studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity

chore: checkpoint before Python removal

Browse Source
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-26 22:33:59 +00:00
parent 683cec9307
commit e568ddf82a
29972 changed files with 11269302 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
vendor/p384/src/arithmetic.rs vendored Normal file
View File

@@ -0,0 +1,64 @@
//! Pure Rust implementation of group operations on secp384r1.
//!
//! Curve parameters can be found in [NIST SP 800-186] § G.1.3: Curve P-384.
//!
//! [NIST SP 800-186]: https://csrc.nist.gov/publications/detail/sp/800-186/final
#[macro_use]
mod macros;
pub(crate) mod field;
#[cfg(feature = "hash2curve")]
mod hash2curve;
pub(crate) mod scalar;
use self::{field::FieldElement, scalar::Scalar};
use crate::NistP384;
use elliptic_curve::{CurveArithmetic, PrimeCurveArithmetic};
use primeorder::{point_arithmetic, PrimeCurveParams};
/// Elliptic curve point in affine coordinates.
pub type AffinePoint = primeorder::AffinePoint<NistP384>;
/// Elliptic curve point in projective coordinates.
pub type ProjectivePoint = primeorder::ProjectivePoint<NistP384>;
impl CurveArithmetic for NistP384 {
type AffinePoint = AffinePoint;
type ProjectivePoint = ProjectivePoint;
type Scalar = Scalar;
}
impl PrimeCurveArithmetic for NistP384 {
type CurveGroup = ProjectivePoint;
}
/// Adapted from [NIST SP 800-186] § G.1.3: Curve P-384.
///
/// [NIST SP 800-186]: https://csrc.nist.gov/publications/detail/sp/800-186/final
impl PrimeCurveParams for NistP384 {
type FieldElement = FieldElement;
type PointArithmetic = point_arithmetic::EquationAIsMinusThree;
/// a = -3 (0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc)
const EQUATION_A: FieldElement = FieldElement::from_u64(3).neg();
/// b = b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112
/// 0314088f 5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef
const EQUATION_B: FieldElement = FieldElement::from_hex("b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef");
/// Base point of P-384.
///
/// Defined in NIST SP 800-186 § G.1.3: Curve P-384.
///
/// ```text
/// Gₓ = aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98
/// 59f741e0 82542a38 5502f25d bf55296c 3a545e38 72760ab7
/// Gᵧ = 3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c
/// e9da3113 b5f0b8c0 0a60b1ce 1d7e819d 7a431d7c 90ea0e5f
/// ```
const GENERATOR: (FieldElement, FieldElement) = (
FieldElement::from_hex("aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"),
FieldElement::from_hex("3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"),
);
}

195
vendor/p384/src/arithmetic/field.rs vendored Normal file
View File

@@ -0,0 +1,195 @@
//! Field arithmetic modulo p = 2^{384} 2^{128} 2^{96} + 2^{32} 1
//!
//! Arithmetic implementations are extracted Rust code from the Coq fiat-crypto
//! libraries.
//!
//! # License
//!
//! Copyright (c) 2015-2020 the fiat-crypto authors
//!
//! fiat-crypto is distributed under the terms of the MIT License, the
//! Apache License (Version 2.0), and the BSD 1-Clause License;
//! users may pick which license to apply.
#![allow(
clippy::should_implement_trait,
clippy::suspicious_op_assign_impl,
clippy::unused_unit,
clippy::unnecessary_cast,
clippy::too_many_arguments,
clippy::identity_op
)]
#[cfg_attr(target_pointer_width = "32", path = "field/p384_32.rs")]
#[cfg_attr(target_pointer_width = "64", path = "field/p384_64.rs")]
mod field_impl;
use self::field_impl::*;
use crate::{FieldBytes, NistP384};
use core::{
iter::{Product, Sum},
ops::{AddAssign, MulAssign, Neg, SubAssign},
};
use elliptic_curve::{
bigint::{self, Limb, U384},
ff::PrimeField,
subtle::{Choice, ConstantTimeEq, CtOption},
};
/// Constant representing the modulus
/// p = 2^{384} 2^{128} 2^{96} + 2^{32} 1
pub(crate) const MODULUS: U384 = U384::from_be_hex(FieldElement::MODULUS);
/// Element of the secp384r1 base field used for curve coordinates.
#[derive(Clone, Copy, Debug)]
pub struct FieldElement(pub(super) U384);
primeorder::impl_mont_field_element!(
NistP384,
FieldElement,
FieldBytes,
U384,
MODULUS,
fiat_p384_montgomery_domain_field_element,
fiat_p384_from_montgomery,
fiat_p384_to_montgomery,
fiat_p384_add,
fiat_p384_sub,
fiat_p384_mul,
fiat_p384_opp,
fiat_p384_square
);
impl FieldElement {
/// Compute [`FieldElement`] inversion: `1 / self`.
pub fn invert(&self) -> CtOption<Self> {
CtOption::new(self.invert_unchecked(), !self.is_zero())
}
/// Returns the multiplicative inverse of self.
///
/// Does not check that self is non-zero.
const fn invert_unchecked(&self) -> Self {
let words = impl_field_invert!(
self.to_canonical().as_words(),
Self::ONE.0.to_words(),
Limb::BITS,
bigint::nlimbs!(U384::BITS),
fiat_p384_mul,
fiat_p384_opp,
fiat_p384_divstep_precomp,
fiat_p384_divstep,
fiat_p384_msat,
fiat_p384_selectznz,
);
Self(U384::from_words(words))
}
/// Returns the square root of self mod p, or `None` if no square root
/// exists.
pub fn sqrt(&self) -> CtOption<Self> {
// p mod 4 = 3 -> compute sqrt(x) using x^((p+1)/4) =
// x^9850501549098619803069760025035903451269934817616361666987073351061430442874217582261816522064734500465401743278080
let t1 = *self;
let t10 = t1.square();
let t11 = t1 * t10;
let t110 = t11.square();
let t111 = t1 * t110;
let t111000 = t111.sqn(3);
let t111111 = t111 * t111000;
let t1111110 = t111111.square();
let t1111111 = t1 * t1111110;
let x12 = t1111110.sqn(5) * t111111;
let x24 = x12.sqn(12) * x12;
let x31 = x24.sqn(7) * t1111111;
let x32 = x31.square() * t1;
let x63 = x32.sqn(31) * x31;
let x126 = x63.sqn(63) * x63;
let x252 = x126.sqn(126) * x126;
let x255 = x252.sqn(3) * t111;
let x = ((x255.sqn(33) * x32).sqn(64) * t1).sqn(30);
CtOption::new(x, x.square().ct_eq(&t1))
}
/// Returns self^(2^n) mod p.
fn sqn(&self, n: usize) -> Self {
let mut x = *self;
for _ in 0..n {
x = x.square();
}
x
}
}
impl PrimeField for FieldElement {
type Repr = FieldBytes;
const MODULUS: &'static str = "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff";
const NUM_BITS: u32 = 384;
const CAPACITY: u32 = 383;
const TWO_INV: Self = Self::from_u64(2).invert_unchecked();
const MULTIPLICATIVE_GENERATOR: Self = Self::from_u64(19);
const S: u32 = 1;
const ROOT_OF_UNITY: Self = Self::from_hex("fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe");
const ROOT_OF_UNITY_INV: Self = Self::ROOT_OF_UNITY.invert_unchecked();
const DELTA: Self = Self::from_u64(49);
#[inline]
fn from_repr(bytes: FieldBytes) -> CtOption<Self> {
Self::from_bytes(&bytes)
}
#[inline]
fn to_repr(&self) -> FieldBytes {
self.to_bytes()
}
#[inline]
fn is_odd(&self) -> Choice {
self.is_odd()
}
}
#[cfg(test)]
mod tests {
use super::FieldElement;
use elliptic_curve::ff::PrimeField;
use primeorder::impl_primefield_tests;
/// t = (modulus - 1) >> S
const T: [u64; 6] = [
0x000000007fffffff,
0x7fffffff80000000,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x7fffffffffffffff,
];
impl_primefield_tests!(FieldElement, T);
/// Basic tests that field inversion works.
#[test]
fn invert() {
let one = FieldElement::ONE;
assert_eq!(one.invert().unwrap(), one);
let three = one + &one + &one;
let inv_three = three.invert().unwrap();
assert_eq!(three * &inv_three, one);
let minus_three = -three;
let inv_minus_three = minus_three.invert().unwrap();
assert_eq!(inv_minus_three, -inv_three);
assert_eq!(three * &inv_minus_three, -one);
}
#[test]
fn sqrt() {
let one = FieldElement::ONE;
let two = one + &one;
let four = two.square();
assert_eq!(four.sqrt().unwrap(), two);
}
}

4062
vendor/p384/src/arithmetic/field/p384_32.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1798
vendor/p384/src/arithmetic/field/p384_64.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

