import pickle
import sys
try:
import unittest2 as unittest
except ImportError:
import unittest
import os
import signal
import pytest
import threading
import platform
import hypothesis.strategies as st
from hypothesis import given, assume, settings, example
from .ellipticcurve import CurveFp, PointJacobi, INFINITY
from .ecdsa import (
generator_256,
curve_256,
generator_224,
generator_brainpoolp160r1,
curve_brainpoolp160r1,
generator_112r2,
curve_112r2,
)
from .numbertheory import inverse_mod
from .util import randrange
NO_OLD_SETTINGS = {}
if sys.version_info > (2, 7): # pragma: no branch
NO_OLD_SETTINGS["deadline"] = 5000
SLOW_SETTINGS = {}
if "--fast" in sys.argv: # pragma: no cover
SLOW_SETTINGS["max_examples"] = 2
else:
SLOW_SETTINGS["max_examples"] = 10
class TestJacobi(unittest.TestCase):
def test___init__(self):
curve = object()
x = 2
y = 3
z = 1
order = 4
pj = PointJacobi(curve, x, y, z, order)
self.assertEqual(pj.order(), order)
self.assertIs(pj.curve(), curve)
self.assertEqual(pj.x(), x)
self.assertEqual(pj.y(), y)
def test_add_with_different_curves(self):
p_a = PointJacobi.from_affine(generator_256)
p_b = PointJacobi.from_affine(generator_224)
with self.assertRaises(ValueError): # pragma: no branch
p_a + p_b
def test_compare_different_curves(self):
self.assertNotEqual(generator_256, generator_224)
def test_equality_with_non_point(self):
pj = PointJacobi.from_affine(generator_256)
self.assertNotEqual(pj, "value")
def test_conversion(self):
pj = PointJacobi.from_affine(generator_256)
pw = pj.to_affine()
self.assertEqual(generator_256, pw)
def test_single_double(self):
pj = PointJacobi.from_affine(generator_256)
pw = generator_256.double()
pj = pj.double()
self.assertEqual(pj.x(), pw.x())
self.assertEqual(pj.y(), pw.y())
def test_double_with_zero_point(self):
pj = PointJacobi(curve_256, 0, 0, 1)
pj = pj.double()
self.assertIs(pj, INFINITY)
def test_double_with_zero_equivalent_point(self):
pj = PointJacobi(curve_256, 0, curve_256.p(), 1)
pj = pj.double()
self.assertIs(pj, INFINITY)
def test_double_with_zero_equivalent_point_non_1_z(self):
pj = PointJacobi(curve_256, 0, curve_256.p(), 2)
pj = pj.double()
self.assertIs(pj, INFINITY)
def test_compare_with_affine_point(self):
pj = PointJacobi.from_affine(generator_256)
pa = pj.to_affine()
self.assertEqual(pj, pa)
self.assertEqual(pa, pj)
def test_to_affine_with_zero_point(self):
pj = PointJacobi(curve_256, 0, 0, 1)
pa = pj.to_affine()
self.assertIs(pa, INFINITY)
def test_add_with_affine_point(self):
pj = PointJacobi.from_affine(generator_256)
pa = pj.to_affine()
s = pj + pa
self.assertEqual(s, pj.double())
def test_radd_with_affine_point(self):
pj = PointJacobi.from_affine(generator_256)
pa = pj.to_affine()
s = pa + pj
self.assertEqual(s, pj.double())
def test_add_with_infinity(self):
pj = PointJacobi.from_affine(generator_256)
s = pj + INFINITY
self.assertEqual(s, pj)
def test_add_zero_point_to_affine(self):
pa = PointJacobi.from_affine(generator_256).to_affine()
pj = PointJacobi(curve_256, 0, 0, 1)
s = pj + pa
self.assertIs(s, pa)
def test_multiply_by_zero(self):
pj = PointJacobi.from_affine(generator_256)
pj = pj * 0
self.assertIs(pj, INFINITY)
def test_zero_point_multiply_by_one(self):
