Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/ecdsa/ecdsa.py: 71%

1#! /usr/bin/env python 

2 

3""" 

4Low level implementation of Elliptic-Curve Digital Signatures. 

5 

6.. note :: 

7 You're most likely looking for the :py:class:`~ecdsa.keys` module. 

8 This is a low-level implementation of the ECDSA that operates on 

9 integers, not byte strings. 

10 

11NOTE: This a low level implementation of ECDSA, for normal applications 

12you should be looking at the keys.py module. 

13 

14Classes and methods for elliptic-curve signatures: 

15private keys, public keys, signatures, 

16and definitions of prime-modulus curves. 

17 

18Example: 

19 

20.. code-block:: python 

21 

22 # (In real-life applications, you would probably want to 

23 # protect against defects in SystemRandom.) 

24 from random import SystemRandom 

25 randrange = SystemRandom().randrange 

26 

27 # Generate a public/private key pair using the NIST Curve P-192: 

28 

29 g = generator_192 

30 n = g.order() 

31 secret = randrange( 1, n ) 

32 pubkey = Public_key( g, g * secret ) 

33 privkey = Private_key( pubkey, secret ) 

34 

35 # Signing a hash value: 

36 

37 hash = randrange( 1, n ) 

38 signature = privkey.sign( hash, randrange( 1, n ) ) 

39 

40 # Verifying a signature for a hash value: 

41 

42 if pubkey.verifies( hash, signature ): 

43 print("Demo verification succeeded.") 

44 else: 

45 print("*** Demo verification failed.") 

46 

47 # Verification fails if the hash value is modified: 

48 

49 if pubkey.verifies( hash-1, signature ): 

50 print("**** Demo verification failed to reject tampered hash.") 

51 else: 

52 print("Demo verification correctly rejected tampered hash.") 

53 

54Revision history: 

55 2005.12.31 - Initial version. 

56 

57 2008.11.25 - Substantial revisions introducing new classes. 

58 

59 2009.05.16 - Warn against using random.randrange in real applications. 

60 

61 2009.05.17 - Use random.SystemRandom by default. 

62 

63Originally written in 2005 by Peter Pearson and placed in the public domain, 

64modified as part of the python-ecdsa package. 

65""" 

66 

67import warnings 

68from six import int2byte 

69from . import ellipticcurve 

70from . import numbertheory 

71from .util import bit_length 

72from ._compat import remove_whitespace 

73 

74 

75class RSZeroError(RuntimeError): 

76 pass 

77 

78 

79class InvalidPointError(RuntimeError): 

80 pass 

81 

82 

83class Signature(object): 

84 """ 

85 ECDSA signature. 

86 

87 :ivar int r: the ``r`` element of the ECDSA signature 

88 :ivar int s: the ``s`` element of the ECDSA signature 

89 """ 

90 

91 def __init__(self, r, s): 

92 self.r = r 

93 self.s = s 

94 

95 def recover_public_keys(self, hash, generator): 

96 """ 

97 Returns two public keys for which the signature is valid 

98 

99 :param int hash: signed hash 

100 :param AbstractPoint generator: is the generator used in creation 

101 of the signature 

102 :rtype: tuple(Public_key, Public_key) 

103 :return: a pair of public keys that can validate the signature 

104 """ 

105 curve = generator.curve() 

106 n = generator.order() 

107 r = self.r 

108 s = self.s 

109 e = hash 

110 x = r 

111 

112 # Compute the curve point with x as x-coordinate 

113 alpha = ( 

114 pow(x, 3, curve.p()) + (curve.a() * x) + curve.b() 

115 ) % curve.p() 

116 beta = numbertheory.square_root_mod_prime(alpha, curve.p()) 

117 y = beta if beta % 2 == 0 else curve.p() - beta 

118 

119 # Compute the public key 

120 R1 = ellipticcurve.PointJacobi(curve, x, y, 1, n) 

121 Q1 = numbertheory.inverse_mod(r, n) * (s * R1 + (-e % n) * generator) 

122 Pk1 = Public_key(generator, Q1) 

123 

124 # And the second solution 

125 R2 = ellipticcurve.PointJacobi(curve, x, -y, 1, n) 

126 Q2 = numbertheory.inverse_mod(r, n) * (s * R2 + (-e % n) * generator) 

127 Pk2 = Public_key(generator, Q2) 

128 

129 return [Pk1, Pk2] 

130 

131 

132class Public_key(object): 

133 """Public key for ECDSA.""" 

134 

135 def __init__(self, generator, point, verify=True): 

136 """Low level ECDSA public key object. 

