def prepend_len(data):
"prepend LEB128 encoding of length"
length = len(data)
length_encoded = b""
while True:
if length < 128:
length_encoded += bytes([length])
else:
length_encoded += bytes([(length & 0x7f) + 0x80])
length = int(length >> 7)
if length == 0:
break;
return length_encoded + data prepend_len(b""): (length: 1 bytes)
00
prepend_len(b"1234"): (length: 5 bytes)
0431323334
prepend_len(bytes(range(127))): (length: 128 bytes)
7f000102030405060708090a0b0c0d0e0f101112131415161718191a1b
1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738
393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455
565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172
737475767778797a7b7c7d7e
prepend_len(bytes(range(128))): (length: 130 bytes)
8001000102030405060708090a0b0c0d0e0f101112131415161718191a
1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637
38393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f5051525354
55565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f7071
72737475767778797a7b7c7d7e7f
#eyJwcmVwZW5kX2xlbihiJycpIjogIjAwIiwgImInMTIzNCciOiAiMzEzMjMzMzQiLC
#AicHJlcGVuZF9sZW4oYicxMjM0JykiOiAiMDQzMTMyMzMzNCIsICJwcmVwZW5kX2xl
#bihieXRlcyhyYW5nZSgxMjcpKSkiOiAiN0YwMDAxMDIwMzA0MDUwNjA3MDgwOTBBME
#IwQzBEMEUwRjEwMTExMjEzMTQxNTE2MTcxODE5MUExQjFDMUQxRTFGMjAyMTIyMjMy
#NDI1MjYyNzI4MjkyQTJCMkMyRDJFMkYzMDMxMzIzMzM0MzUzNjM3MzgzOTNBM0IzQz
#NEM0UzRjQwNDE0MjQzNDQ0NTQ2NDc0ODQ5NEE0QjRDNEQ0RTRGNTA1MTUyNTM1NDU1
#NTY1NzU4NTk1QTVCNUM1RDVFNUY2MDYxNjI2MzY0NjU2NjY3Njg2OTZBNkI2QzZENk
#U2RjcwNzE3MjczNzQ3NTc2Nzc3ODc5N0E3QjdDN0Q3RSIsICJwcmVwZW5kX2xlbihi
#eXRlcyhyYW5nZSgxMjgpKSkiOiAiODAwMTAwMDEwMjAzMDQwNTA2MDcwODA5MEEwQj
#BDMEQwRTBGMTAxMTEyMTMxNDE1MTYxNzE4MTkxQTFCMUMxRDFFMUYyMDIxMjIyMzI0
#MjUyNjI3MjgyOTJBMkIyQzJEMkUyRjMwMzEzMjMzMzQzNTM2MzczODM5M0EzQjNDM0
#QzRTNGNDA0MTQyNDM0NDQ1NDY0NzQ4NDk0QTRCNEM0RDRFNEY1MDUxNTI1MzU0NTU1
#NjU3NTg1OTVBNUI1QzVENUU1RjYwNjE2MjYzNjQ2NTY2Njc2ODY5NkE2QjZDNkQ2RT
#ZGNzA3MTcyNzM3NDc1NzY3Nzc4Nzk3QTdCN0M3RDdFN0YifQ==
def lv_cat(*args):
result = b""
for arg in args:
result += prepend_len(arg)
return result lv_cat(b"1234",b"5",b"",b"678"): (length: 12 bytes)
043132333401350003363738
#eyJiJzEyMzQnIjogIjMxMzIzMzM0IiwgImInNSciOiAiMzUiLCAiYic2NzgnIjogIj
#M2MzczOCIsICJsdl9jYXQoYicxMjM0JyxiJzUnLGInJyxiJzY3OCcpIjogIjA0MzEz
#MjMzMzQwMTM1MDAwMzM2MzczOCJ9
def generator_string(DSI,PRS,CI,sid,s_in_bytes):
# Concat all input fields with prepended length information.
# Add zero padding in the first hash block after DSI and PRS.
len_zpad = max(0,s_in_bytes - 1 - len(prepend_len(PRS))
- len(prepend_len(DSI)))
return lv_cat(DSI, PRS, zero_bytes(len_zpad),
CI, sid)For ordered concatenation lexiographical ordering of byte sequences is used:
def lexiographically_larger(bytes1,bytes2):
"Returns True if bytes1>bytes2 using lexiographical ordering."
min_len = min (len(bytes1), len(bytes2))
for m in range(min_len):
if bytes1[m] > bytes2[m]:
return True;
elif bytes1[m] < bytes2[m]:
return False;
return len(bytes1) > len(bytes2)With the above definition of lexiographical ordering ordered concatenation is specified as follows.
def o_cat(bytes1,bytes2):
if lexiographically_larger(bytes1,bytes2):
return b"oc" + bytes1 + bytes2
else:
return b"oc" + bytes2 + bytes1 string comparison for o_cat:
lexiographically_larger(b"\0", b"\0\0") == False
lexiographically_larger(b"\1", b"\0\0") == True
lexiographically_larger(b"\0\0", b"\0") == True
lexiographically_larger(b"\0\0", b"\1") == False
lexiographically_larger(b"\0\1", b"\1") == False
lexiographically_larger(b"ABCD", b"BCD") == False
o_cat(b"ABCD",b"BCD"): (length: 9 bytes)
6f6342434441424344
o_cat(b"BCD",b"ABCDE"): (length: 10 bytes)
6f634243444142434445
#eyJiJ0FCQ0QnIjogIjQxNDI0MzQ0IiwgImInQkNEJyI6ICI0MjQzNDQiLCAiYidBQk
#NERSciOiAiNDE0MjQzNDQ0NSIsICJvX2NhdChiJ0FCQ0QnLGInQkNEJykiOiAiNkY2
#MzQyNDM0NDQxNDI0MzQ0IiwgIm9fY2F0KGInQkNEJyxiJ0FCQ0RFJykiOiAiNkY2Mz
#QyNDM0NDQxNDI0MzQ0NDUifQ==
def transcript_ir(Ya,ADa,Yb,ADb):
result = lv_cat(Ya,ADa) + lv_cat(Yb,ADb)
return result transcript_ir(b"123", b"PartyA", b"234",b"PartyB"):
(length: 22 bytes)
03313233065061727479410332333406506172747942
transcript_ir(b"3456",b"PartyA",b"2345",b"PartyB"):
(length: 24 bytes)
043334353606506172747941043233343506506172747942
#eyJiJzEyMyciOiAiMzEzMjMzIiwgImInMjM0JyI6ICIzMjMzMzQiLCAiYidQYXJ0eU
#EnIjogIjUwNjE3Mjc0Nzk0MSIsICJiJ1BhcnR5QiciOiAiNTA2MTcyNzQ3OTQyIiwg
#ImInMzQ1NiciOiAiMzMzNDM1MzYiLCAiYicyMzQ1JyI6ICIzMjMzMzQzNSIsICJ0cm
#Fuc2NyaXB0X2lyKGInMTIzJyxiJ1BhcnR5QScsYicyMzQnLGInUGFydHlCJykiOiAi
#MDMzMTMyMzMwNjUwNjE3Mjc0Nzk0MTAzMzIzMzM0MDY1MDYxNzI3NDc5NDIiLCAidH
#JhbnNjcmlwdF9pcihiJzM0NTYnLGInUGFydHlBJyxiJzIzNDUnLGInUGFydHlCJyki
#OiAiMDQzMzM0MzUzNjA2NTA2MTcyNzQ3OTQxMDQzMjMzMzQzNTA2NTA2MTcyNzQ3OT
#QyIn0=
def transcript_oc(Ya,ADa,Yb,ADb):
result = o_cat(lv_cat(Ya,ADa),lv_cat(Yb,ADb))
return result transcript_oc(b"123", b"PartyA", b"234",b"PartyB"):
(length: 24 bytes)
6f6303323334065061727479420331323306506172747941
transcript_oc(b"3456",b"PartyA",b"2345",b"PartyB"):
(length: 26 bytes)
6f63043334353606506172747941043233343506506172747942
#eyJiJzEyMyciOiAiMzEzMjMzIiwgImInMjM0JyI6ICIzMjMzMzQiLCAiYidQYXJ0eU
#EnIjogIjUwNjE3Mjc0Nzk0MSIsICJiJ1BhcnR5QiciOiAiNTA2MTcyNzQ3OTQyIiwg
#ImInMzQ1NiciOiAiMzMzNDM1MzYiLCAiYicyMzQ1JyI6ICIzMjMzMzQzNSIsICJ0cm
#Fuc2NyaXB0X29jKGInMTIzJyxiJ1BhcnR5QScsYicyMzQnLGInUGFydHlCJykiOiAi
#NkY2MzAzMzIzMzM0MDY1MDYxNzI3NDc5NDIwMzMxMzIzMzA2NTA2MTcyNzQ3OTQxIi
#wgInRyYW5zY3JpcHRfb2MoYiczNDU2JyxiJ1BhcnR5QScsYicyMzQ1JyxiJ1BhcnR5
#QicpIjogIjZGNjMwNDMzMzQzNTM2MDY1MDYxNzI3NDc5NDEwNDMyMzMzNDM1MDY1MD
#YxNzI3NDc5NDIifQ==
def decodeLittleEndian(b, bits):
return sum([b[i] << 8*i for i in range((bits+7)/8)])
def decodeUCoordinate(u, bits):
u_list = [ord(b) for b in u]
# Ignore any unused bits.
if bits % 8:
u_list[-1] &= (1<<(bits%8))-1
return decodeLittleEndian(u_list, bits)
def encodeUCoordinate(u, bits):
return ''.join([chr((u >> 8*i) & 0xff)
for i in range((bits+7)/8)])The Elligator 2 map requires a non-square field element Z which shall be calculated as follows.
def find_z_ell2(F):
# Find nonsquare for Elligator2
# Argument: F, a field object, e.g., F = GF(2^255 - 19)
ctr = F.gen()
while True:
for Z_cand in (F(ctr), F(-ctr)):
# Z must be a non-square in F.
if is_square(Z_cand):
continue
return Z_cand
ctr += 1The values of the non-square Z only depend on the curve. The algorithm above results in a value of Z = 2 for Curve25519 and Z=-1 for Ed448.
The following code maps a field element r to an encoded field element which is a valid u-coordinate of a Montgomery curve with curve parameter A.
def elligator2(r, q, A, field_size_bits):
# Inputs: field element r, field order q,
# curve parameter A and field size in bits
Fq = GF(q); A = Fq(A); B = Fq(1);
# get non-square z as specified in the hash2curve draft.
z = Fq(find_z_ell2(Fq))
powerForLegendreSymbol = floor((q-1)/2)
v = - A / (1 + z * r^2)
epsilon = (v^3 + A * v^2 + B * v)^powerForLegendreSymbol
x = epsilon * v - (1 - epsilon) * A/2
return encodeUCoordinate(Integer(x), field_size_bits) Inputs
H = SHA-512 with input block size 128 bytes.
PRS = b'Password' ; ZPAD length: 109 ; DSI = b'CPace255'
CI = b'oc\x0bB_responder\x0bA_initiator'
CI = 6f630b425f726573706f6e6465720b415f696e69746961746f72
sid = 7e4b4791d6a8ef019b936c79fb7f2c57
Outputs
generator_string(G.DSI,PRS,CI,sid,H.s_in_bytes):
(length: 172 bytes)
0843506163653235350850617373776f72646d000000000000000000
00000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
000000000000000000000000000000001a6f630b425f726573706f6e
6465720b415f696e69746961746f72107e4b4791d6a8ef019b936c79
fb7f2c57
hash generator string: (length: 32 bytes)
92806dc608984dbf4e4aae478c6ec453ae979cc01ecc1a2a7cf49f5c
ee56551b
decoded field element of 255 bits: (length: 32 bytes)
92806dc608984dbf4e4aae478c6ec453ae979cc01ecc1a2a7cf49f5c
ee56551b
generator g: (length: 32 bytes)
64e8099e3ea682cfdc5cb665c057ebb514d06bf23ebc9f743b51b822
42327074
#eyJIIjogIlNIQS01MTIiLCAiSC5zX2luX2J5dGVzIjogMTI4LCAiUFJTIjogIjUwNj
#E3MzczNzc2RjcyNjQiLCAiWlBBRCBsZW5ndGgiOiAxMDksICJEU0kiOiAiNDM1MDYx
#NjM2NTMyMzUzNSIsICJDSSI6ICI2RjYzMEI0MjVGNzI2NTczNzA2RjZFNjQ2NTcyME
#I0MTVGNjk2RTY5NzQ2OTYxNzQ2RjcyIiwgInNpZCI6ICI3RTRCNDc5MUQ2QThFRjAx
#OUI5MzZDNzlGQjdGMkM1NyIsICJnZW5lcmF0b3Jfc3RyaW5nKEcuRFNJLFBSUyxDSS
#xzaWQsSC5zX2luX2J5dGVzKSI6ICIwODQzNTA2MTYzNjUzMjM1MzUwODUwNjE3Mzcz
#Nzc2RjcyNjQ2RDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMUE2RjYzMEI0MjVGNzI2NTczNz
#A2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2RjcyMTA3RTRCNDc5MUQ2QThF
#RjAxOUI5MzZDNzlGQjdGMkM1NyIsICJoYXNoIGdlbmVyYXRvciBzdHJpbmciOiAiOT
#I4MDZEQzYwODk4NERCRjRFNEFBRTQ3OEM2RUM0NTNBRTk3OUNDMDFFQ0MxQTJBN0NG
#NDlGNUNFRTU2NTUxQiIsICJkZWNvZGVkIGZpZWxkIGVsZW1lbnQgb2YgMjU1IGJpdH
#MiOiAiOTI4MDZEQzYwODk4NERCRjRFNEFBRTQ3OEM2RUM0NTNBRTk3OUNDMDFFQ0Mx
#QTJBN0NGNDlGNUNFRTU2NTUxQiIsICJnZW5lcmF0b3IgZyI6ICI2NEU4MDk5RTNFQT
#Y4MkNGREM1Q0I2NjVDMDU3RUJCNTE0RDA2QkYyM0VCQzlGNzQzQjUxQjgyMjQyMzI3
#MDc0In0=
Inputs
ADa = b'ADa'
ya (little endian): (length: 32 bytes)
21b4f4bd9e64ed355c3eb676a28ebedaf6d8f17bdc365995b3190971
53044080
Outputs
Ya: (length: 32 bytes)
1b02dad6dbd29a07b6d28c9e04cb2f184f0734350e32bb7e62ff9dbc
fdb63d15
Inputs
ADb = b'ADb'
yb (little endian): (length: 32 bytes)
848b0779ff415f0af4ea14df9dd1d3c29ac41d836c7808896c4eba19
c51ac40a
Outputs
Yb: (length: 32 bytes)
20cda5955f82c4931545bcbf40758ce1010d7db4db2a907013d79c7a
8fcf957f
scalar_mult_vfy(ya,Yb): (length: 32 bytes)
f97fdfcfff1c983ed6283856a401de3191ca919902b323c5f950c970
3df7297a
scalar_mult_vfy(yb,Ya): (length: 32 bytes)
f97fdfcfff1c983ed6283856a401de3191ca919902b323c5f950c970
3df7297a
transcript_ir(Ya,ADa,Yb,ADb): (length: 74 bytes)
201b02dad6dbd29a07b6d28c9e04cb2f184f0734350e32bb7e62ff9d
bcfdb63d15034144612020cda5955f82c4931545bcbf40758ce1010d
7db4db2a907013d79c7a8fcf957f03414462
DSI = G.DSI_ISK, b'CPace255_ISK': (length: 12 bytes)
43506163653235355f49534b
lv_cat(DSI,sid,K)||transcript_ir(Ya,ADa,Yb,ADb):
(length: 137 bytes)
0c43506163653235355f49534b107e4b4791d6a8ef019b936c79fb7f
2c5720f97fdfcfff1c983ed6283856a401de3191ca919902b323c5f9
50c9703df7297a201b02dad6dbd29a07b6d28c9e04cb2f184f073435
0e32bb7e62ff9dbcfdb63d15034144612020cda5955f82c4931545bc
bf40758ce1010d7db4db2a907013d79c7a8fcf957f03414462
ISK result: (length: 64 bytes)
a051ee5ee2499d16da3f69f430218b8ea94a18a45b67f9e86495b382
c33d14a5c38cecc0cc834f960e39e0d1bf7d76b9ef5d54eecc5e0f38
6c97ad12da8c3d5f
transcript_oc(Ya,ADa,Yb,ADb): (length: 76 bytes)
6f632020cda5955f82c4931545bcbf40758ce1010d7db4db2a907013
d79c7a8fcf957f03414462201b02dad6dbd29a07b6d28c9e04cb2f18
4f0734350e32bb7e62ff9dbcfdb63d1503414461
DSI = G.DSI_ISK, b'CPace255_ISK': (length: 12 bytes)
43506163653235355f49534b
lv_cat(DSI,sid,K)||transcript_oc(Ya,ADa,Yb,ADb):
(length: 139 bytes)
0c43506163653235355f49534b107e4b4791d6a8ef019b936c79fb7f
2c5720f97fdfcfff1c983ed6283856a401de3191ca919902b323c5f9
50c9703df7297a6f632020cda5955f82c4931545bcbf40758ce1010d
7db4db2a907013d79c7a8fcf957f03414462201b02dad6dbd29a07b6
d28c9e04cb2f184f0734350e32bb7e62ff9dbcfdb63d1503414461
ISK result: (length: 64 bytes)
5cc27e49679423f81a37d7521d9fb1327c840d2ea4a1543652e7de5c
abb89ebad27d24761b3288a3fd5764b441ecb78d30abc26161ff45ea
297bb311dde04727
H.hash(b"CPaceSidOut" + transcript_ir(Ya,ADa, Yb,ADb)):
(length: 64 bytes)
f7ae11ac3ee85c3c42d8bd51ba823fbe17158f43d34a1296f1cb2567
bcc71dc8b201a134b566b468aad8fd04f02f96e3caf9d5601f7ed760
a0a951a5a861b5e7
H.hash(b"CPaceSidOut" + transcript_oc(Ya,ADa, Yb,ADb)):
(length: 64 bytes)
a38389e34fa492788c1df43b06b427710491174e53c33b01362a490d
116fe1b7e870aa6e2a7fc018725e3b7f969f7508042e44cd3863f39a
a75026a190d1902b
const unsigned char tc_PRS[] = {
0x50,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,
};
const unsigned char tc_CI[] = {
0x6f,0x63,0x0b,0x42,0x5f,0x72,0x65,0x73,0x70,0x6f,0x6e,0x64,
0x65,0x72,0x0b,0x41,0x5f,0x69,0x6e,0x69,0x74,0x69,0x61,0x74,
0x6f,0x72,
};
const unsigned char tc_sid[] = {
0x7e,0x4b,0x47,0x91,0xd6,0xa8,0xef,0x01,0x9b,0x93,0x6c,0x79,
0xfb,0x7f,0x2c,0x57,
};
const unsigned char tc_g[] = {
0x64,0xe8,0x09,0x9e,0x3e,0xa6,0x82,0xcf,0xdc,0x5c,0xb6,0x65,
0xc0,0x57,0xeb,0xb5,0x14,0xd0,0x6b,0xf2,0x3e,0xbc,0x9f,0x74,
0x3b,0x51,0xb8,0x22,0x42,0x32,0x70,0x74,
};
const unsigned char tc_ya[] = {
0x21,0xb4,0xf4,0xbd,0x9e,0x64,0xed,0x35,0x5c,0x3e,0xb6,0x76,
0xa2,0x8e,0xbe,0xda,0xf6,0xd8,0xf1,0x7b,0xdc,0x36,0x59,0x95,
0xb3,0x19,0x09,0x71,0x53,0x04,0x40,0x80,
};
const unsigned char tc_ADa[] = {
0x41,0x44,0x61,
};
const unsigned char tc_Ya[] = {
0x1b,0x02,0xda,0xd6,0xdb,0xd2,0x9a,0x07,0xb6,0xd2,0x8c,0x9e,
0x04,0xcb,0x2f,0x18,0x4f,0x07,0x34,0x35,0x0e,0x32,0xbb,0x7e,
0x62,0xff,0x9d,0xbc,0xfd,0xb6,0x3d,0x15,
};
const unsigned char tc_yb[] = {
0x84,0x8b,0x07,0x79,0xff,0x41,0x5f,0x0a,0xf4,0xea,0x14,0xdf,
0x9d,0xd1,0xd3,0xc2,0x9a,0xc4,0x1d,0x83,0x6c,0x78,0x08,0x89,
0x6c,0x4e,0xba,0x19,0xc5,0x1a,0xc4,0x0a,
};
const unsigned char tc_ADb[] = {
0x41,0x44,0x62,
};
const unsigned char tc_Yb[] = {
0x20,0xcd,0xa5,0x95,0x5f,0x82,0xc4,0x93,0x15,0x45,0xbc,0xbf,
0x40,0x75,0x8c,0xe1,0x01,0x0d,0x7d,0xb4,0xdb,0x2a,0x90,0x70,
0x13,0xd7,0x9c,0x7a,0x8f,0xcf,0x95,0x7f,
};
const unsigned char tc_K[] = {
0xf9,0x7f,0xdf,0xcf,0xff,0x1c,0x98,0x3e,0xd6,0x28,0x38,0x56,
0xa4,0x01,0xde,0x31,0x91,0xca,0x91,0x99,0x02,0xb3,0x23,0xc5,
0xf9,0x50,0xc9,0x70,0x3d,0xf7,0x29,0x7a,
};
const unsigned char tc_ISK_IR[] = {
0xa0,0x51,0xee,0x5e,0xe2,0x49,0x9d,0x16,0xda,0x3f,0x69,0xf4,
0x30,0x21,0x8b,0x8e,0xa9,0x4a,0x18,0xa4,0x5b,0x67,0xf9,0xe8,
0x64,0x95,0xb3,0x82,0xc3,0x3d,0x14,0xa5,0xc3,0x8c,0xec,0xc0,
0xcc,0x83,0x4f,0x96,0x0e,0x39,0xe0,0xd1,0xbf,0x7d,0x76,0xb9,
0xef,0x5d,0x54,0xee,0xcc,0x5e,0x0f,0x38,0x6c,0x97,0xad,0x12,
0xda,0x8c,0x3d,0x5f,
};
const unsigned char tc_ISK_SY[] = {
0x5c,0xc2,0x7e,0x49,0x67,0x94,0x23,0xf8,0x1a,0x37,0xd7,0x52,
0x1d,0x9f,0xb1,0x32,0x7c,0x84,0x0d,0x2e,0xa4,0xa1,0x54,0x36,
0x52,0xe7,0xde,0x5c,0xab,0xb8,0x9e,0xba,0xd2,0x7d,0x24,0x76,
0x1b,0x32,0x88,0xa3,0xfd,0x57,0x64,0xb4,0x41,0xec,0xb7,0x8d,
0x30,0xab,0xc2,0x61,0x61,0xff,0x45,0xea,0x29,0x7b,0xb3,0x11,
0xdd,0xe0,0x47,0x27,
};
const unsigned char tc_ISK_SY[] = {
0x5c,0xc2,0x7e,0x49,0x67,0x94,0x23,0xf8,0x1a,0x37,0xd7,0x52,
0x1d,0x9f,0xb1,0x32,0x7c,0x84,0x0d,0x2e,0xa4,0xa1,0x54,0x36,
0x52,0xe7,0xde,0x5c,0xab,0xb8,0x9e,0xba,0xd2,0x7d,0x24,0x76,
0x1b,0x32,0x88,0xa3,0xfd,0x57,0x64,0xb4,0x41,0xec,0xb7,0x8d,
0x30,0xab,0xc2,0x61,0x61,0xff,0x45,0xea,0x29,0x7b,0xb3,0x11,
0xdd,0xe0,0x47,0x27,
};
const unsigned char tc_sid_out_ir[] = {
0xf7,0xae,0x11,0xac,0x3e,0xe8,0x5c,0x3c,0x42,0xd8,0xbd,0x51,
0xba,0x82,0x3f,0xbe,0x17,0x15,0x8f,0x43,0xd3,0x4a,0x12,0x96,
0xf1,0xcb,0x25,0x67,0xbc,0xc7,0x1d,0xc8,0xb2,0x01,0xa1,0x34,
0xb5,0x66,0xb4,0x68,0xaa,0xd8,0xfd,0x04,0xf0,0x2f,0x96,0xe3,
0xca,0xf9,0xd5,0x60,0x1f,0x7e,0xd7,0x60,0xa0,0xa9,0x51,0xa5,
0xa8,0x61,0xb5,0xe7,
};
const unsigned char tc_sid_out_oc[] = {
0xa3,0x83,0x89,0xe3,0x4f,0xa4,0x92,0x78,0x8c,0x1d,0xf4,0x3b,
0x06,0xb4,0x27,0x71,0x04,0x91,0x17,0x4e,0x53,0xc3,0x3b,0x01,
0x36,0x2a,0x49,0x0d,0x11,0x6f,0xe1,0xb7,0xe8,0x70,0xaa,0x6e,
0x2a,0x7f,0xc0,0x18,0x72,0x5e,0x3b,0x7f,0x96,0x9f,0x75,0x08,
0x04,0x2e,0x44,0xcd,0x38,0x63,0xf3,0x9a,0xa7,0x50,0x26,0xa1,
0x90,0xd1,0x90,0x2b,
}; #eyJQUlMiOiAiNTA2MTczNzM3NzZGNzI2NCIsICJDSSI6ICI2RjYzMEI0MjVGNzI2NT
#czNzA2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2RjcyIiwgInNpZCI6ICI3
#RTRCNDc5MUQ2QThFRjAxOUI5MzZDNzlGQjdGMkM1NyIsICJnIjogIjY0RTgwOTlFM0
#VBNjgyQ0ZEQzVDQjY2NUMwNTdFQkI1MTREMDZCRjIzRUJDOUY3NDNCNTFCODIyNDIz
#MjcwNzQiLCAieWEiOiAiMjFCNEY0QkQ5RTY0RUQzNTVDM0VCNjc2QTI4RUJFREFGNk
#Q4RjE3QkRDMzY1OTk1QjMxOTA5NzE1MzA0NDA4MCIsICJBRGEiOiAiNDE0NDYxIiwg
#IllhIjogIjFCMDJEQUQ2REJEMjlBMDdCNkQyOEM5RTA0Q0IyRjE4NEYwNzM0MzUwRT
#MyQkI3RTYyRkY5REJDRkRCNjNEMTUiLCAieWIiOiAiODQ4QjA3NzlGRjQxNUYwQUY0
#RUExNERGOUREMUQzQzI5QUM0MUQ4MzZDNzgwODg5NkM0RUJBMTlDNTFBQzQwQSIsIC
#JBRGIiOiAiNDE0NDYyIiwgIlliIjogIjIwQ0RBNTk1NUY4MkM0OTMxNTQ1QkNCRjQw
#NzU4Q0UxMDEwRDdEQjREQjJBOTA3MDEzRDc5QzdBOEZDRjk1N0YiLCAiSyI6ICJGOT
#dGREZDRkZGMUM5ODNFRDYyODM4NTZBNDAxREUzMTkxQ0E5MTk5MDJCMzIzQzVGOTUw
#Qzk3MDNERjcyOTdBIiwgIklTS19JUiI6ICJBMDUxRUU1RUUyNDk5RDE2REEzRjY5Rj
#QzMDIxOEI4RUE5NEExOEE0NUI2N0Y5RTg2NDk1QjM4MkMzM0QxNEE1QzM4Q0VDQzBD
#QzgzNEY5NjBFMzlFMEQxQkY3RDc2QjlFRjVENTRFRUNDNUUwRjM4NkM5N0FEMTJEQT
#hDM0Q1RiIsICJJU0tfU1kiOiAiNUNDMjdFNDk2Nzk0MjNGODFBMzdENzUyMUQ5RkIx
#MzI3Qzg0MEQyRUE0QTE1NDM2NTJFN0RFNUNBQkI4OUVCQUQyN0QyNDc2MUIzMjg4QT
#NGRDU3NjRCNDQxRUNCNzhEMzBBQkMyNjE2MUZGNDVFQTI5N0JCMzExRERFMDQ3Mjci
#LCAic2lkX291dHB1dF9pciI6ICJGN0FFMTFBQzNFRTg1QzNDNDJEOEJENTFCQTgyM0
#ZCRTE3MTU4RjQzRDM0QTEyOTZGMUNCMjU2N0JDQzcxREM4QjIwMUExMzRCNTY2QjQ2
#OEFBRDhGRDA0RjAyRjk2RTNDQUY5RDU2MDFGN0VENzYwQTBBOTUxQTVBODYxQjVFNy
#IsICJzaWRfb3V0cHV0X29jIjogIkEzODM4OUUzNEZBNDkyNzg4QzFERjQzQjA2QjQy
#NzcxMDQ5MTE3NEU1M0MzM0IwMTM2MkE0OTBEMTE2RkUxQjdFODcwQUE2RTJBN0ZDMD
#E4NzI1RTNCN0Y5NjlGNzUwODA0MkU0NENEMzg2M0YzOUFBNzUwMjZBMTkwRDE5MDJC
#In0=
Test vectors for which G_X25519.scalar_mult_vfy(s_in,ux) must return the neutral element or would return the neutral element if bit #255 of field element representation was not correctly cleared. (The decodeUCoordinate function from RFC7748 mandates clearing bit #255 for field element representations for use in the X25519 function.).
