You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

128 lines
3.8 KiB

  1. package common
  2. import (
  3. "bytes"
  4. "encoding/binary"
  5. "fmt"
  6. "math"
  7. "math/big"
  8. eth "github.com/ethereum/go-ethereum/common"
  9. "github.com/iden3/go-iden3-crypto/poseidon"
  10. cryptoUtils "github.com/iden3/go-iden3-crypto/utils"
  11. )
  12. // Leaf is the data structure stored in the Leaf of the MerkleTree
  13. type Leaf struct {
  14. TokenID TokenID
  15. Nonce uint64 // max of 40 bits used
  16. Balance *big.Int // max of 192 bits used
  17. Ax *big.Int
  18. Ay *big.Int
  19. EthAddr eth.Address
  20. }
  21. // Bytes returns the bytes representing the Leaf, in a way that each BigInt is represented by 32 bytes, in spite of the BigInt could be represented in less bytes (due a small big.Int), so in this way each BigInt is always 32 bytes and can be automatically parsed from a byte array.
  22. func (l *Leaf) Bytes() ([32 * 5]byte, error) {
  23. var b [32 * 5]byte
  24. if l.Nonce >= uint64(math.Pow(2, 40)) {
  25. return b, fmt.Errorf("%s Nonce", ErrNumOverflow)
  26. }
  27. if len(l.Balance.Bytes()) > 24 {
  28. return b, fmt.Errorf("%s Balance", ErrNumOverflow)
  29. }
  30. var tokenIDBytes [4]byte
  31. binary.LittleEndian.PutUint32(tokenIDBytes[:], uint32(l.TokenID))
  32. var nonceBytes [8]byte
  33. binary.LittleEndian.PutUint64(nonceBytes[:], l.Nonce)
  34. copy(b[0:4], tokenIDBytes[:])
  35. copy(b[4:9], nonceBytes[:])
  36. copy(b[32:64], SwapEndianness(l.Balance.Bytes())) // SwapEndianness, as big.Int uses BigEndian
  37. copy(b[64:96], SwapEndianness(l.Ax.Bytes()))
  38. copy(b[96:128], SwapEndianness(l.Ay.Bytes()))
  39. copy(b[128:148], l.EthAddr.Bytes())
  40. return b, nil
  41. }
  42. // BigInts returns the [5]*big.Int, where each *big.Int is inside the Finite Field
  43. func (l *Leaf) BigInts() ([5]*big.Int, error) {
  44. e := [5]*big.Int{}
  45. b, err := l.Bytes()
  46. if err != nil {
  47. return e, err
  48. }
  49. e[0] = new(big.Int).SetBytes(SwapEndianness(b[0:32]))
  50. e[1] = new(big.Int).SetBytes(SwapEndianness(b[32:64]))
  51. e[2] = new(big.Int).SetBytes(SwapEndianness(b[64:96]))
  52. e[3] = new(big.Int).SetBytes(SwapEndianness(b[96:128]))
  53. e[4] = new(big.Int).SetBytes(SwapEndianness(b[128:160]))
  54. return e, nil
  55. }
  56. // Value returns the value of the Leaf, which is the Poseidon hash of its *big.Int representation
  57. func (l *Leaf) Value() (*big.Int, error) {
  58. toHash := [poseidon.T]*big.Int{}
  59. lBI := l.BigInts()
  60. copy(toHash[:], lBI[:])
  61. v, err := poseidon.Hash(toHash)
  62. return v, err
  63. }
  64. // LeafFromBigInts returns a Leaf from a [5]*big.Int
  65. func LeafFromBigInts(e [5]*big.Int) (*Leaf, error) {
  66. if !cryptoUtils.CheckBigIntArrayInField(e[:]) {
  67. return nil, ErrNotInFF
  68. }
  69. var b [32 * 5]byte
  70. copy(b[0:32], SwapEndianness(e[0].Bytes())) // SwapEndianness, as big.Int uses BigEndian
  71. copy(b[32:64], SwapEndianness(e[1].Bytes()))
  72. copy(b[64:96], SwapEndianness(e[2].Bytes()))
  73. copy(b[96:128], SwapEndianness(e[3].Bytes()))
  74. copy(b[128:160], SwapEndianness(e[4].Bytes()))
  75. return LeafFromBytes(b)
  76. }
  77. // LeafFromBytes returns a Leaf from a byte array
  78. func LeafFromBytes(b [32 * 5]byte) (*Leaf, error) {
  79. tokenID := binary.LittleEndian.Uint32(b[0:4])
  80. nonce := binary.LittleEndian.Uint64(b[4:12])
  81. if !bytes.Equal(b[9:12], []byte{0, 0, 0}) { // alternatively: if nonce >= uint64(math.Pow(2, 40)) {
  82. return nil, fmt.Errorf("%s Nonce", ErrNumOverflow)
  83. }
  84. balance := new(big.Int).SetBytes(SwapEndianness(b[32:56])) // b[32:56], as Balance is 192 bits (24 bytes)
  85. if !bytes.Equal(b[56:64], []byte{0, 0, 0, 0, 0, 0, 0, 0}) {
  86. return nil, fmt.Errorf("%s Balance", ErrNumOverflow)
  87. }
  88. ax := new(big.Int).SetBytes(SwapEndianness(b[64:96])) // SwapEndianness, as big.Int uses BigEndian
  89. ay := new(big.Int).SetBytes(SwapEndianness(b[96:128]))
  90. ethAddr := eth.BytesToAddress(b[128:148])
  91. if !cryptoUtils.CheckBigIntInField(balance) {
  92. return nil, ErrNotInFF
  93. }
  94. if !cryptoUtils.CheckBigIntInField(ax) {
  95. return nil, ErrNotInFF
  96. }
  97. if !cryptoUtils.CheckBigIntInField(ay) {
  98. return nil, ErrNotInFF
  99. }
  100. l := Leaf{
  101. TokenID: TokenID(tokenID),
  102. Nonce: nonce,
  103. Balance: balance,
  104. Ax: ax,
  105. Ay: ay,
  106. EthAddr: ethAddr,
  107. }
  108. return &l, nil
  109. }