new class RValue to propagate the ECPoint value to sigencode

gstarovo · gstarovo · commit 76833c8b87cc · 2026-03-26T12:45:42.000+01:00
diff --git a/src/ecdsa/ecdsa.py b/src/ecdsa/ecdsa.py
@@ -81,6 +81,21 @@ class InvalidPointError(RuntimeError):
     pass
 
 
+class RValue(int):
+    """An r signature value that also carries the originating EC point.
+
+    Behaves as a regular ``int`` (equal to ``point.x() % order``) so
+    existing :func:`sigencode_*` functions that expect an integer work
+    unchanged.  Functions that need the full EC point can access it via
+    the :attr:`point` attribute.
+    """
+
+    def __new__(cls, r, point):
+        obj = super(RValue, cls).__new__(cls, r)
+        obj.point = point
+        return obj
+
+
 class Signature(object):
     """
     ECDSA signature.
@@ -244,7 +259,7 @@ def __ne__(self, other):
         """Return False if the points are identical, True otherwise."""
         return not self == other
 
-    def sign(self, hash, random_k, accelerate=False):
+    def sign(self, hash, random_k):
         """Return a signature for the provided hash, using the provided
         random nonce.  It is absolutely vital that random_k be an unpredictable
         number in the range [1, self.public_key.point.order()-1].  If
@@ -280,9 +295,7 @@ def sign(self, hash, random_k, accelerate=False):
         ) % n
         if s == 0:
             raise RSZeroError("amazingly unlucky random number s")
-        if accelerate:
-            return Signature(p1, s)
-        return Signature(r, s)
+        return Signature(RValue(r, p1), s)
 
 
 def int_to_string(x):  # pragma: no cover
diff --git a/src/ecdsa/keys.py b/src/ecdsa/keys.py
@@ -1318,7 +1318,6 @@ def sign_deterministic(
         hashfunc=None,
         sigencode=sigencode_string,
         extra_entropy=b"",
-        accelerate=False,
     ):
         """
         Create signature over data.
@@ -1355,10 +1354,6 @@ def sign_deterministic(
             number generator used in the RFC6979 process. Entirely optional.
             Ignored with EdDSA.
         :type extra_entropy: :term:`bytes-like object`
-        :param accelerate: an indicator for ECDSA sign operation to return
-            an ECPoint instead of a number of "r" parameter.
-            Applicable only for ECDSA key.
-        :type accelerate: boolean
 
         :return: encoded signature over `data`
         :rtype: bytes or sigencode function dependent type
@@ -1378,7 +1373,6 @@ def sign_deterministic(
             sigencode=sigencode,
             extra_entropy=extra_entropy,
             allow_truncate=True,
-            accelerate=accelerate,
         )
 
     def sign_digest_deterministic(
@@ -1388,7 +1382,6 @@ def sign_digest_deterministic(
         sigencode=sigencode_string,
         extra_entropy=b"",
         allow_truncate=False,
-        accelerate=False,
     ):
         """
         Create signature for digest using the deterministic RFC6979 algorithm.
@@ -1424,10 +1417,6 @@ def sign_digest_deterministic(
             bigger bit-size than the order of the curve, the extra bits (at
             the end of the digest) will be truncated. Use it when signing
             SHA-384 output using NIST256p or in similar situations.
-        :param accelerate: an indicator for ECDSA sign operation to return
-            an ECPoint instead of a number of "r" parameter.
-            Applicable only for ECDSA key.
-        :type accelerate: boolean
 
         :return: encoded signature for the `digest` hash
         :rtype: bytes or sigencode function dependent type
@@ -1458,7 +1447,6 @@ def simple_r_s(r, s, order):
                     sigencode=simple_r_s,
                     k=k,
                     allow_truncate=allow_truncate,
-                    accelerate=accelerate,
                 )
                 break
             except RSZeroError:
@@ -1474,7 +1462,6 @@ def sign(
         sigencode=sigencode_string,
         k=None,
         allow_truncate=True,
-        accelerate=False,
     ):
         """
         Create signature over data.
@@ -1538,10 +1525,6 @@ def sign(
             leak the key. Caller should try a better entropy source, retry with
             different ``k``, or use the
             :func:`~SigningKey.sign_deterministic` in such case.
-        :param accelerate: an indicator for ECDSA sign operation to return
-            an ECPoint instead of a number of "r" parameter.
-            Applicable only for ECDSA key.
-        :type accelerate: boolean
 
