alpcentaur
/
basabuuka_prototyp
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
1 Branch
4.1 GiB
Tree: 9ed0e1f6e7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9ed0e1f6e7'
${ noResults }
basabuuka_prototyp/venv/lib/python3.5/site-packages/ecdsa/ellipticcurve.py

293 lines
8.4 KiB
Raw Normal View History

initial commit
4 years ago
 
  1. #! /usr/bin/env python
  2. #
  3. # Implementation of elliptic curves, for cryptographic applications.
  4. #
  5. # This module doesn't provide any way to choose a random elliptic
  6. # curve, nor to verify that an elliptic curve was chosen randomly,
  7. # because one can simply use NIST's standard curves.
  8. #
  9. # Notes from X9.62-1998 (draft):
  10. #   Nomenclature:
  11. #     - Q is a public key.
  12. #     The "Elliptic Curve Domain Parameters" include:
  13. #     - q is the "field size", which in our case equals p.
  14. #     - p is a big prime.
  15. #     - G is a point of prime order (5.1.1.1).
  16. #     - n is the order of G (5.1.1.1).
  17. #   Public-key validation (5.2.2):
  18. #     - Verify that Q is not the point at infinity.
  19. #     - Verify that X_Q and Y_Q are in [0,p-1].
  20. #     - Verify that Q is on the curve.
  21. #     - Verify that nQ is the point at infinity.
  22. #   Signature generation (5.3):
  23. #     - Pick random k from [1,n-1].
  24. #   Signature checking (5.4.2):
  25. #     - Verify that r and s are in [1,n-1].
  26. #
  27. # Version of 2008.11.25.
  28. #
  29. # Revision history:
  30. #    2005.12.31 - Initial version.
  31. #    2008.11.25 - Change CurveFp.is_on to contains_point.
  32. #
  33. # Written in 2005 by Peter Pearson and placed in the public domain.
  34. 

  35. from __future__ import division
  36. 

  37. from .six import print_
  38. from . import numbertheory
  39. 

  40. class CurveFp( object ):
  41.   """Elliptic Curve over the field of integers modulo a prime."""
  42.   def __init__( self, p, a, b ):
  43.     """The curve of points satisfying y^2 = x^3 + a*x + b (mod p)."""
  44.     self.__p = p
  45.     self.__a = a
  46.     self.__b = b
  47. 

  48.   def p( self ):
  49.     return self.__p
  50. 

  51.   def a( self ):
  52.     return self.__a
  53. 

  54.   def b( self ):
  55.     return self.__b
  56. 

  57.   def contains_point( self, x, y ):
  58.     """Is the point (x,y) on this curve?"""
  59.     return ( y * y - ( x * x * x + self.__a * x + self.__b ) ) % self.__p == 0
  60. 

  61. 

  62. 

  63. class Point( object ):
  64.   """A point on an elliptic curve. Altering x and y is forbidding,

  65.      but they can be read by the x() and y() methods."""

  66.   def __init__( self, curve, x, y, order = None ):
  67.     """curve, x, y, order; order (optional) is the order of this point."""
  68.     self.__curve = curve
  69.     self.__x = x
  70.     self.__y = y
  71.     self.__order = order
  72.     # self.curve is allowed to be None only for INFINITY:
  73.     if self.__curve: assert self.__curve.contains_point( x, y )
  74.     if order: assert self * order == INFINITY
  75. 

  76.   def __eq__( self, other ):
  77.     """Return True if the points are identical, False otherwise."""
  78.     if self.__curve == other.__curve \
  79.        and self.__x == other.__x \
  80.        and self.__y == other.__y:
  81.       return True
  82.     else:
  83.       return False
  84. 

  85.   def __add__( self, other ):
  86.     """Add one point to another point."""
  87. 

  88.     # X9.62 B.3:
  89. 

  90.     if other == INFINITY: return self
  91.     if self == INFINITY: return other
  92.     assert self.__curve == other.__curve
  93.     if self.__x == other.__x:
  94.       if ( self.__y + other.__y ) % self.__curve.p() == 0:
  95.         return INFINITY
  96.       else:
  97.         return self.double()
  98. 

  99.     p = self.__curve.p()
  100. 

  101.     l = ( ( other.__y - self.__y ) * \
  102.           numbertheory.inverse_mod( other.__x - self.__x, p ) ) % p
  103. 

