptic_curve::Curve for NistP384 {
/// 48-byte serialized field elements.
type FieldBytesSize = U48;
/// 384-bit integer type used for internally representing field elements.
type Uint = U384;
/// Order of NIST P-384's elliptic curve group (i.e. scalar modulus).
const ORDER: U384 = U384::from_be_hex(ORDER_HEX);
}
impl elliptic_curve::PrimeCurve for NistP384 {}
impl elliptic_curve::point::PointCompression for NistP384 {
/// NIST P-384 points are typically uncompressed.
const COMPRESS_POINTS: bool = false;
}
impl elliptic_curve::point::PointCompaction for NistP384 {
/// NIST P-384 points are typically uncompressed.
const COMPACT_POINTS: bool = false;
}
#[cfg(feature = "jwk")]
impl elliptic_curve::JwkParameters for NistP384 {
const CRV: &'static str = "P-384";
}
#[cfg(feature = "pkcs8")]
impl pkcs8::AssociatedOid for NistP384 {
const OID: pkcs8::ObjectIdentifier = pkcs8::ObjectIdentifier::new_unwrap("1.3.132.0.34");
}
/// Compressed SEC1-encoded NIST P-384 curve point.
pub type CompressedPoint = GenericArray<u8, U49>;
/// NIST P-384 SEC1 encoded point.
pub type EncodedPoint = elliptic_curve::sec1::EncodedPoint<NistP384>;
/// NIST P-384 field element serialized as bytes.
///
/// Byte array containing a serialized field element value (base field or
/// scalar).
pub type FieldBytes = elliptic_curve::FieldBytes<NistP384>;
impl FieldBytesEncoding<NistP384> for U384 {
fn decode_field_bytes(field_bytes: &FieldBytes) -> Self {
U384::from_be_byte_array(*field_bytes)
}
fn encode_field_bytes(&self) -> FieldBytes {
self.to_be_byte_array()
}
}
/// Non-zero NIST P-384 scalar field element.
#[cfg(feature = "arithmetic")]
pub type NonZeroScalar = elliptic_curve::NonZeroScalar<NistP384>;
/// NIST P-384 public key.
#[cfg(feature = "arithmetic")]
pub type PublicKey = elliptic_curve::PublicKey<NistP384>;
/// NIST P-384 secret key.
pub type SecretKey = elliptic_curve::SecretKey<NistP384>;
#[cfg(not(feature = "arithmetic"))]
impl elliptic_curve::sec1::ValidatePublicKey for NistP384 {}
/// Bit representation of a NIST P-384 scalar field element.
#[cfg(feature = "bits")]
pub type ScalarBits = elliptic_curve::scalar::ScalarBits<NistP384>;
#[cfg(feature = "voprf")]
impl elliptic_curve::VoprfParameters for NistP384 {
/// See <https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-19.html#name-oprfp-384-sha-384-2>.
const ID: &'static str = "P384-SHA384";
/// See <https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-08.html#section-4.4-1.2>.
type Hash = sha2::Sha384;
}

5
vendor/p384/src/test_vectors.rs vendored Normal file
View File

@@ -0,0 +1,5 @@
//! secp384r1 test vectors.
#[cfg(test)]
pub mod ecdsa;
pub mod group;

BIN
vendor/p384/src/test_vectors/data/wycheproof.blb vendored Normal file
View File

Binary file not shown.

