o

�h��@s$
dd
lm
Z

z
ddlmZ
dZWney/


z
ddlmZ
dZWney,


dZYn
wYn
wddlmZ
ddl	m
Z

ddlmZm
Z
mZmZ
dd	lmZ
dd
lmZmZmZ
eGdd�de��
ZGd
d�de�ZGdd�de�ZGdd�de�ZGdd�de�ZGdd�de�Zeddd�ZdS)�)
�division)
�mpzTF)
�python_2_unicode_compatible�
)
�numbertheory)�normalise_bytes�int_to_bytes�
bit_length�bytes_to_int)
�MalformedPointError)�orderlen�string_to_number�number_to_stringc@sreZ
dZd
Zerddd�
Znddd�
Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�ZdS)�CurveFpzd
    :term:`Short Weierstrass Elliptic Curve <short Weierstrass curve>` over a
    prime field.
    NcCs(t|
�
|_
t|�
|_t|�
|_||_d
S�a�

            The curve of points satisfying y^2 = x^3 + a*x + b (mod p).

            h is an integer that is the cofactor of the elliptic curve domain
            parameters; it is the number of points satisfying the elliptic
            curve equation divided by the order of the base point. It is used
            for selection of efficient algorithm for public point verification.
            N)r�_CurveFp__p�_CurveFp__a�_CurveFp__b�_CurveFp__h��self�
p�
a�
b�
h�r�F/usr/local/CyberCP/lib/python3.10/site-packages/ecdsa/ellipticcurve.py�__init__Bs
	




zCurveFp.__init__cCs|
|_||_
||_||_d
Sr)rrrrrrrrrTs	



cC�Ht|
t
�r"|j}|j|
jko!|j||
j|ko!|j||
j|kStS)
a^
Return True if other is an identical curve, False otherwise.

        Note: the value of the cofactor of the curve is not taken into account
        when comparing curves, as it's derived from the base point and
        intrinsic curve characteristic (but it's complex to compute),
        only the prime and curve parameters are considered.
        )�
isinstancerrrr�NotImplemented�r�otherrrrr�__eq__bs


��zCurveFp.__eq__cC�
||
kS)
z<Return False if other is an identical curve, True otherwise.r�rr"rrr�__ne__s�
zCurveFp.__ne__c

C�t|j
|j|jf�
S�
N)�hashrrr�
rrrr�__hash__w�
zCurveFp.__hash__c


C�|jSr))
rr+rrrrz�
z	CurveFp.pc


Cr.r))
rr+rrrr}r/z	CurveFp.ac


Cr.r))
rr+rrrr�r/z	CurveFp.bc


Cr.r))
rr+rrr�cofactor�r/zCurveFp.cofactorcCs*|||
|
|j|
|j
|jd
kS)z!Is the point (x,y) on this curve?r
)rrr�r�
x�
yrrr�contains_point�s*zCurveFp.contains_pointc

C�6|jdu
rd
�
|j|j|j|j�Sd�
|j|j|j�S)Nz#CurveFp(p={0}, a={1}, b={2}, h={3})zCurveFp(p={0}, a={1}, b={2}))r�formatrrrr+rrr�__str__��






�


�zCurveFp.__str__r))�__name__�
__module__�__qualname__�__doc__�GMPYrr#r&r,rrrr0r4r7rrrrr9s
rc@szeZ
dZd
Zerddd�
Znddd�
Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�ZdS)�	CurveEdTwz/Parameters for a Twisted Edwards Elliptic CurveNcCs.t|
�
|_
t|�
|_t|�
|_||_||_d
S�z�
            The curve of points satisfying a*x^2 + y^2 = 1 + d*x^2*y^2 (mod p).

            h is the cofactor of the curve.
            hash_func is the hash function associated with the curve
             (like SHA-512 for Ed25519)
            N)r�
_CurveEdTw__p�
_CurveEdTw__a�
_CurveEdTw__d�
_CurveEdTw__h�_CurveEdTw__hash_func�rrr�
dr�	hash_funcrrrr�s








zCurveEdTw.__init__cCs"|
|_||_
||_||_||_d
Sr?)r@rArBrCrDrErrrr�s





cCr)
z,Returns True if other is an identical curve.)rr>r@rArBr r!rrrr#�s


��zCurveEdTw.__eq__cCr$)
z@Return False if the other is an identical curve, True otherwise.rr%rrrr&�r'zCurveEdTw.__ne__c

Cr(r))r*r@rArBr+rrrr,�r-zCurveEdTw.__hash__cCs:|j|
|
||d
|j
|
|
|||jdkS)z"Is the point (x, y) on this curve?rr
)rArBr@r1rrrr4�s
.
��zCurveEdTw.contains_pointc


