o 6 h @s$ddlmZz ddlmZdZWney/z ddlmZdZWn ey,dZYnwYnwddlmZddl m Z ddl m Z m Z mZmZdd lmZdd lmZmZmZeGd d d eZGd ddeZGdddeZGdddeZGdddeZGdddeZedddZdS))division)mpzTF)python_2_unicode_compatible) numbertheory)normalise_bytes int_to_bytes bit_length bytes_to_int)MalformedPointError)orderlenstring_to_numbernumber_to_stringc@sreZdZdZerdddZndddZddZdd Zd d Zd d Z ddZ ddZ ddZ ddZ ddZdS)CurveFpzd :term:`Short Weierstrass Elliptic Curve ` over a prime field. NcCs(t||_t||_t||_||_dSa The curve of points satisfying y^2 = x^3 + a*x + b (mod p). h is an integer that is the cofactor of the elliptic curve domain parameters; it is the number of points satisfying the elliptic curve equation divided by the order of the base point. It is used for selection of efficient algorithm for public point verification. N)r _CurveFp__p _CurveFp__a _CurveFp__b _CurveFp__hselfpabhrg/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/ecdsa/ellipticcurve.py__init__Bs   zCurveFp.__init__cCs||_||_||_||_dSr)rrrrrrrrrTs  cCHt|tr"|j}|j|jko!|j||j|ko!|j||j|kStS)a^Return True if other is an identical curve, False otherwise. Note: the value of the cofactor of the curve is not taken into account when comparing curves, as it's derived from the base point and intrinsic curve characteristic (but it's complex to compute), only the prime and curve parameters are considered. ) isinstancerrrrNotImplementedrotherrrrr__eq__bs  zCurveFp.__eq__cC ||k S)zr@rArBr r!rrrr#s  zCurveEdTw.__eq__cCr$)z@Return False if the other is an identical curve, True otherwise.rr%rrrr&r'zCurveEdTw.__ne__cCr(r))r*r@rArBr+rrrr,r-zCurveEdTw.__hash__cCs:|j||||d|j|||||jdkS)z"Is the point (x, y) on this curve?rr)rArBr@r1rrrr4s .zCurveEdTw.contains_pointcCr.r))r@r+rrrrr/z CurveEdTw.pcCr.r))rAr+rrrrr/z CurveEdTw.acCr.r))rBr+rrrrFr/z CurveEdTw.dcCs ||Sr))rD)rdatarrrrGs zCurveEdTw.hash_funccCr.r))rCr+rrrr0r/zCurveEdTw.cofactorcCr5)Nz%CurveEdTw(p={0}, a={1}, d={2}, h={3})zCurveEdTw(p={0}, a={1}, d={2}))rCr6r@rArBr+rrrr7r8zCurveEdTw.__str__)NN)r9r:r;r<r=rr#r&r,r4rrrFrGr0r7rrrrr>s    r>c@seZdZdZeddZeddZeddZedd Z e dd d Z ddZ ddZ ddZ ddZdddZeddZd S) AbstractPointz2Class for common methods of elliptic curve points.cCspt||ksJ|d|d}||dd}t||dks"Jt||dks,Jt|}t|}||fS)z Decode public point from :term:`raw encoding`. :term:`raw encoding` is the same as the :term:`uncompressed` encoding, but without the 0x04 byte at the beginning. N)lenr )rHraw_encoding_lengthxsyscoord_xcoord_yrrr_from_raw_encodings z AbstractPoint._from_raw_encodingc Cs|dddvr td|dddk}t|dd}|}t|d|||||}zt||}WntjyL}ztd|d}~ww|t |d@kr]||}||fS|}||fS)z-Decode public point from compressed encoding.Nr)z#Malformed compressed point encodingrR0Encoding does not correspond to a point on curve) r r rpowrrrsquare_root_mod_primeErrorbool) rHcurveis_evenr2ralphabetaer3rrr_from_compressed s&$zAbstractPoint._from_compressedcCsp|dddvs J||dd|\}}|r4|d@r$|dddks0|d@s4|dddkr4td||fS)z)Decode public point from hybrid encoding.Nrrbraz"Inconsistent hybrid point encoding)rQr )clsrHrLvalidate_encodingr2r3rrr _from_hybrid szAbstractPoint._from_hybridc Cst|}|}t|ddd}t||krtd|dd@d?