137 

138 :param generator: the Point that generates the group (the base point) 

139 :param point: the Point that defines the public key 

140 :param bool verify: if True check if point is valid point on curve 

141 

142 :raises InvalidPointError: if the point parameters are invalid or 

143 point does not lay on the curve 

144 """ 

145 

146 self.curve = generator.curve() 

147 self.generator = generator 

148 self.point = point 

149 n = generator.order() 

150 p = self.curve.p() 

151 if not (0 <= point.x() < p) or not (0 <= point.y() < p): 

152 raise InvalidPointError( 

153 "The public point has x or y out of range." 

154 ) 

155 if verify and not self.curve.contains_point(point.x(), point.y()): 

156 raise InvalidPointError("Point does not lay on the curve") 

157 if not n: 

158 raise InvalidPointError("Generator point must have order.") 

159 # for curve parameters with base point with cofactor 1, all points 

160 # that are on the curve are scalar multiples of the base point, so 

161 # verifying that is not necessary. See Section 3.2.2.1 of SEC 1 v2 

162 if ( 

163 verify 

164 and self.curve.cofactor() != 1 

165 and not n * point == ellipticcurve.INFINITY 

166 ): 

167 raise InvalidPointError("Generator point order is bad.") 

168 

169 def __eq__(self, other): 

170 """Return True if the keys are identical, False otherwise. 

171 

172 Note: for comparison, only placement on the same curve and point 

173 equality is considered, use of the same generator point is not 

174 considered. 

175 """ 

176 if isinstance(other, Public_key): 

177 return self.curve == other.curve and self.point == other.point 

178 return NotImplemented 

179 

180 def __ne__(self, other): 

181 """Return False if the keys are identical, True otherwise.""" 

182 return not self == other 

183 

184 def verifies(self, hash, signature): 

185 """Verify that signature is a valid signature of hash. 

186 Return True if the signature is valid. 

187 """ 

188 

189 # From X9.62 J.3.1. 

190 

191 G = self.generator 

192 n = G.order() 

193 r = signature.r 

194 s = signature.s 

195 if r < 1 or r > n - 1: 

196 return False 

197 if s < 1 or s > n - 1: 

198 return False 

199 c = numbertheory.inverse_mod(s, n) 

200 u1 = (hash * c) % n 

201 u2 = (r * c) % n 

202 if hasattr(G, "mul_add"): 

203 xy = G.mul_add(u1, self.point, u2) 

204 else: 

205 xy = u1 * G + u2 * self.point 

206 v = xy.x() % n 

207 return v == r 

208 

209 

210class Private_key(object): 

211 """Private key for ECDSA.""" 

212 

213 def __init__(self, public_key, secret_multiplier): 

214 """public_key is of class Public_key; 

215 secret_multiplier is a large integer. 

216 """ 

217 

218 self.public_key = public_key 

219 self.secret_multiplier = secret_multiplier 

220 

221 def __eq__(self, other): 

222 """Return True if the points are identical, False otherwise.""" 

223 if isinstance(other, Private_key): 

224 return ( 

225 self.public_key == other.public_key 

226 and self.secret_multiplier == other.secret_multiplier 

227 ) 

228 return NotImplemented 

229 

230 def __ne__(self, other): 

231 """Return False if the points are identical, True otherwise.""" 

232 return not self == other 

233 

234 def sign(self, hash, random_k): 

235 """Return a signature for the provided hash, using the provided 

236 random nonce. It is absolutely vital that random_k be an unpredictable 

237 number in the range [1, self.public_key.point.order()-1]. If 

238 an attacker can guess random_k, he can compute our private key from a 

239 single signature. Also, if an attacker knows a few high-order 

240 bits (or a few low-order bits) of random_k, he can compute our private 

241 key from many signatures. The generation of nonces with adequate 

242 cryptographic strength is very difficult and far beyond the scope 

243 of this comment. 

244 

245 May raise RuntimeError, in which case retrying with a new 

246 random value k is in order. 

247 """ 

248 

249 G = self.public_key.generator 

250 n = G.order() 

251 k = random_k % n 

252 # Fix the bit-length of the random nonce, 

253 # so that it doesn't leak via timing. 

254 # This does not change that ks = k mod n 

255 ks = k + n 

256 kt = ks + n 

257 if bit_length(ks) == bit_length(n): 

258 p1 = kt * G 

259 else: 

260 p1 = ks * G 

261 r = p1.x() % n 

262 if r == 0: 

263 raise RSZeroError("amazingly unlucky random number r") 

264 s = ( 

265 numbertheory.inverse_mod(k, n) 

266 * (hash + (self.secret_multiplier * r) % n) 

267 ) % n 

268 if s == 0: 

269 raise RSZeroError("amazingly unlucky random number s") 

270 return Signature(r, s) 

271 

272 

273def int_to_string(x): # pragma: no cover 

274 """Convert integer x into a string of bytes, as per X9.62.""" 

