You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1321 lines
29 KiB
1321 lines
29 KiB
package parsers
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"encoding/binary"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"math/big"
|
|
"os"
|
|
"strconv"
|
|
"strings"
|
|
|
|
bn256 "github.com/ethereum/go-ethereum/crypto/bn256/cloudflare"
|
|
"github.com/iden3/go-circom-prover-verifier/types"
|
|
)
|
|
|
|
// PkString is the equivalent to the Pk struct in string representation, containing the ProvingKey
|
|
type PkString struct {
|
|
A [][]string `json:"A"`
|
|
B2 [][][]string `json:"B2"`
|
|
B1 [][]string `json:"B1"`
|
|
C [][]string `json:"C"`
|
|
NVars int `json:"nVars"`
|
|
NPublic int `json:"nPublic"`
|
|
VkAlpha1 []string `json:"vk_alfa_1"`
|
|
VkDelta1 []string `json:"vk_delta_1"`
|
|
VkBeta1 []string `json:"vk_beta_1"`
|
|
VkBeta2 [][]string `json:"vk_beta_2"`
|
|
VkDelta2 [][]string `json:"vk_delta_2"`
|
|
HExps [][]string `json:"hExps"`
|
|
DomainSize int `json:"domainSize"`
|
|
PolsA []map[string]string `json:"polsA"`
|
|
PolsB []map[string]string `json:"polsB"`
|
|
PolsC []map[string]string `json:"polsC"`
|
|
}
|
|
|
|
// WitnessString contains the Witness in string representation
|
|
type WitnessString []string
|
|
|
|
// ProofString is the equivalent to the Proof struct in string representation
|
|
type ProofString struct {
|
|
A []string `json:"pi_a"`
|
|
B [][]string `json:"pi_b"`
|
|
C []string `json:"pi_c"`
|
|
Protocol string `json:"protocol"`
|
|
}
|
|
|
|
// VkString is the Verification Key data structure in string format (from json)
|
|
type VkString struct {
|
|
Alpha []string `json:"vk_alfa_1"`
|
|
Beta [][]string `json:"vk_beta_2"`
|
|
Gamma [][]string `json:"vk_gamma_2"`
|
|
Delta [][]string `json:"vk_delta_2"`
|
|
IC [][]string `json:"IC"`
|
|
}
|
|
|
|
// ParseWitness parses the json []byte data into the Witness struct
|
|
func ParseWitness(wJson []byte) (types.Witness, error) {
|
|
var ws WitnessString
|
|
err := json.Unmarshal(wJson, &ws)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var w types.Witness
|
|
for i := 0; i < len(ws); i++ {
|
|
bi, err := stringToBigInt(ws[i])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
w = append(w, bi)
|
|
}
|
|
return w, nil
|
|
}
|
|
|
|
// ParsePk parses the json []byte data into the Pk struct
|
|
func ParsePk(pkJson []byte) (*types.Pk, error) {
|
|
var pkStr PkString
|
|
err := json.Unmarshal(pkJson, &pkStr)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk, err := pkStringToPk(pkStr)
|
|
return pk, err
|
|
}
|
|
|
|
func pkStringToPk(ps PkString) (*types.Pk, error) {
|
|
var p types.Pk
|
|
var err error
|
|
|
|
p.A, err = arrayStringToG1(ps.A)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p.B2, err = arrayStringToG2(ps.B2)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p.B1, err = arrayStringToG1(ps.B1)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p.C, err = arrayStringToG1(ps.C)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
p.NVars = ps.NVars
|
|
p.NPublic = ps.NPublic
|
|
|
|
p.VkAlpha1, err = stringToG1(ps.VkAlpha1)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
p.VkDelta1, err = stringToG1(ps.VkDelta1)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
p.VkBeta1, err = stringToG1(ps.VkBeta1)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p.VkBeta2, err = stringToG2(ps.VkBeta2)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p.VkDelta2, err = stringToG2(ps.VkDelta2)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
p.HExps, err = arrayStringToG1(ps.HExps)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
p.DomainSize = ps.DomainSize
|
|
|
|
p.PolsA, err = polsStringToBigInt(ps.PolsA)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p.PolsB, err = polsStringToBigInt(ps.PolsB)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p.PolsC, err = polsStringToBigInt(ps.PolsC)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &p, nil
|
|
}
|
|
|
|
func proofStringToProof(pr ProofString) (*types.Proof, error) {
|
|
var p types.Proof
|
|
var err error
|
|
p.A, err = stringToG1(pr.A)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
p.B, err = stringToG2(pr.B)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
p.C, err = stringToG1(pr.C)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &p, nil
|
|
}
|
|
|
|
// ParseProof takes a json []byte and outputs the *Proof struct
|
|
func ParseProof(pj []byte) (*types.Proof, error) {
|
|
var pr ProofString
|
|
err := json.Unmarshal(pj, &pr)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p, err := proofStringToProof(pr)
|
|
return p, err
|
|
}
|
|
|
|
// ParsePublicSignals takes a json []byte and outputs the []*big.Int struct
|
|
func ParsePublicSignals(pj []byte) ([]*big.Int, error) {
|
|
var pr []string
|
|