}|ddM<t|d}tr7t|}||dt | ||| ||}zt ||}Wntj yi} ztd | d } ~ ww|d |kru| |}||fS) z#Decode a point on an Edwards curve.rz%Point length doesn't match the curve.littlerUNrJ) bytearrayrr rKr r r=rr inverse_modrFrrWrX) rcrZrHrexp_lenx_0r3x2r2r^rrr _from_edwards4s6     zAbstractPoint._from_edwardsTNc CsZ|stgd}tdd|Dstdt|}t|tr$|||St|}dt| }||krDd|vrD| ||\}}||fS||dkrd|vsRd |vr|d dd vrkd|vrk| |||\}}||fS|d dd krd |vr| |dd |\}}||fSt d ||ddkrd|vr| ||\}}||fSt dd|)a Initialise the object from byte encoding of a point. The method does accept and automatically detect the type of point encoding used. It supports the :term:`raw encoding`, :term:`uncompressed`, :term:`compressed`, and :term:`hybrid` encodings. Note: generally you will want to call the ``from_bytes()`` method of either a child class, PointJacobi or Point. :param data: single point encoding of the public key :type data: :term:`bytes-like object` :param curve: the curve on which the public key is expected to lay :type curve: ~ecdsa.ellipticcurve.CurveFp :param validate_encoding: whether to verify that the encoding of the point is self-consistent, defaults to True, has effect only on ``hybrid`` encoding :type validate_encoding: bool :param valid_encodings: list of acceptable point encoding formats, supported ones are: :term:`uncompressed`, :term:`compressed`, :term:`hybrid`, and :term:`raw encoding` (specified with ``raw`` name). All formats by default (specified with ``None``). :type valid_encodings: :term:`set-like object` :raises `~ecdsa.errors.MalformedPointError`: if the public point does not lay on the curve or the encoding is invalid :return: x and y coordinates of the encoded point :rtype: tuple(int, int)  uncompressed compressedhybridrawcss|] }|tdvVqdS)rrN)set).0irrr }s  z+AbstractPoint.from_bytes..z@Only uncompressed, compressed, hybrid or raw encoding supported.rJrvrrursNr`z*Invalid X9.62 encoding of the public pointrtz[Length of string does not match lengths of any of the enabled ({0}) encodings of the curve.z, )rwall ValueErrorrrr>rqrKr rrQrer r_r6join) rcrZrHrdvalid_encodingskey_lenrLrOrPrrr from_bytesWsV"     zAbstractPoint.from_bytescCs0|}t||}t||}||S)z.Convert the point to the :term:`raw encoding`.rZrrr2r3)rprimex_stry_strrrr _raw_encodes zAbstractPoint._raw_encodecCs6|}t||}|d@rd|Sd|S)z*Encode the point into the compressed form.rrSrRr)rrrrrr_compressed_encodes  z AbstractPoint._compressed_encodecCs$|}|d@rd|Sd|S)z&Encode the point into the hybrid form.rrbra)rr3)rraw_encrrr_hybrid_encodes zAbstractPoint._hybrid_encodecCsd||||}}}t|ddd}t||d}|dr0|ddO<|S)z/Encode the point according to RFC8032 encoding.rrfrgrkrJrhri)scaler2r3rZrr r)rr2r3renc_lenrrrr_edwards_encodes  zAbstractPoint._edwards_encodervcCsb|dvsJ|}t|tr|S|dkr|S|dkr%d|S|dkr-|S|S)a Convert the point to a byte string. The method by default uses the :term:`raw encoding` (specified by `encoding="raw"`. It can also output points in :term:`uncompressed`, :term:`compressed`, and :term:`hybrid` formats. For points on Edwards curves `encoding` is ignored and only the encoding