275 # deprecated in 0.19 

276 warnings.warn( 

277 "Function is unused in library code. If you use this code, " 

278 "change to util.number_to_string.", 

279 DeprecationWarning, 

280 ) 

281 assert x >= 0 

282 if x == 0: 

283 return b"\0" 

284 result = [] 

285 while x: 

286 ordinal = x & 0xFF 

287 result.append(int2byte(ordinal)) 

288 x >>= 8 

289 

290 result.reverse() 

291 return b"".join(result) 

292 

293 

294def string_to_int(s): # pragma: no cover 

295 """Convert a string of bytes into an integer, as per X9.62.""" 

296 # deprecated in 0.19 

297 warnings.warn( 

298 "Function is unused in library code. If you use this code, " 

299 "change to util.string_to_number.", 

300 DeprecationWarning, 

301 ) 

302 result = 0 

303 for c in s: 

304 if not isinstance(c, int): 

305 c = ord(c) 

306 result = 256 * result + c 

307 return result 

308 

309 

310def digest_integer(m): # pragma: no cover 

311 """Convert an integer into a string of bytes, compute 

312 its SHA-1 hash, and convert the result to an integer.""" 

313 # deprecated in 0.19 

314 warnings.warn( 

315 "Function is unused in library code. If you use this code, " 

316 "change to a one-liner with util.number_to_string and " 

317 "util.string_to_number methods.", 

318 DeprecationWarning, 

319 ) 

320 # 

321 # I don't expect this function to be used much. I wrote 

322 # it in order to be able to duplicate the examples 

323 # in ECDSAVS. 

324 # 

325 from hashlib import sha1 

326 

327 return string_to_int(sha1(int_to_string(m)).digest()) 

328 

329 

330def point_is_valid(generator, x, y): 

331 """Is (x,y) a valid public key based on the specified generator?""" 

332 

333 # These are the tests specified in X9.62. 

334 

335 n = generator.order() 

336 curve = generator.curve() 

337 p = curve.p() 

338 if not (0 <= x < p) or not (0 <= y < p): 

339 return False 

340 if not curve.contains_point(x, y): 

341 return False 

342 if ( 

343 curve.cofactor() != 1 

344 and not n * ellipticcurve.PointJacobi(curve, x, y, 1) 

345 == ellipticcurve.INFINITY 

346 ): 

347 return False 

348 return True 

349 

350 

351# secp112r1 curve 

352_p = int(remove_whitespace("DB7C 2ABF62E3 5E668076 BEAD208B"), 16) 

353# s = 00F50B02 8E4D696E 67687561 51752904 72783FB1 

354_a = int(remove_whitespace("DB7C 2ABF62E3 5E668076 BEAD2088"), 16) 

355_b = int(remove_whitespace("659E F8BA0439 16EEDE89 11702B22"), 16) 

356_Gx = int(remove_whitespace("09487239 995A5EE7 6B55F9C2 F098"), 16) 

357_Gy = int(remove_whitespace("A89C E5AF8724 C0A23E0E 0FF77500"), 16) 

358_r = int(remove_whitespace("DB7C 2ABF62E3 5E7628DF AC6561C5"), 16) 

359_h = 1 

360curve_112r1 = ellipticcurve.CurveFp(_p, _a, _b, _h) 

361generator_112r1 = ellipticcurve.PointJacobi( 

362 curve_112r1, _Gx, _Gy, 1, _r, generator=True 

363) 

364 

365 

366# secp112r2 curve 

367_p = int(remove_whitespace("DB7C 2ABF62E3 5E668076 BEAD208B"), 16) 

368# s = 022757A1 114D69E 67687561 51755316 C05E0BD4 

369_a = int(remove_whitespace("6127 C24C05F3 8A0AAAF6 5C0EF02C"), 16) 

370_b = int(remove_whitespace("51DE F1815DB5 ED74FCC3 4C85D709"), 16) 

371_Gx = int(remove_whitespace("4BA30AB5 E892B4E1 649DD092 8643"), 16) 

372_Gy = int(remove_whitespace("ADCD 46F5882E 3747DEF3 6E956E97"), 16) 

373_r = int(remove_whitespace("36DF 0AAFD8B8 D7597CA1 0520D04B"), 16) 

374_h = 4 

375curve_112r2 = ellipticcurve.CurveFp(_p, _a, _b, _h) 

376generator_112r2 = ellipticcurve.PointJacobi( 

377 curve_112r2, _Gx, _Gy, 1, _r, generator=True 

378) 