326
vendor/p384/src/arithmetic/hash2curve.rs vendored Normal file
View File

@@ -0,0 +1,326 @@
use super::FieldElement;
use crate::{AffinePoint, FieldBytes, NistP384, ProjectivePoint, Scalar};
use elliptic_curve::{
bigint::{ArrayEncoding, U384},
consts::U72,
generic_array::GenericArray,
hash2curve::{FromOkm, GroupDigest, MapToCurve, OsswuMap, OsswuMapParams, Sgn0},
ops::Reduce,
point::DecompressPoint,
subtle::Choice,
};
impl GroupDigest for NistP384 {
type FieldElement = FieldElement;
}
impl FromOkm for FieldElement {
type Length = U72;
fn from_okm(data: &GenericArray<u8, Self::Length>) -> Self {
const F_2_288: FieldElement = FieldElement::from_hex(
"000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000",
);
let mut d0 = FieldBytes::default();
d0[12..].copy_from_slice(&data[0..36]);
let d0 = FieldElement::from_uint_unchecked(U384::from_be_byte_array(d0));
let mut d1 = FieldBytes::default();
d1[12..].copy_from_slice(&data[36..]);
let d1 = FieldElement::from_uint_unchecked(U384::from_be_byte_array(d1));
d0 * F_2_288 + d1
}
}
impl Sgn0 for FieldElement {
fn sgn0(&self) -> Choice {
self.is_odd()
}
}
impl OsswuMap for FieldElement {
const PARAMS: OsswuMapParams<Self> = OsswuMapParams {
c1: &[
0x0000_0000_3fff_ffff,
0xbfff_ffff_c000_0000,
0xffff_ffff_ffff_ffff,
0xffff_ffff_ffff_ffff,
0xffff_ffff_ffff_ffff,
0x3fff_ffff_ffff_ffff,
],
c2: FieldElement::from_hex(
"019877cc1041b7555743c0ae2e3a3e61fb2aaa2e0e87ea557a563d8b598a0940d0a697a9e0b9e92cfaa314f583c9d066",
),
map_a: FieldElement::from_hex(
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc",
),
map_b: FieldElement::from_hex(
"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef",
),
z: FieldElement::from_hex(
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffff3",
),
};
}
impl MapToCurve for FieldElement {
type Output = ProjectivePoint;
fn map_to_curve(&self) -> Self::Output {
let (qx, qy) = self.osswu();
// TODO(tarcieri): assert that `qy` is correct? less circuitous conversion?
AffinePoint::decompress(&qx.to_bytes(), qy.is_odd())
.unwrap()
.into()
}
}
impl FromOkm for Scalar {
type Length = U72;
fn from_okm(data: &GenericArray<u8, Self::Length>) -> Self {
const F_2_288: Scalar = Scalar::from_hex(
"000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000",
);
let mut d0 = FieldBytes::default();
d0[12..].copy_from_slice(&data[0..36]);
let d0 = Scalar::reduce(U384::from_be_byte_array(d0));
let mut d1 = FieldBytes::default();
d1[12..].copy_from_slice(&data[36..]);
let d1 = Scalar::reduce(U384::from_be_byte_array(d1));
d0 * F_2_288 + d1
}
}
#[cfg(test)]
mod tests {
use crate::{FieldElement, NistP384, Scalar};
use elliptic_curve::{
bigint::{ArrayEncoding, NonZero, U384, U576},
consts::U72,
generic_array::GenericArray,
group::cofactor::CofactorGroup,
hash2curve::{self, ExpandMsgXmd, FromOkm, GroupDigest, MapToCurve},
ops::Reduce,
sec1::{self, ToEncodedPoint},
Curve,
};
use hex_literal::hex;
use proptest::{num::u64::ANY, prelude::ProptestConfig, proptest};
use sha2::Sha384;
#[test]
fn hash_to_curve() {
struct TestVector {
msg: &'static [u8],
p_x: [u8; 48],
p_y: [u8; 48],
u_0: [u8; 48],
u_1: [u8; 48],
q0_x: [u8; 48],
q0_y: [u8; 48],
q1_x: [u8; 48],
q1_y: [u8; 48],
}
const DST: &[u8] = b"QUUX-V01-CS02-with-P384_XMD:SHA-384_SSWU_RO_";
const TEST_VECTORS: &[TestVector] = &[
TestVector {
msg: b"",
p_x: hex!("eb9fe1b4f4e14e7140803c1d99d0a93cd823d2b024040f9c067a8eca1f5a2eeac9ad604973527a356f3fa3aeff0e4d83"),
p_y: hex!("0c21708cff382b7f4643c07b105c2eaec2cead93a917d825601e63c8f21f6abd9abc22c93c2bed6f235954b25048bb1a"),
u_0: hex!("25c8d7dc1acd4ee617766693f7f8829396065d1b447eedb155871feffd9c6653279ac7e5c46edb7010a0e4ff64c9f3b4"),
u_1: hex!("59428be4ed69131df59a0c6a8e188d2d4ece3f1b2a3a02602962b47efa4d7905945b1e2cc80b36aa35c99451073521ac"),
q0_x: hex!("e4717e29eef38d862bee4902a7d21b44efb58c464e3e1f0d03894d94de310f8ffc6de86786dd3e15a1541b18d4eb2846"),
q0_y: hex!("6b95a6e639822312298a47526bb77d9cd7bcf76244c991c8cd70075e2ee6e8b9a135c4a37e3c0768c7ca871c0ceb53d4"),
q1_x: hex!("509527cfc0750eedc53147e6d5f78596c8a3b7360e0608e2fab0563a1670d58d8ae107c9f04bcf90e89489ace5650efd"),
q1_y: hex!("33337b13cb35e173fdea4cb9e8cce915d836ff57803dbbeb7998aa49d17df2ff09b67031773039d09fbd9305a1566bc4"),
},
TestVector {
msg: b"abc",
p_x: hex!("e02fc1a5f44a7519419dd314e29863f30df55a514da2d655775a81d413003c4d4e7fd59af0826dfaad4200ac6f60abe1"),
p_y: hex!("01f638d04d98677d65bef99aef1a12a70a4cbb9270ec55248c04530d8bc1f8f90f8a6a859a7c1f1ddccedf8f96d675f6"),
u_0: hex!("53350214cb6bef0b51abb791b1c4209a2b4c16a0c67e1ab1401017fad774cd3b3f9a8bcdf7f6229dd8dd5a075cb149a0"),
u_1: hex!("c0473083898f63e03f26f14877a2407bd60c75ad491e7d26cbc6cc5ce815654075ec6b6898c7a41d74ceaf720a10c02e"),
q0_x: hex!("fc853b69437aee9a19d5acf96a4ee4c5e04cf7b53406dfaa2afbdd7ad2351b7f554e4bbc6f5db4177d4d44f933a8f6ee"),
q0_y: hex!("7e042547e01834c9043b10f3a8221c4a879cb156f04f72bfccab0c047a304e30f2aa8b2e260d34c4592c0c33dd0c6482"),
q1_x: hex!("57912293709b3556b43a2dfb137a315d256d573b82ded120ef8c782d607c05d930d958e50cb6dc1cc480b9afc38c45f1"),
q1_y: hex!("de9387dab0eef0bda219c6f168a92645a84665c4f2137c14270fb424b7532ff84843c3da383ceea24c47fa343c227bb8"),
},
TestVector {
msg: b"abcdef0123456789",
p_x: hex!("bdecc1c1d870624965f19505be50459d363c71a699a496ab672f9a5d6b78676400926fbceee6fcd1780fe86e62b2aa89"),
p_y: hex!("57cf1f99b5ee00f3c201139b3bfe4dd30a653193778d89a0accc5e0f47e46e4e4b85a0595da29c9494c1814acafe183c"),
u_0: hex!("aab7fb87238cf6b2ab56cdcca7e028959bb2ea599d34f68484139dde85ec6548a6e48771d17956421bdb7790598ea52e"),
u_1: hex!("26e8d833552d7844d167833ca5a87c35bcfaa5a0d86023479fb28e5cd6075c18b168bf1f5d2a0ea146d057971336d8d1"),
q0_x: hex!("0ceece45b73f89844671df962ad2932122e878ad2259e650626924e4e7f132589341dec1480ebcbbbe3509d11fb570b7"),
q0_y: hex!("fafd71a3115298f6be4ae5c6dfc96c400cfb55760f185b7b03f3fa45f3f91eb65d27628b3c705cafd0466fafa54883ce"),
q1_x: hex!("dea1be8d3f9be4cbf4fab9d71d549dde76875b5d9b876832313a083ec81e528cbc2a0a1d0596b3bcb0ba77866b129776"),
q1_y: hex!("eb15fe71662214fb03b65541f40d3eb0f4cf5c3b559f647da138c9f9b7484c48a08760e02c16f1992762cb7298fa52cf"),
},
TestVector {
msg: b"q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq",
p_x: hex!("03c3a9f401b78c6c36a52f07eeee0ec1289f178adf78448f43a3850e0456f5dd7f7633dd31676d990eda32882ab486c0"),
p_y: hex!("cc183d0d7bdfd0a3af05f50e16a3f2de4abbc523215bf57c848d5ea662482b8c1f43dc453a93b94a8026db58f3f5d878"),
u_0: hex!("04c00051b0de6e726d228c85bf243bf5f4789efb512b22b498cde3821db9da667199b74bd5a09a79583c6d353a3bb41c"),
u_1: hex!("97580f218255f899f9204db64cd15e6a312cb4d8182375d1e5157c8f80f41d6a1a4b77fb1ded9dce56c32058b8d5202b"),
q0_x: hex!("051a22105e0817a35d66196338c8d85bd52690d79bba373ead8a86dd9899411513bb9f75273f6483395a7847fb21edb4"),
q0_y: hex!("f168295c1bbcff5f8b01248e9dbc885335d6d6a04aea960f7384f746ba6502ce477e624151cc1d1392b00df0f5400c06"),
q1_x: hex!("6ad7bc8ed8b841efd8ad0765c8a23d0b968ec9aa360a558ff33500f164faa02bee6c704f5f91507c4c5aad2b0dc5b943"),
q1_y: hex!("47313cc0a873ade774048338fc34ca5313f96bbf6ae22ac6ef475d85f03d24792dc6afba8d0b4a70170c1b4f0f716629"),
},
TestVector {
msg: b"a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
p_x: hex!("7b18d210b1f090ac701f65f606f6ca18fb8d081e3bc6cbd937c5604325f1cdea4c15c10a54ef303aabf2ea58bd9947a4"),
p_y: hex!("ea857285a33abb516732915c353c75c576bf82ccc96adb63c094dde580021eddeafd91f8c0bfee6f636528f3d0c47fd2"),
u_0: hex!("480cb3ac2c389db7f9dac9c396d2647ae946db844598971c26d1afd53912a1491199c0a5902811e4b809c26fcd37a014"),
u_1: hex!("d28435eb34680e148bf3908536e42231cba9e1f73ae2c6902a222a89db5c49c97db2f8fa4d4cd6e424b17ac60bdb9bb6"),
q0_x: hex!("42e6666f505e854187186bad3011598d9278b9d6e3e4d2503c3d236381a56748dec5d139c223129b324df53fa147c4df"),
q0_y: hex!("8ee51dbda46413bf621838cc935d18d617881c6f33f3838a79c767a1e5618e34b22f79142df708d2432f75c7366c8512"),
q1_x: hex!("4ff01ceeba60484fa1bc0d825fe1e5e383d8f79f1e5bb78e5fb26b7a7ef758153e31e78b9d60ce75c5e32e43869d4e12"),
q1_y: hex!("0f84b978fac8ceda7304b47e229d6037d32062e597dc7a9b95bcd9af441f3c56c619a901d21635f9ec6ab4710b9fcd0e"),
},
];
for test_vector in TEST_VECTORS {
// in parts
let mut u = [FieldElement::default(), FieldElement::default()];
hash2curve::hash_to_field::<ExpandMsgXmd<Sha384>, FieldElement>(
&[test_vector.msg],
&[DST],
&mut u,
)
.unwrap();
/// Assert that the provided projective point matches the given test vector.
// TODO(tarcieri): use coordinate APIs. See zkcrypto/group#30
macro_rules! assert_point_eq {
($actual:expr, $expected_x:expr, $expected_y:expr) => {
let point = $actual.to_affine().to_encoded_point(false);
let (actual_x, actual_y) = match point.coordinates() {
sec1::Coordinates::Uncompressed { x, y } => (x, y),
_ => unreachable!(),
};
assert_eq!(&$expected_x, actual_x.as_slice());
assert_eq!(&$expected_y, actual_y.as_slice());
};
}
assert_eq!(u[0].to_bytes().as_slice(), test_vector.u_0);
assert_eq!(u[1].to_bytes().as_slice(), test_vector.u_1);
let q0 = u[0].map_to_curve();
assert_point_eq!(q0, test_vector.q0_x, test_vector.q0_y);
let q1 = u[1].map_to_curve();
assert_point_eq!(q1, test_vector.q1_x, test_vector.q1_y);
let p = q0.clear_cofactor() + q1.clear_cofactor();
assert_point_eq!(p, test_vector.p_x, test_vector.p_y);
// complete run
let pt = NistP384::hash_from_bytes::<ExpandMsgXmd<Sha384>>(&[test_vector.msg], &[DST])
.unwrap();
assert_point_eq!(pt, test_vector.p_x, test_vector.p_y);
}
}
/// Taken from <https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-16.html#name-oprfp-384-sha-384-2>.
#[test]
fn hash_to_scalar_voprf() {
struct TestVector {
dst: &'static [u8],
key_info: &'static [u8],
seed: &'static [u8],
sk_sm: &'static [u8],
}
const TEST_VECTORS: &[TestVector] = &[
TestVector {
dst: b"DeriveKeyPairVOPRF10-\x00\x00\x04",
key_info: b"test key",
seed: &hex!("a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3"),
sk_sm: &hex!("c0503759ddd1e31d8c7eae9304c9b1c16f83d1f6d962e3e7b789cd85fd581800e96c5c4256131aafcff9a76919abbd55"),
},
TestVector {
dst: b"DeriveKeyPairVOPRF10-\x01\x00\x04",
key_info: b"test key",
seed: &hex!("a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3"),
sk_sm: &hex!("514fb6fe2e66af1383840759d56f71730331280f062930ee2a2f7ea42f935acf94087355699d788abfdf09d19a5c85ac"),
},
TestVector {
dst: b"DeriveKeyPairVOPRF10-\x02\x00\x04",
key_info: b"test key",
seed: &hex!("a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3"),
sk_sm: &hex!("0fcba4a204f67d6c13f780e613915f755319aaa3cb03cd20a5a4a6c403a4812a4fff5d3223e2c309aa66b05cb7611fd4"),
},
];
'outer: for test_vector in TEST_VECTORS {
let key_info_len = u16::try_from(test_vector.key_info.len())
.unwrap()
.to_be_bytes();
for counter in 0_u8..=u8::MAX {
let scalar = NistP384::hash_to_scalar::<ExpandMsgXmd<Sha384>>(
&[
test_vector.seed,
&key_info_len,
test_vector.key_info,
&counter.to_be_bytes(),
],
&[test_vector.dst],
)
.unwrap();
if !bool::from(scalar.is_zero()) {
assert_eq!(scalar.to_bytes().as_slice(), test_vector.sk_sm);
continue 'outer;
}
}
panic!("deriving key failed");
}
}
#[test]
fn from_okm_fuzz() {
let mut wide_order = GenericArray::default();
wide_order[24..].copy_from_slice(&NistP384::ORDER.to_be_byte_array());
let wide_order = NonZero::new(U576::from_be_byte_array(wide_order)).unwrap();
let simple_from_okm = move |data: GenericArray<u8, U72>| -> Scalar {
let data = U576::from_be_slice(&data);
let scalar = data % wide_order;
let reduced_scalar = U384::from_be_slice(&scalar.to_be_byte_array()[24..]);
Scalar::reduce(reduced_scalar)
};
proptest!(ProptestConfig::with_cases(1000), |(b0 in ANY, b1 in ANY, b2 in ANY, b3 in ANY, b4 in ANY, b5 in ANY, b6 in ANY, b7 in ANY, b8 in ANY)| {
let mut data = GenericArray::default();
data[..8].copy_from_slice(&b0.to_be_bytes());
data[8..16].copy_from_slice(&b1.to_be_bytes());
data[16..24].copy_from_slice(&b2.to_be_bytes());
data[24..32].copy_from_slice(&b3.to_be_bytes());
data[32..40].copy_from_slice(&b4.to_be_bytes());
data[40..48].copy_from_slice(&b5.to_be_bytes());
data[48..56].copy_from_slice(&b6.to_be_bytes());
data[56..64].copy_from_slice(&b7.to_be_bytes());
data[64..].copy_from_slice(&b8.to_be_bytes());
let from_okm = Scalar::from_okm(&data);
let simple_from_okm = simple_from_okm(data);
assert_eq!(from_okm, simple_from_okm);
});
}
}

