Lines Matching +full:num +full:- +full:vectors
2 # * Copyright (C) 2017 - This file is part of libecc project
7 # * Jean-Pierre FLORI <jean-pierre.flori@ssi.gouv.fr>
20 # External dependecy for SHA-3
22 # for SHA-3 functions for now
32 ### Ctrl-C handler
51 x0, x1 = x1, x0 - q * x1
52 y0, y1 = y1, y0 - q * y1
70 mpinv = 2**wlen - (modinv(prime, 2**wlen))
82 pshift = int(pbitlen - cnt)
85 prec = B**3 // ((primenorm >> int(pbitlen - 2*wlen)) + 1) - B
92 # write n-1 as 2**s * d
93 # repeatedly try to divide n-1 by 2
95 d = n-1
102 assert(2**s * d == n-1)
108 if pow(a, 2**i * d, n) == n-1:
118 ls = pow(a, (p - 1) // 2, p)
119 return -1 if ls == p - 1 else ls
121 # Tonelli-Shanks algorithm to find square roots
135 s = p - 1
141 while legendre_symbol(n, p) != -1:
162 gs = pow(g, 2 ** (r - m - 1), p)
236 L = ((y2 - y1) * modinv((x2 - x1) % curve.p, curve.p)) % curve.p
237 resx = (pow(L, 2, curve.p) - x1 - x2) % curve.p
238 resy = ((L * (x1 - resx)) - y1) % curve.p
246 return Point(self.curve, self.x, -self.y)
249 return self + (-other)
255 for i in range(getbitlen(scalar), 0, -1):
257 if (scalar >> (i-1)) & 0x1 == 0x1:
351 acc = acc + (ord(bitstring[i]) * (2**(8*(size - 1 - i))))
358 outstr = outstr + chr((a >> (8*(size - 1 - i))) & 0xFF)
367 return ((bytelen-len(bitstring))*"\x00") + bitstring
369 return bitstring + ((bytelen-len(bitstring))*"\x00")
382 … return expand(inttostring(stringtoint(bitstring) >> int(strbitlen - bitlen)), bitlen, "LEFT")
384 mask = (2**bitlen)-1
400 ctx.update(message.encode('latin-1'))
401 digest = ctx.digest().decode('latin-1')
410 ctx.update(message.encode('latin-1'))
411 digest = ctx.digest().decode('latin-1')
420 ctx.update(message.encode('latin-1'))
421 digest = ctx.digest().decode('latin-1')
430 ctx.update(message.encode('latin-1'))
431 digest = ctx.digest().decode('latin-1')
440 ctx.update(message.encode('latin-1'))
441 digest = ctx.digest().decode('latin-1')
450 ctx.update(message.encode('latin-1'))
451 digest = ctx.digest().decode('latin-1')
460 ctx.update(message.encode('latin-1'))
461 digest = ctx.digest().decode('latin-1')
470 ctx.update(message.encode('latin-1'))
471 digest = ctx.digest().decode('latin-1')
477 # *| IUF - ECDSA signature
488 # *| F 9. Compute s = k^-1 * (xr + e) mod q
524 # *| IUF - ECDSA verification
531 # *| F 5. Compute u = (s^-1)e mod q
532 # *| F 6. Compute v = (s^-1)r mod q
573 # *| IUF - ECKCDSA signature
584 # *| F 8. Compute s = x(k - e) mod q
620 s = (privkey.x * (k - e)) % q
626 # *| IUF - ECKCDSA verification
629 # *| - if hsize > bitlen(q), r must be of
631 # *| - if hsize <= bitlen(q), r must be of
684 # *| IUF - ECFSDSA signature
722 # *| IUF - ECFSDSA verification
727 # *| F 4. Convert h to an integer and then compute e = -h mod q
752 e = (-stringtoint(h)) % q
761 # NOTE: ISO/IEC 14888-3 standard seems to diverge from the existing implementations
763 # in RFC 7091 and draft-deremin-rfc4491-bis. While in ISO/IEC 14888-3 it is explicitely asked
766 # (this discrepancy is exhibited and confirmed by test vectors present in ISO/IEC 14888-3, and
768 # ISO/IEC 14888-3 algorithm description that must be fixed there.
771 # other implemetations, but keeps the ISO/IEC 14888-3 behavior if forced/asked by the user using
775 # *| IUF - ECRDSA signature
783 # *| NOTE: here, ISO/IEC 14888-3 and RFCs differ in the way e treated.
784 # *| e = OS2I(h) for ISO/IEC 14888-3, or e = OS2I(reversed(h)) when endianness of h
799 # Reverse the endianness for Russian standard RFC ECRDSA (contrary to ISO/IEC 14888-3 case)
800 h = h[::-1]
820 # *| IUF - ECRDSA verification
824 # *| F 3. Compute e = OS2I(h)^-1 mod q
825 # *| NOTE: here, ISO/IEC 14888-3 and RFCs differ in the way e treated.