err := json.Unmarshal(pj, &pr)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var public []*big.Int
|
|
for _, s := range pr {
|
|
sb, err := stringToBigInt(s)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
public = append(public, sb)
|
|
}
|
|
return public, nil
|
|
}
|
|
|
|
// ParseVk takes a json []byte and outputs the *Vk struct
|
|
func ParseVk(vj []byte) (*types.Vk, error) {
|
|
var vr VkString
|
|
err := json.Unmarshal(vj, &vr)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
v, err := vkStringToVk(vr)
|
|
return v, err
|
|
}
|
|
|
|
func vkStringToVk(vr VkString) (*types.Vk, error) {
|
|
var v types.Vk
|
|
var err error
|
|
v.Alpha, err = stringToG1(vr.Alpha)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
v.Beta, err = stringToG2(vr.Beta)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
v.Gamma, err = stringToG2(vr.Gamma)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
v.Delta, err = stringToG2(vr.Delta)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
for i := 0; i < len(vr.IC); i++ {
|
|
p, err := stringToG1(vr.IC[i])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
v.IC = append(v.IC, p)
|
|
}
|
|
|
|
return &v, nil
|
|
}
|
|
|
|
// polsStringToBigInt is for taking string polynomials and converting it to *big.Int polynomials
|
|
func polsStringToBigInt(s []map[string]string) ([]map[int]*big.Int, error) {
|
|
var o []map[int]*big.Int
|
|
for i := 0; i < len(s); i++ {
|
|
// var oi map[int]*big.Int
|
|
oi := make(map[int]*big.Int)
|
|
for j, v := range s[i] {
|
|
si, err := stringToBigInt(v)
|
|
if err != nil {
|
|
return o, err
|
|
}
|
|
// oi = append(oi, si)
|
|
jInt, err := strconv.Atoi(j)
|
|
if err != nil {
|
|
return o, err
|
|
}
|
|
oi[jInt] = si
|
|
}
|
|
o = append(o, oi)
|
|
}
|
|
return o, nil
|
|
}
|
|
|
|
// ArrayBigIntToString converts an []*big.Int into []string, used to output the Public Signals
|
|
func ArrayBigIntToString(bi []*big.Int) []string {
|
|
var s []string
|
|
for i := 0; i < len(bi); i++ {
|
|
s = append(s, bi[i].String())
|
|
}
|
|
return s
|
|
}
|
|
|
|
func arrayStringToBigInt(s []string) ([]*big.Int, error) {
|
|
var o []*big.Int
|
|
for i := 0; i < len(s); i++ {
|
|
si, err := stringToBigInt(s[i])
|
|
if err != nil {
|
|
return o, nil
|
|
}
|
|
o = append(o, si)
|
|
}
|
|
return o, nil
|
|
}
|
|
|
|
func stringToBigInt(s string) (*big.Int, error) {
|
|
base := 10
|
|
if bytes.HasPrefix([]byte(s), []byte("0x")) {
|
|
base = 16
|
|
s = strings.TrimPrefix(s, "0x")
|
|
}
|
|
n, ok := new(big.Int).SetString(s, base)
|
|
if !ok {
|
|
return nil, fmt.Errorf("Can not parse string to *big.Int: %s", s)
|
|
}
|
|
return n, nil
|
|
}
|
|
|
|
func addPadding32(b []byte) []byte {
|
|
if len(b) != 32 {
|
|
b = addZPadding(b)
|
|
}
|
|
return b
|
|
}
|
|
|
|
func addZPadding(b []byte) []byte {
|
|
var z [32]byte
|
|
var r []byte
|
|
r = append(r, z[len(b):]...) // add padding on the left
|
|
r = append(r, b...)
|
|
return r[:32]
|
|
}
|
|
|
|
func stringToBytes(s string) ([]byte, error) {
|
|
if s == "1" {
|
|
s = "0"
|
|
}
|
|
bi, ok := new(big.Int).SetString(s, 10)
|
|
if !ok {
|
|
return nil, fmt.Errorf("error parsing bigint stringToBytes")
|
|
}
|
|
b := bi.Bytes()
|
|
if len(b) != 32 {
|
|
b = addZPadding(b)
|
|
}
|
|
return b, nil
|
|
|
|
}
|
|
|
|
func arrayStringToG1(h [][]string) ([]*bn256.G1, error) {
|
|
var o []*bn256.G1
|
|
for i := 0; i < len(h); i++ {
|
|
hi, err := stringToG1(h[i])
|
|
if err != nil {
|
|
return o, err
|
|
}
|
|
o = append(o, hi)
|
|
}
|
|
return o, nil
|
|
}
|
|
|
|
func arrayStringToG2(h [][][]string) ([]*bn256.G2, error) {
|
|
var o []*bn256.G2
|
|
for i := 0; i < len(h); i++ {
|
|
hi, err := stringToG2(h[i])
|
|
if err != nil {
|
|
return o, err
|
|
}
|
|
o = append(o, hi)
|
|
}
|
|
return o, nil
|
|
}
|
|
|
|
func stringToG1(h []string) (*bn256.G1, error) {
|
|
if len(h) <= 2 {
|
|
return nil, fmt.Errorf("not enought data for stringToG1")
|
|
}
|
|
h = h[:2]
|
|
hexa := false
|
|
if len(h[0]) > 1 {
|
|
if "0x" == h[0][:2] {
|
|
hexa = true
|
|
}
|
|
}
|
|
in := ""
|
|
|
|
var b []byte
|
|
var err error
|
|
if hexa {
|
|
for i := range h {
|
|
in += strings.TrimPrefix(h[i], "0x")
|
|
}
|
|
b, err = hex.DecodeString(in)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
} else {
|
|
// TODO TMP
|
|
// TODO use stringToBytes()
|
|
if h[0] == "1" {
|
|
h[0] = "0"
|
|
}
|
|
if h[1] == "1" {
|
|
h[1] = "0"
|
|
}
|
|
bi0, ok := new(big.Int).SetString(h[0], 10)
|
|
if !ok {
|
|
return nil, fmt.Errorf("error parsing stringToG1")
|
|
}
|
|
bi1, ok := new(big.Int).SetString(h[1], 10)
|
|
if !ok {
|
|
return nil, fmt.Errorf("error parsing stringToG1")
|
|
}
|
|
b0 := bi0.Bytes()
|
|
b1 := bi1.Bytes()
|
|
if len(b0) != 32 {
|
|
b0 = addZPadding(b0)
|
|
}
|
|
if len(b1) != 32 {
|
|
b1 = addZPadding(b1)
|
|
}
|
|
|
|
b = append(b, b0...)