Cr.r))
r@r+rrrr�r/zCurveEdTw.pc


Cr.r))
rAr+rrrr�r/zCurveEdTw.ac


Cr.r))
rBr+rrrrF�r/zCurveEdTw.dcCs
|�|
�
Sr))
rD)r�datarrrrG�s

zCurveEdTw.hash_funcc


Cr.r))
rCr+rrrr0�r/zCurveEdTw.cofactorc

Cr5)Nz%CurveEdTw(p={0}, a={1}, d={2}, h={3})zCurveEdTw(p={0}, a={1}, d={2}))rCr6r@rArBr+rrrr7�r8zCurveEdTw.__str__)NN)r9r:r;r<r=rr#r&r,r4rrrFrGr0r7rrrrr>�s

r>c@s�eZ
dZd
Zedd��
Zedd��
Zedd��
Zedd	��
Z	e	ddd
�
�
Z
dd�Zdd�Zdd�Z
dd�Zddd�
Zedd��
ZdS)�
AbstractPointz2Class for common methods of elliptic curve points.cCspt|�
|
ksJ�
|d
|
d�}||
dd
�}t|�
|
dks"J�
t|�
|
dks,J�
t
|�
}t
|�
}||fS)z�
        Decode public point from :term:`raw encoding`.

        :term:`raw encoding` is the same as the :term:`uncompressed` encoding,
        but without the 0x04 byte at the beginning.
        N�)�lenr
)rH�raw_encoding_length�xs�ys�coord_x�coord_yrrr�_from_raw_encoding�s	




z AbstractPoint._from_raw_encodingc	
Cs�|d
d�dv
rtd�
�
|d
d�dk}t
|dd
��
}|
��}t|d|�|
��||
��|}zt�||�}WntjyL
}
ztd|��
d
}~w
w|t	|d@�
kr]||}||fS|}||fS)z-Decode public point from compressed encoding.Nr)�
�
z#Malformed compressed point encodingrR��0Encoding does not correspond to a point on curve)
rr
r�powrrr�square_root_mod_prime�Error�bool)	rH�curve�is_evenr2r�alpha�beta�
er3rrr�_from_compressed

s&


$





���
�
zAbstractPoint._from_compressedcCsp|
d
d�dvs
J�
|�|
dd
�|�\}}|r4|d@r$|
d
d�dks0|d@s4|
d
d�dkr4t
d�
�
||fS)z)Decode public point from hybrid encoding.Nr��
�
rbraz"Inconsistent hybrid point encoding)rQr)�clsrHrL�validate_encodingr2r3rrr�_from_hybrid 
s
�
�zAbstractPoint._from_hybridc

Cs�t|�
}|
�
�}t|�
d
dd}t|�
|krtd�
�
|dd@d?}|ddM<t|d�}tr7t|�
}||d
t�	|
�
�|||
��|�|}zt�||�}Wntj
yi
}	
ztd	|	��
d
}	~	w
w|d|kru||}||fS)z#Decode a point on an Edwards curve.r��z%Point length doesn't match the curve.������littlerUNrJ)�	bytearrayrr	rKrr
r=rr�inverse_modrFrrWrX)
rcrZrHr�exp_len�x_0r3�x2r2r^rrr�
_from_edwards4
s6








���



���

zAbstractPoint._from_edwardsTNc	CsZ
|stgd
�
�
}t
dd�|D�
�
std�
�
t|�
}t|
t�r$|�|
|�St|�
}dt|
�	��
}||krDd|vrD|�
||�\}}||fS||dkr�d|vsRd	|vr�|d
d�dvrkd|vrk|�|||�\}}||fS|d
d�dkr�d	|vr�|�
|dd
�|�\}}||fStd
�
�
||ddkr�d|vr�|�
||
�\}}||fStd�d�|�
�
�
�
)a�
        Initialise the object from byte encoding of a point.

        The method does accept and automatically detect the type of point
        encoding used. It supports the :term:`raw encoding`,
        :term:`uncompressed`, :term:`compressed`, and :term:`hybrid` encodings.

        Note: generally you will want to call the ``from_bytes()`` method of
        either a child class, PointJacobi or Point.

        :param data: single point encoding of the public key
        :type data: :term:`bytes-like object`
        :param curve: the curve on which the public key is expected to lay
        :type curve: ~ecdsa.ellipticcurve.CurveFp
        :param validate_encoding: whether to verify that the encoding of the
            point is self-consistent, defaults to True, has effect only
            on ``hybrid`` encoding
        :type validate_encoding: bool
        :param valid_encodings: list of acceptable point encoding formats,
            supported ones are: :term:`uncompressed`, :term:`compressed`,
            :term:`hybrid`, and :term:`raw encoding` (specified with ``raw``
            name). All formats by default (specified with ``None``).
        :type valid_encodings: :term:`set-like object`