150
vendor/p384/src/test_vectors/ecdsa.rs vendored Normal file
View File

@@ -0,0 +1,150 @@
//! ECDSA/secp384r1 test vectors
use ecdsa_core::dev::TestVector;
use hex_literal::hex;
/// ECDSA/P-384 test vectors.
///
/// Adapted from the FIPS 186-4 ECDSA test vectors
/// (P-384, SHA-384, from `SigGen.txt` in `186-4ecdsatestvectors.zip`)
/// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/digital-signatures>
///
/// The `m` field contains a SHA-384 prehash of the `Msg` field in the
/// original `SigTen.txt`.
pub const ECDSA_TEST_VECTORS: &[TestVector; 15] = &[
TestVector {
d: &hex!("201b432d8df14324182d6261db3e4b3f46a8284482d52e370da41e6cbdf45ec2952f5db7ccbce3bc29449f4fb080ac97"),
q_x: &hex!("c2b47944fb5de342d03285880177ca5f7d0f2fcad7678cce4229d6e1932fcac11bfc3c3e97d942a3c56bf34123013dbf"),
q_y: &hex!("37257906a8223866eda0743c519616a76a758ae58aee81c5fd35fbf3a855b7754a36d4a0672df95d6c44a81cf7620c2d"),
k: &hex!("dcedabf85978e090f733c6e16646fa34df9ded6e5ce28c6676a00f58a25283db8885e16ce5bf97f917c81e1f25c9c771"),
m: &hex!("31a452d6164d904bb5724c878280231eae705c29ce9d4bc7d58e020e1085f17eebcc1a38f0ed0bf2b344d81fbd896825"),
r: &hex!("50835a9251bad008106177ef004b091a1e4235cd0da84fff54542b0ed755c1d6f251609d14ecf18f9e1ddfe69b946e32"),
s: &hex!("0475f3d30c6463b646e8d3bf2455830314611cbde404be518b14464fdb195fdcc92eb222e61f426a4a592c00a6a89721"),
},
TestVector {
d: &hex!("23d9f4ea6d87b7d6163d64256e3449255db14786401a51daa7847161bf56d494325ad2ac8ba928394e01061d882c3528"),
q_x: &hex!("5d42d6301c54a438f65970bae2a098cbc567e98840006e356221966c86d82e8eca515bca850eaa3cd41f175f03a0cbfd"),
q_y: &hex!("4aef5a0ceece95d382bd70ab5ce1cb77408bae42b51a08816d5e5e1d3da8c18fcc95564a752730b0aabea983ccea4e2e"),
k: &hex!("67ba379366049008593eac124f59ab017358892ee0c063d38f3758bb849fd25d867c3561563cac1532a323b228dc0890"),
m: &hex!("a92784916a40feaebfeab16ea28c0c65e45c5e81eb634052944865708072e20110bd669a9838d7e722e94ac75245cdd3"),
r: &hex!("fb318f4cb1276282bb43f733a7fb7c567ce94f4d02924fc758635ab2d1107108bf159b85db080cdc3b30fbb5400016f3"),
s: &hex!("588e3d7af5da03eae255ecb1813100d95edc243476b724b22db8e85377660d7645ddc1c2c2ee4eaea8b683dbe22f86ca"),
},
TestVector {
d: &hex!("b5f670e98d8befc46f6f51fb2997069550c2a52ebfb4e5e25dd905352d9ef89eed5c2ecd16521853aadb1b52b8c42ae6"),
q_x: &hex!("44ffb2a3a95e12d87c72b5ea0a8a7cb89f56b3bd46342b2303608d7216301c21b5d2921d80b6628dc512ccb84e2fc278"),
q_y: &hex!("e4c1002f1828abaec768cadcb7cf42fbf93b1709ccae6df5b134c41fae2b9a188bfbe1eccff0bd348517d7227f2071a6"),
k: &hex!("229e67638f712f57bea4c2b02279d5ccad1e7c9e201c77f6f01aeb81ea90e62b44b2d2107fd66d35e56608fff65e28e4"),
m: &hex!("b2acf6b4ae1ba9985c1e657313d59157939c21868302f6f5c5dbf037867035ae7c2009bad9fce472579923f7b4b87795"),
r: &hex!("b11db592e4ebc75b6472b879b1d8ce57452c615aef20f67a280f8bca9b11a30ad4ac9d69541258c7dd5d0b4ab8dd7d49"),
s: &hex!("4eb51db8004e46d438359abf060a9444616cb46b4f99c9a05b53ba6df02e914c9c0b6cc3a9791d804d2e4c0984dab1cc"),
},
TestVector {
d: &hex!("de5975d8932533f092e76295ed6b23f10fc5fba48bfb82c6cc714826baf0126813247f8bd51d5738503654ab22459976"),
q_x: &hex!("f1fabafc01fec7e96d982528d9ef3a2a18b7fe8ae0fa0673977341c7ae4ae8d8d3d67420343d013a984f5f61da29ae38"),
q_y: &hex!("1a31cf902c46343d01b2ebb614bc789c313b5f91f9302ad9418e9c797563e2fa3d44500f47b4e26ad8fdec1a816d1dcf"),
k: &hex!("fc5940e661542436f9265c34bce407eff6364bd471aa79b90c906d923e15c9ed96eea4e86f3238ea86161d13b7d9359d"),
m: &hex!("ec21c9d03a7270ea9ce7e9ff83211bac2fb104d078217c370248a3aba81f6c586852f19ced56dc71f83f5251d7381c8a"),
r: &hex!("c2fbdd6a56789024082173725d797ef9fd6accb6ae664b7260f9e83cb8ab2490428c8b9c52e153612295432fec4d59cd"),
s: &hex!("8056c5bb57f41f73082888b234fcda320a33250b5da012ba1fdb4924355ae679012d81d2c08fc0f8634c708a4833232f"),
},
TestVector {
d: &hex!("11e0d470dc31fab0f5722f87b74a6c8d7414115e58ceb38bfcdced367beac3adbf1fe9ba5a04f72e978b1eb54597eabc"),
q_x: &hex!("1950166989164cbfd97968c7e8adb6fbca1873ebef811ea259eb48b7d584627f0e6d6c64defe23cbc95236505a252aa1"),
q_y: &hex!("41ef424b5cb076d4e32accd9250ea75fcf4ffd81814040c050d58c0a29b06be11edf67c911b403e418b7277417e52906"),
k: &hex!("e56904028226eb04f8d071e3f9cefec91075a81ca0fa87b44cae148fe1ce9827b5d1910db2336d0eb9813ddba3e4d7b5"),
m: &hex!("f0272d0a51ee61f86d0875ca7800e12744ef6ffbac72bdda7c54ba24e5a5a6bd69ebe6f429cc20ac12b926d392efc4ce"),
r: &hex!("c38ef30f55624e8935680c29f8c24824877cf48ffc0ef015e62de1068893353030d1193bf9d34237d7ce6ba92c98b0fe"),
s: &hex!("651b8c3d5c9d5b936d300802a06d82ad54f7b1ba4327b2f031c0c5b0cb215ad4354edc7f932d934e877dfa1cf51b13fe"),
},
TestVector {
d: &hex!("5c6bbf9fbcbb7b97c9535f57b431ed1ccae1945b7e8a4f1b032016b07810bd24a9e20055c0e9306650df59ef7e2cd8c2"),
q_x: &hex!("2e01c5b59e619e00b79060a1e8ef695472e23bf9a511fc3d5ed77a334a242557098e40972713732c5291c97adf9cf2cf"),
q_y: &hex!("563e3fe4ad807e803b9e961b08da4dde4cea8925649da0d93221ce4cdceabc6a1db7612180a8c6bef3579c65539b97e9"),
k: &hex!("03d23f1277b949cb6380211ad9d338e6f76c3eedac95989b91d0243cfb734a54b19bca45a5d13d6a4b9f815d919eea77"),
m: &hex!("e114c6204bee5bf0bbdf9ffc139bb99f09e7ea2186da3ee1e011dd059185d57c4953a130d34ff0df3fc6782dda199ee8"),
r: &hex!("abab65308f0b79c4f3a9ff28dd490acb0c320434094cef93e75adfe17e5820dc1f77544cfaaacdc8cf9ac8b38e174bef"),
s: &hex!("11b783d879a6de054b316af7d56e526c3dce96c85289122e3ad927cfa77bfc50b4a96c97f85b1b8221be2df083ff58fb"),
},
TestVector {
d: &hex!("ffc7dedeff8343721f72046bc3c126626c177b0e48e247f44fd61f8469d4d5f0a74147fabaa334495cc1f986ebc5f0b1"),
q_x: &hex!("51c78c979452edd53b563f63eb3e854a5b23e87f1b2103942b65f77d024471f75c8ce1cc0dfef83292b368112aa5126e"),
q_y: &hex!("313e6aaf09caa3ba30f13072b2134878f14a4a01ee86326cccbff3d079b4df097dc57985e8c8c834a10cb9d766169366"),
k: &hex!("c3de91dbe4f777698773da70dd610ef1a7efe4dc00d734399c7dd100728006a502822a5a7ff9129ffd8adf6c1fc1211a"),
m: &hex!("f11e38f4037ae3ffd0fde97c08e2e5acbc26e3ac5828a86c182232be90ef6fc0f5d21a9b1a7b93472d78c103b4136019"),
r: &hex!("f4f477855819ad8b1763f53691b76afbc4a31a638b1e08c293f9bcd55decf797f9913ca128d4b45b2e2ea3e82c6cf565"),
s: &hex!("7c26be29569ef95480a6d0c1af49dc10a51a0a8931345e48c0c39498bfb94d62962980b56143a7b41a2fddc8794c1b7f"),
},
TestVector {
d: &hex!("adca364ef144a21df64b163615e8349cf74ee9dbf728104215c532073a7f74e2f67385779f7f74ab344cc3c7da061cf6"),
