import os
import re
import base64
import binascii

from . import gf256
from . import fft


class SException(Exception): pass
class InvalidParams(SException): pass
class DetectionException(SException): pass
class DecodingException(SException): pass
class MalformedShare(SException): pass


def compute_x(n):
	return fft.precompute_x(fft.ceil_size(n))[:n]


def _share_byte(secret_b, k, n):
	if not k<=n<255:
		raise InvalidParams("Failed k<=n<255, k={0}, n={1}".format(k, n))
	# we might be concerned with zero coefficients degenerating our polynomial, but there's no reason - we still need k shares to determine it is the case
	coefs = [int(b) for b in os.urandom(k-1)]+[int(secret_b)]
	points = [gf256.evaluate(coefs, i) for i in range(1, n+1)]
	return points
	# we might be concerned with zero coefficients degenerating our polynomial,
	# but there's no reason - we still need k shares to determine it is the case
	coefs = [int(secret_b)]+[int(b) for b in os.urandom(k-1)]
	return fft.evaluate(coefs, n)


def generate_raw(secret, k, n):
	"""Splits secret into shares.

	:param secret: (bytes)
	:param k: number of shares necessary for secret recovery. 1 <= k <= n
	:param n: (int) number of shares generated. 1 <= n < 255
	:return: [(i, (bytes) share), ...]"""
	xs = compute_x(n)
	shares = [_share_byte(b, k, n) for b in secret]
	return [(i+1, bytes([s[i] for s in shares])) for i in range(n)]
	return [(xi, bytes([s[i] for s in shares])) for (i, xi) in enumerate(xs)]


def reconstruct_raw(*shares):
	"""Tries to recover the secret from its shares.

	:param shares: (((int) i, (bytes) share), ...)
	:return: (bytes) reconstructed secret. Too few shares return garbage."""
	if len({x for (x, _) in shares}) < len(shares):
		raise MalformedShare("Found a non-unique share. Please check your inputs.")

	(xs, payloads) = zip(*shares)
	secret_len = len(payloads[0])
	res = [None]*secret_len
	weights = gf256.compute_weights(xs)
	for i in range(secret_len):
		ys = [s[i] for s in payloads]
		res[i] = (gf256.get_constant_coef(weights, ys))
	return bytes(res)


def generate(secret, k, n, encoding="b32", label="", omit_k_n=False):
	"""Wraps generate_raw().

	:param secret: (str or bytes)
	:param k: number of shares necessary for secret recovery
	:param n: number of shares generated
	:param encoding: {hex, b32, b64} desired output encoding. Hexadecimal, Base32 or Base64.
	:param label: (str) any label to prefix the shares with
	:param omit_k_n: (boolean) suppress the default shares prefix
	:return: [(str) share, ...]"""
	if isinstance(secret,str):
		secret = secret.encode("utf-8")
	shares = generate_raw(secret, k, n)

	prefix = ""
	if label:
		prefix = label + "."
	if not omit_k_n:
		prefix += "{0}.{1}.".format(k, n)

	return [prefix + encode(s, encoding) for s in shares]


def reconstruct(*shares, encoding="", raw=False):
	"""Wraps reconstruct_raw.

	:param shares: ((str) share, ...)
	:param encoding: {hex, b32, b64, ""} encoding of share strings. If not provided or empty, the function tries to guess it.
	:param raw: (bool) whether to return bytes (True) or str (False)
	:return: (str or bytes) reconstructed secret. Too few shares returns garbage."""
	if not encoding:
		encoding = detect_encoding(shares)

	bs = reconstruct_raw(*(decode(s, encoding) for s in shares))
		return bs if raw else bs.decode(encoding="utf-8")
	except UnicodeDecodeError:
		raise DecodingException('Failed to decode bytes to utf-8. Either you supplied invalid shares, or you missed the "raw" flag. Offending value: {0}'.format(bs))