pj = PointJacobi(curve_256, 0, 0, 1)
pj = pj * 1
self.assertIs(pj, INFINITY)
def test_multiply_by_one(self):
pj = PointJacobi.from_affine(generator_256)
pw = generator_256 * 1
pj = pj * 1
self.assertEqual(pj.x(), pw.x())
self.assertEqual(pj.y(), pw.y())
def test_multiply_by_two(self):
pj = PointJacobi.from_affine(generator_256)
pw = generator_256 * 2
pj = pj * 2
self.assertEqual(pj.x(), pw.x())
self.assertEqual(pj.y(), pw.y())
def test_rmul_by_two(self):
pj = PointJacobi.from_affine(generator_256)
pw = generator_256 * 2
pj = 2 * pj
self.assertEqual(pj, pw)
def test_compare_non_zero_with_infinity(self):
pj = PointJacobi.from_affine(generator_256)
self.assertNotEqual(pj, INFINITY)
def test_compare_zero_point_with_infinity(self):
pj = PointJacobi(curve_256, 0, 0, 1)
self.assertEqual(pj, INFINITY)
def test_compare_double_with_multiply(self):
pj = PointJacobi.from_affine(generator_256)
dbl = pj.double()
mlpl = pj * 2
self.assertEqual(dbl, mlpl)
@settings(**SLOW_SETTINGS)
@given(
st.integers(
min_value=0, max_value=int(generator_brainpoolp160r1.order() - 1)
)
)
def test_multiplications(self, mul):
pj = PointJacobi.from_affine(generator_brainpoolp160r1)
pw = pj.to_affine() * mul
pj = pj * mul
self.assertEqual((pj.x(), pj.y()), (pw.x(), pw.y()))
self.assertEqual(pj, pw)
@settings(**SLOW_SETTINGS)
@given(
st.integers(
min_value=0, max_value=int(generator_brainpoolp160r1.order() - 1)
)
)
@example(0)
@example(int(generator_brainpoolp160r1.order()))
def test_precompute(self, mul):
precomp = generator_brainpoolp160r1
self.assertTrue(precomp._PointJacobi__precompute)
pj = PointJacobi.from_affine(generator_brainpoolp160r1)
a = precomp * mul
b = pj * mul
self.assertEqual(a, b)
@settings(**SLOW_SETTINGS)
@given(
st.integers(
min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
),
st.integers(
min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
),
)
@example(3, 3)
def test_add_scaled_points(self, a_mul, b_mul):
j_g = PointJacobi.from_affine(generator_brainpoolp160r1)
a = PointJacobi.from_affine(j_g * a_mul)
b = PointJacobi.from_affine(j_g * b_mul)
c = a + b
self.assertEqual(c, j_g * (a_mul + b_mul))
@settings(**SLOW_SETTINGS)
@given(
st.integers(
min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
),
st.integers(
min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
),
st.integers(min_value=1, max_value=int(curve_brainpoolp160r1.p() - 1)),
)
def test_add_one_scaled_point(self, a_mul, b_mul, new_z):
j_g = PointJacobi.from_affine(generator_brainpoolp160r1)
a = PointJacobi.from_affine(j_g * a_mul)
b = PointJacobi.from_affine(j_g * b_mul)
p = curve_brainpoolp160r1.p()
assume(inverse_mod(new_z, p))
new_zz = new_z * new_z % p
b = PointJacobi(
curve_brainpoolp160r1,
b.x() * new_zz % p,
b.y() * new_zz * new_z % p,
new_z,
)
c = a + b
self.assertEqual(c, j_g * (a_mul + b_mul))
@pytest.mark.slow
@settings(**SLOW_SETTINGS)
@given(
st.integers(
min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
),
st.integers(
min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
),
st.integers(min_value=1, max_value=int(curve_brainpoolp160r1.p() - 1)),
)
@example(1, 1, 1)
@example(3, 3, 3)
@example(2, int(generator_brainpoolp160r1.order() - 2), 1)