379 

380 

381# secp128r1 curve 

382_p = int(remove_whitespace("FFFFFFFD FFFFFFFF FFFFFFFF FFFFFFFF"), 16) 

383# S = 000E0D4D 69E6768 75615175 0CC03A44 73D03679 

384# a and b are mod p, so a is equal to p-3, or simply -3 

385# _a = -3 

386_b = int(remove_whitespace("E87579C1 1079F43D D824993C 2CEE5ED3"), 16) 

387_Gx = int(remove_whitespace("161FF752 8B899B2D 0C28607C A52C5B86"), 16) 

388_Gy = int(remove_whitespace("CF5AC839 5BAFEB13 C02DA292 DDED7A83"), 16) 

389_r = int(remove_whitespace("FFFFFFFE 00000000 75A30D1B 9038A115"), 16) 

390_h = 1 

391curve_128r1 = ellipticcurve.CurveFp(_p, -3, _b, _h) 

392generator_128r1 = ellipticcurve.PointJacobi( 

393 curve_128r1, _Gx, _Gy, 1, _r, generator=True 

394) 

395 

396 

397# secp160r1 

398_p = int(remove_whitespace("FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 7FFFFFFF"), 16) 

399# S = 1053CDE4 2C14D696 E6768756 1517533B F3F83345 

400# a and b are mod p, so a is equal to p-3, or simply -3 

401# _a = -3 

402_b = int(remove_whitespace("1C97BEFC 54BD7A8B 65ACF89F 81D4D4AD C565FA45"), 16) 

403_Gx = int( 

404 remove_whitespace("4A96B568 8EF57328 46646989 68C38BB9 13CBFC82"), 

405 16, 

406) 

407_Gy = int( 

408 remove_whitespace("23A62855 3168947D 59DCC912 04235137 7AC5FB32"), 

409 16, 

410) 

411_r = int( 

412 remove_whitespace("01 00000000 00000000 0001F4C8 F927AED3 CA752257"), 

413 16, 

414) 

415_h = 1 

416curve_160r1 = ellipticcurve.CurveFp(_p, -3, _b, _h) 

417generator_160r1 = ellipticcurve.PointJacobi( 

418 curve_160r1, _Gx, _Gy, 1, _r, generator=True 

419) 

420 

421 

422# NIST Curve P-192: 

423_p = 6277101735386680763835789423207666416083908700390324961279 

424_r = 6277101735386680763835789423176059013767194773182842284081 

425# s = 0x3045ae6fc8422f64ed579528d38120eae12196d5L 

426# c = 0x3099d2bbbfcb2538542dcd5fb078b6ef5f3d6fe2c745de65L 

427_b = int( 

428 remove_whitespace( 

429 """ 

430 64210519 E59C80E7 0FA7E9AB 72243049 FEB8DEEC C146B9B1""" 

431 ), 

432 16, 

433) 

434_Gx = int( 

435 remove_whitespace( 

436 """ 

437 188DA80E B03090F6 7CBF20EB 43A18800 F4FF0AFD 82FF1012""" 

438 ), 

439 16, 

440) 

441_Gy = int( 

442 remove_whitespace( 

443 """ 

444 07192B95 FFC8DA78 631011ED 6B24CDD5 73F977A1 1E794811""" 

445 ), 

446 16, 

447) 

448 

449curve_192 = ellipticcurve.CurveFp(_p, -3, _b, 1) 

450generator_192 = ellipticcurve.PointJacobi( 

451 curve_192, _Gx, _Gy, 1, _r, generator=True 

452) 

453 

454 

455# NIST Curve P-224: 

456_p = int( 

457 remove_whitespace( 

458 """ 

459 2695994666715063979466701508701963067355791626002630814351 

460 0066298881""" 

461 ) 

462) 

463_r = int( 

464 remove_whitespace( 

465 """ 

466 2695994666715063979466701508701962594045780771442439172168 

467 2722368061""" 

468 ) 

469) 

470# s = 0xbd71344799d5c7fcdc45b59fa3b9ab8f6a948bc5L 

471# c = 0x5b056c7e11dd68f40469ee7f3c7a7d74f7d121116506d031218291fbL 

472_b = int( 

473 remove_whitespace( 

474 """ 

475 B4050A85 0C04B3AB F5413256 5044B0B7 D7BFD8BA 270B3943 

476 2355FFB4""" 

477 ), 

478 16, 

479) 

480_Gx = int( 

481 remove_whitespace( 

482 """ 

483 B70E0CBD 6BB4BF7F 321390B9 4A03C1D3 56C21122 343280D6 

484 115C1D21""" 

485 ), 

486 16, 

487) 

