import pickle try: import unittest2 as unittest except ImportError: import unittest import os import sys import signal import pytest import threading import platform import hypothesis.strategies as st from hypothesis import given, assume, settings, example from .ellipticcurve import CurveFp, PointJacobi, INFINITY from .ecdsa import ( generator_256, curve_256, generator_224, generator_brainpoolp160r1, curve_brainpoolp160r1, generator_112r2, ) from .numbertheory import inverse_mod from .util import randrange NO_OLD_SETTINGS = {} if sys.version_info > (2, 7): # pragma: no branch NO_OLD_SETTINGS["deadline"] = 5000 class TestJacobi(unittest.TestCase): def test___init__(self): curve = object() x = 2 y = 3 z = 1 order = 4 pj = PointJacobi(curve, x, y, z, order) self.assertEqual(pj.order(), order) self.assertIs(pj.curve(), curve) self.assertEqual(pj.x(), x) self.assertEqual(pj.y(), y) def test_add_with_different_curves(self): p_a = PointJacobi.from_affine(generator_256) p_b = PointJacobi.from_affine(generator_224) with self.assertRaises(ValueError): p_a + p_b def test_compare_different_curves(self): self.assertNotEqual(generator_256, generator_224) def test_equality_with_non_point(self): pj = PointJacobi.from_affine(generator_256) self.assertNotEqual(pj, "value") def test_conversion(self): pj = PointJacobi.from_affine(generator_256) pw = pj.to_affine() self.assertEqual(generator_256, pw) def test_single_double(self): pj = PointJacobi.from_affine(generator_256) pw = generator_256.double() pj = pj.double() self.assertEqual(pj.x(), pw.x()) self.assertEqual(pj.y(), pw.y()) def test_double_with_zero_point(self): pj = PointJacobi(curve_256, 0, 0, 1) pj = pj.double() self.assertIs(pj, INFINITY) def test_double_with_zero_equivalent_point(self): pj = PointJacobi(curve_256, 0, curve_256.p(), 1) pj = pj.double() self.assertIs(pj, INFINITY) def test_double_with_zero_equivalent_point_non_1_z(self): pj = PointJacobi(curve_256, 0, curve_256.p(), 2) pj = pj.double() self.assertIs(pj, INFINITY) def test_compare_with_affine_point(self): pj = PointJacobi.from_affine(generator_256) pa = pj.to_affine() self.assertEqual(pj, pa) self.assertEqual(pa, pj) def test_to_affine_with_zero_point(self): pj = PointJacobi(curve_256, 0, 0, 1) pa = pj.to_affine() self.assertIs(pa, INFINITY) def test_add_with_affine_point(self): pj = PointJacobi.from_affine(generator_256) pa = pj.to_affine() s = pj + pa self.assertEqual(s, pj.double()) def test_radd_with_affine_point(self): pj = PointJacobi.from_affine(generator_256) pa = pj.to_affine() s = pa + pj self.assertEqual(s, pj.double()) def test_add_with_infinity(self): pj = PointJacobi.from_affine(generator_256) s = pj + INFINITY self.assertEqual(s, pj) def test_add_zero_point_to_affine(self): pa = PointJacobi.from_affine(generator_256).to_affine() pj = PointJacobi(curve_256, 0, 0, 1) s = pj + pa self.assertIs(s, pa) def test_multiply_by_zero(self): pj = PointJacobi.from_affine(generator_256) pj = pj * 0 self.assertIs(pj, INFINITY) def test_zero_point_multiply_by_one(self): pj = PointJacobi(curve_256, 0, 0, 1) pj = pj * 1 self.assertIs(pj, INFINITY) def test_multiply_by_one(self): pj = PointJacobi.from_affine(generator_256) pw = generator_256 * 1 pj = pj * 1 self.assertEqual(pj.x(), pw.x()) self.assertEqual(pj.y(), pw.y()) def test_multiply_by_two(self): pj = PointJacobi.from_affine(generator_256) pw = generator_256 * 2 pj = pj * 2 self.assertEqual(pj.x(), pw.x()) self.assertEqual(pj.y(), pw.y()) def test_rmul_by_two(self): pj = PointJacobi.from_affine(generator_256) pw = generator_256 * 2 pj = 2 * pj self.assertEqual(pj, pw) def