|
|
b = append(b, b1...)
|
|
}
|
|
p := new(bn256.G1)
|
|
_, err = p.Unmarshal(b)
|
|
|
|
return p, err
|
|
}
|
|
|
|
func stringToG2(h [][]string) (*bn256.G2, error) {
|
|
if len(h) <= 2 {
|
|
return nil, fmt.Errorf("not enought data for stringToG2")
|
|
}
|
|
h = h[:2]
|
|
hexa := false
|
|
if len(h[0][0]) > 1 {
|
|
if "0x" == h[0][0][:2] {
|
|
hexa = true
|
|
}
|
|
}
|
|
in := ""
|
|
var b []byte
|
|
var err error
|
|
if hexa {
|
|
for i := 0; i < len(h); i++ {
|
|
for j := 0; j < len(h[i]); j++ {
|
|
in += strings.TrimPrefix(h[i][j], "0x")
|
|
}
|
|
}
|
|
b, err = hex.DecodeString(in)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
} else {
|
|
// TODO TMP
|
|
bH, err := stringToBytes(h[0][1])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
b = append(b, bH...)
|
|
bH, err = stringToBytes(h[0][0])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
b = append(b, bH...)
|
|
bH, err = stringToBytes(h[1][1])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
b = append(b, bH...)
|
|
bH, err = stringToBytes(h[1][0])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
b = append(b, bH...)
|
|
}
|
|
|
|
p := new(bn256.G2)
|
|
_, err = p.Unmarshal(b)
|
|
return p, err
|
|
}
|
|
|
|
// ProofStringToSmartContractFormat converts the ProofString to a ProofString in the SmartContract format in a ProofString structure
|
|
func ProofStringToSmartContractFormat(s ProofString) ProofString {
|
|
var rs ProofString
|
|
rs.A = make([]string, 2)
|
|
rs.B = make([][]string, 2)
|
|
rs.B[0] = make([]string, 2)
|
|
rs.B[1] = make([]string, 2)
|
|
rs.C = make([]string, 2)
|
|
|
|
rs.A[0] = s.A[0]
|
|
rs.A[1] = s.A[1]
|
|
rs.B[0][0] = s.B[0][1]
|
|
rs.B[0][1] = s.B[0][0]
|
|
rs.B[1][0] = s.B[1][1]
|
|
rs.B[1][1] = s.B[1][0]
|
|
rs.C[0] = s.C[0]
|
|
rs.C[1] = s.C[1]
|
|
rs.Protocol = s.Protocol
|
|
return rs
|
|
}
|
|
|
|
// ProofToSmartContractFormat converts the *types.Proof to a ProofString in the SmartContract format in a ProofString structure
|
|
func ProofToSmartContractFormat(p *types.Proof) ProofString {
|
|
s := ProofToString(p)
|
|
return ProofStringToSmartContractFormat(s)
|
|
}
|
|
|
|
// ProofToString converts the Proof to ProofString
|
|
func ProofToString(p *types.Proof) ProofString {
|
|
var ps ProofString
|
|
ps.A = make([]string, 3)
|
|
ps.B = make([][]string, 3)
|
|
ps.B[0] = make([]string, 2)
|
|
ps.B[1] = make([]string, 2)
|
|
ps.B[2] = make([]string, 2)
|
|
ps.C = make([]string, 3)
|
|
|
|
a := p.A.Marshal()
|
|
ps.A[0] = new(big.Int).SetBytes(a[:32]).String()
|
|
ps.A[1] = new(big.Int).SetBytes(a[32:64]).String()
|
|
ps.A[2] = "1"
|
|
|
|
b := p.B.Marshal()
|
|