826 # *| e = OS2I(h) for ISO/IEC 14888-3, or e = OS2I(reversed(h)) when endianness of h
829 # *| F 4. Compute v = -er mod q
852 # Reverse the endianness for Russian standard RFC ECRDSA (contrary to ISO/IEC 14888-3 case)
853 h = h[::-1]
856 v = (-e * r) % q
865 # *| IUF - ECGDSA signature
869 # *| F 2. Convert e = - OS2I(h) mod q
889 e = (-stringtoint(h)) % q
906 # *| IUF - ECGDSA verification
912 # *| F 4. Compute u = ((r^-1)e mod q)
913 # *| F 5. Compute v = ((r^-1)s mod q)
949 # *| IUF - ECSDSA/ECOSDSA signature
954 # *| - In the normal version (ECSDSA), r = h(Wx || Wy || m).
955 # *| - In the optimized version (ECOSDSA), r = h(Wx || m).
995 # *| IUF - ECSDSA/ECOSDSA verification
998 # *| I 2. Compute e = -r mod q
1002 # *| - In the normal version (ECSDSA), r = h(W'x || W'y || m).
1003 # *| - In the optimized version (ECOSDSA), r = h(W'x || m).
1021 e = (-r) % q
1042 ### Generate self-tests for all the algorithms
1066 def gen_self_test(curve, hashfunc, sig_alg_sign, sig_alg_verify, sig_alg_genkeypair, num, hashfunc_… argument
1069 if num != 0:
1072 for test_num in range(0, num):
1094 out_vectors += "/* "+test_name+" known test vectors */\n"
1098 …t, err);\n\tret = nn_cmp(out, q, &cmp); EG(ret, err);\n\tret = (cmp >= 0) ? -1 : 0;\nerr:\n\tretur…
1143 out_vectors += "/* "+test_name+" known test vectors */\n"
1147 …t, err);\n\tret = nn_cmp(out, q, &cmp); EG(ret, err);\n\tret = (cmp >= 0) ? -1 : 0;\nerr:\n\tretur…
1180 def gen_self_tests(curve, num): argument
1184 …vectors = [[ gen_self_test(curve, hashf, sign, verify, genkp, num, hash_name, sig_alg_name, total_…
1186 return vectors
1302 # Extract Gx and Gy, see X9.62-1998
1314 # Compressed point: uncompress it, see X9.62-1998 section 4.2.1
1324 gy = prime - beta
1338 hexstr = ("0"*int((2*size)-len(hexstr)))+hexstr
1341 for i in range(0, len(hexstr) - 1, 2):
1409 buff = buff.decode('latin-1')
1421 return enc == s.encode('latin-1')
1488 ec_params_string += "#if (WORD_BYTES == 8) /* 64-bit words */\n"
1495 ec_params_string += "#elif (WORD_BYTES == 4) /* 32-bit words */\n"
1502 ec_params_string += "#elif (WORD_BYTES == 2) /* 16-bit words */\n"
1622 …mplements elliptic curves and ISO signature algorithms from scratch over Python's multi-precision")
1625 print("libecc and produce test vectors.")
1629 print("-----------------------------------------------------")
1630 …print(sys.argv[0]+" --name=\"YOURCURVENAME\" --prime=... --order=... --a=... --b=... --gx=... --gy…
1648 print("-------------------------------------------------------------")
1649 print(sys.argv[0]+" --name=\"YOURCURVENAME\" --ECfile=... --oid=THEOID")
1654 print("\t $ openssl ecparam -list_curves")
1657 …print("\t $ openssl ecparam -param_enc explicit -outform DER -name brainpoolP320r1 -out brainpool…
1660 print("-----------------------------")
1661 print("\t*All the user defined curves can be removed with the --remove-all toggle.")
1662 … specific named user define curve can be removed with the --remove toggle: in this case the --name…
1665 print("Test vectors:")
1666 print("-------------")
1667 …print("\tTest vectors can be automatically generated and added to the library self tests when prov…
1668 …print("\tIn this case, X test vectors will be generated for *each* (curve, sign algorithm, hash al…
1687 …-all", "name=", "prime=", "a=", "b=", "generator=", "gx=", "gy=", "order=", "cofactor=", "alpha_mo…
1690 print(err) # will print something like "option -a not recognized"
1694 if o in ("-h", "--help"):
1697 elif o in ("--name"):
1702 name = re.sub("\-", "_", name)
1703 elif o in ("--oid="):
1705 elif o in ("--prime"):
1707 elif o in ("--a"):
1709 elif o in ("--b"):
1711 elif o in ("--gx"):
1713 elif o in ("--gy"):
1715 elif o in ("--generator"):
1717 elif o in ("--order"):
1719 elif o in ("--cofactor"):
1721 elif o in ("--alpha_montgomery"):
1723 elif o in ("--gamma_montgomery"):
1725 elif o in ("--alpha_edwards"):
1727 elif o in ("--remove"):
1729 elif o in ("--remove-all"):
1731 elif o in ("--add-test-vectors"):
1733 elif o in ("--ECfile"):
1752 print("--remove option expects a curve name provided with --name")
1763 print("Error: you must provide a curve name with --remove")
1834 (check, derbuf) = buffer_remove_pattern(buf, "-----.*-----")
1850 print("See the help with -h or --help")
1924 # Do we need to add some test vectors?
1926 print("Test vectors generation asked: this can take some time! Please wait ...")
1930 vectors = gen_self_tests(c, add_test_vectors)
1933 for l in vectors:
1946 magic = "ADD curve test vectors header here"