u0: 0000000000000000000000000000000000000000000000000000000000000000
u1: 0100000000000000000000000000000000000000000000000000000000000000
u2: ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f
u3: e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800
u4: 5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157
u5: edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f
u6: daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
u7: eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f
u8: dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
u9: d9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ua: cdeb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880
ub: 4c9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7
u0 ... ub MUST be verified to produce the correct results q0 ... qb:
Additionally, u0,u1,u2,u3,u4,u5 and u7 MUST trigger the abort case
when included in message from A or B.
s = af46e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449aff
qN = G_X25519.scalar_mult_vfy(s, uX)
q0: 0000000000000000000000000000000000000000000000000000000000000000
q1: 0000000000000000000000000000000000000000000000000000000000000000
q2: 0000000000000000000000000000000000000000000000000000000000000000
q3: 0000000000000000000000000000000000000000000000000000000000000000
q4: 0000000000000000000000000000000000000000000000000000000000000000
q5: 0000000000000000000000000000000000000000000000000000000000000000
q6: d8e2c776bbacd510d09fd9278b7edcd25fc5ae9adfba3b6e040e8d3b71b21806
q7: 0000000000000000000000000000000000000000000000000000000000000000
q8: c85c655ebe8be44ba9c0ffde69f2fe10194458d137f09bbff725ce58803cdb38
q9: db64dafa9b8fdd136914e61461935fe92aa372cb056314e1231bc4ec12417456
qa: e062dcd5376d58297be2618c7498f55baa07d7e03184e8aada20bca28888bf7a
qb: 993c6ad11c4c29da9a56f7691fd0ff8d732e49de6250b6c2e80003ff4629a175
#eyJJbnZhbGlkIFkwIjogIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCAiSW52YWxpZCBZMSI6ICIw
#MTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwIiwgIkludmFsaWQgWTIiOiAiRUNGRkZGRkZGRkZGRkZGRkZG
#RkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkY3RiIsIC
#JJbnZhbGlkIFkzIjogIkUwRUI3QTdDM0I0MUI4QUUxNjU2RTNGQUYxOUZDNDZBREEw
#OThERUI5QzMyQjFGRDg2NjIwNTE2NUY0OUI4MDAiLCAiSW52YWxpZCBZNCI6ICI1Rj
#lDOTVCQ0EzNTA4QzI0QjFEMEIxNTU5QzgzRUY1QjA0NDQ1Q0M0NTgxQzhFODZEODIy
#NEVEREQwOUYxMTU3IiwgIkludmFsaWQgWTUiOiAiRURGRkZGRkZGRkZGRkZGRkZGRk
#ZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkY3RiIsICJJ
#bnZhbGlkIFk2IjogIkRBRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRk
#ZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkYiLCAiSW52YWxpZCBZNyI6ICJFRUZG
#RkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRk
#ZGRkZGRkZGRjdGIiwgIkludmFsaWQgWTgiOiAiREJGRkZGRkZGRkZGRkZGRkZGRkZG
#RkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRiIsICJJbn
#ZhbGlkIFk5IjogIkQ5RkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZG
#RkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkYiLCAiSW52YWxpZCBZMTAiOiAiQ0RFQj
#dBN0MzQjQxQjhBRTE2NTZFM0ZBRjE5RkM0NkFEQTA5OERFQjlDMzJCMUZEODY2MjA1
#MTY1RjQ5Qjg4MCIsICJJbnZhbGlkIFkxMSI6ICI0QzlDOTVCQ0EzNTA4QzI0QjFEME
#IxNTU5QzgzRUY1QjA0NDQ1Q0M0NTgxQzhFODZEODIyNEVEREQwOUYxMUQ3In0=
Inputs
H = SHAKE-256 with input block size 136 bytes.
PRS = b'Password' ; ZPAD length: 117 ; DSI = b'CPace448'
CI = b'oc\x0bB_responder\x0bA_initiator'
CI = 6f630b425f726573706f6e6465720b415f696e69746961746f72
sid = 5223e0cdc45d6575668d64c552004124
Outputs
generator_string(G.DSI,PRS,CI,sid,H.s_in_bytes):
(length: 180 bytes)
0843506163653434380850617373776f726475000000000000000000
00000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000001a6f630b
425f726573706f6e6465720b415f696e69746961746f72105223e0cd
c45d6575668d64c552004124
hash generator string: (length: 56 bytes)
98b713f84529194d719a7d86cb0f504b8afeb05354d68747e18b2e7c
c8b6da526085e4263bd8bea7d69e479ebad09e30ae062e5d089da7f3
decoded field element of 448 bits: (length: 56 bytes)
98b713f84529194d719a7d86cb0f504b8afeb05354d68747e18b2e7c
c8b6da526085e4263bd8bea7d69e479ebad09e30ae062e5d089da7f3
generator g: (length: 56 bytes)
e293b7ccf61ca7eb928a26391cf38b660f874a001fdf0bf3a91fd182
f2b6d83e61a9377ede127eba7e0d4c08592eaff33d4aa705d6ce54bb
#eyJIIjogIlNIQUtFLTI1NiIsICJILnNfaW5fYnl0ZXMiOiAxMzYsICJQUlMiOiAiNT
#A2MTczNzM3NzZGNzI2NCIsICJaUEFEIGxlbmd0aCI6IDExNywgIkRTSSI6ICI0MzUw
#NjE2MzY1MzQzNDM4IiwgIkNJIjogIjZGNjMwQjQyNUY3MjY1NzM3MDZGNkU2NDY1Nz
#IwQjQxNUY2OTZFNjk3NDY5NjE3NDZGNzIiLCAic2lkIjogIjUyMjNFMENEQzQ1RDY1
#NzU2NjhENjRDNTUyMDA0MTI0IiwgImdlbmVyYXRvcl9zdHJpbmcoRy5EU0ksUFJTLE
#NJLHNpZCxILnNfaW5fYnl0ZXMpIjogIjA4NDM1MDYxNjM2NTM0MzQzODA4NTA2MTcz
#NzM3NzZGNzI2NDc1MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMU
#E2RjYzMEI0MjVGNzI2NTczNzA2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2
#RjcyMTA1MjIzRTBDREM0NUQ2NTc1NjY4RDY0QzU1MjAwNDEyNCIsICJoYXNoIGdlbm
#VyYXRvciBzdHJpbmciOiAiOThCNzEzRjg0NTI5MTk0RDcxOUE3RDg2Q0IwRjUwNEI4
#QUZFQjA1MzU0RDY4NzQ3RTE4QjJFN0NDOEI2REE1MjYwODVFNDI2M0JEOEJFQTdENj
#lFNDc5RUJBRDA5RTMwQUUwNjJFNUQwODlEQTdGMyIsICJkZWNvZGVkIGZpZWxkIGVs
#ZW1lbnQgb2YgNDQ4IGJpdHMiOiAiOThCNzEzRjg0NTI5MTk0RDcxOUE3RDg2Q0IwRj
#UwNEI4QUZFQjA1MzU0RDY4NzQ3RTE4QjJFN0NDOEI2REE1MjYwODVFNDI2M0JEOEJF
#QTdENjlFNDc5RUJBRDA5RTMwQUUwNjJFNUQwODlEQTdGMyIsICJnZW5lcmF0b3IgZy
#I6ICJFMjkzQjdDQ0Y2MUNBN0VCOTI4QTI2MzkxQ0YzOEI2NjBGODc0QTAwMUZERjBC
#RjNBOTFGRDE4MkYyQjZEODNFNjFBOTM3N0VERTEyN0VCQTdFMEQ0QzA4NTkyRUFGRj
#MzRDRBQTcwNUQ2Q0U1NEJCIn0=
Inputs
ADa = b'ADa'
ya (little endian): (length: 56 bytes)
21b4f4bd9e64ed355c3eb676a28ebedaf6d8f17bdc365995b3190971
53044080516bd083bfcce66121a3072646994c8430cc382b8dc543e8
Outputs
Ya: (length: 56 bytes)
7f645772cc209bf9fd9d76dbb10283bea71b12235e3bb21878d5e56a
70506e165743a632de98eca9932c5d2efe36500a59b2fdaed0d8a148
Inputs
ADb = b'ADb'
yb (little endian): (length: 56 bytes)
848b0779ff415f0af4ea14df9dd1d3c29ac41d836c7808896c4eba19
c51ac40a439caf5e61ec88c307c7d619195229412eaa73fb2a5ea20d
Outputs
Yb: (length: 56 bytes)
a4690a0750c42b288ddd0ba08e3f4902dfe70bae5c9e2c6ee95844de
f2692be77646b20d3b429f8da00d21433ee0891c667658d8d0c48e38
scalar_mult_vfy(ya,Yb): (length: 56 bytes)
db3fff9da59576715b04d4df8dc8d18db2430e57bbed337dbeee5bb2
d6ab6ceddc9c75c5c0b17fad7eb724daa12f8f1903dd6c2cede6135a
scalar_mult_vfy(yb,Ya): (length: 56 bytes)
db3fff9da59576715b04d4df8dc8d18db2430e57bbed337dbeee5bb2
d6ab6ceddc9c75c5c0b17fad7eb724daa12f8f1903dd6c2cede6135a
transcript_ir(Ya,ADa,Yb,ADb): (length: 122 bytes)
387f645772cc209bf9fd9d76dbb10283bea71b12235e3bb21878d5e5
6a70506e165743a632de98eca9932c5d2efe36500a59b2fdaed0d8a1
480341446138a4690a0750c42b288ddd0ba08e3f4902dfe70bae5c9e
2c6ee95844def2692be77646b20d3b429f8da00d21433ee0891c6676
58d8d0c48e3803414462
DSI = G.DSI_ISK, b'CPace448_ISK': (length: 12 bytes)
43506163653434385f49534b
lv_cat(DSI,sid,K)||transcript_ir(Ya,ADa,Yb,ADb):
(length: 209 bytes)
0c43506163653434385f49534b105223e0cdc45d6575668d64c55200
412438db3fff9da59576715b04d4df8dc8d18db2430e57bbed337dbe
ee5bb2d6ab6ceddc9c75c5c0b17fad7eb724daa12f8f1903dd6c2ced
e6135a387f645772cc209bf9fd9d76dbb10283bea71b12235e3bb218
78d5e56a70506e165743a632de98eca9932c5d2efe36500a59b2fdae
d0d8a1480341446138a4690a0750c42b288ddd0ba08e3f4902dfe70b
ae5c9e2c6ee95844def2692be77646b20d3b429f8da00d21433ee089
1c667658d8d0c48e3803414462
ISK result: (length: 64 bytes)
599892a2078a8c988181625e1e5e5f7a6163f7d72f21b93ebefba0f1
7ff7ea3aa0594bd569cf74264157b3c0087bdccf2f59c77156628487
f5ca1645b8e9d05b
transcript_oc(Ya,ADa,Yb,ADb): (length: 124 bytes)
6f6338a4690a0750c42b288ddd0ba08e3f4902dfe70bae5c9e2c6ee9
5844def2692be77646b20d3b429f8da00d21433ee0891c667658d8d0
c48e3803414462387f645772cc209bf9fd9d76dbb10283bea71b1223
5e3bb21878d5e56a70506e165743a632de98eca9932c5d2efe36500a
59b2fdaed0d8a14803414461
DSI = G.DSI_ISK, b'CPace448_ISK': (length: 12 bytes)
43506163653434385f49534b
lv_cat(DSI,sid,K)||transcript_oc(Ya,ADa,Yb,ADb):
(length: 211 bytes)
0c43506163653434385f49534b105223e0cdc45d6575668d64c55200
412438db3fff9da59576715b04d4df8dc8d18db2430e57bbed337dbe
ee5bb2d6ab6ceddc9c75c5c0b17fad7eb724daa12f8f1903dd6c2ced
e6135a6f6338a4690a0750c42b288ddd0ba08e3f4902dfe70bae5c9e
2c6ee95844def2692be77646b20d3b429f8da00d21433ee0891c6676
58d8d0c48e3803414462387f645772cc209bf9fd9d76dbb10283bea7
1b12235e3bb21878d5e56a70506e165743a632de98eca9932c5d2efe
36500a59b2fdaed0d8a14803414461
ISK result: (length: 64 bytes)
3ac73f03030296aa591f01326b18afa47e1189129cd06ae8dfb05e6e
b1310cde948b59eef0755365c06a339266afe594948c56a538d98a65
767113938a9a78d8
H.hash(b"CPaceSidOut" + transcript_ir(Ya,ADa, Yb,ADb)):
(length: 64 bytes)
00a2333a79481abe71efd6594d7bbaac55c808482e869c9b65c4b53d
7100d3da8f3cabd59fa0c1f22d6d2f9ac0c093962292798fca2c0b93
268974cad75d575a
H.hash(b"CPaceSidOut" + transcript_oc(Ya,ADa, Yb,ADb)):
(length: 64 bytes)
a1ce90537a8d53b06d77e79fe719461cc5ed8300d21d1866a59f9638
601833f57a8b5e88db9a52abfa1b4e8a651a400bc9205082aad81eb3
11c44373b9a19eff
const unsigned char tc_PRS[] = {
0x50,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,
};
const unsigned char tc_CI[] = {
0x6f,0x63,0x0b,0x42,0x5f,0x72,0x65,0x73,0x70,0x6f,0x6e,0x64,
0x65,0x72,0x0b,0x41,0x5f,0x69,0x6e,0x69,0x74,0x69,0x61,0x74,
0x6f,0x72,
};
const unsigned char tc_sid[] = {
0x52,0x23,0xe0,0xcd,0xc4,0x5d,0x65,0x75,0x66,0x8d,0x64,0xc5,
0x52,0x00,0x41,0x24,
};
const unsigned char tc_g[] = {
0xe2,0x93,0xb7,0xcc,0xf6,0x1c,0xa7,0xeb,0x92,0x8a,0x26,0x39,
0x1c,0xf3,0x8b,0x66,0x0f,0x87,0x4a,0x00,0x1f,0xdf,0x0b,0xf3,
0xa9,0x1f,0xd1,0x82,0xf2,0xb6,0xd8,0x3e,0x61,0xa9,0x37,0x7e,
0xde,0x12,0x7e,0xba,0x7e,0x0d,0x4c,0x08,0x59,0x2e,0xaf,0xf3,
0x3d,0x4a,0xa7,0x05,0xd6,0xce,0x54,0xbb,
};
const unsigned char tc_ya[] = {
0x21,0xb4,0xf4,0xbd,0x9e,0x64,0xed,0x35,0x5c,0x3e,0xb6,0x76,
0xa2,0x8e,0xbe,0xda,0xf6,0xd8,0xf1,0x7b,0xdc,0x36,0x59,0x95,
0xb3,0x19,0x09,0x71,0x53,0x04,0x40,0x80,0x51,0x6b,0xd0,0x83,
0xbf,0xcc,0xe6,0x61,0x21,0xa3,0x07,0x26,0x46,0x99,0x4c,0x84,
0x30,0xcc,0x38,0x2b,0x8d,0xc5,0x43,0xe8,
};
const unsigned char tc_ADa[] = {
0x41,0x44,0x61,
};
const unsigned char tc_Ya[] = {
0x7f,0x64,0x57,0x72,0xcc,0x20,0x9b,0xf9,0xfd,0x9d,0x76,0xdb,
0xb1,0x02,0x83,0xbe,0xa7,0x1b,0x12,0x23,0x5e,0x3b,0xb2,0x18,
0x78,0xd5,0xe5,0x6a,0x70,0x50,0x6e,0x16,0x57,0x43,0xa6,0x32,
0xde,0x98,0xec,0xa9,0x93,0x2c,0x5d,0x2e,0xfe,0x36,0x50,0x0a,
0x59,0xb2,0xfd,0xae,0xd0,0xd8,0xa1,0x48,
};
const unsigned char tc_yb[] = {
0x84,0x8b,0x07,0x79,0xff,0x41,0x5f,0x0a,0xf4,0xea,0x14,0xdf,
0x9d,0xd1,0xd3,0xc2,0x9a,0xc4,0x1d,0x83,0x6c,0x78,0x08,0x89,
0x6c,0x4e,0xba,0x19,0xc5,0x1a,0xc4,0x0a,0x43,0x9c,0xaf,0x5e,
0x61,0xec,0x88,0xc3,0x07,0xc7,0xd6,0x19,0x19,0x52,0x29,0x41,
0x2e,0xaa,0x73,0xfb,0x2a,0x5e,0xa2,0x0d,
};
const unsigned char tc_ADb[] = {
0x41,0x44,0x62,
};
const unsigned char tc_Yb[] = {
0xa4,0x69,0x0a,0x07,0x50,0xc4,0x2b,0x28,0x8d,0xdd,0x0b,0xa0,
0x8e,0x3f,0x49,0x02,0xdf,0xe7,0x0b,0xae,0x5c,0x9e,0x2c,0x6e,
0xe9,0x58,0x44,0xde,0xf2,0x69,0x2b,0xe7,0x76,0x46,0xb2,0x0d,
0x3b,0x42,0x9f,0x8d,0xa0,0x0d,0x21,0x43,0x3e,0xe0,0x89,0x1c,
0x66,0x76,0x58,0xd8,0xd0,0xc4,0x8e,0x38,
};
const unsigned char tc_K[] = {
0xdb,0x3f,0xff,0x9d,0xa5,0x95,0x76,0x71,0x5b,0x04,0xd4,0xdf,
0x8d,0xc8,0xd1,0x8d,0xb2,0x43,0x0e,0x57,0xbb,0xed,0x33,0x7d,
0xbe,0xee,0x5b,0xb2,0xd6,0xab,0x6c,0xed,0xdc,0x9c,0x75,0xc5,
0xc0,0xb1,0x7f,0xad,0x7e,0xb7,0x24,0xda,0xa1,0x2f,0x8f,0x19,
0x03,0xdd,0x6c,0x2c,0xed,0xe6,0x13,0x5a,
};
const unsigned char tc_ISK_IR[] = {
0x59,0x98,0x92,0xa2,0x07,0x8a,0x8c,0x98,0x81,0x81,0x62,0x5e,
0x1e,0x5e,0x5f,0x7a,0x61,0x63,0xf7,0xd7,0x2f,0x21,0xb9,0x3e,
0xbe,0xfb,0xa0,0xf1,0x7f,0xf7,0xea,0x3a,0xa0,0x59,0x4b,0xd5,
0x69,0xcf,0x74,0x26,0x41,0x57,0xb3,0xc0,0x08,0x7b,0xdc,0xcf,
0x2f,0x59,0xc7,0x71,0x56,0x62,0x84,0x87,0xf5,0xca,0x16,0x45,
0xb8,0xe9,0xd0,0x5b,
};
const unsigned char tc_ISK_SY[] = {
0x3a,0xc7,0x3f,0x03,0x03,0x02,0x96,0xaa,0x59,0x1f,0x01,0x32,
0x6b,0x18,0xaf,0xa4,0x7e,0x11,0x89,0x12,0x9c,0xd0,0x6a,0xe8,
0xdf,0xb0,0x5e,0x6e,0xb1,0x31,0x0c,0xde,0x94,0x8b,0x59,0xee,
0xf0,0x75,0x53,0x65,0xc0,0x6a,0x33,0x92,0x66,0xaf,0xe5,0x94,
0x94,0x8c,0x56,0xa5,0x38,0xd9,0x8a,0x65,0x76,0x71,0x13,0x93,
0x8a,0x9a,0x78,0xd8,
};
const unsigned char tc_ISK_SY[] = {
0x3a,0xc7,0x3f,0x03,0x03,0x02,0x96,0xaa,0x59,0x1f,0x01,0x32,
0x6b,0x18,0xaf,0xa4,0x7e,0x11,0x89,0x12,0x9c,0xd0,0x6a,0xe8,
0xdf,0xb0,0x5e,0x6e,0xb1,0x31,0x0c,0xde,0x94,0x8b,0x59,0xee,
0xf0,0x75,0x53,0x65,0xc0,0x6a,0x33,0x92,0x66,0xaf,0xe5,0x94,
0x94,0x8c,0x56,0xa5,0x38,0xd9,0x8a,0x65,0x76,0x71,0x13,0x93,
0x8a,0x9a,0x78,0xd8,
};
const unsigned char tc_sid_out_ir[] = {
0x00,0xa2,0x33,0x3a,0x79,0x48,0x1a,0xbe,0x71,0xef,0xd6,0x59,
0x4d,0x7b,0xba,0xac,0x55,0xc8,0x08,0x48,0x2e,0x86,0x9c,0x9b,
0x65,0xc4,0xb5,0x3d,0x71,0x00,0xd3,0xda,0x8f,0x3c,0xab,0xd5,
0x9f,0xa0,0xc1,0xf2,0x2d,0x6d,0x2f,0x9a,0xc0,0xc0,0x93,0x96,
0x22,0x92,0x79,0x8f,0xca,0x2c,0x0b,0x93,0x26,0x89,0x74,0xca,
0xd7,0x5d,0x57,0x5a,
};
const unsigned char tc_sid_out_oc[] = {
0xa1,0xce,0x90,0x53,0x7a,0x8d,0x53,0xb0,0x6d,0x77,0xe7,0x9f,
0xe7,0x19,0x46,0x1c,0xc5,0xed,0x83,0x00,0xd2,0x1d,0x18,0x66,
0xa5,0x9f,0x96,0x38,0x60,0x18,0x33,0xf5,0x7a,0x8b,0x5e,0x88,
0xdb,0x9a,0x52,0xab,0xfa,0x1b,0x4e,0x8a,0x65,0x1a,0x40,0x0b,
0xc9,0x20,0x50,0x82,0xaa,0xd8,0x1e,0xb3,0x11,0xc4,0x43,0x73,
0xb9,0xa1,0x9e,0xff,
}; #eyJQUlMiOiAiNTA2MTczNzM3NzZGNzI2NCIsICJDSSI6ICI2RjYzMEI0MjVGNzI2NT
#czNzA2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2RjcyIiwgInNpZCI6ICI1
#MjIzRTBDREM0NUQ2NTc1NjY4RDY0QzU1MjAwNDEyNCIsICJnIjogIkUyOTNCN0NDRj
#YxQ0E3RUI5MjhBMjYzOTFDRjM4QjY2MEY4NzRBMDAxRkRGMEJGM0E5MUZEMTgyRjJC
#NkQ4M0U2MUE5Mzc3RURFMTI3RUJBN0UwRDRDMDg1OTJFQUZGMzNENEFBNzA1RDZDRT
#U0QkIiLCAieWEiOiAiMjFCNEY0QkQ5RTY0RUQzNTVDM0VCNjc2QTI4RUJFREFGNkQ4
#RjE3QkRDMzY1OTk1QjMxOTA5NzE1MzA0NDA4MDUxNkJEMDgzQkZDQ0U2NjEyMUEzMD
#cyNjQ2OTk0Qzg0MzBDQzM4MkI4REM1NDNFOCIsICJBRGEiOiAiNDE0NDYxIiwgIllh
#IjogIjdGNjQ1NzcyQ0MyMDlCRjlGRDlENzZEQkIxMDI4M0JFQTcxQjEyMjM1RTNCQj
#IxODc4RDVFNTZBNzA1MDZFMTY1NzQzQTYzMkRFOThFQ0E5OTMyQzVEMkVGRTM2NTAw
#QTU5QjJGREFFRDBEOEExNDgiLCAieWIiOiAiODQ4QjA3NzlGRjQxNUYwQUY0RUExNE
#RGOUREMUQzQzI5QUM0MUQ4MzZDNzgwODg5NkM0RUJBMTlDNTFBQzQwQTQzOUNBRjVF
#NjFFQzg4QzMwN0M3RDYxOTE5NTIyOTQxMkVBQTczRkIyQTVFQTIwRCIsICJBRGIiOi
#AiNDE0NDYyIiwgIlliIjogIkE0NjkwQTA3NTBDNDJCMjg4REREMEJBMDhFM0Y0OTAy
#REZFNzBCQUU1QzlFMkM2RUU5NTg0NERFRjI2OTJCRTc3NjQ2QjIwRDNCNDI5RjhEQT
#AwRDIxNDMzRUUwODkxQzY2NzY1OEQ4RDBDNDhFMzgiLCAiSyI6ICJEQjNGRkY5REE1
#OTU3NjcxNUIwNEQ0REY4REM4RDE4REIyNDMwRTU3QkJFRDMzN0RCRUVFNUJCMkQ2QU
#I2Q0VEREM5Qzc1QzVDMEIxN0ZBRDdFQjcyNERBQTEyRjhGMTkwM0RENkMyQ0VERTYx
#MzVBIiwgIklTS19JUiI6ICI1OTk4OTJBMjA3OEE4Qzk4ODE4MTYyNUUxRTVFNUY3QT
#YxNjNGN0Q3MkYyMUI5M0VCRUZCQTBGMTdGRjdFQTNBQTA1OTRCRDU2OUNGNzQyNjQx
#NTdCM0MwMDg3QkRDQ0YyRjU5Qzc3MTU2NjI4NDg3RjVDQTE2NDVCOEU5RDA1QiIsIC
#JJU0tfU1kiOiAiM0FDNzNGMDMwMzAyOTZBQTU5MUYwMTMyNkIxOEFGQTQ3RTExODkx
#MjlDRDA2QUU4REZCMDVFNkVCMTMxMENERTk0OEI1OUVFRjA3NTUzNjVDMDZBMzM5Mj
#Y2QUZFNTk0OTQ4QzU2QTUzOEQ5OEE2NTc2NzExMzkzOEE5QTc4RDgiLCAic2lkX291
#dHB1dF9pciI6ICIwMEEyMzMzQTc5NDgxQUJFNzFFRkQ2NTk0RDdCQkFBQzU1QzgwOD
#Q4MkU4NjlDOUI2NUM0QjUzRDcxMDBEM0RBOEYzQ0FCRDU5RkEwQzFGMjJENkQyRjlB
#QzBDMDkzOTYyMjkyNzk4RkNBMkMwQjkzMjY4OTc0Q0FENzVENTc1QSIsICJzaWRfb3
#V0cHV0X29jIjogIkExQ0U5MDUzN0E4RDUzQjA2RDc3RTc5RkU3MTk0NjFDQzVFRDgz
#MDBEMjFEMTg2NkE1OUY5NjM4NjAxODMzRjU3QThCNUU4OERCOUE1MkFCRkExQjRFOE
#E2NTFBNDAwQkM5MjA1MDgyQUFEODFFQjMxMUM0NDM3M0I5QTE5RUZGIn0=
Test vectors for which G_X448.scalar_mult_vfy(s_in,ux) must return the neutral element. This includes points that are non-canonicaly encoded, i.e. have coordinate values larger than the field prime.