        :raises `~ecdsa.errors.MalformedPointError`: if the public point does
            not lay on the curve or the encoding is invalid

        :return: x and y coordinates of the encoded point
        :rtype: tuple(int, int)
        ��uncompressed�
compressed�hybrid�rawc
ss�|]	}
|
td�
vV
qd
S)rrN)
�set)�.0�
irrr�	<genexpr>}
s
�
�
�z+AbstractPoint.from_bytes.<locals>.<genexpr>z@Only uncompressed, compressed, hybrid or raw encoding supported.rJrvrrursNr`�
z*Invalid X9.62 encoding of the public pointrtz[Length of string does not match lengths of any of the enabled ({0}) encodings of the curve.z, )rw�all�
ValueErrorrrr>rqrKrrrQrerr_r6�join)	rcrZrHrd�valid_encodings�key_lenrLrOrPrrr�
from_bytesW
sV"

��
�





��


��

��
�
�
�zAbstractPoint.from_bytesc
Cs0|���
�}
t|��|
�}t|��|
�}||S)
z.Convert the point to the :term:`raw encoding`.�rZrrr2r3)r�prime�x_str�y_strrrr�_raw_encode�
s


zAbstractPoint._raw_encodec
Cs6|���
�}
t|��|
�}|��d
@rd|Sd|S)z*Encode the point into the compressed form.rrSrRr�)rr�r�rrr�_compressed_encode�
s




z AbstractPoint._compressed_encodec
Cs$|��}
|�
�d
@rd|
Sd|
S)z&Encode the point into the hybrid form.rrbra)r�r3)r�raw_encrrr�_hybrid_encode�
s


zAbstractPoint._hybrid_encodec
Csd|��
|�
�|��|����}
}}t|�
d
dd}t||d�}|
dr0|ddO<|S)z/Encode the point according to RFC8032 encoding.rrfrgrkrJrhri)�scaler2r3rZrr	r)rr2r3r�enc_lenr�rrr�_edwards_encode�
s 




zAbstractPoint._edwards_encodervcCsb|
d
vsJ�
|��}t
|t�r|��S|
dkr|��S|
dkr%d|��S|
dkr-|��S|��S)a�

        Convert the point to a byte string.

        The method by default uses the :term:`raw encoding` (specified
        by `encoding="raw"`. It can also output points in :term:`uncompressed`,
        :term:`compressed`, and :term:`hybrid` formats.

        For points on Edwards curves `encoding` is ignored and only the
        encoding defined in RFC 8032 is supported.

        :return: :term:`raw encoding` of a public on the curve
        :rtype: bytes
        )rvrsrtrurvrsr{ru)rZrr>r�r�r�r�)r�encodingrZrrr�to_bytes�
s









zAbstractPoint.to_bytesc
CsVg}
|r)|d
r|d}|d
kr|d8}|
�|�

||8}n|
�d�

|d
}|s|
S)z&Calculate non-adjacent form of number.rJ�r
)
�append)�mult�ret�ndrrr�_naf�
s










�
zAbstractPoint._naf)TN)
rv)r9r:r;r<�staticmethodrQr_�classmethodrerqr�r�r�r�r�r�r�rrrrrI�s(








"�T

rIcs
eZ
dZd
Zd?�f
dd�	Ze				d@�f
dd�	�
Zd	d
�Zdd�Zd
d�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�ZedAdd �
�
Zd!d"�Zd#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Zd7d8�Zd9d:�Z d;d<�Z!d=d>�Z"�Z#S)B�PointJacobiu�
    Point on a short Weierstrass elliptic curve. Uses Jacobi coordinates.

    In Jacobian coordinates, there are three parameters, X, Y and Z.
    They correspond to affine parameters 'x' and 'y' like so:

    x = X / Z²
    y = Y / Z³
    NFcsbtt
|���
|
|_tr t|�
t|�
t|�
f|_|ot|�
|_n	|||f|_||_||_g|_	d
S)aF
        Initialise a point that uses Jacobi representation internally.

        :param CurveFp curve: curve on which the point resides
        :param int x: the X parameter of Jacobi representation (equal to x when
          converting from affine coordinates
        :param int y: the Y parameter of Jacobi representation (equal to y when
          converting from affine coordinates
        :param int z: the Z parameter of Jacobi representation (equal to 1 when
          converting from affine coordinates
        :param int order: the point order, must be non zero when using
          generator=True
        :param bool generator: the point provided is a curve generator, as
          such, it will be commonly used with scalar multiplication. This will
          cause to precompute multiplication table generation for it
        N)
�superr�r�_PointJacobi__curver=r�_PointJacobi__coords�_PointJacobi__order�_PointJacobi__generator�_PointJacobi__precompute)rrZr2r3�
z�order�	generator�
�	__class__rrrs







zPointJacobi.__init__Tc	s,tt
|��|
|||�\}}t
|
||d
||�S)aP
        Initialise the object from byte encoding of a point.

