Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
recid = meta - 27
j = recid // 2
yp = 0 if (recid % 2) == 0 else 1
ecdsa_signature = signature_bytes[1:]
r, s = ecdsa.util.sigdecode_string(ecdsa_signature, order)
# 1.1
x = r + j * order
# 1.3. This actually calculates for either effectively 02||X or 03||X depending on 'k' instead of always for 02||X as specified.
# This substitutes for the lack of reversing R later on. -R actually is defined to be just flipping the y-coordinate in the elliptic curve.
alpha = ((x * x * x) + (curve.a() * x) + curve.b()) % curve.p()
beta = ecdsa.numbertheory.square_root_mod_prime(alpha, curve.p())
if (beta - yp) % 2 == 0:
y = beta
else:
y = curve.p() - beta
# 1.4 Constructor of Point is supposed to check if nR is at infinity.
R = ecdsa.ellipticcurve.Point(curve, x, y, order)
# 1.5 Compute e
h = double_sha256(format_message_for_signing(message))
e = ecdsa.util.string_to_number(h)
# 1.6 Compute Q = r^-1(sR - eG)
Q = ecdsa.numbertheory.inverse_mod(r, order) * (s * R + (-e % order) * G)
# Not strictly necessary, but let's verify the message for paranoia's sake.
def _derive_y_from_x(self, x, is_even):
print(it('purple'," y^2 = x^3 + ax + b "))
print(self, x)
""" Derive y point from x point """
curve = ecdsa_SECP256k1.curve
a, b, p = curve.a(), curve.b(), curve.p()
alpha = (pow(x, 3, p) + a * x + b) % p
beta = ecdsa_numbertheory.square_root_mod_prime(alpha, p)
if (beta % 2) == is_even:
beta = p - beta
print(beta)
return beta
def public_pair_for_x(generator, x, is_even):
curve = generator.curve()
p = curve.p()
alpha = (pow(x, 3, p) + curve.a() * x + curve.b()) % p
beta = ecdsa.numbertheory.square_root_mod_prime(alpha, p)
if is_even == bool(beta & 1):
return (x, p - beta)
return (x, beta)
def point_decompress(curve, data):
prefix = data[0]
assert(prefix in ['\x02', '\x03'])
parity = 1 if prefix == '\x02' else -1
x = util.string_to_number(data[1:])
y = numbertheory.square_root_mod_prime(
( x * x * x + curve.a() * x + curve.b() ) % curve.p(), curve.p()
)
y = parity * y % curve.p()
return ellipticcurve.Point(curve, x, y)
if not isinstance(pubkey, (bytes, bytearray)):
raise TypeError('pubkey must be raw bytes')
if len(pubkey) != 33:
raise ValueError('pubkey must be 33 bytes')
if byte2int(pubkey[0]) not in (2, 3):
raise ValueError('invalid pubkey prefix byte')
curve = cls.CURVE.curve
is_odd = byte2int(pubkey[0]) == 3
x = bytes_to_int(pubkey[1:])
# p is the finite field order
a, b, p = curve.a(), curve.b(), curve.p()
y2 = pow(x, 3, p) + b
assert a == 0 # Otherwise y2 += a * pow(x, 2, p)
y = NT.square_root_mod_prime(y2 % p, p)
if bool(y & 1) != is_odd:
y = p - y
point = EC.Point(curve, x, y)
return ecdsa.VerifyingKey.from_public_point(point, curve=cls.CURVE)
def __uncompress_public_key(public_key: bytes) -> bytes:
"""
Uncompress the compressed public key.
:param public_key: compressed public key
:return: uncompressed public key
"""
is_even = public_key.startswith(b'\x02')
x = string_to_number(public_key[1:])
curve = NIST256p.curve
order = NIST256p.order
p = curve.p()
alpha = (pow(x, 3, p) + (curve.a() * x) + curve.b()) % p
beta = square_root_mod_prime(alpha, p)
if is_even == bool(beta & 1):
y = p - beta
else:
y = beta
point = Point(curve, x, y, order)
return b''.join([number_to_string(point.x(), order), number_to_string(point.y(), order)])
def get_ecdsa_verifying_key(pub):
#some shenanigans required to validate a transaction sig; see
#python.ecdsa PR #54. This will be a lot simpler when that's merged.
#https://github.com/warner/python-ecdsa/pull/54/files
if not pub[0] in ["\x02", "\x03"]:
log.debug("Invalid pubkey")
return None
is_even = pub.startswith('\x02')
x = string_to_number(pub[1:])
order = SECP256k1.order
p = SECP256k1.curve.p()
alpha = (pow(x, 3, p) + (SECP256k1.curve.a() * x) + SECP256k1.curve.b()) % p
beta = square_root_mod_prime(alpha, p)
if is_even == bool(beta & 1):
y = p - beta
else:
y = beta
if not point_is_valid(SECP256k1.generator, x, y):
return None
point = Point(SECP256k1.curve, x, y, order)
return VerifyingKey.from_public_point(point, SECP256k1,
hashfunc=hashlib.sha256)
y_str = point[baselen + 1:]
return ecdsa.ellipticcurve.Point(curve, ecdsa.util.string_to_number(x_str), ecdsa.util.string_to_number(y_str), order)
else:
# 2.3
if ord(point[0]) == 2:
yp = 0
elif ord(point[0]) == 3:
yp = 1
else:
return None
# 2.2
x_str = point[1:baselen + 1]
x = ecdsa.util.string_to_number(x_str)
# 2.4.1
alpha = ((x * x * x) + (curve.a() * x) + curve.b()) % curve.p()
beta = ecdsa.numbertheory.square_root_mod_prime(alpha, curve.p())
if (beta - yp) % 2 == 0:
y = beta
else:
y = curve.p() - beta
return ecdsa.ellipticcurve.Point(curve, x, y, order)