Weak points for X448 smaller than the field prime (canonical)
u0: (length: 56 bytes)
0000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000
u1: (length: 56 bytes)
0100000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000
u2: (length: 56 bytes)
fefffffffffffffffffffffffffffffffffffffffffffffffffffffffe
ffffffffffffffffffffffffffffffffffffffffffffffffffffff
Weak points for X448 larger or equal to the field prime (non-canonical)
u3: (length: 56 bytes)
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
ffffffffffffffffffffffffffffffffffffffffffffffffffffff
u4: (length: 56 bytes)
00000000000000000000000000000000000000000000000000000000ff
ffffffffffffffffffffffffffffffffffffffffffffffffffffff
All of the above points u0 ... u4 MUST trigger the abort case
when included in the protocol messages from A or B.
Expected results for X448 resp. G_X448.scalar_mult_vfy
scalar s: (length: 56 bytes)
af8a14218bf2a2062926d2ea9b8fe4e8b6817349b6ed2feb1e5d64d7a4
523f15fceec70fb111e870dc58d191e66a14d3e9d482d04432cadd
G_X448.scalar_mult_vfy(s,u0): (length: 56 bytes)
0000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000
G_X448.scalar_mult_vfy(s,u1): (length: 56 bytes)
0000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000
G_X448.scalar_mult_vfy(s,u2): (length: 56 bytes)
0000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000
G_X448.scalar_mult_vfy(s,u3): (length: 56 bytes)
0000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000
G_X448.scalar_mult_vfy(s,u4): (length: 56 bytes)
0000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000
Test vectors for scalar_mult with nonzero outputs
scalar s: (length: 56 bytes)
af8a14218bf2a2062926d2ea9b8fe4e8b6817349b6ed2feb1e5d64d7a4
523f15fceec70fb111e870dc58d191e66a14d3e9d482d04432cadd
point coordinate u_curve on the curve: (length: 56 bytes)
ab0c68d772ec2eb9de25c49700e46d6325e66d6aa39d7b65eb84a68c55
69d47bd71b41f3e0d210f44e146dec8926b174acb3f940a0b82cab
G_X448.scalar_mult_vfy(s,u_curve): (length: 56 bytes)
3b0fa9bc40a6fdc78c9e06ff7a54c143c5d52f365607053bf0656f5142
0496295f910a101b38edc1acd3bd240fd55dcb7a360553b8a7627e
point coordinate u_twist on the twist: (length: 56 bytes)
c981cd1e1f72d9c35c7d7cf6be426757c0dc8206a2fcfa564a8e7618c0
3c0e61f9a2eb1c3e0dd97d6e9b1010f5edd03397a83f5a914cb3ff
G_X448.scalar_mult_vfy(s,u_twist): (length: 56 bytes)
d0a2bb7e9c5c2c627793d8342f23b759fe7d9e3320a85ca4fd61376331
50ffd9a9148a9b75c349fac43d64bec49a6e126cc92cbfbf353961
#eyJJbnZhbGlkIFkxIjogIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCAiSW52YWxpZCBZMiI6ICIwMT
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwIiwgIkludmFsaWQgWTMiOiAiRkVGRkZGRkZGRkZGRkZGRkZGRkZG
#RkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRUZGRkZGRkZGRkZGRk
#ZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRiIsICJJbnZh
#bGlkIFk0IjogIkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRk
#ZGRkZGRkZGRkZGRkZGRkZGRkVGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZG
#RkZGRkZGRkZGRkZGRkZGRkZGRkZGRkYiLCAiSW52YWxpZCBZNSI6ICIwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMEZG
#RkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRk
#ZGRkZGIiwgIlZhbGlkIChvbiBjdXJ2ZSkiOiB7InMiOiAiQUY4QTE0MjE4QkYyQTIw
#NjI5MjZEMkVBOUI4RkU0RThCNjgxNzM0OUI2RUQyRkVCMUU1RDY0RDdBNDUyM0YxNU
#ZDRUVDNzBGQjExMUU4NzBEQzU4RDE5MUU2NkExNEQzRTlENDgyRDA0NDMyQ0FERCIs
#ICJ1X2N1cnZlIjogIkFCMEM2OEQ3NzJFQzJFQjlERTI1QzQ5NzAwRTQ2RDYzMjVFNj
#ZENkFBMzlEN0I2NUVCODRBNjhDNTU2OUQ0N0JENzFCNDFGM0UwRDIxMEY0NEUxNDZE
#RUM4OTI2QjE3NEFDQjNGOTQwQTBCODJDQUIiLCAicmVzX2N1cnZlIjogIjNCMEZBOU
#JDNDBBNkZEQzc4QzlFMDZGRjdBNTRDMTQzQzVENTJGMzY1NjA3MDUzQkYwNjU2RjUx
#NDIwNDk2Mjk1RjkxMEExMDFCMzhFREMxQUNEM0JEMjQwRkQ1NURDQjdBMzYwNTUzQj
#hBNzYyN0UifSwgIlZhbGlkIChvbiB0d2lzdCkiOiB7InMiOiAiQUY4QTE0MjE4QkYy
#QTIwNjI5MjZEMkVBOUI4RkU0RThCNjgxNzM0OUI2RUQyRkVCMUU1RDY0RDdBNDUyM0
#YxNUZDRUVDNzBGQjExMUU4NzBEQzU4RDE5MUU2NkExNEQzRTlENDgyRDA0NDMyQ0FE
#RCIsICJ1X3R3aXN0IjogIkM5ODFDRDFFMUY3MkQ5QzM1QzdEN0NGNkJFNDI2NzU3Qz
#BEQzgyMDZBMkZDRkE1NjRBOEU3NjE4QzAzQzBFNjFGOUEyRUIxQzNFMEREOTdENkU5
#QjEwMTBGNUVERDAzMzk3QTgzRjVBOTE0Q0IzRkYiLCAicmVzX3R3aXN0IjogIkQwQT
#JCQjdFOUM1QzJDNjI3NzkzRDgzNDJGMjNCNzU5RkU3RDlFMzMyMEE4NUNBNEZENjEz
#NzYzMzE1MEZGRDlBOTE0OEE5Qjc1QzM0OUZBQzQzRDY0QkVDNDlBNkUxMjZDQzkyQ0
#JGQkYzNTM5NjEifX0=
Inputs
H = SHA-512 with input block size 128 bytes.
PRS = b'Password' ; ZPAD length: 100 ;
DSI = b'CPaceRistretto255'
CI = b'oc\x0bB_responder\x0bA_initiator'
CI = 6f630b425f726573706f6e6465720b415f696e69746961746f72
sid = 7e4b4791d6a8ef019b936c79fb7f2c57
Outputs
generator_string(G.DSI,PRS,CI,sid,H.s_in_bytes):
(length: 172 bytes)
11435061636552697374726574746f3235350850617373776f726464
00000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
000000000000000000000000000000001a6f630b425f726573706f6e
6465720b415f696e69746961746f72107e4b4791d6a8ef019b936c79
fb7f2c57
hash result: (length: 64 bytes)
c63a5750e2439c17ccd8213be14fde2f87e1bc637001a97f5929c77b
30ea0e08afbc75ace5d3d73b2842a79d01488c5fd7ea30d475ee6095
45af1bfd1ff77c8e
encoded generator g: (length: 32 bytes)
a6fc82c3b8968fbb2e06fee81ca858586dea50d248f0c7ca6a18b090
2a30b36b
#eyJIIjogIlNIQS01MTIiLCAiSC5zX2luX2J5dGVzIjogMTI4LCAiUFJTIjogIjUwNj
#E3MzczNzc2RjcyNjQiLCAiWlBBRCBsZW5ndGgiOiAxMDAsICJEU0kiOiAiNDM1MDYx
#NjM2NTUyNjk3Mzc0NzI2NTc0NzQ2RjMyMzUzNSIsICJDSSI6ICI2RjYzMEI0MjVGNz
#I2NTczNzA2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2RjcyIiwgInNpZCI6
#ICI3RTRCNDc5MUQ2QThFRjAxOUI5MzZDNzlGQjdGMkM1NyIsICJnZW5lcmF0b3Jfc3
#RyaW5nKEcuRFNJLFBSUyxDSSxzaWQsSC5zX2luX2J5dGVzKSI6ICIxMTQzNTA2MTYz
#NjU1MjY5NzM3NDcyNjU3NDc0NkYzMjM1MzUwODUwNjE3MzczNzc2RjcyNjQ2NDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMU
#E2RjYzMEI0MjVGNzI2NTczNzA2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2
#RjcyMTA3RTRCNDc5MUQ2QThFRjAxOUI5MzZDNzlGQjdGMkM1NyIsICJoYXNoIHJlc3
#VsdCI6ICJDNjNBNTc1MEUyNDM5QzE3Q0NEODIxM0JFMTRGREUyRjg3RTFCQzYzNzAw
#MUE5N0Y1OTI5Qzc3QjMwRUEwRTA4QUZCQzc1QUNFNUQzRDczQjI4NDJBNzlEMDE0OD
#hDNUZEN0VBMzBENDc1RUU2MDk1NDVBRjFCRkQxRkY3N0M4RSIsICJlbmNvZGVkIGdl
#bmVyYXRvciBnIjogIkE2RkM4MkMzQjg5NjhGQkIyRTA2RkVFODFDQTg1ODU4NkRFQT
#UwRDI0OEYwQzdDQTZBMThCMDkwMkEzMEIzNkIifQ==
Inputs
ADa = b'ADa'
ya (little endian): (length: 32 bytes)
da3d23700a9e5699258aef94dc060dfda5ebb61f02a5ea77fad53f4f
f0976d08
Outputs
Ya: (length: 32 bytes)
d40fb265a7abeaee7939d91a585fe59f7053f982c296ec413c624c66
9308f87a
Inputs
ADb = b'ADb'
yb (little endian): (length: 32 bytes)
d2316b454718c35362d83d69df6320f38578ed5984651435e2949762
d900b80d
Outputs
Yb: (length: 32 bytes)
08bcf6e9777a9c313a3db6daa510f2d398403319c2341bd506a92e67
2eb7e307
scalar_mult_vfy(ya,Yb): (length: 32 bytes)
e22b1ef7788f661478f3cddd4c600774fc0f41e6b711569190ff88fa
0e607e09
scalar_mult_vfy(yb,Ya): (length: 32 bytes)
e22b1ef7788f661478f3cddd4c600774fc0f41e6b711569190ff88fa
0e607e09
transcript_ir(Ya,ADa,Yb,ADb): (length: 74 bytes)
20d40fb265a7abeaee7939d91a585fe59f7053f982c296ec413c624c
669308f87a034144612008bcf6e9777a9c313a3db6daa510f2d39840
3319c2341bd506a92e672eb7e30703414462
DSI = G.DSI_ISK, b'CPaceRistretto255_ISK':
(length: 21 bytes)
435061636552697374726574746f3235355f49534b
lv_cat(DSI,sid,K)||transcript_ir(Ya,ADa,Yb,ADb):
(length: 146 bytes)
15435061636552697374726574746f3235355f49534b107e4b4791d6
a8ef019b936c79fb7f2c5720e22b1ef7788f661478f3cddd4c600774
fc0f41e6b711569190ff88fa0e607e0920d40fb265a7abeaee7939d9
1a585fe59f7053f982c296ec413c624c669308f87a034144612008bc
f6e9777a9c313a3db6daa510f2d398403319c2341bd506a92e672eb7
e30703414462
ISK result: (length: 64 bytes)
4c5469a16b2364c4b944ebc1a79e51d1674ad47db26e8718154f59fa
ebfaa52d8346f30aa58377117eb20d527f2cbc5c76381f7fd372e89d
f8239f87f2e02ed1
transcript_oc(Ya,ADa,Yb,ADb): (length: 76 bytes)
6f6320d40fb265a7abeaee7939d91a585fe59f7053f982c296ec413c
624c669308f87a034144612008bcf6e9777a9c313a3db6daa510f2d3
98403319c2341bd506a92e672eb7e30703414462
DSI = G.DSI_ISK, b'CPaceRistretto255_ISK':
(length: 21 bytes)
435061636552697374726574746f3235355f49534b
lv_cat(DSI,sid,K)||transcript_oc(Ya,ADa,Yb,ADb):
(length: 148 bytes)
15435061636552697374726574746f3235355f49534b107e4b4791d6
a8ef019b936c79fb7f2c5720e22b1ef7788f661478f3cddd4c600774
fc0f41e6b711569190ff88fa0e607e096f6320d40fb265a7abeaee79
39d91a585fe59f7053f982c296ec413c624c669308f87a0341446120
08bcf6e9777a9c313a3db6daa510f2d398403319c2341bd506a92e67
2eb7e30703414462
ISK result: (length: 64 bytes)
980dcc5a1c52ceea031e75f38ed266586616488c5c5780285fcbcf79
087c7bcdbd993502eee606b718ba31e840a000a7b7befe15ea427c5c
fe88344fa1237f35
H.hash(b"CPaceSidOut" + transcript_ir(Ya,ADa, Yb,ADb)):
(length: 64 bytes)
2a76d3bbc499dfdc4dcacc9ff042f4e1a54e3843258e100ccd7c60f0
a541f9d3ebf025e68a460dde218bd39f0711bc6fa11409c9d7b69d8c
cf6b32fc51ddb699
H.hash(b"CPaceSidOut" + transcript_oc(Ya,ADa, Yb,ADb)):
(length: 64 bytes)
ca4b50700c46203ccd10bc0e9f31095e508189cb59857537be561048
d34b9ed9a9697af11c998f484c3d783b0b531434caa6835d4c32344f
cd17160c9c348fc7
const unsigned char tc_PRS[] = {
0x50,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,
};
const unsigned char tc_CI[] = {
0x6f,0x63,0x0b,0x42,0x5f,0x72,0x65,0x73,0x70,0x6f,0x6e,0x64,
0x65,0x72,0x0b,0x41,0x5f,0x69,0x6e,0x69,0x74,0x69,0x61,0x74,
0x6f,0x72,
};
const unsigned char tc_sid[] = {
0x7e,0x4b,0x47,0x91,0xd6,0xa8,0xef,0x01,0x9b,0x93,0x6c,0x79,
0xfb,0x7f,0x2c,0x57,
};
const unsigned char tc_g[] = {
0xa6,0xfc,0x82,0xc3,0xb8,0x96,0x8f,0xbb,0x2e,0x06,0xfe,0xe8,
0x1c,0xa8,0x58,0x58,0x6d,0xea,0x50,0xd2,0x48,0xf0,0xc7,0xca,
0x6a,0x18,0xb0,0x90,0x2a,0x30,0xb3,0x6b,
};
const unsigned char tc_ya[] = {
0xda,0x3d,0x23,0x70,0x0a,0x9e,0x56,0x99,0x25,0x8a,0xef,0x94,
0xdc,0x06,0x0d,0xfd,0xa5,0xeb,0xb6,0x1f,0x02,0xa5,0xea,0x77,
0xfa,0xd5,0x3f,0x4f,0xf0,0x97,0x6d,0x08,
};
const unsigned char tc_ADa[] = {
0x41,0x44,0x61,
};
const unsigned char tc_Ya[] = {
0xd4,0x0f,0xb2,0x65,0xa7,0xab,0xea,0xee,0x79,0x39,0xd9,0x1a,
0x58,0x5f,0xe5,0x9f,0x70,0x53,0xf9,0x82,0xc2,0x96,0xec,0x41,
0x3c,0x62,0x4c,0x66,0x93,0x08,0xf8,0x7a,
};
const unsigned char tc_yb[] = {
0xd2,0x31,0x6b,0x45,0x47,0x18,0xc3,0x53,0x62,0xd8,0x3d,0x69,
0xdf,0x63,0x20,0xf3,0x85,0x78,0xed,0x59,0x84,0x65,0x14,0x35,
0xe2,0x94,0x97,0x62,0xd9,0x00,0xb8,0x0d,
};
const unsigned char tc_ADb[] = {
0x41,0x44,0x62,
};
const unsigned char tc_Yb[] = {
0x08,0xbc,0xf6,0xe9,0x77,0x7a,0x9c,0x31,0x3a,0x3d,0xb6,0xda,
0xa5,0x10,0xf2,0xd3,0x98,0x40,0x33,0x19,0xc2,0x34,0x1b,0xd5,
0x06,0xa9,0x2e,0x67,0x2e,0xb7,0xe3,0x07,
};
const unsigned char tc_K[] = {
0xe2,0x2b,0x1e,0xf7,0x78,0x8f,0x66,0x14,0x78,0xf3,0xcd,0xdd,
0x4c,0x60,0x07,0x74,0xfc,0x0f,0x41,0xe6,0xb7,0x11,0x56,0x91,
0x90,0xff,0x88,0xfa,0x0e,0x60,0x7e,0x09,
};
const unsigned char tc_ISK_IR[] = {
0x4c,0x54,0x69,0xa1,0x6b,0x23,0x64,0xc4,0xb9,0x44,0xeb,0xc1,
0xa7,0x9e,0x51,0xd1,0x67,0x4a,0xd4,0x7d,0xb2,0x6e,0x87,0x18,
0x15,0x4f,0x59,0xfa,0xeb,0xfa,0xa5,0x2d,0x83,0x46,0xf3,0x0a,
0xa5,0x83,0x77,0x11,0x7e,0xb2,0x0d,0x52,0x7f,0x2c,0xbc,0x5c,
0x76,0x38,0x1f,0x7f,0xd3,0x72,0xe8,0x9d,0xf8,0x23,0x9f,0x87,
0xf2,0xe0,0x2e,0xd1,
};
const unsigned char tc_ISK_SY[] = {
0x98,0x0d,0xcc,0x5a,0x1c,0x52,0xce,0xea,0x03,0x1e,0x75,0xf3,
0x8e,0xd2,0x66,0x58,0x66,0x16,0x48,0x8c,0x5c,0x57,0x80,0x28,
0x5f,0xcb,0xcf,0x79,0x08,0x7c,0x7b,0xcd,0xbd,0x99,0x35,0x02,
0xee,0xe6,0x06,0xb7,0x18,0xba,0x31,0xe8,0x40,0xa0,0x00,0xa7,
0xb7,0xbe,0xfe,0x15,0xea,0x42,0x7c,0x5c,0xfe,0x88,0x34,0x4f,
0xa1,0x23,0x7f,0x35,
};
const unsigned char tc_ISK_SY[] = {
0x98,0x0d,0xcc,0x5a,0x1c,0x52,0xce,0xea,0x03,0x1e,0x75,0xf3,
0x8e,0xd2,0x66,0x58,0x66,0x16,0x48,0x8c,0x5c,0x57,0x80,0x28,
0x5f,0xcb,0xcf,0x79,0x08,0x7c,0x7b,0xcd,0xbd,0x99,0x35,0x02,
0xee,0xe6,0x06,0xb7,0x18,0xba,0x31,0xe8,0x40,0xa0,0x00,0xa7,
0xb7,0xbe,0xfe,0x15,0xea,0x42,0x7c,0x5c,0xfe,0x88,0x34,0x4f,
0xa1,0x23,0x7f,0x35,
};
const unsigned char tc_sid_out_ir[] = {
0x2a,0x76,0xd3,0xbb,0xc4,0x99,0xdf,0xdc,0x4d,0xca,0xcc,0x9f,
0xf0,0x42,0xf4,0xe1,0xa5,0x4e,0x38,0x43,0x25,0x8e,0x10,0x0c,
0xcd,0x7c,0x60,0xf0,0xa5,0x41,0xf9,0xd3,0xeb,0xf0,0x25,0xe6,
0x8a,0x46,0x0d,0xde,0x21,0x8b,0xd3,0x9f,0x07,0x11,0xbc,0x6f,
0xa1,0x14,0x09,0xc9,0xd7,0xb6,0x9d,0x8c,0xcf,0x6b,0x32,0xfc,
0x51,0xdd,0xb6,0x99,
};
const unsigned char tc_sid_out_oc[] = {
0xca,0x4b,0x50,0x70,0x0c,0x46,0x20,0x3c,0xcd,0x10,0xbc,0x0e,
0x9f,0x31,0x09,0x5e,0x50,0x81,0x89,0xcb,0x59,0x85,0x75,0x37,
0xbe,0x56,0x10,0x48,0xd3,0x4b,0x9e,0xd9,0xa9,0x69,0x7a,0xf1,
0x1c,0x99,0x8f,0x48,0x4c,0x3d,0x78,0x3b,0x0b,0x53,0x14,0x34,
0xca,0xa6,0x83,0x5d,0x4c,0x32,0x34,0x4f,0xcd,0x17,0x16,0x0c,
0x9c,0x34,0x8f,0xc7,
}; #eyJQUlMiOiAiNTA2MTczNzM3NzZGNzI2NCIsICJDSSI6ICI2RjYzMEI0MjVGNzI2NT
#czNzA2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2RjcyIiwgInNpZCI6ICI3
#RTRCNDc5MUQ2QThFRjAxOUI5MzZDNzlGQjdGMkM1NyIsICJnIjogIkE2RkM4MkMzQj
#g5NjhGQkIyRTA2RkVFODFDQTg1ODU4NkRFQTUwRDI0OEYwQzdDQTZBMThCMDkwMkEz
#MEIzNkIiLCAieWEiOiAiREEzRDIzNzAwQTlFNTY5OTI1OEFFRjk0REMwNjBERkRBNU
#VCQjYxRjAyQTVFQTc3RkFENTNGNEZGMDk3NkQwOCIsICJBRGEiOiAiNDE0NDYxIiwg
#IllhIjogIkQ0MEZCMjY1QTdBQkVBRUU3OTM5RDkxQTU4NUZFNTlGNzA1M0Y5ODJDMj
#k2RUM0MTNDNjI0QzY2OTMwOEY4N0EiLCAieWIiOiAiRDIzMTZCNDU0NzE4QzM1MzYy
#RDgzRDY5REY2MzIwRjM4NTc4RUQ1OTg0NjUxNDM1RTI5NDk3NjJEOTAwQjgwRCIsIC
#JBRGIiOiAiNDE0NDYyIiwgIlliIjogIjA4QkNGNkU5Nzc3QTlDMzEzQTNEQjZEQUE1
#MTBGMkQzOTg0MDMzMTlDMjM0MUJENTA2QTkyRTY3MkVCN0UzMDciLCAiSyI6ICJFMj
#JCMUVGNzc4OEY2NjE0NzhGM0NEREQ0QzYwMDc3NEZDMEY0MUU2QjcxMTU2OTE5MEZG
#ODhGQTBFNjA3RTA5IiwgIklTS19JUiI6ICI0QzU0NjlBMTZCMjM2NEM0Qjk0NEVCQz
#FBNzlFNTFEMTY3NEFENDdEQjI2RTg3MTgxNTRGNTlGQUVCRkFBNTJEODM0NkYzMEFB
#NTgzNzcxMTdFQjIwRDUyN0YyQ0JDNUM3NjM4MUY3RkQzNzJFODlERjgyMzlGODdGMk
#UwMkVEMSIsICJJU0tfU1kiOiAiOTgwRENDNUExQzUyQ0VFQTAzMUU3NUYzOEVEMjY2
#NTg2NjE2NDg4QzVDNTc4MDI4NUZDQkNGNzkwODdDN0JDREJEOTkzNTAyRUVFNjA2Qj
#cxOEJBMzFFODQwQTAwMEE3QjdCRUZFMTVFQTQyN0M1Q0ZFODgzNDRGQTEyMzdGMzUi
#LCAic2lkX291dHB1dF9pciI6ICIyQTc2RDNCQkM0OTlERkRDNERDQUNDOUZGMDQyRj
#RFMUE1NEUzODQzMjU4RTEwMENDRDdDNjBGMEE1NDFGOUQzRUJGMDI1RTY4QTQ2MERE
#RTIxOEJEMzlGMDcxMUJDNkZBMTE0MDlDOUQ3QjY5RDhDQ0Y2QjMyRkM1MUREQjY5OS
#IsICJzaWRfb3V0cHV0X29jIjogIkNBNEI1MDcwMEM0NjIwM0NDRDEwQkMwRTlGMzEw
#OTVFNTA4MTg5Q0I1OTg1NzUzN0JFNTYxMDQ4RDM0QjlFRDlBOTY5N0FGMTFDOTk4Rj
#Q4NEMzRDc4M0IwQjUzMTQzNENBQTY4MzVENEMzMjM0NEZDRDE3MTYwQzlDMzQ4RkM3
#In0=
s: (length: 32 bytes)
7cd0e075fa7955ba52c02759a6c90dbbfc10e6d40aea8d283e407d88
cf538a05
X: (length: 32 bytes)
2c3c6b8c4f3800e7aef6864025b4ed79bd599117e427c41bd47d93d6
54b4a51c
G.scalar_mult(s,decode(X)): (length: 32 bytes)
7c13645fe790a468f62c39beb7388e541d8405d1ade69d1778c5fe3e
7f6b600e
G.scalar_mult_vfy(s,X): (length: 32 bytes)
7c13645fe790a468f62c39beb7388e541d8405d1ade69d1778c5fe3e
7f6b600e
For these test cases scalar_mult_vfy(y,.) MUST return the representation of the neutral element G.I. When points Y_i1 or Y_i2 are included in message of A or B the protocol MUST abort.
