U ʹhVF@sdZddlmZddlZddlZddlZddlZddlmZddl m Z m Z m Z ddl mZddlmZd ZejeZd Zd Zejd krd dZnddZejdkrddZnddZddZdDddZGdddZddZddZddZefd d!Zefd"d#Z d$d%Z!d&d'Z"d(d)Z#d*d+Z$d,d-Z%d.d/Z&d0d1Z'd2d3Z(d4d5Z)d6d7Z*d8d9Z+d:d;Z,Gdd?Z/d@dAZ0dBdCZ1dS)Ea This module includes some utility functions. The methods most typically used are the sigencode and sigdecode functions to be used with :func:`~ecdsa.keys.SigningKey.sign` and :func:`~ecdsa.keys.VerifyingKey.verify` respectively. See the :func:`sigencode_strings`, :func:`sigdecode_string`, :func:`sigencode_der`, :func:`sigencode_strings_canonize`, :func:`sigencode_string_canonize`, :func:`sigencode_der_canonize`, :func:`sigdecode_strings`, :func:`sigdecode_string`, and :func:`sigdecode_der` functions. )divisionN)sha256)PY2int2bytenext)der)normalise_bytes)riHi='r r)rr )rr r r )r cCs&tt|dddt|dS)-Convert a bytestring to string of 0's and 1'sZbigr N)binint from_byteszfilllenent_256r0./venv/lib/python3.8/site-packages/ecdsa/util.pyentropy_to_bits4srcCsddd|DS)rcss(|] }tt|dddVqdS)r Nr)rordr).0xrrr <sz"entropy_to_bits..)joinrrrrr:s)r cCstt|dS)Nr )rrrrrr bit_lengthAsr#cCs |p dSNr)r#r"rrrr#FscCsdtd|dS)Nrz%xr )r)orderrrrorderlenJsr&cCs||dks t|dkrtj}t|d}|dd}||}t|}t|d|ddd}d|krn|kr2nq2|Sq2dS)aReturn a random integer k such that 1 <= k < order, uniformly distributed across that range. Worst case should be a mean of 2 loops at (2**k)+2. Note that this function is not declared to be forwards-compatible: we may change the behavior in future releases. The entropy= argument (which should get a callable that behaves like os.urandom) can be used to achieve stability within a given release (for repeatable unit tests), but should not be used as a long-term-compatible key generation algorithm. rNr r)baser)AssertionErrorosurandomr#rr)r%ZentropyZupper_2Z upper_256rZent_2Zrand_numrrr randrangeNs   r+c@s$eZdZddZddZddZdS)PRNGcCs|||_dS)N)block_generator generator)selfseedrrr__init__lsz PRNG.__init__cs0fddt|D}tr$d|St|SdS)Ncsg|]}tjqSr)rr.)rir/rr psz!PRNG.__call__..r)rangerr bytes)r/Znumbytesarr3r__call__os z PRNG.__call__ccs6d}td||fD] }|Vq|d7}qdS)Nrz prng-%d-%sr)rencodedigest)r/r0ZcounterZbyterrrr-ws  zPRNG.block_generatorN)__name__ __module__ __qualname__r1r8r-rrrrr,fsr,cCsXt|dt|}tt|d|dd}d|krD|ksTntd||f|S)Nr r)r,r&rbinasciihexlifyr()r0r%r'numberrrr%randrange_from_seed__overshoot_modulos$rBcCs d|>dSr$r)Znumbitsrrr lsb_of_onessrCcCs2tt|ddd}|d}|d}|||fS)Nrr r)rmathlog)r%bitsr6 extrabitsrrrbits_and_bytessrHcCstt|\}}}|r|d7}||d|}d|t||}dtt|d}d|krj|kspnt|S)Nrr>)rHr:rrr?r@r()r0r%hashmodrFZ_bytesrGr'rArrr#randrange_from_seed__truncate_bytessrKcCstt|ddd}|dd}||d|}d|t||}d||}|rtt|dt|@|dd}dtt |d}d|kr|ksnt |S)Nrr r!rrIrr>) rrDrEr:rrrrCr?r@r()r0r%rJrFZmaxbytesr'ZtopbitsrArrr"randrange_from_seed__truncate_bitss  $rLcCsx|dks tt|\}}}t|}d}|rBtt|dt|@}t|||d}d|krj|kr"nq"|Sq"dS)Nr)r(rHr,rrrCstring_to_number)r0r%rFr6rGZgenerateZ extrabyteZguessrrr randrange_from_seed__trytryagains rOcCsNt|}dtd|d}t||}t||ksJtt||f|SNz%0r r)r&strr? unhexlifyr9rr(Znumr%lZfmt_strstringrrrnumber_to_strings rVcCs:t|}dtd|d}t||}|d|SrP)r&rQr?rRr9rSrrrnumber_to_string_cropsrWcCstt|dSNr>)rr?r@)rUrrrrNsrNcCs4t|}t||ks$tt||ftt|dSrX)r&rr(rr?r@)rUr%rTrrrstring_to_number_fixedlensrYcCst||}t||}||fS)aZ Encode the signature to a pair of strings in a tuple Encodes signature into raw encoding (:term:`raw encoding`) with the ``r`` and ``s`` parts of the signature encoded separately. It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: tuple(bytes, bytes) )rVrsr%r_strs_strrrrsigencode_stringss  r_cCst|||\}}||S)a Encode the signature to raw format (:term:`raw encoding`) It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: bytes )r_rZrrrsigencode_stringsr`cCstt|t|S)a Encode the signature into the ECDSA-Sig-Value structure using :term:`DER`. Encodes the signature to the following :term:`ASN.1` structure:: Ecdsa-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: DER encoding of ECDSA signature :rtype: bytes )rZencode_sequenceZencode_integerr[r\r%rrr sigencode_dersrbcCs||dkr||}|S)a8 Internal function for ensuring that the ``s`` value of a signature is in the "canonical" format. :param int s: the second parameter of ECDSA signature :param int order: the order of the curve over which the signatures was computed :return: canonical value of s :rtype: int r r)r\r%rrr _canonize3s rccCst||}t|||S)a Encode the signature to a pair of strings in a tuple Encodes signature into raw encoding (:term:`raw encoding`) with the ``r`` and ``s`` parts