  104.     x3 = ( l * l - self.__x - other.__x ) % p
  105.     y3 = ( l * ( self.__x - x3 ) - self.__y ) % p
  106. 

  107.     return Point( self.__curve, x3, y3 )
  108. 

  109.   def __mul__( self, other ):
  110.     """Multiply a point by an integer."""
  111. 

  112.     def leftmost_bit( x ):
  113.       assert x > 0
  114.       result = 1
  115.       while result <= x: result = 2 * result
  116.       return result // 2
  117. 

  118.     e = other
  119.     if self.__order: e = e % self.__order
  120.     if e == 0: return INFINITY
  121.     if self == INFINITY: return INFINITY
  122.     assert e > 0
  123. 

  124.     # From X9.62 D.3.2:
  125. 

  126.     e3 = 3 * e
  127.     negative_self = Point( self.__curve, self.__x, -self.__y, self.__order )
  128.     i = leftmost_bit( e3 ) // 2
  129.     result = self
  130.     # print_("Multiplying %s by %d (e3 = %d):" % ( self, other, e3 ))
  131.     while i > 1:
  132.       result = result.double()
  133.       if ( e3 & i ) != 0 and ( e & i ) == 0: result = result + self
  134.       if ( e3 & i ) == 0 and ( e & i ) != 0: result = result + negative_self
  135.       # print_(". . . i = %d, result = %s" % ( i, result ))
  136.       i = i // 2
  137. 

  138.     return result
  139. 

  140.   def __rmul__( self, other ):
  141.     """Multiply a point by an integer."""
  142. 

  143.     return self * other
  144. 

  145.   def __str__( self ):
  146.     if self == INFINITY: return "infinity"
  147.     return "(%d,%d)" % ( self.__x, self.__y )
  148. 

  149.   def double( self ):
  150.     """Return a new point that is twice the old."""
  151. 

  152.     if self == INFINITY:
  153.       return INFINITY
  154. 

  155.     # X9.62 B.3:
  156. 

  157.     p = self.__curve.p()
  158.     a = self.__curve.a()
  159. 

  160.     l = ( ( 3 * self.__x * self.__x + a ) * \
  161.           numbertheory.inverse_mod( 2 * self.__y, p ) ) % p
  162. 

  163.     x3 = ( l * l - 2 * self.__x ) % p
  164.     y3 = ( l * ( self.__x - x3 ) - self.__y ) % p
  165. 

  166.     return Point( self.__curve, x3, y3 )
  167. 

  168.   def x( self ):
  169.     return self.__x
  170. 

  171.   def y( self ):
  172.     return self.__y
  173. 

  174.   def curve( self ):
  175.     return self.__curve
  176. 

  177.   def order( self ):
  178.     return self.__order
  179. 

  180. 

  181. # This one point is the Point At Infinity for all purposes:
  182. INFINITY = Point( None, None, None )
  183. 

  184. def __main__():
  185. 

  186.   class FailedTest(Exception): pass
  187.   def test_add( c, x1, y1, x2,  y2, x3, y3 ):
  188.     """We expect that on curve c, (x1,y1) + (x2, y2 ) = (x3, y3)."""
  189.     p1 = Point( c, x1, y1 )
  190.     p2 = Point( c, x2, y2 )
  191.     p3 = p1 + p2
  192.     print_("%s + %s = %s" % ( p1, p2, p3 ), end=' ')
  193.     if p3.x() != x3 or p3.y() != y3:
  194.       raise FailedTest("Failure: should give (%d,%d)." % ( x3, y3 ))
  195.     else:
  196.       print_(" Good.")
  197. 

  198.   def test_double( c, x1, y1, x3, y3 ):
  199.     """We expect that on curve c, 2*(x1,y1) = (x3, y3)."""
  200.     p1 = Point( c, x1, y1 )
  201.     p3 = p1.double()
  202.     print_("%s doubled = %s" % ( p1, p3 ), end=' ')
  203.     if p3.x() != x3 or p3.y() != y3:
  204.       raise FailedTest("Failure: should give (%d,%d)." % ( x3, y3 ))
  205.     else:
  206.       print_(" Good.")
  207. 