s: (length: 32 bytes)
7cd0e075fa7955ba52c02759a6c90dbbfc10e6d40aea8d283e407d88
cf538a05
Y_i1: (length: 32 bytes)
2b3c6b8c4f3800e7aef6864025b4ed79bd599117e427c41bd47d93d6
54b4a51c
Y_i2 == G.I: (length: 32 bytes)
00000000000000000000000000000000000000000000000000000000
00000000
G.scalar_mult_vfy(s,Y_i1) = G.scalar_mult_vfy(s,Y_i2) = G.I
#eyJWYWxpZCI6IHsicyI6ICI3Q0QwRTA3NUZBNzk1NUJBNTJDMDI3NTlBNkM5MERCQk
#ZDMTBFNkQ0MEFFQThEMjgzRTQwN0Q4OENGNTM4QTA1IiwgIlgiOiAiMkMzQzZCOEM0
#RjM4MDBFN0FFRjY4NjQwMjVCNEVENzlCRDU5OTExN0U0MjdDNDFCRDQ3RDkzRDY1NE
#I0QTUxQyIsICJHLnNjYWxhcl9tdWx0KHMsZGVjb2RlKFgpKSI6ICI3QzEzNjQ1RkU3
#OTBBNDY4RjYyQzM5QkVCNzM4OEU1NDFEODQwNUQxQURFNjlEMTc3OEM1RkUzRTdGNk
#I2MDBFIiwgIkcuc2NhbGFyX211bHRfdmZ5KHMsWCkiOiAiN0MxMzY0NUZFNzkwQTQ2
#OEY2MkMzOUJFQjczODhFNTQxRDg0MDVEMUFERTY5RDE3NzhDNUZFM0U3RjZCNjAwRS
#J9LCAiSW52YWxpZCBZMSI6ICIyQjNDNkI4QzRGMzgwMEU3QUVGNjg2NDAyNUI0RUQ3
#OUJENTk5MTE3RTQyN0M0MUJENDdEOTNENjU0QjRBNTFDIiwgIkludmFsaWQgWTIiOi
#AiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMCJ9
Inputs
H = SHAKE-256 with input block size 136 bytes.
PRS = b'Password' ; ZPAD length: 112 ;
DSI = b'CPaceDecaf448'
CI = b'oc\x0bB_responder\x0bA_initiator'
CI = 6f630b425f726573706f6e6465720b415f696e69746961746f72
sid = 5223e0cdc45d6575668d64c552004124
Outputs
generator_string(G.DSI,PRS,CI,sid,H.s_in_bytes):
(length: 180 bytes)
0d435061636544656361663434380850617373776f72647000000000
00000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000001a6f630b
425f726573706f6e6465720b415f696e69746961746f72105223e0cd
c45d6575668d64c552004124
hash result: (length: 112 bytes)
7148f4d60587aaafa64d2fd6bcfe45ee71e8b971d1d5ff3bbf8c1451
797c62a1af22ab25638749f97f9b15fedcf4aeee87282cf667594ab0
92b6023c8f8d3a61c38b0af791c9271137df01b57d63b79734bbce69
91e3e2e10fdc805abc9e6e6f3daeff6fd34093d26de240b326764252
encoded generator g: (length: 56 bytes)
9a700ecc378eb98e57387df456d5b4b4f1dceebbb1371527eeb7e1bf
bab64ecc9c9303396145ba04f5b5aea5baedfa61f31f00fbc5fd5606
#eyJIIjogIlNIQUtFLTI1NiIsICJILnNfaW5fYnl0ZXMiOiAxMzYsICJQUlMiOiAiNT
#A2MTczNzM3NzZGNzI2NCIsICJaUEFEIGxlbmd0aCI6IDExMiwgIkRTSSI6ICI0MzUw
#NjE2MzY1NDQ2NTYzNjE2NjM0MzQzOCIsICJDSSI6ICI2RjYzMEI0MjVGNzI2NTczNz
#A2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2RjcyIiwgInNpZCI6ICI1MjIz
#RTBDREM0NUQ2NTc1NjY4RDY0QzU1MjAwNDEyNCIsICJnZW5lcmF0b3Jfc3RyaW5nKE
#cuRFNJLFBSUyxDSSxzaWQsSC5zX2luX2J5dGVzKSI6ICIwRDQzNTA2MTYzNjU0NDY1
#NjM2MTY2MzQzNDM4MDg1MDYxNzM3Mzc3NkY3MjY0NzAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDFBNkY2MzBCNDI1RjcyNjU3MzcwNkY2RTY0NjU3MjBCNDE1RjY5NkU2
#OTc0Njk2MTc0NkY3MjEwNTIyM0UwQ0RDNDVENjU3NTY2OEQ2NEM1NTIwMDQxMjQiLC
#AiaGFzaCByZXN1bHQiOiAiNzE0OEY0RDYwNTg3QUFBRkE2NEQyRkQ2QkNGRTQ1RUU3
#MUU4Qjk3MUQxRDVGRjNCQkY4QzE0NTE3OTdDNjJBMUFGMjJBQjI1NjM4NzQ5Rjk3Rj
#lCMTVGRURDRjRBRUVFODcyODJDRjY2NzU5NEFCMDkyQjYwMjNDOEY4RDNBNjFDMzhC
#MEFGNzkxQzkyNzExMzdERjAxQjU3RDYzQjc5NzM0QkJDRTY5OTFFM0UyRTEwRkRDOD
#A1QUJDOUU2RTZGM0RBRUZGNkZEMzQwOTNEMjZERTI0MEIzMjY3NjQyNTIiLCAiZW5j
#b2RlZCBnZW5lcmF0b3IgZyI6ICI5QTcwMEVDQzM3OEVCOThFNTczODdERjQ1NkQ1Qj
#RCNEYxRENFRUJCQjEzNzE1MjdFRUI3RTFCRkJBQjY0RUNDOUM5MzAzMzk2MTQ1QkEw
#NEY1QjVBRUE1QkFFREZBNjFGMzFGMDBGQkM1RkQ1NjA2In0=
Inputs
ADa = b'ADa'
ya (little endian): (length: 56 bytes)
33d561f13cfc0dca279c30e8cde895175dc25483892819eba132d58c
13c0462a8eb0d73fda941950594bef5191d8394691f86edffcad6c1e
Outputs
Ya: (length: 56 bytes)
627f8bb2ae945e2a518967df9b00aff19253d3086398f2ec18be846c
c0d1f286c2ce3caf1da639859ccd2a6a01a9372a17e66bb7006e571b
Inputs
ADb = b'ADb'
yb (little endian): (length: 56 bytes)
2523c969f68fa2b2aea294c2539ef36eb1e0558abd14712a7828f16a
85ed2c7e77e2bdd418994405fb1b57b6bbaadd66849892aac9d81402
Outputs
Yb: (length: 56 bytes)
8e9811e4402fac098743ca7b2b509b91b38c8cf1360cc6cab3011871
7019782b7f58a591c63d9c9247b774e6b0e0b826ff4f8399f94772db
scalar_mult_vfy(ya,Yb): (length: 56 bytes)
94f4ae494f4e8b07ade3354726eee49c5518b363cda544f5b4541b97
32830be37ea0e63fc83f54be280dea0747a043c76d473e01689af77f
scalar_mult_vfy(yb,Ya): (length: 56 bytes)
94f4ae494f4e8b07ade3354726eee49c5518b363cda544f5b4541b97
32830be37ea0e63fc83f54be280dea0747a043c76d473e01689af77f
transcript_ir(Ya,ADa,Yb,ADb): (length: 122 bytes)
38627f8bb2ae945e2a518967df9b00aff19253d3086398f2ec18be84
6cc0d1f286c2ce3caf1da639859ccd2a6a01a9372a17e66bb7006e57
1b03414461388e9811e4402fac098743ca7b2b509b91b38c8cf1360c
c6cab30118717019782b7f58a591c63d9c9247b774e6b0e0b826ff4f
8399f94772db03414462
DSI = G.DSI_ISK, b'CPaceDecaf448_ISK': (length: 17 bytes)
435061636544656361663434385f49534b
lv_cat(DSI,sid,K)||transcript_ir(Ya,ADa,Yb,ADb):
(length: 214 bytes)
11435061636544656361663434385f49534b105223e0cdc45d657566
8d64c5520041243894f4ae494f4e8b07ade3354726eee49c5518b363
cda544f5b4541b9732830be37ea0e63fc83f54be280dea0747a043c7
6d473e01689af77f38627f8bb2ae945e2a518967df9b00aff19253d3
086398f2ec18be846cc0d1f286c2ce3caf1da639859ccd2a6a01a937
2a17e66bb7006e571b03414461388e9811e4402fac098743ca7b2b50
9b91b38c8cf1360cc6cab30118717019782b7f58a591c63d9c9247b7
74e6b0e0b826ff4f8399f94772db03414462
ISK result: (length: 64 bytes)
9c2726a6cda1179349cbc38f31765eab646a2a5f176f3019fab4a0aa
bd9d17c2ba895998cff698d801761a003512c1cf67d144b21e1cb6d6
b82da71d0da76cad
transcript_oc(Ya,ADa,Yb,ADb): (length: 124 bytes)
6f63388e9811e4402fac098743ca7b2b509b91b38c8cf1360cc6cab3
0118717019782b7f58a591c63d9c9247b774e6b0e0b826ff4f8399f9
4772db0341446238627f8bb2ae945e2a518967df9b00aff19253d308
6398f2ec18be846cc0d1f286c2ce3caf1da639859ccd2a6a01a9372a
17e66bb7006e571b03414461
DSI = G.DSI_ISK, b'CPaceDecaf448_ISK': (length: 17 bytes)
435061636544656361663434385f49534b
lv_cat(DSI,sid,K)||transcript_oc(Ya,ADa,Yb,ADb):
(length: 216 bytes)
11435061636544656361663434385f49534b105223e0cdc45d657566
8d64c5520041243894f4ae494f4e8b07ade3354726eee49c5518b363
cda544f5b4541b9732830be37ea0e63fc83f54be280dea0747a043c7
6d473e01689af77f6f63388e9811e4402fac098743ca7b2b509b91b3
8c8cf1360cc6cab30118717019782b7f58a591c63d9c9247b774e6b0
e0b826ff4f8399f94772db0341446238627f8bb2ae945e2a518967df
9b00aff19253d3086398f2ec18be846cc0d1f286c2ce3caf1da63985
9ccd2a6a01a9372a17e66bb7006e571b03414461
ISK result: (length: 64 bytes)
6d2178ed3048703025b9007ec84c4d969e8d8135df455e608c16aa15
2e1219c86cea563254428a9d969903ae3649d1050da1e6e0c1c060e1
ebf7316a7e993389
H.hash(b"CPaceSidOut" + transcript_ir(Ya,ADa, Yb,ADb)):
(length: 64 bytes)
65bffde17b7acf07cfd437bdb973a8f7340bf911d393a61498c0a50e
f0d68bca103fbdb0f5b799505562e59811df1bc5d9b4f5f0f7c57c22
cd7ed6db4d153e3a
H.hash(b"CPaceSidOut" + transcript_oc(Ya,ADa, Yb,ADb)):
(length: 64 bytes)
7ce27043d1b1d0d0e02e16979637e2a00547ed6e15ea988f7d3c9b3c
2159b26ab3834bff7ff86240323e25216ba2ee6ea6e1582502017f8e
6d65f8c4a5e65543
const unsigned char tc_PRS[] = {
0x50,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,
};
const unsigned char tc_CI[] = {
0x6f,0x63,0x0b,0x42,0x5f,0x72,0x65,0x73,0x70,0x6f,0x6e,0x64,
0x65,0x72,0x0b,0x41,0x5f,0x69,0x6e,0x69,0x74,0x69,0x61,0x74,
0x6f,0x72,
};
const unsigned char tc_sid[] = {
0x52,0x23,0xe0,0xcd,0xc4,0x5d,0x65,0x75,0x66,0x8d,0x64,0xc5,
0x52,0x00,0x41,0x24,
};
const unsigned char tc_g[] = {
0x9a,0x70,0x0e,0xcc,0x37,0x8e,0xb9,0x8e,0x57,0x38,0x7d,0xf4,
0x56,0xd5,0xb4,0xb4,0xf1,0xdc,0xee,0xbb,0xb1,0x37,0x15,0x27,
0xee,0xb7,0xe1,0xbf,0xba,0xb6,0x4e,0xcc,0x9c,0x93,0x03,0x39,
0x61,0x45,0xba,0x04,0xf5,0xb5,0xae,0xa5,0xba,0xed,0xfa,0x61,
0xf3,0x1f,0x00,0xfb,0xc5,0xfd,0x56,0x06,
};
const unsigned char tc_ya[] = {
0x33,0xd5,0x61,0xf1,0x3c,0xfc,0x0d,0xca,0x27,0x9c,0x30,0xe8,
0xcd,0xe8,0x95,0x17,0x5d,0xc2,0x54,0x83,0x89,0x28,0x19,0xeb,
0xa1,0x32,0xd5,0x8c,0x13,0xc0,0x46,0x2a,0x8e,0xb0,0xd7,0x3f,
0xda,0x94,0x19,0x50,0x59,0x4b,0xef,0x51,0x91,0xd8,0x39,0x46,
0x91,0xf8,0x6e,0xdf,0xfc,0xad,0x6c,0x1e,
};
const unsigned char tc_ADa[] = {
0x41,0x44,0x61,
};
const unsigned char tc_Ya[] = {
0x62,0x7f,0x8b,0xb2,0xae,0x94,0x5e,0x2a,0x51,0x89,0x67,0xdf,
0x9b,0x00,0xaf,0xf1,0x92,0x53,0xd3,0x08,0x63,0x98,0xf2,0xec,
0x18,0xbe,0x84,0x6c,0xc0,0xd1,0xf2,0x86,0xc2,0xce,0x3c,0xaf,
0x1d,0xa6,0x39,0x85,0x9c,0xcd,0x2a,0x6a,0x01,0xa9,0x37,0x2a,
0x17,0xe6,0x6b,0xb7,0x00,0x6e,0x57,0x1b,
};
const unsigned char tc_yb[] = {
0x25,0x23,0xc9,0x69,0xf6,0x8f,0xa2,0xb2,0xae,0xa2,0x94,0xc2,
0x53,0x9e,0xf3,0x6e,0xb1,0xe0,0x55,0x8a,0xbd,0x14,0x71,0x2a,
0x78,0x28,0xf1,0x6a,0x85,0xed,0x2c,0x7e,0x77,0xe2,0xbd,0xd4,
0x18,0x99,0x44,0x05,0xfb,0x1b,0x57,0xb6,0xbb,0xaa,0xdd,0x66,
0x84,0x98,0x92,0xaa,0xc9,0xd8,0x14,0x02,
};
const unsigned char tc_ADb[] = {
0x41,0x44,0x62,
};
const unsigned char tc_Yb[] = {
0x8e,0x98,0x11,0xe4,0x40,0x2f,0xac,0x09,0x87,0x43,0xca,0x7b,
0x2b,0x50,0x9b,0x91,0xb3,0x8c,0x8c,0xf1,0x36,0x0c,0xc6,0xca,
0xb3,0x01,0x18,0x71,0x70,0x19,0x78,0x2b,0x7f,0x58,0xa5,0x91,
0xc6,0x3d,0x9c,0x92,0x47,0xb7,0x74,0xe6,0xb0,0xe0,0xb8,0x26,
0xff,0x4f,0x83,0x99,0xf9,0x47,0x72,0xdb,
};
const unsigned char tc_K[] = {
0x94,0xf4,0xae,0x49,0x4f,0x4e,0x8b,0x07,0xad,0xe3,0x35,0x47,
0x26,0xee,0xe4,0x9c,0x55,0x18,0xb3,0x63,0xcd,0xa5,0x44,0xf5,
0xb4,0x54,0x1b,0x97,0x32,0x83,0x0b,0xe3,0x7e,0xa0,0xe6,0x3f,
0xc8,0x3f,0x54,0xbe,0x28,0x0d,0xea,0x07,0x47,0xa0,0x43,0xc7,
0x6d,0x47,0x3e,0x01,0x68,0x9a,0xf7,0x7f,
};
const unsigned char tc_ISK_IR[] = {
0x9c,0x27,0x26,0xa6,0xcd,0xa1,0x17,0x93,0x49,0xcb,0xc3,0x8f,
0x31,0x76,0x5e,0xab,0x64,0x6a,0x2a,0x5f,0x17,0x6f,0x30,0x19,
0xfa,0xb4,0xa0,0xaa,0xbd,0x9d,0x17,0xc2,0xba,0x89,0x59,0x98,
0xcf,0xf6,0x98,0xd8,0x01,0x76,0x1a,0x00,0x35,0x12,0xc1,0xcf,
0x67,0xd1,0x44,0xb2,0x1e,0x1c,0xb6,0xd6,0xb8,0x2d,0xa7,0x1d,
0x0d,0xa7,0x6c,0xad,
};
const unsigned char tc_ISK_SY[] = {
0x6d,0x21,0x78,0xed,0x30,0x48,0x70,0x30,0x25,0xb9,0x00,0x7e,
0xc8,0x4c,0x4d,0x96,0x9e,0x8d,0x81,0x35,0xdf,0x45,0x5e,0x60,
0x8c,0x16,0xaa,0x15,0x2e,0x12,0x19,0xc8,0x6c,0xea,0x56,0x32,
0x54,0x42,0x8a,0x9d,0x96,0x99,0x03,0xae,0x36,0x49,0xd1,0x05,
0x0d,0xa1,0xe6,0xe0,0xc1,0xc0,0x60,0xe1,0xeb,0xf7,0x31,0x6a,
0x7e,0x99,0x33,0x89,
};
const unsigned char tc_ISK_SY[] = {
0x6d,0x21,0x78,0xed,0x30,0x48,0x70,0x30,0x25,0xb9,0x00,0x7e,
0xc8,0x4c,0x4d,0x96,0x9e,0x8d,0x81,0x35,0xdf,0x45,0x5e,0x60,
0x8c,0x16,0xaa,0x15,0x2e,0x12,0x19,0xc8,0x6c,0xea,0x56,0x32,
0x54,0x42,0x8a,0x9d,0x96,0x99,0x03,0xae,0x36,0x49,0xd1,0x05,
0x0d,0xa1,0xe6,0xe0,0xc1,0xc0,0x60,0xe1,0xeb,0xf7,0x31,0x6a,
0x7e,0x99,0x33,0x89,
};
const unsigned char tc_sid_out_ir[] = {
0x65,0xbf,0xfd,0xe1,0x7b,0x7a,0xcf,0x07,0xcf,0xd4,0x37,0xbd,
0xb9,0x73,0xa8,0xf7,0x34,0x0b,0xf9,0x11,0xd3,0x93,0xa6,0x14,
0x98,0xc0,0xa5,0x0e,0xf0,0xd6,0x8b,0xca,0x10,0x3f,0xbd,0xb0,
0xf5,0xb7,0x99,0x50,0x55,0x62,0xe5,0x98,0x11,0xdf,0x1b,0xc5,
0xd9,0xb4,0xf5,0xf0,0xf7,0xc5,0x7c,0x22,0xcd,0x7e,0xd6,0xdb,
0x4d,0x15,0x3e,0x3a,
};
const unsigned char tc_sid_out_oc[] = {
0x7c,0xe2,0x70,0x43,0xd1,0xb1,0xd0,0xd0,0xe0,0x2e,0x16,0x97,
0x96,0x37,0xe2,0xa0,0x05,0x47,0xed,0x6e,0x15,0xea,0x98,0x8f,
0x7d,0x3c,0x9b,0x3c,0x21,0x59,0xb2,0x6a,0xb3,0x83,0x4b,0xff,
0x7f,0xf8,0x62,0x40,0x32,0x3e,0x25,0x21,0x6b,0xa2,0xee,0x6e,
0xa6,0xe1,0x58,0x25,0x02,0x01,0x7f,0x8e,0x6d,0x65,0xf8,0xc4,
0xa5,0xe6,0x55,0x43,
}; #eyJQUlMiOiAiNTA2MTczNzM3NzZGNzI2NCIsICJDSSI6ICI2RjYzMEI0MjVGNzI2NT
#czNzA2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2RjcyIiwgInNpZCI6ICI1
#MjIzRTBDREM0NUQ2NTc1NjY4RDY0QzU1MjAwNDEyNCIsICJnIjogIjlBNzAwRUNDMz
#c4RUI5OEU1NzM4N0RGNDU2RDVCNEI0RjFEQ0VFQkJCMTM3MTUyN0VFQjdFMUJGQkFC
#NjRFQ0M5QzkzMDMzOTYxNDVCQTA0RjVCNUFFQTVCQUVERkE2MUYzMUYwMEZCQzVGRD
#U2MDYiLCAieWEiOiAiMzNENTYxRjEzQ0ZDMERDQTI3OUMzMEU4Q0RFODk1MTc1REMy
#NTQ4Mzg5MjgxOUVCQTEzMkQ1OEMxM0MwNDYyQThFQjBENzNGREE5NDE5NTA1OTRCRU
#Y1MTkxRDgzOTQ2OTFGODZFREZGQ0FENkMxRSIsICJBRGEiOiAiNDE0NDYxIiwgIllh
#IjogIjYyN0Y4QkIyQUU5NDVFMkE1MTg5NjdERjlCMDBBRkYxOTI1M0QzMDg2Mzk4Rj
#JFQzE4QkU4NDZDQzBEMUYyODZDMkNFM0NBRjFEQTYzOTg1OUNDRDJBNkEwMUE5Mzcy
#QTE3RTY2QkI3MDA2RTU3MUIiLCAieWIiOiAiMjUyM0M5NjlGNjhGQTJCMkFFQTI5NE
#MyNTM5RUYzNkVCMUUwNTU4QUJEMTQ3MTJBNzgyOEYxNkE4NUVEMkM3RTc3RTJCREQ0
#MTg5OTQ0MDVGQjFCNTdCNkJCQUFERDY2ODQ5ODkyQUFDOUQ4MTQwMiIsICJBRGIiOi
#AiNDE0NDYyIiwgIlliIjogIjhFOTgxMUU0NDAyRkFDMDk4NzQzQ0E3QjJCNTA5Qjkx
#QjM4QzhDRjEzNjBDQzZDQUIzMDExODcxNzAxOTc4MkI3RjU4QTU5MUM2M0Q5QzkyND
#dCNzc0RTZCMEUwQjgyNkZGNEY4Mzk5Rjk0NzcyREIiLCAiSyI6ICI5NEY0QUU0OTRG
#NEU4QjA3QURFMzM1NDcyNkVFRTQ5QzU1MThCMzYzQ0RBNTQ0RjVCNDU0MUI5NzMyOD
#MwQkUzN0VBMEU2M0ZDODNGNTRCRTI4MERFQTA3NDdBMDQzQzc2RDQ3M0UwMTY4OUFG
#NzdGIiwgIklTS19JUiI6ICI5QzI3MjZBNkNEQTExNzkzNDlDQkMzOEYzMTc2NUVBQj
#Y0NkEyQTVGMTc2RjMwMTlGQUI0QTBBQUJEOUQxN0MyQkE4OTU5OThDRkY2OThEODAx
#NzYxQTAwMzUxMkMxQ0Y2N0QxNDRCMjFFMUNCNkQ2QjgyREE3MUQwREE3NkNBRCIsIC
#JJU0tfU1kiOiAiNkQyMTc4RUQzMDQ4NzAzMDI1QjkwMDdFQzg0QzREOTY5RThEODEz
#NURGNDU1RTYwOEMxNkFBMTUyRTEyMTlDODZDRUE1NjMyNTQ0MjhBOUQ5Njk5MDNBRT
#M2NDlEMTA1MERBMUU2RTBDMUMwNjBFMUVCRjczMTZBN0U5OTMzODkiLCAic2lkX291
#dHB1dF9pciI6ICI2NUJGRkRFMTdCN0FDRjA3Q0ZENDM3QkRCOTczQThGNzM0MEJGOT
#ExRDM5M0E2MTQ5OEMwQTUwRUYwRDY4QkNBMTAzRkJEQjBGNUI3OTk1MDU1NjJFNTk4
#MTFERjFCQzVEOUI0RjVGMEY3QzU3QzIyQ0Q3RUQ2REI0RDE1M0UzQSIsICJzaWRfb3
#V0cHV0X29jIjogIjdDRTI3MDQzRDFCMUQwRDBFMDJFMTY5Nzk2MzdFMkEwMDU0N0VE
#NkUxNUVBOTg4RjdEM0M5QjNDMjE1OUIyNkFCMzgzNEJGRjdGRjg2MjQwMzIzRTI1Mj
#E2QkEyRUU2RUE2RTE1ODI1MDIwMTdGOEU2RDY1RjhDNEE1RTY1NTQzIn0=
s: (length: 56 bytes)
dd1bc7015daabb7672129cc35a3ba815486b139deff9bdeca7a4fc61
34323d34658761e90ff079972a7ca8aa5606498f4f4f0ebc0933a819
X: (length: 56 bytes)
601431d5e51f43d422a92d3fb2373bde28217aab42524c341aa404ea
ba5aa5541f7042dbb3253ce4c90f772b038a413dcb3a0f6bf3ae9e21
G.scalar_mult(s,decode(X)): (length: 56 bytes)
388b35c60eb41b66085a2118316218681d78979d667702de105fdc1f
21ffe884a577d795f45691781390a229a3bd7b527e831380f2f585a4
G.scalar_mult_vfy(s,X): (length: 56 bytes)
388b35c60eb41b66085a2118316218681d78979d667702de105fdc1f
21ffe884a577d795f45691781390a229a3bd7b527e831380f2f585a4
For these test cases scalar_mult_vfy(y,.) MUST return the representation of the neutral element G.I. When points Y_i1 or Y_i2 are included in message of A or B the protocol MUST abort.