        The method does accept and automatically detect the type of point
        encoding used. It supports the :term:`raw encoding`,
        :term:`uncompressed`, :term:`compressed`, and :term:`hybrid` encodings.

        :param data: single point encoding of the public key
        :type data: :term:`bytes-like object`
        :param curve: the curve on which the public key is expected to lay
        :type curve: ~ecdsa.ellipticcurve.CurveFp
        :param validate_encoding: whether to verify that the encoding of the
            point is self-consistent, defaults to True, has effect only
            on ``hybrid`` encoding
        :type validate_encoding: bool
        :param valid_encodings: list of acceptable point encoding formats,
            supported ones are: :term:`uncompressed`, :term:`compressed`,
            :term:`hybrid`, and :term:`raw encoding` (specified with ``raw``
            name). All formats by default (specified with ``None``).
        :type valid_encodings: :term:`set-like object`
        :param int order: the point order, must be non zero when using
            generator=True
        :param bool generator: the point provided is a curve generator, as
            such, it will be commonly used with scalar multiplication. This
            will cause to precompute multiplication table generation for it

        :raises `~ecdsa.errors.MalformedPointError`: if the public point does
            not lay on the curve or the encoding is invalid

        :return: Point on curve
        :rtype: PointJacobi
        r)r�r�r��	rcrZrHrdrr�r�rOrPr�rrr�!s
*
�zPointJacobi.from_bytesc
Cs�|jr|j
rdS|j}
|
sJ�
g}d
}|
d9}
|j\}}}t|j||||
�}|
d9}
|�|��|��f�

||
krR|d9}|�	��
�}|�|��|��f�

||
ks9||_
dS)NrrJ)r�r�r�r�r�r�r�r2r3�doubler�)rr��
precomputeryrOrP�coord_z�doublerrrr�_maybe_precomputePs"












�
zPointJacobi._maybe_precomputec
Cs|j�
�}
|
Sr))�__dict__�copy�r�staterrr�__getstate__js

zPointJacobi.__getstate__cCs|j�
|
�

dSr))r��updater�rrr�__setstate__rs
zPointJacobi.__setstate__cCs�|j\}}}|
t
ur
|St|
t�r|
��|
��d
}}}nt|
t�r+|
j\}}}ntS|j|
�	�kr6dS|j�
�}|||}	|||}
||
||	|dkob||
|||	||dkS)z}Compare for equality two points with each-other.

        Note: only points that lay on the same curve can be equal.
        rFr
)r��INFINITYr�Pointr2r3r�r r�rZr)rr"�x1�y1�z1rp�y2�z2r�zz1�zz2rrrr#us&














��zPointJacobi.__eq__cCr$�
z2Compare for inequality two points with each-other.rr%rrrr&�r'zPointJacobi.__ne__c


Cr.)
zIReturn the order of the point.

        None if it is undefined.
        )
r�r+rrrr��szPointJacobi.orderc


Cr.)
z-Return curve over which the point is defined.)
r�r+rrrrZ��zPointJacobi.curvec
Cs>|j\}
}}|d
kr|
S|j
��}t�||�}|
|d|S)aC

        Return affine x coordinate.

        This method should be used only when the 'y' coordinate is not needed.
        It's computationally more efficient to use `to_affine()` and then
        call x() and y() on the returned instance. Or call `scale()`
        and then x() and y() on the returned instance.
        rrJ�r�r�rrrm)rr2�
_r�rrrrr2��	





z
PointJacobi.xc
Cs>|j\}
}}|d
kr|S|j
��}t�||�}||d|S)aC

        Return affine y coordinate.

        This method should be used only when the 'x' coordinate is not needed.
        It's computationally more efficient to use `to_affine()` and then
        call x() and y() on the returned instance. Or call `scale()`
        and then x() and y() on the returned instance.
        rrTr�)rr�r3r�rrrrr3�r�z
PointJacobi.yc
Csf|j\}
}}|d
kr|S|j
��}t�||�}|||}|
||}
||||}|
|d
f|_|S�ze
        Return point scaled so that z == 1.

        Modifies point in place, returns self.
        rr�)rr2r3r�r�z_inv�zz_invrrrr��s








zPointJacobi.scalec
CsT|j\}
}
}|j
��}||stS|��
|j\}}}|d
ks!J�
t|j
|||j�S)zReturn point in affine form.r)r�r�rr�r�r�r�)rr�r�rr2r3rrr�	to_affine�s







zPointJacobi.to_affinecCs"t|�
�|��|��d
|��|
�S)a
Create from an affine point.

