basicswap_miserver/basicswap/ecc_util.py
tecnovert 645571e47c
Check for duplicate pubkeys.
Add test for 'non-BIP68-final'.
2020-12-10 12:07:26 +02:00

224 lines
5.3 KiB
Python

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os
import codecs
import hashlib
import secrets
from .contrib.ellipticcurve import CurveFp, Point, INFINITY, jacobi_symbol
class ECCParameters():
def __init__(self, p, a, b, Gx, Gy, o):
self.p = p
self.a = a
self.b = b
self.Gx = Gx
self.Gy = Gy
self.o = o
ep = ECCParameters(
p=0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f,
a=0x0,
b=0x7,
Gx=0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,
Gy=0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8,
o=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141)
curve_secp256k1 = CurveFp(ep.p, ep.a, ep.b)
G = Point(curve_secp256k1, ep.Gx, ep.Gy, ep.o)
SECP256K1_ORDER_HALF = ep.o // 2
def ToDER(P):
return bytes((4, )) + int(P.x()).to_bytes(32, byteorder='big') + int(P.y()).to_bytes(32, byteorder='big')
def bytes32ToInt(b):
return int.from_bytes(b, byteorder='big')
def intToBytes32(i):
return i.to_bytes(32, byteorder='big')
def intToBytes32_le(i):
return i.to_bytes(32, byteorder='little')
def bytesToHexStr(b):
return codecs.encode(b, 'hex').decode('utf-8')
def hexStrToBytes(h):
if h.startswith('0x'):
h = h[2:]
return bytes.fromhex(h)
def getSecretBytes():
i = 1 + secrets.randbelow(ep.o - 1)
return intToBytes32(i)
def getSecretInt():
return 1 + secrets.randbelow(ep.o - 1)
def getInsecureBytes():
while True:
s = os.urandom(32)
s_test = int.from_bytes(s, byteorder='big')
if s_test > 1 and s_test < ep.o:
return s
def getInsecureInt():
while True:
s = os.urandom(32)
s_test = int.from_bytes(s, byteorder='big')
if s_test > 1 and s_test < ep.o:
return s_test
def powMod(x, y, z):
# Calculate (x ** y) % z efficiently.
number = 1
while y:
if y & 1:
number = number * x % z
y >>= 1 # y //= 2
x = x * x % z
return number
def ExpandPoint(xb, sign):
x = int.from_bytes(xb, byteorder='big')
a = (powMod(x, 3, ep.p) + 7) % ep.p
y = powMod(a, (ep.p + 1) // 4, ep.p)
if sign:
y = ep.p - y
return Point(curve_secp256k1, x, y, ep.o)
def CPKToPoint(cpk):
y_parity = cpk[0] - 2
x = int.from_bytes(cpk[1:], byteorder='big')
a = (powMod(x, 3, ep.p) + 7) % ep.p
y = powMod(a, (ep.p + 1) // 4, ep.p)
if y % 2 != y_parity:
y = ep.p - y
return Point(curve_secp256k1, x, y, ep.o)
def pointToCPK2(point, ind=0x09):
# The function is_square(x), where x is an integer, returns whether or not x is a quadratic residue modulo p. Since p is prime, it is equivalent to the Legendre symbol (x / p) = x(p-1)/2 mod p being equal to 1[8].
ind = bytes((ind ^ (1 if jacobi_symbol(point.y(), ep.p) == 1 else 0),))
return ind + point.x().to_bytes(32, byteorder='big')
def pointToCPK(point):
y = point.y().to_bytes(32, byteorder='big')
ind = bytes((0x03,)) if y[31] % 2 else bytes((0x02,))
cpk = ind + point.x().to_bytes(32, byteorder='big')
return cpk
def secretToCPK(secret):
secretInt = secret if isinstance(secret, int) \
else int.from_bytes(secret, byteorder='big')
R = G * secretInt
Y = R.y().to_bytes(32, byteorder='big')
ind = bytes((0x03,)) if Y[31] % 2 else bytes((0x02,))
pubkey = ind + R.x().to_bytes(32, byteorder='big')
return pubkey
def getKeypair():
secretBytes = getSecretBytes()
return secretBytes, secretToCPK(secretBytes)
def hashToCurve(pubkey):
xBytes = hashlib.sha256(pubkey).digest()
x = int.from_bytes(xBytes, byteorder='big')
for k in range(0, 100):
# get matching y element for point
y_parity = 0 # always pick 0,
a = (powMod(x, 3, ep.p) + 7) % ep.p
y = powMod(a, (ep.p + 1) // 4, ep.p)
# print("before parity %x" % (y))
if y % 2 != y_parity:
y = ep.p - y
# If x is always mod P, can R ever not be on the curve?
try:
R = Point(curve_secp256k1, x, y, ep.o)
except Exception:
x = (x + 1) % ep.p # % P?
continue
if R == INFINITY or R * ep.o != INFINITY: # is R * O != INFINITY check necessary? Validation of Elliptic Curve Public Keys says no if cofactor = 1
x = (x + 1) % ep.p # % P?
continue
return R
raise ValueError('hashToCurve failed for 100 tries')
def hash256(inb):
return hashlib.sha256(inb).digest()
i2b = intToBytes32
b2i = bytes32ToInt
b2h = bytesToHexStr
h2b = hexStrToBytes
def i2h(x):
return b2h(i2b(x))
def testEccUtils():
print('testEccUtils()')
G_enc = ToDER(G)
assert(G_enc.hex() == '0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8')
G_enc = pointToCPK(G)
assert(G_enc.hex() == '0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798')
G_dec = CPKToPoint(G_enc)
assert(G_dec == G)
G_enc = pointToCPK2(G)
assert(G_enc.hex() == '0879be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798')
H = hashToCurve(ToDER(G))
assert(pointToCPK(H).hex() == '0250929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0')
print('Passed.')
if __name__ == "__main__":
testEccUtils()