51
vendor/p384/src/arithmetic/macros.rs vendored Normal file
View File

@@ -0,0 +1,51 @@
/// Implement field element inversion.
macro_rules! impl_field_invert {
(
$a:expr,
$one:expr,
$word_bits:expr,
$nlimbs:expr,
$mul:ident,
$neg:ident,
$divstep_precomp:ident,
$divstep:ident,
$msat:ident,
$selectznz:ident,
) => {{
const ITERATIONS: usize = (49 * $nlimbs * $word_bits + 57) / 17;
let mut d = 1;
let mut f = $msat();
let mut g = [0; $nlimbs + 1];
let mut v = [0; $nlimbs];
let mut r = $one;
let mut i = 0;
let mut j = 0;
while j < $nlimbs {
g[j] = $a[j];
j += 1;
}
while i < ITERATIONS - ITERATIONS % 2 {
let (out1, out2, out3, out4, out5) = $divstep(d, &f, &g, &v, &r);
let (out1, out2, out3, out4, out5) = $divstep(out1, &out2, &out3, &out4, &out5);
d = out1;
f = out2;
g = out3;
v = out4;
r = out5;
i += 2;
}
if ITERATIONS % 2 != 0 {
let (_out1, out2, _out3, out4, _out5) = $divstep(d, &f, &g, &v, &r);
v = out4;
f = out2;
}
let s = ((f[f.len() - 1] >> $word_bits - 1) & 1) as u8;
let v = $selectznz(s, &v, &$neg(&v));
$mul(&v, &$divstep_precomp())
}};
}

430
vendor/p384/src/arithmetic/scalar.rs vendored Normal file
View File

@@ -0,0 +1,430 @@
//! secp384r1 scalar field elements.
#![allow(clippy::unusual_byte_groupings)]
#[cfg_attr(target_pointer_width = "32", path = "scalar/p384_scalar_32.rs")]
#[cfg_attr(target_pointer_width = "64", path = "scalar/p384_scalar_64.rs")]
#[allow(
clippy::identity_op,
clippy::too_many_arguments,
clippy::unnecessary_cast
)]
mod scalar_impl;
use self::scalar_impl::*;
use crate::{FieldBytes, NistP384, SecretKey, ORDER_HEX, U384};
use core::{
iter::{Product, Sum},
ops::{AddAssign, MulAssign, Neg, Shr, ShrAssign, SubAssign},
};
use elliptic_curve::{
bigint::{self, ArrayEncoding, Limb},
ff::PrimeField,
ops::{Invert, Reduce},
scalar::{FromUintUnchecked, IsHigh},
subtle::{Choice, ConditionallySelectable, ConstantTimeEq, ConstantTimeGreater, CtOption},
Curve as _, Error, Result, ScalarPrimitive,
};
#[cfg(feature = "bits")]
use {crate::ScalarBits, elliptic_curve::group::ff::PrimeFieldBits};
#[cfg(feature = "serde")]
use serdect::serde::{de, ser, Deserialize, Serialize};
#[cfg(doc)]
use core::ops::{Add, Mul, Sub};
/// Scalars are elements in the finite field modulo `n`.
///
/// # Trait impls
///
/// Much of the important functionality of scalars is provided by traits from
/// the [`ff`](https://docs.rs/ff/) crate, which is re-exported as
/// `p384::elliptic_curve::ff`:
///
/// - [`Field`](https://docs.rs/ff/latest/ff/trait.Field.html) -
/// represents elements of finite fields and provides:
/// - [`Field::random`](https://docs.rs/ff/latest/ff/trait.Field.html#tymethod.random) -
/// generate a random scalar
/// - `double`, `square`, and `invert` operations
/// - Bounds for [`Add`], [`Sub`], [`Mul`], and [`Neg`] (as well as `*Assign` equivalents)
/// - Bounds for [`ConditionallySelectable`] from the `subtle` crate
/// - [`PrimeField`](https://docs.rs/ff/latest/ff/trait.PrimeField.html) -
/// represents elements of prime fields and provides:
/// - `from_repr`/`to_repr` for converting field elements from/to big integers.
/// - `multiplicative_generator` and `root_of_unity` constants.
/// - [`PrimeFieldBits`](https://docs.rs/ff/latest/ff/trait.PrimeFieldBits.html) -
/// operations over field elements represented as bits (requires `bits` feature)
///
/// Please see the documentation for the relevant traits for more information.
///
/// # `serde` support
///
/// When the `serde` feature of this crate is enabled, the `Serialize` and
/// `Deserialize` traits are impl'd for this type.
///
/// The serialization is a fixed-width big endian encoding. When used with
/// textual formats, the binary data is encoded as hexadecimal.
#[derive(Clone, Copy, Debug, PartialOrd, Ord)]
pub struct Scalar(U384);
primeorder::impl_mont_field_element!(
NistP384,
Scalar,
FieldBytes,
U384,
NistP384::ORDER,
fiat_p384_scalar_montgomery_domain_field_element,
fiat_p384_scalar_from_montgomery,
fiat_p384_scalar_to_montgomery,
fiat_p384_scalar_add,
fiat_p384_scalar_sub,
fiat_p384_scalar_mul,
fiat_p384_scalar_opp,
fiat_p384_scalar_square
);
impl Scalar {
/// Compute [`Scalar`] inversion: `1 / self`.
pub fn invert(&self) -> CtOption<Self> {
CtOption::new(self.invert_unchecked(), !self.is_zero())
}
/// Returns the multiplicative inverse of self.
///
/// Does not check that self is non-zero.
const fn invert_unchecked(&self) -> Self {
let words = impl_field_invert!(
self.to_canonical().as_words(),
Self::ONE.0.to_words(),
Limb::BITS,
bigint::nlimbs!(U384::BITS),
fiat_p384_scalar_mul,
fiat_p384_scalar_opp,
fiat_p384_scalar_divstep_precomp,
fiat_p384_scalar_divstep,
fiat_p384_scalar_msat,
fiat_p384_scalar_selectznz,
);
Self(U384::from_words(words))
}
/// Compute modular square root.
pub fn sqrt(&self) -> CtOption<Self> {
// p mod 4 = 3 -> compute sqrt(x) using x^((p+1)/4) =
// x^9850501549098619803069760025035903451269934817616361666986726319906914849778315892349739077038073728388608413485661
let t1 = *self;
let t10 = t1.square();
let t11 = *self * t10;
let t101 = t10 * t11;
let t111 = t10 * t101;
let t1001 = t10 * t111;
let t1011 = t10 * t1001;
let t1101 = t10 * t1011;
let t1111 = t10 * t1101;
let t11110 = t1111.square();
let t11111 = t1 * t11110;
let t1111100 = t11111.sqn(2);
let t11111000 = t1111100.square();
let i14 = t11111000.square();
let i20 = i14.sqn(5) * i14;
let i31 = i20.sqn(10) * i20;
let i58 = (i31.sqn(4) * t11111000).sqn(21) * i31;
let i110 = (i58.sqn(3) * t1111100).sqn(47) * i58;
let x194 = i110.sqn(95) * i110 * t1111;
let i225 = ((x194.sqn(6) * t111).sqn(3) * t11).sqn(7);
let i235 = ((t1101 * i225).sqn(6) * t1101).square() * t1;
let i258 = ((i235.sqn(11) * t11111).sqn(2) * t1).sqn(8);
let i269 = ((t1101 * i258).sqn(2) * t11).sqn(6) * t1011;
let i286 = ((i269.sqn(4) * t111).sqn(6) * t11111).sqn(5);
let i308 = ((t1011 * i286).sqn(10) * t1101).sqn(9) * t1101;
let i323 = ((i308.sqn(4) * t1011).sqn(6) * t1001).sqn(3);
let i340 = ((t1 * i323).sqn(7) * t1011).sqn(7) * t101;
let i357 = ((i340.sqn(5) * t111).sqn(5) * t1111).sqn(5);
let i369 = ((t1011 * i357).sqn(4) * t1011).sqn(5) * t111;
let i387 = ((i369.sqn(3) * t11).sqn(7) * t11).sqn(6);
let i397 = ((t1011 * i387).sqn(4) * t101).sqn(3) * t11;
let i413 = ((i397.sqn(4) * t11).sqn(4) * t11).sqn(6);
let i427 = ((t101 * i413).sqn(5) * t101).sqn(6) * t1011;
let x = i427.sqn(3) * t101;
CtOption::new(x, x.square().ct_eq(&t1))
}
fn sqn(&self, n: usize) -> Self {
let mut x = *self;
for _ in 0..n {
x = x.square();
}
x
}
/// Right shifts the scalar.
///
/// Note: not constant-time with respect to the `shift` parameter.
pub const fn shr_vartime(&self, shift: usize) -> Scalar {
Self(self.0.shr_vartime(shift))
}
}
impl AsRef<Scalar> for Scalar {
fn as_ref(&self) -> &Scalar {
self
}
}
impl FromUintUnchecked for Scalar {
type Uint = U384;
fn from_uint_unchecked(uint: Self::Uint) -> Self {
Self::from_uint_unchecked(uint)
}
}
impl Invert for Scalar {
type Output = CtOption<Self>;
fn invert(&self) -> CtOption<Self> {
self.invert()
}
}
impl IsHigh for Scalar {
fn is_high(&self) -> Choice {
const MODULUS_SHR1: U384 = NistP384::ORDER.shr_vartime(1);
self.to_canonical().ct_gt(&MODULUS_SHR1)
}
}
impl Shr<usize> for Scalar {
type Output = Self;
fn shr(self, rhs: usize) -> Self::Output {
self.shr_vartime(rhs)
}
}
impl Shr<usize> for &Scalar {
type Output = Scalar;
fn shr(self, rhs: usize) -> Self::Output {
self.shr_vartime(rhs)
}
}
impl ShrAssign<usize> for Scalar {
fn shr_assign(&mut self, rhs: usize) {
*self = *self >> rhs;
}
}
impl PrimeField for Scalar {
type Repr = FieldBytes;
const MODULUS: &'static str = ORDER_HEX;
const CAPACITY: u32 = 383;
const NUM_BITS: u32 = 384;
const TWO_INV: Self = Self::from_u64(2).invert_unchecked();
const MULTIPLICATIVE_GENERATOR: Self = Self::from_u64(2);
const S: u32 = 1;
const ROOT_OF_UNITY: Self = Self::from_hex("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52972");
const ROOT_OF_UNITY_INV: Self = Self::ROOT_OF_UNITY.invert_unchecked();
const DELTA: Self = Self::from_u64(4);
#[inline]
fn from_repr(bytes: FieldBytes) -> CtOption<Self> {
Self::from_bytes(&bytes)
}
#[inline]
fn to_repr(&self) -> FieldBytes {
self.to_bytes()
}
#[inline]
fn is_odd(&self) -> Choice {
self.is_odd()
}
}
#[cfg(feature = "bits")]
impl PrimeFieldBits for Scalar {
type ReprBits = fiat_p384_scalar_montgomery_domain_field_element;
fn to_le_bits(&self) -> ScalarBits {
self.to_canonical().to_words().into()
}
fn char_le_bits() -> ScalarBits {
NistP384::ORDER.to_words().into()
}
}
impl Reduce<U384> for Scalar {
type Bytes = FieldBytes;
fn reduce(w: U384) -> Self {
let (r, underflow) = w.sbb(&NistP384::ORDER, Limb::ZERO);
let underflow = Choice::from((underflow.0 >> (Limb::BITS - 1)) as u8);
Self::from_uint_unchecked(U384::conditional_select(&w, &r, !underflow))
}
#[inline]
fn reduce_bytes(bytes: &FieldBytes) -> Self {
Self::reduce(U384::from_be_byte_array(*bytes))
}
}
impl From<ScalarPrimitive<NistP384>> for Scalar {
fn from(w: ScalarPrimitive<NistP384>) -> Self {
Scalar::from(&w)
}
}
impl From<&ScalarPrimitive<NistP384>> for Scalar {
fn from(w: &ScalarPrimitive<NistP384>) -> Scalar {
Scalar::from_uint_unchecked(*w.as_uint())
}
}
impl From<Scalar> for ScalarPrimitive<NistP384> {
fn from(scalar: Scalar) -> ScalarPrimitive<NistP384> {
ScalarPrimitive::from(&scalar)
}
}
impl From<&Scalar> for ScalarPrimitive<NistP384> {
fn from(scalar: &Scalar) -> ScalarPrimitive<NistP384> {
ScalarPrimitive::new(scalar.into()).unwrap()
}
}
impl From<Scalar> for FieldBytes {
fn from(scalar: Scalar) -> Self {
scalar.to_repr()
}
}
impl From<&Scalar> for FieldBytes {
fn from(scalar: &Scalar) -> Self {
scalar.to_repr()
}
}
impl From<Scalar> for U384 {
fn from(scalar: Scalar) -> U384 {
U384::from(&scalar)
}
}
impl From<&Scalar> for U384 {
fn from(scalar: &Scalar) -> U384 {
scalar.to_canonical()
}
}
impl From<&SecretKey> for Scalar {
fn from(secret_key: &SecretKey) -> Scalar {
*secret_key.to_nonzero_scalar()
}
}
impl TryFrom<U384> for Scalar {
type Error = Error;
fn try_from(w: U384) -> Result<Self> {
Option::from(Self::from_uint(w)).ok_or(Error)
}
}
#[cfg(feature = "serde")]
impl Serialize for Scalar {
fn serialize<S>(&self, serializer: S) -> core::result::Result<S::Ok, S::Error>
where
S: ser::Serializer,
{
ScalarPrimitive::from(self).serialize(serializer)
}
}
#[cfg(feature = "serde")]
impl<'de> Deserialize<'de> for Scalar {
fn deserialize<D>(deserializer: D) -> core::result::Result<Self, D::Error>
where
D: de::Deserializer<'de>,
{
Ok(ScalarPrimitive::deserialize(deserializer)?.into())
}
}
#[cfg(test)]
mod tests {
use super::Scalar;
use crate::FieldBytes;
use elliptic_curve::ff::PrimeField;
use primeorder::impl_primefield_tests;
/// t = (modulus - 1) >> S
const T: [u64; 6] = [
0x76760cb5666294b9,
0xac0d06d9245853bd,
0xe3b1a6c0fa1b96ef,
0xffffffffffffffff,
0xffffffffffffffff,
0x7fffffffffffffff,
];
impl_primefield_tests!(Scalar, T);
#[test]
fn from_to_bytes_roundtrip() {
let k: u64 = 42;
let mut bytes = FieldBytes::default();
bytes[40..].copy_from_slice(k.to_be_bytes().as_ref());
let scalar = Scalar::from_repr(bytes).unwrap();
assert_eq!(bytes, scalar.to_bytes());
}
/// Basic tests that multiplication works.
#[test]
fn multiply() {
let one = Scalar::ONE;
let two = one + one;
let three = two + one;
let six = three + three;
assert_eq!(six, two * three);
let minus_two = -two;
let minus_three = -three;
assert_eq!(two, -minus_two);
assert_eq!(minus_three * minus_two, minus_two * minus_three);
assert_eq!(six, minus_two * minus_three);
}
/// Basic tests that scalar inversion works.
#[test]
fn invert() {
let one = Scalar::ONE;
let three = one + one + one;
let inv_three = three.invert().unwrap();
assert_eq!(three * inv_three, one);
let minus_three = -three;
let inv_minus_three = minus_three.invert().unwrap();
assert_eq!(inv_minus_three, -inv_three);
assert_eq!(three * inv_minus_three, -one);
}
/// Basic tests that sqrt works.
#[test]
fn sqrt() {
for &n in &[1u64, 4, 9, 16, 25, 36, 49, 64] {
let scalar = Scalar::from(n);
let sqrt = scalar.sqrt().unwrap();
assert_eq!(sqrt.square(), scalar);
}
}
}

