def test_as_int(self):
e = FieldElement(0, self.p)
self.assertEqual(int(e), 0)
f = FieldElement(1, self.p)
self.assertEqual(int(f), 1)
g = FieldElement(-1, self.p)
self.assertEqual(int(g), self.p - 1)
def test_ecdh(self):
for c in self.cv:
n = c.n
pG = ECPoint(c, c.G)
a = FieldElement.urandom(n)
b = FieldElement.urandom(n)
self.assertNotEqual(a, b)
A = a * pG
B = b * pG
self.assertNotEqual(A, B)
self.assertEqual(A * b, a * B)
def test_repr(self):
e = FieldElement(0, self.p)
g = repr(e)
self.assertEqual(eval(g), e)
f = FieldElement(1, self.p)
g = repr(f)
self.assertEqual(eval(g), 1)
for _ in range(0, 10000):
e = FieldElement.urandom(self.p)
f = repr(e)
g = eval(f)
self.assertEqual(e, g)
def test_neg(self):
e = FieldElement(0, self.p)
g = -e
self.assertEqual(int(g), 0)
e = FieldElement(1, self.p)
g = -e
self.assertEqual(int(g), self.p - 1)
e = FieldElement(-1, self.p)
g = -e
self.assertEqual(int(g), 1)
for _ in range(0, 10000):
e = FieldElement.urandom(self.p)
g = (-int(e)) % self.p
self.assertEqual(int(-e), g)
def test_pow(self):
e = FieldElement(0, self.p)
g = pow(e, 2)
self.assertEqual(g, 0)
g = e ** 2
self.assertEqual(g, 0)
f = FieldElement(1, self.p)
g = pow(f, 3)
self.assertEqual(g, 1)
g = f ** 3
self.assertEqual(g, 1)
for _ in range(0, 100):
e = FieldElement.urandom(self.p)
for j in range(0, 10):
f = pow(e, j)
g = pow(int(e), j, self.p)
self.assertEqual(f, g)
def test_encrypt_decrypt(self):
for c in self.cv:
G = ECPoint(c, c.G)
sK = FieldElement.urandom(c.n)
pK = G * sK
ptxt = ECPoint.urandom(c)
ctxt = ECElgamalCiphertext.encrypt(pK, ptxt)
pdec = ctxt.decrypt(sK)
assert (pdec == ptxt)
Cpt = ctxt.C
Dpt = ctxt.D
ctxt2 = ECElgamalCiphertext(Cpt, Dpt)
pdec2 = ctxt2.decrypt(sK)
assert (pdec2 == ptxt)
for _ in range(0, 100):
sK2 = FieldElement.urandom(c.n)
pdec2 = ctxt.decrypt(sK2)
assert (pdec2 != pdec)
def test_basic_sign_verify(self):
for c in self.cv:
G = ECPoint(c, c.G)
sK = FieldElement.urandom(c.n)
pK = G * sK
for h in self.hm:
ss = ECDSASignatureScheme(c, h)
sig = ss.Sign(sK, 'test')
assert sig.Verify(pK, 'test')
def test_sqrt(self):
e = FieldElement(0, self.p)
g = e.sqrt()
self.assertEqual(g, None)
f = FieldElement(1, self.p)
g = f.inverse()
self.assertEqual(int(g * g), 1)
self.assertEqual(int(g * g), f)
for _ in range(0, 10000):
e = FieldElement.urandom(self.p)
f = e.sqrt()
if f is not None:
g = f * f
self.assertEqual(int(g), int(e))
self.assertEqual(g, e)
def test_inv(self):
e = FieldElement(0, self.p)
g = e.inverse()
self.assertEqual(g, None)
f = FieldElement(1, self.p)
g = f.inverse()
self.assertEqual(int(g), 1)
for _ in range(0, 10000):
e = FieldElement.urandom(self.p)
f = e.inverse()
if f is None:
self.assertEqual(int(e), 0)
else:
g = e * f
self.assertEqual(int(g), 1)
def test_mul(self):
e = FieldElement(0, self.p)
f = FieldElement(1, self.p)
g = e * f
self.assertEqual(int(g), 0)
e = FieldElement(1, self.p)
g = e * f
self.assertEqual(int(g), 1)
f = FieldElement(-1, self.p)
g = e * f
self.assertEqual(int(g), self.p - 1)
for _ in range(0, 10000):
e = FieldElement.urandom(self.p)
f = FieldElement.urandom(self.p)
g = (int(e) * int(f)) % self.p
self.assertEqual(int(e * f), g)
self.assertEqual(int(f * e), g)
def test_add(self):
e = FieldElement(0, self.p)
f = FieldElement(1, self.p)
g = e + f
self.assertEqual(int(g), 1)
e = FieldElement(1, self.p)
g = e + f
self.assertEqual(int(g), 2)
e = FieldElement(-1, self.p)
g = e + f
self.assertEqual(int(g), 0)
for _ in range(0, 10000):
e = FieldElement.urandom(self.p)
f = FieldElement.urandom(self.p)
g = (int(e) + int(f)) % self.p
self.assertEqual(int(e + f), g)
self.assertEqual(int(f + e), g)
def test_sub(self):
