From c7a9005f2c48896ece598c9c889f145f473c7a53 Mon Sep 17 00:00:00 2001
From: Sergey Minaev <sergey.minaev@avast.com>
Date: Fri, 21 Oct 2022 14:16:55 +0500
Subject: [PATCH] [3392] BBS update: fix encoding.

Signed-off-by: Sergey Minaev <sergey.minaev@avast.com>
---
 pkg/crypto/primitive/bbs12381g2pub/bbs.go            | 12 ++++++++----
 pkg/crypto/primitive/bbs12381g2pub/bbs_test.go       |  4 ++--
 pkg/crypto/primitive/bbs12381g2pub/keys.go           |  2 +-
 .../primitive/bbs12381g2pub/signature_message.go     |  5 ++++-
 4 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/pkg/crypto/primitive/bbs12381g2pub/bbs.go b/pkg/crypto/primitive/bbs12381g2pub/bbs.go
index 6662bec5cd..438bc0fa09 100644
--- a/pkg/crypto/primitive/bbs12381g2pub/bbs.go
+++ b/pkg/crypto/primitive/bbs12381g2pub/bbs.go
@@ -303,7 +303,7 @@ func (pn *ProofNonce) ToBytes() []byte {
 }
 
 type encodeForHashBuilder struct {
-	bytes []byte // TODO check encoding functions per type below
+	bytes []byte
 }
 
 func newEcnodeForHashBuilder() *encodeForHashBuilder {
@@ -317,11 +317,11 @@ func (db *encodeForHashBuilder) addInt(value int) {
 }
 
 func (db *encodeForHashBuilder) addPointG1(value *bls12381.PointG1) {
-	db.bytes = append(db.bytes, g1.ToBytes(value)...)
+	db.bytes = append(db.bytes, g1.ToCompressed(value)...)
 }
 
 func (db *encodeForHashBuilder) addPointG2(value *bls12381.PointG2) {
-	db.bytes = append(db.bytes, g2.ToBytes(value)...)
+	db.bytes = append(db.bytes, g2.ToCompressed(value)...)
 }
 
 func (db *encodeForHashBuilder) addScalar(value *bls12381.Fr) {
@@ -329,10 +329,14 @@ func (db *encodeForHashBuilder) addScalar(value *bls12381.Fr) {
 }
 
 func (db *encodeForHashBuilder) addBytes(value []byte) {
-	db.bytes = append(db.bytes, uint64ToBytes(uint64(len(value)))...)
+	db.addInt(len(value))
 	db.bytes = append(db.bytes, value...)
 }
 
+func (db *encodeForHashBuilder) addCsID() {
+	db.bytes = append(db.bytes, []byte(csID)...)
+}
+
 func (db *encodeForHashBuilder) build() []byte {
 	return db.bytes
 }
diff --git a/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go b/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go
index b28b3c0e2b..1efefdd8b4 100644
--- a/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go
+++ b/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go
@@ -166,7 +166,7 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) {
 	pkBytes, err := privateKey.PublicKey().Marshal()
 	require.NoError(t, err)
 
