def test_jac():
ec = Curve(13, 0, 2, (1, 9), 19, 1, False)
assert ec._jac_equality(ec.GJ, _jac_from_aff(ec.G))
# q in [2, n-1]
q = 2 + secrets.randbelow(ec.n - 2)
Q = _mult_aff(q, ec.G, ec)
QJ = _mult_jac(q, ec.GJ, ec)
assert ec._jac_equality(QJ, _jac_from_aff(Q))
assert not ec._jac_equality(QJ, ec.negate(QJ))
assert not ec._jac_equality(QJ, ec.GJ)
def test_jac_equality() -> None:
ec = Curve(13, 0, 2, (1, 9), 19, 1, False)
assert ec._jac_equality(ec.GJ, _jac_from_aff(ec.G))
# q in [2, n-1], as the difference with ec.GJ is checked below
q = 2 + secrets.randbelow(ec.n - 2)
Q = _mult_aff(q, ec.G, ec)
QJ = _mult(q, ec.GJ, ec)
assert ec._jac_equality(QJ, _jac_from_aff(Q))
assert not ec._jac_equality(QJ, ec.negate_jac(QJ))
assert not ec._jac_equality(QJ, ec.GJ)
def test_exceptions(self):
# good
Curve(11, 2, 7, (6, 9), 7, 2, False)
# p not odd
self.assertRaises(ValueError, Curve, 10, 2, 7, (6, 9), 7, 1, False)
# p not prime
self.assertRaises(ValueError, Curve, 15, 2, 7, (6, 9), 7, 1, False)
# a > p
self.assertRaises(ValueError, Curve, 11, 12, 7, (6, 9), 13, 1, False)
# b > p
self.assertRaises(ValueError, Curve, 11, 2, 12, (6, 9), 13, 1, False)
# zero discriminant
self.assertRaises(ValueError, Curve, 11, 7, 7, (6, 9), 7, 1, False)
# G not Tuple (int, int)
self.assertRaises(ValueError, Curve, 11, 2, 7, (6, 9, 1), 7, 1, False)
# G not on curve
self.assertRaises(ValueError, Curve, 11, 2, 7, (7, 9), 7, 1, False)
# n not prime
self.assertRaises(ValueError, Curve, 11, 2, 7, (6, 9), 8, 1, False)
# n not Hesse
self.assertRaises(ValueError, Curve, 11, 2, 7, (6, 9), 71, 1, True)
# h not as expected
self.assertRaises(ValueError, Curve, 11, 2, 7, (6, 9), 7, 1, True)
# Curve(11, 2, 7, (6, 9), 7, 1, 0, True)
# n not group order
self.assertRaises(ValueError, Curve, 11, 2, 7, (6, 9), 13, 1, False)
# n=p -> weak curve
# missing
# weak curve
self.assertRaises(UserWarning, Curve, 11, 2, 7, (6, 9), 7, 2, True)
# x-coordinate not in [0, p-1]
ec = CURVES['secp256k1']
self.assertRaises(ValueError, ec.y, ec.p)
# secp256k1.y(secp256k1.p)
# INF point does not generate a prime order subgroup
self.assertRaises(ValueError, Curve, 11, 2, 7, INF, 7, 2, False)
"Tests for `btclib.secpoint` module."
