test_crypto.py

#
# (c) Copyright 2022 by Coinkite Inc. This file is covered by license found in COPYING-CC.
#
#
# test all available libraries and compare their results with each other and expected results (hardcoded data)
# if only ecdsa is available it will be tested against expected results
#
import pytest


pytestmark = [pytest.mark.crypto]


# created with os.urandom(32)
sk_list = [
    b'\xb7\x11#%\xc3wdr\xe2\xa6\xff\x84\xf3\xa5R\xac\x97\x06\xbb\xaa\xb6\xad\xb1\x9f\xde\xc0^\x8a\x06\xe7\x7f\x96',
    b'2\x1f\xc9\x0bU\x9a9\xee\x9fQ|\x8b\xfbO\xfe?\xc0~\x99\xec\xb7\x10\x82\xcf\x84P\x02\xac(\xf9\xfc\x81',
    b'\xd3\x18M\xcdn\xf7"\x88\xba<\x8c\x01h\x9c.0\xe6Z\xa6>5\\\x99t\xcb\x98\xd4\xe2\xda\r\xc6\xfa',
    b'i\xc4\xdc0\xb9\x18\xb3/\xdc0/\x9d0\x16\xd2\x08\x9d/\x00\x0bVC\xdeH\xd9\xb7\xd1\x0f\x8e\xd8\xc2\xad',
    b'\x98\x96jd\x8f\xfda\xa0\x84\x1e\xfdE\xa2\x8e\x85_\xecY\x85K8\xfa\xe2b\x89?\x8e;\x92\xa8c\x91',
    b'\xbb\x07i\x97\xd2&p\xbb\xa1\x14z9&\x1bU9lQ>Gi\xd6\xb3\xe0(T\xae\xaf\xc9\x17\xf1)',
    b';E\x9e\x84\x8d\xd2\x14\xa3#[\xf5\x9d\x89<9\xdc\x9f\x06\xe1\x95\x15\x00R\xd3\xaa\xc3jtvbU\x88',
    b'\x05\xf7\xd0W\xd3\xcf\xe6\xf54\x11\xae\xe7\xbe\x93\xfb\x15\x92\x9e\xe5`~\xb77%\x0f\xac}\x14\x07\xfd\xc5\xb2',
    b'\x8a\xf8\xeeb\xbcw\x92w\x07XY\x8b\x1b3SNo\x1a\xadw\xe4 \x98\x9fq\xd9\x16z\xf2\xc93\x97',
    b'\xde\x06\x14\x124e\x04>)0\r\xecM>&\xe4\xb1\xb5\xe4\x8c.\xff2\xec#\x99\x07:zl\rO'
]
# created with hashlib.sha256(os.urandom(32)).digest()
msg_digest_list = [
    b'3\xa7=Q\x1f\xb3\xfa)>i\x8f\xb2\x8f6\xd2\x97\x9eW\r5\x0b\x82\x0e\xd3\xd6?\xf4G]\x14Fd',
    b'\xa3"\xedl Y$\x80|z\x84\x08\x98\xf9\x92\xd0\xc4\x1d/\xb5n\xfe\xd3\xa0"}Gj$\xa62\x80',
    b'-\xb4v\x8f\xbe\x9d\x16<N\xb9\x9a\x9fU\x1f\x9b\xf5\x03\xeaL\x8f\xd8qU>;\xf6\xa8\xa5]:\xc8]',
    b'\xbfz\xda\xbcu\x81\xd3Vs\xae\x8f\xab\x9a\x80w\x10\xd9\xba~K:\xbe\x92\'\xe0\xcd\x84"\xebWv\x0c',