ps.B[0][1] = new(big.Int).SetBytes(b[:32]).String()
|
|
ps.B[0][0] = new(big.Int).SetBytes(b[32:64]).String()
|
|
ps.B[1][1] = new(big.Int).SetBytes(b[64:96]).String()
|
|
ps.B[1][0] = new(big.Int).SetBytes(b[96:128]).String()
|
|
ps.B[2][0] = "1"
|
|
ps.B[2][1] = "0"
|
|
|
|
c := p.C.Marshal()
|
|
ps.C[0] = new(big.Int).SetBytes(c[:32]).String()
|
|
ps.C[1] = new(big.Int).SetBytes(c[32:64]).String()
|
|
ps.C[2] = "1"
|
|
|
|
ps.Protocol = "groth"
|
|
|
|
return ps
|
|
}
|
|
|
|
// ProofToJson outputs the Proof i Json format
|
|
func ProofToJson(p *types.Proof) ([]byte, error) {
|
|
ps := ProofToString(p)
|
|
return json.Marshal(ps)
|
|
}
|
|
|
|
// ProofToHex converts the Proof to ProofString with hexadecimal strings
|
|
func ProofToHex(p *types.Proof) ProofString {
|
|
var ps ProofString
|
|
ps.A = make([]string, 3)
|
|
ps.B = make([][]string, 3)
|
|
ps.B[0] = make([]string, 2)
|
|
ps.B[1] = make([]string, 2)
|
|
ps.B[2] = make([]string, 2)
|
|
ps.C = make([]string, 3)
|
|
|
|
a := p.A.Marshal()
|
|
ps.A[0] = "0x" + hex.EncodeToString(new(big.Int).SetBytes(a[:32]).Bytes())
|
|
ps.A[1] = "0x" + hex.EncodeToString(new(big.Int).SetBytes(a[32:64]).Bytes())
|
|
ps.A[2] = "1"
|
|
|
|
b := p.B.Marshal()
|
|
ps.B[0][1] = "0x" + hex.EncodeToString(new(big.Int).SetBytes(b[:32]).Bytes())
|
|
ps.B[0][0] = "0x" + hex.EncodeToString(new(big.Int).SetBytes(b[32:64]).Bytes())
|
|
ps.B[1][1] = "0x" + hex.EncodeToString(new(big.Int).SetBytes(b[64:96]).Bytes())
|
|
ps.B[1][0] = "0x" + hex.EncodeToString(new(big.Int).SetBytes(b[96:128]).Bytes())
|
|
ps.B[2][0] = "1"
|
|
ps.B[2][1] = "0"
|
|
|
|
c := p.C.Marshal()
|
|
ps.C[0] = "0x" + hex.EncodeToString(new(big.Int).SetBytes(c[:32]).Bytes())
|
|
ps.C[1] = "0x" + hex.EncodeToString(new(big.Int).SetBytes(c[32:64]).Bytes())
|
|
ps.C[2] = "1"
|
|
|
|
ps.Protocol = "groth"
|
|
|
|
return ps
|
|
}
|
|
|
|
// ProofToJsonHex outputs the Proof i Json format with hexadecimal strings
|
|
func ProofToJsonHex(p *types.Proof) ([]byte, error) {
|
|
ps := ProofToHex(p)
|
|
return json.Marshal(ps)
|
|
}
|
|
|
|
// ParseWitnessBin parses binary file representation of the Witness into the Witness struct
|
|
func ParseWitnessBin(f *os.File) (types.Witness, error) {
|
|
var w types.Witness
|
|
r := bufio.NewReader(f)
|
|
for {
|
|
b := make([]byte, 32)
|
|
n, err := r.Read(b)
|
|
if err == io.EOF {
|
|
return w, nil
|
|
} else if err != nil {
|
|
return nil, err
|
|
}
|
|
if n != 32 {
|
|
return nil, fmt.Errorf("error on value format, expected 32 bytes, got %v", n)
|
|
}
|
|
w = append(w, new(big.Int).SetBytes(swapEndianness(b[0:32])))
|
|
}
|
|
}
|
|
|
|
// swapEndianness swaps the order of the bytes in the slice.
