Esempio n. 1
0
File: read.go Progetto: agelin/etf
func readBigInt(r io.Reader, b []byte, sign byte) (interface{}, error) {
	if _, err := io.ReadFull(r, b); err != nil {
		return nil, err
	}

	size := len(b)
	hsize := size >> 1
	for i := 0; i < hsize; i++ {
		b[i], b[size-i-1] = b[size-i-1], b[i]
	}

	v := new(big.Int).SetBytes(b)
	if sign != 0 {
		v = v.Neg(v)
	}

	// try int and int64
	v64 := v.Int64()
	if x := int(v64); v.Cmp(big.NewInt(int64(x))) == 0 {
		return x, nil
	} else if v.Cmp(big.NewInt(v64)) == 0 {
		return v64, nil
	}

	return v, nil
}
Esempio n. 2
0
func roundHalf(f func(c int, odd uint) (roundUp bool)) func(z, q *Dec, rA, rB *big.Int) *Dec {
	return func(z, q *Dec, rA, rB *big.Int) *Dec {
		z.Set(q)
		brA, brB := rA.BitLen(), rB.BitLen()
		if brA < brB-1 {
			// brA < brB-1 => |rA| < |rB/2|
			return z
		}
		roundUp := false
		srA, srB := rA.Sign(), rB.Sign()
		s := srA * srB
		if brA == brB-1 {
			rA2 := new(big.Int).Lsh(rA, 1)
			if s < 0 {
				rA2.Neg(rA2)
			}
			roundUp = f(rA2.Cmp(rB)*srB, z.UnscaledBig().Bit(0))
		} else {
			// brA > brB-1 => |rA| > |rB/2|
			roundUp = true
		}
		if roundUp {
			z.UnscaledBig().Add(z.UnscaledBig(), intSign[s+1])
		}
		return z
	}
}
Esempio n. 3
0
// ToBase produces n in base b. For example
//
// 	ToBase(2047, 22) -> [1, 5, 4]
//
//	1 * 22^0           1
//	5 * 22^1         110
//	4 * 22^2        1936
//	                ----
//	                2047
//
// ToBase panics for bases < 2.
func ToBase(n *big.Int, b int) []int {
	var nn big.Int
	nn.Set(n)
	if b < 2 {
		panic("invalid base")
	}

	k := 1
	switch nn.Sign() {
	case -1:
		nn.Neg(&nn)
		k = -1
	case 0:
		return []int{0}
	}

	bb := big.NewInt(int64(b))
	var r []int
	rem := big.NewInt(0)
	for nn.Sign() != 0 {
		nn.QuoRem(&nn, bb, rem)
		r = append(r, k*int(rem.Int64()))
	}
	return r
}
Esempio n. 4
0
func (v *Value) String() string {
	if v.IsZero() {
		return "0"
	}
	if v.Native && v.IsScientific() {
		value := strconv.FormatUint(v.Num, 10)
		offset := strconv.FormatInt(v.Offset, 10)
		if v.Negative {
			return "-" + value + "e" + offset
		}
		return value + "e" + offset
	}
	value := big.NewInt(int64(v.Num))
	if v.Negative {
		value.Neg(value)
	}
	var offset *big.Int
	if v.Native {
		offset = big.NewInt(-6)
	} else {
		offset = big.NewInt(v.Offset)
	}
	exp := offset.Exp(bigTen, offset.Neg(offset), nil)
	rat := big.NewRat(0, 1).SetFrac(value, exp)
	left := rat.FloatString(0)
	if rat.IsInt() {
		return left
	}
	length := len(left)
	if v.Negative {
		length -= 1
	}
	return strings.TrimRight(rat.FloatString(32-length), "0")
}
Esempio n. 5
0
// TestPoint verifies that a point (x1,y2) does not equal another point (x1,y2) or it's reflection on 0
func (curve Curve) TestPoint(x1, y1, x2, y2 *big.Int) (bool, error) {
	_, err := curve.TestCoordinate(x1)
	if err != nil {
		return false, err
	}
	_, err = curve.TestCoordinate(x2)
	if err != nil {
		return false, err
	}
	if x1.Cmp(x1) == 0 && y1.Cmp(y2) == 0 { // Same
		return false, ErrCoordinateBase
	}
	if x1.Cmp(y1) == 0 && y1.Cmp(x2) == 0 { // Reflect
		return false, ErrCoordinateBase
	}
	x2neg := new(big.Int)
	x2neg = x2neg.Neg(x2)
	y2neg := new(big.Int)
	y2neg = y2neg.Neg(y2)
	if x1.Cmp(x2neg) == 0 {
		return false, ErrCoordinateBase
	}
	if x1.Cmp(y2neg) == 0 && y1.Cmp(x2neg) == 0 {
		return false, ErrCoordinateBase
	}
	return true, nil
}
Esempio n. 6
0
// CompactToBig converts a compact representation of a whole number N to an
// unsigned 32-bit number.  The representation is similar to IEEE754 floating
// point numbers.
//
// Like IEEE754 floating point, there are three basic components: the sign,
// the exponent, and the mantissa.  They are broken out as follows:
//
//	* the most significant 8 bits represent the unsigned base 256 exponent
// 	* bit 23 (the 24th bit) represents the sign bit
//	* the least significant 23 bits represent the mantissa
//
//	-------------------------------------------------
//	|   Exponent     |    Sign    |    Mantissa     |
//	-------------------------------------------------
//	| 8 bits [31-24] | 1 bit [23] | 23 bits [22-00] |
//	-------------------------------------------------
//
// The formula to calculate N is:
// 	N = (-1^sign) * mantissa * 256^(exponent-3)
//
// This compact form is only used in bitcoin to encode unsigned 256-bit numbers
// which represent difficulty targets, thus there really is not a need for a
// sign bit, but it is implemented here to stay consistent with bitcoind.
func CompactToBig(compact uint32) *big.Int {
	// Extract the mantissa, sign bit, and exponent.
	mantissa := compact & 0x007fffff
	isNegative := compact&0x00800000 != 0
	exponent := uint(compact >> 24)