s: (length: 56 bytes)
dd1bc7015daabb7672129cc35a3ba815486b139deff9bdeca7a4fc61
34323d34658761e90ff079972a7ca8aa5606498f4f4f0ebc0933a819
Y_i1: (length: 56 bytes)
5f1431d5e51f43d422a92d3fb2373bde28217aab42524c341aa404ea
ba5aa5541f7042dbb3253ce4c90f772b038a413dcb3a0f6bf3ae9e21
Y_i2 == G.I: (length: 56 bytes)
00000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
G.scalar_mult_vfy(s,Y_i1) = G.scalar_mult_vfy(s,Y_i2) = G.I
#eyJWYWxpZCI6IHsicyI6ICJERDFCQzcwMTVEQUFCQjc2NzIxMjlDQzM1QTNCQTgxNT
#Q4NkIxMzlERUZGOUJERUNBN0E0RkM2MTM0MzIzRDM0NjU4NzYxRTkwRkYwNzk5NzJB
#N0NBOEFBNTYwNjQ5OEY0RjRGMEVCQzA5MzNBODE5IiwgIlgiOiAiNjAxNDMxRDVFNT
#FGNDNENDIyQTkyRDNGQjIzNzNCREUyODIxN0FBQjQyNTI0QzM0MUFBNDA0RUFCQTVB
#QTU1NDFGNzA0MkRCQjMyNTNDRTRDOTBGNzcyQjAzOEE0MTNEQ0IzQTBGNkJGM0FFOU
#UyMSIsICJHLnNjYWxhcl9tdWx0KHMsZGVjb2RlKFgpKSI6ICIzODhCMzVDNjBFQjQx
#QjY2MDg1QTIxMTgzMTYyMTg2ODFENzg5NzlENjY3NzAyREUxMDVGREMxRjIxRkZFOD
#g0QTU3N0Q3OTVGNDU2OTE3ODEzOTBBMjI5QTNCRDdCNTI3RTgzMTM4MEYyRjU4NUE0
#IiwgIkcuc2NhbGFyX211bHRfdmZ5KHMsWCkiOiAiMzg4QjM1QzYwRUI0MUI2NjA4NU
#EyMTE4MzE2MjE4NjgxRDc4OTc5RDY2NzcwMkRFMTA1RkRDMUYyMUZGRTg4NEE1NzdE
#Nzk1RjQ1NjkxNzgxMzkwQTIyOUEzQkQ3QjUyN0U4MzEzODBGMkY1ODVBNCJ9LCAiSW
#52YWxpZCBZMSI6ICI1RjE0MzFENUU1MUY0M0Q0MjJBOTJEM0ZCMjM3M0JERTI4MjE3
#QUFCNDI1MjRDMzQxQUE0MDRFQUJBNUFBNTU0MUY3MDQyREJCMzI1M0NFNEM5MEY3Nz
#JCMDM4QTQxM0RDQjNBMEY2QkYzQUU5RTIxIiwgIkludmFsaWQgWTIiOiAiMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMCJ9
Inputs
H = SHA-256 with input block size 64 bytes.
PRS = b'Password' ; ZPAD length: 23 ;
DSI = b'CPaceP256_XMD:SHA-256_SSWU_NU_'
DST = b'CPaceP256_XMD:SHA-256_SSWU_NU__DST'
CI = b'oc\x0bB_responder\x0bA_initiator'
CI = 6f630b425f726573706f6e6465720b415f696e69746961746f72
sid = 34b36454cab2e7842c389f7d88ecb7df
Outputs
generator_string(PRS,G.DSI,CI,sid,H.s_in_bytes):
(length: 108 bytes)
1e4350616365503235365f584d443a5348412d3235365f535357555f
4e555f0850617373776f726417000000000000000000000000000000
00000000000000001a6f630b425f726573706f6e6465720b415f696e
69746961746f721034b36454cab2e7842c389f7d88ecb7df
generator g: (length: 65 bytes)
04eee577320b1c241a79419fcde5718c2b63f81ef8717d56a57d2fb2
6b65a8beb63573b52605efb32ff4cf31aaef9a92df84e4e8408cc6c7
cf27a535aad2b38a56
#eyJIIjogIlNIQS0yNTYiLCAiSC5zX2luX2J5dGVzIjogNjQsICJQUlMiOiAiNTA2MT
#czNzM3NzZGNzI2NCIsICJaUEFEIGxlbmd0aCI6IDIzLCAiRFNJIjogIjQzNTA2MTYz
#NjU1MDMyMzUzNjVGNTg0RDQ0M0E1MzQ4NDEyRDMyMzUzNjVGNTM1MzU3NTU1RjRFNT
#U1RiIsICJDSSI6ICI2RjYzMEI0MjVGNzI2NTczNzA2RjZFNjQ2NTcyMEI0MTVGNjk2
#RTY5NzQ2OTYxNzQ2RjcyIiwgInNpZCI6ICIzNEIzNjQ1NENBQjJFNzg0MkMzODlGN0
#Q4OEVDQjdERiIsICJnZW5lcmF0b3Jfc3RyaW5nKEcuRFNJLFBSUyxDSSxzaWQsSC5z
#X2luX2J5dGVzKSI6ICIxRTQzNTA2MTYzNjU1MDMyMzUzNjVGNTg0RDQ0M0E1MzQ4ND
#EyRDMyMzUzNjVGNTM1MzU3NTU1RjRFNTU1RjA4NTA2MTczNzM3NzZGNzI2NDE3MDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDFBNkY2Mz
#BCNDI1RjcyNjU3MzcwNkY2RTY0NjU3MjBCNDE1RjY5NkU2OTc0Njk2MTc0NkY3MjEw
#MzRCMzY0NTRDQUIyRTc4NDJDMzg5RjdEODhFQ0I3REYiLCAiZ2VuZXJhdG9yIGciOi
#AiMDRFRUU1NzczMjBCMUMyNDFBNzk0MTlGQ0RFNTcxOEMyQjYzRjgxRUY4NzE3RDU2
#QTU3RDJGQjI2QjY1QThCRUI2MzU3M0I1MjYwNUVGQjMyRkY0Q0YzMUFBRUY5QTkyRE
#Y4NEU0RTg0MDhDQzZDN0NGMjdBNTM1QUFEMkIzOEE1NiJ9
Inputs
ADa = b'ADa'
ya (big endian): (length: 32 bytes)
37574cfbf1b95ff6a8e2d7be462d4d01e6dde2618f34f4de9df869b2
4f532c5d
Outputs
Ya: (length: 65 bytes)
041f12ad5fc65010a24fc04c86197109a36df0e9ce85a7479e1e1364
692fdace17ea5a634e19c207a5d52ead6c6817a163cf2f2fe3406c5d
fdfc2ecdf8e42c5e16
Alternative correct value for Ya: (-ya)*g:
(length: 65 bytes)
041f12ad5fc65010a24fc04c86197109a36df0e9ce85a7479e1e1364
692fdace1715a59cb0e63df85b2ad1529397e85e9c30d0d01dbf93a2
0203d132071bd3a1e9
Inputs
ADb = b'ADb'
yb (big endian): (length: 32 bytes)
e5672fc9eb4e721f41d80181ec4c9fd9886668acc48024d33c82bb10
2aecba52
Outputs
Yb: (length: 65 bytes)
046a51180b6ebabaf5ed0af8cd786886d93342bcae4c158ce1617a0a
cc8ec354486f9ed2e9210913206d1e3f5e463d2d320c4f1f5ce8b677
a7e38a26f752bf8f84
Alternative correct value for Yb: (-yb)*g:
(length: 65 bytes)
046a51180b6ebabaf5ed0af8cd786886d93342bcae4c158ce1617a0a
cc8ec3544890612d15def6ece092e1c0a1b9c2d2cdf3b0e0a4174988
581c75d908ad40707b
scalar_mult_vfy(ya,Yb): (length: 32 bytes)
3e0e2f8976fb8d0deee30aef4b5cd3631eed249af32f53d0dd009b5d
7b8f6b6c
scalar_mult_vfy(yb,Ya): (length: 32 bytes)
3e0e2f8976fb8d0deee30aef4b5cd3631eed249af32f53d0dd009b5d
7b8f6b6c
transcript_ir(Ya,ADa,Yb,ADb): (length: 140 bytes)
41041f12ad5fc65010a24fc04c86197109a36df0e9ce85a7479e1e13
64692fdace17ea5a634e19c207a5d52ead6c6817a163cf2f2fe3406c
5dfdfc2ecdf8e42c5e160341446141046a51180b6ebabaf5ed0af8cd
786886d93342bcae4c158ce1617a0acc8ec354486f9ed2e921091320
6d1e3f5e463d2d320c4f1f5ce8b677a7e38a26f752bf8f8403414462
DSI = G.DSI_ISK, b'CPaceP256_XMD:SHA-256_SSWU_NU__ISK':
(length: 34 bytes)
4350616365503235365f584d443a5348412d3235365f535357555f4e
555f5f49534b
lv_cat(DSI,sid,K)||transcript_ir(Ya,ADa,Yb,ADb):
(length: 225 bytes)
224350616365503235365f584d443a5348412d3235365f535357555f
4e555f5f49534b1034b36454cab2e7842c389f7d88ecb7df203e0e2f
8976fb8d0deee30aef4b5cd3631eed249af32f53d0dd009b5d7b8f6b
6c41041f12ad5fc65010a24fc04c86197109a36df0e9ce85a7479e1e
1364692fdace17ea5a634e19c207a5d52ead6c6817a163cf2f2fe340
6c5dfdfc2ecdf8e42c5e160341446141046a51180b6ebabaf5ed0af8
cd786886d93342bcae4c158ce1617a0acc8ec354486f9ed2e9210913
206d1e3f5e463d2d320c4f1f5ce8b677a7e38a26f752bf8f84034144
62
ISK result: (length: 32 bytes)
9565ed286b6e3cf1f943fd31746f9a22935537025a1328d4980005ba
984f0c39
transcript_oc(Ya,ADa,Yb,ADb): (length: 142 bytes)
6f6341046a51180b6ebabaf5ed0af8cd786886d93342bcae4c158ce1
617a0acc8ec354486f9ed2e9210913206d1e3f5e463d2d320c4f1f5c
e8b677a7e38a26f752bf8f840341446241041f12ad5fc65010a24fc0
4c86197109a36df0e9ce85a7479e1e1364692fdace17ea5a634e19c2
07a5d52ead6c6817a163cf2f2fe3406c5dfdfc2ecdf8e42c5e160341
4461
DSI = G.DSI_ISK, b'CPaceP256_XMD:SHA-256_SSWU_NU__ISK':
(length: 34 bytes)
4350616365503235365f584d443a5348412d3235365f535357555f4e
555f5f49534b
lv_cat(DSI,sid,K)||transcript_oc(Ya,ADa,Yb,ADb):
(length: 227 bytes)
224350616365503235365f584d443a5348412d3235365f535357555f
4e555f5f49534b1034b36454cab2e7842c389f7d88ecb7df203e0e2f
8976fb8d0deee30aef4b5cd3631eed249af32f53d0dd009b5d7b8f6b
6c6f6341046a51180b6ebabaf5ed0af8cd786886d93342bcae4c158c
e1617a0acc8ec354486f9ed2e9210913206d1e3f5e463d2d320c4f1f
5ce8b677a7e38a26f752bf8f840341446241041f12ad5fc65010a24f
c04c86197109a36df0e9ce85a7479e1e1364692fdace17ea5a634e19
c207a5d52ead6c6817a163cf2f2fe3406c5dfdfc2ecdf8e42c5e1603
414461
ISK result: (length: 32 bytes)
62a445a4daa3546dd031c66ead2e4e015abbcc83bde31c90f841149f
d441c58a
H.hash(b"CPaceSidOut" + transcript_ir(Ya,ADa, Yb,ADb)):
(length: 32 bytes)
a7386d1c2eb06e8056d7fecbcf691e08d189d96236020ef31b414069
8a4b99f9
H.hash(b"CPaceSidOut" + transcript_oc(Ya,ADa, Yb,ADb)):
(length: 32 bytes)
d337dbc0dd797b4e6f2f14ea4925c58e5d5523871e8cb43a3c1b0f2b
1a1ffde3
const unsigned char tc_PRS[] = {
0x50,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,
};
const unsigned char tc_CI[] = {
0x6f,0x63,0x0b,0x42,0x5f,0x72,0x65,0x73,0x70,0x6f,0x6e,0x64,
0x65,0x72,0x0b,0x41,0x5f,0x69,0x6e,0x69,0x74,0x69,0x61,0x74,
0x6f,0x72,
};
const unsigned char tc_sid[] = {
0x34,0xb3,0x64,0x54,0xca,0xb2,0xe7,0x84,0x2c,0x38,0x9f,0x7d,
0x88,0xec,0xb7,0xdf,
};
const unsigned char tc_g[] = {
0x04,0xee,0xe5,0x77,0x32,0x0b,0x1c,0x24,0x1a,0x79,0x41,0x9f,
0xcd,0xe5,0x71,0x8c,0x2b,0x63,0xf8,0x1e,0xf8,0x71,0x7d,0x56,
0xa5,0x7d,0x2f,0xb2,0x6b,0x65,0xa8,0xbe,0xb6,0x35,0x73,0xb5,
0x26,0x05,0xef,0xb3,0x2f,0xf4,0xcf,0x31,0xaa,0xef,0x9a,0x92,
0xdf,0x84,0xe4,0xe8,0x40,0x8c,0xc6,0xc7,0xcf,0x27,0xa5,0x35,
0xaa,0xd2,0xb3,0x8a,0x56,
};
const unsigned char tc_ya[] = {
0x37,0x57,0x4c,0xfb,0xf1,0xb9,0x5f,0xf6,0xa8,0xe2,0xd7,0xbe,
0x46,0x2d,0x4d,0x01,0xe6,0xdd,0xe2,0x61,0x8f,0x34,0xf4,0xde,
0x9d,0xf8,0x69,0xb2,0x4f,0x53,0x2c,0x5d,
};
const unsigned char tc_ADa[] = {
0x41,0x44,0x61,
};
const unsigned char tc_Ya[] = {
0x04,0x1f,0x12,0xad,0x5f,0xc6,0x50,0x10,0xa2,0x4f,0xc0,0x4c,
0x86,0x19,0x71,0x09,0xa3,0x6d,0xf0,0xe9,0xce,0x85,0xa7,0x47,
0x9e,0x1e,0x13,0x64,0x69,0x2f,0xda,0xce,0x17,0xea,0x5a,0x63,
0x4e,0x19,0xc2,0x07,0xa5,0xd5,0x2e,0xad,0x6c,0x68,0x17,0xa1,
0x63,0xcf,0x2f,0x2f,0xe3,0x40,0x6c,0x5d,0xfd,0xfc,0x2e,0xcd,
0xf8,0xe4,0x2c,0x5e,0x16,
};
const unsigned char tc_yb[] = {
0xe5,0x67,0x2f,0xc9,0xeb,0x4e,0x72,0x1f,0x41,0xd8,0x01,0x81,
0xec,0x4c,0x9f,0xd9,0x88,0x66,0x68,0xac,0xc4,0x80,0x24,0xd3,
0x3c,0x82,0xbb,0x10,0x2a,0xec,0xba,0x52,
};
const unsigned char tc_ADb[] = {
0x41,0x44,0x62,
};
const unsigned char tc_Yb[] = {
0x04,0x6a,0x51,0x18,0x0b,0x6e,0xba,0xba,0xf5,0xed,0x0a,0xf8,
0xcd,0x78,0x68,0x86,0xd9,0x33,0x42,0xbc,0xae,0x4c,0x15,0x8c,
0xe1,0x61,0x7a,0x0a,0xcc,0x8e,0xc3,0x54,0x48,0x6f,0x9e,0xd2,
0xe9,0x21,0x09,0x13,0x20,0x6d,0x1e,0x3f,0x5e,0x46,0x3d,0x2d,
0x32,0x0c,0x4f,0x1f,0x5c,0xe8,0xb6,0x77,0xa7,0xe3,0x8a,0x26,
0xf7,0x52,0xbf,0x8f,0x84,
};
const unsigned char tc_K[] = {
0x3e,0x0e,0x2f,0x89,0x76,0xfb,0x8d,0x0d,0xee,0xe3,0x0a,0xef,
0x4b,0x5c,0xd3,0x63,0x1e,0xed,0x24,0x9a,0xf3,0x2f,0x53,0xd0,
0xdd,0x00,0x9b,0x5d,0x7b,0x8f,0x6b,0x6c,
};
const unsigned char tc_ISK_IR[] = {
0x95,0x65,0xed,0x28,0x6b,0x6e,0x3c,0xf1,0xf9,0x43,0xfd,0x31,
0x74,0x6f,0x9a,0x22,0x93,0x55,0x37,0x02,0x5a,0x13,0x28,0xd4,
0x98,0x00,0x05,0xba,0x98,0x4f,0x0c,0x39,
};
const unsigned char tc_ISK_SY[] = {
0x62,0xa4,0x45,0xa4,0xda,0xa3,0x54,0x6d,0xd0,0x31,0xc6,0x6e,
0xad,0x2e,0x4e,0x01,0x5a,0xbb,0xcc,0x83,0xbd,0xe3,0x1c,0x90,
0xf8,0x41,0x14,0x9f,0xd4,0x41,0xc5,0x8a,
};
const unsigned char tc_ISK_SY[] = {
0x62,0xa4,0x45,0xa4,0xda,0xa3,0x54,0x6d,0xd0,0x31,0xc6,0x6e,
0xad,0x2e,0x4e,0x01,0x5a,0xbb,0xcc,0x83,0xbd,0xe3,0x1c,0x90,
0xf8,0x41,0x14,0x9f,0xd4,0x41,0xc5,0x8a,
};
const unsigned char tc_sid_out_ir[] = {
0xa7,0x38,0x6d,0x1c,0x2e,0xb0,0x6e,0x80,0x56,0xd7,0xfe,0xcb,
0xcf,0x69,0x1e,0x08,0xd1,0x89,0xd9,0x62,0x36,0x02,0x0e,0xf3,
0x1b,0x41,0x40,0x69,0x8a,0x4b,0x99,0xf9,
};
const unsigned char tc_sid_out_oc[] = {
0xd3,0x37,0xdb,0xc0,0xdd,0x79,0x7b,0x4e,0x6f,0x2f,0x14,0xea,
0x49,0x25,0xc5,0x8e,0x5d,0x55,0x23,0x87,0x1e,0x8c,0xb4,0x3a,
0x3c,0x1b,0x0f,0x2b,0x1a,0x1f,0xfd,0xe3,
}; #eyJQUlMiOiAiNTA2MTczNzM3NzZGNzI2NCIsICJDSSI6ICI2RjYzMEI0MjVGNzI2NT
#czNzA2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2RjcyIiwgInNpZCI6ICIz
#NEIzNjQ1NENBQjJFNzg0MkMzODlGN0Q4OEVDQjdERiIsICJnIjogIjA0RUVFNTc3Mz
#IwQjFDMjQxQTc5NDE5RkNERTU3MThDMkI2M0Y4MUVGODcxN0Q1NkE1N0QyRkIyNkI2
#NUE4QkVCNjM1NzNCNTI2MDVFRkIzMkZGNENGMzFBQUVGOUE5MkRGODRFNEU4NDA4Q0
#M2QzdDRjI3QTUzNUFBRDJCMzhBNTYiLCAieWEiOiAiMzc1NzRDRkJGMUI5NUZGNkE4
#RTJEN0JFNDYyRDREMDFFNkRERTI2MThGMzRGNERFOURGODY5QjI0RjUzMkM1RCIsIC
#JBRGEiOiAiNDE0NDYxIiwgIllhIjogIjA0MUYxMkFENUZDNjUwMTBBMjRGQzA0Qzg2
#MTk3MTA5QTM2REYwRTlDRTg1QTc0NzlFMUUxMzY0NjkyRkRBQ0UxN0VBNUE2MzRFMT
#lDMjA3QTVENTJFQUQ2QzY4MTdBMTYzQ0YyRjJGRTM0MDZDNURGREZDMkVDREY4RTQy
#QzVFMTYiLCAieWIiOiAiRTU2NzJGQzlFQjRFNzIxRjQxRDgwMTgxRUM0QzlGRDk4OD
#Y2NjhBQ0M0ODAyNEQzM0M4MkJCMTAyQUVDQkE1MiIsICJBRGIiOiAiNDE0NDYyIiwg
#IlliIjogIjA0NkE1MTE4MEI2RUJBQkFGNUVEMEFGOENENzg2ODg2RDkzMzQyQkNBRT
#RDMTU4Q0UxNjE3QTBBQ0M4RUMzNTQ0ODZGOUVEMkU5MjEwOTEzMjA2RDFFM0Y1RTQ2
#M0QyRDMyMEM0RjFGNUNFOEI2NzdBN0UzOEEyNkY3NTJCRjhGODQiLCAiSyI6ICIzRT
#BFMkY4OTc2RkI4RDBERUVFMzBBRUY0QjVDRDM2MzFFRUQyNDlBRjMyRjUzRDBERDAw
#OUI1RDdCOEY2QjZDIiwgIklTS19JUiI6ICI5NTY1RUQyODZCNkUzQ0YxRjk0M0ZEMz
#E3NDZGOUEyMjkzNTUzNzAyNUExMzI4RDQ5ODAwMDVCQTk4NEYwQzM5IiwgIklTS19T
#WSI6ICI2MkE0NDVBNERBQTM1NDZERDAzMUM2NkVBRDJFNEUwMTVBQkJDQzgzQkRFMz
#FDOTBGODQxMTQ5RkQ0NDFDNThBIiwgInNpZF9vdXRwdXRfaXIiOiAiQTczODZEMUMy
#RUIwNkU4MDU2RDdGRUNCQ0Y2OTFFMDhEMTg5RDk2MjM2MDIwRUYzMUI0MTQwNjk4QT
#RCOTlGOSIsICJzaWRfb3V0cHV0X29jIjogIkQzMzdEQkMwREQ3OTdCNEU2RjJGMTRF
#QTQ5MjVDNThFNUQ1NTIzODcxRThDQjQzQTNDMUIwRjJCMUExRkZERTMifQ==
s: (length: 32 bytes)
f012501c091ff9b99a123fffe571d8bc01e8077ee581362e1bd21399
0835643b
X: (length: 65 bytes)
0424648eb986c2be0af636455cef0550671d6bcd8aa26e0d72ffa1b1
fd12ba4e0f78da2b6d2184f31af39e566aef127014b6936c9a37346d
10a4ab2514faef5831
G.scalar_mult(s,X) (full coordinates): (length: 65 bytes)
04f5a191f078c87c36633b78c701751159d56c59f3fe9105b5720673
470f303ab925b6a7fd1cdd8f649a21cf36b68d9e9c4a11919a951892
519786104b27033757
G.scalar_mult_vfy(s,X) (only X-coordinate):
(length: 32 bytes)
f5a191f078c87c36633b78c701751159d56c59f3fe9105b572067347
0f303ab9
For these test cases scalar_mult_vfy(y,.) MUST return the representation of the neutral element G.I. When including Y_i1 or Y_i2 in messages of A or B the protocol MUST abort.