q_x: &hex!("ef948daae68242330a7358ef73f23b56c07e37126266db3fa6eea233a04a9b3e4915233dd6754427cd4b71b75854077d"),
q_y: &hex!("009453ef1828eaff9e17c856d4fc1895ab60051312c3e1db1e3766566438b2990cbf9945c2545619e3e0145bc6a79004"),
k: &hex!("a2da3fae2e6da3cf11b49861afb34fba357fea89f54b35ce5ed7434ae09103fe53e2be75b93fc579fedf919f6d5e407e"),
m: &hex!("f8d0170479b2d1a8f50c80556e67ff345592c8b7dcda4e4f6099f993c1a71bff6d3b60190715ae1215a8a759a8eb13df"),
r: &hex!("dda994b9c428b57e9f8bbaebba0d682e3aac6ed828e3a1e99a7fc4c804bff8df151137f539c7389d80e23d9f3ee497bf"),
s: &hex!("a0d6b10ceffd0e1b29cf784476f9173ba6ecd2cfc7929725f2d6e24e0db5a4721683640eaa2bbe151fb57560f9ce594b"),
},
TestVector {
d: &hex!("39bea008ec8a217866dcbdb1b93da34d1d3e851d011df9ef44b7828b3453a54aa70f1df9932170804eacd207e4f7e91d"),
q_x: &hex!("5709ec4305a9c3271c304face6c148142490b827a73a4c17affcfd01fffd7eaa65d2fdedfa2419fc64ed910823513faf"),
q_y: &hex!("b083cda1cf3be6371b6c06e729ea6299213428db57119347247ec1fcd44204386cc0bca3f452d9d864b39efbfc89d6b2"),
k: &hex!("3c90cc7b6984056f570542a51cbe497ce4c11aeae8fc35e8fd6a0d9adeb650e8644f9d1d5e4341b5adc81e27f284c08f"),
m: &hex!("86bc7536faf2de20028159ce93e293d0a7f5721fb6680b5b070c3f70aba845de2eaed9245144babc38c49cce59f3eac7"),
r: &hex!("d13646895afb1bfd1953551bb922809c95ad65d6abe94eb3719c899aa1f6dba6b01222c7f283900fe98628b7597b6ea6"),
s: &hex!("4a9a38afda04c0a6b0058943b679bd02205b14d0f3d49b8f31aac289129780cdb1c555def8c3f9106b478729e0c7efaa"),
},
TestVector {
d: &hex!("e849cf948b241362e3e20c458b52df044f2a72deb0f41c1bb0673e7c04cdd70811215059032b5ca3cc69c345dcce4cf7"),
q_x: &hex!("06c037a0cbf43fdf335dff33de06d34348405353f9fdf2ce1361efba30fb204aea9dbd2e30da0a10fd2d876188371be6"),
q_y: &hex!("360d38f3940e34679204b98fbf70b8a4d97f25443e46d0807ab634ed5891ad864dd7703557aa933cd380e26eea662a43"),
k: &hex!("32386b2593c85e877b70e5e5495936f65dc49553caef1aa6cc14d9cd370c442a0ccfab4c0da9ec311b67913b1b575a9d"),
m: &hex!("1128c8b09573a993adaa0a68f3ca965db30870db46de70d29e3b9a7d110ba0cd57633f1713173c62331b36fb925fa874"),
r: &hex!("5886078d3495767e330c7507b7ca0fa07a50e59912a416d89f0ab1aa4e88153d6eaf00882d1b4aa64153153352d853b5"),
s: &hex!("2cc10023bf1bf8ccfd14b06b82cc2114449a352389c8ff9f6f78cdc4e32bde69f3869da0e17f691b329682ae7a36e1aa"),
},
TestVector {
d: &hex!("d89607475d509ef23dc9f476eae4280c986de741b63560670fa2bd605f5049f1972792c0413a5b3b4b34e7a38b70b7ca"),
q_x: &hex!("49a1c631f31cf5c45b2676b1f130cbf9be683d0a50dffae0d147c1e9913ab1090c6529a84f47ddc7cf025921b771355a"),
q_y: &hex!("1e207eece62f2bcc6bdabc1113158145170be97469a2904eaaa93aad85b86a19719207f3e423051f5b9cbbe2754eefcb"),
k: &hex!("78613c570c8d33b7dd1bd1561d87e36282e8cf4843e7c344a2b2bb6a0da94756d670eeaffe434f7ae7c780f7cf05ca08"),
m: &hex!("ab9a6d22c8d7675bc8e99e3cafed8318f33051ba5398ce0e9d8e8d3d537a6a908d4c2ace3e6d8204d0236d863eee3c28"),
r: &hex!("66f92b39aa3f4aeb9e2dc03ac3855406fa3ebbab0a6c88a78d7a03482f0c9868d7b78bc081ede0947c7f37bf193074ba"),
s: &hex!("e5c64ed98d7f3701193f25dd237d59c91c0da6e26215e0889d82e6d3e416693f8d58843cf30ab10ab8d0edd9170b53ad"),
},
TestVector {
d: &hex!("083e7152734adf342520ae377087a223688de2899b10cfcb34a0b36bca500a4dfa530e2343e6a39da7ae1eb0862b4a0d"),
q_x: &hex!("70a0f16b6c61172659b027ed19b18fd8f57bd28dc0501f207bd6b0bb065b5671cf3dd1ed13d388dcf6ccc766597aa604"),
q_y: &hex!("4f845bf01c3c3f6126a7368c3454f51425801ee0b72e63fb6799b4420bfdebe3e37c7246db627cc82c09654979c700bb"),
k: &hex!("28096ababe29a075fbdf894709a20d0fdedb01ed3eeacb642a33a0da6aed726e13caf6cf206792ec359f0c9f9b567552"),
m: &hex!("68f858243fe465eb91dc2481333cbb1958883ef25099d45cf02721d17d2846d2cec4689884ae7c0412332e035a1fa3fc"),
r: &hex!("ee2923f9b9999ea05b5e57f505bed5c6ba0420def42c6fa90eef7a6ef770786525546de27cdeb2f8586f8f29fb4ee67c"),
s: &hex!("50ef923fb217c4cf65a48b94412fda430fac685f0da7bd574557c6c50f5b22e0c8354d99f2c2f2c2691f252f93c7d84a"),
},
TestVector {
d: &hex!("63578d416215aff2cc78f9b926d4c7740a77c142944e104aa7422b19a616898262d46a8a942d5e8d5db135ee8b09a368"),
q_x: &hex!("cadbacef4406099316db2ce3206adc636c2bb0a835847ed7941efb02862472f3150338f13f4860d47f39b7e098f0a390"),
q_y: &hex!("752ad0f22c9c264336cde11bbc95d1816ed4d1b1500db6b8dce259a42832e613c31178c2c7995206a62e201ba108f570"),
k: &hex!("7b69c5d5b4d05c9950dc94c27d58403b4c52c004b80a80418ad3a89aabc5d34f21926729e76afd280cc8ee88c9805a2a"),
m: &hex!("dca5ebfebeac1696eff4a89162469c6937b80f8f8cf17299856de2e13d8f8a199bff3085cee59366886164bcc03f7e90"),
r: &hex!("db054addb6161ee49c6ce2e4d646d7670754747b6737ca8516e9d1e87859937c3ef9b1d2663e10d7e4bd00ec85b7a97a"),
s: &hex!("fcc504e0f00ef29587e4bc22faada4db30e2cb1ac552680a65785ae87beb666c792513f2be7a3180fc544296841a0e27"),
},
TestVector {
d: &hex!("ed4df19971658b74868800b3b81bc877807743b25c65740f1d6377542afe2c6427612c840ada31a8eb794718f37c7283"),
q_x: &hex!("33093a0568757e8b58df5b72ea5fe5bf26e6f7aeb541b4c6a8c189c93721749bcaceccf2982a2f0702586a9f812fc66f"),
q_y: &hex!("ebe320d09e1f0662189d50b85a20403b821ac0d000afdbf66a0a33f304726c69e354d81c50b94ba3a5250efc31319cd1"),
k: &hex!("d9b4cd1bdfa83e608289634dbfcee643f07315baf743fc91922880b55a2feda3b38ddf6040d3ba10985cd1285fc690d5"),
m: &hex!("f9b152150f7dc99d5262c9da04dde148009730fb2af9ac753b9c64488d27c817f68c17ae1ff61e50ebb6749230c59a71"),
r: &hex!("009c74063e206a4259b53decff5445683a03f44fa67252b76bd3581081c714f882f882df915e97dbeab061fa8b3cc4e7"),
s: &hex!("d40e09d3468b46699948007e8f59845766dbf694b9c62066890dd055c0cb9a0caf0aa611fb9f466ad0bbb00dbe29d7eb"),
},
TestVector {
d: &hex!("e9c7e9a79618d6ff3274da1abd0ff3ed0ec1ae3b54c3a4fd8d68d98fb04326b7633fc637e0b195228d0edba6bb1468fb"),
q_x: &hex!("a39ac353ca787982c577aff1e8601ce192aa90fd0de4c0ed627f66a8b6f02ae51315543f72ffc1c48a7269b25e7c289a"),
q_y: &hex!("9064a507b66b340b6e0e0d5ffaa67dd20e6dafc0ea6a6faee1635177af256f9108a22e9edf736ab4ae8e96dc207b1fa9"),
k: &hex!("b094cb3a5c1440cfab9dc56d0ec2eff00f2110dea203654c70757254aa5912a7e73972e607459b1f4861e0b08a5cc763"),
m: &hex!("14f785ebb5a3b1bdff516a6b580e245b3c81aff37e1035e354b084a6691e973e0de30bb2a0490fca2d757f8191d7560a"),
r: &hex!("ee82c0f90501136eb0dc0e459ad17bf3be1b1c8b8d05c60068a9306a346326ff7344776a95f1f7e2e2cf9477130e735c"),
s: &hex!("af10b90f203af23b7500e070536e64629ba19245d6ef39aab57fcdb1b73c4c6bf7070c6263544633d3d358c12a178138"),
},
];

