frostfs-crypto/ecdsa_older_go.go

// +build !go1.15

package crypto

import "math/big"

// decompressPoints using formula y² = x³ - 3x + b
// crypto/elliptic/elliptic.go:55
func decompressPoints(x *big.Int, yBit uint) (*big.Int, *big.Int) {
	params := curve.Params()

	x3 := new(big.Int).Mul(x, x)
	x3.Mul(x3, x)

	threeX := new(big.Int).Lsh(x, 1)
	threeX.Add(threeX, x)

	x3.Sub(x3, threeX)
	x3.Add(x3, params.B)
	x3.Mod(x3, params.P)

	// y = √(x³ - 3x + b) mod p
	y := new(big.Int).ModSqrt(x3, params.P)

	// big.Int.Jacobi(a, b) can return nil
	if y == nil {
		return nil, nil
	}

	if y.Bit(0) != (yBit & 0x1) {
		y.Neg(y)
		y.Mod(y, params.P)
	}

	return x, y
}

func encodePoint(x, y *big.Int) []byte {
	data := make([]byte, PublicKeyCompressedSize)
	i := PublicKeyCompressedSize - len(x.Bytes())
	copy(data[i:], x.Bytes())

	if y.Bit(0) == 0x1 {
		data[0] = 0x3
	} else {
		data[0] = 0x2
	}

	return data
}

func decodePoint(data []byte) (x *big.Int, y *big.Int) {
	// empty data
	if len(data) == 0 {
		return
	}

	switch prefix := data[0]; prefix {
	case 0x02, 0x03: // compressed key
		// Incorrect length for compressed encoding
		if len(data) != PublicKeyCompressedSize {
			return nil, nil
		}

		x, y = decompressPoints(new(big.Int).SetBytes(data[1:]), uint(prefix))
	case 0x04: // uncompressed key
		// To get the public key, besides getting it from the data and checking,
		// we also must to check that the points are on an elliptic curve
		x, y = unmarshalXY(data)
	default: // unknown type
		return
	}

	if x == nil || y == nil || !curve.IsOnCurve(x, y) {
		x, y = nil, nil
	}

	return
}
Refactoring for go1.15+ - use elliptic.MarshalCompressed - use elliptic.UnmarshalCompressed - for older go versions use old methods - update dependencies - github.com/mr-tron/base58 v1.2.0 - github.com/pkg/errors v0.9.1 - github.com/stretchr/testify v1.7.0 Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-02-12 09:07:39 +00:00			`// +build !go1.15`

			`package crypto`

			`import "math/big"`

			`// decompressPoints using formula y² = x³ - 3x + b`
			`// crypto/elliptic/elliptic.go:55`
			`func decompressPoints(x big.Int, yBit uint) (big.Int, *big.Int) {`
			`params := curve.Params()`

			`x3 := new(big.Int).Mul(x, x)`
			`x3.Mul(x3, x)`

			`threeX := new(big.Int).Lsh(x, 1)`
			`threeX.Add(threeX, x)`

			`x3.Sub(x3, threeX)`
			`x3.Add(x3, params.B)`
			`x3.Mod(x3, params.P)`

			`// y = √(x³ - 3x + b) mod p`
			`y := new(big.Int).ModSqrt(x3, params.P)`

			`// big.Int.Jacobi(a, b) can return nil`
			`if y == nil {`
			`return nil, nil`
			`}`

			`if y.Bit(0) != (yBit & 0x1) {`
			`y.Neg(y)`
			`y.Mod(y, params.P)`
			`}`

			`return x, y`
			`}`

			`func encodePoint(x, y *big.Int) []byte {`
			`data := make([]byte, PublicKeyCompressedSize)`
			`i := PublicKeyCompressedSize - len(x.Bytes())`
			`copy(data[i:], x.Bytes())`

			`if y.Bit(0) == 0x1 {`
			`data[0] = 0x3`
			`} else {`
			`data[0] = 0x2`
			`}`

			`return data`
			`}`

			`func decodePoint(data []byte) (x big.Int, y big.Int) {`
			`// empty data`
			`if len(data) == 0 {`
			`return`
			`}`

			`switch prefix := data[0]; prefix {`
			`case 0x02, 0x03: // compressed key`
			`// Incorrect length for compressed encoding`
			`if len(data) != PublicKeyCompressedSize {`
			`return nil, nil`
			`}`

			`x, y = decompressPoints(new(big.Int).SetBytes(data[1:]), uint(prefix))`
			`case 0x04: // uncompressed key`
			`// To get the public key, besides getting it from the data and checking,`
			`// we also must to check that the points are on an elliptic curve`
			`x, y = unmarshalXY(data)`
			`default: // unknown type`
			`return`
			`}`

			`if x == nil \|\| y == nil \|\| !curve.IsOnCurve(x, y) {`
			`x, y = nil, nil`
			`}`

			`return`
			`}`