# GNU GPLv3, see LICENSE

import os

import re

import base64

import binascii

from . import gf256

class SException(Exception): pass

class InvalidParams(SException): pass

class DetectionException(SException): pass

class DecodingException(SException): pass

class MalformedShare(SException): pass

def _share_byte(secret_b, k, n):

	if not k<=n<255:

		raise InvalidParams("Failed k<=n<255, k={0}, n={1}".format(k, n))

def generate_raw(secret, k, n):

	"""Splits secret into shares.

	:param secret: (bytes)

	:param k: number of shares necessary for secret recovery. 1 <= k <= n

	:param n: (int) number of shares generated. 1 <= n < 255

	:return: [(i, (bytes) share), ...]"""

	shares = [_share_byte(b, k, n) for b in secret]

def reconstruct_raw(*shares):

	"""Tries to recover the secret from its shares.

	:param shares: (((int) i, (bytes) share), ...)

	:return: (bytes) reconstructed secret. Too few shares return garbage."""

	if len({x for (x, _) in shares}) < len(shares):

		raise MalformedShare("Found a non-unique share. Please check your inputs.")

	(xs, payloads) = zip(*shares)

	secret_len = len(payloads[0])

	res = [None]*secret_len

	weights = gf256.compute_weights(xs)

	for i in range(secret_len):

		ys = [s[i] for s in payloads]

		res[i] = (gf256.get_constant_coef(weights, ys))

	return bytes(res)

def generate(secret, k, n, encoding="b32", label="", omit_k_n=False):

	"""Wraps generate_raw().

	:param secret: (str or bytes)

import math

import cmath

import itertools

from .gf256 import gfmul, gfpow

SQUARE_ROOTS = {3: 189, 5: 12, 15: 225, 17: 53, 51: 51, 85: 15, 255: 3}

def precompute_x(n):

	"""Return a geometric sequence [1, w, w**2, ..., w**(n-1)], where w**n==1.

	This can be done only for certain values of n."""

	assert n in SQUARE_ROOTS, n

	w = SQUARE_ROOTS[n]  # primitive N-th square root of 1

	return list(itertools.accumulate([1]+[w]*(n-1), gfmul))

def complex_dft(p):

	"""Quadratic formula from the definition. The basic case in complex numbers."""

	N = len(p)

	w = cmath.exp(-2*math.pi*1j/N)  # primitive N-th square root of 1

	y = [0]*N

	for k in range(N):

		xk = w**k

		for n in range(N):

			y[k] += p[n] * xk**n

	return y

def dft(p):

	"""Quadratic formula from the definition. In GF256."""

	N = len(p)

	x = precompute_x(N)

		return basic_dft(p)

	N = len(p)

	N1 = divisors[0]

	N2 = N//N1

	N1_inv = compute_inverse(N1, N2)

	N2_inv = compute_inverse(N2, N1)

	ys = []

	for n1 in range(N1):  # compute rows

		p_ = [p[(n2*N1+n1*N2) % N] for n2 in range(N2)]

		ys.append(prime_fft(p_, divisors[1:], basic_dft))

	for k2 in range(N2):  # compute cols

		p_ = [row[k2] for row in ys]

		y_ = basic_dft(p_)

		for (yi, row) in zip(y_, ys):  # update col

			row[k2] = yi

	# remap and output

	res = [0]*N

	for k1 in range(N1):

		for k2 in range(N2):

			res[(k1*N2*N2_inv+k2*N1*N1_inv) % N] = ys[k1][k2]

	return res

# GNU GPLv3, see LICENSE

import random

import functools

import operator

from unittest import TestCase

from ..fft import *

def batch_evaluate(coefs, xs):

class TestFFT(TestCase):

	def test_complex_dft(self):

		self.assertEqual(complex_dft([0]), [0+0j])

		self.assertEqual(complex_dft([1]), [1+0j])

		self.assertEqual(complex_dft([2]), [2+0j])

		all(self.assertAlmostEqual(a, b) for (a, b) in zip(complex_dft([3, 1]), [4+0j, 2+0j]))

		all(self.assertAlmostEqual(a, b) for (a, b) in zip(complex_dft([3, 1, 4]), [8+0j, 0.5+2.59807621j, 0.5-2.59807621j]))

		all(self.assertAlmostEqual(a, b) for (a, b) in zip(complex_dft([3, 1, 4, 1]), [9+0j, -1+0j, 5+0j, -1+0j]))

		all(self.assertAlmostEqual(a, b) for (a, b) in zip(

			complex_dft([3, 1, 4, 1, 5]),

			[14+0j, 0.80901699+2.04087031j, -0.30901699+5.20431056j, -0.30901699-5.20431056j, 0.80901699-2.04087031j]

		))

	def test_complex_prime_fft(self):

		random.seed(1918)

		for divisors in [[3], [2, 3], [3, 5], [3, 5, 17], [2, 3, 5, 7, 11]]:

			n = functools.reduce(operator.mul, divisors)

			coefficients = [random.randint(-128, 127) for i in range(n)]

			a = prime_fft(coefficients, divisors, complex_dft)

			b = complex_dft(coefficients)

			all(self.assertAlmostEqual(ai, bi) for (ai, bi) in zip(a, b))

# GNU GPLv3, see LICENSE

import os

import random

from unittest import TestCase

from .. import *

from .. import gf256

class TestShamira(TestCase):

	_urandom = os.urandom

	@classmethod

	def setUpClass(cls):

		random.seed(17)

		os.urandom = lambda n: bytes(random.randint(0, 255) for i in range(n))

	@classmethod

	def tearDownClass(cls):

		os.urandom = cls._urandom

	def test_share_byte(self):

		with self.assertRaises(InvalidParams):  # too few shares

			_share_byte(b"a", 5, 4)

		with self.assertRaises(InvalidParams):  # too many shares

			_share_byte(b"a", 5, 255)

		with self.assertRaises(ValueError):  # not castable to int

			_share_byte("x", 2, 3)

		ys = _share_byte(ord(b"a"), 2, 3)

		weights = gf256.compute_weights(xs)

		self.assertEqual(gf256.get_constant_coef(weights, ys), ord(b"a"))

		weights = gf256.compute_weights(xs[:2])

		self.assertEqual(gf256.get_constant_coef(weights, ys[:2]), ord(b"a"))

		weights = gf256.compute_weights(xs[:1])

		self.assertNotEqual(gf256.get_constant_coef(weights, ys[:1]), ord(b"a"))  # underdetermined => random

	def test_generate_reconstruct_raw(self):

		for (k, n) in [(2, 3), (254, 254)]:

			shares = generate_raw(b"abcd", k, n)

			random.shuffle(shares)

			self.assertEqual(reconstruct_raw(*shares[:k]), b"abcd")

			self.assertNotEqual(reconstruct_raw(*shares[:k-1]), b"abcd")

	def test_generate_reconstruct(self):

		for encoding in ["hex", "b32", "b64"]:

			for secret in [b"abcd", "abcde", "ěščřžý"]:

				for (k, n) in [(2, 3), (254, 254)]:

					raw = isinstance(secret, bytes)

					with self.subTest(enc=encoding, r=raw, sec=secret, k=k, n=n):

						shares = generate(secret, k, n, encoding)