defined in RFC 8032 is supported. :return: :term:`raw encoding` of a public on the curve :rtype: bytes )rvrsrtrurvrsr{ru)rZrr>rrrr)rencodingrZrrrto_bytess   zAbstractPoint.to_bytescCsVg}|r)|dr|d}|dkr|d8}||||8}n|d|d}|s|S)z&Calculate non-adjacent form of number.rJr)append)multretndrrr_nafs    zAbstractPoint._naf)TN)rv)r9r:r;r< staticmethodrQr_ classmethodrerqrrrrrrrrrrrrIs(    " T rIcseZdZdZd?fdd Ze    d@fdd Zd d Zd d Zd dZ ddZ ddZ ddZ ddZ ddZddZddZddZedAdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Zd7d8Zd9d:Z d;d<Z!d=d>Z"Z#S)B PointJacobiu Point on a short Weierstrass elliptic curve. Uses Jacobi coordinates. In Jacobian coordinates, there are three parameters, X, Y and Z. They correspond to affine parameters 'x' and 'y' like so: x = X / Z² y = Y / Z³ NFcsbtt|||_tr t|t|t|f|_|ot||_n |||f|_||_||_g|_ dS)aF Initialise a point that uses Jacobi representation internally. :param CurveFp curve: curve on which the point resides :param int x: the X parameter of Jacobi representation (equal to x when converting from affine coordinates :param int y: the Y parameter of Jacobi representation (equal to y when converting from affine coordinates :param int z: the Z parameter of Jacobi representation (equal to 1 when converting from affine coordinates :param int order: the point order, must be non zero when using generator=True :param bool generator: the point provided is a curve generator, as such, it will be commonly used with scalar multiplication. This will cause to precompute multiplication table generation for it N) superrr_PointJacobi__curver=r_PointJacobi__coords_PointJacobi__order_PointJacobi__generator_PointJacobi__precompute)rrZr2r3zorder generator __class__rrrs  zPointJacobi.__init__Tc s,tt|||||\}}t|||d||S)aP Initialise the object from byte encoding of a point. The method does accept and automatically detect the type of point encoding used. It supports the :term:`raw encoding`, :term:`uncompressed`, :term:`compressed`, and :term:`hybrid` encodings. :param data: single point encoding of the public key :type data: :term:`bytes-like object` :param curve: the curve on which the public key is expected to lay :type curve: ~ecdsa.ellipticcurve.CurveFp :param validate_encoding: whether to verify that the encoding of the point is self-consistent, defaults to True, has effect only on ``hybrid`` encoding :type validate_encoding: bool :param valid_encodings: list of acceptable point encoding formats, supported ones are: :term:`uncompressed`, :term:`compressed`, :term:`hybrid`, and :term:`raw encoding` (specified with ``raw`` name). All formats by default (specified with ``None``). :type valid_encodings: :term:`set-like object` :param int order: the point order, must be non zero when using generator=True :param bool generator: the point provided is a curve generator, as such, it will be commonly used with scalar multiplication. This will cause to precompute multiplication table generation for it :raises `~ecdsa.errors.MalformedPointError`: if the public point does not lay on the curve or the encoding is invalid :return: Point on curve :rtype: PointJacobi r)rrr rcrZrHrdrrrrOrPrrrr!s *zPointJacobi.from_bytescCs|jr|jrdS|j}|sJg}d}|d9}|j\}}}t|j||||}|d9}|||f||krR|d9}| }|||f||ks9||_dS)NrrJ) rrrrrrrr2r3doubler)rr precomputeryrOrPcoord_zdoublerrrr_maybe_precomputePs"    zPointJacobi._maybe_precomputecCs|j}|Sr))__dict__copyrstaterrr __getstate__js zPointJacobi.