|
|
func swapEndianness(b []byte) []byte {
|
|
o := make([]byte, len(b))
|
|
for i := range b {
|
|
o[len(b)-1-i] = b[i]
|
|
}
|
|
return o
|
|
}
|
|
|
|
func readNBytes(r io.Reader, n int) ([]byte, error) {
|
|
b := make([]byte, n)
|
|
_, err := io.ReadFull(r, b)
|
|
if err != nil {
|
|
return b, err
|
|
}
|
|
return b, nil
|
|
}
|
|
|
|
// ParsePkBin parses binary file representation of the ProvingKey into the ProvingKey struct
|
|
func ParsePkBin(f *os.File) (*types.Pk, error) {
|
|
o := 0
|
|
var pk types.Pk
|
|
r := bufio.NewReader(f)
|
|
|
|
b, err := readNBytes(r, 12)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.NVars = int(binary.LittleEndian.Uint32(b[:4]))
|
|
pk.NPublic = int(binary.LittleEndian.Uint32(b[4:8]))
|
|
pk.DomainSize = int(binary.LittleEndian.Uint32(b[8:12]))
|
|
o += 12
|
|
|
|
b, err = readNBytes(r, 8)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pPolsA := int(binary.LittleEndian.Uint32(b[:4]))
|
|
pPolsB := int(binary.LittleEndian.Uint32(b[4:8]))
|
|
o += 8
|
|
|
|
b, err = readNBytes(r, 20)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pPointsA := int(binary.LittleEndian.Uint32(b[:4]))
|
|
pPointsB1 := int(binary.LittleEndian.Uint32(b[4:8]))
|
|
pPointsB2 := int(binary.LittleEndian.Uint32(b[8:12]))
|
|
pPointsC := int(binary.LittleEndian.Uint32(b[12:16]))
|
|
pPointsHExps := int(binary.LittleEndian.Uint32(b[16:20]))
|
|
o += 20
|
|
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.VkAlpha1 = new(bn256.G1)
|
|
_, err = pk.VkAlpha1.Unmarshal(fromMont1Q(b))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.VkBeta1 = new(bn256.G1)
|
|
_, err = pk.VkBeta1.Unmarshal(fromMont1Q(b))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.VkDelta1 = new(bn256.G1)
|
|
_, err = pk.VkDelta1.Unmarshal(fromMont1Q(b))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
b, err = readNBytes(r, 128)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.VkBeta2 = new(bn256.G2)
|
|
_, err = pk.VkBeta2.Unmarshal(fromMont2Q(b))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
b, err = readNBytes(r, 128)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.VkDelta2 = new(bn256.G2)
|
|
_, err = pk.VkDelta2.Unmarshal(fromMont2Q(b))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
o += 448
|
|
if o != pPolsA {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPolsA, o)
|
|
}
|
|
|
|
// PolsA
|
|
for i := 0; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 4)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
keysLength := int(binary.LittleEndian.Uint32(b[:4]))
|
|
o += 4
|
|
polsMap := make(map[int]*big.Int)
|
|
for j := 0; j < keysLength; j++ {
|
|
bK, err := readNBytes(r, 4)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
key := int(binary.LittleEndian.Uint32(bK[:4]))
|
|
o += 4
|
|
|
|
b, err := readNBytes(r, 32)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
polsMap[key] = new(big.Int).SetBytes(fromMont1R(b[:32]))
|
|
o += 32
|
|
}
|
|
pk.PolsA = append(pk.PolsA, polsMap)
|
|
}
|
|
if o != pPolsB {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPolsB, o)
|
|
}
|
|
// PolsB
|
|
for i := 0; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 4)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
keysLength := int(binary.LittleEndian.Uint32(b[:4]))
|
|
o += 4
|
|
polsMap := make(map[int]*big.Int)
|
|
for j := 0; j < keysLength; j++ {
|
|
bK, err := readNBytes(r, 4)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
key := int(binary.LittleEndian.Uint32(bK[:4]))
|
|
o += 4
|
|
|
|
b, err := readNBytes(r, 32)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
polsMap[key] = new(big.Int).SetBytes(fromMont1R(b[:32]))
|
|
o += 32
|
|
}
|
|
pk.PolsB = append(pk.PolsB, polsMap)
|
|
}
|
|
if o != pPointsA {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPointsA, o)
|
|
}
|
|
// A
|
|
for i := 0; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p1 := new(bn256.G1)
|
|
_, err = p1.Unmarshal(fromMont1Q(b))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.A = append(pk.A, p1)
|
|
o += 64
|
|
}
|
|
if o != pPointsB1 {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPointsB1, o)
|
|
}
|
|
// B1
|
|
for i := 0; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p1 := new(bn256.G1)
|
|
_, err = p1.Unmarshal(fromMont1Q(b))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.B1 = append(pk.B1, p1)
|
|
o += 64
|
|
}
|
|
if o != pPointsB2 {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPointsB2, o)
|
|
}
|
|
// B2
|
|
for i := 0; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 128)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p2 := new(bn256.G2)
|
|
_, err = p2.Unmarshal(fromMont2Q(b))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.B2 = append(pk.B2, p2)
|
|
o += 128
|
|
}
|
|
if o != pPointsC {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPointsC, o)
|
|
}
|
|
// C
|
|
zb := make([]byte, 64)
|
|
z := new(bn256.G1)
|
|
_, err = z.Unmarshal(zb)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.C = append(pk.C, z) // circom behaviour (3x null==["0", "0", "0"])
|
|
pk.C = append(pk.C, z)
|
|
pk.C = append(pk.C, z)
|
|
for i := pk.NPublic + 1; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p1 := new(bn256.G1)
|
|
_, err = p1.Unmarshal(fromMont1Q(b))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.C = append(pk.C, p1)
|
|
o += 64
|
|
}
|
|
if o != pPointsHExps {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPointsHExps, o)
|
|
}
|
|
// HExps
|
|
for i := 0; i < pk.DomainSize; i++ {
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p1 := new(bn256.G1)
|
|
_, err = p1.Unmarshal(fromMont1Q(b))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.HExps = append(pk.HExps, p1)
|
|
}
|
|
return &pk, nil
|
|
}
|
|
|
|
func fromMont1Q(m []byte) []byte {
|
|
a := new(big.Int).SetBytes(swapEndianness(m[:32]))
|
|
b := new(big.Int).SetBytes(swapEndianness(m[32:64]))
|
|
|
|
x := coordFromMont(a, types.Q)
|
|
y := coordFromMont(b, types.Q)
|
|
if bytes.Equal(x.Bytes(), big.NewInt(1).Bytes()) {
|
|
x = big.NewInt(0)
|
|
}
|
|
if bytes.Equal(y.Bytes(), big.NewInt(1).Bytes()) {
|
|
y = big.NewInt(0)
|
|
}
|
|
|
|
xBytes := x.Bytes()
|
|
yBytes := y.Bytes()
|
|
if len(xBytes) != 32 {
|
|
xBytes = addZPadding(xBytes)
|
|
}
|
|
if len(yBytes) != 32 {
|
|
yBytes = addZPadding(yBytes)
|
|
}
|
|
|
|
var p []byte
|
|
p = append(p, xBytes...)