	// Since the base for the exponent is 256, the exponent can be treated
	// as the number of bytes to represent the full 256-bit number.  So,
	// treat the exponent as the number of bytes and shift the mantissa
	// right or left accordingly.  This is equivalent to:
	// N = mantissa * 256^(exponent-3)
	var bn *big.Int
	if exponent <= 3 {
		mantissa >>= 8 * (3 - exponent)
		bn = big.NewInt(int64(mantissa))
	} else {
		bn = big.NewInt(int64(mantissa))
		bn.Lsh(bn, 8*(exponent-3))
	}

	// Make it negative if the sign bit is set.
	if isNegative {
		bn = bn.Neg(bn)
	}

	return bn
}
Esempio n. 7
0
func (i BigInt) floatString(verb byte, prec int) string {
	switch verb {
	case 'f', 'F':
		str := fmt.Sprintf("%d", i.Int)
		if prec > 0 {
			str += "." + zeros(prec)
		}
		return str
	case 'e', 'E':
		// The exponent will alway be >= 0.
		sign := ""
		var x big.Int
		x.Set(i.Int)
		if x.Sign() < 0 {
			sign = "-"
			x.Neg(&x)
		}
		return eFormat(verb, prec, sign, x.String(), eExponent(&x))
	case 'g', 'G':
		// Exponent is always positive so it's easy.
		var x big.Int
		x.Set(i.Int)
		if eExponent(&x) >= prec {
			// Use e format.
			verb -= 2 // g becomes e.
			return trimEZeros(verb, i.floatString(verb, prec-1))
		}
		// Use f format, but this is just an integer.
		return fmt.Sprintf("%d", i.Int)
	default:
		Errorf("can't handle verb %c for big int", verb)
	}
	return ""
}
Esempio n. 8
0
// Neg() returns a polynomial Q = -P
func (p *Poly) Neg() Poly {
	var q Poly = make([]*big.Int, len(*p))
	for i := 0; i < len(*p); i++ {
		b := new(big.Int)
		b.Neg((*p)[i])
		q[i] = b
	}
	return q
}
Esempio n. 9
0
File: const.go Progetto: spate/llgo
func unaryIntOp(x *big.Int, op token.Token) interface{} {
	var z big.Int
	switch op {
	case token.ADD:
		return z.Set(x)
	case token.SUB:
		return z.Neg(x)
	case token.XOR:
		return z.Not(x)
	}
	panic("unreachable")
}
Esempio n. 10
0
func (d Decimal) Bytes() []byte {
	bytes := make([]byte, 16)
	binary.BigEndian.PutUint32(bytes[0:4], d.integer[3])
	binary.BigEndian.PutUint32(bytes[4:8], d.integer[2])
	binary.BigEndian.PutUint32(bytes[8:12], d.integer[1])
	binary.BigEndian.PutUint32(bytes[12:16], d.integer[0])
	var x big.Int
	x.SetBytes(bytes)
	if !d.positive {
		x.Neg(&x)
	}
	return scaleBytes(x.String(), d.scale)
}
Esempio n. 11
0
// trunc truncates a value to the range of the given type.
func (t *_type) trunc(x *big.Int) *big.Int {
	r := new(big.Int)
	m := new(big.Int)
	m.Lsh(one, t.bits)
	m.Sub(m, one)
	r.And(x, m)
	if t.signed && r.Bit(int(t.bits)-1) == 1 {
		m.Neg(one)
		m.Lsh(m, t.bits)
		r.Or(r, m)
	}
	return r
}
Esempio n. 12
0
// eExponent returns the exponent to use to display i in 1.23e+04 format.
func eExponent(x *big.Int) int {
	if x.Sign() < 0 {
		x.Neg(x)
	}
	e := 0
	for x.Cmp(bigIntBillion) >= 0 {
		e += 9
		x.Quo(x, bigIntBillion)
	}
	for x.Cmp(bigIntTen) >= 0 {
		e++
		x.Quo(x, bigIntTen)
	}
	return e
}
Esempio n. 13
0
func testNegativeInputs(t *testing.T, curve elliptic.Curve, tag string) {
	key, err := GenerateKey(curve, rand.Reader)
	if err != nil {
		t.Errorf("failed to generate key for %q", tag)
	}

	var hash [32]byte
	r := new(big.Int).SetInt64(1)
	r.Lsh(r, 550 /* larger than any supported curve */)
	r.Neg(r)