256
vendor/p384/src/test_vectors/group.rs vendored Normal file
View File

@@ -0,0 +1,256 @@
//! Test vectors for the secp384r1 group.
use hex_literal::hex;
/// Repeated addition of the generator.
///
/// These are the first 20 test vectors from <http://point-at-infinity.org/ecc/nisttv>
pub const ADD_TEST_VECTORS: &[([u8; 48], [u8; 48])] = &[
(
hex!("AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"),
hex!("3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")
),
(
hex!("08D999057BA3D2D969260045C55B97F089025959A6F434D651D207D19FB96E9E4FE0E86EBE0E64F85B96A9C75295DF61"),
hex!("8E80F1FA5B1B3CEDB7BFE8DFFD6DBA74B275D875BC6CC43E904E505F256AB4255FFD43E94D39E22D61501E700A940E80")
),
(
hex!("077A41D4606FFA1464793C7E5FDC7D98CB9D3910202DCD06BEA4F240D3566DA6B408BBAE5026580D02D7E5C70500C831"),
hex!("C995F7CA0B0C42837D0BBE9602A9FC998520B41C85115AA5F7684C0EDC111EACC24ABD6BE4B5D298B65F28600A2F1DF1")
),
(
hex!("138251CD52AC9298C1C8AAD977321DEB97E709BD0B4CA0ACA55DC8AD51DCFC9D1589A1597E3A5120E1EFD631C63E1835"),
hex!("CACAE29869A62E1631E8A28181AB56616DC45D918ABC09F3AB0E63CF792AA4DCED7387BE37BBA569549F1C02B270ED67")
),
(
hex!("11DE24A2C251C777573CAC5EA025E467F208E51DBFF98FC54F6661CBE56583B037882F4A1CA297E60ABCDBC3836D84BC"),
hex!("8FA696C77440F92D0F5837E90A00E7C5284B447754D5DEE88C986533B6901AEB3177686D0AE8FB33184414ABE6C1713A")
),
(
hex!("627BE1ACD064D2B2226FE0D26F2D15D3C33EBCBB7F0F5DA51CBD41F26257383021317D7202FF30E50937F0854E35C5DF"),
hex!("09766A4CB3F8B1C21BE6DDA6C14F1575B2C95352644F774C99864F613715441604C45B8D84E165311733A408D3F0F934")
),
(
hex!("283C1D7365CE4788F29F8EBF234EDFFEAD6FE997FBEA5FFA2D58CC9DFA7B1C508B05526F55B9EBB2040F05B48FB6D0E1"),
hex!("9475C99061E41B88BA52EFDB8C1690471A61D867ED799729D9C92CD01DBD225630D84EDE32A78F9E64664CDAC512EF8C")
),
(
hex!("1692778EA596E0BE75114297A6FA383445BF227FBE58190A900C3C73256F11FB5A3258D6F403D5ECE6E9B269D822C87D"),
hex!("DCD2365700D4106A835388BA3DB8FD0E22554ADC6D521CD4BD1C30C2EC0EEC196BADE1E9CDD1708D6F6ABFA4022B0AD2")
),
(
hex!("8F0A39A4049BCB3EF1BF29B8B025B78F2216F7291E6FD3BAC6CB1EE285FB6E21C388528BFEE2B9535C55E4461079118B"),
hex!("62C77E1438B601D6452C4A5322C3A9799A9B3D7CA3C400C6B7678854AED9B3029E743EFEDFD51B68262DA4F9AC664AF8")
),
(
hex!("A669C5563BD67EEC678D29D6EF4FDE864F372D90B79B9E88931D5C29291238CCED8E85AB507BF91AA9CB2D13186658FB"),
hex!("A988B72AE7C1279F22D9083DB5F0ECDDF70119550C183C31C502DF78C3B705A8296D8195248288D997784F6AB73A21DD")
),
(
hex!("099056E27DA7B998DA1EEEC2904816C57FE935ED5837C37456C9FD14892D3F8C4749B66E3AFB81D626356F3B55B4DDD8"),
hex!("2E4C0C234E30AB96688505544AC5E0396FC4EED8DFC363FD43FF93F41B52A3255466D51263AAFF357D5DBA8138C5E0BB")
),
(
hex!("952A7A349BD49289AB3AC421DCF683D08C2ED5E41F6D0E21648AF2691A481406DA4A5E22DA817CB466DA2EA77D2A7022"),
hex!("A0320FAF84B5BC0563052DEAE6F66F2E09FB8036CE18A0EBB9028B096196B50D031AA64589743E229EF6BACCE21BD16E")
),
(
hex!("A567BA97B67AEA5BAFDAF5002FFCC6AB9632BFF9F01F873F6267BCD1F0F11C139EE5F441ABD99F1BAAF1CA1E3B5CBCE7"),
hex!("DE1B38B3989F3318644E4147AF164ECC5185595046932EC086329BE057857D66776BCB8272218A7D6423A12736F429CC")
),
(
hex!("E8C8F94D44FBC2396BBEAC481B89D2B0877B1DFFD23E7DC95DE541EB651CCA2C41ABA24DBC02DE6637209ACCF0F59EA0"),
hex!("891AE44356FC8AE0932BCBF6DE52C8A933B86191E7728D79C8319413A09D0F48FC468BA05509DE22D7EE5C9E1B67B888")
),
(
hex!("B3D13FC8B32B01058CC15C11D813525522A94156FFF01C205B21F9F7DA7C4E9CA849557A10B6383B4B88701A9606860B"),
hex!("152919E7DF9162A61B049B2536164B1BEEBAC4A11D749AF484D1114373DFBFD9838D24F8B284AF50985D588D33F7BD62")
),
(
hex!("D5D89C3B5282369C5FBD88E2B231511A6B80DFF0E5152CF6A464FA9428A8583BAC8EBC773D157811A462B892401DAFCF"),
hex!("D815229DE12906D241816D5E9A9448F1D41D4FC40E2A3BDB9CABA57E440A7ABAD1210CB8F49BF2236822B755EBAB3673")
),
(
hex!("4099952208B4889600A5EBBCB13E1A32692BEFB0733B41E6DCC614E42E5805F817012A991AF1F486CAF3A9ADD9FFCC03"),
hex!("5ECF94777833059839474594AF603598163AD3F8008AD0CD9B797D277F2388B304DA4D2FAA9680ECFA650EF5E23B09A0")
),
(
hex!("DFB1FE3A40F7AC9B64C41D39360A7423828B97CB088A4903315E402A7089FA0F8B6C2355169CC9C99DFB44692A9B93DD"),
hex!("453ACA1243B5EC6B423A68A25587E1613A634C1C42D2EE7E6C57F449A1C91DC89168B7036EC0A7F37A366185233EC522")
),
(
hex!("8D481DAB912BC8AB16858A211D750B77E07DBECCA86CD9B012390B430467AABF59C8651060801C0E9599E68713F5D41B"),
hex!("A1592FF0121460857BE99F2A60669050B2291B68A1039AA0594B32FD7ADC0E8C11FFBA5608004E646995B07E75E52245")
),
(
hex!("605508EC02C534BCEEE9484C86086D2139849E2B11C1A9CA1E2808DEC2EAF161AC8A105D70D4F85C50599BE5800A623F"),
hex!("5158EE87962AC6B81F00A103B8543A07381B7639A3A65F1353AEF11B733106DDE92E99B78DE367B48E238C38DAD8EEDD")
)
];
/// Scalar multiplication with the generator.
///
/// These are the test vectors from <http://point-at-infinity.org/ecc/nisttv> that are not