4596
vendor/p384/src/arithmetic/scalar/p384_scalar_32.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1883
vendor/p384/src/arithmetic/scalar/p384_scalar_64.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

47
vendor/p384/src/ecdh.rs vendored Normal file
View File

@@ -0,0 +1,47 @@
//! Elliptic Curve Diffie-Hellman (Ephemeral) Support.
//!
//! This module contains a high-level interface for performing ephemeral
//! Diffie-Hellman key exchanges using the secp384 elliptic curve.
//!
//! # Usage
//!
//! This usage example is from the perspective of two participants in the
//! exchange, nicknamed "Alice" and "Bob".
//!
//! ```
//! use p384::{EncodedPoint, PublicKey, ecdh::EphemeralSecret};
//! use rand_core::OsRng; // requires 'getrandom' feature
//!
//! // Alice
//! let alice_secret = EphemeralSecret::random(&mut OsRng);
//! let alice_pk_bytes = EncodedPoint::from(alice_secret.public_key());
//!
//! // Bob
//! let bob_secret = EphemeralSecret::random(&mut OsRng);
//! let bob_pk_bytes = EncodedPoint::from(bob_secret.public_key());
//!
//! // Alice decodes Bob's serialized public key and computes a shared secret from it
//! let bob_public = PublicKey::from_sec1_bytes(bob_pk_bytes.as_ref())
//! .expect("bob's public key is invalid!"); // In real usage, don't panic, handle this!
//!
//! let alice_shared = alice_secret.diffie_hellman(&bob_public);
//!
//! // Bob decodes Alice's serialized public key and computes the same shared secret
//! let alice_public = PublicKey::from_sec1_bytes(alice_pk_bytes.as_ref())
//! .expect("alice's public key is invalid!"); // In real usage, don't panic, handle this!
//!
//! let bob_shared = bob_secret.diffie_hellman(&alice_public);
//!
//! // Both participants arrive on the same shared secret
//! assert_eq!(alice_shared.raw_secret_bytes(), bob_shared.raw_secret_bytes());
//! ```
pub use elliptic_curve::ecdh::diffie_hellman;
use crate::NistP384;
/// NIST P-384 Ephemeral Diffie-Hellman Secret.
pub type EphemeralSecret = elliptic_curve::ecdh::EphemeralSecret<NistP384>;
/// Shared secret value computed via ECDH key agreement.
pub type SharedSecret = elliptic_curve::ecdh::SharedSecret<NistP384>;

185
vendor/p384/src/ecdsa.rs vendored Normal file
View File

@@ -0,0 +1,185 @@
//! Elliptic Curve Digital Signature Algorithm (ECDSA)
//!
//! This module contains support for computing and verifying ECDSA signatures.
//! To use it, you will need to enable one of the two following Cargo features:
//!
//! - `ecdsa-core`: provides only the [`Signature`] type (which represents an
//! ECDSA/P-384 signature). Does not require the `arithmetic` feature. This is
//! useful for 3rd-party crates which wish to use the `Signature` type for
//! interoperability purposes (particularly in conjunction with the
//! [`signature::Signer`] trait. Example use cases for this include other
//! software implementations of ECDSA/P-384 and wrappers for cloud KMS
//! services or hardware devices (HSM or crypto hardware wallet).
//! - `ecdsa`: provides `ecdsa-core` features plus the [`SigningKey`] and
//! [`VerifyingKey`] types which natively implement ECDSA/P-384 signing and
//! verification.
//!
//! ## Signing/Verification Example
//!
//! This example requires the `ecdsa` Cargo feature is enabled:
//!
//! ```
//! # #[cfg(feature = "ecdsa")]
//! # {
//! use p384::ecdsa::{signature::Signer, Signature, SigningKey};
//! use rand_core::OsRng; // requires 'getrandom' feature
//!
//! // Signing
//! let signing_key = SigningKey::random(&mut OsRng); // Serialize with `::to_bytes()`
//! let message = b"ECDSA proves knowledge of a secret number in the context of a single message";
//! let signature: Signature = signing_key.sign(message);
//!
//! // Verification
//! use p384::ecdsa::{signature::Verifier, VerifyingKey};
//!
//! let verifying_key = VerifyingKey::from(&signing_key); // Serialize with `::to_encoded_point()`
//! assert!(verifying_key.verify(message, &signature).is_ok());
//! # }
//! ```
pub use ecdsa_core::signature::{self, Error};
#[cfg(feature = "ecdsa")]
use {
crate::{AffinePoint, Scalar},
ecdsa_core::hazmat::{SignPrimitive, VerifyPrimitive},
};
use super::NistP384;
/// ECDSA/P-384 signature (fixed-size)
pub type Signature = ecdsa_core::Signature<NistP384>;
/// ECDSA/P-384 signature (ASN.1 DER encoded)
pub type DerSignature = ecdsa_core::der::Signature<NistP384>;
/// ECDSA/P-384 signing key
#[cfg(feature = "ecdsa")]
pub type SigningKey = ecdsa_core::SigningKey<NistP384>;
/// ECDSA/P-384 verification key (i.e. public key)
#[cfg(feature = "ecdsa")]
pub type VerifyingKey = ecdsa_core::VerifyingKey<NistP384>;
#[cfg(feature = "sha384")]
impl ecdsa_core::hazmat::DigestPrimitive for NistP384 {
type Digest = sha2::Sha384;
}
#[cfg(feature = "ecdsa")]
impl SignPrimitive<NistP384> for Scalar {}
#[cfg(feature = "ecdsa")]
impl VerifyPrimitive<NistP384> for AffinePoint {}
#[cfg(all(test, feature = "ecdsa"))]
mod tests {
use crate::{
ecdsa::{
signature::hazmat::{PrehashSigner, PrehashVerifier},
signature::Signer,
Signature, SigningKey, VerifyingKey,
},
AffinePoint, EncodedPoint, SecretKey,
};
use elliptic_curve::{generic_array::GenericArray, sec1::FromEncodedPoint};
use hex_literal::hex;
use sha2::Digest;
// Test vector from RFC 6979 Appendix 2.6 (NIST P-384 + SHA-384)
// <https://tools.ietf.org/html/rfc6979#appendix-A.2.6>
#[test]
fn rfc6979() {
let x = hex!("6b9d3dad2e1b8c1c05b19875b6659f4de23c3b667bf297ba9aa47740787137d896d5724e4c70a825f872c9ea60d2edf5");
let signer = SigningKey::from_bytes(&x.into()).unwrap();
let signature: Signature = signer.sign(b"sample");
assert_eq!(
signature.to_bytes().as_slice(),
&hex!(
"94edbb92a5ecb8aad4736e56c691916b3f88140666ce9fa73d64c4ea95ad133c81a648152e44acf96e36dd1e80fabe46
99ef4aeb15f178cea1fe40db2603138f130e740a19624526203b6351d0a3a94fa329c145786e679e7b82c71a38628ac8"
)
);
let signature: Signature = signer.sign(b"test");
assert_eq!(
signature.to_bytes().as_slice(),
&hex!(
"8203b63d3c853e8d77227fb377bcf7b7b772e97892a80f36ab775d509d7a5feb0542a7f0812998da8f1dd3ca3cf023db
ddd0760448d42d8a43af45af836fce4de8be06b485e9b61b827c2f13173923e06a739f040649a667bf3b828246baa5a5"
)
);
}
// Test signing with PrehashSigner using SHA-256 which output is smaller than P-384 field size.
#[test]
fn prehash_signer_signing_with_sha256() {
let x = hex!("6b9d3dad2e1b8c1c05b19875b6659f4de23c3b667bf297ba9aa47740787137d896d5724e4c70a825f872c9ea60d2edf5");
let signer = SigningKey::from_bytes(&x.into()).unwrap();
let digest = sha2::Sha256::digest(b"test");
let signature: Signature = signer.sign_prehash(&digest).unwrap();
assert_eq!(
signature.to_bytes().as_slice(),
&hex!(
"010c3ab1a300f8c9d63eafa9a41813f0c5416c08814bdfc0236458d6c2603d71c4941f4696e60aff5717476170bb6ab4
03c4ad6274c61691346b2178def879424726909af308596ffb6355a042f48a114e2eb28eaa6918592b4727961057c0c1"
)
);
}
// Test verifying with PrehashVerifier using SHA-256 which output is smaller than P-384 field size.
#[test]
fn prehash_signer_verification_with_sha256() {
// The following test vector adapted from the FIPS 186-4 ECDSA test vectors
// (P-384, SHA-256, from `SigGen.txt` in `186-4ecdsatestvectors.zip`)
// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/digital-signatures>
let verifier = VerifyingKey::from_affine(
AffinePoint::from_encoded_point(
&EncodedPoint::from_affine_coordinates(
GenericArray::from_slice(&hex!("0400193b21f07cd059826e9453d3e96dd145041c97d49ff6b7047f86bb0b0439e909274cb9c282bfab88674c0765bc75")),
GenericArray::from_slice(&hex!("f70d89c52acbc70468d2c5ae75c76d7f69b76af62dcf95e99eba5dd11adf8f42ec9a425b0c5ec98e2f234a926b82a147")),
false,
),
).unwrap()
).unwrap();
let signature = Signature::from_scalars(
GenericArray::clone_from_slice(&hex!("b11db00cdaf53286d4483f38cd02785948477ed7ebc2ad609054551da0ab0359978c61851788aa2ec3267946d440e878")),
GenericArray::clone_from_slice(&hex!("16007873c5b0604ce68112a8fee973e8e2b6e3319c683a762ff5065a076512d7c98b27e74b7887671048ac027df8cbf2")),
).unwrap();
let result = verifier.verify_prehash(
&hex!("bbbd0a5f645d3fda10e288d172b299455f9dff00e0fbc2833e18cd017d7f3ed1"),
&signature,
);
assert!(result.is_ok());
}
#[test]
fn signing_secret_key_equivalent() {
let raw_sk: [u8; 48] = [
32, 52, 118, 9, 96, 116, 119, 172, 168, 251, 251, 197, 230, 33, 132, 85, 243, 25, 150,
105, 121, 46, 248, 180, 102, 250, 168, 123, 220, 103, 121, 129, 68, 200, 72, 221, 3,
102, 30, 237, 90, 198, 36, 97, 52, 12, 234, 150,
];
let seck = SecretKey::from_bytes(&raw_sk.into()).unwrap();
let sigk = SigningKey::from_bytes(&raw_sk.into()).unwrap();
assert_eq!(seck.to_bytes().as_slice(), &raw_sk);
assert_eq!(sigk.to_bytes().as_slice(), &raw_sk);
}
mod sign {
use crate::{test_vectors::ecdsa::ECDSA_TEST_VECTORS, NistP384};
ecdsa_core::new_signing_test!(NistP384, ECDSA_TEST_VECTORS);
}
mod verify {
use crate::{test_vectors::ecdsa::ECDSA_TEST_VECTORS, NistP384};
ecdsa_core::new_verification_test!(NistP384, ECDSA_TEST_VECTORS);
}
mod wycheproof {
use crate::NistP384;
ecdsa_core::new_wycheproof_test!(wycheproof, "wycheproof", NistP384);
}
}