         :return: encoded signature of the hash of `data`
         :rtype: bytes or sigencode function dependent type
@@ -1551,9 +1534,7 @@ def sign(
         if isinstance(self.curve.curve, CurveEdTw):
             return self.sign_deterministic(data)
         h = hashfunc(data).digest()
-        return self.sign_digest(
-            h, entropy, sigencode, k, allow_truncate, accelerate
-        )
+        return self.sign_digest(h, entropy, sigencode, k, allow_truncate)
 
     def sign_digest(
         self,
@@ -1562,7 +1543,6 @@ def sign_digest(
         sigencode=sigencode_string,
         k=None,
         allow_truncate=False,
-        accelerate=False,
     ):
         """
         Create signature over digest using the probabilistic ECDSA algorithm.
@@ -1599,10 +1579,6 @@ def sign_digest(
             leak the key. Caller should try a better entropy source, retry with
             different 'k', or use the
             :func:`~SigningKey.sign_digest_deterministic` in such case.
-        :param accelerate: an indicator for ECDSA sign operation to return
-            an ECPoint instead of a number of "r" parameter.
-            Applicable only for ECDSA key.
-        :type accelerate: boolean
 
         :return: encoded signature for the `digest` hash
         :rtype: bytes or sigencode function dependent type
@@ -1615,10 +1591,10 @@ def sign_digest(
             self.curve,
             allow_truncate,
         )
-        r, s = self.sign_number(number, entropy, k, accelerate)
+        r, s = self.sign_number(number, entropy, k)
         return sigencode(r, s, self.privkey.order)
 
-    def sign_number(self, number, entropy=None, k=None, accelerate=False):
+    def sign_number(self, number, entropy=None, k=None):
         """
         Sign an integer directly.
 
@@ -1637,10 +1613,6 @@ def sign_number(self, number, entropy=None, k=None, accelerate=False):
             leak the key. Caller should try a better entropy source, retry with
             different 'k', or use the
             :func:`~SigningKey.sign_digest_deterministic` in such case.
-        :param accelerate: an indicator for ECDSA sign operation to return
-            an ECPoint instead of a number of "r" parameter.
-            Applicable only for ECDSA key.
-        :type accelerate: boolean
 
         :return: the "r" and "s" parameters of the signature
         :rtype: tuple of ints
@@ -1655,5 +1627,5 @@ def sign_number(self, number, entropy=None, k=None, accelerate=False):
             _k = randrange(order, entropy)
 
         assert 1 <= _k < order
-        sig = self.privkey.sign(number, _k, accelerate)
+        sig = self.privkey.sign(number, _k)
         return sig.r, sig.s
diff --git a/src/ecdsa/test_keys.py b/src/ecdsa/test_keys.py
@@ -429,7 +429,7 @@ def test_ed25519_sig_verify_malformed(self):
 
         # modified signature from test_ed25519_sig_verify
         sig = (
-            b"\xAA\x47\xab\x6a\x33\xcd\x79\x45\xad\x98\x11\x6c\xb9\xf2\x20\xeb"
+            b"\xaa\x47\xab\x6a\x33\xcd\x79\x45\xad\x98\x11\x6c\xb9\xf2\x20\xeb"
             b"\x90\xd6\x50\xe3\xc7\x8f\x9f\x60\x10\xec\x75\xe0\x2f\x27\xd3\x96"
             b"\xda\xe8\x58\x7f\xe0\xfe\x46\x5c\x81\xef\x50\xec\x29\x9f\xae\xd5"
             b"\xad\x46\x3c\x91\x68\x83\x4d\xea\x8d\xa8\x19\x04\x04\x79\x03\x0b"
@@ -663,8 +663,8 @@ def test_ed25519_from_pem(self):
         sk = SigningKey.from_pem(pem_str)
 
         sk_str = SigningKey.from_string(
-            b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"
-            b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",
+            b"\x34\xba\xc7\xd1\x4e\xd4\xf1\xbc\x4f\x8c\x48\x3e\x0f\x19\x77\x4c"
+            b"\xfc\xb8\xbe\xac\x54\x66\x45\x11\x9a\xd7\xd7\xb8\x07\x0b\xf5\xd4",
             Ed25519,
         )
 