/// part of [`ADD_TEST_VECTORS`].
pub const MUL_TEST_VECTORS: &[([u8; 48], [u8; 48], [u8; 48])] = &[
(
hex!("00000000000000000000000000000000000000000000000000000000000000000000000000000000018ebbb95eed0e13"),
hex!("A499EFE48839BC3ABCD1C5CEDBDD51904F9514DB44F4686DB918983B0C9DC3AEE05A88B72433E9515F91A329F5F4FA60"),
hex!("3B7CA28EF31F809C2F1BA24AAED847D0F8B406A4B8968542DE139DB5828CA410E615D1182E25B91B1131E230B727D36A"),
),
(
hex!("000000000000000000000000000000000000000000000000000000000000000000159d893d4cdd747246cdca43590e13"),
hex!("90A0B1CAC601676B083F21E07BC7090A3390FE1B9C7F61D842D27FA315FB38D83667A11A71438773E483F2A114836B24"),
hex!("3197D3C6123F0D6CD65D5F0DE106FEF36656CB16DC7CD1A6817EB1D51510135A8F492F72665CFD1053F75ED03A7D04C9"),
),
(
hex!("41ffc1fffffe01fffc0003fffe0007c001fff00003fff07ffe0007c000000003ffffff807fff8007fffff800fffe0000"),
hex!("F2A066BD332DC59BBC3D01DA1B124C687D8BB44611186422DE94C1DA4ECF150E664D353CCDB5CB2652685F8EB4D2CD49"),
hex!("D6ED0BF75FDD8E53D87765FA746835B673881D6D1907163A2C43990D75B454294F942EC571AD5AAE1806CAF2BB8E9A4A"),
),
(
hex!("400000003803ffffffcfffffe0800000001ffffe03ffff1ffff801fffffffff8000001fffff800ffffff8001fffc7fff"),
hex!("5C7F9845D1C4AA44747F9137B6F9C39B36B26B8A62E8AF97290434D5F3B214F5A0131550ADB19058DC4C8780C4165C4A"),
hex!("712F7FCCC86F647E70DB8798228CB16344AF3D00B139B6F8502939C2A965AF0EB4E39E2E16AB8F597B8D5630A50C9D85"),
),
(
hex!("4000008000fffffc000003f00000ffffffff800003800f8000e0000e000000ffffffe00000ffffffc0007e0000000fe0"),
hex!("DD5838F7EC3B8ACF1BECFD746F8B668C577107E93548ED93ED0D254C112E76B10F053109EF8428BFCD50D38C4C030C57"),
hex!("33244F479CDAC34F160D9E4CE2D19D2FF0E3305B5BF0EEF29E91E9DE6E28F678C61B773AA7E3C03740E1A49D1AA2493C"),
),
(
hex!("000000001ffc000000fff030001f0000fffff0000038000000000002003f007ffffff0000000000000ffe00000000000"),
hex!("CB8ED893530BFBA04B4CA655923AAAD109A62BC8411D5925316C32D33602459C33057A1FBCB5F70AEB295D90F9165FBC"),
hex!("426AEE3E91B08420F9B357B66D5AFCBCF3956590BF5564DBF9086042EB880493D19DA39AAA6436C6B5FC66CE5596B43F"),
),
(
hex!("000fffe0800001ff0001fffffff0000ffffffffffffff80000fffffc1fffffffffffff001ffffffffffffbffffe01ffc"),
hex!("67F714012B6B070182122DDD435CC1C2262A1AB88939BC6A2906CB2B4137C5E82B4582160F6403CAB887ACDF5786A268"),
hex!("90E31CF398CE2F8C5897C7380BF541075D1B4D3CB70547262B7095731252F181AC0597C66AF8311C7780DB39DEC0BD32"),
),
(
hex!("07fffe0001fffff800fff800001ffff0001fffffe001fffc0000003ffe03fffffff80ffff01ffff20001c0003f0001ff"),
hex!("55A79DF7B53A99D31462C7E1A5ED5623970715BB1021098CB973A7520CBD6365E613E4B2467486FB37E86E01CEE09B8F"),
hex!("B95AEB71693189911661B709A886A1867F056A0EFE401EE11C06030E46F7A87731DA4575863178012208707DD666727C"),
),
(
hex!("0000003fff87effe07fe7ffffe07ffe07f0000000003fe007fff03e07c07ffe0007f0017fffffe000003fffff007ffff"),
hex!("9539A968CF819A0E52E10EEA3BACA1B6480D7E4DF69BC07002C568569047110EE4FE72FCA423FDD5179D6E0E19C44844"),
hex!("A7728F37A0AE0DF2716061900D83A4DA149144129F89A214A8260464BAB609BB322E4E67DE5E4C4C6CB8D25983EC19B0"),
),
(
hex!("00ffffff0000007e07fffff80031ffeffdffffc3fffffffff01fffffffff80000000007fc000fc000000004003ffc000"),
hex!("933FC13276672AB360D909161CD02D830B1628935DF0D800C6ED602C59D575A86A8A97E3A2D697E3ED06BE741C0097D6"),
hex!("F35296BD7A6B4C6C025ED6D84338CCCC7522A45C5D4FBDB1442556CAEFB598128FA188793ADA510EB5F44E90A4E4BEF1"),
),
(
hex!("00001fff803ff8000001fff000ffffffe3fff000000007ffdff80000003fff007fffffc01ffffff9ffffe001fc000000"),
hex!("0CE31E1C4A937071E6EBACA026A93D783848BCC0C1585DAF639518125FCD1F1629D63041ABFB11FFC8F03FA8B6FCF6BF"),
hex!("A69EA55BE4BEAB2D5224050FEBFFBDFCFD614624C3B4F228909EB80012F003756D1C377E52F04FA539237F24DD080E2E"),
),
(
hex!("7ff0001fff000fffffffff80007ffc0003f80001fff8000000001fc000000fff000000007ffc01fffc020000003fc000"),
hex!("6842CFE3589AC268818291F31D44177A9168DCBC19F321ED66D81ECF59E31B54CCA0DDFD4C4136780171748D69A91C54"),
hex!("E3A5ECD5AC725F13DBC631F358C6E817EDCF3A613B83832741A9DB591A0BAE767FC714F70C2E7EA891E4312047DECCC0"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5295f"),
hex!("605508EC02C534BCEEE9484C86086D2139849E2B11C1A9CA1E2808DEC2EAF161AC8A105D70D4F85C50599BE5800A623F"),
hex!("AEA7117869D53947E0FF5EFC47ABC5F8C7E489C65C59A0ECAC510EE48CCEF92116D16647721C984B71DC73C825271122"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52960"),
hex!("8D481DAB912BC8AB16858A211D750B77E07DBECCA86CD9B012390B430467AABF59C8651060801C0E9599E68713F5D41B"),
hex!("5EA6D00FEDEB9F7A841660D59F996FAF4DD6E4975EFC655FA6B4CD028523F172EE0045A8F7FFB19B966A4F828A1ADDBA"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52961"),
hex!("DFB1FE3A40F7AC9B64C41D39360A7423828B97CB088A4903315E402A7089FA0F8B6C2355169CC9C99DFB44692A9B93DD"),