test_compare_non_zero_with_infinity(self): pj = PointJacobi.from_affine(generator_256) self.assertNotEqual(pj, INFINITY) def test_compare_zero_point_with_infinity(self): pj = PointJacobi(curve_256, 0, 0, 1) self.assertEqual(pj, INFINITY) def test_compare_double_with_multiply(self): pj = PointJacobi.from_affine(generator_256) dbl = pj.double() mlpl = pj * 2 self.assertEqual(dbl, mlpl) @settings(max_examples=10) @given( st.integers( min_value=0, max_value=int(generator_brainpoolp160r1.order()) ) ) def test_multiplications(self, mul): pj = PointJacobi.from_affine(generator_brainpoolp160r1) pw = pj.to_affine() * mul pj = pj * mul self.assertEqual((pj.x(), pj.y()), (pw.x(), pw.y())) self.assertEqual(pj, pw) @settings(max_examples=10) @given( st.integers( min_value=0, max_value=int(generator_brainpoolp160r1.order()) ) ) @example(0) @example(int(generator_brainpoolp160r1.order())) def test_precompute(self, mul): precomp = generator_brainpoolp160r1 self.assertTrue(precomp._PointJacobi__precompute) pj = PointJacobi.from_affine(generator_brainpoolp160r1) a = precomp * mul b = pj * mul self.assertEqual(a, b) @settings(max_examples=10) @given( st.integers( min_value=1, max_value=int(generator_brainpoolp160r1.order()) ), st.integers( min_value=1, max_value=int(generator_brainpoolp160r1.order()) ), ) @example(3, 3) def test_add_scaled_points(self, a_mul, b_mul): j_g = PointJacobi.from_affine(generator_brainpoolp160r1) a = PointJacobi.from_affine(j_g * a_mul) b = PointJacobi.from_affine(j_g * b_mul) c = a + b self.assertEqual(c, j_g * (a_mul + b_mul)) @settings(max_examples=10) @given( st.integers( min_value=1, max_value=int(generator_brainpoolp160r1.order()) ), st.integers( min_value=1, max_value=int(generator_brainpoolp160r1.order()) ), st.integers(min_value=1, max_value=int(curve_brainpoolp160r1.p() - 1)), ) def test_add_one_scaled_point(self, a_mul, b_mul, new_z): j_g = PointJacobi.from_affine(generator_brainpoolp160r1) a = PointJacobi.from_affine(j_g * a_mul) b = PointJacobi.from_affine(j_g * b_mul) p = curve_brainpoolp160r1.p() assume(inverse_mod(new_z, p)) new_zz = new_z * new_z % p b = PointJacobi( curve_brainpoolp160r1, b.x() * new_zz % p, b.y() * new_zz * new_z % p, new_z, ) c = a + b self.assertEqual(c, j_g * (a_mul + b_mul)) @settings(max_examples=10) @given( st.integers( min_value=1, max_value=int(generator_brainpoolp160r1.order()) ), st.integers( min_value=1, max_value=int(generator_brainpoolp160r1.order()) ), st.integers(min_value=1, max_value=int(curve_brainpoolp160r1.p() - 1)), ) @example(1, 1, 1) @example(3, 3, 3) @example(2, int(generator_brainpoolp160r1.order() - 2), 1) @example(2, int(generator_brainpoolp160r1.order() - 2), 3) def test_add_same_scale_points(self, a_mul, b_mul, new_z): j_g = PointJacobi.from_affine(generator_brainpoolp160r1) a = PointJacobi.from_affine(j_g * a_mul) b = PointJacobi.from_affine(j_g * b_mul) p = curve_brainpoolp160r1.p() assume(inverse_mod(new_z, p)) new_zz = new_z * new_z % p a = PointJacobi( curve_brainpoolp160r1, a.x() * new_zz % p, a.y() * new_zz * new_z % p, new_z, ) b = PointJacobi( curve_brainpoolp160r1, b.x() * new_zz % p, b.y() * new_zz * new_z % p, new_z, ) c = a + b self.assertEqual(c, j_g * (a_mul + b_mul)) def test_add_same_scale_points_static(self): j_g = generator_brainpoolp160r1 p = curve_brainpoolp160r1.p() a = j_g * 11 a.scale() z1 = 13 x = PointJacobi( curve_brainpoolp160r1, a.x() * z1**2 % p, a.y() * z1**3 % p, z1, ) y = PointJacobi( curve_brainpoolp160r1, a.x() * z1**2 % p, a.y() * z1**3 % p, z1, ) c = a + a self.assertEqual(c, x + y) @settings(max_examples=14) @given( st.integers( min_value=1, max_value=int(generator_brainpoolp160r1.order()) ), st.integers( min_value=1, max_value=int(generator_brainpoolp160r1.order()) ), st.lists( st.integers( min_value=1, max_value=int(curve_brainpoolp160r1.p() - 1) ), min_size=2, max_size=2, unique=True, ), ) @example(2, 2, [2, 1]) @example(2, 2, [2, 3]) @example(2, int(generator_brainpoolp160r1.order() - 2), [2, 3]) @example(2, int(generator_brainpoolp160r1.order() - 2), [2, 1]) def test_add_different_scale_points(self, a_mul, b_mul, new_z): j_g = PointJacobi.from_affine(generator_brainpoolp160r1) a = PointJacobi.from_affine(j_g * a_mul) b = PointJacobi.from_affine(j_g * b_mul) p = curve_brainpoolp160r1.p() assume(inverse_mod(new_z[0], p)) assume(inverse_mod(new_z[1], p)) new_zz0 = new_z[0] * new_z[0] % p new_zz1 = new_z[1] * new_z[1] % p a = PointJacobi( curve_brainpoolp160r1, a.x() * new_zz0 % p, a.y() * new_zz0 * new_z[0] % p, new_z[0], ) b = PointJacobi( curve_brainpoolp160r1, b.x() * new_zz1 % p, b.y() * new_zz1 * new_z[1] % p, new_z[1], ) c = a + b self.assertEqual(c, j_g * (a_mul + b_mul)) def test_add_different_scale_points_static(self): j_g = generator_brainpoolp160r1 p = curve_brainpoolp160r1.p() a = j_g * 11 a.scale() z1 = 13 x = PointJacobi( curve_brainpoolp160r1, a.x() * z1**2 % p, a.y() * z1**3 % p, z1, ) z2 = 29 y = PointJacobi( curve_brainpoolp160r1, a.x() * z2**2 % p, a.y() * z2**3 % p, z2, ) c = a + a self.assertEqual(c, x + y) def test_add_point_3_times(self): j_g = PointJacobi.from_affine(generator_256) self.assertEqual(j_g * 3, j_g + j_g + j_g) def test_mul_without_order(self): j_g = PointJacobi(curve_256, generator_256.x(), generator_256.y(), 1) self.assertEqual(j_g * generator_256.order(), INFINITY) def test_mul_add_inf(self): j_g = PointJacobi.from_affine(generator_256) self.assertEqual(j_g, j_g.mul_add(1, INFINITY, 1)) def test_mul_add_same(self): j_g = PointJacobi.from_affine(generator_256) self.assertEqual(j_g * 2, j_g.mul_add(1, j_g, 1)) def test_mul_add_precompute(self): j_g = PointJacobi.from_affine(generator_brainpoolp160r1, True) b = PointJacobi.from_affine(j_g * 255, True) self.assertEqual(j_g * 256, j_g + b) self.assertEqual(j_g * (5 + 255 * 7), j_g * 5 + b * 7) self.assertEqual(j_g * (5 + 255 * 7), j_g.mul_add(5, b, 7)) def test_mul_add_precompute_large(self): j_g = PointJacobi.from_affine(generator_brainpoolp160r1, True) b = PointJacobi.from_affine(j_g * 255, True) self.assertEqual(j_g * 256, j_g + b) self.assertEqual( j_g * (0xFF00 + 255 * 0xF0F0), j_g * 0xFF00 + b * 0xF0F0 ) self.assertEqual( j_g * (0xFF00 + 255 * 0xF0F0), j_g.mul_add(0xFF00, b, 0xF0F0) ) def test_mul_add_to_mul(self): j_g = PointJacobi.from_affine(generator_256) a = j_g * 3 b = j_g.mul_add(2, j_g, 1) self.assertEqual(a, b) def test_mul_add_differnt(self): j_g = PointJacobi.from_affine(generator_256) w_a = j_g * 2 self.assertEqual(j_g.mul_add(1, w_a, 1), j_g * 3) def test_mul_add_slightly_different(self): j_g = PointJacobi.from_affine(generator_256) w_a = j_g * 2 w_b = j_g * 3 self.assertEqual(w_a.mul_add(1, w_b, 3), w_a * 1 + w_b * 3) def test_mul_add(self): j_g = PointJacobi.from_affine(generator_256) w_a = generator_256 * 255 w_b = generator_256 * (0xA8 * 0xF0) j_b = j_g * 0xA8 ret = j_g.mul_add(255, j_b, 0xF0) self.assertEqual(ret.to_affine(), w_a + w_b) def test_mul_add_large(self): j_g = PointJacobi.from_affine(generator_256) b = PointJacobi.from_affine(j_g * 255) self.assertEqual(j_g * 256, j_g + b) self.assertEqual( j_g * (0xFF00 + 255 * 0xF0F0), j_g * 0xFF00 + b * 0xF0F0 ) self.assertEqual( j_g * (0xFF00 + 255 * 0xF0F0), j_g.mul_add(0xFF00, b, 0xF0F0) ) def test_mul_add_with_infinity_as_result(self): j_g = PointJacobi.from_affine(generator_256) order = generator_256.order() b = PointJacobi.from_affine(generator_256 * 256) self.assertEqual(j_g.mul_add(order % 256, b, order // 256), INFINITY) def test_mul_add_without_order(self): j_g = PointJacobi(curve_256, generator_256.x(), generator_256.y(), 1) order = generator_256.order() w_b = generator_256 * 34 w_b.scale() b = PointJacobi(curve_256, w_b.x(), w_b.y(), 1) self.assertEqual(j_g.mul_add(order % 34, b, order // 34), INFINITY) def test_mul_add_with_doubled_negation_of_itself(self): j_g = PointJacobi.from_affine(generator_256 * 17) dbl_neg = 2 * (-j_g) self.assertEqual(j_g.mul_add(4, dbl_neg, 2), INFINITY) def test_equality(self): pj1 = PointJacobi(curve=CurveFp(23, 1, 1, 1), x=2, y=3, z=1, order=1) pj2 = PointJacobi(curve=CurveFp(23, 1, 1, 1), x=2, y=3, z=1, order=1) self.assertEqual(pj1, pj2) def test_equality_with_invalid_object(self): j_g = PointJacobi.from_affine(generator_256) self.assertNotEqual(j_g, 12) def test_equality_with_wrong_curves(self): p_a = PointJacobi.from_affine(generator_256) p_b = PointJacobi.from_affine(generator_224) self.assertNotEqual(p_a, p_b) def test_pickle(self): pj = PointJacobi(curve=CurveFp(23, 1, 1, 1), x=2, y=3, z=1, order=1) self.assertEqual(pickle.loads(pickle.dumps(pj)), pj) @settings(**NO_OLD_SETTINGS) @given(st.integers(min_value=1, max_value=10)) def test_multithreading(self, thread_num): # ensure that generator's precomputation table is filled generator_112r2 * 2 # create a fresh point that doesn't have a filled precomputation table gen = generator_112r2 gen = PointJacobi(gen.curve(), gen.x(), gen.y(), 1, gen.order(), True) self.assertEqual(gen._PointJacobi__precompute, []) def runner(generator): order = generator.order() for _ in range(10): generator * randrange(order) threads = [] for _ in range(thread_num): threads.append(threading.Thread(target=runner, args=(gen,))) for t in threads: t.start() runner(gen) for t in threads: t.join() self.assertEqual( gen._PointJacobi__precompute, generator_112r2._PointJacobi__precompute, ) @pytest.mark.skipif( platform.system() == "Windows", reason="there are no signals on Windows", ) def test_multithreading_with_interrupts(self): thread_num = 10 # ensure that generator's precomputation table is filled generator_112r2 * 2 # create a fresh point that doesn't have a filled precomputation table gen = generator_112r2 gen = PointJacobi(gen.curve(), gen.x(), gen.y(), 1, gen.order(), True) self.assertEqual(gen._PointJacobi__precompute, []) def runner(generator): order = generator.order() for _ in range(50): generator * randrange(order) def interrupter(barrier_start, barrier_end, lock_exit): # wait until MainThread can handle KeyboardInterrupt barrier_start.release() barrier_end.acquire() os.kill(os.getpid(), signal.SIGINT) lock_exit.release() threads = [] for _ in range(thread_num): threads.append(threading.Thread(target=runner, args=(gen,))) barrier_start = threading.Lock() barrier_start.acquire() barrier_end = threading.Lock() barrier_end.acquire() lock_exit = threading.Lock() lock_exit.acquire() threads.append( threading.Thread( target=interrupter, args=(barrier_start, barrier_end, lock_exit), ) ) for t in threads: t.start() with self.assertRaises(KeyboardInterrupt): # signal to interrupter that we can now handle the signal barrier_start.acquire() barrier_end.release() runner(gen) # use the lock to ensure we never go past the scope of # assertRaises before the os.kill is called lock_exit.acquire() for t in threads: t.join() self.assertEqual( gen._PointJacobi__precompute, generator_112r2._PointJacobi__precompute, )