From b8627f98e2606becfba7178ed6e83a6f32057eed Mon Sep 17 00:00:00 2001
From: David Nevado <david@davidnevado.xyz>
Date: Tue, 15 Nov 2022 16:36:39 +0100
Subject: [PATCH] Fix `secp256k1` compressed serialization

---
 src/bn256/curve.rs     |  2 ++
 src/derive/curve.rs    | 18 +++++++++++-------
 src/secp256k1/curve.rs |  1 +
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/bn256/curve.rs b/src/bn256/curve.rs
index b27a7fe2..d403ef0a 100644
--- a/src/bn256/curve.rs
+++ b/src/bn256/curve.rs
@@ -25,6 +25,7 @@ new_curve_impl!(
     G1,
     G1Affine,
     G1Compressed,
+    Fq::size(),
     Fq,
     Fr,
     (G1_GENERATOR_X,G1_GENERATOR_Y),
@@ -37,6 +38,7 @@ new_curve_impl!(
     G2,
     G2Affine,
     G2Compressed,
+    Fq2::size(),
     Fq2,
     Fr,
     (G2_GENERATOR_X, G2_GENERATOR_Y),
diff --git a/src/derive/curve.rs b/src/derive/curve.rs
index 4aa569e4..f11ac073 100644
--- a/src/derive/curve.rs
+++ b/src/derive/curve.rs
@@ -140,6 +140,7 @@ macro_rules! new_curve_impl {
     $name:ident,
     $name_affine:ident,
     $name_compressed:ident,
+    $compressed_size:expr,
     $base:ident,
     $scalar:ident,
     $generator:expr,
@@ -161,7 +162,7 @@ macro_rules! new_curve_impl {
         }
 
         #[derive(Copy, Clone)]
-        $($privacy)* struct $name_compressed([u8; $base::size()]);
+        $($privacy)* struct $name_compressed([u8; $compressed_size]);
 
 
         impl $name {
@@ -226,7 +227,7 @@ macro_rules! new_curve_impl {
 
         impl Default for $name_compressed {
             fn default() -> Self {
-                $name_compressed([0; $base::size()])
+                $name_compressed([0; $compressed_size])
             }
         }
 
@@ -563,10 +564,12 @@ macro_rules! new_curve_impl {
             fn from_bytes(bytes: &Self::Repr) -> CtOption<Self> {
                 let bytes = &bytes.0;
                 let mut tmp = *bytes;
-                let ysign = Choice::from(tmp[$base::size() - 1] >> 7);
-                tmp[$base::size() - 1] &= 0b0111_1111;
+                let ysign = Choice::from(tmp[$compressed_size - 1] >> 7);
+                tmp[$compressed_size - 1] &= 0b0111_1111;
+                let mut xbytes = [0u8; $base::size()];
+                xbytes.copy_from_slice(&tmp[ ..$base::size()]);
 
-                $base::from_bytes(&tmp).and_then(|x| {
+                $base::from_bytes(&xbytes).and_then(|x| {
                     CtOption::new(Self::identity(), x.is_zero() & (!ysign)).or_else(|| {
                         let x3 = x.square() * x;
                         (x3 + $name::curve_constant_b()).sqrt().and_then(|y| {
@@ -596,8 +599,9 @@ macro_rules! new_curve_impl {
                 } else {
                     let (x, y) = (self.x, self.y);
                     let sign = (y.to_bytes()[0] & 1) << 7;
-                    let mut xbytes = x.to_bytes();
-                    xbytes[$base::size() - 1] |= sign;
+                    let mut xbytes = [0u8; $compressed_size];
+                    xbytes[..$base::size()].copy_from_slice(&x.to_bytes());
+                    xbytes[$compressed_size - 1] |= sign;
                     $name_compressed(xbytes)
                 }
             }
diff --git a/src/secp256k1/curve.rs b/src/secp256k1/curve.rs
index 64f48a5a..60513e7e 100644
--- a/src/secp256k1/curve.rs
+++ b/src/secp256k1/curve.rs
@@ -60,6 +60,7 @@ new_curve_impl!(
     Secp256k1,
     Secp256k1Affine,
     Secp256k1Compressed,
+    33,
     Fp,
     Fq,
     (SECP_GENERATOR_X,SECP_GENERATOR_Y),