import secrets
from typing import Dict
import pytest
from btclib.curve import Curve, _mult_aff
from btclib.curves import CURVES
from btclib.secpoint import bytes_from_point, point_from_octets
# test curves: very low cardinality
low_card_curves: Dict[str, Curve] = {}
# 13 % 4 = 1; 13 % 8 = 5
low_card_curves["ec13_11"] = Curve(13, 7, 6, (1, 1), 11, 1, False)
low_card_curves["ec13_19"] = Curve(13, 0, 2, (1, 9), 19, 1, False)
# 17 % 4 = 1; 17 % 8 = 1
low_card_curves["ec17_13"] = Curve(17, 6, 8, (0, 12), 13, 2, False)
low_card_curves["ec17_23"] = Curve(17, 3, 5, (1, 14), 23, 1, False)
# 19 % 4 = 3; 19 % 8 = 3
low_card_curves["ec19_13"] = Curve(19, 0, 2, (4, 16), 13, 2, False)
low_card_curves["ec19_23"] = Curve(19, 2, 9, (0, 16), 23, 1, False)
# 23 % 4 = 3; 23 % 8 = 7
low_card_curves["ec23_19"] = Curve(23, 9, 7, (5, 4), 19, 1, False)
low_card_curves["ec23_31"] = Curve(23, 5, 1, (0, 1), 31, 1, False)
all_curves: Dict[str, Curve] = {}
all_curves.update(low_card_curves)
all_curves.update(CURVES)
def test_exceptions(self):
# good
Curve(11, 2, 7, (6, 9), 7, 2, 0, False)
# p not odd
self.assertRaises(ValueError, Curve, 10, 2, 7, (6, 9), 7, 1, 0, False)
# p not prime
self.assertRaises(ValueError, Curve, 15, 2, 7, (6, 9), 7, 1, 0, False)
# required security level not in the allowed range
ec = secp112r1
p = ec._p
a = ec._a
b = ec._b
G = ec.G
n = ec.n
t = ec.t
h = ec.h
self.assertRaises(UserWarning, Curve, p, a, b, G, n, h, 273)
#Curve(p, a, b, G, n, h, 273)
# not enough bits for required security level
ec = secp160r1
p = ec._p
a = ec._a
b = ec._b
G = ec.G
n = ec.n
t = ec.t
h = ec.h
self.assertRaises(UserWarning, Curve, p, a, b, G, n, h, 2*t)
#Curve(p, a, b, G, n, h, 2*t)
# a > p
self.assertRaises(ValueError, Curve, 11, 12, 7, (6, 9), 13, 1, 0, False)
# b > p
self.assertRaises(ValueError, Curve, 11, 2, 12, (6, 9), 13, 1, 0, False)
# zero discriminant
self.assertRaises(ValueError, Curve, 11, 7, 7, (6, 9), 7, 1, 0, False)
# G not Tuple (int, int)
self.assertRaises(ValueError, Curve, 11, 2, 7, (6, 9, 1), 7, 1, 0, False)
# G not on curve
self.assertRaises(ValueError, Curve, 11, 2, 7, (7, 9), 7, 1, 0, False)
# n not prime
self.assertRaises(ValueError, Curve, 11, 2, 7, (6, 9), 8, 1, 0, False)
# n not Hesse
self.assertRaises(ValueError, Curve, 11, 2, 7, (6, 9), 71, 1, 0, True)
# h not as expected
self.assertRaises(ValueError, Curve, 11, 2, 7, (6, 9), 7, 1, 0, True)
#Curve(11, 2, 7, (6, 9), 7, 1, 0, True)
# n not group order
self.assertRaises(ValueError, Curve, 11, 2, 7, (6, 9), 13, 1, 0, False)
# n=p -> weak curve
# missing
# weak curve
self.assertRaises(UserWarning, Curve, 11, 2, 7, (6, 9), 7, 2, 0, True)
# x-coordinate not in [0, p-1]
self.assertRaises(ValueError, secp256k1.y, secp256k1._p)
def test_exceptions():
# good curve
Curve(13, 0, 2, (1, 9), 19, 1, False)
with pytest.raises(ValueError, match="p is not prime: "):
Curve(15, 0, 2, (1, 9), 19, 1, False)
with pytest.raises(ValueError, match="negative a: "):
Curve(13, -1, 2, (1, 9), 19, 1, False)
with pytest.raises(ValueError, match="p <= a: "):
Curve(13, 13, 2, (1, 9), 19, 1, False)
with pytest.raises(ValueError, match="negative b: "):
Curve(13, 0, -2, (1, 9), 19, 1, False)
with pytest.raises(ValueError, match="p <= b: "):
Curve(13, 0, 13, (1, 9), 19, 1, False)
with pytest.raises(ValueError, match="zero discriminant"):
Curve(11, 7, 7, (1, 9), 19, 1, False)