|
|
p = append(p, yBytes...)
|
|
|
|
return p
|
|
}
|
|
|
|
func fromMont2Q(m []byte) []byte {
|
|
a := new(big.Int).SetBytes(swapEndianness(m[:32]))
|
|
b := new(big.Int).SetBytes(swapEndianness(m[32:64]))
|
|
c := new(big.Int).SetBytes(swapEndianness(m[64:96]))
|
|
d := new(big.Int).SetBytes(swapEndianness(m[96:128]))
|
|
|
|
x := coordFromMont(a, types.Q)
|
|
y := coordFromMont(b, types.Q)
|
|
z := coordFromMont(c, types.Q)
|
|
t := coordFromMont(d, types.Q)
|
|
|
|
if bytes.Equal(x.Bytes(), big.NewInt(1).Bytes()) {
|
|
x = big.NewInt(0)
|
|
}
|
|
if bytes.Equal(y.Bytes(), big.NewInt(1).Bytes()) {
|
|
y = big.NewInt(0)
|
|
}
|
|
if bytes.Equal(z.Bytes(), big.NewInt(1).Bytes()) {
|
|
z = big.NewInt(0)
|
|
}
|
|
if bytes.Equal(t.Bytes(), big.NewInt(1).Bytes()) {
|
|
t = big.NewInt(0)
|
|
}
|
|
|
|
xBytes := x.Bytes()
|
|
yBytes := y.Bytes()
|
|
zBytes := z.Bytes()
|
|
tBytes := t.Bytes()
|
|
if len(xBytes) != 32 {
|
|
xBytes = addZPadding(xBytes)
|
|
}
|
|
if len(yBytes) != 32 {
|
|
yBytes = addZPadding(yBytes)
|
|
}
|
|
if len(zBytes) != 32 {
|
|
zBytes = addZPadding(zBytes)
|
|
}
|
|
if len(tBytes) != 32 {
|
|
tBytes = addZPadding(tBytes)
|
|
}
|
|
|
|
var p []byte
|
|
p = append(p, yBytes...) // swap
|
|
p = append(p, xBytes...)
|
|
p = append(p, tBytes...)
|
|
p = append(p, zBytes...)
|
|
|
|
return p
|
|
}
|
|
|
|
func fromMont1R(m []byte) []byte {
|
|
a := new(big.Int).SetBytes(swapEndianness(m[:32]))
|
|
|
|
x := coordFromMont(a, types.R)
|
|
|
|
return x.Bytes()
|
|
}
|
|
|
|
func fromMont2R(m []byte) []byte {
|
|
a := new(big.Int).SetBytes(swapEndianness(m[:32]))
|
|
b := new(big.Int).SetBytes(swapEndianness(m[32:64]))
|
|
c := new(big.Int).SetBytes(swapEndianness(m[64:96]))
|
|
d := new(big.Int).SetBytes(swapEndianness(m[96:128]))
|
|
|
|
x := coordFromMont(a, types.R)
|
|
y := coordFromMont(b, types.R)
|
|
z := coordFromMont(c, types.R)
|
|
t := coordFromMont(d, types.R)
|
|
|
|
var p []byte
|
|
p = append(p, y.Bytes()...) // swap
|
|
p = append(p, x.Bytes()...)
|
|
p = append(p, t.Bytes()...)
|
|
p = append(p, z.Bytes()...)
|
|
|
|
return p
|
|
}
|
|
|
|
func coordFromMont(u, q *big.Int) *big.Int {
|
|
return new(big.Int).Mod(
|
|
new(big.Int).Mul(
|
|
u,
|
|
new(big.Int).ModInverse(
|
|
new(big.Int).Lsh(big.NewInt(1), 256),
|
|
q,
|
|
),
|
|
),
|
|
q,
|
|
)
|
|
}
|
|
|
|
// PkToGoBin converts the ProvingKey (*types.Pk) into binary format defined by
|
|
// go-circom-prover-verifier. PkGoBin is a own go-circom-prover-verifier
|
|
// binary format that allows to go faster when parsing.
|
|
func PkToGoBin(pk *types.Pk) ([]byte, error) {
|
|
var r []byte
|
|
o := 0
|
|
var b [4]byte
|
|
binary.LittleEndian.PutUint32(b[:], uint32(pk.NVars))
|
|
r = append(r, b[:]...)
|
|
|
|
binary.LittleEndian.PutUint32(b[:], uint32(pk.NPublic))
|
|
r = append(r, b[:]...)