def encode(share, encoding="b32"):
	if encoding=="hex": f = base64.b16encode
	elif encoding=="b32": f = base64.b32encode
	else: f = base64.b64encode
	(i, bs) = share
	return "{0}.{1}".format(i, f(bs).decode("utf-8"))


def decode(share, encoding="b32"):
		(*_, i, share_str) = share.split(".")
		i = int(i)
		if not 1<=i<=255:
			raise MalformedShare("Malformed share: Failed 1<=k<=255, k={0}".format(i))
		if encoding=="hex": f = base64.b16decode
		elif encoding=="b32": f = base64.b32decode
		else: f = base64.b64decode
		share_bytes = f(share_str)
		return (i, share_bytes)
	except (ValueError, binascii.Error):
		raise MalformedShare('Malformed share: share="{0}", encoding="{1}"'.format(share, encoding))


def detect_encoding(shares):
	classes = [
		(re.compile(r"(.*\.)?\d+\.([0-9A-F]{2})+"), "hex"),
		(re.compile(r"(.*\.)?\d+\.([A-Z2-7]{8})*([A-Z2-7]{8}|[A-Z2-7]{2}={6}|[A-Z2-7]{4}={4}|[A-Z2-7]{5}={3}|[A-Z2-7]{7}={1})"), "b32"),
		(re.compile(r"(.*\.)?\d+\.([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{2}={2}|[A-Za-z0-9+/]{3}={1})"), "b64")
	for (regexp, res) in classes:
		if all(regexp.fullmatch(share) for share in shares):
			return res
	raise DetectionException("No expected encoding detected")
import math
import cmath
import itertools

from .gf256 import gfmul, gfpow

# values of n-th square roots
# divisors of 255 and their factors in natural numbers
DIVISORS = [3, 5, 15, 17, 51, 85, 255]
FACTORS = {3: [3], 5: [5], 15: [3, 5], 17: [17], 51: [3, 17], 85: [5, 17], 255: [3, 5, 17]}
# values of n-th square roots in GF256
SQUARE_ROOTS = {3: 189, 5: 12, 15: 225, 17: 53, 51: 51, 85: 15, 255: 3}


def ceil_size(n):
	assert n <= DIVISORS[-1]
	for (i, ni) in enumerate(DIVISORS):
		if ni >= n:

	return ni


def precompute_x(n):
	"""Return a geometric sequence [1, w, w**2, ..., w**(n-1)], where w**n==1.
	This can be done only for certain values of n."""
	assert n in SQUARE_ROOTS, n
	w = SQUARE_ROOTS[n]  # primitive N-th square root of 1
	return list(itertools.accumulate([1]+[w]*(n-1), gfmul))


def complex_dft(p):
	"""Quadratic formula from the definition. The basic case in complex numbers."""
	N = len(p)
	w = cmath.exp(-2*math.pi*1j/N)  # primitive N-th square root of 1
	y = [0]*N
	for k in range(N):
		xk = w**k
		for n in range(N):
			y[k] += p[n] * xk**n
	return y


def dft(p):
	"""Quadratic formula from the definition. In GF256."""
	N = len(p)
	x = precompute_x(N)
	y = [0]*N
	for k in range(N):
		for n in range(N):
			y[k] ^= gfmul(p[n], gfpow(x[k], n))
	return y


def compute_inverse(N1, N2):
	for i in range(N2):
		if N1*i % N2 == 1:
			return i
	raise ValueError("Failed to find an inverse to {0} mod {1}.".format(N1, N2))


def prime_fft(p, divisors, basic_dft=dft):
	if len(divisors) == 1:
		return basic_dft(p)
	N = len(p)
	N1 = divisors[0]
	N2 = N//N1
	N1_inv = compute_inverse(N1, N2)
	N2_inv = compute_inverse(N2, N1)

	ys = []
	for n1 in range(N1):  # compute rows
		p_ = [p[(n2*N1+n1*N2) % N] for n2 in range(N2)]
		ys.append(prime_fft(p_, divisors[1:], basic_dft))

	for k2 in range(N2):  # compute cols
		p_ = [row[k2] for row in ys]
		y_ = basic_dft(p_)
		for (yi, row) in zip(y_, ys):  # update col
			row[k2] = yi