__getstate__cCs|j|dSr))rupdaterrrr __setstate__rszPointJacobi.__setstate__c Cs|j\}}}|tur | St|tr||d}}}nt|tr+|j\}}}ntS|j| kr6dS|j }|||} |||} || || |dkob|| ||| ||dkS)z}Compare for equality two points with each-other. Note: only points that lay on the same curve can be equal. rFr) rINFINITYrPointr2r3rr rrZr) rr"x1y1z1rpy2z2rzz1zz2rrrr#us&      zPointJacobi.__eq__cCr$z2Compare for inequality two points with each-other.rr%rrrr&r'zPointJacobi.__ne__cCr.)zIReturn the order of the point. None if it is undefined. )rr+rrrrszPointJacobi.ordercCr.)z-Return curve over which the point is defined.)rr+rrrrZzPointJacobi.curvecCs>|j\}}}|dkr |S|j}t||}||d|S)aC Return affine x coordinate. This method should be used only when the 'y' coordinate is not needed. It's computationally more efficient to use `to_affine()` and then call x() and y() on the returned instance. Or call `scale()` and then x() and y() on the returned instance. rrJrrrrrm)rr2_rrrrrr2   z PointJacobi.xcCs>|j\}}}|dkr |S|j}t||}||d|S)aC Return affine y coordinate. This method should be used only when the 'x' coordinate is not needed. It's computationally more efficient to use `to_affine()` and then call x() and y() on the returned instance. Or call `scale()` and then x() and y() on the returned instance. rrTr)rrr3rrrrrr3rz PointJacobi.ycCsf|j\}}}|dkr |S|j}t||}|||}|||}||||}||df|_|Sze Return point scaled so that z == 1. Modifies point in place, returns self. rr)rr2r3rrz_invzz_invrrrrs      zPointJacobi.scalecCsT|j\}}}|j}||stS||j\}}}|dks!Jt|j|||jS)zReturn point in affine form.r)rrrrrrr)rrrrr2r3rrr to_affines    zPointJacobi.to_affinecCs"t|||d||S)a Create from an affine point. :param bool generator: set to True to make the point to precalculate multiplication table - useful for public point when verifying many signatures (around 100 or so) or for generator points of a curve. r)rrZr2r3r)pointrrrr from_affineszPointJacobi.from_affinec Cs||||||}}|sdS|||}d||d|||}d||} | | d||} | || d||} d||} | | | fS)z"Add a point to itself with z == 1.rrrrJrTrgr) rX1Y1rrXXYYYYYYSMTY3Z3rrr_double_with_z_1s    zPointJacobi._double_with_z_1cCs|dkr |||||S|sdS||||||}}|s!dS|||}|||} d||d|||} d||| | |} | | d| |} | | | d||} ||d|| |}| | |fS)z#Add a point to itself, arbitrary z.rrrJrTrg)r)rrrZ1rrrrrZZrrrrrrrr_doubles   zPointJacobi._doublec Cs^|j\}}}|s tS|j|j}}||||||\}}}|s%tSt|j||||jS)zAdd a point to itself.)rrrrrrrr) rrrrrrX3rrrrrrs zPointJacobi.doublecCs||}||}d||}||} d||} |s'| s'|||||jS||} | d| d| |} | | | d|| |} d||}| | |fS)z&add points when both Z1 and Z2 equal 1rrJrrr)rrrX2Y2rHHHIJrVrrrrrr _add_with_z_1+s    zPointJacobi._add_with_z_1cCs||d|}|||}||} ||d|} |s*| s*||||||jS| || |} |||| || ||} ||||} | | | fS)zadd points when Z1 == Z2rJrrr)rrrrrrrABCDrrrrrr_add_with_z_eq<s   zPointJacobi._add_with_z_eqcCs|||}|||||||}} |||} | | |} d| |} | | } d| ||}|sB| sB|||||jS|| }||| d||}|||d|| |}|| d|| |}|||fS)zadd points when Z2 == 1rrJr)rrrrrrrZ1Z1U2S2rrrrrrrrrrrr_add_with_z2_1Ks     zPointJacobi._add_with_z2_1cCs|||}|||} || |} |||} ||| |} ||||} | | }d|||}|||}d| | |}|sR|sR||||||jS| |}|||d||}|||d| ||}||d|| ||}|||fS)zadd points with arbitrary zrrJr)rrrrrrZ2rrZ2Z2U1rS1rrrrrrrrrrrr_add_with_z_ne^s"      zPointJacobi._add_with_z_necC||SzAdd other to self.rr%rrr__radd__uzPointJacobi.__radd__c Cs|s ||||||fS|s||||||fS||kr5|dkr+||||||S|||||||S|dkrC|||||||S|dkrQ|||||||S||||||||S)z&add two points, select fastest method.r)rrrr)rrrrrrrrrrr_addyszPointJacobi._addc Cs|tkr|S|tkr |St|trt|}|j|jkr td|j}|j\}}}|j\}}}| |||||||\} } } | sCtSt|j| | | |j S)z!Add two points on elliptic curve.z%The other point is on different curve) rrrrrrr}rrrr) rr"rrrrrrrrrrrrr__add__s      zPointJacobi.__add__cC||SMultiply point by an integer.rr%rrr__rmul__rzPointJacobi.__rmul__c Csddd|jf\}}}}|j}|jD];\}}|drJ|ddkr6|dd}|||||| d|\}}}q|dd}||||||d|\}}}q|d}q|sStSt|j||||jS)4Multiply point by integer with precomputation table.rrJrr)rrrrrrr) rr"rrrrrrrrrr_mul_precomputes    zPointJacobi._mul_precomputec Cs|jdr|s tS|dkr|S|jr||jd}||jr%||S|}|j\}}}d\}}}|j|j }} |j } |j } t | |D]1} | ||||| \}}}| dkrl| ||||| d|\}}}qL| dkr}| |||||d|\}}}qL|stSt|j||||jS)rrrJrr)rrrrrrrrrrrrreversedrr) rr"rrrrrrrrrrryrrr__mul__s2   zPointJacobi.__mul__c! Cs~|tks|dkr ||S|dkr||St|tst|}|||jr4|jr4||||S|jrA||j}||j}d\}}}|j|j }}| |j \} } } | |j \} } }|j }|j }|| | | | | ||\}}}|| | | | | ||\}}}|| |}}}|| |}}}|s||||Stt|t|}tt|t|}t|t|krdgt|t||}nt|t|krdgt|t||}t||D]\}} ||||||\}}}|dkr-| dkrq| dkr||||| | ||\}}}q| dksJ||||| | ||\}}}q|dkrn| dkrF||||| | | |\}}}q| dkrY||||||||\}}}q| dks`J||||||||\}}}q|dksuJ| dkr||||| | | |\}}}q| dkr||||||||\}}}q| dksJ||||||||\}}}q|stSt|j||||jS)z{ Do two multiplications at the same time, add results. calculates self*self_mul + other*other_mul rr)rrrrrrrrrrrrrrlistrrintrKzip)!rself_mulr" other_mulrrrrrrrrrrrrrmAmB_XmAmB_YmAmB_ZpAmB_XpAmB_YpAmB_ZmApB_XmApB_YmApB_ZpApB_XpApB_YpApB_Zself_naf other_nafrrrrrmul_addsv                zPointJacobi.mul_addcCs"|j\}}}t|j|| ||jS)zReturn negated point.)rrrr)rr2r3rrrr__neg__8s zPointJacobi.__neg__NF)TNNF)F)$r9r:r;r<rrrrrrr#r&rrZr2r3rrrrrrrrrrrrrrrrrrr __classcell__rrrrrsJ . !brcseZdZdZd fdd Ze   d!fdd Zdd Zd d Zd d Z ddZ ddZ ddZ ddZ ddZddZddZddZddZZS)"rzA point on a short Weierstrass elliptic curve. Altering x and y is forbidden, but they can be read by the x() and y() methods.Ncstt|||_tr"|ot||_|ot||_|ot||_n ||_||_||_|jr7|j ||s7J|rI| dkrK|rM||t ksOJdSdSdSdS)z@curve, x, y, order; order (optional) is the order of this point.rN) rrr _Point__curver=r _Point__x _Point__y _Point__orderr4r0r)rrZr2r3rrrrrBs zPoint.