|
|
|
|
binary.LittleEndian.PutUint32(b[:], uint32(pk.DomainSize))
|
|
r = append(r, b[:]...)
|
|
o += 12
|
|
|
|
// reserve space for pols (A, B) pos
|
|
b = [4]byte{}
|
|
r = append(r, b[:]...) // 12:16
|
|
r = append(r, b[:]...) // 16:20
|
|
o += 8
|
|
// reserve space for points (A, B1, B2, C, HExps) pos
|
|
r = append(r, b[:]...) // 20:24
|
|
r = append(r, b[:]...) // 24
|
|
r = append(r, b[:]...) // 28
|
|
r = append(r, b[:]...) // 32
|
|
r = append(r, b[:]...) // 36:40
|
|
o += 20
|
|
|
|
pb1 := pk.VkAlpha1.Marshal()
|
|
r = append(r, pb1[:]...)
|
|
pb1 = pk.VkBeta1.Marshal()
|
|
r = append(r, pb1[:]...)
|
|
pb1 = pk.VkDelta1.Marshal()
|
|
r = append(r, pb1[:]...)
|
|
pb2 := pk.VkBeta2.Marshal()
|
|
r = append(r, pb2[:]...)
|
|
pb2 = pk.VkDelta2.Marshal()
|
|
r = append(r, pb2[:]...)
|
|
o += 448
|
|
|
|
// polsA
|
|
binary.LittleEndian.PutUint32(r[12:16], uint32(o))
|
|
for i := 0; i < pk.NVars; i++ {
|
|
binary.LittleEndian.PutUint32(b[:], uint32(len(pk.PolsA[i])))
|
|
r = append(r, b[:]...)
|
|
o += 4
|
|
for j, v := range pk.PolsA[i] {
|
|
binary.LittleEndian.PutUint32(b[:], uint32(j))
|
|
r = append(r, b[:]...)
|
|
r = append(r, addPadding32(v.Bytes())...)
|
|
o += 32 + 4
|
|
}
|
|
}
|
|
// polsB
|
|
binary.LittleEndian.PutUint32(r[16:20], uint32(o))
|
|
for i := 0; i < pk.NVars; i++ {
|
|
binary.LittleEndian.PutUint32(b[:], uint32(len(pk.PolsB[i])))
|
|
r = append(r, b[:]...)
|
|
o += 4
|
|
for j, v := range pk.PolsB[i] {
|
|
binary.LittleEndian.PutUint32(b[:], uint32(j))
|
|
r = append(r, b[:]...)
|
|
r = append(r, addPadding32(v.Bytes())...)
|
|
o += 32 + 4
|
|
}
|
|
}
|
|
// A
|
|
binary.LittleEndian.PutUint32(r[20:24], uint32(o))
|
|
for i := 0; i < pk.NVars; i++ {
|
|
pb1 = pk.A[i].Marshal()
|
|
r = append(r, pb1[:]...)
|
|
o += 64
|
|
}
|
|
// B1
|
|
binary.LittleEndian.PutUint32(r[24:28], uint32(o))
|
|
for i := 0; i < pk.NVars; i++ {
|
|
pb1 = pk.B1[i].Marshal()
|
|
r = append(r, pb1[:]...)
|
|
o += 64
|
|
}
|
|
// B2
|
|
binary.LittleEndian.PutUint32(r[28:32], uint32(o))
|
|
for i := 0; i < pk.NVars; i++ {
|
|
pb2 = pk.B2[i].Marshal()
|
|
r = append(r, pb2[:]...)
|
|
o += 128
|
|
}
|
|
// C
|
|
binary.LittleEndian.PutUint32(r[32:36], uint32(o))
|
|
for i := pk.NPublic + 1; i < pk.NVars; i++ {
|
|
pb1 = pk.C[i].Marshal()
|
|
r = append(r, pb1[:]...)
|
|
o += 64
|
|
}
|
|
// HExps
|
|
binary.LittleEndian.PutUint32(r[36:40], uint32(o))
|
|
for i := 0; i < pk.DomainSize+1; i++ {
|
|
pb1 = pk.HExps[i].Marshal()
|
|
r = append(r, pb1[:]...)
|
|
o += 64
|
|
}
|
|
|
|
return r[:], nil
|
|
}
|
|
|
|
// ParsePkGoBin parses go-circom-prover-verifier binary file representation of
|
|
// the ProvingKey into ProvingKey struct (*types.Pk). PkGoBin is a own
|
|
// go-circom-prover-verifier binary format that allows to go faster when
|
|
// parsing.