        :param bool generator: set to True to make the point to precalculate
          multiplication table - useful for public point when verifying many
          signatures (around 100 or so) or for generator points of a curve.
        r)r�rZr2r3r�)�pointr�rrr�from_affine�s
�zPointJacobi.from_affinec
Cs�|
|
||||}}|sd
S|||}d|
|d|||}d||}	|	|	d||}
|	||
d||}d||}|
||fS)z"Add a point to itself with z == 1.�r
r
r
rJrTrgr)
r�X1�Y1rr�XX�YY�YYYY�
S�
M�
T�Y3�Z3rrr�_double_with_z_1�s








zPointJacobi._double_with_z_1cCs�|d
kr|�|
|||�S|sdS|
|
||||}}|s!dS|||}|||}	d|
|d|||}
d|||	|	|}||d|
|}||
|d||}
||d||	|}||
|fS)z#Add a point to itself, arbitrary z.rr�rJrTrg)
r�)rr�r��Z1rrr�r�r��ZZr�r�r�r�r�rrr�_doubles











zPointJacobi._doublec
	Cs^|j\}
}}|s
t
S|j��|j��}}|�|
||||�\}}}|s%t
St|j||||j�S)
zAdd a point to itself.)r�r�r�rrr�r�r�)	rr�r�r�rr�X3r�r�rrrr�s


zPointJacobi.doublecCs�||
}||}d
||}||}	d||}
|s'|
s'|�|
|||j
���S|
|}|
d|	d||}|
||d||	|}
d||}||
|fS)z&add points when both Z1 and Z2 equal 1r�rJ�r�r�r)rr�r��X2�Y2r�
H�HH�
I�
J�
r�
Vr�r�r�rrr�
_add_with_z_1+s











zPointJacobi._add_with_z_1cCs�||
d
|}|
||}||}	||d
|}
|s*|
s*|�|
||||j
���S|
||	|}||||||	||}|||
|}
|||
fS)zadd points when Z1 == Z2rJ�r�r�r)rr�r�r�r�r�r�
A�
B�
C�
Dr�r�r�rrr�_add_with_z_eq<s





 



zPointJacobi._add_with_z_eqcCs�|||}|||||||}}	||
|}
|
|
|}d
||}|
|}
d|	||}|sB|
sB|�||||j
���S|
|}|||
d||}|||d||
|}||
d|||}|||fS)zadd points when Z2 == 1r�rJr�)rr�r�r�r�r�r�Z1Z1�U2�S2r�r�r�r�r�r�r�r�r�rrr�_add_with_z2_1Ks













zPointJacobi._add_with_z2_1cCs
|||}|||}	|
|	|}
|||}|||	|}||||}
||
}d
|||}|||}d|
||}|sR|sR|�|
||||j
���S|
|}|||d||}|||d|||}||d||	||}|||fS)zadd points with arbitrary zr�rJr�)rr�r�r�r�r��Z2rr��Z2Z2�U1r��S1r�r�r�r�r�r�r�r�r�rrr�_add_with_z_ne^s"















zPointJacobi._add_with_z_necC�||
S�
zAdd other to self.rr%rrr�__radd__u�zPointJacobi.__radd__c	Cs�|s
||||||fS|s|
|||||fS||kr5|d
kr+|�|
||||�S|�
|
|||||�S|d
krC|�||||
||�S|d
krQ|�|
|||||�S|�|
||||||�S)z&add two points, select fastest method.r)r�r�r�r�)rr�r�r�r�r�r�rrrr�_addys











zPointJacobi._addc	Cs�|tkr|
S|
tkr|St
|
t�rt�|
�
}
|j|
jkr td
�
�
|j��}|j\}}}|
j\}}}|�	|||||||�\}	}
}|sCtSt|j|	|
||j
�S)z!Add two points on elliptic curve.z%The other point is on different curve)r�rr�r�r�r�r}rr�r�r�)rr"rr�r�r�r�r�r�r�r�r�rrr�__add__�s













zPointJacobi.__add__cC�||
S�
�Multiply point by an integer.rr%rrr�__rmul__�r�zPointJacobi.__rmul__c		Cs�d
d
d
|j�
�f\}}}}|j}|jD];\}}|
drJ|
ddkr6|
dd}
||||||d|�\}}}q|
dd}
||||||d|�\}}}q|
d}
q|sStSt|j||||j�S)�4Multiply point by integer with precomputation table.r
rJr�r)r�rr�r�r�r�r�)	rr"r�r�r�rr�r�r�rrr�_mul_precompute�s









zPointJacobi._mul_precomputec
	Cs
|jd
r|
s	t
S|
d
kr|S|jr|
|jd}
|��
|jr%|�|
�
S|��}|j\}}}d\}}}|j��|j�	�}}	|j
}
|j}t|�
|
�
�
D]1}|
|||||	�\}}}|dkrl||||||d
|�\}}}qL|dkr}||||||d
|�\}}}qL|s�t
St|j||||j�S)r�rrJr�r
)r�r�r�r�r�r�r�r�rrr�r��reversedr�r�)
rr"r�r�r�r�r�r�rrr�r�ryrrr�__mul__�s2


















