def test_add_neutral(self): for c in self.cv: G = c.G pG = ECPoint(c, G) pN = ECPoint(c) p1 = pG + pN p2 = pN + pG self.assertEqual(p1, pG) self.assertEqual(p2, pG) self.assertNotEqual(p1, pN)
def test_repr(self): pts = [] for c in self.cv: G = c.G pG = ECPoint(c, G) pts.append(pG) self.assertEqual(c.G, pG.affine()) for p in pts: pGr = repr(p) p2 = eval(pGr) self.assertEqual(p, p2)
def test_scalar_base_mult(self): for c in self.cv: G = c.G pG = ECPoint(c, G) pGb = ECPoint(c, G) pGb.setup_basemult() self.assertEqual(pG, pGb) self.assertIsNot(pG, pGb) for i in range(0, 10): pI = pG * i pII = pGb * i self.assertEqual(pI, pII)
def test_scalar_mult(self): for c in self.cv: G = c.G pG = ECPoint(c, G) p0 = ECPoint(c) for i in range(0, 10): pI = pG * i pII = i * pG pIn = pG * (-i) self.assertEqual(pI, pII) self.assertEqual(pI + pIn, p0) pA = p0 for _ in range(0, i): pA += pG self.assertEqual(pI, pA)
def test_urandom(self): for c in self.cv: G = c.G pG = ECPoint(c, G) pN = ECPoint(c) pR = [] for i in range(0, 100): pR.append(ECPoint.urandom(c)) for i in range(0, 100): pC = ECPoint(c, str(pR[i])) self.assertEqual(pC, pR[i]) self.assertNotEqual(pC, pG) self.assertNotEqual(pC, pN) for j in range(i+1, 100): self.assertNotEqual(pC, pR[j])
def test_encrypt_decrypt(self): for c in self.cv: G = ECPoint(c, c.G) sK = FieldElement.urandom(c.n) pK = G * sK ptxt = ECPoint.urandom(c) ctxt = ECElgamalCiphertext.encrypt(pK, ptxt) pdec = ctxt.decrypt(sK) assert (pdec == ptxt) Cpt = ctxt.C Dpt = ctxt.D ctxt2 = ECElgamalCiphertext(Cpt, Dpt) pdec2 = ctxt2.decrypt(sK) assert (pdec2 == ptxt) for _ in range(0, 100): sK2 = FieldElement.urandom(c.n) pdec2 = ctxt.decrypt(sK2) assert (pdec2 != pdec)
def der_decode_ecelgamal_ctxt(DERbytes): decoder = asn1.Decoder() decoder.start(DERbytes) ensure_tag(decoder, asn1.Numbers.Sequence) decoder.enter() # C ensure_tag(decoder, asn1.Numbers.OctetString) _, Cbytes = decoder.read() # D ensure_tag(decoder, asn1.Numbers.OctetString) _, Dbytes = decoder.read() # curve curve = _der_decode_curve(decoder) decoder.leave() Cpt = ECPoint(curve, Cbytes) Dpt = ECPoint(curve, Dbytes) ctxt = ECElgamalCiphertext(Cpt, Dpt) return ctxt
def test_basic_sign_verify(self): for c in self.cv: G = ECPoint(c, c.G) sK = FieldElement.urandom(c.n) pK = G * sK for h in self.hm: ss = ECDSASignatureScheme(c, h) sig = ss.Sign(sK, 'test') assert sig.Verify(pK, 'test')
def test_ecdh(self): for c in self.cv: n = c.n pG = ECPoint(c, c.G) a = FieldElement.urandom(n) b = FieldElement.urandom(n) self.assertNotEqual(a, b) A = a * pG B = b * pG self.assertNotEqual(A, B) self.assertEqual(A * b, a * B)
def test_str_and_bytes(self): for c in self.cv: G = c.G pG = ECPoint(c, G) pN = ECPoint(c) pR = [] for i in range(0, 100): pR.append(ECPoint.urandom(c)) for i in range(0, 100): pC = ECPoint(c, str(pR[i])) self.assertEqual(pC, pR[i]) self.assertNotEqual(pC, pG) self.assertNotEqual(pC, pN) self.assertEqual(pC.compressed(), unhexlify(str(pC))) pCC = ECPoint(c, pC.compressed()) self.assertEqual(pC, pCC) pCC = ECPoint(c, pC.uncompressed()) self.assertEqual(pC, pCC)