    b'\x91j\x85\x9b\xb17\x0f\th{\xab\x1b\xec\xd2\x93\xd5\xc7\xcd\xa7Ou\xd7\x9b"\x87\x8e@6\xba\xc1\xa9\xbf',
    b'\xd2C\xe8\xe7\xf1Q\xa0D\xf30!\xe5 A\xbe\x8b#6\x00\x18:\x0b\xa4\x8a&\xc4\xc6?l+\x8b`',
    b"WB\x9e\xb9q\x9c\xe3\xf8\xa7\x11@A\xb4\xc1\x93\x03\x96'B\xb6\xc9\xb5\xce\xa7\xc2\x9f\xc1\x95!\x14pU",
    b'B\x16\xc8VP\xdb\xb3\x84\xb5\x97\r\xbb\x1c\xf5\x0686GvG\x8f\xfd\xeb\xfa\xbb\xbdM\n\x16o\xf8]',
    b'zj\x07)c\x8a\xcc\x9bo\x9b\xc4\x05^\xf2\xa4\x8f\xcb\xa8\t\xae,g\x1eT\xd7M\xd4"\xc8\x98cF',
    b'\xe7\x85\xfbJ\xbcY\x97.\x03\x0c\xec\xe0O\xdaj\x020g\x80dB[\xe3d\xebe\xda\xd8\x0e\xef2q'
]
# expected pubkey derived from sk_list by index
expected_pks = [
    b'\x02\xb7\r.\x82\x1c\x97Q\xec>)&\x11Vf\xbcL\xe4Y_\xe8\xbd\xc7\x8dL?\xb0\x1e\x8b\xc3\x08\xc6\xf6',
    b'\x03\xae&|7Sx\x08}\xc3AyN\x91N\x97h\x8e\x9b\xd6\xee\xbf*|\xee\xb3>\xa3\xb6fb[\xc9',
    b'\x02.\xed\xfe}\xce\xa4\xa3tRV4\xc8|\x1a\x8bd\x8c\x19\xa7N\x7f\x9bW\x81`\xa6*\x04\xdd\xb1\x10N',
    b'\x02M\\X\x817\x14\xc2\xe3Ah\x86U\x03\xca\xcb\xb5\x16\xbb\xee\xdb7B\xb9e\xe2\xd5\xcbE\x8aH\xde-',
    b'\x02\xa7\x14\xea\x8b\x1e\xf2\xdb\xa1p\xe8\x93\xd7\xd0\x97}\xc4\xda\xa3\x1a\x0cu\xc9a\r-\xcdR\xa8\xe7\xd1&\xe2',
    b'\x03J\xa1"\xc5\xeb\xb8P\xdft\xab\x80\xd5A\xd6\x1d\x01&*\x8f\xc8\xf6\xeaf\xdcc\xce1\xd4e~,\xcb',
    b'\x02\x91\x16q\xed\x0e\x98\xe0:g\xe9\x01\xed\t\xc8ro\xb0DM\xf0\x87\xae\x9e\xfb\x86f\x15\xfb\xa1\xb7b\xee',
    b'\x03\xcbe\x1d-\x97.\xab\xb6\xd4Z\x1f6\xd2\x85K\x18.\x0e\xa6\xee?\x9c\xaaF\t\xbf\x93\xbb\xa0\x83\x8f=',
    b'\x03\xd8E\xde\xe5\x80\xee7\x03\x90\x13b\xb6\xadL\xf9\xadx\xe2\xf0\x17L6\xe7\xc3\xcef\xcdHlu \xf7',
    b'\x03\x8d\xf0!\xc4\xca\xe7\xd29X\x15\xa9\x8dLD$\xfb\x7fV\xfd\x07\xa5\xb4\x7f\xad\x93\xde2U\x8edP\xfe'
]
# expected deterministic signature over same index of sk_list and msg_digest_list
expected_determinist_signatures = [