�
zPointJacobi.__mul__c!	Cs~|tks|d
kr||
S|
d
kr||St
|t�st�|�
}|��
|��
|jr4|jr4||
||S|jrA|
|j}
||j}d\}}}|j��|j�	�}}|�
�
|j\}	}
}|�
�
|j\}}
}|j}|j
}||	|
|||
||�\}}}||	|
|||
||�\}}}|||}}}|||}}}|s�||
||Stt|�t|
�
�
�
�
}tt|�t|�
�
�
�
}t|�
t|�
kr�d
g
t|�
t|�
|}nt|�
t|�
kr�d
g
t|�
t|�
|}t||�D]�\}} ||||||�\}}}|d
k�
r-| d
k�
rq�| d
k�
r||||||
||�\}}}q�| d
k�
sJ�
||||||
||�\}}}q�|d
k�
rn| d
k�
rF|||||	|
||�\}}}q�| d
k�
rY||||||||�\}}}q�| d
k�
s`J�
||||||||�\}}}q�|d
k�
suJ�
| d
k�
r�|||||	|
||�\}}}q�| d
k�
r�||||||||�\}}}q�| d
k�
s�J�
||||||||�\}}}q�|�
s�tSt|j||||j�S)z{
        Do two multiplications at the same time, add results.

        calculates self*self_mul + other*other_mul
        r
r�)r�rr�r�r�r�r�r�rrr�r�r�r��listr�r��intrK�zip)!r�self_mulr"�	other_mulr�r�r�rrr�r�r�r�r�r�r�r��mAmB_X�mAmB_Y�mAmB_Z�pAmB_X�pAmB_Y�pAmB_Z�mApB_X�mApB_Y�mApB_Z�pApB_X�pApB_Y�pApB_Z�self_naf�	other_nafr�r�rrr�mul_add�sv





















































zPointJacobi.mul_addc
Cs"|j\}
}}t
|j|
|||j�S)
zReturn negated point.)r�r�r�r�)rr2r3r�rrr�__neg__8s
zPointJacobi.__neg__�NF)TNNF)
F)$r9r:r;r<rr�r�r�r�r�r#r&r�rZr2r3r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r
r
�
__classcell__rrr�rr��
sJ




�.
!br�cs�eZ
dZd
Zd �f
dd�	Ze			d!�f
dd�	�
Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Z�ZS)"r�z�A point on a short Weierstrass elliptic curve. Altering x and y is
    forbidden, but they can be read by the x() and y() methods.Ncs�tt
|���
|
|_tr"|ot|�
|_|ot|�
|_|ot|�
|_n	||_||_||_|jr7|j�	||�s7J�
|
rI|
�
�d
krK|rM||tksOJ�
dSdSdSdS)z@curve, x, y, order; order (optional) is the order of this point.rN)r�r�r�
_Point__curver=r�	_Point__x�	_Point__y�
_Point__orderr4r0r�)rrZr2r3r�r�rrrBs








�
zPoint.__init__Tcs(tt
|��|
|||�\}}t
|
|||�S)
ag
        Initialise the object from byte encoding of a point.

        The method does accept and automatically detect the type of point
        encoding used. It supports the :term:`raw encoding`,
        :term:`uncompressed`, :term:`compressed`, and :term:`hybrid` encodings.

        :param data: single point encoding of the public key
        :type data: :term:`bytes-like object`
        :param curve: the curve on which the public key is expected to lay
        :type curve: ~ecdsa.ellipticcurve.CurveFp
        :param validate_encoding: whether to verify that the encoding of the
            point is self-consistent, defaults to True, has effect only
            on ``hybrid`` encoding
        :type validate_encoding: bool
        :param valid_encodings: list of acceptable point encoding formats,
            supported ones are: :term:`uncompressed`, :term:`compressed`,
            :term:`hybrid`, and :term:`raw encoding` (specified with ``raw``
            name). All formats by default (specified with ``None``).
        :type valid_encodings: :term:`set-like object`
        :param int order: the point order, must be non zero when using
            generator=True

        :raises `~ecdsa.errors.MalformedPointError`: if the public point does
            not lay on the curve or the encoding is invalid

        :return: Point on curve
        :rtype: Point
        )r�r�r�)rcrZrHrdrr�rOrPr�rrr�Ws
&
�zPoint.from_bytescCsN|
tur|j
d
up
|jd
uSt|
t�r%|j|
jko$|j
|
j
ko$|j|
jkStS)z�Return True if the points are identical, False otherwise.