hex!("BAC535EDBC4A1394BDC5975DAA781E9EC59CB3E3BD2D118193A80BB65E36E2366E9748FB913F580C85C99E7BDCC13ADD"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52962"),
hex!("4099952208B4889600A5EBBCB13E1A32692BEFB0733B41E6DCC614E42E5805F817012A991AF1F486CAF3A9ADD9FFCC03"),
hex!("A1306B8887CCFA67C6B8BA6B509FCA67E9C52C07FF752F32648682D880DC774BFB25B2CF55697F13059AF10B1DC4F65F"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52963"),
hex!("D5D89C3B5282369C5FBD88E2B231511A6B80DFF0E5152CF6A464FA9428A8583BAC8EBC773D157811A462B892401DAFCF"),
hex!("27EADD621ED6F92DBE7E92A1656BB70E2BE2B03BF1D5C42463545A81BBF585442EDEF3460B640DDC97DD48AB1454C98C"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52964"),
hex!("B3D13FC8B32B01058CC15C11D813525522A94156FFF01C205B21F9F7DA7C4E9CA849557A10B6383B4B88701A9606860B"),
hex!("EAD6E618206E9D59E4FB64DAC9E9B4E411453B5EE28B650B7B2EEEBC8C2040257C72DB064D7B50AF67A2A773CC08429D"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52965"),
hex!("E8C8F94D44FBC2396BBEAC481B89D2B0877B1DFFD23E7DC95DE541EB651CCA2C41ABA24DBC02DE6637209ACCF0F59EA0"),
hex!("76E51BBCA903751F6CD4340921AD3756CC479E6E188D728637CE6BEC5F62F0B603B9745EAAF621DD2811A362E4984777"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52966"),
hex!("A567BA97B67AEA5BAFDAF5002FFCC6AB9632BFF9F01F873F6267BCD1F0F11C139EE5F441ABD99F1BAAF1CA1E3B5CBCE7"),
hex!("21E4C74C6760CCE79BB1BEB850E9B133AE7AA6AFB96CD13F79CD641FA87A82988894347C8DDE75829BDC5ED9C90BD633"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52967"),
hex!("952A7A349BD49289AB3AC421DCF683D08C2ED5E41F6D0E21648AF2691A481406DA4A5E22DA817CB466DA2EA77D2A7022"),
hex!("5FCDF0507B4A43FA9CFAD215190990D1F6047FC931E75F1446FD74F69E694AF1FCE559B9768BC1DD610945341DE42E91"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52968"),
hex!("099056E27DA7B998DA1EEEC2904816C57FE935ED5837C37456C9FD14892D3F8C4749B66E3AFB81D626356F3B55B4DDD8"),
hex!("D1B3F3DCB1CF5469977AFAABB53A1FC6903B1127203C9C02BC006C0BE4AD5CD9AB992AEC9C5500CA82A2457FC73A1F44"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52969"),
hex!("A669C5563BD67EEC678D29D6EF4FDE864F372D90B79B9E88931D5C29291238CCED8E85AB507BF91AA9CB2D13186658FB"),
hex!("567748D5183ED860DD26F7C24A0F132208FEE6AAF3E7C3CE3AFD20873C48FA56D6927E69DB7D77266887B09648C5DE22"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296a"),
hex!("8F0A39A4049BCB3EF1BF29B8B025B78F2216F7291E6FD3BAC6CB1EE285FB6E21C388528BFEE2B9535C55E4461079118B"),
hex!("9D3881EBC749FE29BAD3B5ACDD3C56866564C2835C3BFF39489877AB51264CFC618BC100202AE497D9D25B075399B507"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296b"),
hex!("1692778EA596E0BE75114297A6FA383445BF227FBE58190A900C3C73256F11FB5A3258D6F403D5ECE6E9B269D822C87D"),
hex!("232DC9A8FF2BEF957CAC7745C24702F1DDAAB52392ADE32B42E3CF3D13F113E594521E15322E8F729095405CFDD4F52D"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296c"),
hex!("283C1D7365CE4788F29F8EBF234EDFFEAD6FE997FBEA5FFA2D58CC9DFA7B1C508B05526F55B9EBB2040F05B48FB6D0E1"),
hex!("6B8A366F9E1BE47745AD102473E96FB8E59E2798128668D62636D32FE242DDA8CF27B120CD5870619B99B3263AED1073"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296d"),
hex!("627BE1ACD064D2B2226FE0D26F2D15D3C33EBCBB7F0F5DA51CBD41F26257383021317D7202FF30E50937F0854E35C5DF"),
hex!("F68995B34C074E3DE41922593EB0EA8A4D36ACAD9BB088B36679B09EC8EABBE8FB3BA4717B1E9ACEE8CC5BF82C0F06CB"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296e"),
hex!("11DE24A2C251C777573CAC5EA025E467F208E51DBFF98FC54F6661CBE56583B037882F4A1CA297E60ABCDBC3836D84BC"),
hex!("705969388BBF06D2F0A7C816F5FF183AD7B4BB88AB2A211773679ACC496FE513CE889791F51704CCE7BBEB55193E8EC5"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296f"),
hex!("138251CD52AC9298C1C8AAD977321DEB97E709BD0B4CA0ACA55DC8AD51DCFC9D1589A1597E3A5120E1EFD631C63E1835"),
hex!("35351D679659D1E9CE175D7E7E54A99E923BA26E7543F60C54F19C3086D55B22128C7840C8445A96AB60E3FE4D8F1298"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970"),
hex!("077A41D4606FFA1464793C7E5FDC7D98CB9D3910202DCD06BEA4F240D3566DA6B408BBAE5026580D02D7E5C70500C831"),
hex!("366A0835F4F3BD7C82F44169FD5603667ADF4BE37AEEA55A0897B3F123EEE1523DB542931B4A2D6749A0D7A0F5D0E20E"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52971"),
hex!("08D999057BA3D2D969260045C55B97F089025959A6F434D651D207D19FB96E9E4FE0E86EBE0E64F85B96A9C75295DF61"),
hex!("717F0E05A4E4C312484017200292458B4D8A278A43933BC16FB1AFA0DA954BD9A002BC15B2C61DD29EAFE190F56BF17F"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52972"),
hex!("AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"),
hex!("C9E821B569D9D390A26167406D6D23D6070BE242D765EB831625CEEC4A0F473EF59F4E30E2817E6285BCE2846F15F1A0"),
),
];