err_msg = "Generator must a be a sequence\\[int, int\\]"
with pytest.raises(ValueError, match=err_msg):
Curve(13, 0, 2, (1, 9, 1), 19, 1, False)
with pytest.raises(ValueError, match="Generator is not on the curve"):
Curve(13, 0, 2, (2, 9), 19, 1, False)
with pytest.raises(ValueError, match="n is not prime: "):
Curve(13, 0, 2, (1, 9), 20, 1, False)
with pytest.raises(ValueError, match="n not in "):
Curve(13, 0, 2, (1, 9), 71, 1, False)
with pytest.raises(ValueError, match="INF point cannot be a generator"):
Curve(13, 0, 2, INF, 19, 1, False)
with pytest.raises(ValueError, match="n is not the group order: "):
Curve(13, 0, 2, (1, 9), 17, 1, False)
with pytest.raises(ValueError, match="invalid h: "):
Curve(13, 0, 2, (1, 9), 19, 2, False)
# n=p -> weak curve
# missing
with pytest.raises(UserWarning, match="weak curve"):
Curve(11, 2, 7, (6, 9), 7, 2, True)
from btclib.curve import Curve # low cardinality curves p<100 ec11_7 = Curve(11, 2, 7, (6, 9), 7, 2, 0, False) ec11_17 = Curve(11, 2, 4, (0, 9), 17, 1, 0, False) ec13_11 = Curve(13, 7, 6, (1, 1), 11, 1, 0, False) ec13_19 = Curve(13, 0, 2, (1, 9), 19, 1, 0, False) ec17_13 = Curve(17, 6, 8, (0, 12), 13, 2, 0, False) ec17_23 = Curve(17, 3, 5, (1, 14), 23, 1, 0, False) ec19_13 = Curve(19, 0, 2, (4, 16), 13, 2, 0, False) ec19_23 = Curve(19, 2, 9, (0, 16), 23, 1, 0, False) ec23_19 = Curve(23, 9, 7, (5, 4), 19, 1, 0, False) ec23_31 = Curve(23, 5, 1, (0, 1), 31, 1, 0, False) ec29_37 = Curve(29, 4, 9, (0, 26), 37, 1, 0, False) ec31_23 = Curve(31, 4, 7, (0, 10), 23, 1, 0, False) ec31_43 = Curve(31, 0, 3, (1, 2), 43, 1, 0, False) ec37_31 = Curve(37, 2, 8, (1, 23), 31, 1, 0, False) ec37_43 = Curve(37, 2, 9, (0, 34), 43, 1, 0, False) ec41_37 = Curve(41, 2, 6, (1, 38), 37, 1, 0, False) ec41_53 = Curve(41, 4, 4, (0, 2), 53, 1, 0, False) ec43_37 = Curve(43, 1, 5, (2, 31), 37, 1, 0, False) ec43_47 = Curve(43, 1, 3, (2, 23), 47, 1, 0, False) ec47_41 = Curve(47, 3, 9, (0, 3), 41, 1, 0, False) ec47_61 = Curve(47, 3, 5, (1, 3), 61, 1, 0, False) ec53_47 = Curve(53, 9, 4, (0, 51), 47, 1, 0, False) ec53_61 = Curve(53, 1, 8, (1, 13), 61, 1, 0, False) ec59_53 = Curve(59, 9, 3, (0, 48), 53, 1, 0, False) ec59_73 = Curve(59, 3, 3, (0, 48), 73, 1, 0, False) ec61_59 = Curve(61, 2, 5, (0, 35), 59, 1, 0, False) ec61_73 = Curve(61, 1, 9, (0, 58), 73, 1, 0, False) ec67_61 = Curve(67, 3, 8, (2, 25), 61, 1, 0, False)
# scroll down at the end of the file for 'relevant' code from btclib.curve import Curve # SEC 2 v.1 curves, removed from SEC 2 v.2 as insecure ones # http://www.secg.org/SEC2-Ver-1.0.pdf __p = (2**128 - 3) // 76439 __a = 0xDB7C2ABF62E35E668076BEAD2088 __b = 0x659EF8BA043916EEDE8911702B22 __Gx = 0x09487239995A5EE76B55F9C2F098 __Gy = 0xA89CE5AF8724C0A23E0E0FF77500 __n = 0xDB7C2ABF62E35E7628DFAC6561C5 __h = 1 secp112r1 = Curve(__p, __a, __b, (__Gx, __Gy), __n, __h, 56, True) __p = (2**128 - 3) // 76439 __a = 0x6127C24C05F38A0AAAF65C0EF02C __b = 0x51DEF1815DB5ED74FCC34C85D709 __Gx = 0x4BA30AB5E892B4E1649DD0928643 __Gy = 0xADCD46F5882E3747DEF36E956E97 __n = 0x36DF0AAFD8B8D7597CA10520D04B __h = 4 secp112r2 = Curve(__p, __a, __b, (__Gx, __Gy), __n, __h, 56, False) __p = 2**128 - 2**97 - 1 __a = 0xFFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC __b = 0xE87579C11079F43DD824993C2CEE5ED3 __Gx = 0x161FF7528B899B2D0C28607CA52C5B86 __Gy = 0xCF5AC8395BAFEB13C02DA292DDED7A83