def ecdsa_raw_recover(msg_hash, vrs):
# type: (bytes, Tuple[int, int, int]) -> Optional[bytes]
v, r, s = vrs
v += 27
if not (27 <= v <= 34):
raise BadSignature("%d must in range 27-31" % v)
x = r
xcubedaxb = (x * x * x + A * x + B) % P
beta = pow(xcubedaxb, (P + 1) // 4, P)
y = beta if v % 2 ^ beta % 2 else (P - beta)
# If xcubedaxb is not a quadratic residue, then r cannot be the x coord
# for a point on the curve, and so the sig is invalid
if (xcubedaxb - y * y) % P != 0 or not (r % N) or not (s % N):
raise BadSignature("Invalid signature")
z = big_endian_to_int(msg_hash)
Gz = jacobian_multiply((Gx, Gy, 1), (N - z) % N)
XY = jacobian_multiply((x, y, 1), s)
Qr = jacobian_add(Gz, XY)
Q = jacobian_multiply(Qr, inv(r, N))
raw_public_key = from_jacobian(Q)
return encode_raw_public_key(raw_public_key)
def __init__(
self,
signature_bytes: bytes = None,
vrs: Tuple[int, int, int] = None,
backend:
'Union[BaseECCBackend, Type[BaseECCBackend], str, None]' = None,
) -> None:
if bool(signature_bytes) is bool(vrs):
raise TypeError(
"You must provide one of `signature_bytes` or `vrs`")
elif signature_bytes:
validate_signature_bytes(signature_bytes)
try:
self.r = big_endian_to_int(signature_bytes[0:32])
self.s = big_endian_to_int(signature_bytes[32:64])
self.v = ord(signature_bytes[64:65])
except ValidationError as err:
raise BadSignature(str(err))
elif vrs:
v, r, s, = vrs
try:
self.v = v
self.r = r
self.s = s
except ValidationError as err:
raise BadSignature(str(err))
else:
raise TypeError("Invariant: unreachable code path")
super().__init__(backend=backend)
def verify_advertisement_signature(
content_id: ContentID,
hash_tree_root: Hash32,
expires_at: datetime.datetime,
signature: keys.Signature,
public_key: keys.PublicKey,
) -> None:
signing_message = create_advertisement_signing_message(
content_id, hash_tree_root, expires_at)
if not public_key.verify_msg(signing_message, signature):
raise BadSignature("Signature does not validate")
def __init__(self,
rs: Tuple[int, int],
backend: 'Union[BaseECCBackend, Type[BaseECCBackend], str, None]' = None
) -> None:
for value in rs:
try:
validate_signature_r_or_s(value)
except ValidationError as error:
raise BadSignature(error) from error
self._r, self._s = rs
super().__init__(backend=backend)
def __init__(self, signature_bytes=None, vrs=None):
if bool(signature_bytes) is bool(vrs):
raise TypeError(
"You must provide one of `signature_bytes` or `vrs`")
elif signature_bytes:
validate_signature_bytes(signature_bytes)
try:
self.r = big_endian_to_int(signature_bytes[0:32])
self.s = big_endian_to_int(signature_bytes[32:64])
self.v = ord(signature_bytes[64:65])
except ValidationError as err:
raise BadSignature(str(err))
elif vrs:
v, r, s, = vrs
try:
self.v = v
self.r = r
self.s = s
except ValidationError as err:
raise BadSignature(str(err))
else:
raise TypeError("Invariant: unreachable code path")
def ecdsa_recover(self, msg_hash, signature):
signature_bytes = signature.to_bytes()
try:
public_key_bytes = self.keys.PublicKey.from_signature_and_message(
signature_bytes,
msg_hash,
hasher=None,
).format(compressed=False)[1:]
except (ValueError, Exception) as err:
# `coincurve` can raise `ValueError` or `Exception` dependending on
# how the signature is invalid.
raise BadSignature(str(err))
public_key = self.PublicKey(public_key_bytes)
return public_key
def ecdsa_raw_verify(msg_hash, vrs, public_key_bytes):
raw_public_key = decode_public_key(public_key_bytes)
v, r, s = vrs
v += 27
if not (27 <= v <= 34):
raise BadSignature("Invalid Signature")
w = inv(s, N)
z = big_endian_to_int(msg_hash)
u1, u2 = z * w % N, r * w % N
x, y = fast_add(
fast_multiply(G, u1),
fast_multiply(raw_public_key, u2),
)
return bool(r == x and (r % N) and (s % N))
