a _mgD@sdZddlmZddlZddlZddlZddlZddlmZddl m Z m Z m Z ddl mZddlmZd ZejeZd Zd Zejd krd dZnddZejdkrddZnddZddZdBddZGdddZddZddZddZefd d!Zefd"d#Z d$d%Z!d&d'Z"d(d)Z#d*d+Z$d,d-Z%d.d/Z&d0d1Z'd2d3Z(d4d5Z)d6d7Z*d8d9Z+Gd:d;d;e,Z-dd?Z/d@dAZ0dS)Ca This module includes some utility functions. The methods most typically used are the sigencode and sigdecode functions to be used with :func:`~ecdsa.keys.SigningKey.sign` and :func:`~ecdsa.keys.VerifyingKey.verify` respectively. See the :func:`sigencode_strings`, :func:`sigdecode_string`, :func:`sigencode_der`, :func:`sigencode_strings_canonize`, :func:`sigencode_string_canonize`, :func:`sigencode_der_canonize`, :func:`sigdecode_strings`, :func:`sigdecode_string`, and :func:`sigdecode_der` functions. )divisionN)sha256)PY2int2bytenext)der)normalise_bytes)riHi='r r)rr )rr r r )r cCs&tt|dddt|dS)-Convert a bytestring to string of 0's and 1'sbigr N)binint from_byteszfilllenent_256rA/var/www/html/idle/venv/lib/python3.9/site-packages/ecdsa/util.pyentropy_to_bits4srcCsddd|DS)rcss(|] }tt|dddVqdS)r Nr)rordr).0xrrr <z"entropy_to_bits..)joinrrrrr:s)r cCstt|dS)Nr )rrrrrr bit_lengthAsr%cCs |p dSNr)r%r$rrrr%FscCsdtd|dS)Nrz%xr )r)orderrrrorderlenJsr(cCs||dks J|durtj}t|d}|dd}||}t|}t|d|ddd}d|krn|kr2nq2|Sq2dS)aReturn a random integer k such that 1 <= k < order, uniformly distributed across that range. Worst case should be a mean of 2 loops at (2**k)+2. Note that this function is not declared to be forwards-compatible: we may change the behavior in future releases. The entropy= argument (which should get a callable that behaves like os.urandom) can be used to achieve stability within a given release (for repeatable unit tests), but should not be used as a long-term-compatible key generation algorithm. rNr r)baser)osurandomr%rr)r'ZentropyZupper_2Z upper_256rZent_2Zrand_numrrr randrangeNs   r,c@s$eZdZddZddZddZdS)PRNGcCs|||_dS)N)block_generator generator)selfseedrrr__init__lsz PRNG.__init__cs0fddt|D}tr$d|St|SdS)Ncsg|]}tjqSr)rr/)rir0rr pr!z!PRNG.__call__..r)rangerr"bytes)r0numbytesarr4r__call__os z PRNG.__call__ccs6d}td||fD] }|Vq|d7}qdS)Nrz prng-%d-%sr)rencodedigest)r0r1counterbyterrrr.ws  zPRNG.block_generatorN)__name__ __module__ __qualname__r2r:r.rrrrr-fsr-cCsXt|dt|}tt|d|dd}d|krD|ksTnJd||f|S)Nr r)r-r(rbinasciihexlify)r1r'r)numberrrr%randrange_from_seed__overshoot_modulos$rFcCs d|>dSr&r)Znumbitsrrr lsb_of_onessrGcCs2tt|ddd}|d}|d}|||fS)Nrr r)rmathlog)r'bitsr7 extrabitsrrrbits_and_bytessrLcCstt|\}}}|r|d7}||d|}d|t||}dtt|d}d|krj|kspnJ|S)NrrB)rLr<rrrCrD)r1r'hashmodrJZ_bytesrKr)rErrr#randrange_from_seed__truncate_bytessrOcCstt|ddd}|dd}||d|}d|t||}d||}|rtt|dt|@|dd}dtt |d}d|kr|ksnJ|S)Nrr r#rrMrrB) rrHrIr<rrrrGrCrD)r1r'rNrJZmaxbytesr)ZtopbitsrErrr"randrange_from_seed__truncate_bitss  $rPcCsx|dks Jt|\}}}t|}d}|rBtt|dt|@}t|||d}d|krj|kr"nq"|Sq"dS)Nrr!)rLr-rrrGstring_to_number)r1r'rJr7rKgenerateZ extrabyteguessrrr randrange_from_seed__trytryagains rTcCsNt|}dtd|d}t||}t||ksJJt||f|SNz%0r r)r(strrC unhexlifyr;rnumr'lZfmt_strstringrrrnumber_to_strings r\cCs:t|}dtd|d}t||}|d|SrU)r(rVrCrWr;rXrrrnumber_to_string_cropsr]cCstt|dSNrB)rrCrD)r[rrrrQsrQcCs4t|}t||ks$Jt||ftt|dSr^)r(rrrCrD)r[r'rZrrrstring_to_number_fixedlensr_cCst||}t||}||fS)aZ Encode the signature to a pair of strings in a tuple Encodes signature into raw encoding (:term:`raw encoding`) with the ``r`` and ``s`` parts of the signature encoded separately. It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: tuple(bytes, bytes) )r\rsr'r_strs_strrrrsigencode_stringss  recCst|||\}}||S)a Encode the signature to raw format (:term:`raw encoding`) It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: bytes rer`rrrsigencode_stringsrgcCstt|t|S)a Encode the signature into the ECDSA-Sig-Value structure using :term:`DER`. Encodes the signature to the following :term:`ASN.1` structure:: Ecdsa-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: DER encoding of ECDSA signature :rtype: bytes )rZencode_sequenceZencode_integerrarbr'rrr sigencode_dersricCs ||dkr||}t|||S)a Encode the signature to a pair of strings in a tuple Encodes signature into raw encoding (:term:`raw encoding`) with the ``r`` and ``s`` parts of the signature encoded separately. Makes sure that the signature is encoded in the canonical format, where the ``s`` parameter is always smaller than ``order / 2``. Most