示例#1
0
 def test_ecdh(self):
     for c in self.cv:
         n = c.n
         pG = ECPoint(c, c.G)
         a = FieldElement.urandom(n)
         b = FieldElement.urandom(n)
         self.assertNotEqual(a, b)
         A = a * pG
         B = b * pG
         self.assertNotEqual(A, B)
         self.assertEqual(A * b, a * B)
示例#2
0
 def test_add(self):
     e = FieldElement(0, self.p)
     f = FieldElement(1, self.p)
     g = e + f
     self.assertEqual(int(g), 1)
     e = FieldElement(1, self.p)
     g = e + f
     self.assertEqual(int(g), 2)
     e = FieldElement(-1, self.p)
     g = e + f
     self.assertEqual(int(g), 0)
     for _ in range(0, 10000):
         e = FieldElement.urandom(self.p)
         f = FieldElement.urandom(self.p)
         g = (int(e) + int(f)) % self.p
         self.assertEqual(int(e + f), g)
         self.assertEqual(int(f + e), g)
示例#3
0
 def test_mul(self):
     e = FieldElement(0, self.p)
     f = FieldElement(1, self.p)
     g = e * f
     self.assertEqual(int(g), 0)
     e = FieldElement(1, self.p)
     g = e * f
     self.assertEqual(int(g), 1)
     f = FieldElement(-1, self.p)
     g = e * f
     self.assertEqual(int(g), self.p - 1)
     for _ in range(0, 10000):
         e = FieldElement.urandom(self.p)
         f = FieldElement.urandom(self.p)
         g = (int(e) * int(f)) % self.p
         self.assertEqual(int(e * f), g)
         self.assertEqual(int(f * e), g)
示例#4
0
 def test_sub(self):
     e = FieldElement(0, self.p)
     f = FieldElement(1, self.p)
     g = e - f
     self.assertEqual(int(g), self.p - 1)
     e = FieldElement(1, self.p)
     g = e - f
     self.assertEqual(int(g), 0)
     f = FieldElement(-1, self.p)
     g = e - f
     self.assertEqual(int(g), 2)
     for _ in range(0, 10000):
         e = FieldElement.urandom(self.p)
         f = FieldElement.urandom(self.p)
         g = (int(e) - int(f)) % self.p
         self.assertEqual(int(e - f), g)
         g = (-g) % self.p
         self.assertEqual(int(f - e), g)
示例#5
0
 def test_encrypt_decrypt(self):
     for c in self.cv:
         G = ECPoint(c, c.G)
         sK = FieldElement.urandom(c.n)
         pK = G * sK
         ptxt = ECPoint.urandom(c)
         ctxt = ECElgamalCiphertext.encrypt(pK, ptxt)
         pdec = ctxt.decrypt(sK)
         assert (pdec == ptxt)
         Cpt = ctxt.C
         Dpt = ctxt.D
         ctxt2 = ECElgamalCiphertext(Cpt, Dpt)
         pdec2 = ctxt2.decrypt(sK)
         assert (pdec2 == ptxt)
         for _ in range(0, 100):
             sK2 = FieldElement.urandom(c.n)
             pdec2 = ctxt.decrypt(sK2)
             assert (pdec2 != pdec)
示例#6
0
 def test_basic_sign_verify(self):
     for c in self.cv:
         G = ECPoint(c, c.G)
         sK = FieldElement.urandom(c.n)
         pK = G * sK
         for h in self.hm:
             ss = ECDSASignatureScheme(c, h)
             sig = ss.Sign(sK, 'test')
             assert sig.Verify(pK, 'test')
示例#7
0
 def test_repr(self):
     e = FieldElement(0, self.p)
     g = repr(e)
     self.assertEqual(eval(g), e)
     f = FieldElement(1, self.p)
     g = repr(f)
     self.assertEqual(eval(g), 1)
     for _ in range(0, 10000):
         e = FieldElement.urandom(self.p)
         f = repr(e)
         g = eval(f)
         self.assertEqual(e, g)
示例#8
0
 def test_neg(self):
     e = FieldElement(0, self.p)
     g = -e
     self.assertEqual(int(g), 0)
     e = FieldElement(1, self.p)
     g = -e
     self.assertEqual(int(g), self.p - 1)
     e = FieldElement(-1, self.p)
     g = -e
     self.assertEqual(int(g), 1)
     for _ in range(0, 10000):
         e = FieldElement.urandom(self.p)
         g = (-int(e)) % self.p
         self.assertEqual(int(-e), g)
示例#9
0
 def test_sqrt(self):
     e = FieldElement(0, self.p)
     g = e.sqrt()
     self.assertEqual(g, None)
     f = FieldElement(1, self.p)
     g = f.inverse()
     self.assertEqual(int(g * g), 1)
     self.assertEqual(int(g * g), f)
     for _ in range(0, 10000):
         e = FieldElement.urandom(self.p)
         f = e.sqrt()
         if f is not None:
             g = f * f
             self.assertEqual(int(g), int(e))
             self.assertEqual(g, e)
示例#10
0
 def test_inv(self):
     e = FieldElement(0, self.p)
     g = e.inverse()
     self.assertEqual(g, None)
     f = FieldElement(1, self.p)
     g = f.inverse()
     self.assertEqual(int(g), 1)
     for _ in range(0, 10000):
         e = FieldElement.urandom(self.p)
         f = e.inverse()
         if f is None:
             self.assertEqual(int(e), 0)
         else:
             g = e * f
             self.assertEqual(int(g), 1)
示例#11
0
 def test_pow(self):
     e = FieldElement(0, self.p)
     g = pow(e, 2)
     self.assertEqual(g, 0)
     g = e ** 2
     self.assertEqual(g, 0)
     f = FieldElement(1, self.p)
     g = pow(f, 3)
     self.assertEqual(g, 1)
     g = f ** 3
     self.assertEqual(g, 1)
     for _ in range(0, 100):
         e = FieldElement.urandom(self.p)
         for j in range(0, 10):
             f = pow(e, j)
             g = pow(int(e), j, self.p)
             self.assertEqual(f, g)
示例#12
0
 def test_urandom(self):
     for _ in range(0, 10000):
         e = FieldElement.urandom(self.p)
         self.assertGreaterEqual(int(e), 0)
         self.assertLess(int(e), self.p)
示例#13
0
    sys.exit('Error: Unable to import private key, aborting.')