	if Verify(&key.PublicKey, hash[:], r, r) {
		t.Errorf("bogus signature accepted for %q", tag)
	}
}
Esempio n. 14
0
func instantiateINTEGER(inst *Instance, data interface{}, p *pathNode) (*Instance, error) {
	switch data := data.(type) {
	case *UnmarshalledPrimitive:
		if len(data.Data) == 0 {
			return nil, fmt.Errorf("%vAttempt to instantiate INTEGER from empty DER data", p)
		}
		var b big.Int
		b.SetBytes(data.Data)
		if data.Data[0]&128 != 0 { // negative number
			var x big.Int
			x.SetBit(&x, len(data.Data)*8, 1)
			x.Sub(&x, &b)
			b.Neg(&x)
		}
		return instantiateINTEGER(inst, &b, p)
	case *Instance:
		inst.value = data.value
	case *big.Int:
		i := int(data.Int64())
		if big.NewInt(int64(i)).Cmp(data) == 0 {
			inst.value = i // store as int if possible
		} else {
			inst.value = data // use *big.Int if necessary
		}
	case int:
		inst.value = data
	case float64:
		if math.Floor(data) != data {
			return nil, fmt.Errorf("%vAttempt to instantiate INTEGER with non-integral float64: %v", p, data)
		}
		inst.value = int(data)
	case string:
		if i, found := inst.namedints[data]; found {
			inst.value = i
		} else {
			bi := new(big.Int)
			_, ok := bi.SetString(data, 10)
			if ok {
				return instantiateINTEGER(inst, bi, p)
			} else {
				return nil, fmt.Errorf("%vAttempt to instantiate INTEGER/ENUMERATED from illegal string: %v", p, data)
			}
		}
	default:
		return nil, instantiateTypeError(p, "INTEGER", data)
	}
	return inst, nil
}
Esempio n. 15
0
File: asn1.go Progetto: h8liu/golang
// parseBigInt treats the given bytes as a big-endian, signed integer and returns
// the result.
func parseBigInt(bytes []byte) *big.Int {
	ret := new(big.Int)
	if len(bytes) > 0 && bytes[0]&0x80 == 0x80 {
		// This is a negative number.
		notBytes := make([]byte, len(bytes))
		for i := range notBytes {
			notBytes[i] = ^bytes[i]
		}
		ret.SetBytes(notBytes)
		ret.Add(ret, bigOne)
		ret.Neg(ret)
		return ret
	}
	ret.SetBytes(bytes)
	return ret
}
Esempio n. 16
0
func IsValidBox(c elliptic.Curve, box *Checkbox,
	px *big.Int, py *big.Int) bool {
	if !c.IsOnCurve(box.ax, box.ay) ||
		!c.IsOnCurve(box.bx, box.by) {
		return false
	}
	//Explanation of how this works
	//(c1,r1) validates equality of log g A and log p B-g
	//(c2, r2) validates euqality of log g A and log p B
	//each of these proofs is just a Schnorr proof of knowledge of
	//the log, which work for both simultaneously
	//We require c1+c2=H(A, B t1,t2,t3,t4) which enforces that only one
	//of these can be faked, hence giving an or proof
	v1x, v1y := doublescalarmult(c, c.Params().Gx, c.Params().Gy,
		box.r1.Bytes(), box.ax, box.ay, box.c1.Bytes())
	t4x := c.Params().Gx
	t4y := new(big.Int)
	t4y.Neg(c.Params().Gy)
	t4y.Mod(t4y, c.Params().P)
	bgx, bgy := c.Add(box.bx, box.by, t4x, t4y)
	v2x, v2y := doublescalarmult(c, px, py, box.r1.Bytes(),
		bgx, bgy, box.c1.Bytes())
	v3x, v3y := doublescalarmult(c, c.Params().Gx, c.Params().Gy,
		box.r2.Bytes(), box.ax, box.ay, box.c2.Bytes())
	v4x, v4y := doublescalarmult(c, px, py, box.r2.Bytes(),
		box.bx, box.by, box.c2.Bytes())
	var entries [6][]byte
	entries[0] = elliptic.Marshal(c, box.ax, box.ay)
	entries[1] = elliptic.Marshal(c, box.bx, box.by)
	entries[2] = elliptic.Marshal(c, v1x, v1y)
	entries[3] = elliptic.Marshal(c, v2x, v2y)
	entries[4] = elliptic.Marshal(c, v3x, v3y)
	entries[5] = elliptic.Marshal(c, v4x, v4y)
	challenge := sha256.Sum256(bytes.Join(entries[:], []byte{}))
	ctot := big.NewInt(0)
	ctot.SetBytes(challenge[:])
	ctot.Mod(ctot, c.Params().N)
	t := big.NewInt(0)
	t.Add(box.c1, box.c2)
	t.Mod(t, c.Params().N)
	if t.Cmp(ctot) != 0 {
		return false
	}
	return true
}
Esempio n. 17
0
// parseBigInt treats the given bytes as a big-endian, signed integer and returns
// the result.
func parseBigInt(bytes []byte) (*big.Int, error) {
	if err := checkInteger(bytes); err != nil {
		return nil, err
	}
	ret := new(big.Int)
	if len(bytes) > 0 && bytes[0]&0x80 == 0x80 {
		// This is a negative number.
		notBytes := make([]byte, len(bytes))
		for i := range notBytes {
			notBytes[i] = ^bytes[i]
		}
		ret.SetBytes(notBytes)
		ret.Add(ret, bigOne)
		ret.Neg(ret)
		return ret, nil
	}
	ret.SetBytes(bytes)
	return ret, nil
}
Esempio n. 18
0
func RecoverPubKeyFromSignature(r, s *big.Int, msg []byte, curve *bitelliptic.BitCurve, recid uint) (qx, qy *big.Int, err error) {
	if recid > 3 {
		return nil, nil, fmt.Errorf("Illegal recid %v - must be in 0..3", recid)
	}
	order := curve.N
	i := recid / 2
	field := curve.P
	x := new(big.Int).Set(order)
	x.Mul(x, big.NewInt(int64(i)))
	x.Add(x, r)
	if x.Cmp(field) >= 0 {
		err = fmt.Errorf("%v >= %v", x, field)
		return
	}

	rx, ry, err := uncompressPoint(x, curve, 0 == (recid%2))
	if err != nil {
		return nil, nil, err
	}
	if !curve.IsOnCurve(rx, ry) {
		return nil, nil, fmt.Errorf("Point %d, %d not on curve", rx, ry)
	}

	e := new(big.Int).SetBytes(msg)
	if 8*len(msg) > curve.BitSize {
		e.Rsh(e, uint(8-(curve.BitSize&7)))
	}
	e.Neg(e).Mod(e, order)

	var rr, sor, eor big.Int
	rr.ModInverse(r, order)
	//return nil, nil, fmt.Errorf("r: %d, r_inv: %d", r, &rr)
	//Q = (R.multiply(s).add(G.multiply(minus_e))).multiply(inv_r);
	sor.Mul(s, &rr)
	eor.Mul(e, &rr)

	Georx, Geory := curve.ScalarBaseMult(eor.Bytes())
	Rsorx, Rsory := curve.ScalarMult(rx, ry, sor.Bytes())
	qx, qy = curve.Add(Georx, Geory, Rsorx, Rsory)

	return
}
Esempio n. 19
0
func join(shares []Share) *big.Int {
	zero := big.NewInt(0)
	accum := big.NewInt(1)
	for formula := 0; formula < len(shares); formula++ {
		numerator := big.NewInt(1)
		denominator := big.NewInt(1)
		value := new(big.Int)
		value.Set(shares[formula].Part)

		for count := 0; count < len(shares); count++ {
			if formula == count {
				continue
			}

			startposition := big.NewInt(shares[formula].ID)
			nextposition := big.NewInt(shares[count].ID)
			negnextpos := new(big.Int)
			negnextpos.Neg(nextposition)

			numerator.Mul(numerator, negnextpos)
			denominator.Mul(denominator,
				startposition.Sub(startposition, nextposition))