__init__Tcs(tt|||||\}}t||||S)ag Initialise the object from byte encoding of a point. The method does accept and automatically detect the type of point encoding used. It supports the :term:`raw encoding`, :term:`uncompressed`, :term:`compressed`, and :term:`hybrid` encodings. :param data: single point encoding of the public key :type data: :term:`bytes-like object` :param curve: the curve on which the public key is expected to lay :type curve: ~ecdsa.ellipticcurve.CurveFp :param validate_encoding: whether to verify that the encoding of the point is self-consistent, defaults to True, has effect only on ``hybrid`` encoding :type validate_encoding: bool :param valid_encodings: list of acceptable point encoding formats, supported ones are: :term:`uncompressed`, :term:`compressed`, :term:`hybrid`, and :term:`raw encoding` (specified with ``raw`` name). All formats by default (specified with ``None``). :type valid_encodings: :term:`set-like object` :param int order: the point order, must be non zero when using generator=True :raises `~ecdsa.errors.MalformedPointError`: if the public point does not lay on the curve or the encoding is invalid :return: Point on curve :rtype: Point )rrr)rcrZrHrdrrrOrPrrrrWs &zPoint.from_bytescCsN|tur|jdup |jduSt|tr%|j|jko$|j|jko$|j|jkStS)zReturn True if the points are identical, False otherwise. Note: only points that lay on the same curve can be equal. N)rrrrrrr r%rrrr#s    z Point.__eq__cCr$)z6Returns False if points are identical, True otherwise.rr%rrrr&r'z Point.__ne__cCst|j|j|j|jSr))rrrrrr+rrrrsz Point.__neg__cCst|tstS|tkr |S|tkr|S|j|jksJ|j|jkr4|j|j|jdkr0tS|S|j}|j|jt |j|j||}|||j|j|}||j||j|}t|j||S)zAdd one point to another point.r) rrr rrrrrrrrm)rr"rlx3y3rrrrs(    z Point.__add__cCsdd}|}|dks|jr||jdkrtS|tkrtS|dkr&| | Sd|}t|j|j|j |j|j}||d}|}|dkrs|}||@dkr[||@dkr[||}||@dkrk||@dkrk||}|d}|dksG|S)Multiply a point by an integer.cSs0|dksJd}||krd|}||ks |dS)NrrrJr)r2resultrrr leftmost_bits z#Point.__mul__..leftmost_bitrrTrJr)rrrrrrrr)rr"rr^e3 negative_selfryrrrrrs4   z Point.__mul__cCr)rrr%rrrrszPoint.__rmul__cCs|tkrdSd|j|jfS)Ninfinityz(%d,%d))rrrr+rrrr7sz Point.__str__cCs|tkrtS|j}|j}d|j|j|td|j||}|s)tS||d|j|}||j||j|}t|j||S)z)Return a new point that is twice the old.rTrJ) rrrrrrrmrr)rrrrrrrrrrs  z Point.doublecCr.r))rr+rrrr2r/zPoint.xcCr.r))rr+rrrr3r/zPoint.ycCr.r))rr+rrrrZr/z Point.curvecCr.r))rr+rrrr r/z Point.orderr))TNN)r9r:r;r<rrrr#r&rrrrr7rr2r3rZrrrrrrr>s(*)rcseZdZdZd(fdd Ze    d)fdd Zdd Zd d Zd d Z ddZ ddZ ddZ ddZ ddZddZddZddZddZd d!Zd"d#Zd$d%Zd&d'ZZS)* PointEdwardszPoint on Twisted Edwards curve. Internally represents the coordinates on the curve using four parameters, X, Y, Z, T. They correspond to affine parameters 'x' and 'y' like so: x = X / Z y = Y / Z x*y = T / Z NFcsjtt|||_tr#t|t|t|t|f|_|o t||_n ||||f|_||_||_g|_ dS)zS Initialise a point that uses the extended coordinates internally. N) rrr_PointEdwards__curver=r_PointEdwards__coords_PointEdwards__order_PointEdwards__generator_PointEdwards__precompute)rrZr2r3rtrrrrrrs zPointEdwards.