def der_decode_pubkey(DERbytes): decoder = asn1.Decoder() decoder.start(DERbytes) ensure_tag(decoder, asn1.Numbers.Sequence) decoder.enter() # pubkey ensure_tag(decoder, asn1.Numbers.OctetString) _, pubbytes = decoder.read() curve = _der_decode_curve(decoder) # curve pubkey = ECPoint(curve, pubbytes) decoder.leave() return (pubkey, curve)
sys.exit('Error: Unable to import public key, aborting.') if clargs.file is None: message = sys.stdin.read().encode() else: with open(clargs.file, 'r') as msgfile: message = msgfile.read().encode() if (message is None) or (len(message) == 0): sys.exit('Error: Plaintext length 0, aborting.') # generate a random (ephemeral) private key eprivkey = FieldElement.urandom(curve.p) SharedPt = Pubkey * eprivkey sbytes = SharedPt.compressed() key = sha256(sbytes).digest() nonce = pysodium.randombytes(pysodium.crypto_stream_NONCEBYTES) assert pysodium.crypto_stream_NONCEBYTES == 24 assert pysodium.crypto_stream_KEYBYTES == 32 ctext = pysodium.crypto_stream_xor(message, len(message), nonce, key) # public key point for ephemeral key Gpt = ECPoint(curve, curve.G) ePubkey = Gpt * eprivkey DERmsg = der_encode_message(ePubkey, nonce, ctext) print(pem_wrap(DERmsg, 'ECDHE_XSALSA20 ENCRYPTED MESSAGE'))
sys.exit('Error: Unable to import private key, aborting.') if privkey is None: sys.exit('Error: Unable to import public key, aborting.') if clargs.file is None: inCtxt = sys.stdin.read() else: with open(clargs.file, 'r') as msgfile: inCtxt=msgfile.read() ctder = pem_unwrap(inCtxt, 'ECDHE_XSALSA20 ENCRYPTED MESSAGE') if ctder is None: sys.exit('unable to decode ECDHE_XSALSA20 ENCRYPTED MESSAGE in base64 PEM format') (ePubkeybytes, nonce, ctext) = der_decode_message(ctder) try: ePubkey = ECPoint(curve, ePubkeybytes) except (TypeError, ValueError): sys.exit('Pubkey value invalid for curve') # generate a random (ephemeral) private key SharedPt = ePubkey * privkey sbytes = SharedPt.compressed() key = sha256(sbytes).digest() ptext = pysodium.crypto_stream_xor(ctext, len(ctext), nonce, key) print(ptext.decode(), end='')
def test_create_generator(self): pts = [] for c in self.cv: G = c.G pts.append(ECPoint(c, G))
def test_create_neutral(self): pts = [] for c in self.cv: pts.append(ECPoint(c))
privkey = int(FieldElement.urandom(curve.p)) f_a = FieldElement(a, p) f_b = FieldElement(b, p) ECPt = [] for x in range(0, p): # Weierstrass equation is y**2 = x**3 + ax + b f_x = FieldElement(x, p) f_y_2 = pow(f_x, 3) + (f_a * f_x) + b f_y = f_y_2.sqrt() if f_y is not None: #print("pt(0x%X, 0x%X)" % (int(f_x), int(f_y))) assert curve.PointIsValid(int(f_x), int(f_y)) ECPt.append(ECPoint(curve, (f_x, f_y))) if int(f_y) != 0: #print("pt(0x%X, 0x%X)" % (int(f_x), int(-f_y))) assert curve.PointIsValid(int(f_x), int(-f_y)) ECPt.append(ECPoint(curve, (f_x, -f_y))) print("%d rational points on curve" % (len(ECPt))) # infinite / neutral point of curve inf = ECPoint(curve) subgroups = [] subgroups_str = [] for p in ECPt: i = 1