    b'\xdbf\x87\x14v\xb3Z\xc0\xa6\ri\tE\x9a\xc5+\x0c\xba\tg\xe6\xe9\x04\x07ROe\x04n7\xa6D?\x98\xb0\xdam\xe27-Pt\xf4\x19\x8a\x18z\x0b\xc0\xa9\xd8(E\xa1#\xbfEdy\xa9\xefy\xa9H',
    b'\xdeiZ\x9e\x9c\x98\xe3\x17I*\xff\xec\xb4>\x0b\xce\x9d\xae4u_\xed\xf2\xa3g\xf6G\xd7{\xd8\xb5\xf09\x8c\x86l\xdf\xf7\xb0\x7f\x9e;\x8a\x03\x89\xe3G\x11\xce\xb9=\x1fjo\xd7\x84]`V\x00sk.\xd9',
    b'\xb4CJ9f\xb4~\xa5\xc2\xa2dJ\x94@\x1a?\x95\x15\xd9\x80\xe9\xd9\xe9|a;\x18=;\xe8?3\x0e\xa2\t~\xec9\n\xbc\xb0\x9f\xef=\xa8Ed\x89\xd6T=\x1b\x16\xf8\x06M\xce\x13\xf2\xb0\xe0\xeb\x8d\xd0',
    b'\x8a\x91\xb6\xea\xd4\x1er)\xf3\x01\x8c\x96H\xd1\xfaQ]-U\xc4\xbc\xcdz\x9a\x1c\xc1\n\x0b!,\xe0\xf6\x04\xe1\x1d\xc7\xd5\xe9\xbd\xd2\xc7n\xfc/+7\xab\xf3\x7f\xe9O\xc7\xb7\x95\x80?\r\x934\x92\x9b\x06}\xf6',
    b'V\xf2\xb9\xddR\x93\xb2\x1f\x1e\xfc\xac\xd1x\x0c\xc8\x8a/\xacQ\xb5l\x84\xa9\xcb|r\xa1\xd2K\xf5~~=x\x8a\x069B\x7f&R\xa8\x18m\xa658\xbe ,\xac\xde\xde\x92.\xcep\xa9\xf2\xf7\x10\xa0\xd0\x9f',
    b"\x0e^2\xf6\x1dX\xe2\x1f\x12m\xae\xfd\xe9k\xacaS\x94\x7f\xafL\x95\xef)\xd5\xedXY\xf9'\x96lsC\x1bN2QM\xf1l\xed\xf3(k\x1f\x98\xdd\xf7\xcc\xe2*?\x93\x85\x0f\xd1\\\xcb$;\x11\xe19",
    b'm\x86:\xe2K\x06c\xed\x82\xf2\x9d,\xb8\xfa_\xbf4g\r\xf8u@\xbb\xc8\x0f8\xb6\x84\x89Q\xdd\x89nU\x1b\x99\x9c.q\xf9\xd1K\xd7D\x91\xb0\x18\xd8\xf0r\xd8\x8e\t\xa4\xd3\x92\x19\xd65631\xfb\x1f',
    b'\x16\x84\xee\xa2\xb4 YM\x0e\xe8\r\xc6=\x98 !\x99\xa0\xc8.F\xb3B\xa5\xf9\xa4cr\x0c\x9fm?E\xdd\x1a)\xad\xfe\xe0I\xcbe\xd7\xc2V\xd3G\xd5\xa1\xe4\xd7\xe0#\xb0`4\x13`\xa1\xf6\x82r\xd3z',
    b'\xe6\x07Z\t\x7fWCB\x18\x8a\xa5\x00rz/\xf7\xbcd\x91\xe4\xd2\xd0}T\x17J\xc6\xe2\x93\xe8\xbe\xffJ\x9b\xab\xda\xdaY8\x8f\x8c\x97\x82Z\x05\x19\\\x87)\x19\xe0\x0f\x05\x92Lk\x95}\xe50\xf1\xfb\xe0n',
    b'IBH96\x82p{]\x03\x03\xf9\xd3\xd8\xf5\x9f3\x10a\xc6m\x06\x18\x1a\x9f\xd9\xfb\x0eeHH\xb3W\x841\xc1gl\xa8\x90[D\xd6\xfd\xd9\xa0\xfa%\x83\xfbk-\xbd\xd0\x97\x0c\x872>\xbdO\xbco\xba'
]