@example(2, int(generator_brainpoolp160r1.order() - 2), 3)
def test_add_same_scale_points(self, a_mul, b_mul, new_z):
j_g = PointJacobi.from_affine(generator_brainpoolp160r1)
a = PointJacobi.from_affine(j_g * a_mul)
b = PointJacobi.from_affine(j_g * b_mul)
p = curve_brainpoolp160r1.p()
assume(inverse_mod(new_z, p))
new_zz = new_z * new_z % p
a = PointJacobi(
curve_brainpoolp160r1,
a.x() * new_zz % p,
a.y() * new_zz * new_z % p,
new_z,
)
b = PointJacobi(
curve_brainpoolp160r1,
b.x() * new_zz % p,
b.y() * new_zz * new_z % p,
new_z,
)
c = a + b
self.assertEqual(c, j_g * (a_mul + b_mul))
def test_add_same_scale_points_static(self):
j_g = generator_brainpoolp160r1
p = curve_brainpoolp160r1.p()
a = j_g * 11
a.scale()
z1 = 13
x = PointJacobi(
curve_brainpoolp160r1,
a.x() * z1**2 % p,
a.y() * z1**3 % p,
z1,
)
y = PointJacobi(
curve_brainpoolp160r1,
a.x() * z1**2 % p,
a.y() * z1**3 % p,
z1,
)
c = a + a
self.assertEqual(c, x + y)
@pytest.mark.slow
@settings(**SLOW_SETTINGS)
@given(
st.integers(
min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
),
st.integers(
min_value=1, max_value=int(generator_brainpoolp160r1.order() - 1)
),
st.lists(
st.integers(
min_value=1, max_value=int(curve_brainpoolp160r1.p() - 1)
),
min_size=2,
max_size=2,
unique=True,
),
)
@example(2, 2, [2, 1])
@example(2, 2, [2, 3])
@example(2, int(generator_brainpoolp160r1.order() - 2), [2, 3])
@example(2, int(generator_brainpoolp160r1.order() - 2), [2, 1])
def test_add_different_scale_points(self, a_mul, b_mul, new_z):
j_g = PointJacobi.from_affine(generator_brainpoolp160r1)
a = PointJacobi.from_affine(j_g * a_mul)
b = PointJacobi.from_affine(j_g * b_mul)
p = curve_brainpoolp160r1.p()
assume(inverse_mod(new_z[0], p))
assume(inverse_mod(new_z[1], p))
new_zz0 = new_z[0] * new_z[0] % p
new_zz1 = new_z[1] * new_z[1] % p
a = PointJacobi(
curve_brainpoolp160r1,
a.x() * new_zz0 % p,
a.y() * new_zz0 * new_z[0] % p,
new_z[0],
)
b = PointJacobi(
curve_brainpoolp160r1,
b.x() * new_zz1 % p,
b.y() * new_zz1 * new_z[1] % p,
new_z[1],
)
c = a + b
self.assertEqual(c, j_g * (a_mul + b_mul))
def test_add_different_scale_points_static(self):
j_g = generator_brainpoolp160r1
p = curve_brainpoolp160r1.p()
a = j_g * 11
a.scale()
z1 = 13
x = PointJacobi(
curve_brainpoolp160r1,
a.x() * z1**2 % p,
a.y() * z1**3 % p,
z1,
)
z2 = 29
y = PointJacobi(
curve_brainpoolp160r1,
a.x() * z2**2 % p,
a.y() * z2**3 % p,
z2,
)
c = a + a
self.assertEqual(c, x + y)
def test_add_different_points_same_scale_static(self):
j_g = generator_brainpoolp160r1
p = curve_brainpoolp160r1.p()
a = j_g * 11
a.scale()
b = j_g * 12
z = 13
x = PointJacobi(
curve_brainpoolp160r1,
a.x() * z**2 % p,
a.y() * z**3 % p,
z,
)
y = PointJacobi(
curve_brainpoolp160r1,
b.x() * z**2 % p,
b.y() * z**3 % p,
z,
)
c = a + b
self.assertEqual(c, x + y)
def test_add_same_point_different_scale_second_z_1_static(self):
j_g = generator_112r2
p = curve_112r2.p()
z = 11
a = j_g * z
a.scale()
x = PointJacobi(
curve_112r2,
a.x() * z**2 % p,
a.y() * z**3 % p,
z,
)
y = PointJacobi(
curve_112r2,
a.x(),
a.y(),
1,
)
c = a + a
self.assertEqual(c, x + y)
def test_add_to_infinity_static(self):
j_g = generator_112r2
z = 11
a = j_g * z
a.scale()
b = -a
x = PointJacobi(
curve_112r2,