e = FieldElement(0, self.p)
f = FieldElement(1, self.p)
g = e - f
self.assertEqual(int(g), self.p - 1)
e = FieldElement(1, self.p)
g = e - f
self.assertEqual(int(g), 0)
f = FieldElement(-1, self.p)
g = e - f
self.assertEqual(int(g), 2)
for _ in range(0, 10000):
e = FieldElement.urandom(self.p)
f = FieldElement.urandom(self.p)
g = (int(e) - int(f)) % self.p
self.assertEqual(int(e - f), g)
g = (-g) % self.p
self.assertEqual(int(f - e), g)
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
from ECC import FieldElement, ECurve
from example_der import der_encode_privkey
from example_pem import pem_wrap
from argparse import ArgumentParser
import base64
import sys
desc = ('ecdh-gen generates a private key for elliptic curve cryptography '
'based on a specific curve. The private key value is simply a '
'random number ')
parser = ArgumentParser(description=desc)
parser.add_argument('-l', '--list_curves', action='store_true', help='list supported curves')
parser.add_argument('-c', '--curve', default='secp256k1', help='choose standard curve')
clargs = parser.parse_args()
if clargs.list_curves:
clist = ECurve._CurveNames()
for c in clist:
print(c)
sys.exit(0)
curve = ECurve(clargs.curve)
privkey = int(FieldElement.urandom(curve.p))
DERkey = der_encode_privkey(privkey, curve)
print(pem_wrap(DERkey, 'ECDH PRIVATE KEY'))
print(f[:-1])
assert h == product(f[:-1])
print("order = %d, cofactor= %d" % (r, h))
print(r - 1, rf)
divs = divisors(f[:-1])
print(divs)
for d in divs:
dm = d - 1
rm = r - 1
if dm > 1:
if ((rm // dm) * dm) == rm:
print(d, dm, rm // dm)
print("p = %d" % (p))
print("n = %d" % (r))
print("h = %d" % (h))
afe = FieldElement(1, p)
bfe = FieldElement(0, p)
print("a = %d" % (int(afe)))
print("b = %d" % (int(bfe)))
for x in range(2, p):
xfe = FieldElement(x, p)
right = (xfe * xfe * xfe) + (afe * xfe) + bfe
yfe = right.sqrt()
if yfe is not None:
print("gx = %d" % (int(xfe)))
print("gy = %d" % (int(yfe)))
break
print("bits = %d" % p.bit_length())
print()
gc.collect()
def test_urandom(self):
for _ in range(0, 10000):
e = FieldElement.urandom(self.p)
self.assertGreaterEqual(int(e), 0)
self.assertLess(int(e), self.p)
sys.exit('Error: Unable to import private key, aborting.')
if Pubkey is None:
sys.exit('Error: Unable to import public key, aborting.')
if clargs.file is None:
message = sys.stdin.read().encode()
else:
with open(clargs.file, 'r') as msgfile:
message = msgfile.read().encode()
if (message is None) or (len(message) == 0):
sys.exit('Error: Plaintext length 0, aborting.')
# generate a random (ephemeral) private key
eprivkey = FieldElement.urandom(curve.p)
SharedPt = Pubkey * eprivkey
sbytes = SharedPt.compressed()
key = sha256(sbytes).digest()
nonce = pysodium.randombytes(pysodium.crypto_stream_NONCEBYTES)
assert pysodium.crypto_stream_NONCEBYTES == 24
assert pysodium.crypto_stream_KEYBYTES == 32
ctext = pysodium.crypto_stream_xor(message, len(message), nonce, key)
# public key point for ephemeral key
Gpt = ECPoint(curve, curve.G)
ePubkey = Gpt * eprivkey
DERmsg = der_encode_message(ePubkey, nonce, ctext)
b = 0
gx = 2
gy = 53
bits = 9
p = 227
n = 19
h = 12
a = 1
b = 0
gx = 2
gy = 64
bits = 8
curve = ECurve.ShortWeierstrass(p, a, b, n, h, gx, gy, bits)
privkey = int(FieldElement.urandom(curve.p))
f_a = FieldElement(a, p)
f_b = FieldElement(b, p)
ECPt = []
for x in range(0, p):
# Weierstrass equation is y**2 = x**3 + ax + b
f_x = FieldElement(x, p)
f_y_2 = pow(f_x, 3) + (f_a * f_x) + b
f_y = f_y_2.sqrt()
if f_y is not None:
#print("pt(0x%X, 0x%X)" % (int(f_x), int(f_y)))
assert curve.PointIsValid(int(f_x), int(f_y))
ECPt.append(ECPoint(curve, (f_x, f_y)))