	# remap and output
	res = [0]*N
	for k1 in range(N1):
		for k2 in range(N2):
			res[(k1*N2*N2_inv+k2*N1*N1_inv) % N] = ys[k1][k2]
	return res


def evaluate(coefs, n):
	ni = ceil_size(n)
	extended_coefs = coefs + [0]*(ni-len(coefs))
	ys = prime_fft(extended_coefs, FACTORS[ni])

	return ys[:n]
import random
import functools
import operator
from unittest import TestCase

from ..gf256 import evaluate
from .. import gf256
from ..fft import *


def batch_evaluate(coefs, xs):
	return [evaluate(coefs, x) for x in xs]
	return [gf256.evaluate(coefs, x) for x in xs]


class TestFFT(TestCase):
	def test_complex_dft(self):
		self.assertEqual(complex_dft([0]), [0+0j])
		self.assertEqual(complex_dft([1]), [1+0j])
		self.assertEqual(complex_dft([2]), [2+0j])
		all(self.assertAlmostEqual(a, b) for (a, b) in zip(complex_dft([3, 1]), [4+0j, 2+0j]))
		all(self.assertAlmostEqual(a, b) for (a, b) in zip(complex_dft([3, 1, 4]), [8+0j, 0.5+2.59807621j, 0.5-2.59807621j]))
		all(self.assertAlmostEqual(a, b) for (a, b) in zip(complex_dft([3, 1, 4, 1]), [9+0j, -1+0j, 5+0j, -1+0j]))
		all(self.assertAlmostEqual(a, b) for (a, b) in zip(
			complex_dft([3, 1, 4, 1, 5]),
			[14+0j, 0.80901699+2.04087031j, -0.30901699+5.20431056j, -0.30901699-5.20431056j, 0.80901699-2.04087031j]

	def test_complex_prime_fft(self):
		for divisors in [[3], [2, 3], [3, 5], [3, 5, 17], [2, 3, 5, 7, 11]]:
			n = functools.reduce(operator.mul, divisors)
			coefficients = [random.randint(-128, 127) for i in range(n)]
			a = prime_fft(coefficients, divisors, complex_dft)
			b = complex_dft(coefficients)
			all(self.assertAlmostEqual(ai, bi) for (ai, bi) in zip(a, b))

	def test_finite_dft(self):
		x = {i: precompute_x(i) for i in [3, 5, 15, 17]}  # all sets of xs

		for n in [3, 5, 15, 17]:
			coefficients = [random.randint(0, 255) for i in range(n)]
				batch_evaluate(coefficients[::-1], x[n])

	def test_finite_prime_fft(self):
		for divisors in [[3], [3, 5], [3, 17], [5, 17], [3, 5, 17]]:
			n = functools.reduce(operator.mul, divisors)
			coefficients = [random.randint(0, 255) for i in range(n)]
			a = prime_fft(coefficients, divisors)
			b = dft(coefficients)
			all(self.assertAlmostEqual(ai, bi) for (ai, bi) in zip(a, b))
import os
import random
from unittest import TestCase

from .. import *
from .. import gf256
from ..core import encode, decode,detect_encoding, _share_byte
from ..core import encode, decode, detect_encoding, _share_byte, compute_x


class TestShamira(TestCase):
	_urandom = os.urandom

	def setUpClass(cls):
		os.urandom = lambda n: bytes(random.randint(0, 255) for i in range(n))

	def tearDownClass(cls):
		os.urandom = cls._urandom

	def test_share_byte(self):
		with self.assertRaises(InvalidParams):  # too few shares
			_share_byte(b"a", 5, 4)
		with self.assertRaises(InvalidParams):  # too many shares
			_share_byte(b"a", 5, 255)
		with self.assertRaises(ValueError):  # not castable to int
			_share_byte("x", 2, 3)