a.x(),
a.y(),
1,
)
y = PointJacobi(
curve_112r2,
b.x(),
b.y(),
1,
)
self.assertEqual(INFINITY, x + y)
def test_add_point_3_times(self):
j_g = PointJacobi.from_affine(generator_256)
self.assertEqual(j_g * 3, j_g + j_g + j_g)
def test_mul_without_order(self):
j_g = PointJacobi(curve_256, generator_256.x(), generator_256.y(), 1)
self.assertEqual(j_g * generator_256.order(), INFINITY)
def test_mul_add_inf(self):
j_g = PointJacobi.from_affine(generator_256)
self.assertEqual(j_g, j_g.mul_add(1, INFINITY, 1))
def test_mul_add_same(self):
j_g = PointJacobi.from_affine(generator_256)
self.assertEqual(j_g * 2, j_g.mul_add(1, j_g, 1))
def test_mul_add_precompute(self):
j_g = PointJacobi.from_affine(generator_brainpoolp160r1, True)
b = PointJacobi.from_affine(j_g * 255, True)
self.assertEqual(j_g * 256, j_g + b)
self.assertEqual(j_g * (5 + 255 * 7), j_g * 5 + b * 7)
self.assertEqual(j_g * (5 + 255 * 7), j_g.mul_add(5, b, 7))
def test_mul_add_precompute_large(self):
j_g = PointJacobi.from_affine(generator_brainpoolp160r1, True)
b = PointJacobi.from_affine(j_g * 255, True)
self.assertEqual(j_g * 256, j_g + b)
self.assertEqual(
j_g * (0xFF00 + 255 * 0xF0F0), j_g * 0xFF00 + b * 0xF0F0
)
self.assertEqual(
j_g * (0xFF00 + 255 * 0xF0F0), j_g.mul_add(0xFF00, b, 0xF0F0)
)
def test_mul_add_to_mul(self):
j_g = PointJacobi.from_affine(generator_256)
a = j_g * 3
b = j_g.mul_add(2, j_g, 1)
self.assertEqual(a, b)
def test_mul_add_differnt(self):
j_g = PointJacobi.from_affine(generator_256)
w_a = j_g * 2
self.assertEqual(j_g.mul_add(1, w_a, 1), j_g * 3)
def test_mul_add_slightly_different(self):
j_g = PointJacobi.from_affine(generator_256)
w_a = j_g * 2
w_b = j_g * 3
self.assertEqual(w_a.mul_add(1, w_b, 3), w_a * 1 + w_b * 3)
def test_mul_add(self):
j_g = PointJacobi.from_affine(generator_256)
w_a = generator_256 * 255
w_b = generator_256 * (0xA8 * 0xF0)
j_b = j_g * 0xA8
ret = j_g.mul_add(255, j_b, 0xF0)
self.assertEqual(ret.to_affine(), w_a + w_b)
def test_mul_add_large(self):
j_g = PointJacobi.from_affine(generator_256)
b = PointJacobi.from_affine(j_g * 255)
self.assertEqual(j_g * 256, j_g + b)
self.assertEqual(
j_g * (0xFF00 + 255 * 0xF0F0), j_g * 0xFF00 + b * 0xF0F0
)
self.assertEqual(
j_g * (0xFF00 + 255 * 0xF0F0), j_g.mul_add(0xFF00, b, 0xF0F0)
)
def test_mul_add_with_infinity_as_result(self):
j_g = PointJacobi.from_affine(generator_256)
order = generator_256.order()
b = PointJacobi.from_affine(generator_256 * 256)
self.assertEqual(j_g.mul_add(order % 256, b, order // 256), INFINITY)
def test_mul_add_without_order(self):
j_g = PointJacobi(curve_256, generator_256.x(), generator_256.y(), 1)
order = generator_256.order()
w_b = generator_256 * 34
w_b.scale()
b = PointJacobi(curve_256, w_b.x(), w_b.y(), 1)
self.assertEqual(j_g.mul_add(order % 34, b, order // 34), INFINITY)
def test_mul_add_with_doubled_negation_of_itself(self):
j_g = PointJacobi.from_affine(generator_256 * 17)
dbl_neg = 2 * (-j_g)
self.assertEqual(j_g.mul_add(4, dbl_neg, 2), INFINITY)
def test_equality(self):
pj1 = PointJacobi(curve=CurveFp(23, 1, 1, 1), x=2, y=3, z=1, order=1)
pj2 = PointJacobi(curve=CurveFp(23, 1, 1, 1), x=2, y=3, z=1, order=1)
self.assertEqual(pj1, pj2)