# expected deterministic recoverable signature over same index of sk_list and msg_digest_list
expected_deterministic_recoverable_signatures = [
    b'\x1f\xdbf\x87\x14v\xb3Z\xc0\xa6\ri\tE\x9a\xc5+\x0c\xba\tg\xe6\xe9\x04\x07ROe\x04n7\xa6D?\x98\xb0\xdam\xe27-Pt\xf4\x19\x8a\x18z\x0b\xc0\xa9\xd8(E\xa1#\xbfEdy\xa9\xefy\xa9H',
    b'\x1f\xdeiZ\x9e\x9c\x98\xe3\x17I*\xff\xec\xb4>\x0b\xce\x9d\xae4u_\xed\xf2\xa3g\xf6G\xd7{\xd8\xb5\xf09\x8c\x86l\xdf\xf7\xb0\x7f\x9e;\x8a\x03\x89\xe3G\x11\xce\xb9=\x1fjo\xd7\x84]`V\x00sk.\xd9',
    b'\x1f\xb4CJ9f\xb4~\xa5\xc2\xa2dJ\x94@\x1a?\x95\x15\xd9\x80\xe9\xd9\xe9|a;\x18=;\xe8?3\x0e\xa2\t~\xec9\n\xbc\xb0\x9f\xef=\xa8Ed\x89\xd6T=\x1b\x16\xf8\x06M\xce\x13\xf2\xb0\xe0\xeb\x8d\xd0',
    b'\x1f\x8a\x91\xb6\xea\xd4\x1er)\xf3\x01\x8c\x96H\xd1\xfaQ]-U\xc4\xbc\xcdz\x9a\x1c\xc1\n\x0b!,\xe0\xf6\x04\xe1\x1d\xc7\xd5\xe9\xbd\xd2\xc7n\xfc/+7\xab\xf3\x7f\xe9O\xc7\xb7\x95\x80?\r\x934\x92\x9b\x06}\xf6',
    b'\x1fV\xf2\xb9\xddR\x93\xb2\x1f\x1e\xfc\xac\xd1x\x0c\xc8\x8a/\xacQ\xb5l\x84\xa9\xcb|r\xa1\xd2K\xf5~~=x\x8a\x069B\x7f&R\xa8\x18m\xa658\xbe ,\xac\xde\xde\x92.\xcep\xa9\xf2\xf7\x10\xa0\xd0\x9f',
    b"\x1f\x0e^2\xf6\x1dX\xe2\x1f\x12m\xae\xfd\xe9k\xacaS\x94\x7f\xafL\x95\xef)\xd5\xedXY\xf9'\x96lsC\x1bN2QM\xf1l\xed\xf3(k\x1f\x98\xdd\xf7\xcc\xe2*?\x93\x85\x0f\xd1\\\xcb$;\x11\xe19",
    b'\x1fm\x86:\xe2K\x06c\xed\x82\xf2\x9d,\xb8\xfa_\xbf4g\r\xf8u@\xbb\xc8\x0f8\xb6\x84\x89Q\xdd\x89nU\x1b\x99\x9c.q\xf9\xd1K\xd7D\x91\xb0\x18\xd8\xf0r\xd8\x8e\t\xa4\xd3\x92\x19\xd65631\xfb\x1f',
    b' \x16\x84\xee\xa2\xb4 YM\x0e\xe8\r\xc6=\x98 !\x99\xa0\xc8.F\xb3B\xa5\xf9\xa4cr\x0c\x9fm?E\xdd\x1a)\xad\xfe\xe0I\xcbe\xd7\xc2V\xd3G\xd5\xa1\xe4\xd7\xe0#\xb0`4\x13`\xa1\xf6\x82r\xd3z',
    b'\x1f\xe6\x07Z\t\x7fWCB\x18\x8a\xa5\x00rz/\xf7\xbcd\x91\xe4\xd2\xd0}T\x17J\xc6\xe2\x93\xe8\xbe\xffJ\x9b\xab\xda\xdaY8\x8f\x8c\x97\x82Z\x05\x19\\\x87)\x19\xe0\x0f\x05\x92Lk\x95}\xe50\xf1\xfb\xe0n',