  208.   def test_double_infinity( c ):
  209.     """We expect that on curve c, 2*INFINITY = INFINITY."""
  210.     p1 = INFINITY
  211.     p3 = p1.double()
  212.     print_("%s doubled = %s" % ( p1, p3 ), end=' ')
  213.     if p3.x() != INFINITY.x() or p3.y() != INFINITY.y():
  214.       raise FailedTest("Failure: should give (%d,%d)." % ( INFINITY.x(), INFINITY.y() ))
  215.     else:
  216.       print_(" Good.")
  217. 

  218.   def test_multiply( c, x1, y1, m, x3, y3 ):
  219.     """We expect that on curve c, m*(x1,y1) = (x3,y3)."""
  220.     p1 = Point( c, x1, y1 )
  221.     p3 = p1 * m
  222.     print_("%s * %d = %s" % ( p1, m, p3 ), end=' ')
  223.     if p3.x() != x3 or p3.y() != y3:
  224.       raise FailedTest("Failure: should give (%d,%d)." % ( x3, y3 ))
  225.     else:
  226.       print_(" Good.")
  227. 

  228. 

  229.   # A few tests from X9.62 B.3:
  230. 

  231.   c = CurveFp( 23, 1, 1 )
  232.   test_add( c, 3, 10, 9, 7, 17, 20 )
  233.   test_double( c, 3, 10, 7, 12 )
  234.   test_add( c, 3, 10, 3, 10, 7, 12 )	# (Should just invoke double.)
  235.   test_multiply( c, 3, 10, 2, 7, 12 )
  236. 

  237.   test_double_infinity(c)
  238. 

  239.   # From X9.62 I.1 (p. 96):
  240. 

  241.   g = Point( c, 13, 7, 7 )
  242. 

  243.   check = INFINITY
  244.   for i in range( 7 + 1 ):
  245.     p = ( i % 7 ) * g
  246.     print_("%s * %d = %s, expected %s . . ." % ( g, i, p, check ), end=' ')
  247.     if p == check:
  248.       print_(" Good.")
  249.     else:
  250.       raise FailedTest("Bad.")
  251.     check = check + g
  252. 

  253.   # NIST Curve P-192:
  254.   p = 6277101735386680763835789423207666416083908700390324961279
  255.   r = 6277101735386680763835789423176059013767194773182842284081
  256.   #s = 0x3045ae6fc8422f64ed579528d38120eae12196d5L
  257.   c = 0x3099d2bbbfcb2538542dcd5fb078b6ef5f3d6fe2c745de65
  258.   b = 0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1
  259.   Gx = 0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012
  260.   Gy = 0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811
  261. 

  262.   c192 = CurveFp( p, -3, b )
  263.   p192 = Point( c192, Gx, Gy, r )
  264. 

  265.   # Checking against some sample computations presented
  266.   # in X9.62:
  267. 

  268.   d = 651056770906015076056810763456358567190100156695615665659
  269.   Q = d * p192
  270.   if Q.x() != 0x62B12D60690CDCF330BABAB6E69763B471F994DD702D16A5:
  271.     raise FailedTest("p192 * d came out wrong.")
  272.   else:
  273.     print_("p192 * d came out right.")
  274. 

  275.   k = 6140507067065001063065065565667405560006161556565665656654
  276.   R = k * p192
  277.   if R.x() != 0x885052380FF147B734C330C43D39B2C4A89F29B0F749FEAD \
  278.      or R.y() != 0x9CF9FA1CBEFEFB917747A3BB29C072B9289C2547884FD835:
  279.     raise FailedTest("k * p192 came out wrong.")
  280.   else:
  281.     print_("k * p192 came out right.")
  282. 

  283.   u1 = 2563697409189434185194736134579731015366492496392189760599
  284.   u2 = 6266643813348617967186477710235785849136406323338782220568
  285.   temp = u1 * p192 + u2 * Q
  286.   if temp.x() != 0x885052380FF147B734C330C43D39B2C4A89F29B0F749FEAD \
  287.      or temp.y() != 0x9CF9FA1CBEFEFB917747A3BB29C072B9289C2547884FD835:
  288.     raise FailedTest("u1 * p192 + u2 * Q came out wrong.")
  289.   else:
  290.     print_("u1 * p192 + u2 * Q came out right.")
  291. 

  292. if __name__ == "__main__":
  293.   __main__()