		}

		value.Mul(value, numerator).Mul(value, big.NewInt(2))

		if denominator.Cmp(zero) < 0 {
			value.Add(value, big.NewInt(2))
		} else {
			value.Add(value, big.NewInt(1))
		}

		denominator.Mul(denominator, big.NewInt(2))

		value.Div(value, denominator)
		accum.Add(accum, value)
	}

	return accum
}
Esempio n. 20
0
// asInt converts a byte array to a bignum by treating it as a little endian
// number with sign bit.
func asInt(v []byte) (*big.Int, error) {
	// Only 32bit numbers allowed.
	if len(v) > 4 {
		return nil, ErrStackNumberTooBig
	}
	if len(v) == 0 {
		return big.NewInt(0), nil
	}
	negative := false
	origlen := len(v)
	msb := v[len(v)-1]
	if msb&0x80 == 0x80 {
		negative = true
		// remove sign bit
		msb &= 0x7f
	}
	// trim leading 0 bytes
	for ; msb == 0; msb = v[len(v)-1] {
		v = v[:len(v)-1]
		if len(v) == 0 {
			break
		}
	}
	// reverse bytes with a copy since stack is immutable.
	intArray := make([]byte, len(v))
	for i := range v {
		intArray[len(v)-i-1] = v[i]
	}
	// IFF the value is negative and no 0 bytes were trimmed,
	// the leading byte needs to be sign corrected
	if negative && len(intArray) == origlen {
		intArray[0] &= 0x7f
	}

	num := new(big.Int).SetBytes(intArray)
	if negative {
		num = num.Neg(num)
	}
	return num, nil
}
Esempio n. 21
0
/*
Thanks to jackjack for providing me with this nice solution:
https://bitcointalk.org/index.php?topic=162805.msg2112936#msg2112936
*/
func (sig *Signature) RecoverPublicKey(msg []byte, recid int) (key *PublicKey) {
	x := new(big.Int).Set(secp256k1.N)
	x.Mul(x, big.NewInt(int64(recid/2)))
	x.Add(x, sig.R)

	y := DecompressPoint(x, (recid&1) != 0)

	e := new(big.Int).SetBytes(msg)
	new(big.Int).DivMod(e.Neg(e), secp256k1.N, e)

	_x, _y := secp256k1.ScalarMult(x, y, sig.S.Bytes())
	x, y = secp256k1.ScalarMult(secp256k1.Gx, secp256k1.Gy, e.Bytes())
	_x, _y = secp256k1.Add(_x, _y, x, y)
	x, y = secp256k1.ScalarMult(_x, _y, new(big.Int).ModInverse(sig.R, secp256k1.N).Bytes())

	key = new(PublicKey)
	key.Curve = secp256k1
	key.X = x
	key.Y = y

	return
}
Esempio n. 22
0
// number = int_lit [ "p" int_lit ] .
//
func (p *gcParser) parseNumber() (x operand) {
	x.mode = constant

	// mantissa
	neg, val := p.parseInt()
	mant, ok := new(big.Int).SetString(val, 0)
	assert(ok)
	if neg {
		mant.Neg(mant)
	}

	if p.lit == "p" {
		// exponent (base 2)
		p.next()
		neg, val = p.parseInt()
		exp64, err := strconv.ParseUint(val, 10, 0)
		if err != nil {
			p.error(err)
		}
		exp := uint(exp64)
		if neg {
			denom := big.NewInt(1)
			denom.Lsh(denom, exp)
			x.typ = Typ[UntypedFloat]
			x.val = normalizeRatConst(new(big.Rat).SetFrac(mant, denom))
			return
		}
		if exp > 0 {
			mant.Lsh(mant, exp)
		}
		x.typ = Typ[UntypedFloat]
		x.val = normalizeIntConst(mant)
		return
	}

	x.typ = Typ[UntypedInt]
	x.val = normalizeIntConst(mant)
	return
}
Esempio n. 23
0
// bigIntExp is the "op" for exp on *big.Int. Different signature for Exp means we can't use *big.Exp directly.
// Also we need a context (really a config); see the bigIntExpOp function below.
// We know this is not 0**negative.
func bigIntExp(c Context, i, j, k *big.Int) *big.Int {
	if j.Cmp(bigOne.Int) == 0 || j.Sign() == 0 {
		return i.Set(j)
	}
	// -1ⁿ is just parity.
	if j.Cmp(bigMinusOne.Int) == 0 {
		if k.And(k, bigOne.Int).Int64() == 0 {
			return i.Neg(j)
		}
		return i.Set(j)
	}
	// Large exponents can be very expensive.
	// First, it must fit in an int64.
	if k.BitLen() > 63 {
		Errorf("%s**%s: exponent too large", j, k)
	}
	exp := k.Int64()
	if exp < 0 {
		exp = -exp
	}
	mustFit(c.Config(), int64(j.BitLen())*exp)
	i.Exp(j, k, nil)
	return i
}
Esempio n. 24
0
// Sign computes a group signature of digest using the given hash function.
func (mem *MemberKey) Sign(r io.Reader, digest []byte, hashFunc hash.Hash) ([]byte, error) {
	var rnds [7]*big.Int
	for i := range rnds {
		var err error
		rnds[i], err = randomZp(r)
		if err != nil {
			return nil, err
		}
	}
	alpha := rnds[0]
	beta := rnds[1]

	t1 := new(bn256.G1).ScalarMult(mem.u, alpha)
	t2 := new(bn256.G1).ScalarMult(mem.v, beta)

	tmp := new(big.Int).Add(alpha, beta)
	t3 := new(bn256.G1).ScalarMult(mem.h, tmp)
	t3.Add(t3, mem.a)

	delta1 := new(big.Int).Mul(mem.x, alpha)
	delta1.Mod(delta1, bn256.Order)
	delta2 := new(big.Int).Mul(mem.x, beta)
	delta2.Mod(delta2, bn256.Order)

	ralpha := rnds[2]
	rbeta := rnds[3]
	rx := rnds[4]
	rdelta1 := rnds[5]
	rdelta2 := rnds[6]

	r1 := new(bn256.G1).ScalarMult(mem.u, ralpha)
	r2 := new(bn256.G1).ScalarMult(mem.v, rbeta)

	r3 := bn256.Pair(t3, mem.g2)
	r3.ScalarMult(r3, rx)

