github.com/consensys/gnark-crypto@v0.14.0/ecc/bw6-756/ecdsa/marshal.go (about)

     1  // Copyright 2020 Consensys Software Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Code generated by consensys/gnark-crypto DO NOT EDIT
    16  
    17  package ecdsa
    18  
    19  import (
    20  	"crypto/subtle"
    21  	"errors"
    22  	"github.com/consensys/gnark-crypto/ecc/bw6-756/fr"
    23  	"io"
    24  	"math/big"
    25  )
    26  
    27  var errWrongSize = errors.New("wrong size buffer")
    28  var errRBiggerThanRMod = errors.New("r >= r_mod")
    29  var errSBiggerThanRMod = errors.New("s >= r_mod")
    30  var errZero = errors.New("zero value")
    31  
    32  // Bytes returns the binary representation of the public key
    33  // follows https://tools.ietf.org/html/rfc8032#section-3.1
    34  // and returns a compressed representation of the point (x,y)
    35  //
    36  // x, y are the coordinates of the point
    37  // on the curve as big endian integers.
    38  // compressed representation store x with a parity bit to recompute y
    39  func (pk *PublicKey) Bytes() []byte {
    40  	var res [sizePublicKey]byte
    41  	pkBin := pk.A.Bytes()
    42  	subtle.ConstantTimeCopy(1, res[:sizePublicKey], pkBin[:])
    43  	return res[:]
    44  }
    45  
    46  // SetBytes sets p from binary representation in buf.
    47  // buf represents a public key as x||y where x, y are
    48  // interpreted as big endian binary numbers corresponding
    49  // to the coordinates of a point on the curve.
    50  // It returns the number of bytes read from the buffer.
    51  func (pk *PublicKey) SetBytes(buf []byte) (int, error) {
    52  	n := 0
    53  	if len(buf) < sizePublicKey {
    54  		return n, io.ErrShortBuffer
    55  	}
    56  	if _, err := pk.A.SetBytes(buf[:sizePublicKey]); err != nil {
    57  		return 0, err
    58  	}
    59  	n += sizeFp
    60  	return n, nil
    61  }
    62  
    63  // Bytes returns the binary representation of pk,
    64  // as byte array publicKey||scalar
    65  // where publicKey is as publicKey.Bytes(), and
    66  // scalar is in big endian, of size sizeFr.
    67  func (privKey *PrivateKey) Bytes() []byte {
    68  	var res [sizePrivateKey]byte
    69  	pubkBin := privKey.PublicKey.A.Bytes()
    70  	subtle.ConstantTimeCopy(1, res[:sizePublicKey], pubkBin[:])
    71  	subtle.ConstantTimeCopy(1, res[sizePublicKey:sizePrivateKey], privKey.scalar[:])
    72  	return res[:]
    73  }
    74  
    75  // SetBytes sets pk from buf, where buf is interpreted
    76  // as  publicKey||scalar
    77  // where publicKey is as publicKey.Bytes(), and
    78  // scalar is in big endian, of size sizeFr.
    79  // It returns the number byte read.
    80  func (privKey *PrivateKey) SetBytes(buf []byte) (int, error) {
    81  	n := 0
    82  	if len(buf) < sizePrivateKey {
    83  		return n, io.ErrShortBuffer
    84  	}
    85  	if _, err := privKey.PublicKey.A.SetBytes(buf[:sizePublicKey]); err != nil {
    86  		return 0, err
    87  	}
    88  	n += sizePublicKey
    89  	subtle.ConstantTimeCopy(1, privKey.scalar[:], buf[sizePublicKey:sizePrivateKey])
    90  	n += sizeFr
    91  	return n, nil
    92  }
    93  
    94  // Bytes returns the binary representation of sig
    95  // as a byte array of size 2*sizeFr r||s
    96  func (sig *Signature) Bytes() []byte {
    97  	var res [sizeSignature]byte
    98  	subtle.ConstantTimeCopy(1, res[:sizeFr], sig.R[:])
    99  	subtle.ConstantTimeCopy(1, res[sizeFr:], sig.S[:])
   100  	return res[:]
   101  }
   102  
   103  // SetBytes sets sig from a buffer in binary.
   104  // buf is read interpreted as r||s
   105  // It returns the number of bytes read from buf.
   106  func (sig *Signature) SetBytes(buf []byte) (int, error) {
   107  	n := 0
   108  	if len(buf) != sizeSignature {
   109  		return n, errWrongSize
   110  	}
   111  
   112  	// S, R < R_mod (to avoid malleability)
   113  	frMod := fr.Modulus()
   114  	zero := big.NewInt(0)
   115  	bufBigInt := new(big.Int)
   116  	bufBigInt.SetBytes(buf[:sizeFr])
   117  	if bufBigInt.Cmp(zero) == 0 {
   118  		return 0, errZero
   119  	}
   120  	if bufBigInt.Cmp(frMod) != -1 {
   121  		return 0, errRBiggerThanRMod
   122  	}
   123  	bufBigInt.SetBytes(buf[sizeFr : 2*sizeFr])
   124  	if bufBigInt.Cmp(zero) == 0 {
   125  		return 0, errZero
   126  	}
   127  	if bufBigInt.Cmp(frMod) != -1 {
   128  		return 0, errSBiggerThanRMod
   129  	}
   130  
   131  	subtle.ConstantTimeCopy(1, sig.R[:], buf[:sizeFr])
   132  	n += sizeFr
   133  	subtle.ConstantTimeCopy(1, sig.S[:], buf[sizeFr:2*sizeFr])
   134  	n += sizeFr
   135  	return n, nil
   136  }