a db9@sddlmZddlZddlZddlZddlZddlmZddlm Z m Z m Z m Z ddl mZddlmZdZejeZd Zd Zejd krd d Zndd ZejdkrddZnddZddZdAddZGdddZddZddZddZefdd Zefd!d"Z d#d$Z!d%d&Z"d'd(Z#d)d*Z$d+d,Z%d-d.Z&d/d0Z'd1d2Z(d3d4Z)d5d6Z*d7d8Z+Gd9d:d:e,Z-d;d<Z.d=d>Z/d?d@Z0dS)B)divisionN)sha256)PY2int2bytebnext)der)normalise_bytes)riHi='r r)rr )rr r r )r cCs&tt|dddt|dS)-Convert a bytestring to string of 0's and 1'sbigr N)binint from_byteszfilllenent_256r[/home/tom/ab/renpy-build/tmp/install.linux-x86_64/lib/python3.9/site-packages/ecdsa/util.pyentropy_to_bits&srcCsddd|DS)rcss(|] }tt|dddVqdS)r Nr)rordr).0xrrr /z"entropy_to_bits..)joinrrrrr-s)r cCstt|dSNr )rrr rrr bit_length4sr'cCs |p dSNr)r'r&rrrr':scCsdtd|dS)Nrz%xr )r)orderrrrorderlen>sr*cCs||dks J|durtj}t|d}|dd}||}t|}t|d|ddd}d|krn|kr2nq2|Sq2dS)aReturn a random integer k such that 1 <= k < order, uniformly distributed across that range. Worst case should be a mean of 2 loops at (2**k)+2. Note that this function is not declared to be forwards-compatible: we may change the behavior in future releases. The entropy= argument (which should get a callable that behaves like os.urandom) can be used to achieve stability within a given release (for repeatable unit tests), but should not be used as a long-term-compatible key generation algorithm. rNr r)baser)osurandomr'rr)r)ZentropyZupper_2Z upper_256rZent_2Zrand_numrrr randrangeBs   r.c@s$eZdZddZddZddZdS)PRNGcCs|||_dSN)block_generator generator)selfseedrrr__init__`sz PRNG.__init__cs0fddt|D}tr$d|St|SdS)Ncsg|]}tjqSr)rr2)rir3rr dr"z!PRNG.__call__..r)rangerr#bytes)r3numbytesarr7r__call__cs z PRNG.__call__ccs6d}td||fD] }|Vq|d7}qdS)Nrz prng-%d-%sr)rencodedigest)r3r4counterbyterrrr1ks  zPRNG.block_generatorN)__name__ __module__ __qualname__r5r=r1rrrrr/Zsr/cCsXt|dt|}tt|d|dd}d|krD|ksTnJd||f|S)Nr r)r/r*rbinasciihexlify)r4r)r+numberrrr%randrange_from_seed__overshoot_modulous$rIcCs d|>dSr(r)Znumbitsrrr lsb_of_onessrJcCs2tt|ddd}|d}|d}|||fS)Nrr r)rmathlog)r)bitsr: extrabitsrrrbits_and_bytessrOcCstt|\}}}|r|d7}||d|}d|t||}dtt|d}d|krj|kspnJ|S)NrrE)rOr?rrrFrG)r4r)hashmodrMZ_bytesrNr+rHrrr#randrange_from_seed__truncate_bytessrRcCstt|ddd}|dd}||d|}d|t||}d||}|rtt|dt|@|dd}dtt |d}d|kr|ksnJ|S)Nrr r$rrPrrE) rrKrLr?rrrrJrFrG)r4r)rQrMZmaxbytesr+ZtopbitsrHrrr"randrange_from_seed__truncate_bitss  $rScCs||dks Jt|\}}}t|}td}|rFtt|dt|@}t|||d}d|krn|kr"nq"|Sq"dS)Nrr)rOr/rrrrJstring_to_number)r4r)rMr:rNgenerateZ extrabyteguessrrr randrange_from_seed__trytryagains rWcCsNt|}dtd|d}t||}t||ksJJt||f|SNz%0r r )r*strrF unhexlifyr>rnumr)lZfmt_strstringrrrnumber_to_strings r_cCs:t|}dtd|d}t||}|d|SrX)r*rYrFrZr>r[rrrnumber_to_string_cropsr`cCstt|dSNrE)rrFrG)r^rrrrTsrTcCs4t|}t||ks$Jt||ftt|dSra)r*rrrFrG)r^r)r]rrrstring_to_number_fixedlensrbcCst||}t||}||fSr0)r_rsr)r_strs_strrrrsigencode_stringss  rhcCst|||\}}||S)a Encode the signature to raw format (:term:`raw encoding`) It's expected that this function will be used as a `sigencode=` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: raw encoding of ECDSA signature :rtype: bytes rhrcrrrsigencode_stringsrjcCstt|t|S)a Encode the signature into the ECDSA-Sig-Value structure using :term:`DER`. Encodes the signature to the following :term:`ASN.1` structure:: Ecdsa-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } It's expected that this function will be used as a `sigencode=` parameter in :func:`ecdsa.keys.SigningKey.sign` method. :param int r: first parameter of the signature :param int s: second parameter of the signature :param int order: the order of the curve over which the signature was computed :return: DER encoding of ECDSA signature :rtype: bytes )r Zencode_sequenceZencode_integerrdrer)rrr sigencode_dersrlcCs ||dkr||}t|||Sr%rirkrrrsigencode_strings_canonizes rmcCs ||dkr||}t|||Sr%)rjrkrrrsigencode_string_canonize%s rncCs ||dkr||}t|||Sr%)rlrkrrrsigencode_der_canonize+s roc@seZdZdZdS)MalformedSignatureaB Raised by decoding functions when the signature is malformed. Malformed in this context means that the relevant strings or integers do not match what a signature over provided curve would create. Either because the byte strings have incorrect lengths or because the encoded values are too large. N)rBrCrD__doc__rrrrrp1s rpcCsdt|}t|}t|d|ks8tdd|t|t|d||}t||d|}||fS)a Decoder for :term:`raw encoding` of ECDSA signatures. raw encoding is a simple concatenation of the two integers that comprise the signature, with each encoded using the same amount of bytes depending on curve size/order. It's expected that this function will be used as the `sigdecode=` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param signature: encoded signature :type signature: bytes like object :param order: order of the curve over which the signature was computed :type order: int :raises MalformedSignature: when the encoding of the signature is invalid :return: tuple with decoded 'r' and 's' values of signature :rtype: tuple of ints r zWInvalid length of signature, expected {0} bytes long, provided string is {1} bytes longN)r r*rrpformatrb) signaturer)r]rdrerrrsigdecode_string>s rtcCst|dkstdt||\}}t|}t|}t|}t||ks^td|t|t||ks~td|t|t||}t||}||fS)a Decode the signature from two strings. First string needs to be a big endian encoding of 'r', second needs to be a big endian encoding of the 's' parameter of an ECDSA signature. It's expected that this function will be used as the `sigdecode=` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param list rs_strings: list of two bytes-like objects, each encoding one parameter of signature :param int order: order of the curve over which the signature was computed :raises MalformedSignature: when the encoding of the signature is invalid :return: tuple with decoded 'r' and 's' values of signature :rtype: tuple of ints r z3Invalid number of strings provided: {0}, expected 2zjInvalid length of first string ('r' parameter), expected {0} bytes long, provided string is {1} bytes longzkInvalid length of second string ('s' parameter), expected {0} bytes long, provided string is {1} bytes long)rrprrr r*rb) rs_stringsr)rfrgr]rdrerrrsigdecode_strings_s2     rvcCsrt|}t|\}}|dkr2tdt|t|\}}t|\}}|dkrjtdt|||fS)a Decoder for DER format of ECDSA signatures. DER format of signature is one that uses the :term:`ASN.1` :term:`DER` rules to encode it as a sequence of two integers:: Ecdsa-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } It's expected that this function will be used as as the `sigdecode=` parameter to the :func:`ecdsa.keys.VerifyingKey.verify` method. :param sig_der: encoded signature :type sig_der: bytes like object :param order: order of the curve over which the signature was computed :type order: int :raises UnexpectedDER: when the encoding of signature is invalid :return: tuple with decoded 'r' and 's' values of signature :rtype: tuple of ints r"ztrailing junk after DER sig: %sz#trailing junk after DER numbers: %s)r r Zremove_sequenceZ UnexpectedDERrFrGZremove_integer)Zsig_derr)ruemptyrdrestrerrr sigdecode_ders  ry)N)1 __future__rr,rKrFsyshashlibrsixrrrrrr Z_compatr Zoid_ecPublicKeyZ encode_oidZencoded_oid_ecPublicKeyZoid_ecDHZ oid_ecMQV version_inforr'r*r.r/rIrJrOrRrSrWr_r`rTrbrhrjrlrmrnro ExceptionrprtrvryrrrrsR               !.