	tmp.Neg(ralpha)
	tmp.Sub(tmp, rbeta)
	tmp.Mod(tmp, bn256.Order)
	tmpgt := new(bn256.GT).ScalarMult(mem.ehw, tmp)
	r3.Add(r3, tmpgt)

	tmp.Neg(rdelta1)
	tmp.Sub(tmp, rdelta2)
	tmp.Mod(tmp, bn256.Order)
	tmpgt.ScalarMult(mem.ehg2, tmp)
	r3.Add(r3, tmpgt)

	r4 := new(bn256.G1).ScalarMult(t1, rx)
	tmp.Neg(rdelta1)
	tmp.Add(tmp, bn256.Order)
	tmpg := new(bn256.G1).ScalarMult(mem.u, tmp)
	r4.Add(r4, tmpg)

	r5 := new(bn256.G1).ScalarMult(t2, rx)
	tmp.Neg(rdelta2)
	tmp.Add(tmp, bn256.Order)
	tmpg.ScalarMult(mem.v, tmp)
	r5.Add(r5, tmpg)

	t1Bytes := t1.Marshal()
	t2Bytes := t2.Marshal()
	t3Bytes := t3.Marshal()

	hashFunc.Reset()
	hashFunc.Write(digest)
	hashFunc.Write(t1Bytes)
	hashFunc.Write(t2Bytes)
	hashFunc.Write(t3Bytes)
	hashFunc.Write(r1.Marshal())
	hashFunc.Write(r2.Marshal())
	hashFunc.Write(r3.Marshal())
	hashFunc.Write(r4.Marshal())
	hashFunc.Write(r5.Marshal())
	c := new(big.Int).SetBytes(hashFunc.Sum(nil))
	c.Mod(c, bn256.Order)

	salpha := new(big.Int).Mul(c, alpha)
	salpha.Add(salpha, ralpha)
	salpha.Mod(salpha, bn256.Order)

	sbeta := new(big.Int).Mul(c, beta)
	sbeta.Add(sbeta, rbeta)
	sbeta.Mod(sbeta, bn256.Order)

	sx := new(big.Int).Mul(c, mem.x)
	sx.Add(sx, rx)
	sx.Mod(sx, bn256.Order)

	sdelta1 := new(big.Int).Mul(c, delta1)
	sdelta1.Add(sdelta1, rdelta1)
	sdelta1.Mod(sdelta1, bn256.Order)

	sdelta2 := new(big.Int).Mul(c, delta2)
	sdelta2.Add(sdelta2, rdelta2)
	sdelta2.Mod(sdelta2, bn256.Order)

	sig := make([]byte, 0, SignatureSize)
	sig = append(sig, t1Bytes...)
	sig = append(sig, t2Bytes...)
	sig = append(sig, t3Bytes...)
	sig = appendN(sig, c)
	sig = appendN(sig, salpha)
	sig = appendN(sig, sbeta)
	sig = appendN(sig, sx)
	sig = appendN(sig, sdelta1)
	sig = appendN(sig, sdelta2)

