ECDSA test docs

[tammyom...@gmail.com]

Hi. We would like to implement some security attacks against ECDSA,  unfortunately we use SHA-384 in conjunction with the elliptic curve secp384r1. In addition our code base is in C.

I was wondering if you could send me some docs or references that you based your ECDSA tests on. Any help is much appreciated!

[⛷ Thai Duong]

Hi there,

You can test your implementation with our ECDSA test vectors at https://github.com/google/wycheproof/blob/master/testvectors/ecdsa_test.json. Here's how we use these vectors to test Java: https://github.com/google/wycheproof/blob/9cd6c67936e659f64e451244c98512cf4094e52b/java/com/google/security/wycheproof/testcases/JsonSignatureTest.java#L140. Testing a C implementation should work similarly.

On Wed, Feb 21, 2018 at 10:32 AM, <tammyom...@gmail.com> wrote:

Hi. We would like to implement some security attacks against ECDSA,  unfortunately we use SHA-384 in conjunction with the elliptic curve secp384r1. In addition our code base is in C.

I was wondering if you could send me some docs or references that you based your ECDSA tests on. Any help is much appreciated!

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/8b018d44-48ed-4dfe-8aa7-644146b97f5f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

https://vnhacker.blogspot.com

[tammyom...@gmail.com]

Thanks for your response! So the problem is that you don't seem to have any test vectors that use SHA-384 and the elliptic curve secp384r1 together. Can you point us to the references that you used to create your test vectors or perhaps point us to test vectors that do use SHA-384 and secp384r1?

On Wednesday, February 21, 2018 at 5:07:10 PM UTC-5, Thai Duong wrote:

Hi there,

You can test your implementation with our ECDSA test vectors at https://github.com/google/wycheproof/blob/master/testvectors/ecdsa_test.json. Here's how we use these vectors to test Java: https://github.com/google/wycheproof/blob/9cd6c67936e659f64e451244c98512cf4094e52b/java/com/google/security/wycheproof/testcases/JsonSignatureTest.java#L140. Testing a C implementation should work similarly.

On Wed, Feb 21, 2018 at 10:32 AM, <tammyom...@gmail.com> wrote:

Hi. We would like to implement some security attacks against ECDSA,  unfortunately we use SHA-384 in conjunction with the elliptic curve secp384r1. In addition our code base is in C.

I was wondering if you could send me some docs or references that you based your ECDSA tests on. Any help is much appreciated!

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.
To post to this group, send email to wychepro...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/8b018d44-48ed-4dfe-8aa7-644146b97f5f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

https://vnhacker.blogspot.com

[Daniel Bleichenbacher]

We'll add test vectors sorted for specific curves and hash algorithms.

Though, I'm not sure how long it takes to get them through the release.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/41cc71e6-c6c4-4a34-a9aa-3e5083e5d1e7%40googlegroups.com.

[⛷ Thai Duong]

On Fri, Feb 23, 2018 at 6:19 AM, <tammyom...@gmail.com> wrote:

Thanks for your response! So the problem is that you don't seem to have any test vectors that use SHA-384 and the elliptic curve secp384r1 together. Can you point us to the references that you used to create your test vectors or perhaps point us to test vectors that do use SHA-384 and secp384r1?

Oh you're right that our GitHub code doesn't have tests for SHA-384 and secp384r1. Could you please file a feature request at https://github.com/google/wycheproof/issues? We'll make sure that this is addressed in our next release.

On Wednesday, February 21, 2018 at 5:07:10 PM UTC-5, Thai Duong wrote:

Hi there,

You can test your implementation with our ECDSA test vectors at https://github.com/google/wycheproof/blob/master/testvectors/ecdsa_test.json. Here's how we use these vectors to test Java: https://github.com/google/wycheproof/blob/9cd6c67936e659f64e451244c98512cf4094e52b/java/com/google/security/wycheproof/testcases/JsonSignatureTest.java#L140. Testing a C implementation should work similarly.

On Wed, Feb 21, 2018 at 10:32 AM, <tammyom...@gmail.com> wrote:

Hi. We would like to implement some security attacks against ECDSA,  unfortunately we use SHA-384 in conjunction with the elliptic curve secp384r1. In addition our code base is in C.

