TfDdZddlmZddlZddlZddlZddlZddlmZddl m Z m Z m Z ddl mZddlmZd ZejeZd Zd Zejd krd ZndZejdkrdZndZdZd+dZGddZdZdZdZefdZefdZ dZ!dZ"dZ#dZ$dZ%d Z&d!Z'd"Z(d#Z)d$Z*d%Z+Gd&d'e,Z-d(Z.d)Z/d*Z0dS),a This module includes some utility functions. The methods most typically used are the sigencode and sigdecode functions to be used with :func:`~ecdsa.keys.SigningKey.sign` and :func:`~ecdsa.keys.VerifyingKey.verify` respectively. See the :func:`sigencode_strings`, :func:`sigdecode_string`, :func:`sigencode_der`, :func:`sigencode_strings_canonize`, :func:`sigencode_string_canonize`, :func:`sigencode_der_canonize`, :func:`sigdecode_strings`, :func:`sigdecode_string`, and :func:`sigdecode_der` functions. )divisionN)sha256)PY2int2bytenext)der)normalise_bytes)riHi='r r)rr )rr r r )r ctt|dddt |dzS)-Convert a bytestring to string of 0's and 1'sbigr N)binint from_byteszfilllenent_256s >'511221226<z"entropy_to_bits..<sDAAAs3q66{{122,,Q//AAAAAAr)joinrs rrr:s#wwAAAAAAAAr)r c@tt|dz S)Nr )rrr#s r bit_lengthr)As3q66{{Qrc.|pdSNr)r)r(s rr)r)Fs||~~""rc2dtd|zzdzS)Nrz%xr )r)orders rorderlenr.Js D5L!! !a ''rc|dksJ| tj}t|dz }|dzdz} ||}t|}t |d|ddz}d|cxkr|krnn|SI)aReturn a random integer k such that 1 <= k < order, uniformly distributed across that range. Worst case should be a mean of 2 loops at (2**k)+2. Note that this function is not declared to be forwards-compatible: we may change the behavior in future releases. The entropy= argument (which should get a callable that behaves like os.urandom) can be used to achieve stability within a given release (for repeatable unit tests), but should not be used as a long-term-compatible key generation algorithm. rNr rT)baser)osurandomr)rr)r-entropyupper_2 upper_256rent_2rand_nums r randranger8Ns 19999*##G1 q I')$$((uXgXQ///!3 x    %     O rc eZdZdZdZdZdS)PRNGc:|||_dSN)block_generator generator)selfseeds r__init__z PRNG.__init__ls--d33rcfdt|D}trd|St|S)Nc8g|]}tjS)rr>)r"ir?s r z!PRNG.__call__..ps# ; ; ;aT$. ! ! ; ; ;rr)rangerr%bytes)r?numbytesas` r__call__z PRNG.__call__osE ; ; ; ;5?? ; ; ;  771:: 88Orc#Kd} td||fzD]}|V|dz }E)NrTz prng-%d-%sr)rencodedigest)r?r@counterbytes rr=zPRNG.block_generatorwse $/7799fhh   qLG  rN)__name__ __module__ __qualname__rArKr=rDrrr:r:fsA 444rr:ct|dt|z}ttj|d|dz zdz}d|cxkr|ksnJd||f|S)Nr r)r:r.rbinasciihexlify)r@r-r0numbers r%randrange_from_seed__overshoot_modulorYs 4::a(5//) * *D("4(("--;q @F          FE 2    Mrcd|zdz Sr+rD)numbitss r lsb_of_onesr\s LA rcpttj|dz ddz}|dz}|dz}|||fS)Nrr r)rmathlog)r-bitsrH extrabitss rbits_and_bytesrbsC tx 1%%) * *D AIEqI  !!rc t|\}}}|r|dz }||d|}d|t|z z|z}dtt j|dz}d|cxkr|ksnJ|S)NrrU)rbrNrrrVrW)r@r-hashmodr`_bytesrar0rXs r#randrange_from_seed__truncate_bytesrgs-U33D&)!  74==   ! !'6' *D Vc$ii' (4 /D X%d++R00 0F            Mrcttj|dz ddz}|dzdz}||d|}d|t |z z|z}d|z|z }|r=t t |dt|z|ddz}dttj |dz}d|cxkr|ksnJ|S)Nrr r&rrdrrU) rr^r_rNrrr!r\rVrW)r@r-rer`maxbytesr0topbitsrXs r"randrange_from_seed__truncate_bitsrks tx 1%%) * *DqQH 74==   ! !)8) ,D XD ) *T 1D(lT!GHDG {7';';;<rc4t|||\}}||zS)a Encode the signature to raw format (:term:`raw encoding`) It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: bytes rrs rsigencode_stringrs#"%Q511LE5 5=rcttjtj|tj|S)a Encode the signature into the ECDSA-Sig-Value structure using :term:`DER`. Encodes the signature to the following :term:`ASN.1` structure:: Ecdsa-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: DER encoding of ECDSA signature :rtype: bytes )r encode_sequenceencode_integerrrr-s r sigencode_derrs-,  s1!44c6H6K6K L LLrc@||dz kr||z }t|||S)a Encode the signature to a pair of strings in a tuple Encodes signature into raw encoding (:term:`raw encoding`) with the ``r`` and ``s`` parts of the signature encoded separately. Makes sure that the signature is encoded in the canonical format, where the ``s`` parameter is always smaller than ``order / 2``. Most commonly used in bitcoin. It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: tuple(bytes, bytes) r rrs rsigencode_strings_canonizer3s,, 519}} AI Q5 ) ))rc@||dz kr||z }t|||S)aw Encode the signature to raw format (:term:`raw encoding`) Makes sure that the signature is encoded in the canonical format, where the ``s`` parameter is always smaller than ``order / 2``. Most commonly used in bitcoin. It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: bytes r )rrs rsigencode_string_canonizerNs,& 519}} AI Aq% ( ((rc@||dz kr||z }t|||S)a9 Encode the signature into the ECDSA-Sig-Value structure using :term:`DER`. Makes sure that the signature is encoded in the canonical format, where the ``s`` parameter is always smaller than ``order / 2``. Most commonly used in bitcoin. Encodes the signature to the following :term:`ASN.1` structure:: Ecdsa-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } It's expected that this function will be used as a ``sigencode=`` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: DER encoding of ECDSA signature :rtype: bytes r )rrs rsigencode_der_canonizerfs,4 519}} AI Au % %%rceZdZdZdS)MalformedSignatureaB Raised by decoding functions when the signature is malformed. Malformed in this context means that the relevant strings or integers do not match what a signature over provided curve would create. Either because the byte strings have incorrect lengths or because the encoded values are too large. N)rQrRrS__doc__rDrrrrs Drrc8t|}t|}t|d|zks3tdd|zt|t |d||}t ||d|}||fS)a Decoder for :term:`raw encoding` of ECDSA signatures. raw encoding is a simple concatenation of the two integers that comprise the signature, with each encoded using the same amount of bytes depending on curve size/order. It's expected that this function will be used as the ``sigdecode=`` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param signature: encoded signature :type signature: bytes like object :param order: order of the curve over which the signature was computed :type order: int :raises MalformedSignature: when the encoding of the signature is invalid :return: tuple with decoded ``r`` and ``s`` values of signature :rtype: tuple of ints r zWInvalid length of signature, expected {0} bytes long, provided string is {1} bytes longN)r r.rrformatr) signaturer-rxrrs rsigdecode_stringrs* **IA y>>QU " "  006q1uc)nn0M0M    ")BQB-77A!)ABB-77A a4Krc>t|dks/tdt||\}}t|}t|}t |}t||ks0td|t|t||ks0td|t|t ||}t ||}||fS)a Decode the signature from two strings. First string needs to be a big endian encoding of ``r``, second needs to be a big endian encoding of the ``s`` parameter of an ECDSA signature. It's expected that this function will be used as the ``sigdecode=`` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param list rs_strings: list of two bytes-like objects, each encoding one parameter of signature :param int order: order of the curve over which the signature was computed :raises MalformedSignature: when the encoding of the signature is invalid :return: tuple with decoded ``r`` and ``s`` values of signature :rtype: tuple of ints r z3Invalid number of strings provided: {0}, expected 2zjInvalid length of first string ('r' parameter), expected {0} bytes long, provided string is {1} bytes longzkInvalid length of second string ('s' parameter), expected {0} bytes long, provided string is {1} bytes long)rrrr r.r) rs_stringsr-rrrxrrs rsigdecode_stringsrs& z??a   A H HJ      NUE E " "E E " "EA u::??  3u::..   u::??  3u::..   "%//A!%//A a4Krcnt|}tj|\}}|dkr)tjdt j|ztj|\}}tj|\}}|dkr)tjdt j|z||fS)a Decoder for DER format of ECDSA signatures. DER format of signature is one that uses the :term:`ASN.1` :term:`DER` rules to encode it as a sequence of two integers:: Ecdsa-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } It's expected that this function will be used as as the ``sigdecode=`` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param sig_der: encoded signature :type sig_der: bytes like object :param order: order of the curve over which the signature was computed :type order: int :raises UnexpectedDER: when the encoding of signature is invalid :return: tuple with decoded ``r`` and ``s`` values of signature :rtype: tuple of ints rztrailing junk after DER sig: %sz#trailing junk after DER numbers: %s)r r remove_sequence UnexpectedDERrVrWremove_integer)sig_derr-remptyrrestrs r sigdecode_derrs2g&&G+G44J || -0@0G0G G    ,,GAt!$''HAu || 1H4DU4K4K K    a4Krr<)1r __future__rr1r^rVsyshashlibrsixrrrrr _compatr oid_ecPublicKey encode_oidencoded_oid_ecPublicKeyoid_ecDH oid_ecMQV version_inforr)r.r8r:rYr\rbrgrkrqr{r}rmrrrrrrr ExceptionrrrrrDrrrs     ##########$$$$$$+(#./:   tOOOO BBB f ###(((06   """&>D    =C    &------ .*MMM2***6)))0&&&>          B+++\&&&&&r