136
vendor/p384/src/lib.rs vendored Normal file
View File

@@ -0,0 +1,136 @@
#![no_std]
#![cfg_attr(docsrs, feature(doc_auto_cfg))]
#![doc(
html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg"
)]
#![forbid(unsafe_code)]
#![warn(missing_docs, rust_2018_idioms, unused_qualifications)]
#![doc = include_str!("../README.md")]
//! ## `serde` support
//!
//! When the `serde` feature of this crate is enabled, `Serialize` and
//! `Deserialize` are impl'd for the following types:
//!
//! - [`AffinePoint`]
//! - [`Scalar`]
//! - [`ecdsa::VerifyingKey`]
//!
//! Please see type-specific documentation for more information.
#[cfg(feature = "arithmetic")]
mod arithmetic;
#[cfg(feature = "ecdh")]
pub mod ecdh;
#[cfg(feature = "ecdsa-core")]
pub mod ecdsa;
#[cfg(any(feature = "test-vectors", test))]
pub mod test_vectors;
pub use elliptic_curve::{self, bigint::U384, consts::U48};
#[cfg(feature = "arithmetic")]
pub use arithmetic::{scalar::Scalar, AffinePoint, ProjectivePoint};
#[cfg(feature = "expose-field")]
pub use arithmetic::field::FieldElement;
#[cfg(feature = "pkcs8")]
pub use elliptic_curve::pkcs8;
use elliptic_curve::{
bigint::ArrayEncoding, consts::U49, generic_array::GenericArray, FieldBytesEncoding,
};
/// Order of NIST P-384's elliptic curve group (i.e. scalar modulus) in hexadecimal.
const ORDER_HEX: &str = "ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973";
/// NIST P-384 elliptic curve.
#[derive(Copy, Clone, Debug, Default, Eq, PartialEq, PartialOrd, Ord)]
pub struct NistP384;
impl elliptic_curve::Curve for NistP384 {
/// 48-byte serialized field elements.
type FieldBytesSize = U48;
/// 384-bit integer type used for internally representing field elements.
type Uint = U384;
/// Order of NIST P-384's elliptic curve group (i.e. scalar modulus).
const ORDER: U384 = U384::from_be_hex(ORDER_HEX);
}
impl elliptic_curve::PrimeCurve for NistP384 {}
impl elliptic_curve::point::PointCompression for NistP384 {
/// NIST P-384 points are typically uncompressed.
const COMPRESS_POINTS: bool = false;
}
impl elliptic_curve::point::PointCompaction for NistP384 {
/// NIST P-384 points are typically uncompressed.
const COMPACT_POINTS: bool = false;
}
#[cfg(feature = "jwk")]
impl elliptic_curve::JwkParameters for NistP384 {
const CRV: &'static str = "P-384";
}
#[cfg(feature = "pkcs8")]
impl pkcs8::AssociatedOid for NistP384 {
const OID: pkcs8::ObjectIdentifier = pkcs8::ObjectIdentifier::new_unwrap("1.3.132.0.34");
}
/// Compressed SEC1-encoded NIST P-384 curve point.
pub type CompressedPoint = GenericArray<u8, U49>;
/// NIST P-384 SEC1 encoded point.
pub type EncodedPoint = elliptic_curve::sec1::EncodedPoint<NistP384>;
/// NIST P-384 field element serialized as bytes.
///
/// Byte array containing a serialized field element value (base field or
/// scalar).
pub type FieldBytes = elliptic_curve::FieldBytes<NistP384>;
impl FieldBytesEncoding<NistP384> for U384 {
fn decode_field_bytes(field_bytes: &FieldBytes) -> Self {
U384::from_be_byte_array(*field_bytes)
}
fn encode_field_bytes(&self) -> FieldBytes {
self.to_be_byte_array()
}
}
/// Non-zero NIST P-384 scalar field element.
#[cfg(feature = "arithmetic")]
pub type NonZeroScalar = elliptic_curve::NonZeroScalar<NistP384>;
/// NIST P-384 public key.
#[cfg(feature = "arithmetic")]
pub type PublicKey = elliptic_curve::PublicKey<NistP384>;
/// NIST P-384 secret key.
pub type SecretKey = elliptic_curve::SecretKey<NistP384>;
#[cfg(not(feature = "arithmetic"))]
impl elliptic_curve::sec1::ValidatePublicKey for NistP384 {}
/// Bit representation of a NIST P-384 scalar field element.
#[cfg(feature = "bits")]
pub type ScalarBits = elliptic_curve::scalar::ScalarBits<NistP384>;
#[cfg(feature = "voprf")]
impl elliptic_curve::VoprfParameters for NistP384 {
/// See <https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-19.html#name-oprfp-384-sha-384-2>.
const ID: &'static str = "P384-SHA384";
/// See <https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-08.html#section-4.4-1.2>.
type Hash = sha2::Sha384;
}

5
vendor/p384/src/test_vectors.rs vendored Normal file
View File

@@ -0,0 +1,5 @@
//! secp384r1 test vectors.
#[cfg(test)]
pub mod ecdsa;
pub mod group;

BIN
vendor/p384/src/test_vectors/data/wycheproof.blb vendored Normal file
View File

Binary file not shown.