s: (length: 32 bytes)
f012501c091ff9b99a123fffe571d8bc01e8077ee581362e1bd21399
0835643b
Y_i1: (length: 65 bytes)
0424648eb986c2be0af636455cef0550671d6bcd8aa26e0d72ffa1b1
fd12ba4e0f78da2b6d2184f31af39e566aef127014b6936c9a37346d
10a4ab2514faef5857
Y_i2: (length: 1 bytes)
00
G.scalar_mult_vfy(s,Y_i1) = G.scalar_mult_vfy(s,Y_i2) = G.I
#eyJWYWxpZCI6IHsicyI6ICJGMDEyNTAxQzA5MUZGOUI5OUExMjNGRkZFNTcxRDhCQz
#AxRTgwNzdFRTU4MTM2MkUxQkQyMTM5OTA4MzU2NDNCIiwgIlgiOiAiMDQyNDY0OEVC
#OTg2QzJCRTBBRjYzNjQ1NUNFRjA1NTA2NzFENkJDRDhBQTI2RTBENzJGRkExQjFGRD
#EyQkE0RTBGNzhEQTJCNkQyMTg0RjMxQUYzOUU1NjZBRUYxMjcwMTRCNjkzNkM5QTM3
#MzQ2RDEwQTRBQjI1MTRGQUVGNTgzMSIsICJHLnNjYWxhcl9tdWx0KHMsWCkgKGZ1bG
#wgY29vcmRpbmF0ZXMpIjogIjA0RjVBMTkxRjA3OEM4N0MzNjYzM0I3OEM3MDE3NTEx
#NTlENTZDNTlGM0ZFOTEwNUI1NzIwNjczNDcwRjMwM0FCOTI1QjZBN0ZEMUNERDhGNj
#Q5QTIxQ0YzNkI2OEQ5RTlDNEExMTkxOUE5NTE4OTI1MTk3ODYxMDRCMjcwMzM3NTci
#LCAiRy5zY2FsYXJfbXVsdF92ZnkocyxYKSAob25seSBYLWNvb3JkaW5hdGUpIjogIk
#Y1QTE5MUYwNzhDODdDMzY2MzNCNzhDNzAxNzUxMTU5RDU2QzU5RjNGRTkxMDVCNTcy
#MDY3MzQ3MEYzMDNBQjkifSwgIkludmFsaWQgWTEiOiAiMDQyNDY0OEVCOTg2QzJCRT
#BBRjYzNjQ1NUNFRjA1NTA2NzFENkJDRDhBQTI2RTBENzJGRkExQjFGRDEyQkE0RTBG
#NzhEQTJCNkQyMTg0RjMxQUYzOUU1NjZBRUYxMjcwMTRCNjkzNkM5QTM3MzQ2RDEwQT
#RBQjI1MTRGQUVGNTg1NyIsICJJbnZhbGlkIFkyIjogIjAwIn0=
Inputs
H = SHA-384 with input block size 128 bytes.
PRS = b'Password' ; ZPAD length: 87 ;
DSI = b'CPaceP384_XMD:SHA-384_SSWU_NU_'
DST = b'CPaceP384_XMD:SHA-384_SSWU_NU__DST'
CI = b'oc\x0bB_responder\x0bA_initiator'
CI = 6f630b425f726573706f6e6465720b415f696e69746961746f72
sid = 5b3773aa90e8f23c61563a4b645b276c
Outputs
generator_string(PRS,G.DSI,CI,sid,H.s_in_bytes):
(length: 172 bytes)
1e4350616365503338345f584d443a5348412d3338345f535357555f
4e555f0850617373776f726457000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
000000000000000000000000000000001a6f630b425f726573706f6e
6465720b415f696e69746961746f72105b3773aa90e8f23c61563a4b
645b276c
generator g: (length: 97 bytes)
04ffe1bdc3293fdbe31b2959916e52c018e923eac99836bd9a1cbeec
794a8d4d78baa32cdafc9685bc1067a780f4ad9c8a6c6e164aa42906
d1e27f782581adc8e0109219626a2b8fbdc34602e4084554bdd6c0c6
98dd657ac8e31b2bcce1c7b0d8
#eyJIIjogIlNIQS0zODQiLCAiSC5zX2luX2J5dGVzIjogMTI4LCAiUFJTIjogIjUwNj
#E3MzczNzc2RjcyNjQiLCAiWlBBRCBsZW5ndGgiOiA4NywgIkRTSSI6ICI0MzUwNjE2
#MzY1NTAzMzM4MzQ1RjU4NEQ0NDNBNTM0ODQxMkQzMzM4MzQ1RjUzNTM1NzU1NUY0RT
#U1NUYiLCAiQ0kiOiAiNkY2MzBCNDI1RjcyNjU3MzcwNkY2RTY0NjU3MjBCNDE1RjY5
#NkU2OTc0Njk2MTc0NkY3MiIsICJzaWQiOiAiNUIzNzczQUE5MEU4RjIzQzYxNTYzQT
#RCNjQ1QjI3NkMiLCAiZ2VuZXJhdG9yX3N0cmluZyhHLkRTSSxQUlMsQ0ksc2lkLEgu
#c19pbl9ieXRlcykiOiAiMUU0MzUwNjE2MzY1NTAzMzM4MzQ1RjU4NEQ0NDNBNTM0OD
#QxMkQzMzM4MzQ1RjUzNTM1NzU1NUY0RTU1NUYwODUwNjE3MzczNzc2RjcyNjQ1NzAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDFBNkY2MzBCNDI1RjcyNjU3MzcwNkY2RTY0
#NjU3MjBCNDE1RjY5NkU2OTc0Njk2MTc0NkY3MjEwNUIzNzczQUE5MEU4RjIzQzYxNT
#YzQTRCNjQ1QjI3NkMiLCAiZ2VuZXJhdG9yIGciOiAiMDRGRkUxQkRDMzI5M0ZEQkUz
#MUIyOTU5OTE2RTUyQzAxOEU5MjNFQUM5OTgzNkJEOUExQ0JFRUM3OTRBOEQ0RDc4Qk
#FBMzJDREFGQzk2ODVCQzEwNjdBNzgwRjRBRDlDOEE2QzZFMTY0QUE0MjkwNkQxRTI3
#Rjc4MjU4MUFEQzhFMDEwOTIxOTYyNkEyQjhGQkRDMzQ2MDJFNDA4NDU1NEJERDZDME
#M2OThERDY1N0FDOEUzMUIyQkNDRTFDN0IwRDgifQ==
Inputs
ADa = b'ADa'
ya (big endian): (length: 48 bytes)
ef433dd5ad142c860e7cb6400dd315d388d5ec5420c550e9d6f0907f
375d988bc4d704837e43561c497e7dd93edcdb9d
Outputs
Ya: (length: 97 bytes)
0434a04da121995d81d7c5ded02cf2e70954dca49059485ea38310b7
3b96fa1ec78619c5a1e524472778331fbe009fa1564a3203e42993a3
6285fa54e6c24184fd227458c87781be16fff46dbc970cc1b1770050
a94d6826d52f211b234792e66d
Alternative correct value for Ya: (-ya)*g:
(length: 97 bytes)
0434a04da121995d81d7c5ded02cf2e70954dca49059485ea38310b7
3b96fa1ec78619c5a1e524472778331fbe009fa156b5cdfc1bd66c5c
9d7a05ab193dbe7b02dd8ba737887e41e9000b924368f33e4d88ffaf
55b297d92ad0dee4ddb86d1992
Inputs
ADb = b'ADb'
yb (big endian): (length: 48 bytes)
50b0e36b95a2edfaa8342b843dddc90b175330f2399c1b36586dedda
3c255975f30be6a750f9404fccc62a6323b5e471
Outputs
Yb: (length: 97 bytes)
040a6559147fd492ad74ab1f4def6196fd6399540e84706227a1f90d
104cdaeb630b7c5c18748deb25653ad2a4cb5e6274841cad328bb031
2628b9b1f51bea72b8c610999a6730f752649205ae85c452ef83f98b
e715cd0103186874b07cf02074
Alternative correct value for Yb: (-yb)*g:
(length: 97 bytes)
040a6559147fd492ad74ab1f4def6196fd6399540e84706227a1f90d
104cdaeb630b7c5c18748deb25653ad2a4cb5e62747be352cd744fce
d9d7464e0ae4158d4739ef666598cf08ad9b6dfa517a3bad0f7c0674
17ea32fefce7978b50830fdf8b
scalar_mult_vfy(ya,Yb): (length: 48 bytes)
a9acaea95692a64462067fe8e4321f2fca9793a8a0420f0e253ed0d6
db858fe161de7576206a8a35bd4a60e00724fd3e
scalar_mult_vfy(yb,Ya): (length: 48 bytes)
a9acaea95692a64462067fe8e4321f2fca9793a8a0420f0e253ed0d6
db858fe161de7576206a8a35bd4a60e00724fd3e
transcript_ir(Ya,ADa,Yb,ADb): (length: 204 bytes)
610434a04da121995d81d7c5ded02cf2e70954dca49059485ea38310
b73b96fa1ec78619c5a1e524472778331fbe009fa1564a3203e42993
a36285fa54e6c24184fd227458c87781be16fff46dbc970cc1b17700
50a94d6826d52f211b234792e66d0341446161040a6559147fd492ad
74ab1f4def6196fd6399540e84706227a1f90d104cdaeb630b7c5c18
748deb25653ad2a4cb5e6274841cad328bb0312628b9b1f51bea72b8
c610999a6730f752649205ae85c452ef83f98be715cd0103186874b0
7cf0207403414462
DSI = G.DSI_ISK, b'CPaceP384_XMD:SHA-384_SSWU_NU__ISK':
(length: 34 bytes)
4350616365503338345f584d443a5348412d3338345f535357555f4e
555f5f49534b
lv_cat(DSI,sid,K)||transcript_ir(Ya,ADa,Yb,ADb):
(length: 305 bytes)
224350616365503338345f584d443a5348412d3338345f535357555f
4e555f5f49534b105b3773aa90e8f23c61563a4b645b276c30a9acae
a95692a64462067fe8e4321f2fca9793a8a0420f0e253ed0d6db858f
e161de7576206a8a35bd4a60e00724fd3e610434a04da121995d81d7
c5ded02cf2e70954dca49059485ea38310b73b96fa1ec78619c5a1e5
24472778331fbe009fa1564a3203e42993a36285fa54e6c24184fd22
7458c87781be16fff46dbc970cc1b1770050a94d6826d52f211b2347
92e66d0341446161040a6559147fd492ad74ab1f4def6196fd639954
0e84706227a1f90d104cdaeb630b7c5c18748deb25653ad2a4cb5e62
74841cad328bb0312628b9b1f51bea72b8c610999a6730f752649205
ae85c452ef83f98be715cd0103186874b07cf0207403414462
ISK result: (length: 48 bytes)
d1b74375c7d63d7de246cbf3fc2b3092645c73a0aa816989c0de6048
ed4ece6a54df82d05d2be3498cb9288be7bdbdb9
transcript_oc(Ya,ADa,Yb,ADb): (length: 206 bytes)
6f63610434a04da121995d81d7c5ded02cf2e70954dca49059485ea3
8310b73b96fa1ec78619c5a1e524472778331fbe009fa1564a3203e4
2993a36285fa54e6c24184fd227458c87781be16fff46dbc970cc1b1
770050a94d6826d52f211b234792e66d0341446161040a6559147fd4
92ad74ab1f4def6196fd6399540e84706227a1f90d104cdaeb630b7c
5c18748deb25653ad2a4cb5e6274841cad328bb0312628b9b1f51bea
72b8c610999a6730f752649205ae85c452ef83f98be715cd01031868
74b07cf0207403414462
DSI = G.DSI_ISK, b'CPaceP384_XMD:SHA-384_SSWU_NU__ISK':
(length: 34 bytes)
4350616365503338345f584d443a5348412d3338345f535357555f4e
555f5f49534b
lv_cat(DSI,sid,K)||transcript_oc(Ya,ADa,Yb,ADb):
(length: 307 bytes)
224350616365503338345f584d443a5348412d3338345f535357555f
4e555f5f49534b105b3773aa90e8f23c61563a4b645b276c30a9acae
a95692a64462067fe8e4321f2fca9793a8a0420f0e253ed0d6db858f
e161de7576206a8a35bd4a60e00724fd3e6f63610434a04da121995d
81d7c5ded02cf2e70954dca49059485ea38310b73b96fa1ec78619c5
a1e524472778331fbe009fa1564a3203e42993a36285fa54e6c24184
fd227458c87781be16fff46dbc970cc1b1770050a94d6826d52f211b
234792e66d0341446161040a6559147fd492ad74ab1f4def6196fd63
99540e84706227a1f90d104cdaeb630b7c5c18748deb25653ad2a4cb
5e6274841cad328bb0312628b9b1f51bea72b8c610999a6730f75264
9205ae85c452ef83f98be715cd0103186874b07cf0207403414462
ISK result: (length: 48 bytes)
a051d4532ca9fb6774e097ebac69c1d6a18144a15421dc155d0b1e8a
ef9f9d8c0fe86e85d3cbee7796ff50171f42801b
H.hash(b"CPaceSidOut" + transcript_ir(Ya,ADa, Yb,ADb)):
(length: 48 bytes)
8d5a03946a69ffa12cd6efd469fe8671bbc25fad6db2656f3963c94e
9c940bdecc2bd555474c211817787d5cf7870ed1
H.hash(b"CPaceSidOut" + transcript_oc(Ya,ADa, Yb,ADb)):
(length: 48 bytes)
c0729db25db40c48a35f787d5410b2cb9a2d9f5e9cf1cf159ed2f63c
6b2185e597e176cc221422e9496eeda2bf123c8b
const unsigned char tc_PRS[] = {
0x50,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,
};
const unsigned char tc_CI[] = {
0x6f,0x63,0x0b,0x42,0x5f,0x72,0x65,0x73,0x70,0x6f,0x6e,0x64,
0x65,0x72,0x0b,0x41,0x5f,0x69,0x6e,0x69,0x74,0x69,0x61,0x74,
0x6f,0x72,
};
const unsigned char tc_sid[] = {
0x5b,0x37,0x73,0xaa,0x90,0xe8,0xf2,0x3c,0x61,0x56,0x3a,0x4b,
0x64,0x5b,0x27,0x6c,
};
const unsigned char tc_g[] = {
0x04,0xff,0xe1,0xbd,0xc3,0x29,0x3f,0xdb,0xe3,0x1b,0x29,0x59,
0x91,0x6e,0x52,0xc0,0x18,0xe9,0x23,0xea,0xc9,0x98,0x36,0xbd,
0x9a,0x1c,0xbe,0xec,0x79,0x4a,0x8d,0x4d,0x78,0xba,0xa3,0x2c,
0xda,0xfc,0x96,0x85,0xbc,0x10,0x67,0xa7,0x80,0xf4,0xad,0x9c,
0x8a,0x6c,0x6e,0x16,0x4a,0xa4,0x29,0x06,0xd1,0xe2,0x7f,0x78,
0x25,0x81,0xad,0xc8,0xe0,0x10,0x92,0x19,0x62,0x6a,0x2b,0x8f,
0xbd,0xc3,0x46,0x02,0xe4,0x08,0x45,0x54,0xbd,0xd6,0xc0,0xc6,
0x98,0xdd,0x65,0x7a,0xc8,0xe3,0x1b,0x2b,0xcc,0xe1,0xc7,0xb0,
0xd8,
};
const unsigned char tc_ya[] = {
0xef,0x43,0x3d,0xd5,0xad,0x14,0x2c,0x86,0x0e,0x7c,0xb6,0x40,
0x0d,0xd3,0x15,0xd3,0x88,0xd5,0xec,0x54,0x20,0xc5,0x50,0xe9,
0xd6,0xf0,0x90,0x7f,0x37,0x5d,0x98,0x8b,0xc4,0xd7,0x04,0x83,
0x7e,0x43,0x56,0x1c,0x49,0x7e,0x7d,0xd9,0x3e,0xdc,0xdb,0x9d,
};
const unsigned char tc_ADa[] = {
0x41,0x44,0x61,
};
const unsigned char tc_Ya[] = {
0x04,0x34,0xa0,0x4d,0xa1,0x21,0x99,0x5d,0x81,0xd7,0xc5,0xde,
0xd0,0x2c,0xf2,0xe7,0x09,0x54,0xdc,0xa4,0x90,0x59,0x48,0x5e,
0xa3,0x83,0x10,0xb7,0x3b,0x96,0xfa,0x1e,0xc7,0x86,0x19,0xc5,
0xa1,0xe5,0x24,0x47,0x27,0x78,0x33,0x1f,0xbe,0x00,0x9f,0xa1,
0x56,0x4a,0x32,0x03,0xe4,0x29,0x93,0xa3,0x62,0x85,0xfa,0x54,
0xe6,0xc2,0x41,0x84,0xfd,0x22,0x74,0x58,0xc8,0x77,0x81,0xbe,
0x16,0xff,0xf4,0x6d,0xbc,0x97,0x0c,0xc1,0xb1,0x77,0x00,0x50,
0xa9,0x4d,0x68,0x26,0xd5,0x2f,0x21,0x1b,0x23,0x47,0x92,0xe6,
0x6d,
};
const unsigned char tc_yb[] = {
0x50,0xb0,0xe3,0x6b,0x95,0xa2,0xed,0xfa,0xa8,0x34,0x2b,0x84,
0x3d,0xdd,0xc9,0x0b,0x17,0x53,0x30,0xf2,0x39,0x9c,0x1b,0x36,
0x58,0x6d,0xed,0xda,0x3c,0x25,0x59,0x75,0xf3,0x0b,0xe6,0xa7,
0x50,0xf9,0x40,0x4f,0xcc,0xc6,0x2a,0x63,0x23,0xb5,0xe4,0x71,
};
const unsigned char tc_ADb[] = {
0x41,0x44,0x62,
};
const unsigned char tc_Yb[] = {
0x04,0x0a,0x65,0x59,0x14,0x7f,0xd4,0x92,0xad,0x74,0xab,0x1f,
0x4d,0xef,0x61,0x96,0xfd,0x63,0x99,0x54,0x0e,0x84,0x70,0x62,
0x27,0xa1,0xf9,0x0d,0x10,0x4c,0xda,0xeb,0x63,0x0b,0x7c,0x5c,
0x18,0x74,0x8d,0xeb,0x25,0x65,0x3a,0xd2,0xa4,0xcb,0x5e,0x62,
0x74,0x84,0x1c,0xad,0x32,0x8b,0xb0,0x31,0x26,0x28,0xb9,0xb1,
0xf5,0x1b,0xea,0x72,0xb8,0xc6,0x10,0x99,0x9a,0x67,0x30,0xf7,
0x52,0x64,0x92,0x05,0xae,0x85,0xc4,0x52,0xef,0x83,0xf9,0x8b,
0xe7,0x15,0xcd,0x01,0x03,0x18,0x68,0x74,0xb0,0x7c,0xf0,0x20,
0x74,
};
const unsigned char tc_K[] = {
0xa9,0xac,0xae,0xa9,0x56,0x92,0xa6,0x44,0x62,0x06,0x7f,0xe8,
0xe4,0x32,0x1f,0x2f,0xca,0x97,0x93,0xa8,0xa0,0x42,0x0f,0x0e,
0x25,0x3e,0xd0,0xd6,0xdb,0x85,0x8f,0xe1,0x61,0xde,0x75,0x76,
0x20,0x6a,0x8a,0x35,0xbd,0x4a,0x60,0xe0,0x07,0x24,0xfd,0x3e,
};
const unsigned char tc_ISK_IR[] = {
0xd1,0xb7,0x43,0x75,0xc7,0xd6,0x3d,0x7d,0xe2,0x46,0xcb,0xf3,
0xfc,0x2b,0x30,0x92,0x64,0x5c,0x73,0xa0,0xaa,0x81,0x69,0x89,
0xc0,0xde,0x60,0x48,0xed,0x4e,0xce,0x6a,0x54,0xdf,0x82,0xd0,
0x5d,0x2b,0xe3,0x49,0x8c,0xb9,0x28,0x8b,0xe7,0xbd,0xbd,0xb9,
};
const unsigned char tc_ISK_SY[] = {
0xa0,0x51,0xd4,0x53,0x2c,0xa9,0xfb,0x67,0x74,0xe0,0x97,0xeb,
0xac,0x69,0xc1,0xd6,0xa1,0x81,0x44,0xa1,0x54,0x21,0xdc,0x15,
0x5d,0x0b,0x1e,0x8a,0xef,0x9f,0x9d,0x8c,0x0f,0xe8,0x6e,0x85,
0xd3,0xcb,0xee,0x77,0x96,0xff,0x50,0x17,0x1f,0x42,0x80,0x1b,
};
const unsigned char tc_ISK_SY[] = {
0xa0,0x51,0xd4,0x53,0x2c,0xa9,0xfb,0x67,0x74,0xe0,0x97,0xeb,
0xac,0x69,0xc1,0xd6,0xa1,0x81,0x44,0xa1,0x54,0x21,0xdc,0x15,
0x5d,0x0b,0x1e,0x8a,0xef,0x9f,0x9d,0x8c,0x0f,0xe8,0x6e,0x85,
0xd3,0xcb,0xee,0x77,0x96,0xff,0x50,0x17,0x1f,0x42,0x80,0x1b,
};
const unsigned char tc_sid_out_ir[] = {
0x8d,0x5a,0x03,0x94,0x6a,0x69,0xff,0xa1,0x2c,0xd6,0xef,0xd4,
0x69,0xfe,0x86,0x71,0xbb,0xc2,0x5f,0xad,0x6d,0xb2,0x65,0x6f,
0x39,0x63,0xc9,0x4e,0x9c,0x94,0x0b,0xde,0xcc,0x2b,0xd5,0x55,
0x47,0x4c,0x21,0x18,0x17,0x78,0x7d,0x5c,0xf7,0x87,0x0e,0xd1,
};
const unsigned char tc_sid_out_oc[] = {
0xc0,0x72,0x9d,0xb2,0x5d,0xb4,0x0c,0x48,0xa3,0x5f,0x78,0x7d,
0x54,0x10,0xb2,0xcb,0x9a,0x2d,0x9f,0x5e,0x9c,0xf1,0xcf,0x15,
0x9e,0xd2,0xf6,0x3c,0x6b,0x21,0x85,0xe5,0x97,0xe1,0x76,0xcc,
0x22,0x14,0x22,0xe9,0x49,0x6e,0xed,0xa2,0xbf,0x12,0x3c,0x8b,
}; #eyJQUlMiOiAiNTA2MTczNzM3NzZGNzI2NCIsICJDSSI6ICI2RjYzMEI0MjVGNzI2NT