	return sig, nil
}
Esempio n. 25
0
func (self *Decoder) load_value() interface{} {
	for {
		control, err := self.reader.ReadByte()
		self.store_err(err)
		if err != nil {
			return nil
		}
		self.readcount++
		ctrlhi := control & 0xf0
		switch ctrlhi {
		// Special values
		case 0x00:
			switch control {
			case 0x00, 0x01:
				return nil
			case 0x02:
				return false
			case 0x03:
				return true
			case 0x0f:
				{
					json_literal := self.load_value()
					if s, ok := json_literal.(string); ok {
						var result interface{}
						self.store_err(json.Unmarshal([]byte(s), &result))
						return result
					} else {
						self.store_err(&SyntaxError{
							"jksn: JKSN value 0x0f requires a string but found: " + reflect.TypeOf(json_literal).String(),
							self.readcount,
						})
					}
				}
			}
		// Integers
		case 0x10:
			switch control {
			default:
				self.lastint = big.NewInt(int64(control & 0xf))
			case 0x1b:
				self.lastint = self.unsigned_to_signed(self.decode_int(4), 32)
			case 0x1c:
				self.lastint = self.unsigned_to_signed(self.decode_int(2), 16)
			case 0x1d:
				self.lastint = self.unsigned_to_signed(self.decode_int(1), 8)
			case 0x1e:
				self.lastint = self.decode_int(0)
				self.lastint = self.lastint.Neg(self.lastint)
			case 0x1f:
				self.lastint = self.decode_int(0)
			}
			return new(big.Int).Set(self.lastint)
		// Floating point numbers
		case 0x20:
			switch control {
			case 0x20:
				return math.NaN()
			case 0x2b:
				self.store_err(&UnmarshalTypeError{
					"float80",
					reflect.TypeOf(0),
					self.readcount,
				})
				return math.NaN()
			case 0x2c:
				{
					var result float64
					self.store_err(binary.Read(self.reader, binary.BigEndian, &result))
					self.readcount += 8
					return result
				}
			case 0x2d:
				{
					var result float32
					self.store_err(binary.Read(self.reader, binary.BigEndian, &result))
					self.readcount += 4
					return result
				}
			case 0x2e:
				return math.Inf(-1)
			case 0x2f:
				return math.Inf(1)
			}
		// UTF-16 strings
		case 0x30:
			switch control {
			default:
				return self.load_string_utf16le(uint(control & 0xf))
			case 0x3c:
				{
					hashvalue, err := self.reader.ReadByte()
					self.store_err(err)
					if err != nil {
						return ""
					}
					self.readcount++
					if self.texthash[hashvalue] != nil {
						return *self.texthash[hashvalue]
					} else {
						self.store_err(&SyntaxError{
							fmt.Sprintf("JKSN stream requires a non-existing hash: 0x%02x", hashvalue),
							self.readcount,
						})
						return ""
					}
				}
			case 0x3d:
				return self.load_string_utf16le(uint(self.decode_int(2).Uint64()))
			case 0x3e:
				return self.load_string_utf16le(uint(self.decode_int(1).Uint64()))
			case 0x3f:
				return self.load_string_utf16le(uint(self.decode_int(0).Uint64()))
			}
		// UTF-8 strings
		case 0x40:
			switch control {
			default:
				return self.load_string_utf8(uint(control & 0xf))
			case 0x4d:
				return self.load_string_utf8(uint(self.decode_int(2).Uint64()))
			case 0x4e:
				return self.load_string_utf8(uint(self.decode_int(1).Uint64()))
			case 0x4f:
				return self.load_string_utf8(uint(self.decode_int(0).Uint64()))
			}
		// Blob strings
		case 0x50:
			switch control {
			default:
				return self.load_bytes(uint(control & 0xf))
			case 0x5c:
				{
					hashvalue, err := self.reader.ReadByte()
					self.store_err(err)
					if err != nil {
						return ""
					}
					self.readcount++
					if self.blobhash[hashvalue] != nil {
						result := make([]byte, len(self.blobhash[hashvalue]))
						copy(result, self.blobhash[hashvalue])
						return result
					} else {
						self.store_err(&SyntaxError{
							fmt.Sprintf("JKSN stream requires a non-existing hash: 0x%02x", hashvalue),
							self.readcount,
						})
						return []byte("")
					}
				}
			case 0x5d:
				return self.load_bytes(uint(self.decode_int(2).Uint64()))
			case 0x5e:
				return self.load_bytes(uint(self.decode_int(1).Uint64()))
			case 0x5f:
				return self.load_bytes(uint(self.decode_int(0).Uint64()))
			}
		// Hashtable refreshers
		case 0x70:
			switch control {
			case 0x70:
				for i := range self.texthash {
					self.texthash[i] = nil
				}
				for i := range self.blobhash {
					self.blobhash[i] = nil
				}
			default:
				{
					count := control & 0xf
					for count != 0 {
						self.load_value()
						count--
					}
				}
			case 0x7d:
				{
					count := self.decode_int(2).Uint64()
					for count != 0 {
						self.load_value()
						count--
					}
				}
			case 0x7e:
				{
					count := self.decode_int(1).Uint64()
					for count != 0 {
						self.load_value()
						count--
					}
				}
			case 0x7f:
				{
					count := self.decode_int(0)
					one := big.NewInt(1)
					for count.Sign() > 0 {
						self.load_value()
						count.Sub(count, one)
					}
				}
			}
			continue
		// Arrays
		case 0x80:
			{
				var length uint64
				switch control {
				default:
					length = uint64(control & 0xf)
				case 0x8d:
					length = self.decode_int(2).Uint64()
				case 0x8e:
					length = self.decode_int(1).Uint64()
				case 0x8f:
					length = self.decode_int(0).Uint64()
				}
				result := make([]interface{}, length)
				for i := range result {
					result[i] = self.load_value()
				}
				return result
			}
		// Objects
		case 0x90:
			{
				var length uint64
				switch control {
				default:
					length = uint64(control & 0xf)
				case 0x9d:
					length = self.decode_int(2).Uint64()
				case 0x9e:
					length = self.decode_int(1).Uint64()
				case 0x9f:
					length = self.decode_int(0).Uint64()
				}
				result := make(map[interface{}]interface{}, length)
				for i := uint64(0); i < length; i++ {
					key := self.load_value()
					result[key] = self.load_value()
				}
				return result
			}
		// Row-col swapped arrays
		case 0xa0:
			{
				var length uint
				switch control {
				case 0xa0:
					return unspecified_value
				default:
					length = uint(control & 0xf)
				case 0xad:
					length = uint(self.decode_int(2).Uint64())
				case 0xae:
					length = uint(self.decode_int(1).Uint64())
				case 0xaf:
					length = uint(self.decode_int(0).Uint64())
				}
				return self.load_swapped_array(length)
			}
		case 0xc0:
			switch control {
			// Lengthless arrays
			case 0xc8:
				{
					result := make([]interface{}, 0)
					for {
						item := self.load_value()
						switch item.(type) {
						default:
							result = append(result, item)
						case unspecified:
							return result
						}
					}
				}
			// Padding byte
			case 0xca:
				continue
			}
		// Delta encoded integers
		case 0xd0:
			{
				var delta *big.Int
				switch control {
				case 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5:
					delta = big.NewInt(int64(control & 0xf))
				case 0xd6, 0xd7, 0xd8, 0xd9, 0xda:
					delta = big.NewInt(int64(control&0xf) - 11)
				case 0xdb:
					delta = self.decode_int(4)
				case 0xdc:
					delta = self.decode_int(2)
				case 0xdd:
					delta = self.decode_int(1)
				case 0xde:
					delta = self.decode_int(0)
					delta.Neg(delta)
				case 0xdf:
					delta = self.decode_int(0)
				}
				if self.lastint != nil {
					self.lastint.Add(self.lastint, delta)
					return new(big.Int).Set(self.lastint)
				} else {
					self.store_err(&SyntaxError{
						"JKSN stream contains an invalid delta encoded integer",
						self.readcount,
					})
					return new(big.Int)
				}
			}
		case 0xf0:
			if control <= 0xf5 {
				switch control {
				case 0xf0:
					self.reader.Discard(1)
					self.readcount++
				case 0xf1:
					self.reader.Discard(4)
					self.readcount += 4
				case 0xf2:
					self.reader.Discard(16)
					self.readcount += 16
				case 0xf3:
					self.reader.Discard(20)
					self.readcount += 20
				case 0xf4:
					self.reader.Discard(32)
					self.readcount += 32
				case 0xf5:
					self.reader.Discard(64)
					self.readcount += 64
				}
				continue
			} else if control >= 0xf8 && control <= 0xfd {
				result := self.load_value()
				switch control {
				case 0xf8:
					self.reader.Discard(1)
					self.readcount++
				case 0xf9:
					self.reader.Discard(4)
					self.readcount += 4
				case 0xfa:
					self.reader.Discard(16)
					self.readcount += 16
				case 0xfb:
					self.reader.Discard(20)
					self.readcount += 20
				case 0xfc:
					self.reader.Discard(32)
					self.readcount += 32
				case 0xfd:
					self.reader.Discard(64)
					self.readcount += 64
				}
				return result
			} else if control == 0xff {
				self.load_value()
				continue
			}
		}
		self.store_err(&SyntaxError{
			fmt.Sprintf("jksn: cannot decode JKSN from byte 0x%02x", control),
			self.readcount - 1,
		})
		return nil
	}
}
Esempio n. 26
0
// Generates P = (x-a) for the given a
func xMinusConst(a *big.Int) Poly {
	b := new(big.Int)
	b.Neg(a)
	return Poly{b, big.NewInt(1)}
}
Esempio n. 27
0
// Verify verifies that sig is a valid signature of digest using the given hash
// function.
func (g *Group) Verify(digest []byte, hashFunc hash.Hash, sig []byte) bool {
	if len(sig) != SignatureSize {
		return false
	}