150
vendor/p384/src/test_vectors/ecdsa.rs vendored Normal file
View File

@@ -0,0 +1,150 @@
//! ECDSA/secp384r1 test vectors
use ecdsa_core::dev::TestVector;
use hex_literal::hex;
/// ECDSA/P-384 test vectors.
///
/// Adapted from the FIPS 186-4 ECDSA test vectors
/// (P-384, SHA-384, from `SigGen.txt` in `186-4ecdsatestvectors.zip`)
/// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/digital-signatures>
///
/// The `m` field contains a SHA-384 prehash of the `Msg` field in the
/// original `SigTen.txt`.
pub const ECDSA_TEST_VECTORS: &[TestVector; 15] = &[
TestVector {
d: &hex!("201b432d8df14324182d6261db3e4b3f46a8284482d52e370da41e6cbdf45ec2952f5db7ccbce3bc29449f4fb080ac97"),
q_x: &hex!("c2b47944fb5de342d03285880177ca5f7d0f2fcad7678cce4229d6e1932fcac11bfc3c3e97d942a3c56bf34123013dbf"),
q_y: &hex!("37257906a8223866eda0743c519616a76a758ae58aee81c5fd35fbf3a855b7754a36d4a0672df95d6c44a81cf7620c2d"),
k: &hex!("dcedabf85978e090f733c6e16646fa34df9ded6e5ce28c6676a00f58a25283db8885e16ce5bf97f917c81e1f25c9c771"),
m: &hex!("31a452d6164d904bb5724c878280231eae705c29ce9d4bc7d58e020e1085f17eebcc1a38f0ed0bf2b344d81fbd896825"),
r: &hex!("50835a9251bad008106177ef004b091a1e4235cd0da84fff54542b0ed755c1d6f251609d14ecf18f9e1ddfe69b946e32"),
s: &hex!("0475f3d30c6463b646e8d3bf2455830314611cbde404be518b14464fdb195fdcc92eb222e61f426a4a592c00a6a89721"),
},
TestVector {
d: &hex!("23d9f4ea6d87b7d6163d64256e3449255db14786401a51daa7847161bf56d494325ad2ac8ba928394e01061d882c3528"),
q_x: &hex!("5d42d6301c54a438f65970bae2a098cbc567e98840006e356221966c86d82e8eca515bca850eaa3cd41f175f03a0cbfd"),
q_y: &hex!("4aef5a0ceece95d382bd70ab5ce1cb77408bae42b51a08816d5e5e1d3da8c18fcc95564a752730b0aabea983ccea4e2e"),
k: &hex!("67ba379366049008593eac124f59ab017358892ee0c063d38f3758bb849fd25d867c3561563cac1532a323b228dc0890"),
m: &hex!("a92784916a40feaebfeab16ea28c0c65e45c5e81eb634052944865708072e20110bd669a9838d7e722e94ac75245cdd3"),
r: &hex!("fb318f4cb1276282bb43f733a7fb7c567ce94f4d02924fc758635ab2d1107108bf159b85db080cdc3b30fbb5400016f3"),
s: &hex!("588e3d7af5da03eae255ecb1813100d95edc243476b724b22db8e85377660d7645ddc1c2c2ee4eaea8b683dbe22f86ca"),
},
TestVector {
d: &hex!("b5f670e98d8befc46f6f51fb2997069550c2a52ebfb4e5e25dd905352d9ef89eed5c2ecd16521853aadb1b52b8c42ae6"),
q_x: &hex!("44ffb2a3a95e12d87c72b5ea0a8a7cb89f56b3bd46342b2303608d7216301c21b5d2921d80b6628dc512ccb84e2fc278"),
q_y: &hex!("e4c1002f1828abaec768cadcb7cf42fbf93b1709ccae6df5b134c41fae2b9a188bfbe1eccff0bd348517d7227f2071a6"),
k: &hex!("229e67638f712f57bea4c2b02279d5ccad1e7c9e201c77f6f01aeb81ea90e62b44b2d2107fd66d35e56608fff65e28e4"),
m: &hex!("b2acf6b4ae1ba9985c1e657313d59157939c21868302f6f5c5dbf037867035ae7c2009bad9fce472579923f7b4b87795"),
r: &hex!("b11db592e4ebc75b6472b879b1d8ce57452c615aef20f67a280f8bca9b11a30ad4ac9d69541258c7dd5d0b4ab8dd7d49"),
s: &hex!("4eb51db8004e46d438359abf060a9444616cb46b4f99c9a05b53ba6df02e914c9c0b6cc3a9791d804d2e4c0984dab1cc"),
},
TestVector {
d: &hex!("de5975d8932533f092e76295ed6b23f10fc5fba48bfb82c6cc714826baf0126813247f8bd51d5738503654ab22459976"),
q_x: &hex!("f1fabafc01fec7e96d982528d9ef3a2a18b7fe8ae0fa0673977341c7ae4ae8d8d3d67420343d013a984f5f61da29ae38"),
q_y: &hex!("1a31cf902c46343d01b2ebb614bc789c313b5f91f9302ad9418e9c797563e2fa3d44500f47b4e26ad8fdec1a816d1dcf"),
k: &hex!("fc5940e661542436f9265c34bce407eff6364bd471aa79b90c906d923e15c9ed96eea4e86f3238ea86161d13b7d9359d"),
m: &hex!("ec21c9d03a7270ea9ce7e9ff83211bac2fb104d078217c370248a3aba81f6c586852f19ced56dc71f83f5251d7381c8a"),
r: &hex!("c2fbdd6a56789024082173725d797ef9fd6accb6ae664b7260f9e83cb8ab2490428c8b9c52e153612295432fec4d59cd"),
s: &hex!("8056c5bb57f41f73082888b234fcda320a33250b5da012ba1fdb4924355ae679012d81d2c08fc0f8634c708a4833232f"),
},
TestVector {
d: &hex!("11e0d470dc31fab0f5722f87b74a6c8d7414115e58ceb38bfcdced367beac3adbf1fe9ba5a04f72e978b1eb54597eabc"),
q_x: &hex!("1950166989164cbfd97968c7e8adb6fbca1873ebef811ea259eb48b7d584627f0e6d6c64defe23cbc95236505a252aa1"),
q_y: &hex!("41ef424b5cb076d4e32accd9250ea75fcf4ffd81814040c050d58c0a29b06be11edf67c911b403e418b7277417e52906"),
k: &hex!("e56904028226eb04f8d071e3f9cefec91075a81ca0fa87b44cae148fe1ce9827b5d1910db2336d0eb9813ddba3e4d7b5"),
m: &hex!("f0272d0a51ee61f86d0875ca7800e12744ef6ffbac72bdda7c54ba24e5a5a6bd69ebe6f429cc20ac12b926d392efc4ce"),
r: &hex!("c38ef30f55624e8935680c29f8c24824877cf48ffc0ef015e62de1068893353030d1193bf9d34237d7ce6ba92c98b0fe"),
s: &hex!("651b8c3d5c9d5b936d300802a06d82ad54f7b1ba4327b2f031c0c5b0cb215ad4354edc7f932d934e877dfa1cf51b13fe"),
},
TestVector {
d: &hex!("5c6bbf9fbcbb7b97c9535f57b431ed1ccae1945b7e8a4f1b032016b07810bd24a9e20055c0e9306650df59ef7e2cd8c2"),
q_x: &hex!("2e01c5b59e619e00b79060a1e8ef695472e23bf9a511fc3d5ed77a334a242557098e40972713732c5291c97adf9cf2cf"),
q_y: &hex!("563e3fe4ad807e803b9e961b08da4dde4cea8925649da0d93221ce4cdceabc6a1db7612180a8c6bef3579c65539b97e9"),
k: &hex!("03d23f1277b949cb6380211ad9d338e6f76c3eedac95989b91d0243cfb734a54b19bca45a5d13d6a4b9f815d919eea77"),
m: &hex!("e114c6204bee5bf0bbdf9ffc139bb99f09e7ea2186da3ee1e011dd059185d57c4953a130d34ff0df3fc6782dda199ee8"),
r: &hex!("abab65308f0b79c4f3a9ff28dd490acb0c320434094cef93e75adfe17e5820dc1f77544cfaaacdc8cf9ac8b38e174bef"),
s: &hex!("11b783d879a6de054b316af7d56e526c3dce96c85289122e3ad927cfa77bfc50b4a96c97f85b1b8221be2df083ff58fb"),
},
TestVector {
d: &hex!("ffc7dedeff8343721f72046bc3c126626c177b0e48e247f44fd61f8469d4d5f0a74147fabaa334495cc1f986ebc5f0b1"),
q_x: &hex!("51c78c979452edd53b563f63eb3e854a5b23e87f1b2103942b65f77d024471f75c8ce1cc0dfef83292b368112aa5126e"),
q_y: &hex!("313e6aaf09caa3ba30f13072b2134878f14a4a01ee86326cccbff3d079b4df097dc57985e8c8c834a10cb9d766169366"),
k: &hex!("c3de91dbe4f777698773da70dd610ef1a7efe4dc00d734399c7dd100728006a502822a5a7ff9129ffd8adf6c1fc1211a"),
m: &hex!("f11e38f4037ae3ffd0fde97c08e2e5acbc26e3ac5828a86c182232be90ef6fc0f5d21a9b1a7b93472d78c103b4136019"),
r: &hex!("f4f477855819ad8b1763f53691b76afbc4a31a638b1e08c293f9bcd55decf797f9913ca128d4b45b2e2ea3e82c6cf565"),
s: &hex!("7c26be29569ef95480a6d0c1af49dc10a51a0a8931345e48c0c39498bfb94d62962980b56143a7b41a2fddc8794c1b7f"),
},
TestVector {
d: &hex!("adca364ef144a21df64b163615e8349cf74ee9dbf728104215c532073a7f74e2f67385779f7f74ab344cc3c7da061cf6"),
q_x: &hex!("ef948daae68242330a7358ef73f23b56c07e37126266db3fa6eea233a04a9b3e4915233dd6754427cd4b71b75854077d"),
q_y: &hex!("009453ef1828eaff9e17c856d4fc1895ab60051312c3e1db1e3766566438b2990cbf9945c2545619e3e0145bc6a79004"),
k: &hex!("a2da3fae2e6da3cf11b49861afb34fba357fea89f54b35ce5ed7434ae09103fe53e2be75b93fc579fedf919f6d5e407e"),
m: &hex!("f8d0170479b2d1a8f50c80556e67ff345592c8b7dcda4e4f6099f993c1a71bff6d3b60190715ae1215a8a759a8eb13df"),
r: &hex!("dda994b9c428b57e9f8bbaebba0d682e3aac6ed828e3a1e99a7fc4c804bff8df151137f539c7389d80e23d9f3ee497bf"),
s: &hex!("a0d6b10ceffd0e1b29cf784476f9173ba6ecd2cfc7929725f2d6e24e0db5a4721683640eaa2bbe151fb57560f9ce594b"),
},
TestVector {
d: &hex!("39bea008ec8a217866dcbdb1b93da34d1d3e851d011df9ef44b7828b3453a54aa70f1df9932170804eacd207e4f7e91d"),
q_x: &hex!("5709ec4305a9c3271c304face6c148142490b827a73a4c17affcfd01fffd7eaa65d2fdedfa2419fc64ed910823513faf"),
q_y: &hex!("b083cda1cf3be6371b6c06e729ea6299213428db57119347247ec1fcd44204386cc0bca3f452d9d864b39efbfc89d6b2"),
k: &hex!("3c90cc7b6984056f570542a51cbe497ce4c11aeae8fc35e8fd6a0d9adeb650e8644f9d1d5e4341b5adc81e27f284c08f"),
m: &hex!("86bc7536faf2de20028159ce93e293d0a7f5721fb6680b5b070c3f70aba845de2eaed9245144babc38c49cce59f3eac7"),
r: &hex!("d13646895afb1bfd1953551bb922809c95ad65d6abe94eb3719c899aa1f6dba6b01222c7f283900fe98628b7597b6ea6"),
s: &hex!("4a9a38afda04c0a6b0058943b679bd02205b14d0f3d49b8f31aac289129780cdb1c555def8c3f9106b478729e0c7efaa"),
},
TestVector {
d: &hex!("e849cf948b241362e3e20c458b52df044f2a72deb0f41c1bb0673e7c04cdd70811215059032b5ca3cc69c345dcce4cf7"),
q_x: &hex!("06c037a0cbf43fdf335dff33de06d34348405353f9fdf2ce1361efba30fb204aea9dbd2e30da0a10fd2d876188371be6"),
q_y: &hex!("360d38f3940e34679204b98fbf70b8a4d97f25443e46d0807ab634ed5891ad864dd7703557aa933cd380e26eea662a43"),
k: &hex!("32386b2593c85e877b70e5e5495936f65dc49553caef1aa6cc14d9cd370c442a0ccfab4c0da9ec311b67913b1b575a9d"),
m: &hex!("1128c8b09573a993adaa0a68f3ca965db30870db46de70d29e3b9a7d110ba0cd57633f1713173c62331b36fb925fa874"),
r: &hex!("5886078d3495767e330c7507b7ca0fa07a50e59912a416d89f0ab1aa4e88153d6eaf00882d1b4aa64153153352d853b5"),
s: &hex!("2cc10023bf1bf8ccfd14b06b82cc2114449a352389c8ff9f6f78cdc4e32bde69f3869da0e17f691b329682ae7a36e1aa"),
},
TestVector {
d: &hex!("d89607475d509ef23dc9f476eae4280c986de741b63560670fa2bd605f5049f1972792c0413a5b3b4b34e7a38b70b7ca"),
q_x: &hex!("49a1c631f31cf5c45b2676b1f130cbf9be683d0a50dffae0d147c1e9913ab1090c6529a84f47ddc7cf025921b771355a"),
q_y: &hex!("1e207eece62f2bcc6bdabc1113158145170be97469a2904eaaa93aad85b86a19719207f3e423051f5b9cbbe2754eefcb"),
k: &hex!("78613c570c8d33b7dd1bd1561d87e36282e8cf4843e7c344a2b2bb6a0da94756d670eeaffe434f7ae7c780f7cf05ca08"),
m: &hex!("ab9a6d22c8d7675bc8e99e3cafed8318f33051ba5398ce0e9d8e8d3d537a6a908d4c2ace3e6d8204d0236d863eee3c28"),
r: &hex!("66f92b39aa3f4aeb9e2dc03ac3855406fa3ebbab0a6c88a78d7a03482f0c9868d7b78bc081ede0947c7f37bf193074ba"),
s: &hex!("e5c64ed98d7f3701193f25dd237d59c91c0da6e26215e0889d82e6d3e416693f8d58843cf30ab10ab8d0edd9170b53ad"),
},
TestVector {
d: &hex!("083e7152734adf342520ae377087a223688de2899b10cfcb34a0b36bca500a4dfa530e2343e6a39da7ae1eb0862b4a0d"),
q_x: &hex!("70a0f16b6c61172659b027ed19b18fd8f57bd28dc0501f207bd6b0bb065b5671cf3dd1ed13d388dcf6ccc766597aa604"),
q_y: &hex!("4f845bf01c3c3f6126a7368c3454f51425801ee0b72e63fb6799b4420bfdebe3e37c7246db627cc82c09654979c700bb"),
k: &hex!("28096ababe29a075fbdf894709a20d0fdedb01ed3eeacb642a33a0da6aed726e13caf6cf206792ec359f0c9f9b567552"),
m: &hex!("68f858243fe465eb91dc2481333cbb1958883ef25099d45cf02721d17d2846d2cec4689884ae7c0412332e035a1fa3fc"),
r: &hex!("ee2923f9b9999ea05b5e57f505bed5c6ba0420def42c6fa90eef7a6ef770786525546de27cdeb2f8586f8f29fb4ee67c"),
s: &hex!("50ef923fb217c4cf65a48b94412fda430fac685f0da7bd574557c6c50f5b22e0c8354d99f2c2f2c2691f252f93c7d84a"),
},
TestVector {
d: &hex!("63578d416215aff2cc78f9b926d4c7740a77c142944e104aa7422b19a616898262d46a8a942d5e8d5db135ee8b09a368"),
q_x: &hex!("cadbacef4406099316db2ce3206adc636c2bb0a835847ed7941efb02862472f3150338f13f4860d47f39b7e098f0a390"),
q_y: &hex!("752ad0f22c9c264336cde11bbc95d1816ed4d1b1500db6b8dce259a42832e613c31178c2c7995206a62e201ba108f570"),
k: &hex!("7b69c5d5b4d05c9950dc94c27d58403b4c52c004b80a80418ad3a89aabc5d34f21926729e76afd280cc8ee88c9805a2a"),
m: &hex!("dca5ebfebeac1696eff4a89162469c6937b80f8f8cf17299856de2e13d8f8a199bff3085cee59366886164bcc03f7e90"),
r: &hex!("db054addb6161ee49c6ce2e4d646d7670754747b6737ca8516e9d1e87859937c3ef9b1d2663e10d7e4bd00ec85b7a97a"),
s: &hex!("fcc504e0f00ef29587e4bc22faada4db30e2cb1ac552680a65785ae87beb666c792513f2be7a3180fc544296841a0e27"),
},
TestVector {
d: &hex!("ed4df19971658b74868800b3b81bc877807743b25c65740f1d6377542afe2c6427612c840ada31a8eb794718f37c7283"),
q_x: &hex!("33093a0568757e8b58df5b72ea5fe5bf26e6f7aeb541b4c6a8c189c93721749bcaceccf2982a2f0702586a9f812fc66f"),
q_y: &hex!("ebe320d09e1f0662189d50b85a20403b821ac0d000afdbf66a0a33f304726c69e354d81c50b94ba3a5250efc31319cd1"),
k: &hex!("d9b4cd1bdfa83e608289634dbfcee643f07315baf743fc91922880b55a2feda3b38ddf6040d3ba10985cd1285fc690d5"),
m: &hex!("f9b152150f7dc99d5262c9da04dde148009730fb2af9ac753b9c64488d27c817f68c17ae1ff61e50ebb6749230c59a71"),
r: &hex!("009c74063e206a4259b53decff5445683a03f44fa67252b76bd3581081c714f882f882df915e97dbeab061fa8b3cc4e7"),
s: &hex!("d40e09d3468b46699948007e8f59845766dbf694b9c62066890dd055c0cb9a0caf0aa611fb9f466ad0bbb00dbe29d7eb"),
},
TestVector {
d: &hex!("e9c7e9a79618d6ff3274da1abd0ff3ed0ec1ae3b54c3a4fd8d68d98fb04326b7633fc637e0b195228d0edba6bb1468fb"),
q_x: &hex!("a39ac353ca787982c577aff1e8601ce192aa90fd0de4c0ed627f66a8b6f02ae51315543f72ffc1c48a7269b25e7c289a"),
q_y: &hex!("9064a507b66b340b6e0e0d5ffaa67dd20e6dafc0ea6a6faee1635177af256f9108a22e9edf736ab4ae8e96dc207b1fa9"),
k: &hex!("b094cb3a5c1440cfab9dc56d0ec2eff00f2110dea203654c70757254aa5912a7e73972e607459b1f4861e0b08a5cc763"),
m: &hex!("14f785ebb5a3b1bdff516a6b580e245b3c81aff37e1035e354b084a6691e973e0de30bb2a0490fca2d757f8191d7560a"),
r: &hex!("ee82c0f90501136eb0dc0e459ad17bf3be1b1c8b8d05c60068a9306a346326ff7344776a95f1f7e2e2cf9477130e735c"),
s: &hex!("af10b90f203af23b7500e070536e64629ba19245d6ef39aab57fcdb1b73c4c6bf7070c6263544633d3d358c12a178138"),
},
];