BIN
vendor/p384/target/package/p384-0.13.1.crate vendored Normal file
View File

Binary file not shown.

0
vendor/p384/target/package/tmp-registry/.cargo-lock vendored Normal file
View File

1
vendor/p384/target/package/tmp-registry/index/p3/84/p384 vendored Normal file
View File

@@ -0,0 +1 @@
{"name":"p384","vers":"0.13.1","deps":[{"name":"ecdsa-core","req":"^0.16","features":["der"],"optional":true,"default_features":false,"target":null,"kind":"normal","registry":"https://github.com/rust-lang/crates.io-index","package":"ecdsa","public":null,"artifact":null,"bindep_target":null,"lib":false},{"name":"elliptic-curve","req":"^0.13","features":["hazmat","sec1"],"optional":false,"default_features":false,"target":null,"kind":"normal","registry":"https://github.com/rust-lang/crates.io-index","package":null,"public":null,"artifact":null,"bindep_target":null,"lib":false},{"name":"hex-literal","req":"^0.3","features":[],"optional":true,"default_features":true,"target":null,"kind":"normal","registry":"https://github.com/rust-lang/crates.io-index","package":null,"public":null,"artifact":null,"bindep_target":null,"lib":false},{"name":"primeorder","req":"^0.13","features":[],"optional":false,"default_features":true,"target":null,"kind":"normal","registry":"https://github.com/rust-lang/crates.io-index","package":null,"public":null,"artifact":null,"bindep_target":null,"lib":false},{"name":"serdect","req":"^0.2","features":[],"optional":true,"default_features":false,"target":null,"kind":"normal","registry":"https://github.com/rust-lang/crates.io-index","package":null,"public":null,"artifact":null,"bindep_target":null,"lib":false},{"name":"sha2","req":"^0.10","features":[],"optional":true,"default_features":false,"target":null,"kind":"normal","registry":"https://github.com/rust-lang/crates.io-index","package":null,"public":null,"artifact":null,"bindep_target":null,"lib":false},{"name":"blobby","req":"^0.3","features":[],"optional":false,"default_features":true,"target":null,"kind":"dev","registry":"https://github.com/rust-lang/crates.io-index","package":null,"public":null,"artifact":null,"bindep_target":null,"lib":false},{"name":"criterion","req":"^0.4","features":[],"optional":false,"default_features":true,"target":null,"kind":"dev","registry":"https://github.com/rust-lang/crates.io-index","package":null,"public":null,"artifact":null,"bindep_target":null,"lib":false},{"name":"ecdsa-core","req":"^0.16","features":["dev"],"optional":false,"default_features":false,"target":null,"kind":"dev","registry":"https://github.com/rust-lang/crates.io-index","package":"ecdsa","public":null,"artifact":null,"bindep_target":null,"lib":false},{"name":"hex-literal","req":"^0.3","features":[],"optional":false,"default_features":true,"target":null,"kind":"dev","registry":"https://github.com/rust-lang/crates.io-index","package":null,"public":null,"artifact":null,"bindep_target":null,"lib":false},{"name":"proptest","req":"^1.1","features":[],"optional":false,"default_features":true,"target":null,"kind":"dev","registry":"https://github.com/rust-lang/crates.io-index","package":null,"public":null,"artifact":null,"bindep_target":null,"lib":false},{"name":"rand_core","req":"^0.6","features":["getrandom"],"optional":false,"default_features":true,"target":null,"kind":"dev","registry":"https://github.com/rust-lang/crates.io-index","package":null,"public":null,"artifact":null,"bindep_target":null,"lib":false}],"features":{"alloc":["ecdsa-core?/alloc","elliptic-curve/alloc"],"arithmetic":["elliptic-curve/arithmetic","elliptic-curve/digest"],"bits":["arithmetic","elliptic-curve/bits"],"default":["arithmetic","ecdh","ecdsa","pem","std"],"digest":["ecdsa-core/digest","ecdsa-core/hazmat"],"ecdh":["arithmetic","elliptic-curve/ecdh"],"ecdsa":["arithmetic","ecdsa-core/signing","ecdsa-core/verifying","sha384"],"expose-field":["arithmetic"],"hash2curve":["arithmetic","elliptic-curve/hash2curve"],"jwk":["elliptic-curve/jwk"],"pem":["elliptic-curve/pem","ecdsa-core/pem","pkcs8"],"pkcs8":["ecdsa-core/pkcs8","elliptic-curve/pkcs8"],"serde":["ecdsa-core/serde","elliptic-curve/serde","serdect"],"sha384":["digest","sha2"],"std":["alloc","ecdsa-core?/std","elliptic-curve/std"],"test-vectors":["hex-literal"],"voprf":["elliptic-curve/voprf","sha2"]},"features2":null,"cksum":"93331f05cb4ec24c131e227cfbf21a4b822b3d8e78272d1cd58af0db5862519c","yanked":null,"links":null,"rust_version":null,"v":2}

BIN
vendor/p384/target/package/tmp-registry/p384-0.13.1.crate vendored Normal file
View File

Binary file not shown.