488_Gy = int( 

489 remove_whitespace( 

490 """ 

491 BD376388 B5F723FB 4C22DFE6 CD4375A0 5A074764 44D58199 

492 85007E34""" 

493 ), 

494 16, 

495) 

496 

497curve_224 = ellipticcurve.CurveFp(_p, -3, _b, 1) 

498generator_224 = ellipticcurve.PointJacobi( 

499 curve_224, _Gx, _Gy, 1, _r, generator=True 

500) 

501 

502# NIST Curve P-256: 

503_p = int( 

504 remove_whitespace( 

505 """ 

506 1157920892103562487626974469494075735300861434152903141955 

507 33631308867097853951""" 

508 ) 

509) 

510_r = int( 

511 remove_whitespace( 

512 """ 

513 115792089210356248762697446949407573529996955224135760342 

514 422259061068512044369""" 

515 ) 

516) 

517# s = 0xc49d360886e704936a6678e1139d26b7819f7e90L 

518# c = 0x7efba1662985be9403cb055c75d4f7e0ce8d84a9c5114abcaf3177680104fa0dL 

519_b = int( 

520 remove_whitespace( 

521 """ 

522 5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 

523 3BCE3C3E 27D2604B""" 

524 ), 

525 16, 

526) 

527_Gx = int( 

528 remove_whitespace( 

529 """ 

530 6B17D1F2 E12C4247 F8BCE6E5 63A440F2 77037D81 2DEB33A0 

531 F4A13945 D898C296""" 

532 ), 

533 16, 

534) 

535_Gy = int( 

536 remove_whitespace( 

537 """ 

538 4FE342E2 FE1A7F9B 8EE7EB4A 7C0F9E16 2BCE3357 6B315ECE 

539 CBB64068 37BF51F5""" 

540 ), 

541 16, 

542) 

543 

544curve_256 = ellipticcurve.CurveFp(_p, -3, _b, 1) 

545generator_256 = ellipticcurve.PointJacobi( 

546 curve_256, _Gx, _Gy, 1, _r, generator=True 

547) 

548 

549# NIST Curve P-384: 

550_p = int( 

551 remove_whitespace( 

552 """ 

553 3940200619639447921227904010014361380507973927046544666794 

554 8293404245721771496870329047266088258938001861606973112319""" 

555 ) 

556) 

557_r = int( 

558 remove_whitespace( 

559 """ 

560 3940200619639447921227904010014361380507973927046544666794 

561 6905279627659399113263569398956308152294913554433653942643""" 

562 ) 

563) 

564# s = 0xa335926aa319a27a1d00896a6773a4827acdac73L 

565# c = int(remove_whitespace( 

566# """ 

567# 79d1e655 f868f02f ff48dcde e14151dd b80643c1 406d0ca1 

568# 0dfe6fc5 2009540a 495e8042 ea5f744f 6e184667 cc722483""" 

569# ), 16) 

570_b = int( 

571 remove_whitespace( 

572 """ 

573 B3312FA7 E23EE7E4 988E056B E3F82D19 181D9C6E FE814112 

574 0314088F 5013875A C656398D 8A2ED19D 2A85C8ED D3EC2AEF""" 

575 ), 

576 16, 

577) 

578_Gx = int( 

579 remove_whitespace( 

580 """ 

581 AA87CA22 BE8B0537 8EB1C71E F320AD74 6E1D3B62 8BA79B98 

582 59F741E0 82542A38 5502F25D BF55296C 3A545E38 72760AB7""" 

583 ), 

584 16, 

585) 

586_Gy = int( 

587 remove_whitespace( 

588 """ 

589 3617DE4A 96262C6F 5D9E98BF 9292DC29 F8F41DBD 289A147C 

590 E9DA3113 B5F0B8C0 0A60B1CE 1D7E819D 7A431D7C 90EA0E5F""" 

591 ), 

592 16, 

593) 

594 

595curve_384 = ellipticcurve.CurveFp(_p, -3, _b, 1) 

596generator_384 = ellipticcurve.PointJacobi( 

597 curve_384, _Gx, _Gy, 1, _r, generator=True 

598) 

599 

600# NIST Curve P-521: 

601_p = int( 

602 "686479766013060971498190079908139321726943530014330540939" 

603 "446345918554318339765605212255964066145455497729631139148" 

604 "0858037121987999716643812574028291115057151" 

605) 

606_r = int( 

607 "686479766013060971498190079908139321726943530014330540939" 

608 "446345918554318339765539424505774633321719753296399637136" 

609 "3321113864768612440380340372808892707005449" 

610) 

611# s = 0xd09e8800291cb85396cc6717393284aaa0da64baL 

612# c = int(remove_whitespace( 

613# """ 