        Note: only points that lay on the same curve can be equal.
        N)r�r
r
rr�r
r r%rrrr#�s




�
�zPoint.__eq__cCr$)
z6Returns False if points are identical, True otherwise.rr%rrrr&�r'zPoint.__ne__c

Cst|j
|j|j
��|j�Sr))r�r
r
rr
r+rrrr
�s
z
Point.__neg__cCs�t|
t
�stS|
tkr
|S|tkr|
S|j|
jksJ�
|j|
jkr4|j|
j|j��d
kr0tS|��S|j��}|
j|jt	�
|
j|j|�|}|||j|
j|}||j||j|}t
|j||�S)zAdd one point to another point.r
)rr�r r�r
r
r
rr�rrm)rr"r�
l�x3�y3rrrr��s(












��
z
Point.__add__cCs�d
d�}|
}|dks|jr||jdkrt
S|t
krt
S|dkr&||Sd|}t|j|j|j|j��|j�}||�
d}|}|dkrs|��}||@dkr[||@dkr[||}||@dkrk||@dkrk||}|d}|dksG|S)�Multiply a point by an integer.c
Ss0|d
ksJ�
d}
|
|k
rd|
}
|
|k
s|
dS)Nr
rrJr)r2�resultrrr�leftmost_bit�s



�z#Point.__mul__.<locals>.leftmost_bitr
rTrJr)r
r�r�r
r
r
rr�)rr"r
r^�e3�
negative_selfryr
rrrr��s4










�





�	z
Point.__mul__cCr�)
r
rr%rrrr��szPoint.__rmul__c

Cs|tkrd
Sd|j
|jfS)N�infinityz(%d,%d))r�r
r
r+rrrr7�s


z
Point.__str__c
Cs�|tkrtS|j
��}
|j
��}d
|j|j|t�d|j|
�|
}|s)tS||d|j|
}||j||j|
}t|j
||�S)z)Return a new point that is twice the old.rTrJ)	r�r
rrr
rrmr
r�)rrrr
r
r
rrrr��s




��

zPoint.doublec


Cr.r))
r
r+rrrr2r/zPoint.xc


Cr.r))
r
r+rrrr3r/zPoint.yc


Cr.r))
r
r+rrrrZr/zPoint.curvec


Cr.r))
r
r+rrrr�	r/zPoint.orderr))TNN)r9r:r;r<rr�r�r#r&r
r�r�r�r7r�r2r3rZr�r
rrr�rr�>s(


�*)r�cs�eZ
dZd
Zd(�f
dd�	Ze				d)�f
dd�	�
Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Z�ZS)*�PointEdwardsz�Point on Twisted Edwards curve.

    Internally represents the coordinates on the curve using four parameters,
    X, Y, Z, T. They correspond to affine parameters 'x' and 'y' like so:

    x = X / Z
    y = Y / Z
    x*y = T / Z
    NFcsjtt
|���
|
|_tr#t|�
t|�
t|�
t|�
f|_|o t|�
|_n
||||f|_||_||_g|_	d
S)zS
        Initialise a point that uses the extended coordinates internally.
        N)
r�r
r�_PointEdwards__curver=r�_PointEdwards__coords�_PointEdwards__order�_PointEdwards__generator�_PointEdwards__precompute)rrZr2r3r��
tr�r�r�rrrs







zPointEdwards.__init__c	s2tt
|��|
|||�\}}t
|
||d
||||�S)a�
        Initialise the object from byte encoding of a point.

        `validate_encoding` and `valid_encodings` are provided for
        compatibility with Weierstrass curves, they are ignored for Edwards
        points.

        :param data: single point encoding of the public key
        :type data: :term:`bytes-like object`
        :param curve: the curve on which the public key is expected to lay
        :type curve: ecdsa.ellipticcurve.CurveEdTw
        :param None validate_encoding: Ignored, encoding is always validated
        :param None valid_encodings: Ignored, there is just one encoding
            supported
        :param int order: the point order, must be non zero when using
            generator=True
        :param bool generator: Flag to mark the point as a curve generator,
            this will cause the library to pre-compute some values to
            make repeated usages of the point much faster

        :raises `~ecdsa.errors.MalformedPointError`: if the public point does
            not lay on the curve or the encoding is invalid

        :return: Initialised point on an Edwards curve
        :rtype: PointEdwards
        r)r�r
r�r�r�rrr�'s
$
�
�zPointEdwards.from_bytesc

Cs�|jr|j
r	|j
S|j}
|
sJ�
g}d
}|
d9}
|j\}}}}|j��}t|j|||||
�}	|
d9}
||
kr]|	��}	|	��|	�	�}}|||}|�
|||f�

|d9}|	��}	||
ks6||_
|j
S)NrrJr�)r#
r$
r"
r!
r 
rr
r�r2r3r�r�)
rr�r�ryrOrPr��coord_tr�r�rrrr�Rs.