@@ -700,8 +700,8 @@ def test_ed25519_from_der_junk_after_priv_key(self):
 
     def test_ed25519_sign(self):
         sk_str = SigningKey.from_string(
-            b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"
-            b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",
+            b"\x34\xba\xc7\xd1\x4e\xd4\xf1\xbc\x4f\x8c\x48\x3e\x0f\x19\x77\x4c"
+            b"\xfc\xb8\xbe\xac\x54\x66\x45\x11\x9a\xd7\xd7\xb8\x07\x0b\xf5\xd4",
             Ed25519,
         )
 
@@ -718,8 +718,8 @@ def test_ed25519_sign(self):
 
     def test_ed25519_sign_digest_deterministic(self):
         sk_str = SigningKey.from_string(
-            b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"
-            b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",
+            b"\x34\xba\xc7\xd1\x4e\xd4\xf1\xbc\x4f\x8c\x48\x3e\x0f\x19\x77\x4c"
+            b"\xfc\xb8\xbe\xac\x54\x66\x45\x11\x9a\xd7\xd7\xb8\x07\x0b\xf5\xd4",
             Ed25519,
         )
         with self.assertRaises(ValueError) as e:
@@ -729,8 +729,8 @@ def test_ed25519_sign_digest_deterministic(self):
 
     def test_ed25519_sign_digest(self):
         sk_str = SigningKey.from_string(
-            b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"
-            b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",
+            b"\x34\xba\xc7\xd1\x4e\xd4\xf1\xbc\x4f\x8c\x48\x3e\x0f\x19\x77\x4c"
+            b"\xfc\xb8\xbe\xac\x54\x66\x45\x11\x9a\xd7\xd7\xb8\x07\x0b\xf5\xd4",
             Ed25519,
         )
         with self.assertRaises(ValueError) as e:
@@ -740,8 +740,8 @@ def test_ed25519_sign_digest(self):
 
     def test_ed25519_sign_number(self):
         sk_str = SigningKey.from_string(
-            b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"
-            b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",
+            b"\x34\xba\xc7\xd1\x4e\xd4\xf1\xbc\x4f\x8c\x48\x3e\x0f\x19\x77\x4c"
+            b"\xfc\xb8\xbe\xac\x54\x66\x45\x11\x9a\xd7\xd7\xb8\x07\x0b\xf5\xd4",
             Ed25519,
         )
         with self.assertRaises(ValueError) as e:
@@ -765,8 +765,8 @@ def test_ed25519_to_der_ssleay(self):
 
     def test_ed25519_to_pem(self):
         sk = SigningKey.from_string(
-            b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"
-            b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",
+            b"\x34\xba\xc7\xd1\x4e\xd4\xf1\xbc\x4f\x8c\x48\x3e\x0f\x19\x77\x4c"
+            b"\xfc\xb8\xbe\xac\x54\x66\x45\x11\x9a\xd7\xd7\xb8\x07\x0b\xf5\xd4",
             Ed25519,
         )
 
@@ -780,8 +780,8 @@ def test_ed25519_to_pem(self):
 
     def test_ed25519_to_ssh(self):
         sk = SigningKey.from_string(
-            b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"
-            b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",
+            b"\x34\xba\xc7\xd1\x4e\xd4\xf1\xbc\x4f\x8c\x48\x3e\x0f\x19\x77\x4c"
+            b"\xfc\xb8\xbe\xac\x54\x66\x45\x11\x9a\xd7\xd7\xb8\x07\x0b\xf5\xd4",
             Ed25519,
         )
 
@@ -825,21 +825,21 @@ def test_ed448_from_pem(self):
         sk = SigningKey.from_pem(pem_str)
 
         sk_str = SigningKey.from_string(
-            b"\x3C\x85\xB9\x7A\x85\x2D\x78\x09\x95\x5F\x2E\x0E\xA7\x0E\xC3\xD9"
-            b"\xC6\xE0\x8A\xB3\x2E\x26\x7F\x8B\x93\x5F\x04\x3A\x07\x3F\x39\x8F"
-            b"\x38\xFD\x09\x31\x86\x8B\x1A\x54\xF3\xC2\x8B\xE6\xBC\x20\xC9\xDB"
-            b"\x32\xDA\x7B\x3B\xBD\x34\xBC\xFD\x69",
+            b"\x3c\x85\xb9\x7a\x85\x2d\x78\x09\x95\x5f\x2e\x0e\xa7\x0e\xc3\xd9"
+            b"\xc6\xe0\x8a\xb3\x2e\x26\x7f\x8b\x93\x5f\x04\x3a\x07\x3f\x39\x8f"
+            b"\x38\xfd\x09\x31\x86\x8b\x1a\x54\xf3\xc2\x8b\xe6\xbc\x20\xc9\xdb"
+            b"\x32\xda\x7b\x3b\xbd\x34\xbc\xfd\x69",
             Ed448,
         )
 