614# 0b4 8bfa5f42 0a349495 39d2bdfc 264eeeeb 077688e4 

615# 4fbf0ad8 f6d0edb3 7bd6b533 28100051 8e19f1b9 ffbe0fe9 

616# ed8a3c22 00b8f875 e523868c 70c1e5bf 55bad637""" 

617# ), 16) 

618_b = int( 

619 remove_whitespace( 

620 """ 

621 051 953EB961 8E1C9A1F 929A21A0 B68540EE A2DA725B 

622 99B315F3 B8B48991 8EF109E1 56193951 EC7E937B 1652C0BD 

623 3BB1BF07 3573DF88 3D2C34F1 EF451FD4 6B503F00""" 

624 ), 

625 16, 

626) 

627_Gx = int( 

628 remove_whitespace( 

629 """ 

630 C6 858E06B7 0404E9CD 9E3ECB66 2395B442 9C648139 

631 053FB521 F828AF60 6B4D3DBA A14B5E77 EFE75928 FE1DC127 

632 A2FFA8DE 3348B3C1 856A429B F97E7E31 C2E5BD66""" 

633 ), 

634 16, 

635) 

636_Gy = int( 

637 remove_whitespace( 

638 """ 

639 118 39296A78 9A3BC004 5C8A5FB4 2C7D1BD9 98F54449 

640 579B4468 17AFBD17 273E662C 97EE7299 5EF42640 C550B901 

641 3FAD0761 353C7086 A272C240 88BE9476 9FD16650""" 

642 ), 

643 16, 

644) 

645 

646curve_521 = ellipticcurve.CurveFp(_p, -3, _b, 1) 

647generator_521 = ellipticcurve.PointJacobi( 

648 curve_521, _Gx, _Gy, 1, _r, generator=True 

649) 

650 

651# Certicom secp256-k1 

652_a = 0x0000000000000000000000000000000000000000000000000000000000000000 

653_b = 0x0000000000000000000000000000000000000000000000000000000000000007 

654_p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F 

655_Gx = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 

656_Gy = 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8 

657_r = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 

658 

659curve_secp256k1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

660generator_secp256k1 = ellipticcurve.PointJacobi( 

661 curve_secp256k1, _Gx, _Gy, 1, _r, generator=True 

662) 

663 

664# Brainpool P-160-r1 

665_a = 0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300 

666_b = 0x1E589A8595423412134FAA2DBDEC95C8D8675E58 

667_p = 0xE95E4A5F737059DC60DFC7AD95B3D8139515620F 

668_Gx = 0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3 

669_Gy = 0x1667CB477A1A8EC338F94741669C976316DA6321 

670_q = 0xE95E4A5F737059DC60DF5991D45029409E60FC09 

671 

672curve_brainpoolp160r1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

673generator_brainpoolp160r1 = ellipticcurve.PointJacobi( 

674 curve_brainpoolp160r1, _Gx, _Gy, 1, _q, generator=True 

675) 

676 

677# Brainpool P-160-t1 

678_a = 0xE95E4A5F737059DC60DFC7AD95B3D8139515620C 

679_b = 0x7A556B6DAE535B7B51ED2C4D7DAA7A0B5C55F380 

680# _z = 0x24DBFF5DEC9B986BBFE5295A29BFBAE45E0F5D0B 

681_Gx = 0xB199B13B9B34EFC1397E64BAEB05ACC265FF2378 

682_Gy = 0xADD6718B7C7C1961F0991B842443772152C9E0AD 

683_q = 0xE95E4A5F737059DC60DF5991D45029409E60FC09 

684curve_brainpoolp160t1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

685generator_brainpoolp160t1 = ellipticcurve.PointJacobi( 

686 curve_brainpoolp160t1, _Gx, _Gy, 1, _q, generator=True 

687) 

688 

689# Brainpool P-192-r1 

690_a = 0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF 

691_b = 0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9 

692_p = 0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297 

693_Gx = 0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6 

694_Gy = 0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F 

695_q = 0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1 

696 

697curve_brainpoolp192r1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

698generator_brainpoolp192r1 = ellipticcurve.PointJacobi( 

699 curve_brainpoolp192r1, _Gx, _Gy, 1, _q, generator=True 

700) 

701 

702# Brainpool P-192-t1 

703_a = 0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86294 

704_b = 0x13D56FFAEC78681E68F9DEB43B35BEC2FB68542E27897B79 

705# _z = 0x1B6F5CC8DB4DC7AF19458A9CB80DC2295E5EB9C3732104CB 

706_Gx = 0x3AE9E58C82F63C30282E1FE7BBF43FA72C446AF6F4618129 

707_Gy = 0x097E2C5667C2223A902AB5CA449D0084B7E5B3DE7CCC01C9 

708_q = 0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1 

709 

710curve_brainpoolp192t1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

711generator_brainpoolp192t1 = ellipticcurve.PointJacobi( 

712 curve_brainpoolp192t1, _Gx, _Gy, 1, _q, generator=True 

713) 