	t1, ok := new(bn256.G1).Unmarshal(sig[:2*32])
	if !ok {
		return false
	}
	t2, ok := new(bn256.G1).Unmarshal(sig[2*32 : 4*32])
	if !ok {
		return false
	}
	t3, ok := new(bn256.G1).Unmarshal(sig[4*32 : 6*32])
	if !ok {
		return false
	}
	c := new(big.Int).SetBytes(sig[6*32 : 7*32])
	salpha := new(big.Int).SetBytes(sig[7*32 : 8*32])
	sbeta := new(big.Int).SetBytes(sig[8*32 : 9*32])
	sx := new(big.Int).SetBytes(sig[9*32 : 10*32])
	sdelta1 := new(big.Int).SetBytes(sig[10*32 : 11*32])
	sdelta2 := new(big.Int).SetBytes(sig[11*32 : 12*32])

	r1 := new(bn256.G1).ScalarMult(g.u, salpha)
	tmp := new(big.Int).Neg(c)
	tmp.Add(tmp, bn256.Order)
	tmpg := new(bn256.G1).ScalarMult(t1, tmp)
	r1.Add(r1, tmpg)

	r2 := new(bn256.G1).ScalarMult(g.v, sbeta)
	tmpg.ScalarMult(t2, tmp)
	r2.Add(r2, tmpg)

	r4 := new(bn256.G1).ScalarMult(t1, sx)
	tmp.Neg(sdelta1)
	tmp.Add(tmp, bn256.Order)
	tmpg.ScalarMult(g.u, tmp)
	r4.Add(r4, tmpg)

	r5 := new(bn256.G1).ScalarMult(t2, sx)
	tmp.Neg(sdelta2)
	tmp.Add(tmp, bn256.Order)
	tmpg.ScalarMult(g.v, tmp)
	r5.Add(r5, tmpg)

	r3 := bn256.Pair(t3, g.g2)
	r3.ScalarMult(r3, sx)

	tmp.Neg(salpha)
	tmp.Sub(tmp, sbeta)
	tmp.Mod(tmp, bn256.Order)
	tmpgt := new(bn256.GT).ScalarMult(g.ehw, tmp)
	r3.Add(r3, tmpgt)

	tmp.Neg(sdelta1)
	tmp.Sub(tmp, sdelta2)
	tmp.Mod(tmp, bn256.Order)
	tmpgt.ScalarMult(g.ehg2, tmp)
	r3.Add(r3, tmpgt)

	et3w := bn256.Pair(t3, g.w)
	et3w.Add(et3w, g.minusEg1g2)
	et3w.ScalarMult(et3w, c)
	r3.Add(r3, et3w)

	hashFunc.Reset()
	hashFunc.Write(digest)
	hashFunc.Write(t1.Marshal())
	hashFunc.Write(t2.Marshal())
	hashFunc.Write(t3.Marshal())
	hashFunc.Write(r1.Marshal())
	hashFunc.Write(r2.Marshal())
	hashFunc.Write(r3.Marshal())
	hashFunc.Write(r4.Marshal())
	hashFunc.Write(r5.Marshal())
	cprime := new(big.Int).SetBytes(hashFunc.Sum(nil))
	cprime.Mod(cprime, bn256.Order)

	return cprime.Cmp(c) == 0
}
Esempio n. 28
0
// Post-order traversal, equivalent to postfix notation.
func Eval(node interface{}) (*big.Int, error) {
	switch nn := node.(type) {
	case *ast.BinaryExpr:
		z := new(big.Int)
		x, xerr := Eval(nn.X)
		if xerr != nil {
			return nil, xerr
		}
		y, yerr := Eval(nn.Y)
		if yerr != nil {
			return nil, yerr
		}
		switch nn.Op {
		case token.ADD:
			return z.Add(x, y), nil
		case token.SUB:
			return z.Sub(x, y), nil
		case token.MUL:
			return z.Mul(x, y), nil
		case token.QUO:
			if y.Sign() == 0 { // 0 denominator
				return nil, DivideByZero
			}
			return z.Quo(x, y), nil
		case token.REM:
			if y.Sign() == 0 {
				return nil, DivideByZero
			}
			return z.Rem(x, y), nil
		case token.AND:
			return z.And(x, y), nil
		case token.OR:
			return z.Or(x, y), nil
		case token.XOR:
			return z.Xor(x, y), nil
		case token.SHL:
			if y.Sign() < 0 { // negative shift
				return nil, NegativeShift
			}
			return z.Lsh(x, uint(y.Int64())), nil
		case token.SHR:
			if y.Sign() < 0 {
				return nil, NegativeShift
			}
			return z.Rsh(x, uint(y.Int64())), nil
		case token.AND_NOT:
			return z.AndNot(x, y), nil
		default:
			return nil, UnknownOpErr
		}
	case *ast.UnaryExpr:
		var z *big.Int
		var err error
		if z, err = Eval(nn.X); err != nil {
			return nil, err
		}
		switch nn.Op {
		case token.SUB: // -x
			return z.Neg(z), nil
		case token.XOR: // ^x
			return z.Not(z), nil
		case token.ADD: // +x (useless)
			return z, nil
		}
	case *ast.BasicLit:
		z := new(big.Int)
		switch nn.Kind {
		case token.INT:
			z.SetString(nn.Value, 0)
			return z, nil
		default:
			return nil, UnknownLitErr
		}
	case *ast.ParenExpr:
		z, err := Eval(nn.X)
		if err != nil {
			return nil, err
		}
		return z, nil
	case *ast.CallExpr:
		ident, ok := nn.Fun.(*ast.Ident)
		if !ok {
			return nil, UnknownTokenErr // quarter to four am; dunno correct error
		}
		var f Func
		f, ok = FuncMap[ident.Name]
		if !ok {
			return nil, UnknownFuncErr
		}
		var aerr error
		args := make([]*big.Int, len(nn.Args))
		for i, a := range nn.Args {
			if args[i], aerr = Eval(a); aerr != nil {
				return nil, aerr
			}
		}
		x, xerr := f(args...)
		if xerr != nil {
			return nil, xerr
		}
		return x, nil
	}
	return nil, UnknownTokenErr
}
Esempio n. 29
0
// 3f 80 80 01 UNIVERSAL 1 (BOOLEAN), CONSTRUCTED
// returns the index of the next undecoded byte
func analyseDER(der []byte, idx int, indent string, output *[]string) int {
	for idx < len(der) {
		*output = append(*output, indent)
		tag := int(der[idx])
		*output = append(*output, fmt.Sprintf("%02X", tag))
		class := tag & (128 + 64)
		constructed := (tag & 32) != 0
		tagnum := tag & 31
		if tagnum == 31 {
			tagnum = 0
			for {
				idx++
				if idx == len(der) {
					*output = append(*output, prematureEnd)
					return idx
				}
				*output = append(*output, fmt.Sprintf(" %02X", der[idx]))
				tagnum = (tagnum << 7) + int(der[idx]&127)
				if der[idx]&128 == 0 {
					break
				}
				if tagnum > 0xFFFFFF { // arbitrary cutoff for tag sizes to prevent overflow of tagnum
					*output = append(*output, " !TAG OUT OF RANGE!")
					return idx
				}
			}
		}

