def ecdsa_pubkey_recovery_raw(m: bytes, dsasig: Signature, odd1even0: int) -> PubKey:
    h = int_from_hash(m, ec.n)
    r, s = dsasig
    r1 = mod_inv(r, ec.n)
    R = (r, ec.yOdd(r, odd1even0))
    return ec.pointAdd(ec.pointMultiply( s * r1 % ec.n, R),
                       ec.pointMultiply(-h * r1 % ec.n, ec.G))
def ecdsa_verify_raw(m: bytes, dsasig: Signature, pubkey: PubKey) -> bool:
    h = int_from_hash(m, ec.n)
    r, s = dsasig
    s1 = mod_inv(s, ec.n)
    R = ec.pointAdd(ec.pointMultiply(r * s1 % ec.n, pubkey),
                    ec.pointMultiply(h * s1 % ec.n, ec.G))
    return R[0] % ec.n == r
Exemple #3
0
def ecssa_pubkey_recovery_raw(e: bytes, ssasig: Signature) -> PubKey:
    r, s = ssasig
    R = (r, ec.yQuadraticResidue(r, True))
    e = int_from_hash(e, ec.n)
    assert e != 0 and e < ec.n, "invalid challenge e"
    e1 = mod_inv(e, ec.n)
    return ec.pointAdd(ec.pointMultiply((e1 * s) % ec.n, ec.G),
                       ec.pointMultiply(ec.n - e1, R))
def ecdsa_sign_raw(m: bytes, prvkey: int, eph_prv: int) -> Signature:
    R = ec.pointMultiply(eph_prv, ec.G)
    r = R[0] % ec.n
    h = int_from_hash(m, ec.n)
    # assert h
    s = mod_inv(eph_prv, ec.n) * (h + prvkey * r) % ec.n
    assert r != 0 and s != 0, "failed to sign"
    return r, s
Exemple #5
0
def ecssa_pubkey_recovery_raw(m: bytes,
                              ssasig: Signature,
                              hasher=sha256) -> PubKey:
    R_x, s = ssasig
    R = (R_x, ec.y(R_x, 0))
    R_x = R_x.to_bytes(32, 'big')
    e = hasher(R_x + m).digest()
    e = int_from_hash(e, ec.order)
    assert e != 0 and e < ec.order, "invalid e value"
    e1 = mod_inv(e, ec.order)
    return ec.pointAdd(ec.pointMultiply(e1, R),
                       ec.pointMultiply(-e1 * s % ec.order, ec.G))