    b'\x1fIBH96\x82p{]\x03\x03\xf9\xd3\xd8\xf5\x9f3\x10a\xc6m\x06\x18\x1a\x9f\xd9\xfb\x0eeHH\xb3W\x841\xc1gl\xa8\x90[D\xd6\xfd\xd9\xa0\xfa%\x83\xfbk-\xbd\xd0\x97\x0c\x872>\xbdO\xbco\xba'
]
# expected ECDH shared secrets (index 0 = sk_list[0] and expected_pks[-1], index 1 = sk_list[1] and expected_pks[-2], ...)
expected_ecdh_shared_secrets = [
    b'\xe7\xa7\xc4S\x13+\x91\x16\x1c\x83\xfb\n\xfdl\xae\xa0\xfe-\xc6A\x9cN!lW\x07\xa4\xd7,\xbej\xe3',
    b"\x05\x9b\x83\xa3\x82'\xfa\xe9\xb72?\xf8\x94\x0e\x92\x12\x02\x99\x1d[0\x18\x1dq\xcb]\xebz\x12\x10\x10\x10",
    b'\xce\xcd\xa2`\xd6\xf9\x13H\x1d\x9a\xc1\xc0j\xd0\xbf\x92\r\xb7\xb9A\xc3\xc7a\rG\x1bl\x12\x86tpC',
    b'{\xa5\xe0|\xea\xb2\xe6\x9d\x12\xfa6\x1e\xef-+\x96\xc6\x13?\xdb\xc7:-\xf4\xd5n\x93\xfd\xc6\xe9\xd8\xfb',
    b'\x9eO2\xeb\x82\xda\xa5\x86\xd5\x18\x1a\x04\x0f\xd7\xb9\x01\t\xa6\xaf\xf2\x94]\xfe\xb4\xf6\x846\x0e\xb7\x1f\xe1\x95',
    b'\x9eO2\xeb\x82\xda\xa5\x86\xd5\x18\x1a\x04\x0f\xd7\xb9\x01\t\xa6\xaf\xf2\x94]\xfe\xb4\xf6\x846\x0e\xb7\x1f\xe1\x95',
    b'{\xa5\xe0|\xea\xb2\xe6\x9d\x12\xfa6\x1e\xef-+\x96\xc6\x13?\xdb\xc7:-\xf4\xd5n\x93\xfd\xc6\xe9\xd8\xfb',
    b'\xce\xcd\xa2`\xd6\xf9\x13H\x1d\x9a\xc1\xc0j\xd0\xbf\x92\r\xb7\xb9A\xc3\xc7a\rG\x1bl\x12\x86tpC',
    b"\x05\x9b\x83\xa3\x82'\xfa\xe9\xb72?\xf8\x94\x0e\x92\x12\x02\x99\x1d[0\x18\x1dq\xcb]\xebz\x12\x10\x10\x10",
    b'\xe7\xa7\xc4S\x13+\x91\x16\x1c\x83\xfb\n\xfdl\xae\xa0\xfe-\xc6A\x9cN!lW\x07\xa4\xd7,\xbej\xe3'
]
# expected sec pubkeys - bip32 private derivation
expected_pks_bip32_priv_derivation = [
    b'\x02TR\x1e\x01\x83\x9coW\xf3W\xf4P6:\xd2\xde\x8b\x82l\xac\xb3\xf1(T\x8ck\x00+\xe9J\x1e\xc4',
    b'\x02\x95\xf8\x117\xde\xf3\xdc+\x8b\x8a8VJ\xa4\xe5\x1cU\xd8\xd6a.\xa0aj\xa6\xa3\xe2\xad\xef\x9f\xdf\x12',
    b'\x02\x1e\x19\x12\xea\x9a\x08\xa4\xed\x1dI\x00G\x86\xd9\xa7o\x89\x8c;\xf9\xda2\xbb\xf2\xc3t`\x93\xbco\x02\xb4',