         self.assertEqual(sk, sk_str)
 
     def test_ed448_to_pem(self):
         sk = SigningKey.from_string(
-            b"\x3C\x85\xB9\x7A\x85\x2D\x78\x09\x95\x5F\x2E\x0E\xA7\x0E\xC3\xD9"
-            b"\xC6\xE0\x8A\xB3\x2E\x26\x7F\x8B\x93\x5F\x04\x3A\x07\x3F\x39\x8F"
-            b"\x38\xFD\x09\x31\x86\x8B\x1A\x54\xF3\xC2\x8B\xE6\xBC\x20\xC9\xDB"
-            b"\x32\xDA\x7B\x3B\xBD\x34\xBC\xFD\x69",
+            b"\x3c\x85\xb9\x7a\x85\x2d\x78\x09\x95\x5f\x2e\x0e\xa7\x0e\xc3\xd9"
+            b"\xc6\xe0\x8a\xb3\x2e\x26\x7f\x8b\x93\x5f\x04\x3a\x07\x3f\x39\x8f"
+            b"\x38\xfd\x09\x31\x86\x8b\x1a\x54\xf3\xc2\x8b\xe6\xbc\x20\xc9\xdb"
+            b"\x32\xda\x7b\x3b\xbd\x34\xbc\xfd\x69",
             Ed448,
         )
         pem_str = (
diff --git a/src/ecdsa/test_pyecdsa.py b/src/ecdsa/test_pyecdsa.py
@@ -1013,7 +1013,7 @@ def test_sigencode_der_full_r(self):
         priv1 = SigningKey.generate()
         pub1 = priv1.get_verifying_key()
         data = b"data"
-        sig = priv1.sign(data, sigencode=sigencode_der_full_r, accelerate=True)
+        sig = priv1.sign(data, sigencode=sigencode_der_full_r)
 
         self.assertEqual(type(sig), binary_type)
         self.assertTrue(pub1.verify(sig, data, sigdecode=sigdecode_der_full_r))
@@ -1022,7 +1022,7 @@ def test_sigencode_der_full_r_uncompressed(self):
         priv1 = SigningKey.generate()
         pub1 = priv1.get_verifying_key()
         data = b"data"
-        sig = priv1.sign(data, sigencode=sigencode_der_full_r, accelerate=True)
+        sig = priv1.sign(data, sigencode=sigencode_der_full_r)
         r, s = sigdecode_der_full_r(sig, None)
         point = ellipticcurve.Point.from_bytes(
             priv1.privkey.public_key.generator.curve(), r
@@ -1036,7 +1036,7 @@ def test_sigencode_der_full_r_compressed(self):
         priv1 = SigningKey.generate()
         pub1 = priv1.get_verifying_key()
         data = b"data"
-        sig = priv1.sign(data, sigencode=sigencode_der_full_r, accelerate=True)
+        sig = priv1.sign(data, sigencode=sigencode_der_full_r)
         r, s = sigdecode_der_full_r(sig, None)
         point = ellipticcurve.Point.from_bytes(
             priv1.privkey.public_key.generator.curve(), r
@@ -1050,9 +1050,7 @@ def test_sigencode_der_sig_value_with_y_boolean(self):
         priv1 = SigningKey.generate()
         pub1 = priv1.get_verifying_key()
         data = b"data"
-        sig = priv1.sign(
-            data, sigencode=sigencode_der_sig_value_y_boolean, accelerate=True
-        )
+        sig = priv1.sign(data, sigencode=sigencode_der_sig_value_y_boolean)
         self.assertEqual(type(sig), binary_type)
         self.assertTrue(
             pub1.verify(sig, data, sigdecode=sigdecode_der_extended)
@@ -1065,7 +1063,6 @@ def test_sigencode_der_sig_value_with_y_field_elem(self):
         sig = priv1.sign(
             data,
             sigencode=sigencode_der_sig_value_y_field_elem,
-            accelerate=True,
         )
         self.assertEqual(type(sig), binary_type)
         self.assertTrue(
diff --git a/src/ecdsa/util.py b/src/ecdsa/util.py
