Added support for Brainpool r1

[shrir]

Added support for Brainpool r1 curves. I might not have searched hard enough, but can't find the ecdsa test vectors for brainpool curves to add rfc6979 unit tests.

Note: requires openssl 1.0.2

fixes #61

[tomato42]

first, looks like the tests should detect if the installed version of OpenSSL supports brainpool curves and skip them if that's not the case

second, could you add test vectors for the new curves, so that they can be tested without using OpenSSL?

[TrinityTonic]

Any updates on including more curves (such as brainpool) to this library?

[tomato42]

@TrinityTonic I'd like to do that, but:

a). the issues I listed above need to be addressed
b). the PR needs to be rebased

[tomato42]

r-, as per above comments

[tomato42]

Please rebase your PR on top of current master branch, then force push to the same branch as this PR is using.

Do not merge the master branch to this branch to update it, do not use github web interface to update the branch.

[tomato42]

this will cause the test to be reported as passing instead of skipped, please use pytest mechanism to skip the test case

[tomato42]

the current code is using decorators:
https://github.com/warner/python-ecdsa/blob/e29ddec6042450335cb0490e8a53e440ab7f02c5/src/ecdsa/test_pyecdsa.py#L739-L740

[tomato42]

Test vectors are missing

[tomato42]

please also add the curves to speed.py

[tomato42]

I've noticed that in the opening comment you said that you can't find tests, what about the ones in RFC6932 and RFC7027?

alternatively, there is ECTester project that seems to support brainpool, so it could be used to generate some test cases

worst case, if there are none, please create them yourself – I like to see at least some safety net

[merlokk]

ecdh for brainpool test vectors
https://tools.ietf.org/html/rfc7027#appendix-A
https://tools.ietf.org/html/rfc6932#appendix-A.1

[tomato42]

please rebase on top of current master, the test coverage changed significantly so this PR is not mergable as-is

except that, there are a lot of lines that go over the 80 char limit, making reading side-by-side diffs rather frustrating

side note: I was considering if not to use the "BP" acronym, instead of "BRAINPOOL", in the names of the curves. I think that would improve usability. (note: it's not a request for a change, just a question if you considered it, or would be ok with the solution)

[tomato42]

the current code is using decorators:
https://github.com/warner/python-ecdsa/blob/e29ddec6042450335cb0490e8a53e440ab7f02c5/src/ecdsa/test_pyecdsa.py#L739-L740

[tomato42]

nit: too long line

[tomato42]

those lines are too long too

[tomato42]

still unchanged?

[tomato42]

nit: line too long

[shrir]

side note: I was considering if not to use the "BP" acronym, instead of "BRAINPOOL", in the names of the curves. I think that would improve usability. (note: it's not a request for a change, just a question if you considered it, or would be ok with the solution)

So curve_brainpoolp512r1 will be curve_bpp512r1 and BRAINPOOLP512r1 will become BPP512r1, personally I prefer BRAINPOOL but I don't have a strong opinion.

[coveralls]

Coverage increased (+0.1%) to 94.974% when pulling 2a4c0a8 on shrir:brainpool into e29ddec on warner:master.

[coveralls]

Coverage increased (+0.3%) to 95.092% when pulling 053cd9c on shrir:brainpool into e29ddec on warner:master.

[tomato42]

A bit too aggressive search-and-replace?

[tomato42]

same here, I don't see why it couldn't be a separate test case

[tomato42]

side note: I was considering if not to use the "BP" acronym, instead of "BRAINPOOL", in the names of the curves. I think that would improve usability. (note: it's not a request for a change, just a question if you considered it, or would be ok with the solution)

So curve_brainpoolp512r1 will be curve_bpp512r1 and BRAINPOOLP512r1 will become BPP512r1, personally I prefer BRAINPOOL but I don't have a strong opinion.

ok, then the speed.py formatting needs to be fixed, now the output from brainpool curves is offset:

            siglen    keygen   keygen/s      sign     sign/s    verify   verify/s
  NIST192p:     48   0.03455s     28.95   0.01638s     61.04   0.03085s     32.41
  NIST224p:     56   0.04240s     23.58   0.02224s     44.96   0.04210s     23.75
  NIST256p:     64   0.05570s     17.95   0.02957s     33.82   0.05830s     17.15
  NIST384p:     96   0.13041s      7.67   0.06814s     14.68   0.13394s      7.47
  NIST521p:    132   0.26017s      3.84   0.13394s      7.47   0.26327s      3.80
 SECP256k1:     64   0.05512s     18.14   0.02923s     34.22   0.05771s     17.33
BRAINPOOLP160r1:     40   0.02136s     46.82   0.01090s     91.71   0.02103s     47.55
BRAINPOOLP192r1:     48   0.03185s     31.40   0.01659s     60.27   0.03185s     31.40
BRAINPOOLP224r1:     56   0.04961s     20.16   0.02185s     45.77   0.04310s     23.20
BRAINPOOLP256r1:     64   0.05872s     17.03   0.02899s     34.49   0.05661s     17.66
BRAINPOOLP320r1:     80   0.09441s     10.59   0.04773s     20.95   0.09699s     10.31
BRAINPOOLP384r1:     96   0.13630s      7.34   0.07119s     14.05   0.13544s      7.38
BRAINPOOLP512r1:    128   0.25540s      3.92   0.12683s      7.88   0.24935s      4.01

[tomato42]

looks good, thank you, and sorry for the nitpicking