#czNzA2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2RjcyIiwgInNpZCI6ICI1
#QjM3NzNBQTkwRThGMjNDNjE1NjNBNEI2NDVCMjc2QyIsICJnIjogIjA0RkZFMUJEQz
#MyOTNGREJFMzFCMjk1OTkxNkU1MkMwMThFOTIzRUFDOTk4MzZCRDlBMUNCRUVDNzk0
#QThENEQ3OEJBQTMyQ0RBRkM5Njg1QkMxMDY3QTc4MEY0QUQ5QzhBNkM2RTE2NEFBND
#I5MDZEMUUyN0Y3ODI1ODFBREM4RTAxMDkyMTk2MjZBMkI4RkJEQzM0NjAyRTQwODQ1
#NTRCREQ2QzBDNjk4REQ2NTdBQzhFMzFCMkJDQ0UxQzdCMEQ4IiwgInlhIjogIkVGND
#MzREQ1QUQxNDJDODYwRTdDQjY0MDBERDMxNUQzODhENUVDNTQyMEM1NTBFOUQ2RjA5
#MDdGMzc1RDk4OEJDNEQ3MDQ4MzdFNDM1NjFDNDk3RTdERDkzRURDREI5RCIsICJBRG
#EiOiAiNDE0NDYxIiwgIllhIjogIjA0MzRBMDREQTEyMTk5NUQ4MUQ3QzVERUQwMkNG
#MkU3MDk1NERDQTQ5MDU5NDg1RUEzODMxMEI3M0I5NkZBMUVDNzg2MTlDNUExRTUyND
#Q3Mjc3ODMzMUZCRTAwOUZBMTU2NEEzMjAzRTQyOTkzQTM2Mjg1RkE1NEU2QzI0MTg0
#RkQyMjc0NThDODc3ODFCRTE2RkZGNDZEQkM5NzBDQzFCMTc3MDA1MEE5NEQ2ODI2RD
#UyRjIxMUIyMzQ3OTJFNjZEIiwgInliIjogIjUwQjBFMzZCOTVBMkVERkFBODM0MkI4
#NDNERERDOTBCMTc1MzMwRjIzOTlDMUIzNjU4NkRFRERBM0MyNTU5NzVGMzBCRTZBNz
#UwRjk0MDRGQ0NDNjJBNjMyM0I1RTQ3MSIsICJBRGIiOiAiNDE0NDYyIiwgIlliIjog
#IjA0MEE2NTU5MTQ3RkQ0OTJBRDc0QUIxRjRERUY2MTk2RkQ2Mzk5NTQwRTg0NzA2Mj
#I3QTFGOTBEMTA0Q0RBRUI2MzBCN0M1QzE4NzQ4REVCMjU2NTNBRDJBNENCNUU2Mjc0
#ODQxQ0FEMzI4QkIwMzEyNjI4QjlCMUY1MUJFQTcyQjhDNjEwOTk5QTY3MzBGNzUyNj
#Q5MjA1QUU4NUM0NTJFRjgzRjk4QkU3MTVDRDAxMDMxODY4NzRCMDdDRjAyMDc0Iiwg
#IksiOiAiQTlBQ0FFQTk1NjkyQTY0NDYyMDY3RkU4RTQzMjFGMkZDQTk3OTNBOEEwND
#IwRjBFMjUzRUQwRDZEQjg1OEZFMTYxREU3NTc2MjA2QThBMzVCRDRBNjBFMDA3MjRG
#RDNFIiwgIklTS19JUiI6ICJEMUI3NDM3NUM3RDYzRDdERTI0NkNCRjNGQzJCMzA5Mj
#Y0NUM3M0EwQUE4MTY5ODlDMERFNjA0OEVENEVDRTZBNTRERjgyRDA1RDJCRTM0OThD
#QjkyODhCRTdCREJEQjkiLCAiSVNLX1NZIjogIkEwNTFENDUzMkNBOUZCNjc3NEUwOT
#dFQkFDNjlDMUQ2QTE4MTQ0QTE1NDIxREMxNTVEMEIxRThBRUY5RjlEOEMwRkU4NkU4
#NUQzQ0JFRTc3OTZGRjUwMTcxRjQyODAxQiIsICJzaWRfb3V0cHV0X2lyIjogIjhENU
#EwMzk0NkE2OUZGQTEyQ0Q2RUZENDY5RkU4NjcxQkJDMjVGQUQ2REIyNjU2RjM5NjND
#OTRFOUM5NDBCREVDQzJCRDU1NTQ3NEMyMTE4MTc3ODdENUNGNzg3MEVEMSIsICJzaW
#Rfb3V0cHV0X29jIjogIkMwNzI5REIyNURCNDBDNDhBMzVGNzg3RDU0MTBCMkNCOUEy
#RDlGNUU5Q0YxQ0YxNTlFRDJGNjNDNkIyMTg1RTU5N0UxNzZDQzIyMTQyMkU5NDk2RU
#VEQTJCRjEyM0M4QiJ9
s: (length: 48 bytes)
6e8a99a5cdd408eae98e1b8aed286e7b12adbbdac7f2c628d9060ce9
2ae0d90bd57a564fd3500fbcce3425dc94ba0ade
X: (length: 97 bytes)
045b4cd53c4506cc04ba4c44f2762d5d32c3e55df25b8baa5571b165
7ad9576efea8259f0684de065a470585b4be876748c7797054f3defe
f21b77f83d53bac57c89d52aa4d6dd5872bd281989b138359698009f
8ac1f301538badcce9d9f4036e
G.scalar_mult(s,X) (full coordinates): (length: 97 bytes)
0465c28db05fd9f9a93651c5cc31eae49c4e5246b46489b8f6105873
3173a033cda76c3e3ea5352b804e67fdbe2e334be8245dad5c8c993e
63bacf0456478f29b71b6c859f13676f84ff150d2741f028f560584a
0bdba19a63df62c08949c2fd6d
G.scalar_mult_vfy(s,X) (only X-coordinate):
(length: 48 bytes)
65c28db05fd9f9a93651c5cc31eae49c4e5246b46489b8f610587331
73a033cda76c3e3ea5352b804e67fdbe2e334be8
For these test cases scalar_mult_vfy(y,.) MUST return the representation of the neutral element G.I. When including Y_i1 or Y_i2 in messages of A or B the protocol MUST abort.
s: (length: 48 bytes)
6e8a99a5cdd408eae98e1b8aed286e7b12adbbdac7f2c628d9060ce9
2ae0d90bd57a564fd3500fbcce3425dc94ba0ade
Y_i1: (length: 97 bytes)
045b4cd53c4506cc04ba4c44f2762d5d32c3e55df25b8baa5571b165
7ad9576efea8259f0684de065a470585b4be876748c7797054f3defe
f21b77f83d53bac57c89d52aa4d6dd5872bd281989b138359698009f
8ac1f301538badcce9d9f40302
Y_i2: (length: 1 bytes)
00
G.scalar_mult_vfy(s,Y_i1) = G.scalar_mult_vfy(s,Y_i2) = G.I
#eyJWYWxpZCI6IHsicyI6ICI2RThBOTlBNUNERDQwOEVBRTk4RTFCOEFFRDI4NkU3Qj
#EyQURCQkRBQzdGMkM2MjhEOTA2MENFOTJBRTBEOTBCRDU3QTU2NEZEMzUwMEZCQ0NF
#MzQyNURDOTRCQTBBREUiLCAiWCI6ICIwNDVCNENENTNDNDUwNkNDMDRCQTRDNDRGMj
#c2MkQ1RDMyQzNFNTVERjI1QjhCQUE1NTcxQjE2NTdBRDk1NzZFRkVBODI1OUYwNjg0
#REUwNjVBNDcwNTg1QjRCRTg3Njc0OEM3Nzk3MDU0RjNERUZFRjIxQjc3RjgzRDUzQk
#FDNTdDODlENTJBQTRENkRENTg3MkJEMjgxOTg5QjEzODM1OTY5ODAwOUY4QUMxRjMw
#MTUzOEJBRENDRTlEOUY0MDM2RSIsICJHLnNjYWxhcl9tdWx0KHMsWCkgKGZ1bGwgY2
#9vcmRpbmF0ZXMpIjogIjA0NjVDMjhEQjA1RkQ5RjlBOTM2NTFDNUNDMzFFQUU0OUM0
#RTUyNDZCNDY0ODlCOEY2MTA1ODczMzE3M0EwMzNDREE3NkMzRTNFQTUzNTJCODA0RT
#Y3RkRCRTJFMzM0QkU4MjQ1REFENUM4Qzk5M0U2M0JBQ0YwNDU2NDc4RjI5QjcxQjZD
#ODU5RjEzNjc2Rjg0RkYxNTBEMjc0MUYwMjhGNTYwNTg0QTBCREJBMTlBNjNERjYyQz
#A4OTQ5QzJGRDZEIiwgIkcuc2NhbGFyX211bHRfdmZ5KHMsWCkgKG9ubHkgWC1jb29y
#ZGluYXRlKSI6ICI2NUMyOERCMDVGRDlGOUE5MzY1MUM1Q0MzMUVBRTQ5QzRFNTI0Nk
#I0NjQ4OUI4RjYxMDU4NzMzMTczQTAzM0NEQTc2QzNFM0VBNTM1MkI4MDRFNjdGREJF
#MkUzMzRCRTgifSwgIkludmFsaWQgWTEiOiAiMDQ1QjRDRDUzQzQ1MDZDQzA0QkE0Qz
#Q0RjI3NjJENUQzMkMzRTU1REYyNUI4QkFBNTU3MUIxNjU3QUQ5NTc2RUZFQTgyNTlG
#MDY4NERFMDY1QTQ3MDU4NUI0QkU4NzY3NDhDNzc5NzA1NEYzREVGRUYyMUI3N0Y4M0
#Q1M0JBQzU3Qzg5RDUyQUE0RDZERDU4NzJCRDI4MTk4OUIxMzgzNTk2OTgwMDlGOEFD
#MUYzMDE1MzhCQURDQ0U5RDlGNDAzMDIiLCAiSW52YWxpZCBZMiI6ICIwMCJ9
Inputs
H = SHA-512 with input block size 128 bytes.
PRS = b'Password' ; ZPAD length: 87 ;
DSI = b'CPaceP521_XMD:SHA-512_SSWU_NU_'
DST = b'CPaceP521_XMD:SHA-512_SSWU_NU__DST'
CI = b'oc\x0bB_responder\x0bA_initiator'
CI = 6f630b425f726573706f6e6465720b415f696e69746961746f72
sid = 7e4b4791d6a8ef019b936c79fb7f2c57
Outputs
generator_string(PRS,G.DSI,CI,sid,H.s_in_bytes):
(length: 172 bytes)
1e4350616365503532315f584d443a5348412d3531325f535357555f
4e555f0850617373776f726457000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000
000000000000000000000000000000001a6f630b425f726573706f6e
6465720b415f696e69746961746f72107e4b4791d6a8ef019b936c79
fb7f2c57
generator g: (length: 133 bytes)
0400e58a8fbf08b38e34a3676f6d690bed58aa4115ff32a57ec87172
fc2a1fb89d03258c6429c464981b3284b5fedbd1244bf27432008868
7065b9075dd558e14ed69901d2162db1ba3a49c97dca7c902cb1b96b
abe21a31942114c860665b35c46b8213f6de17194de54c441083dd11
63d5907adad8824bb1307dcf6a55c11a8f01d9789b
#eyJIIjogIlNIQS01MTIiLCAiSC5zX2luX2J5dGVzIjogMTI4LCAiUFJTIjogIjUwNj
#E3MzczNzc2RjcyNjQiLCAiWlBBRCBsZW5ndGgiOiA4NywgIkRTSSI6ICI0MzUwNjE2
#MzY1NTAzNTMyMzE1RjU4NEQ0NDNBNTM0ODQxMkQzNTMxMzI1RjUzNTM1NzU1NUY0RT
#U1NUYiLCAiQ0kiOiAiNkY2MzBCNDI1RjcyNjU3MzcwNkY2RTY0NjU3MjBCNDE1RjY5
#NkU2OTc0Njk2MTc0NkY3MiIsICJzaWQiOiAiN0U0QjQ3OTFENkE4RUYwMTlCOTM2Qz
#c5RkI3RjJDNTciLCAiZ2VuZXJhdG9yX3N0cmluZyhHLkRTSSxQUlMsQ0ksc2lkLEgu
#c19pbl9ieXRlcykiOiAiMUU0MzUwNjE2MzY1NTAzNTMyMzE1RjU4NEQ0NDNBNTM0OD
#QxMkQzNTMxMzI1RjUzNTM1NzU1NUY0RTU1NUYwODUwNjE3MzczNzc2RjcyNjQ1NzAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
#MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
#AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDFBNkY2MzBCNDI1RjcyNjU3MzcwNkY2RTY0
#NjU3MjBCNDE1RjY5NkU2OTc0Njk2MTc0NkY3MjEwN0U0QjQ3OTFENkE4RUYwMTlCOT
#M2Qzc5RkI3RjJDNTciLCAiZ2VuZXJhdG9yIGciOiAiMDQwMEU1OEE4RkJGMDhCMzhF
#MzRBMzY3NkY2RDY5MEJFRDU4QUE0MTE1RkYzMkE1N0VDODcxNzJGQzJBMUZCODlEMD
#MyNThDNjQyOUM0NjQ5ODFCMzI4NEI1RkVEQkQxMjQ0QkYyNzQzMjAwODg2ODcwNjVC
#OTA3NURENTU4RTE0RUQ2OTkwMUQyMTYyREIxQkEzQTQ5Qzk3RENBN0M5MDJDQjFCOT
#ZCQUJFMjFBMzE5NDIxMTRDODYwNjY1QjM1QzQ2QjgyMTNGNkRFMTcxOTRERTU0QzQ0
#MTA4M0REMTE2M0Q1OTA3QURBRDg4MjRCQjEzMDdEQ0Y2QTU1QzExQThGMDFEOTc4OU
#IifQ==
Inputs
ADa = b'ADa'
ya (big endian): (length: 66 bytes)
006367e9c2aeff9f1db19af600cca73343d47cbe446cebbd1ccd783f
82755a872da86fd0707eb3767c6114f1803deb62d63bdd1e613f67e6
3e8c141ee5310e3ee819
Outputs
Ya: (length: 133 bytes)
0400c2bfd794467f4438277e85a42e101fa4061e1ef6e05f81e5381f
30e73b341dd726089cb6a6bbe5a509fad009857488db7130ff768090
7312eb724cddb4dcce675b0098ad400fef80e1deb4bc1756c43961ef
60b85f2d62ed458454e11616a5d1df1e5809636821a73662f9f12254
e6f9950dd01fa8e26a8b20736fb63c63c81094f681
Alternative correct value for Ya: (-ya)*g:
(length: 133 bytes)
0400c2bfd794467f4438277e85a42e101fa4061e1ef6e05f81e5381f
30e73b341dd726089cb6a6bbe5a509fad009857488db7130ff768090
7312eb724cddb4dcce675b016752bff0107f1e214b43e8a93bc69e10
9f47a0d29d12ba7bab1ee9e95a2e20e1a7f69c97de58c99d060eddab
19066af22fe0571d9574df8c9049c39c37ef6b097e
Inputs
ADb = b'ADb'
yb (big endian): (length: 66 bytes)
009227bf8dc741dacc9422f8bf3c0e96fce9587bc562eaafe0dc5f6f
82f28594e4a6f98553560c62b75fa4abb198cecbbb86ebd41b0ea025
4cde78ac68d39a240ae7
Outputs
Yb: (length: 133 bytes)
0400706ea69b2b7167773248ea6e69a574e9dd2ff8a3d04a6e07f70c
709869ca486827d59f9290599d1cf94e1a03fc242e2b1316afe2fa21
8bfaeb3e1ffd9f19bf062d01f6b15c9c3651be4c08baf01eec25c818
ee12c6edc4620644b1d97cf24f868732d56fe45ce78e302c221c92f4
03e0fa3207de8bb41b388d81046a298ed8ddac9b2a
Alternative correct value for Yb: (-yb)*g:
(length: 133 bytes)
0400706ea69b2b7167773248ea6e69a574e9dd2ff8a3d04a6e07f70c
709869ca486827d59f9290599d1cf94e1a03fc242e2b1316afe2fa21
8bfaeb3e1ffd9f19bf062d00094ea363c9ae41b3f7450fe113da37e7
11ed39123b9df9bb4e26830db07978cd2a901ba31871cfd3dde36d0b
fc1f05cdf821744be4c7727efb95d67127225364d5
scalar_mult_vfy(ya,Yb): (length: 66 bytes)
018e0e7e9ade74917c11c0f6b52f95ed871eab235437cbee8b5c2509
516e787a80e825ed5d539fa6a0ec32c48fa8fabe85809d000d0cfd30
832c23d477c991bea8e5
scalar_mult_vfy(yb,Ya): (length: 66 bytes)
018e0e7e9ade74917c11c0f6b52f95ed871eab235437cbee8b5c2509
516e787a80e825ed5d539fa6a0ec32c48fa8fabe85809d000d0cfd30
832c23d477c991bea8e5
transcript_ir(Ya,ADa,Yb,ADb): (length: 278 bytes)
85010400c2bfd794467f4438277e85a42e101fa4061e1ef6e05f81e5
381f30e73b341dd726089cb6a6bbe5a509fad009857488db7130ff76
80907312eb724cddb4dcce675b0098ad400fef80e1deb4bc1756c439
61ef60b85f2d62ed458454e11616a5d1df1e5809636821a73662f9f1
2254e6f9950dd01fa8e26a8b20736fb63c63c81094f6810341446185
010400706ea69b2b7167773248ea6e69a574e9dd2ff8a3d04a6e07f7
0c709869ca486827d59f9290599d1cf94e1a03fc242e2b1316afe2fa
218bfaeb3e1ffd9f19bf062d01f6b15c9c3651be4c08baf01eec25c8
18ee12c6edc4620644b1d97cf24f868732d56fe45ce78e302c221c92
f403e0fa3207de8bb41b388d81046a298ed8ddac9b2a03414462
DSI = G.DSI_ISK, b'CPaceP521_XMD:SHA-512_SSWU_NU__ISK':
(length: 34 bytes)
4350616365503532315f584d443a5348412d3531325f535357555f4e
555f5f49534b
lv_cat(DSI,sid,K)||transcript_ir(Ya,ADa,Yb,ADb):
(length: 397 bytes)
224350616365503532315f584d443a5348412d3531325f535357555f
4e555f5f49534b107e4b4791d6a8ef019b936c79fb7f2c5742018e0e
7e9ade74917c11c0f6b52f95ed871eab235437cbee8b5c2509516e78
7a80e825ed5d539fa6a0ec32c48fa8fabe85809d000d0cfd30832c23
d477c991bea8e585010400c2bfd794467f4438277e85a42e101fa406
1e1ef6e05f81e5381f30e73b341dd726089cb6a6bbe5a509fad00985
7488db7130ff7680907312eb724cddb4dcce675b0098ad400fef80e1
deb4bc1756c43961ef60b85f2d62ed458454e11616a5d1df1e580963
6821a73662f9f12254e6f9950dd01fa8e26a8b20736fb63c63c81094
f6810341446185010400706ea69b2b7167773248ea6e69a574e9dd2f
f8a3d04a6e07f70c709869ca486827d59f9290599d1cf94e1a03fc24
2e2b1316afe2fa218bfaeb3e1ffd9f19bf062d01f6b15c9c3651be4c
08baf01eec25c818ee12c6edc4620644b1d97cf24f868732d56fe45c
e78e302c221c92f403e0fa3207de8bb41b388d81046a298ed8ddac9b
2a03414462
ISK result: (length: 64 bytes)
1669a0a29726adc7eea2510d6f7e004a135fa63ac3c9f9e6ce53cba5
d5e3781aced515956041e43358409a13ef90ddc3c36fd8d7d81424c8
e94592e21854260a
transcript_oc(Ya,ADa,Yb,ADb): (length: 280 bytes)
6f6385010400c2bfd794467f4438277e85a42e101fa4061e1ef6e05f
81e5381f30e73b341dd726089cb6a6bbe5a509fad009857488db7130
ff7680907312eb724cddb4dcce675b0098ad400fef80e1deb4bc1756
c43961ef60b85f2d62ed458454e11616a5d1df1e5809636821a73662
f9f12254e6f9950dd01fa8e26a8b20736fb63c63c81094f681034144
6185010400706ea69b2b7167773248ea6e69a574e9dd2ff8a3d04a6e
07f70c709869ca486827d59f9290599d1cf94e1a03fc242e2b1316af
e2fa218bfaeb3e1ffd9f19bf062d01f6b15c9c3651be4c08baf01eec
25c818ee12c6edc4620644b1d97cf24f868732d56fe45ce78e302c22
1c92f403e0fa3207de8bb41b388d81046a298ed8ddac9b2a03414462
DSI = G.DSI_ISK, b'CPaceP521_XMD:SHA-512_SSWU_NU__ISK':
(length: 34 bytes)
4350616365503532315f584d443a5348412d3531325f535357555f4e
555f5f49534b
lv_cat(DSI,sid,K)||transcript_oc(Ya,ADa,Yb,ADb):
(length: 399 bytes)
224350616365503532315f584d443a5348412d3531325f535357555f
4e555f5f49534b107e4b4791d6a8ef019b936c79fb7f2c5742018e0e
7e9ade74917c11c0f6b52f95ed871eab235437cbee8b5c2509516e78
7a80e825ed5d539fa6a0ec32c48fa8fabe85809d000d0cfd30832c23
d477c991bea8e56f6385010400c2bfd794467f4438277e85a42e101f
a4061e1ef6e05f81e5381f30e73b341dd726089cb6a6bbe5a509fad0
09857488db7130ff7680907312eb724cddb4dcce675b0098ad400fef
80e1deb4bc1756c43961ef60b85f2d62ed458454e11616a5d1df1e58
09636821a73662f9f12254e6f9950dd01fa8e26a8b20736fb63c63c8
1094f6810341446185010400706ea69b2b7167773248ea6e69a574e9
dd2ff8a3d04a6e07f70c709869ca486827d59f9290599d1cf94e1a03
fc242e2b1316afe2fa218bfaeb3e1ffd9f19bf062d01f6b15c9c3651
be4c08baf01eec25c818ee12c6edc4620644b1d97cf24f868732d56f
