def ecdsa_pubkey_recovery_raw(m: bytes, dsasig: Signature, odd1even0: int) -> PubKey:
h = int_from_hash(m, ec.n)
r, s = dsasig
r1 = mod_inv(r, ec.n)
R = (r, ec.yOdd(r, odd1even0))
return ec.pointAdd(ec.pointMultiply( s * r1 % ec.n, R),
ec.pointMultiply(-h * r1 % ec.n, ec.G))
def ecdsa_verify_raw(m: bytes, dsasig: Signature, pubkey: PubKey) -> bool:
h = int_from_hash(m, ec.n)
r, s = dsasig
s1 = mod_inv(s, ec.n)
R = ec.pointAdd(ec.pointMultiply(r * s1 % ec.n, pubkey),
ec.pointMultiply(h * s1 % ec.n, ec.G))
return R[0] % ec.n == r
def ecssa_pubkey_recovery_raw(e: bytes, ssasig: Signature) -> PubKey:
r, s = ssasig
R = (r, ec.yQuadraticResidue(r, True))
e = int_from_hash(e, ec.n)
assert e != 0 and e < ec.n, "invalid challenge e"
e1 = mod_inv(e, ec.n)
return ec.pointAdd(ec.pointMultiply((e1 * s) % ec.n, ec.G),
ec.pointMultiply(ec.n - e1, R))
def ecdsa_sign_raw(m: bytes, prvkey: int, eph_prv: int) -> Signature:
R = ec.pointMultiply(eph_prv, ec.G)
r = R[0] % ec.n
h = int_from_hash(m, ec.n)
# assert h
s = mod_inv(eph_prv, ec.n) * (h + prvkey * r) % ec.n
assert r != 0 and s != 0, "failed to sign"
return r, s
def ecssa_pubkey_recovery_raw(m: bytes,
ssasig: Signature,
hasher=sha256) -> PubKey:
R_x, s = ssasig
R = (R_x, ec.y(R_x, 0))
R_x = R_x.to_bytes(32, 'big')
e = hasher(R_x + m).digest()
e = int_from_hash(e, ec.order)
assert e != 0 and e < ec.order, "invalid e value"
e1 = mod_inv(e, ec.order)
return ec.pointAdd(ec.pointMultiply(e1, R),
ec.pointMultiply(-e1 * s % ec.order, ec.G))