256
vendor/p384/src/test_vectors/group.rs vendored Normal file
View File

@@ -0,0 +1,256 @@
//! Test vectors for the secp384r1 group.
use hex_literal::hex;
/// Repeated addition of the generator.
///
/// These are the first 20 test vectors from <http://point-at-infinity.org/ecc/nisttv>
pub const ADD_TEST_VECTORS: &[([u8; 48], [u8; 48])] = &[
(
hex!("AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"),
hex!("3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")
),
(
hex!("08D999057BA3D2D969260045C55B97F089025959A6F434D651D207D19FB96E9E4FE0E86EBE0E64F85B96A9C75295DF61"),
hex!("8E80F1FA5B1B3CEDB7BFE8DFFD6DBA74B275D875BC6CC43E904E505F256AB4255FFD43E94D39E22D61501E700A940E80")
),
(
hex!("077A41D4606FFA1464793C7E5FDC7D98CB9D3910202DCD06BEA4F240D3566DA6B408BBAE5026580D02D7E5C70500C831"),
hex!("C995F7CA0B0C42837D0BBE9602A9FC998520B41C85115AA5F7684C0EDC111EACC24ABD6BE4B5D298B65F28600A2F1DF1")
),
(
hex!("138251CD52AC9298C1C8AAD977321DEB97E709BD0B4CA0ACA55DC8AD51DCFC9D1589A1597E3A5120E1EFD631C63E1835"),
hex!("CACAE29869A62E1631E8A28181AB56616DC45D918ABC09F3AB0E63CF792AA4DCED7387BE37BBA569549F1C02B270ED67")
),
(
hex!("11DE24A2C251C777573CAC5EA025E467F208E51DBFF98FC54F6661CBE56583B037882F4A1CA297E60ABCDBC3836D84BC"),
hex!("8FA696C77440F92D0F5837E90A00E7C5284B447754D5DEE88C986533B6901AEB3177686D0AE8FB33184414ABE6C1713A")
),
(
hex!("627BE1ACD064D2B2226FE0D26F2D15D3C33EBCBB7F0F5DA51CBD41F26257383021317D7202FF30E50937F0854E35C5DF"),
hex!("09766A4CB3F8B1C21BE6DDA6C14F1575B2C95352644F774C99864F613715441604C45B8D84E165311733A408D3F0F934")
),
(
hex!("283C1D7365CE4788F29F8EBF234EDFFEAD6FE997FBEA5FFA2D58CC9DFA7B1C508B05526F55B9EBB2040F05B48FB6D0E1"),
hex!("9475C99061E41B88BA52EFDB8C1690471A61D867ED799729D9C92CD01DBD225630D84EDE32A78F9E64664CDAC512EF8C")
),
(
hex!("1692778EA596E0BE75114297A6FA383445BF227FBE58190A900C3C73256F11FB5A3258D6F403D5ECE6E9B269D822C87D"),
hex!("DCD2365700D4106A835388BA3DB8FD0E22554ADC6D521CD4BD1C30C2EC0EEC196BADE1E9CDD1708D6F6ABFA4022B0AD2")
),
(
hex!("8F0A39A4049BCB3EF1BF29B8B025B78F2216F7291E6FD3BAC6CB1EE285FB6E21C388528BFEE2B9535C55E4461079118B"),
hex!("62C77E1438B601D6452C4A5322C3A9799A9B3D7CA3C400C6B7678854AED9B3029E743EFEDFD51B68262DA4F9AC664AF8")
),
(
hex!("A669C5563BD67EEC678D29D6EF4FDE864F372D90B79B9E88931D5C29291238CCED8E85AB507BF91AA9CB2D13186658FB"),
hex!("A988B72AE7C1279F22D9083DB5F0ECDDF70119550C183C31C502DF78C3B705A8296D8195248288D997784F6AB73A21DD")
),
(
hex!("099056E27DA7B998DA1EEEC2904816C57FE935ED5837C37456C9FD14892D3F8C4749B66E3AFB81D626356F3B55B4DDD8"),
hex!("2E4C0C234E30AB96688505544AC5E0396FC4EED8DFC363FD43FF93F41B52A3255466D51263AAFF357D5DBA8138C5E0BB")
),
(
hex!("952A7A349BD49289AB3AC421DCF683D08C2ED5E41F6D0E21648AF2691A481406DA4A5E22DA817CB466DA2EA77D2A7022"),
hex!("A0320FAF84B5BC0563052DEAE6F66F2E09FB8036CE18A0EBB9028B096196B50D031AA64589743E229EF6BACCE21BD16E")
),
(
hex!("A567BA97B67AEA5BAFDAF5002FFCC6AB9632BFF9F01F873F6267BCD1F0F11C139EE5F441ABD99F1BAAF1CA1E3B5CBCE7"),
hex!("DE1B38B3989F3318644E4147AF164ECC5185595046932EC086329BE057857D66776BCB8272218A7D6423A12736F429CC")
),
(
hex!("E8C8F94D44FBC2396BBEAC481B89D2B0877B1DFFD23E7DC95DE541EB651CCA2C41ABA24DBC02DE6637209ACCF0F59EA0"),
hex!("891AE44356FC8AE0932BCBF6DE52C8A933B86191E7728D79C8319413A09D0F48FC468BA05509DE22D7EE5C9E1B67B888")
),
(
hex!("B3D13FC8B32B01058CC15C11D813525522A94156FFF01C205B21F9F7DA7C4E9CA849557A10B6383B4B88701A9606860B"),
hex!("152919E7DF9162A61B049B2536164B1BEEBAC4A11D749AF484D1114373DFBFD9838D24F8B284AF50985D588D33F7BD62")
),
(
hex!("D5D89C3B5282369C5FBD88E2B231511A6B80DFF0E5152CF6A464FA9428A8583BAC8EBC773D157811A462B892401DAFCF"),
hex!("D815229DE12906D241816D5E9A9448F1D41D4FC40E2A3BDB9CABA57E440A7ABAD1210CB8F49BF2236822B755EBAB3673")
),
(
hex!("4099952208B4889600A5EBBCB13E1A32692BEFB0733B41E6DCC614E42E5805F817012A991AF1F486CAF3A9ADD9FFCC03"),
hex!("5ECF94777833059839474594AF603598163AD3F8008AD0CD9B797D277F2388B304DA4D2FAA9680ECFA650EF5E23B09A0")
),
(
hex!("DFB1FE3A40F7AC9B64C41D39360A7423828B97CB088A4903315E402A7089FA0F8B6C2355169CC9C99DFB44692A9B93DD"),
hex!("453ACA1243B5EC6B423A68A25587E1613A634C1C42D2EE7E6C57F449A1C91DC89168B7036EC0A7F37A366185233EC522")
),
(
hex!("8D481DAB912BC8AB16858A211D750B77E07DBECCA86CD9B012390B430467AABF59C8651060801C0E9599E68713F5D41B"),
hex!("A1592FF0121460857BE99F2A60669050B2291B68A1039AA0594B32FD7ADC0E8C11FFBA5608004E646995B07E75E52245")
),
(
hex!("605508EC02C534BCEEE9484C86086D2139849E2B11C1A9CA1E2808DEC2EAF161AC8A105D70D4F85C50599BE5800A623F"),
hex!("5158EE87962AC6B81F00A103B8543A07381B7639A3A65F1353AEF11B733106DDE92E99B78DE367B48E238C38DAD8EEDD")
)
];
/// Scalar multiplication with the generator.
///
/// These are the test vectors from <http://point-at-infinity.org/ecc/nisttv> that are not
/// part of [`ADD_TEST_VECTORS`].
pub const MUL_TEST_VECTORS: &[([u8; 48], [u8; 48], [u8; 48])] = &[
(
hex!("00000000000000000000000000000000000000000000000000000000000000000000000000000000018ebbb95eed0e13"),
hex!("A499EFE48839BC3ABCD1C5CEDBDD51904F9514DB44F4686DB918983B0C9DC3AEE05A88B72433E9515F91A329F5F4FA60"),
hex!("3B7CA28EF31F809C2F1BA24AAED847D0F8B406A4B8968542DE139DB5828CA410E615D1182E25B91B1131E230B727D36A"),
),
(
hex!("000000000000000000000000000000000000000000000000000000000000000000159d893d4cdd747246cdca43590e13"),
hex!("90A0B1CAC601676B083F21E07BC7090A3390FE1B9C7F61D842D27FA315FB38D83667A11A71438773E483F2A114836B24"),
hex!("3197D3C6123F0D6CD65D5F0DE106FEF36656CB16DC7CD1A6817EB1D51510135A8F492F72665CFD1053F75ED03A7D04C9"),
),
(
hex!("41ffc1fffffe01fffc0003fffe0007c001fff00003fff07ffe0007c000000003ffffff807fff8007fffff800fffe0000"),
hex!("F2A066BD332DC59BBC3D01DA1B124C687D8BB44611186422DE94C1DA4ECF150E664D353CCDB5CB2652685F8EB4D2CD49"),
hex!("D6ED0BF75FDD8E53D87765FA746835B673881D6D1907163A2C43990D75B454294F942EC571AD5AAE1806CAF2BB8E9A4A"),
),
(
hex!("400000003803ffffffcfffffe0800000001ffffe03ffff1ffff801fffffffff8000001fffff800ffffff8001fffc7fff"),
hex!("5C7F9845D1C4AA44747F9137B6F9C39B36B26B8A62E8AF97290434D5F3B214F5A0131550ADB19058DC4C8780C4165C4A"),
hex!("712F7FCCC86F647E70DB8798228CB16344AF3D00B139B6F8502939C2A965AF0EB4E39E2E16AB8F597B8D5630A50C9D85"),
),
(
hex!("4000008000fffffc000003f00000ffffffff800003800f8000e0000e000000ffffffe00000ffffffc0007e0000000fe0"),
hex!("DD5838F7EC3B8ACF1BECFD746F8B668C577107E93548ED93ED0D254C112E76B10F053109EF8428BFCD50D38C4C030C57"),
hex!("33244F479CDAC34F160D9E4CE2D19D2FF0E3305B5BF0EEF29E91E9DE6E28F678C61B773AA7E3C03740E1A49D1AA2493C"),
),
(
hex!("000000001ffc000000fff030001f0000fffff0000038000000000002003f007ffffff0000000000000ffe00000000000"),
hex!("CB8ED893530BFBA04B4CA655923AAAD109A62BC8411D5925316C32D33602459C33057A1FBCB5F70AEB295D90F9165FBC"),
hex!("426AEE3E91B08420F9B357B66D5AFCBCF3956590BF5564DBF9086042EB880493D19DA39AAA6436C6B5FC66CE5596B43F"),
),
(
hex!("000fffe0800001ff0001fffffff0000ffffffffffffff80000fffffc1fffffffffffff001ffffffffffffbffffe01ffc"),
hex!("67F714012B6B070182122DDD435CC1C2262A1AB88939BC6A2906CB2B4137C5E82B4582160F6403CAB887ACDF5786A268"),
hex!("90E31CF398CE2F8C5897C7380BF541075D1B4D3CB70547262B7095731252F181AC0597C66AF8311C7780DB39DEC0BD32"),