    b'\x02\xf5\xd1\xbaO\x95\xa32Hb\x91\x98\x95\x91\xf2>q\xfb\xba\x97)\x03S\xf8\xda\x0e\xb5\xf6\xabK\xe6\x8c\xca',
    b'\x03\xfd\xac\xeaX\xf1\x8a\xa3D\n\x0b\xdf\xa9=\xed\xda\xec\\\xa8su$)\xa2\x1c\x9a:($\xc1\xc6!*',
    b'\x02/vE\x8c\xd1\x8cr\xe8-P\x9f\xac\xfb\x9c\xbc\x8a\xd1\xf1I\x99v\xc6\x9dgn\x8d\xcekp\xe0\xb3\xc3',
    b'\x03\x83\xb7\xbf\xa3?H\xd2\xaap\x11\xcc\xfd \xb0\x8c\x1e\xbb\xdb(\xf6\xad\xf3+dk\xe3\xb6\xec\xed\xbc\x96\x04',
    b'\x03\xb5\x8f\xff\x94\xdc&a\t\xde\xf0U\xbd8\x07\xd3+\x1d\xde\xc2\xa9s @_\xed\x01\x15\xf9\xb7\x17~~',
    b'\x02@R\x15\x9b\xbd}\xaat\x9c\x03\x17\xcc+$u\xc4\n_\x1f+\xf0\xa3B\xd4Q\x147\x8b\x13\xc1l\x07',
    b'\x02\x91\xbb\xa6\x15<1\xdf\x7f\xe2)\xe7m\xd9\xa1\x18+Y\xcc3\xcb[\xb3_,j\x08\x9bP\xac\x8bY\xeb'
]
# expected sec pubkeys - bip32 public derivation
expected_pks_bip32_pub_derivation = [
    b'\x02TR\x1e\x01\x83\x9coW\xf3W\xf4P6:\xd2\xde\x8b\x82l\xac\xb3\xf1(T\x8ck\x00+\xe9J\x1e\xc4',
    b'\x03C7\xe5d\x9f\x08\xfaDY9\xf9\xde\x00\x9a\xbb\x06\x07e^\x0c\xc0|$\x9c\x14^\x85\xb9SF\x82N',
    b"\x02*\xbc\xb8`\xe4\xc7_\xd8\xb9\xc8y\xcd\xa1\xd0{\xf2\x92XVj\xd0E\xa8\xa3\xbbW\x11\xcb6'\xf8@",
    b'\x02\x9a\xcbS=\x0e(\x9d\xc0\xa7y\x13<\xdf\xbc\xf5-}\x1b;\x84\x0ci&\xc9\x10\xd6W\xffy\xcb-6',
    b'\x03\x19T`\x13\x87\xd1\xd1`5\x87C\xc9\xdf\x0c\x99j\xd8\xcb!\x1b\xbf\xf6M\xfc\x924cz\x8e\xb4\xa2\xa6',
    b'\x03\xacQ\xa5\xf6\x9c\xf2\xd9\x8bq\xc35\xc8Xo\x81rH\xf7\x88\xaa\xf9d\xd9\x9c8\xbd\xc2\x9a\xb6\xcd\xcd\xed',
    b'\x03>\x1f\x15(,{\xf2\x83\xb3\r\xaa\x13\xc9\xda\xa8\xf1k\xc4\xe0\xc0\x08\x90\xdb\xf7\n\xc9\xda}\xfa7\x12\x1d',
    b'\x03\x0f\x02$\x7f\xcf\xe0\xb8*\xa8?\xbc]\x85\xba)\xec\xa7\x91\xa8\xef"(\tU\x04\x8ce\xad\xe4\x8de\x87',
    b'\x02\xec\xcc\xa7\xd8\xd2\xc4\xbd+\xe2\xb0\xaf\xd3\xa7\xe7\x05\xdd\xc1&{\xb0R*\x0c\xd3\x08{\x8e\xba\x026$\xaf',
    b"\x03\xcd\x93\x8aS\xff\xbc\xe5'\x08\n\xd3\xab\xa6g\x85\x1dSE\x9d\xa4\xec\xa3U\xcdR\xb08\xdcsa>\xf4"
]