commonly used in bitcoin. It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: tuple(bytes, bytes) r rfrhrrrsigencode_strings_canonize3s rjcCs ||dkr||}t|||S)aw Encode the signature to raw format (:term:`raw encoding`) Makes sure that the signature is encoded in the canonical format, where the ``s`` parameter is always smaller than ``order / 2``. Most commonly used in bitcoin. It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: bytes r )rgrhrrrsigencode_string_canonizeNs rkcCs ||dkr||}t|||S)a9 Encode the signature into the ECDSA-Sig-Value structure using :term:`DER`. Makes sure that the signature is encoded in the canonical format, where the ``s`` parameter is always smaller than ``order / 2``. Most commonly used in bitcoin. Encodes the signature to the following :term:`ASN.1` structure:: Ecdsa-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: DER encoding of ECDSA signature :rtype: bytes r )rirhrrrsigencode_der_canonizefs rlc@seZdZdZdS)MalformedSignatureaB Raised by decoding functions when the signature is malformed. Malformed in this context means that the relevant strings or integers do not match what a signature over provided curve would create. Either because the byte strings have incorrect lengths or because the encoded values are too large. N)r?r@rA__doc__rrrrrms rmcCsdt|}t|}t|d|ks8tdd|t|t|d||}t||d|}||fS)a Decoder for :term:`raw encoding` of ECDSA signatures. raw encoding is a simple concatenation of the two integers that comprise the signature, with each encoded using the same amount of bytes depending on curve size/order. It's expected that this function will be used as the ``sigdecode=`` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param signature: encoded signature :type signature: bytes like object :param order: order of the curve over which the signature was computed :type order: int :raises MalformedSignature: when the encoding of the signature is invalid :return: tuple with decoded ``r`` and ``s`` values of signature :rtype: tuple of ints r zWInvalid length of signature, expected {0} bytes long, provided string is {1} bytes longN)r r(rrmformatr_) signaturer'rZrarbrrrsigdecode_strings rqcCst|dkstdt||\}}t|}t|}t|}t||ks^td|t|t||ks~td|t|t||}t||}||fS)a Decode the signature from two strings. First string needs to be a big endian encoding of ``r``, second needs to be a big endian encoding of the ``s`` parameter of an ECDSA signature. It's expected that this function will be used as the ``sigdecode=`` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param list rs_strings: list of two bytes-like objects, each encoding one parameter of signature :param int order: order of the curve over which the signature was computed :raises MalformedSignature: when the encoding of the signature is invalid :return: tuple with decoded ``r`` and ``s`` values of signature :rtype: tuple of ints r z3Invalid number of strings provided: {0}, expected 2zjInvalid length of first string ('r' parameter), expected {0} bytes long, provided string is {1} bytes longzkInvalid length of second string ('s' parameter), expected {0} bytes long, provided string is {1} bytes long)rrmror r(r_) rs_stringsr'rcrdrZrarbrrrsigdecode_stringss2     rscCsrt|}t|\}}|dkr2tdt|t|\}}t|\}}|dkrjtdt|||fS)a Decoder for DER format of ECDSA signatures. DER format of signature is one that uses the :term:`ASN.1` :term:`DER` rules to encode it as a sequence of two integers:: Ecdsa-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } It's expected that this function will be used as as the ``sigdecode=`` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param sig_der: encoded signature :type sig_der: bytes like object :param order: order of the curve over which the signature was computed :type order: int :raises UnexpectedDER: when the encoding of signature is invalid :return: tuple with decoded ``r`` and ``s`` values of signature :rtype: tuple of ints r!ztrailing junk after DER sig: %sz#trailing junk after DER numbers: %s)r rZremove_sequenceZ UnexpectedDERrCrDZremove_integer)Zsig_derr'rremptyrarestrbrrr sigdecode_ders  rv)N)1rn __future__rr*rHrCsyshashlibrsixrrrrrZ_compatr Zoid_ecPublicKeyZ encode_oidZencoded_oid_ecPublicKeyZoid_ecDHZ oid_ecMQV version_inforr%r(r,r-rFrGrLrOrPrTr\r]rQr_rergrirjrkrl ExceptionrmrqrsrvrrrrsT              !.