if Pubkey is None:
    sys.exit('Error: Unable to import public key, aborting.')

if clargs.file is None:
    message = sys.stdin.read().encode()
else:
    with open(clargs.file, 'r') as msgfile:
        message = msgfile.read().encode()

if (message is None) or (len(message) == 0):
    sys.exit('Error: Plaintext length 0, aborting.')

# generate a random (ephemeral) private key
eprivkey = FieldElement.urandom(curve.p)
SharedPt = Pubkey * eprivkey
sbytes = SharedPt.compressed()
key = sha256(sbytes).digest()

nonce = pysodium.randombytes(pysodium.crypto_stream_NONCEBYTES)
assert pysodium.crypto_stream_NONCEBYTES == 24
assert pysodium.crypto_stream_KEYBYTES == 32

ctext = pysodium.crypto_stream_xor(message, len(message), nonce, key)

# public key point for ephemeral key
Gpt = ECPoint(curve, curve.G)
ePubkey = Gpt * eprivkey

DERmsg = der_encode_message(ePubkey, nonce, ctext)
示例#14
0
b = 0
gx = 2
gy = 53
bits = 9

p = 227
n = 19
h = 12
a = 1
b = 0
gx = 2
gy = 64
bits = 8

curve = ECurve.ShortWeierstrass(p, a, b, n, h, gx, gy, bits)
privkey = int(FieldElement.urandom(curve.p))

f_a = FieldElement(a, p)
f_b = FieldElement(b, p)

ECPt = []

for x in range(0, p):
    # Weierstrass equation is y**2 = x**3 + ax + b
    f_x = FieldElement(x, p)
    f_y_2 = pow(f_x, 3) + (f_a * f_x) + b
    f_y = f_y_2.sqrt()
    if f_y is not None:
        #print("pt(0x%X, 0x%X)" % (int(f_x), int(f_y)))
        assert curve.PointIsValid(int(f_x), int(f_y))
        ECPt.append(ECPoint(curve, (f_x, f_y)))