714 

715# Brainpool P-224-r1 

716_a = 0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43 

717_b = 0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B 

718_p = 0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF 

719_Gx = 0x0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D 

720_Gy = 0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD 

721_q = 0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F 

722 

723curve_brainpoolp224r1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

724generator_brainpoolp224r1 = ellipticcurve.PointJacobi( 

725 curve_brainpoolp224r1, _Gx, _Gy, 1, _q, generator=True 

726) 

727 

728# Brainpool P-224-t1 

729_a = 0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FC 

730_b = 0x4B337D934104CD7BEF271BF60CED1ED20DA14C08B3BB64F18A60888D 

731# _z = 0x2DF271E14427A346910CF7A2E6CFA7B3F484E5C2CCE1C8B730E28B3F 

732_Gx = 0x6AB1E344CE25FF3896424E7FFE14762ECB49F8928AC0C76029B4D580 

733_Gy = 0x0374E9F5143E568CD23F3F4D7C0D4B1E41C8CC0D1C6ABD5F1A46DB4C 

734_q = 0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F 

735 

736curve_brainpoolp224t1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

737generator_brainpoolp224t1 = ellipticcurve.PointJacobi( 

738 curve_brainpoolp224t1, _Gx, _Gy, 1, _q, generator=True 

739) 

740 

741# Brainpool P-256-r1 

742_a = 0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9 

743_b = 0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6 

744_p = 0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377 

745_Gx = 0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262 

746_Gy = 0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997 

747_q = 0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7 

748 

749curve_brainpoolp256r1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

750generator_brainpoolp256r1 = ellipticcurve.PointJacobi( 

751 curve_brainpoolp256r1, _Gx, _Gy, 1, _q, generator=True 

752) 

753 

754# Brainpool P-256-t1 

755_a = 0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5374 

756_b = 0x662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04 

757# _z = 0x3E2D4BD9597B58639AE7AA669CAB9837CF5CF20A2C852D10F655668DFC150EF0 

758_Gx = 0xA3E8EB3CC1CFE7B7732213B23A656149AFA142C47AAFBC2B79A191562E1305F4 

759_Gy = 0x2D996C823439C56D7F7B22E14644417E69BCB6DE39D027001DABE8F35B25C9BE 

760_q = 0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7 

761 

762curve_brainpoolp256t1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

763generator_brainpoolp256t1 = ellipticcurve.PointJacobi( 

764 curve_brainpoolp256t1, _Gx, _Gy, 1, _q, generator=True 

765) 

766 

767# Brainpool P-320-r1 

768_a = int( 

769 remove_whitespace( 

770 """ 

771 3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9 

772 F492F375A97D860EB4""" 

773 ), 

774 16, 

775) 

776_b = int( 

777 remove_whitespace( 

778 """ 

779 520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539 

780 816F5EB4AC8FB1F1A6""" 

781 ), 

782 16, 

783) 

784_p = int( 

785 remove_whitespace( 

786 """ 

787 D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC 

788 28FCD412B1F1B32E27""" 

789 ), 

790 16, 

791) 

792_Gx = int( 

793 remove_whitespace( 

794 """ 

795 43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599 

796 C710AF8D0D39E20611""" 

797 ), 

798 16, 

799) 

800_Gy = int( 

801 remove_whitespace( 

802 """ 

803 14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6A 

804 C7D35245D1692E8EE1""" 

805 ), 

806 16, 

807) 

808_q = int( 

809 remove_whitespace( 

810 """ 

811 D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658 

812 E98691555B44C59311""" 

813 ), 

814 16, 

815) 

816 

817curve_brainpoolp320r1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

818generator_brainpoolp320r1 = ellipticcurve.PointJacobi( 

819 curve_brainpoolp320r1, _Gx, _Gy, 1, _q, generator=True 

820) 

821 

822# Brainpool P-320-t1 

823_a = int( 

824 remove_whitespace( 

825 """ 

826 D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC 

827 28FCD412B1F1B32E24""" 

828 ), 

829 16, 

830) 

831_b = int( 

832 remove_whitespace( 

833 """ 

834 A7F561E038EB1ED560B3D147DB782013064C19F27ED27C6780AAF77FB8A547 

835 CEB5B4FEF422340353""" 

836 ), 

837 16, 

838) 