�




�	
zPointEdwards._maybe_precomputec
Cs<|j\}
}}}|d
kr
|
S|j
��}t�||�}|
||S)zReturn affine x coordinate.r�r!
r 
rrrm)rr�r�r�rr�rrrr2w�





zPointEdwards.xc
Cs<|j\}
}}}
|d
kr
|S|j
��}t�||�}|||S)zReturn affine y coordinate.rr'
)rr�r�r�rr�rrrr3�r(
zPointEdwards.yc


Cr.)
zReturn the curve of the point.)
r 
r+rrrrZ�r�zPointEdwards.curvec


Cr.r))
r"
r+rrrr��r/zPointEdwards.orderc

Csf|j\}
}}}|d
kr
|S|j
��}t�||�}|
||}|||}|||}	||d
|	f|_|Sr�r'
)
rr�r�r�r�rr�r2r3r%
rrrr��s








zPointEdwards.scalecCs�|j\}}}}|
t
ur|p|St|
t�r|
j\}}}}	ntS|j|
��kr)d
S|j��}
|||
}|||
}|||
}
|||
}||koM|
|kS)ztCompare for equality two points with each-other.

        Note: only points on the same curve can be equal.
        F)r!
r�rr
r r 
rZr)rr"r�r�r��t1rpr�r��t2r�xn1�xn2�yn1�yn2rrrr#�s












zPointEdwards.__eq__cCr$r�rr%rrrr&�r'zPointEdwards.__ne__cCs�|
||	}|||	}|||	}
|||	}||
}|
||||||	}||
|}||
}|s@|�|
||||	|
�S|||	}|||	}|||	}|||	}||||fS)
z'add two points, assume sane parameters.)
r�)rr�r�r��T1r�r�r��T2rrr�r�r�r��
E�
F�
Gr�r�r��T3r�rrrr��s












zPointEdwards._addcCs�|
tkr|St
|
t�r|j|
jkrtd
�
�
|j��|j��}}|j\}}}}|
j\}}	}
}|�||||||	|
|||�
\}}
}}|rD|sFtSt|j||
|||j	�S)zAdd point to another.z(The other point is on a different curve.)
r�rr
r 
r}rrr!
r�r"
)rr"rrr�r�r�r/
r�r�r�r0
r�r�r�r4
rrrr��s
�

$

zPointEdwards.__add__cCr�r�rr%rrrr��r�zPointEdwards.__radd__cCs�|
|
|}|||}d
|||}	|||}
|
||
||||}|
|}||	}
|
|}||
|}|||}|||}|
||}||||fS)z)Double the point, assume sane parameters.rJr)rr�r�r�r/
rrr�r�r�r�r1
r3
r2
r�r�r�r4
r�rrrr��s










zPointEdwards._doublec
Csn|j\}
}}}|
r|s
t
S|j��|j��}}|�|
|||||�\}}}	}
|r*|
s,t
St|j|||	|
|j�S)
zReturn point added to itself.)r!
r�r 
rrr�r
r"
)rr�r�r�r/
rrr�r�r�r4
rrrr��s


zPointEdwards.doublecCr�r�rr%rrrr�r�zPointEdwards.__rmul__c
Cs�d
ddd
|j�
�|j��f\}}}}}}|j}|jD]Q\}	}
}|
d}|d
ks+|dkr0|
d}
q|dkrN|
dd}
||||||	|
d|||�
\}}}}q|dksTJ�
|
dd}
||||||	|
d|||�
\}}}}q|rp|srtSt|j|||||j�S)r�r
rr�rJrT)r 
rrr�r$
r�r
r"
)
rr"r�r�r�r4
rrr�r�r�r0
�remrrrr�s(







(

$

zPointEdwards._mul_precomputecCs(
|j\}}}}|r
|r
|
st
S|
d
kr|S|jr|
|jd}
|��r(|�|
�
Sd\}}}}	|j��|j��}
}|j}|j	}
t
|�|
�
�
D]<}|||||	|
|�\}}}}	|dkrm|
||||	|||||
|�
\}}}}	qF|dkr�|
||||	|||||
|�
\}}}}	qF|r�|	s�t
St|j||||	|j�S)r�rrJ)r
rrr
r
)
r!
r�r"
r�r�r 
rrr�r�r�r�r
)rr"r�r�r�r0
r�r�r�r4
rrr�r�ryrrrr�)s.












(

"
�
zPointEdwards.__mul__r
)NNNF)r9r:r;r<rr�r�r�r2r3rZr�r�r#r&r�r�r�r�r�r�r�r�r
rrr�rr

s2




�*%		r
N)�
__future__r�gmpy2rr=�ImportError�gmpy�sixr�r�_compatrrr	r
�errorsr�utilrr
r�objectrr>rIr�r�r
r�rrrr�<module>
sF"





���	




_Y
HP>