def test_add_neutral(self):
for c in self.cv:
G = c.G
pG = ECPoint(c, G)
pN = ECPoint(c)
p1 = pG + pN
p2 = pN + pG
self.assertEqual(p1, pG)
self.assertEqual(p2, pG)
self.assertNotEqual(p1, pN)
def test_repr(self):
pts = []
for c in self.cv:
G = c.G
pG = ECPoint(c, G)
pts.append(pG)
self.assertEqual(c.G, pG.affine())
for p in pts:
pGr = repr(p)
p2 = eval(pGr)
self.assertEqual(p, p2)
def test_scalar_base_mult(self):
for c in self.cv:
G = c.G
pG = ECPoint(c, G)
pGb = ECPoint(c, G)
pGb.setup_basemult()
self.assertEqual(pG, pGb)
self.assertIsNot(pG, pGb)
for i in range(0, 10):
pI = pG * i
pII = pGb * i
self.assertEqual(pI, pII)
def test_scalar_mult(self):
for c in self.cv:
G = c.G
pG = ECPoint(c, G)
p0 = ECPoint(c)
for i in range(0, 10):
pI = pG * i
pII = i * pG
pIn = pG * (-i)
self.assertEqual(pI, pII)
self.assertEqual(pI + pIn, p0)
pA = p0
for _ in range(0, i):
pA += pG
self.assertEqual(pI, pA)
def test_urandom(self):
for c in self.cv:
G = c.G
pG = ECPoint(c, G)
pN = ECPoint(c)
pR = []
for i in range(0, 100):
pR.append(ECPoint.urandom(c))
for i in range(0, 100):
pC = ECPoint(c, str(pR[i]))
self.assertEqual(pC, pR[i])
self.assertNotEqual(pC, pG)
self.assertNotEqual(pC, pN)
for j in range(i+1, 100):
self.assertNotEqual(pC, pR[j])
def test_encrypt_decrypt(self):
for c in self.cv:
G = ECPoint(c, c.G)
sK = FieldElement.urandom(c.n)
pK = G * sK
ptxt = ECPoint.urandom(c)
ctxt = ECElgamalCiphertext.encrypt(pK, ptxt)
pdec = ctxt.decrypt(sK)
assert (pdec == ptxt)
Cpt = ctxt.C
Dpt = ctxt.D
ctxt2 = ECElgamalCiphertext(Cpt, Dpt)
pdec2 = ctxt2.decrypt(sK)
assert (pdec2 == ptxt)
for _ in range(0, 100):
sK2 = FieldElement.urandom(c.n)
pdec2 = ctxt.decrypt(sK2)
assert (pdec2 != pdec)
def der_decode_ecelgamal_ctxt(DERbytes):
decoder = asn1.Decoder()
decoder.start(DERbytes)
ensure_tag(decoder, asn1.Numbers.Sequence)
decoder.enter()
# C
ensure_tag(decoder, asn1.Numbers.OctetString)
_, Cbytes = decoder.read()
# D
ensure_tag(decoder, asn1.Numbers.OctetString)
_, Dbytes = decoder.read()
# curve
curve = _der_decode_curve(decoder)
decoder.leave()
Cpt = ECPoint(curve, Cbytes)
Dpt = ECPoint(curve, Dbytes)
ctxt = ECElgamalCiphertext(Cpt, Dpt)
return ctxt
def test_basic_sign_verify(self):
for c in self.cv:
G = ECPoint(c, c.G)
sK = FieldElement.urandom(c.n)
pK = G * sK
for h in self.hm:
ss = ECDSASignatureScheme(c, h)
sig = ss.Sign(sK, 'test')
assert sig.Verify(pK, 'test')
def test_ecdh(self):
for c in self.cv:
n = c.n
pG = ECPoint(c, c.G)
a = FieldElement.urandom(n)
b = FieldElement.urandom(n)
self.assertNotEqual(a, b)
A = a * pG
B = b * pG
self.assertNotEqual(A, B)
self.assertEqual(A * b, a * B)
def test_str_and_bytes(self):
for c in self.cv:
G = c.G
pG = ECPoint(c, G)
pN = ECPoint(c)
pR = []
for i in range(0, 100):
pR.append(ECPoint.urandom(c))
for i in range(0, 100):
pC = ECPoint(c, str(pR[i]))
self.assertEqual(pC, pR[i])
self.assertNotEqual(pC, pG)
self.assertNotEqual(pC, pN)
self.assertEqual(pC.compressed(), unhexlify(str(pC)))
pCC = ECPoint(c, pC.compressed())
self.assertEqual(pC, pCC)
pCC = ECPoint(c, pC.uncompressed())
self.assertEqual(pC, pCC)
def der_decode_pubkey(DERbytes):
decoder = asn1.Decoder()
decoder.start(DERbytes)
ensure_tag(decoder, asn1.Numbers.Sequence)
decoder.enter()
# pubkey
ensure_tag(decoder, asn1.Numbers.OctetString)
_, pubbytes = decoder.read()
curve = _der_decode_curve(decoder)
# curve
pubkey = ECPoint(curve, pubbytes)
decoder.leave()
return (pubkey, curve)
sys.exit('Error: Unable to import public key, aborting.')