__init__c s2tt|||||\}}t|||d||||S)a Initialise the object from byte encoding of a point. `validate_encoding` and `valid_encodings` are provided for compatibility with Weierstrass curves, they are ignored for Edwards points. :param data: single point encoding of the public key :type data: :term:`bytes-like object` :param curve: the curve on which the public key is expected to lay :type curve: ecdsa.ellipticcurve.CurveEdTw :param None validate_encoding: Ignored, encoding is always validated :param None valid_encodings: Ignored, there is just one encoding supported :param int order: the point order, must be non zero when using generator=True :param bool generator: Flag to mark the point as a curve generator, this will cause the library to pre-compute some values to make repeated usages of the point much faster :raises `~ecdsa.errors.MalformedPointError`: if the public point does not lay on the curve or the encoding is invalid :return: Initialised point on an Edwards curve :rtype: PointEdwards r)rrrrrrrr's $zPointEdwards.from_bytesc Cs|jr|jr |jS|j}|sJg}d}|d9}|j\}}}}|j}t|j|||||} |d9}||kr]| } | | }}|||}| |||f|d9}| } ||ks6||_|jS)NrrJr) r#r$r"r!r rrrr2r3rr) rrrryrOrPrcoord_trrrrrrRs.    zPointEdwards._maybe_precomputecCs<|j\}}}}|dkr |S|j}t||}|||S)zReturn affine x coordinate.rr!r rrrm)rrrrrrrrrr2w    zPointEdwards.xcCs<|j\}}}}|dkr |S|j}t||}|||S)zReturn affine y coordinate.rr')rrrrrrrrrr3r(zPointEdwards.ycCr.)zReturn the curve of the point.)r r+rrrrZrzPointEdwards.curvecCr.r))r"r+rrrrr/zPointEdwards.orderc Csf|j\}}}}|dkr |S|j}t||}|||}|||}|||} ||d| f|_|Srr') rrrrrrrr2r3r%rrrrs     zPointEdwards.scalecCs|j\}}}}|tur| p| St|tr|j\}}}} ntS|j|kr)dS|j} ||| } ||| } ||| } ||| }| | koM| |kS)ztCompare for equality two points with each-other. Note: only points on the same curve can be equal. F)r!rrrr r rZr)rr"rrrt1rprrt2rxn1xn2yn1yn2rrrr#s       zPointEdwards.__eq__cCr$rrr%rrrr&r'zPointEdwards.__ne__c Cs||| } ||| } ||| } ||| }|| }||||| | | }| | | }|| }|s@|||||| | S||| }||| }||| }||| }||||fS)z'add two points, assume sane parameters.)r)rrrrT1rrrT2rrrrrrEFGrrrT3rrrrrs          zPointEdwards._addc Cs|tkr|St|tr|j|jkrtd|j|j}}|j\}}}}|j\}} } } ||||||| | | || \} } }}| rD|sFtSt|j| | |||j S)zAdd point to another.z(The other point is on a different curve.) rrrr r}rrr!rr")rr"rrrrrr/rrrr0rrrr4rrrrs $zPointEdwards.__add__cCrrrr%rrrrrzPointEdwards.__radd__cCs|||}|||}d|||} |||} |||||||} | |} | | } | |}| | |}| ||}| ||}| | |}||||fS)z)Double the point, assume sane parameters.rJr)rrrrr/rrrrrrr1r3r2rrrr4rrrrrs        zPointEdwards._doublec Csn|j\}}}}|r |s tS|j|j}}|||||||\}}} } |r*| s,tSt|j||| | |jS)zReturn point added to itself.)r!rr rrrrr") rrrrr/rrrrrr4rrrrszPointEdwards.doublecCrrrr%rrrrrzPointEdwards.__rmul__c Csdddd|j|jf\}}}}}}|j}|jD]Q\} } } |d} | dks+| dkr0|d}q| dkrN|dd}|||||| | d| || \}}}}q| dksTJ|dd}|||||| | d| || \}}}}q|rp|srtSt|j|||||jS)rrrrrJrT)r rrrr$rrr") rr"rrrr4rrrrrr0remrrrrs(  (  $zPointEdwards._mul_precomputec Cs(|j\}}}}|r |r |stS|dkr|S|jr||jd}|r(||Sd\}}}} |j|j} } |j} |j } t | |D]<}| |||| | | \}}}} |dkrm| |||| | ||| | | \}}}} qF|dkr| |||| ||||| | \}}}} qF|r| stSt |j|||| |jS)rrrJ)rrrrr) r!rr"rrr rrrrrrr)rr"rrrr0rrrr4rrrrryrrrr)s.   ("zPointEdwards.__mul__r)NNNF)r9r:r;r<rrrrr2r3rZrrr#r&rrrrrrrrrrrrrr s2 *%  rN) __future__rgmpy2rr= ImportErrorgmpysixrr_compatrrr r errorsr utilr r robjectrr>rIrrrrrrrrsF "      _Y HP>