of the signature encoded separately. Makes sure that the signature is encoded in the canonical format, where the ``s`` parameter is always smaller than ``order / 2``. Most commonly used in bitcoin. It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: tuple(bytes, bytes) )rcr_rarrrsigencode_strings_canonizeDs rdcCst||}t|||S)aw Encode the signature to raw format (:term:`raw encoding`) Makes sure that the signature is encoded in the canonical format, where the ``s`` parameter is always smaller than ``order / 2``. Most commonly used in bitcoin. It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: bytes )rcr`rarrrsigencode_string_canonize^s recCst||}t|||S)a9 Encode the signature into the ECDSA-Sig-Value structure using :term:`DER`. Makes sure that the signature is encoded in the canonical format, where the ``s`` parameter is always smaller than ``order / 2``. Most commonly used in bitcoin. Encodes the signature to the following :term:`ASN.1` structure:: Ecdsa-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: DER encoding of ECDSA signature :rtype: bytes )rcrbrarrrsigencode_der_canonizeus rfc@seZdZdZdS)MalformedSignatureaB Raised by decoding functions when the signature is malformed. Malformed in this context means that the relevant strings or integers do not match what a signature over provided curve would create. Either because the byte strings have incorrect lengths or because the encoded values are too large. N)r;r<r=__doc__rrrrrgs rgcCsdt|}t|}t|d|ks8tdd|t|t|d||}t||d|}||fS)a Decoder for :term:`raw encoding` of ECDSA signatures. raw encoding is a simple concatenation of the two integers that comprise the signature, with each encoded using the same amount of bytes depending on curve size/order. It's expected that this function will be used as the ``sigdecode=`` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param signature: encoded signature :type signature: bytes like object :param order: order of the curve over which the signature was computed :type order: int :raises MalformedSignature: when the encoding of the signature is invalid :return: tuple with decoded ``r`` and ``s`` values of signature :rtype: tuple of ints r zWInvalid length of signature, expected {0} bytes long, provided string is {1} bytes longN)r r&rrgformatrY)Z signaturer%rTr[r\rrrsigdecode_stringsrjcCst|dkstdt||\}}t|}t|}t|}t||ks^td|t|t||ks~td|t|t||}t||}||fS)a Decode the signature from two strings. First string needs to be a big endian encoding of ``r``, second needs to be a big endian encoding of the ``s`` parameter of an ECDSA signature. It's expected that this function will be used as the ``sigdecode=`` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param list rs_strings: list of two bytes-like objects, each encoding one parameter of signature :param int order: order of the curve over which the signature was computed :raises MalformedSignature: when the encoding of the signature is invalid :return: tuple with decoded ``r`` and ``s`` values of signature :rtype: tuple of ints r z3Invalid number of strings provided: {0}, expected 2zjInvalid length of first string ('r' parameter), expected {0} bytes long, provided string is {1} bytes longzkInvalid length of second string ('s' parameter), expected {0} bytes long, provided string is {1} bytes long)rrgrir r&rY) rs_stringsr%r]r^rTr[r\rrrsigdecode_stringss6     rlcCsrt|}t|\}}|dkr2tdt|t|\}}t|\}}|dkrjtdt|||fS)a Decoder for DER format of ECDSA signatures. DER format of signature is one that uses the :term:`ASN.1` :term:`DER` rules to encode it as a sequence of two integers:: Ecdsa-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } It's expected that this function will be used as as the ``sigdecode=`` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param sig_der: encoded signature :type sig_der: bytes like object :param order: order of the curve over which the signature was computed :type order: int :raises UnexpectedDER: when the encoding of signature is invalid :return: tuple with decoded ``r`` and ``s`` values of signature :rtype: tuple of ints rMztrailing junk after DER sig: %sz#trailing junk after DER numbers: %s)r rZremove_sequenceZ UnexpectedDERr?r@Zremove_integer)Zsig_derr%rkemptyr[restr\rrr sigdecode_ders  ro)N)2rhZ __future__rr)rDr?sysZhashlibrZsixrrrrrZ_compatr Zoid_ecPublicKeyZ encode_oidZencoded_oid_ecPublicKeyZoid_ecDHZ oid_ecMQV version_inforr#r&r+r,rBrCrHrKrLrOrVrWrNrYr_r`rbrcrdrerf ExceptionrgrjrlrorrrrsV              !.