82
vendor/p384/tests/affine.rs vendored Normal file
View File

@@ -0,0 +1,82 @@
//! Affine arithmetic tests.
#![cfg(all(feature = "arithmetic", feature = "test-vectors"))]
use elliptic_curve::{
group::{prime::PrimeCurveAffine, GroupEncoding},
sec1::{FromEncodedPoint, ToEncodedPoint},
};
use hex_literal::hex;
use p384::{AffinePoint, EncodedPoint};
const UNCOMPRESSED_BASEPOINT: &[u8] = &hex!(
"04 aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98
59f741e0 82542a38 5502f25d bf55296c 3a545e38 72760ab7
3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c
e9da3113 b5f0b8c0 0a60b1ce 1d7e819d 7a431d7c 90ea0e5f"
);
const COMPRESSED_BASEPOINT: &[u8] = &hex!(
"03 aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98
59f741e0 82542a38 5502f25d bf55296c 3a545e38 72760ab7"
);
#[test]
fn uncompressed_round_trip() {
let pubkey = EncodedPoint::from_bytes(UNCOMPRESSED_BASEPOINT).unwrap();
let point = AffinePoint::from_encoded_point(&pubkey).unwrap();
assert_eq!(point, AffinePoint::generator());
let res: EncodedPoint = point.into();
assert_eq!(res, pubkey);
}
#[test]
fn compressed_round_trip() {
let pubkey = EncodedPoint::from_bytes(COMPRESSED_BASEPOINT).unwrap();
let point = AffinePoint::from_encoded_point(&pubkey).unwrap();
assert_eq!(point, AffinePoint::generator());
let res: EncodedPoint = point.to_encoded_point(true);
assert_eq!(res, pubkey);
}
#[test]
fn uncompressed_to_compressed() {
let encoded = EncodedPoint::from_bytes(UNCOMPRESSED_BASEPOINT).unwrap();
let res = AffinePoint::from_encoded_point(&encoded)
.unwrap()
.to_encoded_point(true);
assert_eq!(res.as_bytes(), COMPRESSED_BASEPOINT);
}
#[test]
fn compressed_to_uncompressed() {
let encoded = EncodedPoint::from_bytes(COMPRESSED_BASEPOINT).unwrap();
let res = AffinePoint::from_encoded_point(&encoded)
.unwrap()
.to_encoded_point(false);
assert_eq!(res.as_bytes(), UNCOMPRESSED_BASEPOINT);
}
#[test]
fn affine_negation() {
let basepoint = AffinePoint::generator();
assert_eq!(-(-basepoint), basepoint);
}
#[test]
fn identity_encoding() {
// This is technically an invalid SEC1 encoding, but is preferable to panicking.
assert_eq!([0; 49], AffinePoint::IDENTITY.to_bytes().as_slice());
assert!(bool::from(
AffinePoint::from_bytes(&AffinePoint::IDENTITY.to_bytes())
.unwrap()
.is_identity()
))
}

143
vendor/p384/tests/projective.rs vendored Normal file
View File

@@ -0,0 +1,143 @@
//! Projective arithmetic tests.
#![cfg(all(feature = "arithmetic", feature = "test-vectors"))]
use elliptic_curve::{
sec1::{self, ToEncodedPoint},
PrimeField,
};
use p384::{
test_vectors::group::{ADD_TEST_VECTORS, MUL_TEST_VECTORS},
AffinePoint, ProjectivePoint, Scalar,
};
use primeorder::Double;
/// Assert that the provided projective point matches the given test vector.
// TODO(tarcieri): use coordinate APIs. See zkcrypto/group#30
macro_rules! assert_point_eq {
($actual:expr, $expected:expr) => {
let (expected_x, expected_y) = $expected;
let point = $actual.to_affine().to_encoded_point(false);
let (actual_x, actual_y) = match point.coordinates() {
sec1::Coordinates::Uncompressed { x, y } => (x, y),
_ => unreachable!(),
};
assert_eq!(&expected_x, actual_x.as_slice());
assert_eq!(&expected_y, actual_y.as_slice());
};
}
#[test]
fn affine_to_projective() {
let basepoint_affine = AffinePoint::GENERATOR;
let basepoint_projective = ProjectivePoint::GENERATOR;
assert_eq!(
ProjectivePoint::from(basepoint_affine),
basepoint_projective,
);
assert_eq!(basepoint_projective.to_affine(), basepoint_affine);
assert!(!bool::from(basepoint_projective.to_affine().is_identity()));
assert!(bool::from(
ProjectivePoint::IDENTITY.to_affine().is_identity()
));
}
#[test]
fn projective_identity_addition() {
let identity = ProjectivePoint::IDENTITY;
let generator = ProjectivePoint::GENERATOR;
assert_eq!(identity + &generator, generator);
assert_eq!(generator + &identity, generator);
}
#[test]
fn test_vector_repeated_add() {
let generator = ProjectivePoint::GENERATOR;
let mut p = generator;
for i in 0..ADD_TEST_VECTORS.len() {
assert_point_eq!(p, ADD_TEST_VECTORS[i]);
p += &generator;
}
}
#[test]
fn test_vector_repeated_add_mixed() {
let generator = AffinePoint::GENERATOR;
let mut p = ProjectivePoint::GENERATOR;
for i in 0..ADD_TEST_VECTORS.len() {
assert_point_eq!(p, ADD_TEST_VECTORS[i]);
p += &generator;
}
}
#[test]
fn test_vector_add_mixed_identity() {
let generator = ProjectivePoint::GENERATOR;
let p0 = generator + ProjectivePoint::IDENTITY;
let p1 = generator + AffinePoint::IDENTITY;
assert_eq!(p0, p1);
}
#[test]
fn test_vector_double_generator() {
let generator = ProjectivePoint::GENERATOR;
let mut p = generator;
for i in 0..2 {
assert_point_eq!(p, ADD_TEST_VECTORS[i]);
p = p.double();
}
}
#[test]
fn projective_add_vs_double() {
let generator = ProjectivePoint::GENERATOR;
assert_eq!(generator + &generator, generator.double());
}
#[test]
fn projective_add_and_sub() {
let basepoint_affine = AffinePoint::GENERATOR;
let basepoint_projective = ProjectivePoint::GENERATOR;
assert_eq!(
(basepoint_projective + &basepoint_projective) - &basepoint_projective,
basepoint_projective
);
assert_eq!(
(basepoint_projective + &basepoint_affine) - &basepoint_affine,
basepoint_projective
);
}
#[test]
fn projective_double_and_sub() {
let generator = ProjectivePoint::GENERATOR;
assert_eq!(generator.double() - &generator, generator);
}
#[test]
fn test_vector_scalar_mult() {
let generator = ProjectivePoint::GENERATOR;
for (k, coords) in ADD_TEST_VECTORS
.iter()
.enumerate()
.map(|(k, coords)| (Scalar::from(k as u64 + 1), *coords))
.chain(
MUL_TEST_VECTORS
.iter()
.cloned()
.map(|(k, x, y)| (Scalar::from_repr(k.into()).unwrap(), (x, y))),
)
{
let p = generator * &k;
assert_point_eq!(p, coords);
}
}