),
(
hex!("07fffe0001fffff800fff800001ffff0001fffffe001fffc0000003ffe03fffffff80ffff01ffff20001c0003f0001ff"),
hex!("55A79DF7B53A99D31462C7E1A5ED5623970715BB1021098CB973A7520CBD6365E613E4B2467486FB37E86E01CEE09B8F"),
hex!("B95AEB71693189911661B709A886A1867F056A0EFE401EE11C06030E46F7A87731DA4575863178012208707DD666727C"),
),
(
hex!("0000003fff87effe07fe7ffffe07ffe07f0000000003fe007fff03e07c07ffe0007f0017fffffe000003fffff007ffff"),
hex!("9539A968CF819A0E52E10EEA3BACA1B6480D7E4DF69BC07002C568569047110EE4FE72FCA423FDD5179D6E0E19C44844"),
hex!("A7728F37A0AE0DF2716061900D83A4DA149144129F89A214A8260464BAB609BB322E4E67DE5E4C4C6CB8D25983EC19B0"),
),
(
hex!("00ffffff0000007e07fffff80031ffeffdffffc3fffffffff01fffffffff80000000007fc000fc000000004003ffc000"),
hex!("933FC13276672AB360D909161CD02D830B1628935DF0D800C6ED602C59D575A86A8A97E3A2D697E3ED06BE741C0097D6"),
hex!("F35296BD7A6B4C6C025ED6D84338CCCC7522A45C5D4FBDB1442556CAEFB598128FA188793ADA510EB5F44E90A4E4BEF1"),
),
(
hex!("00001fff803ff8000001fff000ffffffe3fff000000007ffdff80000003fff007fffffc01ffffff9ffffe001fc000000"),
hex!("0CE31E1C4A937071E6EBACA026A93D783848BCC0C1585DAF639518125FCD1F1629D63041ABFB11FFC8F03FA8B6FCF6BF"),
hex!("A69EA55BE4BEAB2D5224050FEBFFBDFCFD614624C3B4F228909EB80012F003756D1C377E52F04FA539237F24DD080E2E"),
),
(
hex!("7ff0001fff000fffffffff80007ffc0003f80001fff8000000001fc000000fff000000007ffc01fffc020000003fc000"),
hex!("6842CFE3589AC268818291F31D44177A9168DCBC19F321ED66D81ECF59E31B54CCA0DDFD4C4136780171748D69A91C54"),
hex!("E3A5ECD5AC725F13DBC631F358C6E817EDCF3A613B83832741A9DB591A0BAE767FC714F70C2E7EA891E4312047DECCC0"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5295f"),
hex!("605508EC02C534BCEEE9484C86086D2139849E2B11C1A9CA1E2808DEC2EAF161AC8A105D70D4F85C50599BE5800A623F"),
hex!("AEA7117869D53947E0FF5EFC47ABC5F8C7E489C65C59A0ECAC510EE48CCEF92116D16647721C984B71DC73C825271122"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52960"),
hex!("8D481DAB912BC8AB16858A211D750B77E07DBECCA86CD9B012390B430467AABF59C8651060801C0E9599E68713F5D41B"),
hex!("5EA6D00FEDEB9F7A841660D59F996FAF4DD6E4975EFC655FA6B4CD028523F172EE0045A8F7FFB19B966A4F828A1ADDBA"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52961"),
hex!("DFB1FE3A40F7AC9B64C41D39360A7423828B97CB088A4903315E402A7089FA0F8B6C2355169CC9C99DFB44692A9B93DD"),
hex!("BAC535EDBC4A1394BDC5975DAA781E9EC59CB3E3BD2D118193A80BB65E36E2366E9748FB913F580C85C99E7BDCC13ADD"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52962"),
hex!("4099952208B4889600A5EBBCB13E1A32692BEFB0733B41E6DCC614E42E5805F817012A991AF1F486CAF3A9ADD9FFCC03"),
hex!("A1306B8887CCFA67C6B8BA6B509FCA67E9C52C07FF752F32648682D880DC774BFB25B2CF55697F13059AF10B1DC4F65F"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52963"),
hex!("D5D89C3B5282369C5FBD88E2B231511A6B80DFF0E5152CF6A464FA9428A8583BAC8EBC773D157811A462B892401DAFCF"),
hex!("27EADD621ED6F92DBE7E92A1656BB70E2BE2B03BF1D5C42463545A81BBF585442EDEF3460B640DDC97DD48AB1454C98C"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52964"),
hex!("B3D13FC8B32B01058CC15C11D813525522A94156FFF01C205B21F9F7DA7C4E9CA849557A10B6383B4B88701A9606860B"),
hex!("EAD6E618206E9D59E4FB64DAC9E9B4E411453B5EE28B650B7B2EEEBC8C2040257C72DB064D7B50AF67A2A773CC08429D"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52965"),
hex!("E8C8F94D44FBC2396BBEAC481B89D2B0877B1DFFD23E7DC95DE541EB651CCA2C41ABA24DBC02DE6637209ACCF0F59EA0"),
hex!("76E51BBCA903751F6CD4340921AD3756CC479E6E188D728637CE6BEC5F62F0B603B9745EAAF621DD2811A362E4984777"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52966"),
hex!("A567BA97B67AEA5BAFDAF5002FFCC6AB9632BFF9F01F873F6267BCD1F0F11C139EE5F441ABD99F1BAAF1CA1E3B5CBCE7"),
hex!("21E4C74C6760CCE79BB1BEB850E9B133AE7AA6AFB96CD13F79CD641FA87A82988894347C8DDE75829BDC5ED9C90BD633"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52967"),
hex!("952A7A349BD49289AB3AC421DCF683D08C2ED5E41F6D0E21648AF2691A481406DA4A5E22DA817CB466DA2EA77D2A7022"),
hex!("5FCDF0507B4A43FA9CFAD215190990D1F6047FC931E75F1446FD74F69E694AF1FCE559B9768BC1DD610945341DE42E91"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52968"),
hex!("099056E27DA7B998DA1EEEC2904816C57FE935ED5837C37456C9FD14892D3F8C4749B66E3AFB81D626356F3B55B4DDD8"),
hex!("D1B3F3DCB1CF5469977AFAABB53A1FC6903B1127203C9C02BC006C0BE4AD5CD9AB992AEC9C5500CA82A2457FC73A1F44"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52969"),
hex!("A669C5563BD67EEC678D29D6EF4FDE864F372D90B79B9E88931D5C29291238CCED8E85AB507BF91AA9CB2D13186658FB"),
hex!("567748D5183ED860DD26F7C24A0F132208FEE6AAF3E7C3CE3AFD20873C48FA56D6927E69DB7D77266887B09648C5DE22"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296a"),
hex!("8F0A39A4049BCB3EF1BF29B8B025B78F2216F7291E6FD3BAC6CB1EE285FB6E21C388528BFEE2B9535C55E4461079118B"),
hex!("9D3881EBC749FE29BAD3B5ACDD3C56866564C2835C3BFF39489877AB51264CFC618BC100202AE497D9D25B075399B507"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296b"),
hex!("1692778EA596E0BE75114297A6FA383445BF227FBE58190A900C3C73256F11FB5A3258D6F403D5ECE6E9B269D822C87D"),
hex!("232DC9A8FF2BEF957CAC7745C24702F1DDAAB52392ADE32B42E3CF3D13F113E594521E15322E8F729095405CFDD4F52D"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296c"),
hex!("283C1D7365CE4788F29F8EBF234EDFFEAD6FE997FBEA5FFA2D58CC9DFA7B1C508B05526F55B9EBB2040F05B48FB6D0E1"),
hex!("6B8A366F9E1BE47745AD102473E96FB8E59E2798128668D62636D32FE242DDA8CF27B120CD5870619B99B3263AED1073"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296d"),
hex!("627BE1ACD064D2B2226FE0D26F2D15D3C33EBCBB7F0F5DA51CBD41F26257383021317D7202FF30E50937F0854E35C5DF"),
hex!("F68995B34C074E3DE41922593EB0EA8A4D36ACAD9BB088B36679B09EC8EABBE8FB3BA4717B1E9ACEE8CC5BF82C0F06CB"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296e"),
hex!("11DE24A2C251C777573CAC5EA025E467F208E51DBFF98FC54F6661CBE56583B037882F4A1CA297E60ABCDBC3836D84BC"),
hex!("705969388BBF06D2F0A7C816F5FF183AD7B4BB88AB2A211773679ACC496FE513CE889791F51704CCE7BBEB55193E8EC5"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5296f"),
hex!("138251CD52AC9298C1C8AAD977321DEB97E709BD0B4CA0ACA55DC8AD51DCFC9D1589A1597E3A5120E1EFD631C63E1835"),
hex!("35351D679659D1E9CE175D7E7E54A99E923BA26E7543F60C54F19C3086D55B22128C7840C8445A96AB60E3FE4D8F1298"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970"),
hex!("077A41D4606FFA1464793C7E5FDC7D98CB9D3910202DCD06BEA4F240D3566DA6B408BBAE5026580D02D7E5C70500C831"),
hex!("366A0835F4F3BD7C82F44169FD5603667ADF4BE37AEEA55A0897B3F123EEE1523DB542931B4A2D6749A0D7A0F5D0E20E"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52971"),
hex!("08D999057BA3D2D969260045C55B97F089025959A6F434D651D207D19FB96E9E4FE0E86EBE0E64F85B96A9C75295DF61"),
hex!("717F0E05A4E4C312484017200292458B4D8A278A43933BC16FB1AFA0DA954BD9A002BC15B2C61DD29EAFE190F56BF17F"),
),
(
hex!("ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52972"),
hex!("AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"),
hex!("C9E821B569D9D390A26167406D6D23D6070BE242D765EB831625CEEC4A0F473EF59F4E30E2817E6285BCE2846F15F1A0"),
),
];