def test_equality_with_invalid_object(self):
j_g = PointJacobi.from_affine(generator_256)
self.assertNotEqual(j_g, 12)
def test_equality_with_wrong_curves(self):
p_a = PointJacobi.from_affine(generator_256)
p_b = PointJacobi.from_affine(generator_224)
self.assertNotEqual(p_a, p_b)
def test_add_with_point_at_infinity(self):
pj1 = PointJacobi(curve=CurveFp(23, 1, 1, 1), x=2, y=3, z=1, order=1)
x, y, z = pj1._add(2, 3, 1, 5, 5, 0, 23)
self.assertEqual((x, y, z), (2, 3, 1))
def test_pickle(self):
pj = PointJacobi(curve=CurveFp(23, 1, 1, 1), x=2, y=3, z=1, order=1)
self.assertEqual(pickle.loads(pickle.dumps(pj)), pj)
@pytest.mark.slow
@settings(**NO_OLD_SETTINGS)
@pytest.mark.skipif(
platform.python_implementation() == "PyPy",
reason="threading on PyPy breaks coverage",
)
@given(st.integers(min_value=1, max_value=10))
def test_multithreading(self, thread_num): # pragma: no cover
# ensure that generator's precomputation table is filled
generator_112r2 * 2
# create a fresh point that doesn't have a filled precomputation table
gen = generator_112r2
gen = PointJacobi(gen.curve(), gen.x(), gen.y(), 1, gen.order(), True)
self.assertEqual(gen._PointJacobi__precompute, [])
def runner(generator):
order = generator.order()
for _ in range(10):
generator * randrange(order)
threads = []
for _ in range(thread_num):
threads.append(threading.Thread(target=runner, args=(gen,)))
for t in threads:
t.start()
runner(gen)
for t in threads:
t.join()
self.assertEqual(
gen._PointJacobi__precompute,
generator_112r2._PointJacobi__precompute,
)
@pytest.mark.slow
@pytest.mark.skipif(
platform.system() == "Windows"
or platform.python_implementation() == "PyPy",
reason="there are no signals on Windows, and threading breaks coverage"
" on PyPy",
)
def test_multithreading_with_interrupts(self): # pragma: no cover
thread_num = 10
# ensure that generator's precomputation table is filled
generator_112r2 * 2
# create a fresh point that doesn't have a filled precomputation table
gen = generator_112r2
gen = PointJacobi(gen.curve(), gen.x(), gen.y(), 1, gen.order(), True)
self.assertEqual(gen._PointJacobi__precompute, [])
def runner(generator):
order = generator.order()
for _ in range(50):
generator * randrange(order)
def interrupter(barrier_start, barrier_end, lock_exit):
# wait until MainThread can handle KeyboardInterrupt
barrier_start.release()
barrier_end.acquire()
os.kill(os.getpid(), signal.SIGINT)
lock_exit.release()
threads = []
for _ in range(thread_num):
threads.append(threading.Thread(target=runner, args=(gen,)))
barrier_start = threading.Lock()
barrier_start.acquire()
barrier_end = threading.Lock()
barrier_end.acquire()
lock_exit = threading.Lock()
lock_exit.acquire()
threads.append(
threading.Thread(
target=interrupter,
args=(barrier_start, barrier_end, lock_exit),
)
)
for t in threads:
t.start()
with self.assertRaises(KeyboardInterrupt):
# signal to interrupter that we can now handle the signal
barrier_start.acquire()
barrier_end.release()
runner(gen)
# use the lock to ensure we never go past the scope of
# assertRaises before the os.kill is called
lock_exit.acquire()
for t in threads:
t.join()
self.assertEqual(
gen._PointJacobi__precompute,
generator_112r2._PointJacobi__precompute,
)