		classstr := TagClass[class]
		if classstr == "" {
			classstr = "CONTEXT-SPECIFIC "
		}
		*output = append(*output, fmt.Sprintf(" %v%v", classstr, tagnum))

		if class == 0 && tagnum > 0 && tagnum < 31 { // UNIVERSAL (except 0 which is reserved)
			*output = append(*output, fmt.Sprintf(" (%v)", UniversalTagName[tagnum]))
		}

		if constructed {
			*output = append(*output, " CONSTRUCTED")
		} else {
			*output = append(*output, " PRIMITIVE")
		}
		*output = append(*output, "\n")

		idx++
		if idx == len(der) {
			*output = append(*output, prematureEnd)
			return idx
		}

		*output = append(*output, fmt.Sprintf("%v%02X", indent, der[idx]))

		length := int(der[idx])
		if length <= 127 {
			*output = append(*output, fmt.Sprintf(" LENGTH %v", length))
		} else {
			length &= 127
			if length == 0 { // indefinite length
				length = -1
				if !constructed {
					*output = append(*output, fmt.Sprintf(" !PRIMITIVE ENCODING WITH INDEFINITE LENGTH!"))
					return idx
				}
				*output = append(*output, fmt.Sprintf(" INDEFINITE LENGTH"))
			} else {
				if length > 3 { // reject data structures larger than 16MB (or incorrectly encoded length)
					*output = append(*output, " !TOO MANY LENGTH OCTETS!")
					return idx
				}

				l := 0
				for length > 0 {
					idx++
					if idx == len(der) {
						*output = append(*output, prematureEnd)
						return idx
					}
					*output = append(*output, fmt.Sprintf(" %02X", der[idx]))
					l = (l << 8) + int(der[idx])
					length--
				}
				length = l
				*output = append(*output, fmt.Sprintf(" LENGTH %v", length))
			}
		}

		if tag == 0 && length == 0 { // end of contents marker
			return idx + 1
		}

		*output = append(*output, "\n")

		if constructed {
			idx++
			if length < 0 { // indefinite length
				idx = analyseDER(der, idx, indent+indentStep, output)
			} else if idx+length > len(der) { // length exceeds available data
				*output = append(*output, " !LENGTH EXCEEDS AVAILABLE DATA!")
			} else {
				idx2 := analyseDER(der[0:idx+length], idx, indent+indentStep, output)
				if idx2 != idx+length {
					*output = append(*output, " !SHORT DATA!")
				}
				idx = idx2
			}

			// if a decoding error occurred, do not continue
			if strings.HasSuffix((*output)[len(*output)-1], "!") {
				return idx
			}

		} else { // primitive
			*output = append(*output, indent)
			if length == 0 {
				*output = append(*output, "EMPTY ")
			}

			contents := ""
			already_decoded := false
			decoding := []string{}
			if length > 0 && idx+length < len(der) && ((tag&(128+64) == 128) || tag == 19 || tag == 4 || tag == 6 || tag == 12 || tag == 23 || tag == 22 || tag == 2) {
				cont := der[idx+1 : idx+1+length]
				if tag == 2 { // INTEGER
					var b big.Int
					b.SetBytes(cont)
					if cont[0]&128 != 0 { // negative number
						var x big.Int
						x.SetBit(&x, len(cont)*8, 1)
						x.Sub(&x, &b)
						b.Neg(&x)
					}
					contents = " " + b.String()
				}
				if contents == "" && (tag == 4 || tag > 31) { // try to parse as DER
					idx2 := analyseDER(cont, 0, indent+indentStep, &decoding)
					if idx2 == len(cont) && len(decoding) > 0 && !strings.HasSuffix(decoding[len(decoding)-1], "!") {
						contents = " ARE VALID DER => DECODING\n"
						already_decoded = true
						length -= len(cont)
						idx += len(cont)
					}
				}
				if contents == "" && tag != 6 && length < 80 { // try to parse as string
					contents = fmt.Sprintf(" %q", cont)
					if strings.Contains(contents, `\x`) {
						contents = ""
					}
				}
				if contents == "" && (tag == 6 || (length < 16 && length >= 4)) { // Try to parse as OID
					contents = " " + oidString(cont)
					if strings.HasSuffix(contents, "!") {
						contents = ""
					}
				}
			} // no else for error reporting here because error will be reported further below

			for !already_decoded && length > 0 {
				idx++
				if idx == len(der) {
					*output = append(*output, prematureEnd)
					return idx
				}
				*output = append(*output, fmt.Sprintf("%02X ", der[idx]))
				length--
			}

			*output = append(*output, "CONTENTS")
			if contents != "" {
				*output = append(*output, contents)

			}
			if already_decoded {
				*output = append(*output, decoding...)
			} else {
				*output = append(*output, "\n")
			}
			idx++
		}
	}

	return idx
}