Add ecdsa_uncompress_pubkey()

Code based on @Arachnid's PR, but has more strict checks
8 years ago · 7d68a6ee17
parent d68906ec4e
commit 7d68a6ee17
2 changed files with 22 additions and 0 deletions
--- a/ecdsa.c
+++ b/ecdsa.c
@ -815,6 +815,27 @@ void ecdsa_get_public_key65(const ecdsa_curve *curve, const uint8_t *priv_key, u
 	MEMSET_BZERO(&k, sizeof(k));
 }

+int ecdsa_uncompress_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key, uint8_t *uncompressed)
+{
+	if (pub_key[0] == 2 || pub_key[0] == 3) {
+		bignum256 x, y;
+
+		bn_read_be(pub_key + 1, &x);
+		// uncompress_coords will check for pub_key[0] & 1
+		uncompress_coords(curve, pub_key[0], &x, &y);
+
+		uncompressed[0] = 4;
+		memcpy(uncompressed + 1, pub_key + 1, 32);
+		bn_write_be(&y, uncompressed + 33);
+		return 1;
+	} else if (pub_key[0] == 4) {
+		memcpy(uncompressed, pub_key, 65);
+		return 1;
+	}
+
+	return 0;
+}
+
 void ecdsa_get_pubkeyhash(const uint8_t *pub_key, uint8_t *pubkeyhash)
 {
 	uint8_t h[32];
--- a/ecdsa.h
+++ b/ecdsa.h
@ -58,6 +58,7 @@ int point_is_equal(const curve_point *p, const curve_point *q);
 int point_is_negative_of(const curve_point *p, const curve_point *q);
 void scalar_multiply(const ecdsa_curve *curve, const bignum256 *k, curve_point *res);
 void uncompress_coords(const ecdsa_curve *curve, uint8_t odd, const bignum256 *x, bignum256 *y);
+int ecdsa_uncompress_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key, uint8_t *uncompressed);

 int ecdsa_sign(const ecdsa_curve *curve, const uint8_t *priv_key, const uint8_t *msg, uint32_t msg_len, uint8_t *sig, uint8_t *pby);
 int ecdsa_sign_double(const ecdsa_curve *curve, const uint8_t *priv_key, const uint8_t *msg, uint32_t msg_len, uint8_t *sig, uint8_t *pby);