I was wondering if you could send me some docs or references that you based your ECDSA tests on. Any help is much appreciated!

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.
To post to this group, send email to wychepro...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/8b018d44-48ed-4dfe-8aa7-644146b97f5f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

https://vnhacker.blogspot.com

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/41cc71e6-c6c4-4a34-a9aa-3e5083e5d1e7%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

https://vnhacker.blogspot.com

[Daniel Bleichenbacher]

Can we also work on a faster way to fix and release such issues?

I have the test vectors for this case.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/CA%2BcP%2BQGLjJxYtscKthYNUbhFCub1D6qXNRmFmMNd13HC5W2ozQ%40mail.gmail.com.

[Daniel Bleichenbacher]

Additionally one question is what formats for public keys are useful.

So far we include, PEM, PKCS8, and a json structure with big integer fields.

If there are some other commonly used formats it might make sense to add

the public keys in other formats, so that one does not have to implement

conversions.

[Tamalika Mukherjee]

Thanks for the responses! Can anyone tell me when the next release is scheduled? I just need to figure out a timeline for my own project. 

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/41cc71e6-c6c4-4a34-a9aa-3e5083e5d1e7%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

https://vnhacker.blogspot.com

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.
To post to this group, send email to wychepro...@googlegroups.com.

[⛷ Thai Duong]

Next week I'll start syncing our internal version to GitHub. If things work out properly [1], in one month time a new version including the test vectors that you need will be released. I'll also automate this sync process to release new tests more frequently.

[1] I'm mostly afraid of accidentally releasing 0-days, so it'll take some time to verify that the bugs we found were already fixed.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/9bb2d599-2ac6-4b70-9b01-0d8bc00bf359%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

https://vnhacker.blogspot.com

[Brian Smith]

On Monday, February 26, 2018 at 8:49:32 AM UTC-10, bleichen wrote:

Additionally one question is what formats for public keys are useful.

So far we include, PEM, PKCS8, and a json structure with big integer fields.

If there are some other commonly used formats it might make sense to add

the public keys in other formats, so that one does not have to implement

conversions.

 In the case of ECC tests, the standard uncompressed `0x04 <fixed-width X coordinate> <fixed-width Y coordinate>` format would be most useful to me. This is the form found inside the derKey field, with the ASN.1 AlgorithmIdentifier stripped.

Cheers,

Brian

[Thai Duong]

yes, this sounds like something we can add. 

Cheers,

Brian

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.
To post to this group, send email to wychepro...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/3c84193e-8c81-4477-812e-d5e1c816ef5f%40googlegroups.com.

[Daniel Bleichenbacher]

Here is an example for an EC key with uncompressed points:

  {

      "key" : {

        "curve" : "secp256r1",

        "keySize" : 256,

        "type" : "ECPublicKey",

        "uncompressed" : "042927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838c7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e",

        "wx" : "2927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838",

        "wy" : "0c7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e"

      },

      "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200042927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838c7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e",

      "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKSexBRK64+3c/kZ4KBKLrSkDJpkZ\n9whgacjE32xzKDjHeHlk6qwA5ZIfsUmKYPRgZ2az2WhQAVWNGpdOc0FRPg==\n-----END PUBLIC KEY-----",

      "sha" : "SHA-512",

      ...

The uncompressed point is part of key, since the point alone does not fully describe a key.

uncompressed is a byte-array (while wx and wy are hexadecimal integers).

On Mon, Jun 4, 2018 at 4:58 PM, Thai Duong <tha...@google.com> wrote:

On Wed, May 30, 2018 at 7:13 PM Brian Smith <br...@briansmith.org> wrote:

On Monday, February 26, 2018 at 8:49:32 AM UTC-10, bleichen wrote:

Additionally one question is what formats for public keys are useful.

So far we include, PEM, PKCS8, and a json structure with big integer fields.

If there are some other commonly used formats it might make sense to add

the public keys in other formats, so that one does not have to implement

conversions.

 In the case of ECC tests, the standard uncompressed `0x04 <fixed-width X coordinate> <fixed-width Y coordinate>` format would be most useful to me. This is the form found inside the derKey field, with the ASN.1 AlgorithmIdentifier stripped.

yes, this sounds like something we can add. 

Cheers,

Brian

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.