diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/CURVES.md | 40 | ||||
| -rw-r--r-- | docs/FORMAT.md | 30 | ||||
| -rw-r--r-- | docs/LIBS.md | 31 | ||||
| -rw-r--r-- | docs/TESTS.md | 20 |
4 files changed, 100 insertions, 21 deletions
diff --git a/docs/CURVES.md b/docs/CURVES.md index d1749df..4a80d49 100644 --- a/docs/CURVES.md +++ b/docs/CURVES.md @@ -1,15 +1,47 @@ # Curves -## anomalous +## SECG +SEC 2: Recommended Elliptic Curve Domain Parameters version 2.0 January 27, 2010 + +[Source](http://www.secg.org/sec2-v2.pdf) + +## NIST +RECOMMENDED ELLIPTIC CURVES FOR FEDERAL GOVERNMENT USE July 1999 + +[Source](http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf) + +## x962 +ANSI X9.62 example curves. ## Brainpool +ECC Brainpool Standard Curves and Curve Generation v. 1.0 19.10.2005 + +[Source](http://www.ecc-brainpool.org/download/Domain-parameters.pdf) + +## anssi +Agence nationale de la sécurité des systèmes d'information: Publication d'un paramétrage de courbe elliptique visant des applications de passeport électronique et de l'administration électronique française. 21 November 2011 + +## GOST +GOST R 34.10-2001: RFC5832 curves. + +[Source](https://tools.ietf.org/html/rfc5832) + +## anomalous +These prime field curves have the same order as the field order, and are susceptible to attacks reducing ECDLP over a multiplicative group of the curve, to DLP over an additive group of the underlying field, which is easy (linear time). + +Some of these are from Atsuko Miyaji's [paper](https://dspace.jaist.ac.jp/dspace/bitstream/10119/4464/1/73-61.pdf), others were generated using [ecgen](htps://github.com/J08nY/ecgen). ## invalid +This category contains pre-generated invalid curves for a large subset of NIST, SECG and Brainpool curves. Invalid curves for a given curve, are short Weierstrass curves with all parameters equal to the given curve except the `b` parameter. These curves can be used to [attack some implementations](https://www.nds.rub.de/media/nds/veroeffentlichungen/2015/09/14/main-full.pdf). -## NIST +Generated using [ecgen](https://github.com/J08nY/ecgen) -## nonprime +## composite +Contains curves of composite order, with small order points. -## SECG +Generated using [ecgen](https://github.com/J08nY/ecgen) ## wrong +Contains parameters that are not elliptic curves(over Fp and F2m), such as `p` parameter that is not prime, irreducible polynomial that is not irreducible and similar. + +Generated manually.
\ No newline at end of file diff --git a/docs/FORMAT.md b/docs/FORMAT.md index b68db39..849a62c 100644 --- a/docs/FORMAT.md +++ b/docs/FORMAT.md @@ -1,7 +1,10 @@ # Format -CSV based, little-endian hexadecimal values. +ECTester mostly reads/outputs data in either human-readable format or using CSV. ## Curves +Input files for the `-c/--curve` option should be in CSV, little-endian hexadecimal format. +Output of the `-e/--export` option will also be in this format. + ### Prime field `p,a,b,gx,gy,n,h` @@ -9,6 +12,8 @@ CSV based, little-endian hexadecimal values. `m,e1,e2,e3,a,b,gx,gy,n,h` ## Key material +Input files for the `-k/--key`, `-pub/--public` and `-priv/--private` options should be in CSV, little-endian hexadecimal format. + ### Keypair `wx,wy,s` @@ -18,7 +23,7 @@ CSV based, little-endian hexadecimal values. ### Private key `s` -# Notation +### Notation - `p` - prime F_p - `m` - binary field exponent F_2^m - `e1` - largest exponent of the field polynomial @@ -32,4 +37,23 @@ CSV based, little-endian hexadecimal values. - `h` - the base-point cofactor - `wx` - the x coordinate of the public key - `wy` - the y coordinate of th public key - - `s` - the private key value
\ No newline at end of file + - `s` - the private key value + +## Key generation output(CSV) +Output of the `-g/--generate` option. + +`index;time;pubW;privS` + +## KeyAgreement output(CSV) +Output of the `-dh/--ecdh` option. + +`index;time;pubW;privS;secret` + +## Signature output(CSV) +Output of the `-dsa/--ecdsa` option. + +`index;time;signature` + +## Test runs +By default test runs are output in a human readable format, however YAML and XML is also supported and can be selected +by using the `-o/--output` option. diff --git a/docs/LIBS.md b/docs/LIBS.md new file mode 100644 index 0000000..4fac57b --- /dev/null +++ b/docs/LIBS.md @@ -0,0 +1,31 @@ +# Libraries with ECC + +Libraries with at least some ECC support: + + - [Crypto++](https://cryptopp.com/) + - [libgcrypt](https://www.gnupg.org/related_software/libgcrypt/) + + - [mbedTLS](https://tls.mbed.org/) + - [Nettle](http://www.lysator.liu.se/~nisse/nettle/) + - [OpenSSL](https://www.openssl.org/) + - [OpenSSL (FIPS mode)](https://www.openssl.org/docs/fipsnotes.html) + + - [Microsoft CNG](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376210(v=vs.85).aspx) + - [Microsoft .NET crypto](https://docs.microsoft.com/en-us/dotnet/standard/security/cryptography-model) + +# Supported libraries + + - [BouncyCastle](https://bouncycastle.org/java.html) + - Java + - [Sun EC](https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC) + - Java + C + - [Botan](https://botan.randombit.net/), since 2.4.0 (unreleased) + - C++ + - Uses blinded(randomized) Montgomery ladder. + - https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 + - https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-1986-cc + - https://eprint.iacr.org/2015/657 + - [libtomcrypt](http://www.libtom.net/LibTomCrypt/) + - C + - Uses Jacobian coordinates. + - Sliding window scalar multiplication algorithm.
\ No newline at end of file diff --git a/docs/TESTS.md b/docs/TESTS.md index 21298dc..c4f38dc 100644 --- a/docs/TESTS.md +++ b/docs/TESTS.md @@ -11,29 +11,21 @@ confirmation before running, be cautious.** ## Default Tests the default curves present on the card. These might not be present or the card might not even support ECC. -Tests keypair allocation, generation, ECDH and ECDSA. ECDH is first tested with two valid generated keypairs, then a with a -public key that is corrupted in various ways, these tests should fail. +Tests keypair allocation, generation, ECDH and ECDSA. ECDH is first tested with two valid generated keypairs, then +with a compressed public key to test support for compressed points. This test suite is run if no argument is provided to `-t / --test`. -Supports the `-nc / --named-curve` option so you can specify a category of curves or a curve to use if the card doesn't -have default curves preset. - For example: ```bash -java -jar ECTester.jar -nc secg -a -fp -t -``` -tests all(`-a`), prime field(`-fp`) SECG curves, using the default test suite. - -```bash -java -jar ECTester.jar -u -a -f2m -t +java -jar ECTester.jar -a -fp -t ``` -tests all(`-a`), binary field(`-f2m`), custom(`-u`) curves. +tests all(`-a`), prime field(`-fp`), using the default test suite. ```bash -java -jar ECTester.jar -b 128 -fp -t +java -jar ECTester.jar-a -f2m -t ``` -tests a 128 bit(`-b`), prime field(`-fp`) curve, (if a default one is present). +tests all(`-a`), binary field(`-f2m`), curves. ## Test-Vectors Tests using known test vectors provided by NIST/SECG/Brainpool: |