839# _z = int( 

840# remove_whitespace( 

841# """ 

842# 15F75CAF668077F7E85B42EB01F0A81FF56ECD6191D55CB82B7D861458A18F 

843# EFC3E5AB7496F3C7B1""" 

844# ), 

845# 16, 

846# ) 

847_Gx = int( 

848 remove_whitespace( 

849 """ 

850 925BE9FB01AFC6FB4D3E7D4990010F813408AB106C4F09CB7EE07868CC136F 

851 FF3357F624A21BED52""" 

852 ), 

853 16, 

854) 

855_Gy = int( 

856 remove_whitespace( 

857 """ 

858 63BA3A7A27483EBF6671DBEF7ABB30EBEE084E58A0B077AD42A5A0989D1EE7 

859 1B1B9BC0455FB0D2C3""" 

860 ), 

861 16, 

862) 

863_q = int( 

864 remove_whitespace( 

865 """ 

866 D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658 

867 E98691555B44C59311""" 

868 ), 

869 16, 

870) 

871 

872curve_brainpoolp320t1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

873generator_brainpoolp320t1 = ellipticcurve.PointJacobi( 

874 curve_brainpoolp320t1, _Gx, _Gy, 1, _q, generator=True 

875) 

876 

877# Brainpool P-384-r1 

878_a = int( 

879 remove_whitespace( 

880 """ 

881 7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F9 

882 0F8AA5814A503AD4EB04A8C7DD22CE2826""" 

883 ), 

884 16, 

885) 

886_b = int( 

887 remove_whitespace( 

888 """ 

889 04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62 

890 D57CB4390295DBC9943AB78696FA504C11""" 

891 ), 

892 16, 

893) 

894_p = int( 

895 remove_whitespace( 

896 """ 

897 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB711 

898 23ACD3A729901D1A71874700133107EC53""" 

899 ), 

900 16, 

901) 

902_Gx = int( 

903 remove_whitespace( 

904 """ 

905 1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10 

906 E8E826E03436D646AAEF87B2E247D4AF1E""" 

907 ), 

908 16, 

909) 

910_Gy = int( 

911 remove_whitespace( 

912 """ 

913 8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF991292 

914 80E4646217791811142820341263C5315""" 

915 ), 

916 16, 

917) 

918_q = int( 

919 remove_whitespace( 

920 """ 

921 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425 

922 A7CF3AB6AF6B7FC3103B883202E9046565""" 

923 ), 

924 16, 

925) 

926 

927curve_brainpoolp384r1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

928generator_brainpoolp384r1 = ellipticcurve.PointJacobi( 

929 curve_brainpoolp384r1, _Gx, _Gy, 1, _q, generator=True 

930) 

931 

932_a = int( 

933 remove_whitespace( 

934 """ 

935 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB711 

936 23ACD3A729901D1A71874700133107EC50""" 

937 ), 

938 16, 

939) 

940_b = int( 

941 remove_whitespace( 

942 """ 

943 7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE 

944 1D2074AA263B88805CED70355A33B471EE""" 

945 ), 

946 16, 

947) 

948# _z = int( 

949# remove_whitespace( 

950# """ 

951# 41DFE8DD399331F7166A66076734A89CD0D2BCDB7D068E44E1F378F41ECBAE 

952# 97D2D63DBC87BCCDDCCC5DA39E8589291C""" 

953# ), 

954# 16, 

955# ) 

956_Gx = int( 

957 remove_whitespace( 

958 """ 

959 18DE98B02DB9A306F2AFCD7235F72A819B80AB12EBD653172476FECD462AAB 

960 FFC4FF191B946A5F54D8D0AA2F418808CC""" 

961 ), 

962 16, 

963) 

964_Gy = int( 

965 remove_whitespace( 

966 """ 

967 25AB056962D30651A114AFD2755AD336747F93475B7A1FCA3B88F2B6A208CC 

968 FE469408584DC2B2912675BF5B9E582928""" 

969 ), 

970 16, 

971) 

972_q = int( 

973 remove_whitespace( 

974 """ 

975 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425 

976 A7CF3AB6AF6B7FC3103B883202E9046565""" 

977 ), 

978 16, 

979) 

980 

981curve_brainpoolp384t1 = ellipticcurve.CurveFp(_p, _a, _b, 1) 

982generator_brainpoolp384t1 = ellipticcurve.PointJacobi( 

983 curve_brainpoolp384t1, _Gx, _Gy, 1, _q, generator=True 

984) 

985 

986# Brainpool P-512-r1 

987_a = int( 

988 remove_whitespace( 

989 """ 

990 7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863 

991 BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA""" 

992 ), 

993 16, 

994)