e45ce78e302c221c92f403e0fa3207de8bb41b388d81046a298ed8dd
ac9b2a03414462
ISK result: (length: 64 bytes)
f2f3bd8cd442a4e16659b47a7b7a84f29be75893ed2e5f772d7a3c8b
779eb0df937a4ec50a4f1ff01ebbaa97d80e090ea69b00a95200ed25
8e48c6f7e9d8fbc2
H.hash(b"CPaceSidOut" + transcript_ir(Ya,ADa, Yb,ADb)):
(length: 64 bytes)
56cc3cd8be77cdc84c0d1906de1ffc8ef7cbb326a3f05267b6e8c634
4e2781eb20ef725e84cb1bb45927435051b4e0fae78e975bf15099f9
e38d755413eee2fd
H.hash(b"CPaceSidOut" + transcript_oc(Ya,ADa, Yb,ADb)):
(length: 64 bytes)
a46c7189ba6a36c4447741e057da39c885b7d59e08bd2df1852a5271
f2a8a2e9b187ccd07325a3eede646adee0c06fe58da77f74177896b2
1053c5d107de006d
const unsigned char tc_PRS[] = {
0x50,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,
};
const unsigned char tc_CI[] = {
0x6f,0x63,0x0b,0x42,0x5f,0x72,0x65,0x73,0x70,0x6f,0x6e,0x64,
0x65,0x72,0x0b,0x41,0x5f,0x69,0x6e,0x69,0x74,0x69,0x61,0x74,
0x6f,0x72,
};
const unsigned char tc_sid[] = {
0x7e,0x4b,0x47,0x91,0xd6,0xa8,0xef,0x01,0x9b,0x93,0x6c,0x79,
0xfb,0x7f,0x2c,0x57,
};
const unsigned char tc_g[] = {
0x04,0x00,0xe5,0x8a,0x8f,0xbf,0x08,0xb3,0x8e,0x34,0xa3,0x67,
0x6f,0x6d,0x69,0x0b,0xed,0x58,0xaa,0x41,0x15,0xff,0x32,0xa5,
0x7e,0xc8,0x71,0x72,0xfc,0x2a,0x1f,0xb8,0x9d,0x03,0x25,0x8c,
0x64,0x29,0xc4,0x64,0x98,0x1b,0x32,0x84,0xb5,0xfe,0xdb,0xd1,
0x24,0x4b,0xf2,0x74,0x32,0x00,0x88,0x68,0x70,0x65,0xb9,0x07,
0x5d,0xd5,0x58,0xe1,0x4e,0xd6,0x99,0x01,0xd2,0x16,0x2d,0xb1,
0xba,0x3a,0x49,0xc9,0x7d,0xca,0x7c,0x90,0x2c,0xb1,0xb9,0x6b,
0xab,0xe2,0x1a,0x31,0x94,0x21,0x14,0xc8,0x60,0x66,0x5b,0x35,
0xc4,0x6b,0x82,0x13,0xf6,0xde,0x17,0x19,0x4d,0xe5,0x4c,0x44,
0x10,0x83,0xdd,0x11,0x63,0xd5,0x90,0x7a,0xda,0xd8,0x82,0x4b,
0xb1,0x30,0x7d,0xcf,0x6a,0x55,0xc1,0x1a,0x8f,0x01,0xd9,0x78,
0x9b,
};
const unsigned char tc_ya[] = {
0x00,0x63,0x67,0xe9,0xc2,0xae,0xff,0x9f,0x1d,0xb1,0x9a,0xf6,
0x00,0xcc,0xa7,0x33,0x43,0xd4,0x7c,0xbe,0x44,0x6c,0xeb,0xbd,
0x1c,0xcd,0x78,0x3f,0x82,0x75,0x5a,0x87,0x2d,0xa8,0x6f,0xd0,
0x70,0x7e,0xb3,0x76,0x7c,0x61,0x14,0xf1,0x80,0x3d,0xeb,0x62,
0xd6,0x3b,0xdd,0x1e,0x61,0x3f,0x67,0xe6,0x3e,0x8c,0x14,0x1e,
0xe5,0x31,0x0e,0x3e,0xe8,0x19,
};
const unsigned char tc_ADa[] = {
0x41,0x44,0x61,
};
const unsigned char tc_Ya[] = {
0x04,0x00,0xc2,0xbf,0xd7,0x94,0x46,0x7f,0x44,0x38,0x27,0x7e,
0x85,0xa4,0x2e,0x10,0x1f,0xa4,0x06,0x1e,0x1e,0xf6,0xe0,0x5f,
0x81,0xe5,0x38,0x1f,0x30,0xe7,0x3b,0x34,0x1d,0xd7,0x26,0x08,
0x9c,0xb6,0xa6,0xbb,0xe5,0xa5,0x09,0xfa,0xd0,0x09,0x85,0x74,
0x88,0xdb,0x71,0x30,0xff,0x76,0x80,0x90,0x73,0x12,0xeb,0x72,
0x4c,0xdd,0xb4,0xdc,0xce,0x67,0x5b,0x00,0x98,0xad,0x40,0x0f,
0xef,0x80,0xe1,0xde,0xb4,0xbc,0x17,0x56,0xc4,0x39,0x61,0xef,
0x60,0xb8,0x5f,0x2d,0x62,0xed,0x45,0x84,0x54,0xe1,0x16,0x16,
0xa5,0xd1,0xdf,0x1e,0x58,0x09,0x63,0x68,0x21,0xa7,0x36,0x62,
0xf9,0xf1,0x22,0x54,0xe6,0xf9,0x95,0x0d,0xd0,0x1f,0xa8,0xe2,
0x6a,0x8b,0x20,0x73,0x6f,0xb6,0x3c,0x63,0xc8,0x10,0x94,0xf6,
0x81,
};
const unsigned char tc_yb[] = {
0x00,0x92,0x27,0xbf,0x8d,0xc7,0x41,0xda,0xcc,0x94,0x22,0xf8,
0xbf,0x3c,0x0e,0x96,0xfc,0xe9,0x58,0x7b,0xc5,0x62,0xea,0xaf,
0xe0,0xdc,0x5f,0x6f,0x82,0xf2,0x85,0x94,0xe4,0xa6,0xf9,0x85,
0x53,0x56,0x0c,0x62,0xb7,0x5f,0xa4,0xab,0xb1,0x98,0xce,0xcb,
0xbb,0x86,0xeb,0xd4,0x1b,0x0e,0xa0,0x25,0x4c,0xde,0x78,0xac,
0x68,0xd3,0x9a,0x24,0x0a,0xe7,
};
const unsigned char tc_ADb[] = {
0x41,0x44,0x62,
};
const unsigned char tc_Yb[] = {
0x04,0x00,0x70,0x6e,0xa6,0x9b,0x2b,0x71,0x67,0x77,0x32,0x48,
0xea,0x6e,0x69,0xa5,0x74,0xe9,0xdd,0x2f,0xf8,0xa3,0xd0,0x4a,
0x6e,0x07,0xf7,0x0c,0x70,0x98,0x69,0xca,0x48,0x68,0x27,0xd5,
0x9f,0x92,0x90,0x59,0x9d,0x1c,0xf9,0x4e,0x1a,0x03,0xfc,0x24,
0x2e,0x2b,0x13,0x16,0xaf,0xe2,0xfa,0x21,0x8b,0xfa,0xeb,0x3e,
0x1f,0xfd,0x9f,0x19,0xbf,0x06,0x2d,0x01,0xf6,0xb1,0x5c,0x9c,
0x36,0x51,0xbe,0x4c,0x08,0xba,0xf0,0x1e,0xec,0x25,0xc8,0x18,
0xee,0x12,0xc6,0xed,0xc4,0x62,0x06,0x44,0xb1,0xd9,0x7c,0xf2,
0x4f,0x86,0x87,0x32,0xd5,0x6f,0xe4,0x5c,0xe7,0x8e,0x30,0x2c,
0x22,0x1c,0x92,0xf4,0x03,0xe0,0xfa,0x32,0x07,0xde,0x8b,0xb4,
0x1b,0x38,0x8d,0x81,0x04,0x6a,0x29,0x8e,0xd8,0xdd,0xac,0x9b,
0x2a,
};
const unsigned char tc_K[] = {
0x01,0x8e,0x0e,0x7e,0x9a,0xde,0x74,0x91,0x7c,0x11,0xc0,0xf6,
0xb5,0x2f,0x95,0xed,0x87,0x1e,0xab,0x23,0x54,0x37,0xcb,0xee,
0x8b,0x5c,0x25,0x09,0x51,0x6e,0x78,0x7a,0x80,0xe8,0x25,0xed,
0x5d,0x53,0x9f,0xa6,0xa0,0xec,0x32,0xc4,0x8f,0xa8,0xfa,0xbe,
0x85,0x80,0x9d,0x00,0x0d,0x0c,0xfd,0x30,0x83,0x2c,0x23,0xd4,
0x77,0xc9,0x91,0xbe,0xa8,0xe5,
};
const unsigned char tc_ISK_IR[] = {
0x16,0x69,0xa0,0xa2,0x97,0x26,0xad,0xc7,0xee,0xa2,0x51,0x0d,
0x6f,0x7e,0x00,0x4a,0x13,0x5f,0xa6,0x3a,0xc3,0xc9,0xf9,0xe6,
0xce,0x53,0xcb,0xa5,0xd5,0xe3,0x78,0x1a,0xce,0xd5,0x15,0x95,
0x60,0x41,0xe4,0x33,0x58,0x40,0x9a,0x13,0xef,0x90,0xdd,0xc3,
0xc3,0x6f,0xd8,0xd7,0xd8,0x14,0x24,0xc8,0xe9,0x45,0x92,0xe2,
0x18,0x54,0x26,0x0a,
};
const unsigned char tc_ISK_SY[] = {
0xf2,0xf3,0xbd,0x8c,0xd4,0x42,0xa4,0xe1,0x66,0x59,0xb4,0x7a,
0x7b,0x7a,0x84,0xf2,0x9b,0xe7,0x58,0x93,0xed,0x2e,0x5f,0x77,
0x2d,0x7a,0x3c,0x8b,0x77,0x9e,0xb0,0xdf,0x93,0x7a,0x4e,0xc5,
0x0a,0x4f,0x1f,0xf0,0x1e,0xbb,0xaa,0x97,0xd8,0x0e,0x09,0x0e,
0xa6,0x9b,0x00,0xa9,0x52,0x00,0xed,0x25,0x8e,0x48,0xc6,0xf7,
0xe9,0xd8,0xfb,0xc2,
};
const unsigned char tc_ISK_SY[] = {
0xf2,0xf3,0xbd,0x8c,0xd4,0x42,0xa4,0xe1,0x66,0x59,0xb4,0x7a,
0x7b,0x7a,0x84,0xf2,0x9b,0xe7,0x58,0x93,0xed,0x2e,0x5f,0x77,
0x2d,0x7a,0x3c,0x8b,0x77,0x9e,0xb0,0xdf,0x93,0x7a,0x4e,0xc5,
0x0a,0x4f,0x1f,0xf0,0x1e,0xbb,0xaa,0x97,0xd8,0x0e,0x09,0x0e,
0xa6,0x9b,0x00,0xa9,0x52,0x00,0xed,0x25,0x8e,0x48,0xc6,0xf7,
0xe9,0xd8,0xfb,0xc2,
};
const unsigned char tc_sid_out_ir[] = {
0x56,0xcc,0x3c,0xd8,0xbe,0x77,0xcd,0xc8,0x4c,0x0d,0x19,0x06,
0xde,0x1f,0xfc,0x8e,0xf7,0xcb,0xb3,0x26,0xa3,0xf0,0x52,0x67,
0xb6,0xe8,0xc6,0x34,0x4e,0x27,0x81,0xeb,0x20,0xef,0x72,0x5e,
0x84,0xcb,0x1b,0xb4,0x59,0x27,0x43,0x50,0x51,0xb4,0xe0,0xfa,
0xe7,0x8e,0x97,0x5b,0xf1,0x50,0x99,0xf9,0xe3,0x8d,0x75,0x54,
0x13,0xee,0xe2,0xfd,
};
const unsigned char tc_sid_out_oc[] = {
0xa4,0x6c,0x71,0x89,0xba,0x6a,0x36,0xc4,0x44,0x77,0x41,0xe0,
0x57,0xda,0x39,0xc8,0x85,0xb7,0xd5,0x9e,0x08,0xbd,0x2d,0xf1,
0x85,0x2a,0x52,0x71,0xf2,0xa8,0xa2,0xe9,0xb1,0x87,0xcc,0xd0,
0x73,0x25,0xa3,0xee,0xde,0x64,0x6a,0xde,0xe0,0xc0,0x6f,0xe5,
0x8d,0xa7,0x7f,0x74,0x17,0x78,0x96,0xb2,0x10,0x53,0xc5,0xd1,
0x07,0xde,0x00,0x6d,
}; #eyJQUlMiOiAiNTA2MTczNzM3NzZGNzI2NCIsICJDSSI6ICI2RjYzMEI0MjVGNzI2NT
#czNzA2RjZFNjQ2NTcyMEI0MTVGNjk2RTY5NzQ2OTYxNzQ2RjcyIiwgInNpZCI6ICI3
#RTRCNDc5MUQ2QThFRjAxOUI5MzZDNzlGQjdGMkM1NyIsICJnIjogIjA0MDBFNThBOE
#ZCRjA4QjM4RTM0QTM2NzZGNkQ2OTBCRUQ1OEFBNDExNUZGMzJBNTdFQzg3MTcyRkMy
#QTFGQjg5RDAzMjU4QzY0MjlDNDY0OTgxQjMyODRCNUZFREJEMTI0NEJGMjc0MzIwMD
#g4Njg3MDY1QjkwNzVERDU1OEUxNEVENjk5MDFEMjE2MkRCMUJBM0E0OUM5N0RDQTdD
#OTAyQ0IxQjk2QkFCRTIxQTMxOTQyMTE0Qzg2MDY2NUIzNUM0NkI4MjEzRjZERTE3MT
#k0REU1NEM0NDEwODNERDExNjNENTkwN0FEQUQ4ODI0QkIxMzA3RENGNkE1NUMxMUE4
#RjAxRDk3ODlCIiwgInlhIjogIjAwNjM2N0U5QzJBRUZGOUYxREIxOUFGNjAwQ0NBNz
#MzNDNENDdDQkU0NDZDRUJCRDFDQ0Q3ODNGODI3NTVBODcyREE4NkZEMDcwN0VCMzc2
#N0M2MTE0RjE4MDNERUI2MkQ2M0JERDFFNjEzRjY3RTYzRThDMTQxRUU1MzEwRTNFRT
#gxOSIsICJBRGEiOiAiNDE0NDYxIiwgIllhIjogIjA0MDBDMkJGRDc5NDQ2N0Y0NDM4
#Mjc3RTg1QTQyRTEwMUZBNDA2MUUxRUY2RTA1RjgxRTUzODFGMzBFNzNCMzQxREQ3Mj
#YwODlDQjZBNkJCRTVBNTA5RkFEMDA5ODU3NDg4REI3MTMwRkY3NjgwOTA3MzEyRUI3
#MjRDRERCNERDQ0U2NzVCMDA5OEFENDAwRkVGODBFMURFQjRCQzE3NTZDNDM5NjFFRj
#YwQjg1RjJENjJFRDQ1ODQ1NEUxMTYxNkE1RDFERjFFNTgwOTYzNjgyMUE3MzY2MkY5
#RjEyMjU0RTZGOTk1MEREMDFGQThFMjZBOEIyMDczNkZCNjNDNjNDODEwOTRGNjgxIi
#wgInliIjogIjAwOTIyN0JGOERDNzQxREFDQzk0MjJGOEJGM0MwRTk2RkNFOTU4N0JD
#NTYyRUFBRkUwREM1RjZGODJGMjg1OTRFNEE2Rjk4NTUzNTYwQzYyQjc1RkE0QUJCMT
#k4Q0VDQkJCODZFQkQ0MUIwRUEwMjU0Q0RFNzhBQzY4RDM5QTI0MEFFNyIsICJBRGIi
#OiAiNDE0NDYyIiwgIlliIjogIjA0MDA3MDZFQTY5QjJCNzE2Nzc3MzI0OEVBNkU2OU
#E1NzRFOUREMkZGOEEzRDA0QTZFMDdGNzBDNzA5ODY5Q0E0ODY4MjdENTlGOTI5MDU5
#OUQxQ0Y5NEUxQTAzRkMyNDJFMkIxMzE2QUZFMkZBMjE4QkZBRUIzRTFGRkQ5RjE5Qk
#YwNjJEMDFGNkIxNUM5QzM2NTFCRTRDMDhCQUYwMUVFQzI1QzgxOEVFMTJDNkVEQzQ2
#MjA2NDRCMUQ5N0NGMjRGODY4NzMyRDU2RkU0NUNFNzhFMzAyQzIyMUM5MkY0MDNFME
#ZBMzIwN0RFOEJCNDFCMzg4RDgxMDQ2QTI5OEVEOEREQUM5QjJBIiwgIksiOiAiMDE4
#RTBFN0U5QURFNzQ5MTdDMTFDMEY2QjUyRjk1RUQ4NzFFQUIyMzU0MzdDQkVFOEI1Qz
#I1MDk1MTZFNzg3QTgwRTgyNUVENUQ1MzlGQTZBMEVDMzJDNDhGQThGQUJFODU4MDlE
#MDAwRDBDRkQzMDgzMkMyM0Q0NzdDOTkxQkVBOEU1IiwgIklTS19JUiI6ICIxNjY5QT
#BBMjk3MjZBREM3RUVBMjUxMEQ2RjdFMDA0QTEzNUZBNjNBQzNDOUY5RTZDRTUzQ0JB
#NUQ1RTM3ODFBQ0VENTE1OTU2MDQxRTQzMzU4NDA5QTEzRUY5MEREQzNDMzZGRDhEN0
#Q4MTQyNEM4RTk0NTkyRTIxODU0MjYwQSIsICJJU0tfU1kiOiAiRjJGM0JEOENENDQy
#QTRFMTY2NTlCNDdBN0I3QTg0RjI5QkU3NTg5M0VEMkU1Rjc3MkQ3QTNDOEI3NzlFQj
#BERjkzN0E0RUM1MEE0RjFGRjAxRUJCQUE5N0Q4MEUwOTBFQTY5QjAwQTk1MjAwRUQy
#NThFNDhDNkY3RTlEOEZCQzIiLCAic2lkX291dHB1dF9pciI6ICI1NkNDM0NEOEJFNz
#dDREM4NEMwRDE5MDZERTFGRkM4RUY3Q0JCMzI2QTNGMDUyNjdCNkU4QzYzNDRFMjc4
#MUVCMjBFRjcyNUU4NENCMUJCNDU5Mjc0MzUwNTFCNEUwRkFFNzhFOTc1QkYxNTA5OU
#Y5RTM4RDc1NTQxM0VFRTJGRCIsICJzaWRfb3V0cHV0X29jIjogIkE0NkM3MTg5QkE2
#QTM2QzQ0NDc3NDFFMDU3REEzOUM4ODVCN0Q1OUUwOEJEMkRGMTg1MkE1MjcxRjJBOE
#EyRTlCMTg3Q0NEMDczMjVBM0VFREU2NDZBREVFMEMwNkZFNThEQTc3Rjc0MTc3ODk2
#QjIxMDUzQzVEMTA3REUwMDZEIn0=
s: (length: 66 bytes)
0182dd7925f1753419e4bf83429763acd37d64000cd5a175edf53a15
87dd986bc95acc1506991702b6ba1a9ee2458fee8efc00198cf0088c
480965ef65ff2048b856
X: (length: 133 bytes)
0400dc5078b24c4af1620cc10fbecc6cd8cf1cab0b011efb73c782f2
26dc21c7ca7eb406be74a69ecba5b4a87c07cfc6e687b4beca9a6eda
c95940a3b4120573b26a80005e697833b0ba285fce7b3f1f25243008
860b8f1de710a0dcc05b0d20341efe90eb2bcca26797c2d85ae6ca74
c00696cb1b13e40bda15b27964d7670576647bfab9
G.scalar_mult(s,X) (full coordinates): (length: 133 bytes)
040122f88ce73ec5aa2d1c8c5d04148760c3d97ba87daa10d8cb8bb7
c73cf6e951fc922721bf1437995cfb13e132a78beb86389e60d3517c
df6d99a8a2d6db19ef27bd0055af9e8ddcf337ce0a7c22a9c8099bc4
a44faeded1eb72effd26e4f322217b67d60b944b267b3df5046078fd
577f1785728f49b241fd5e8c83223a994a2d219281
G.scalar_mult_vfy(s,X) (only X-coordinate):
(length: 66 bytes)
0122f88ce73ec5aa2d1c8c5d04148760c3d97ba87daa10d8cb8bb7c7
3cf6e951fc922721bf1437995cfb13e132a78beb86389e60d3517cdf
6d99a8a2d6db19ef27bd
For these test cases scalar_mult_vfy(y,.) MUST return the representation of the neutral element G.I. When including Y_i1 or Y_i2 in messages of A or B the protocol MUST abort.
s: (length: 66 bytes)
0182dd7925f1753419e4bf83429763acd37d64000cd5a175edf53a15
87dd986bc95acc1506991702b6ba1a9ee2458fee8efc00198cf0088c
480965ef65ff2048b856
Y_i1: (length: 133 bytes)
0400dc5078b24c4af1620cc10fbecc6cd8cf1cab0b011efb73c782f2
26dc21c7ca7eb406be74a69ecba5b4a87c07cfc6e687b4beca9a6eda
c95940a3b4120573b26a80005e697833b0ba285fce7b3f1f25243008
860b8f1de710a0dcc05b0d20341efe90eb2bcca26797c2d85ae6ca74
c00696cb1b13e40bda15b27964d7670576647bfaf9
Y_i2: (length: 1 bytes)
00
G.scalar_mult_vfy(s,Y_i1) = G.scalar_mult_vfy(s,Y_i2) = G.I
#eyJWYWxpZCI6IHsicyI6ICIwMTgyREQ3OTI1RjE3NTM0MTlFNEJGODM0Mjk3NjNBQ0
#QzN0Q2NDAwMENENUExNzVFREY1M0ExNTg3REQ5ODZCQzk1QUNDMTUwNjk5MTcwMkI2
#QkExQTlFRTI0NThGRUU4RUZDMDAxOThDRjAwODhDNDgwOTY1RUY2NUZGMjA0OEI4NT
#YiLCAiWCI6ICIwNDAwREM1MDc4QjI0QzRBRjE2MjBDQzEwRkJFQ0M2Q0Q4Q0YxQ0FC
#MEIwMTFFRkI3M0M3ODJGMjI2REMyMUM3Q0E3RUI0MDZCRTc0QTY5RUNCQTVCNEE4N0
#MwN0NGQzZFNjg3QjRCRUNBOUE2RURBQzk1OTQwQTNCNDEyMDU3M0IyNkE4MDAwNUU2
#OTc4MzNCMEJBMjg1RkNFN0IzRjFGMjUyNDMwMDg4NjBCOEYxREU3MTBBMERDQzA1Qj
#BEMjAzNDFFRkU5MEVCMkJDQ0EyNjc5N0MyRDg1QUU2Q0E3NEMwMDY5NkNCMUIxM0U0
#MEJEQTE1QjI3OTY0RDc2NzA1NzY2NDdCRkFCOSIsICJHLnNjYWxhcl9tdWx0KHMsWC
#kgKGZ1bGwgY29vcmRpbmF0ZXMpIjogIjA0MDEyMkY4OENFNzNFQzVBQTJEMUM4QzVE
#MDQxNDg3NjBDM0Q5N0JBODdEQUExMEQ4Q0I4QkI3QzczQ0Y2RTk1MUZDOTIyNzIxQk
#YxNDM3OTk1Q0ZCMTNFMTMyQTc4QkVCODYzODlFNjBEMzUxN0NERjZEOTlBOEEyRDZE
#QjE5RUYyN0JEMDA1NUFGOUU4RERDRjMzN0NFMEE3QzIyQTlDODA5OUJDNEE0NEZBRU
#RFRDFFQjcyRUZGRDI2RTRGMzIyMjE3QjY3RDYwQjk0NEIyNjdCM0RGNTA0NjA3OEZE
#NTc3RjE3ODU3MjhGNDlCMjQxRkQ1RThDODMyMjNBOTk0QTJEMjE5MjgxIiwgIkcuc2
#NhbGFyX211bHRfdmZ5KHMsWCkgKG9ubHkgWC1jb29yZGluYXRlKSI6ICIwMTIyRjg4
#Q0U3M0VDNUFBMkQxQzhDNUQwNDE0ODc2MEMzRDk3QkE4N0RBQTEwRDhDQjhCQjdDNz
#NDRjZFOTUxRkM5MjI3MjFCRjE0Mzc5OTVDRkIxM0UxMzJBNzhCRUI4NjM4OUU2MEQz
#NTE3Q0RGNkQ5OUE4QTJENkRCMTlFRjI3QkQifSwgIkludmFsaWQgWTEiOiAiMDQwME
#RDNTA3OEIyNEM0QUYxNjIwQ0MxMEZCRUNDNkNEOENGMUNBQjBCMDExRUZCNzNDNzgy
#RjIyNkRDMjFDN0NBN0VCNDA2QkU3NEE2OUVDQkE1QjRBODdDMDdDRkM2RTY4N0I0Qk
#VDQTlBNkVEQUM5NTk0MEEzQjQxMjA1NzNCMjZBODAwMDVFNjk3ODMzQjBCQTI4NUZD
#RTdCM0YxRjI1MjQzMDA4ODYwQjhGMURFNzEwQTBEQ0MwNUIwRDIwMzQxRUZFOTBFQj
#JCQ0NBMjY3OTdDMkQ4NUFFNkNBNzRDMDA2OTZDQjFCMTNFNDBCREExNUIyNzk2NEQ3
#NjcwNTc2NjQ3QkZBRjkiLCAiSW52YWxpZCBZMiI6ICIwMCJ9