		ys = _share_byte(ord(b"a"), 2, 3)
		xs = list(range(1, 4))
		xs = compute_x(3)

		weights = gf256.compute_weights(xs)
		self.assertEqual(gf256.get_constant_coef(weights, ys), ord(b"a"))

		weights = gf256.compute_weights(xs[:2])
		self.assertEqual(gf256.get_constant_coef(weights, ys[:2]), ord(b"a"))

		weights = gf256.compute_weights(xs[:1])
		self.assertNotEqual(gf256.get_constant_coef(weights, ys[:1]), ord(b"a"))  # underdetermined => random

	def test_generate_reconstruct_raw(self):
		for (k, n) in [(2, 3), (254, 254)]:
			shares = generate_raw(b"abcd", k, n)
			self.assertEqual(reconstruct_raw(*shares[:k]), b"abcd")
			self.assertNotEqual(reconstruct_raw(*shares[:k-1]), b"abcd")

	def test_generate_reconstruct(self):
		for encoding in ["hex", "b32", "b64"]:
			for secret in [b"abcd", "abcde", "ěščřžý"]:
				for (k, n) in [(2, 3), (254, 254)]:
					raw = isinstance(secret, bytes)
					with self.subTest(enc=encoding, r=raw, sec=secret, k=k, n=n):
						shares = generate(secret, k, n, encoding)
						self.assertEqual(reconstruct(*shares[:k], encoding=encoding, raw=raw), secret)
						self.assertEqual(reconstruct(*shares[:k], raw=raw), secret)
						s = secret if raw else secret.encode("utf-8")
						self.assertNotEqual(reconstruct(*shares[:k-1], encoding=encoding, raw=True), s)
		shares = generate(b"\xfeaa", 2, 3)
		with self.assertRaises(DecodingException):

	def test_encode(self):
		share = (2, b"\x00\x01\x02")
		for (encoding, encoded_str) in [("hex", '000102'), ("b32", 'AAAQE==='), ("b64", 'AAEC')]:
			with self.subTest(enc=encoding):
				self.assertEqual(encode(share, encoding), "2."+encoded_str)

	def test_decode(self):
		with self.assertRaises(MalformedShare):
			decode("1.0001020f", "hex")
			decode("1.000102030", "hex")
			decode("1.AAECAw=", "b64")
			decode("1.AAECA?==", "b64")
			decode("256.00010203", "hex")
		self.assertEqual(decode("1.00010203", "hex"), (1, b"\x00\x01\x02\x03"))
		self.assertEqual(decode("2.AAAQEAY=", "b32"), (2, b"\x00\x01\x02\x03"))
		self.assertEqual(decode("3.AAECAw==", "b64"), (3, b"\x00\x01\x02\x03"))

	def testDetectEncoding(self):
		for shares in [
			["1.00010f"],  # bad case
			["1.000102030"],  # bad char count
			["1.AAAQEAY"],  # no padding
			["1.AAAQe==="],  # bad case
			["1.AAECA?=="],  # bad char
			["1.AAECAw="],  # bad padding
			["1.000102", "2.AAAQEAY="],  # mixed encoding
			["1.000102", "2.AAECAw=="],
			["1.AAECAw==", "2.AAAQE==="],
			[".00010203"],  # no index
			["00010203"]  # no index
			with self.subTest(shares=shares):
				with self.assertRaises(DetectionException):
		self.assertEqual(detect_encoding(["10.00010203"]), "hex")
		self.assertEqual(detect_encoding(["2.AAAQEAY="]), "b32")
		self.assertEqual(detect_encoding(["3.AAECAw=="]), "b64")
		self.assertEqual(detect_encoding(["3.AAECAwQF", "1.00010203"]), "b64")