def pubkey_sign_verify_wally(sk, msg_digest):
    try:
        from cktap.wrap_wally import CT_sign, CT_priv_to_pubkey, CT_sig_verify
    except ImportError:
        return None, None
    pk = CT_priv_to_pubkey(sk)
    sig = CT_sign(sk, msg_digest, recoverable=False)
    ok = CT_sig_verify(pk, msg_digest, sig)
    assert ok
    return pk, sig


def ecdh_wally(sk, pk):
    try:
        from cktap.wrap_wally import CT_ecdh
    except ImportError:
        return None
    return CT_ecdh(pk, sk)


def rec_sigs_wally(sk, msg_digest):
    try:
        from cktap.wrap_wally import CT_sign, CT_sig_to_pubkey
    except ImportError:
        return None, None
    rec_sig = CT_sign(sk, msg_digest, recoverable=True)
    assert len(rec_sig) == 65
    recovered_pk = CT_sig_to_pubkey(msg_digest, rec_sig)
    return rec_sig, recovered_pk


def bip32_wally(chain_code, priv_or_pub, path):
    try:
        from cktap.wrap_wally import CT_bip32_derive
    except ImportError:
        return None
    return CT_bip32_derive(chain_code, priv_or_pub, path)


def pubkey_sign_verify_pysecp(sk, msg_digest):
    try:
        from cktap.wrap_pysecp import CT_sign, CT_priv_to_pubkey, CT_sig_verify
    except ImportError:
        return None, None
    pk = CT_priv_to_pubkey(sk)
    sig = CT_sign(sk, msg_digest, recoverable=False)
    ok = CT_sig_verify(pk, msg_digest, sig)
    assert ok
    return pk, sig


def ecdh_pysecp(sk, pk):
    try:
        from cktap.wrap_pysecp import CT_ecdh
    except ImportError:
        return None
    return CT_ecdh(pk, sk)


def rec_sigs_pysecp(sk, msg_digest):
    try:
        from cktap.wrap_pysecp import CT_sign, CT_sig_to_pubkey
    except ImportError:
        return None, None
    rec_sig = CT_sign(sk, msg_digest, recoverable=True)
    assert len(rec_sig) == 65
    recovered_pk = CT_sig_to_pubkey(msg_digest, rec_sig)
    return rec_sig, recovered_pk


def pubkey_sign_verify_coincurve(sk, msg_digest):
    try:
        from cktap.wrap_coincurve import CT_sign, CT_priv_to_pubkey, CT_sig_verify
    except ImportError:
        return None, None
    pk = CT_priv_to_pubkey(sk)
    sig = CT_sign(sk, msg_digest, recoverable=False)
    ok = CT_sig_verify(pk, msg_digest, sig)
    assert ok
    return pk, sig


def ecdh_coincurve(sk, pk):
    try:
        from cktap.wrap_coincurve import CT_ecdh
    except ImportError:
        return None
    return CT_ecdh(pk, sk)


def rec_sigs_coincurve(sk, msg_digest):
    try:
        from cktap.wrap_coincurve import CT_sign, CT_sig_to_pubkey
    except ImportError:
        return None, None
    rec_sig = CT_sign(sk, msg_digest, recoverable=True)
    assert len(rec_sig) == 65
    recovered_pk = CT_sig_to_pubkey(msg_digest, rec_sig)
    return rec_sig, recovered_pk


def pubkey_sign_verify_ecdsa(sk, msg_digest):
    # pybitcointools for recoverable signatures signing/verification
    try:
        from cktap.wrap_ecdsa import CT_sign, CT_priv_to_pubkey, CT_sig_verify
    except ImportError:
        return None, None
    pk = CT_priv_to_pubkey(sk)
    sig = CT_sign(sk, msg_digest, recoverable=False)
    ok = CT_sig_verify(pk, msg_digest, sig)
    assert ok
    return pk, sig


def ecdh_ecdsa(sk, pk):
    try:
        from cktap.wrap_ecdsa import CT_ecdh
    except ImportError:
        return None
    return CT_ecdh(pk, sk)


def rec_sigs_ecdsa(sk, msg_digest):
    try:
        from cktap.wrap_ecdsa import CT_sign, CT_sig_to_pubkey
    except ImportError:
        return None, None
    rec_sig = CT_sign(sk, msg_digest, recoverable=True)
    assert len(rec_sig) == 65
    recovered_pk = CT_sig_to_pubkey(msg_digest, rec_sig)
    return rec_sig, recovered_pk


def bip32_ecdsa(chain_code, priv_or_pub, path):
    try:
        from cktap.wrap_ecdsa import CT_bip32_derive
    except ImportError:
        return None
    return CT_bip32_derive(chain_code, priv_or_pub, path)


def test_pubkey_sign_verify():
    for sk, msg_digest, expected_pk, expected_sig in zip(sk_list, msg_digest_list, expected_pks, expected_determinist_signatures):
        pk_cc, sig_cc = pubkey_sign_verify_coincurve(sk, msg_digest)
        pk_wally, sig_wally = pubkey_sign_verify_wally(sk, msg_digest)
        pk_ecdsa, sig_ecdsa = pubkey_sign_verify_ecdsa(sk, msg_digest)
        pk_pysecp, sig_pysecp = pubkey_sign_verify_pysecp(sk, msg_digest)
        all_sigs = [sig for sig in [sig_cc, sig_ecdsa, sig_wally, sig_pysecp] if sig is not None]  # filter out None results of unavailable libs
        all_pks = [pk for pk in [pk_cc, pk_ecdsa, pk_wally, pk_pysecp] if pk is not None]  # filter out None results of unavailable libs
        assert all([sig == expected_sig for sig in all_sigs])
        assert all([pk == expected_pk for pk in all_pks])