|
|
func ParsePkGoBin(f *os.File) (*types.Pk, error) {
|
|
o := 0
|
|
var pk types.Pk
|
|
r := bufio.NewReader(f)
|
|
|
|
b, err := readNBytes(r, 12)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.NVars = int(binary.LittleEndian.Uint32(b[:4]))
|
|
pk.NPublic = int(binary.LittleEndian.Uint32(b[4:8]))
|
|
pk.DomainSize = int(binary.LittleEndian.Uint32(b[8:12]))
|
|
o += 12
|
|
|
|
b, err = readNBytes(r, 8)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pPolsA := int(binary.LittleEndian.Uint32(b[:4]))
|
|
pPolsB := int(binary.LittleEndian.Uint32(b[4:8]))
|
|
o += 8
|
|
|
|
b, err = readNBytes(r, 20)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pPointsA := int(binary.LittleEndian.Uint32(b[:4]))
|
|
pPointsB1 := int(binary.LittleEndian.Uint32(b[4:8]))
|
|
pPointsB2 := int(binary.LittleEndian.Uint32(b[8:12]))
|
|
pPointsC := int(binary.LittleEndian.Uint32(b[12:16]))
|
|
pPointsHExps := int(binary.LittleEndian.Uint32(b[16:20]))
|
|
o += 20
|
|
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.VkAlpha1 = new(bn256.G1)
|
|
_, err = pk.VkAlpha1.Unmarshal(b)
|
|
if err != nil {
|
|
return &pk, err
|
|
}
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.VkBeta1 = new(bn256.G1)
|
|
_, err = pk.VkBeta1.Unmarshal(b)
|
|
if err != nil {
|
|
return &pk, err
|
|
}
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.VkDelta1 = new(bn256.G1)
|
|
_, err = pk.VkDelta1.Unmarshal(b)
|
|
if err != nil {
|
|
return &pk, err
|
|
}
|
|
b, err = readNBytes(r, 128)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.VkBeta2 = new(bn256.G2)
|
|
_, err = pk.VkBeta2.Unmarshal(b)
|
|
if err != nil {
|
|
return &pk, err
|
|
}
|
|
b, err = readNBytes(r, 128)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.VkDelta2 = new(bn256.G2)
|
|
_, err = pk.VkDelta2.Unmarshal(b)
|
|
if err != nil {
|
|
return &pk, err
|
|
}
|
|
o += 448
|
|
if o != pPolsA {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPolsA, o)
|
|
}
|
|
|
|
// PolsA
|
|
for i := 0; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 4)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
keysLength := int(binary.LittleEndian.Uint32(b[:4]))
|
|
o += 4
|
|
polsMap := make(map[int]*big.Int)
|
|
for j := 0; j < keysLength; j++ {
|
|
bK, err := readNBytes(r, 4)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
key := int(binary.LittleEndian.Uint32(bK[:4]))
|
|
o += 4
|
|
|
|
b, err := readNBytes(r, 32)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
polsMap[key] = new(big.Int).SetBytes(b[:32])
|
|
o += 32
|
|
}
|
|
pk.PolsA = append(pk.PolsA, polsMap)
|
|
}
|
|
if o != pPolsB {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPolsB, o)
|
|
}
|
|
// PolsB
|
|
for i := 0; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 4)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
keysLength := int(binary.LittleEndian.Uint32(b[:4]))
|
|
o += 4
|
|
polsMap := make(map[int]*big.Int)
|
|
for j := 0; j < keysLength; j++ {
|
|
bK, err := readNBytes(r, 4)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
key := int(binary.LittleEndian.Uint32(bK[:4]))
|
|
o += 4
|
|
|
|
b, err := readNBytes(r, 32)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
polsMap[key] = new(big.Int).SetBytes(b[:32])
|
|
o += 32
|
|
}
|
|
pk.PolsB = append(pk.PolsB, polsMap)
|
|
}
|
|
if o != pPointsA {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPointsA, o)
|
|
}
|
|
// A
|
|
for i := 0; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p1 := new(bn256.G1)
|
|
_, err = p1.Unmarshal(b)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.A = append(pk.A, p1)
|
|
o += 64
|
|
}
|
|
if o != pPointsB1 {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPointsB1, o)
|
|
}
|
|
// B1
|
|
for i := 0; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p1 := new(bn256.G1)
|
|
_, err = p1.Unmarshal(b)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.B1 = append(pk.B1, p1)
|
|
o += 64
|
|
}
|
|
if o != pPointsB2 {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPointsB2, o)
|
|
}
|
|
// B2
|
|
for i := 0; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 128)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p2 := new(bn256.G2)
|
|
_, err = p2.Unmarshal(b)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.B2 = append(pk.B2, p2)
|
|
o += 128
|
|
}
|
|
if o != pPointsC {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPointsC, o)
|
|
}
|
|
// C
|
|
zb := make([]byte, 64)
|
|
z := new(bn256.G1)
|
|
_, err = z.Unmarshal(zb)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.C = append(pk.C, z)
|
|
pk.C = append(pk.C, z)
|
|
pk.C = append(pk.C, z)
|
|
for i := pk.NPublic + 1; i < pk.NVars; i++ {
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p1 := new(bn256.G1)
|
|
_, err = p1.Unmarshal(b)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.C = append(pk.C, p1)
|
|
o += 64
|
|
}
|
|
if o != pPointsHExps {
|
|
return nil, fmt.Errorf("Unexpected offset, expected: %v, actual: %v", pPointsHExps, o)
|
|
}
|
|
// HExps
|
|
for i := 0; i < pk.DomainSize+1; i++ {
|
|
b, err = readNBytes(r, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
p1 := new(bn256.G1)
|
|
_, err = p1.Unmarshal(b)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pk.HExps = append(pk.HExps, p1)
|
|
}
|
|
|
|
return &pk, nil
|
|
}
|