-	proofBytes := hexStringToBytesTest(t, "000a0005820930990a3481f389a845ee9f81d0d32988308206fb855b8cdbc325e03b2e2d01fdd774ea83542dec75e9474b8dc4678b983f06aa58d00e88abd7bed4378eb6a909ae79f4f2ddb798a20e6467b11e1ba516fc388acb6b88462dc8311807a56b87a76929a331e2fc996d750657d2a1bfcb3df60e53775d5656d1ee62e526eb7cb6386aecd7a87d3d546f1843094ee0db00000074a9b7e161a2b32bcc48ae6ee263967cfc60980b7f18e88d2216ccebb52f2656b02de12bc0045f667b6ea50f3a58f2b895000000023392d8b8958f20d88345f666538794bcf688d3ddf9bcb53a3e7ff2b592bc2a8810fa643a1e262db5747f754687312aada9c62f86472aeab858aff948462d80b0b5a8878c9245ed2873b68f70a60a9c7d8fea9518b2a975a5cc4179a1619cdebf75c549e0a00cf1c4e38d415f46b01c250000000a23d535e387835f8550a588159608729ab8b407684eb6791bf80d0816fe14e0e62fd86bc7fd472656b18e59a4fa6db45d4e92d99753f8bdaefee58be8d8ad6e03494a77ed190b1bb31924a7e9aa1033203caa8e04df000ebd2c5cf64eeeb1a10e698e1acb9a451f7479a48d84fb7baa8338bae18aa91613ebbf9482c0346787e4521962006a1cdd032fafedcb32ff7aa697f694a903033adbedcdee0baec8953f644b3b8780623501cc7ba52ace8dc8d967be4c0e78b7d767f0b1bb9ffa8b4be16264ac5ad8d82c3500cc3bc4471ba981e7bbcab089bbe63d19a72fd28168f3d9595729254b9367435a594d4d6b750f2306f2d8dc9a8264fb8c12d8bd8eba0acb4429de451f1b53278fa312e5145783d80eaf64db2e302d935e3052fa38844259445f710a875885f184f9305f878b045384e12dda0f28cadec8912b1daec9a121") //nolint:lll
+	proofBytes := hexStringToBytesTest(t, "000a0005b6f1890b66d4ffaaceda451c4986e36553b4db2622057e8a96b2f29e9274bb8f0249f305088269e39772ec845c267b6c84d60886cec2615e3f0b18a58b4ee97404fcaecff3889b1361df37baaf75bb4c11cb427dcbb91aac11ef32f2d4568540b1e527b52626a4f081f43182f2fcdb3f0197eb6b22d3050be87ece2c719e79b948f00be75d10b851641c6de2b84a49040000007480ce09f9513044ce742c18eb796a6cda777b836931675c7a6b76910c15debf9aa991165bc54a50d1899c00742ecd75dc000000026ae46e197c2fd0f0d7233b7eb8235b85bbbb10664c6b4c69bc645bd4e211df754f14ae46e8358107caab0e91c7a39c7b8d3bb57d6f932a2bc786877fa271bc39a8c3a8823f9246239ed8fe58da4de9bb47d4e535e27e11a764c2ae5d2d9bf5bf38db5d9e71d61d3bbc40896afc79f64f0000000a19de08e7f3ef1dca5b05363a0cf765c5c455a89fcf61513c100d9219d87f60db11ef7535cdc6f6fd6820eb8cfd8b4f89fa80321ec0121daded6257496c7ed24b4b0894a65c2abcdbfec475a10167c58f3801d3dd2563d788b6a9310ba908849135b34c5fa902e08c4f26bcd3fdd197146ee4f5d89b6bc0bd54046b68d07fcf5e42941fb950d223a508639add65e90e52380524c5cc5fef3fdca7a0f12e03f1c7559ff3467e9650230ff491699edb25daafa162c3c1dbd467d94cb2c0d63ec3305a7c022dce4952135fa1d7945af17ec131563a9d1925297945df74b46e19175f234885eea5e7b1b3b0f11aabb7f587271aeae106a6e9a4ea6662d82d5530f05d04bbe0001b8858cca3160df6dfdbcdbf4bf0dd7897f0394615026d81c4b955c13c9a99852c667c08d40de2522b138ae66de5055f9dc79df43a2a2c6522f459a1") //nolint:lll
 
 	// TODO   "header": "11223344556677889900aabbccddeeff"
 	nonce := hexStringToBytesTest(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501")
@@ -201,7 +201,7 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) {
 		proofBytesCopy := make([]byte, len(proofBytes))
 
 		copy(proofBytesCopy, proofBytes)
-		proofBytesCopy[22] = 255 - proofBytesCopy[22]
+		proofBytesCopy[21] = 255 - proofBytesCopy[21]
 
 		err = bls.VerifyProof(revealedMessagesBytes, proofBytesCopy, nonce, pkBytes)
 		require.Error(t, err)
diff --git a/pkg/crypto/primitive/bbs12381g2pub/keys.go b/pkg/crypto/primitive/bbs12381g2pub/keys.go
index 91a1c2437a..28d3e69e2e 100644
--- a/pkg/crypto/primitive/bbs12381g2pub/keys.go
+++ b/pkg/crypto/primitive/bbs12381g2pub/keys.go
@@ -71,7 +71,7 @@ func (pk *PublicKey) ToPublicKeyWithGenerators(messagesCount int) (*PublicKeyWit
 		domainBuilder.addPointG1(gen)
 	}
 
-	domainBuilder.addBytes([]byte(csID))
+	domainBuilder.addCsID()
 	// TODO use header. Probably should be a parameter to this func
 
 	domain := Hash2scalar(domainBuilder.build())
diff --git a/pkg/crypto/primitive/bbs12381g2pub/signature_message.go b/pkg/crypto/primitive/bbs12381g2pub/signature_message.go
index bdf99cdce3..9f156d3f83 100644
--- a/pkg/crypto/primitive/bbs12381g2pub/signature_message.go
+++ b/pkg/crypto/primitive/bbs12381g2pub/signature_message.go
@@ -17,7 +17,10 @@ type SignatureMessage struct {
 
 // parseSignatureMessage parses SignatureMessage from bytes.
 func parseSignatureMessage(message []byte) *SignatureMessage {
-	elm := Hash2scalar(message)
+	encodedForHashMsg := newEcnodeForHashBuilder()
+	encodedForHashMsg.addBytes(message)
+
+	elm := Hash2scalar(encodedForHashMsg.build())
 
 	return &SignatureMessage{
 		FR: elm,