def test_ecdh():
    # reverse expected pubkey so we do not use sk/pk pairing
    for sk, pk, expected_ss in zip(sk_list, reversed(expected_pks), expected_ecdh_shared_secrets):
        ss_wally = ecdh_wally(sk, pk)
        ss_cc = ecdh_coincurve(sk, pk)
        ss_ecdsa = ecdh_ecdsa(sk, pk)
        ss_pysecp = ecdh_pysecp(sk, pk)
        all_ss = [ss for ss in [ss_cc, ss_ecdsa, ss_wally, ss_pysecp] if ss is not None]  # filter out None results of unavailable libs
        assert all([ss == expected_ss for ss in all_ss])


def test_rec_sigs():
    for sk, msg_digest, expected_pk, expected_rs in zip(sk_list, msg_digest_list, expected_pks, expected_deterministic_recoverable_signatures):
        rs_wally, rpk_wally = rec_sigs_wally(sk, msg_digest)
        rs_cc, rpk_cc = rec_sigs_coincurve(sk, msg_digest)
        rs_ecdsa, rpk_ecdsa = rec_sigs_ecdsa(sk, msg_digest)
        rs_pysecp, rpk_pysecp = rec_sigs_pysecp(sk, msg_digest)
        all_rpks = [rpk for rpk in [rpk_wally, rpk_ecdsa, rpk_cc, rpk_pysecp] if rpk is not None]  # filter out None results of unavailable libs
        all_rs = [rs for rs in [rs_wally, rs_ecdsa, rs_cc, rs_pysecp] if rs is not None]  # filter out None results of unavailable libs
        assert all([rpk == expected_pk for rpk in all_rpks])
        assert all([rs == expected_rs for rs in all_rs])


def test_bip32_derivation():
    # compare only wally against our internal
    from cktap.bip32 import HARDENED
    hardened_paths = [
        [0],
        [44 + HARDENED],
        [48 + HARDENED],
        [84 + HARDENED],
        [44 + HARDENED, 0 + HARDENED, 0 + HARDENED],
        [48 + HARDENED, 1 + HARDENED, 0 + HARDENED],
        [84 + HARDENED, 0 + HARDENED, 20 + HARDENED],
        [44 + HARDENED, 0 + HARDENED, 0 + HARDENED, 0, 0],
        [48 + HARDENED, 0 + HARDENED, 0 + HARDENED, 1, 1000],
        [84 + HARDENED, 0 + HARDENED, 0 + HARDENED, 0, 1000],
    ]
    # PRV derivation
    for chain_code, path, expected_pk in zip(sk_list, hardened_paths, expected_pks_bip32_priv_derivation):
        privkey = chain_code
        pk_ecdsa = bip32_ecdsa(chain_code, privkey, path)
        pk_wally = bip32_wally(chain_code, privkey, path)
        all_pks = [pk for pk in [pk_wally, pk_ecdsa] if pk is not None]  # filter out None results of unavailable libs
        assert all([pk == expected_pk for pk in all_pks])

    paths = [
        [0],
        [44],
        [48],
        [84],
        [44, 0, 0],
        [48, 1, 0],
        [84, 0, 20],
        [44, 0, 0, 0, 0],
        [48, 0, 0, 1, 1000],
        [84, 0, 0, 0, 1000],
    ]
    # PUB derivation
    for chain_code, pubkey, path, expected_pk in zip(sk_list, expected_pks, paths, expected_pks_bip32_pub_derivation):
        pk_ecdsa = bip32_ecdsa(chain_code, pubkey, path)
        pk_wally = bip32_wally(chain_code, pubkey, path)
        all_pks = [pk for pk in [pk_wally, pk_ecdsa] if pk is not None]  # filter out None results of unavailable libs
        assert all([pk == expected_pk for pk in all_pks])