if clargs.file is None:
message = sys.stdin.read().encode()
else:
with open(clargs.file, 'r') as msgfile:
message = msgfile.read().encode()
if (message is None) or (len(message) == 0):
sys.exit('Error: Plaintext length 0, aborting.')
# generate a random (ephemeral) private key
eprivkey = FieldElement.urandom(curve.p)
SharedPt = Pubkey * eprivkey
sbytes = SharedPt.compressed()
key = sha256(sbytes).digest()
nonce = pysodium.randombytes(pysodium.crypto_stream_NONCEBYTES)
assert pysodium.crypto_stream_NONCEBYTES == 24
assert pysodium.crypto_stream_KEYBYTES == 32
ctext = pysodium.crypto_stream_xor(message, len(message), nonce, key)
# public key point for ephemeral key
Gpt = ECPoint(curve, curve.G)
ePubkey = Gpt * eprivkey
DERmsg = der_encode_message(ePubkey, nonce, ctext)
print(pem_wrap(DERmsg, 'ECDHE_XSALSA20 ENCRYPTED MESSAGE'))
sys.exit('Error: Unable to import private key, aborting.')
if privkey is None:
sys.exit('Error: Unable to import public key, aborting.')
if clargs.file is None:
inCtxt = sys.stdin.read()
else:
with open(clargs.file, 'r') as msgfile:
inCtxt=msgfile.read()
ctder = pem_unwrap(inCtxt, 'ECDHE_XSALSA20 ENCRYPTED MESSAGE')
if ctder is None:
sys.exit('unable to decode ECDHE_XSALSA20 ENCRYPTED MESSAGE in base64 PEM format')
(ePubkeybytes, nonce, ctext) = der_decode_message(ctder)
try:
ePubkey = ECPoint(curve, ePubkeybytes)
except (TypeError, ValueError):
sys.exit('Pubkey value invalid for curve')
# generate a random (ephemeral) private key
SharedPt = ePubkey * privkey
sbytes = SharedPt.compressed()
key = sha256(sbytes).digest()
ptext = pysodium.crypto_stream_xor(ctext, len(ctext), nonce, key)
print(ptext.decode(), end='')
def test_create_generator(self):
pts = []
for c in self.cv:
G = c.G
pts.append(ECPoint(c, G))
def test_create_neutral(self):
pts = []
for c in self.cv:
pts.append(ECPoint(c))
privkey = int(FieldElement.urandom(curve.p))
f_a = FieldElement(a, p)
f_b = FieldElement(b, p)
ECPt = []
for x in range(0, p):
# Weierstrass equation is y**2 = x**3 + ax + b
f_x = FieldElement(x, p)
f_y_2 = pow(f_x, 3) + (f_a * f_x) + b
f_y = f_y_2.sqrt()
if f_y is not None:
#print("pt(0x%X, 0x%X)" % (int(f_x), int(f_y)))
assert curve.PointIsValid(int(f_x), int(f_y))
ECPt.append(ECPoint(curve, (f_x, f_y)))
if int(f_y) != 0:
#print("pt(0x%X, 0x%X)" % (int(f_x), int(-f_y)))
assert curve.PointIsValid(int(f_x), int(-f_y))
ECPt.append(ECPoint(curve, (f_x, -f_y)))
print("%d rational points on curve" % (len(ECPt)))
# infinite / neutral point of curve
inf = ECPoint(curve)
subgroups = []
subgroups_str = []
for p in ECPt:
i = 1
