Removes use of elliptic Marshal and Unmarshal functions.

armfazh · armfazh · commit e354ab4d91db · 2025-07-17T13:34:27.000-07:00
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -61,10 +61,6 @@ linters-settings:
     enable-all: true
     disable:
       - fieldalignment
-  staticcheck:
-    # TODO: replace deprecated elliptic.Marshal, elliptic.GenerateKey,
-    # elliptic.Unmarshal, params.ScalarBaseMult before re-enabling SA1019.
-    checks: ["*", "-SA1019"]
   gosec:
     excludes:
       - G115
diff --git a/group/short.go b/group/short.go
@@ -2,6 +2,8 @@ package group
 
 import (
 	"crypto"
+	"crypto/ecdh"
+	"crypto/ecdsa"
 	"crypto/elliptic"
 	_ "crypto/sha256"
 	_ "crypto/sha512"
@@ -10,21 +12,23 @@ import (
 	"io"
 	"math/big"
 
-	"github.com/cloudflare/circl/ecc/p384"
+	optP384 "github.com/cloudflare/circl/ecc/p384"
 	"github.com/cloudflare/circl/expander"
 )
 
 var (
 	// P256 is the group generated by P-256 elliptic curve.
-	P256 Group = wG{elliptic.P256()}
+	P256 Group = wG{ellC: elliptic.P256, ecdhC: ecdh.P256, c: elliptic.P256()}
 	// P384 is the group generated by P-384 elliptic curve.
-	P384 Group = wG{p384.P384()}
+	P384 Group = wG{ellC: elliptic.P384, ecdhC: ecdh.P384, c: optP384.P384()}
 	// P521 is the group generated by P-521 elliptic curve.
-	P521 Group = wG{elliptic.P521()}
+	P521 Group = wG{ellC: elliptic.P521, ecdhC: ecdh.P521, c: elliptic.P521()}
 )
 
 type wG struct {
-	c elliptic.Curve
+	c     elliptic.Curve
+	ellC  func() elliptic.Curve
+	ecdhC func() ecdh.Curve
 }
 
 func (g wG) String() string      { return g.c.Params().Name }
@@ -226,9 +230,15 @@ func (e *wElt) MarshalBinary() ([]byte, error) {
 	if e.IsIdentity() {
 		return []byte{0x0}, nil
 	}
+
 	e.x.Mod(e.x, e.c.Params().P)
 	e.y.Mod(e.y, e.c.Params().P)
-	return elliptic.Marshal(e.wG.c, e.x, e.y), nil
+	pk, err := (&ecdsa.PublicKey{Curve: e.wG.ellC(), X: e.x, Y: e.y}).ECDH()
+	if err != nil {
+		return nil, err
+	}
+
+	return pk.Bytes(), nil
 }
 
 func (e *wElt) MarshalBinaryCompress() ([]byte, error) {
@@ -254,11 +264,13 @@ func (e *wElt) UnmarshalBinary(b []byte) error {
 		}
 		e.x, e.y = x, y
 	case l == 1+2*byteLen && b[0] == 0x04: // uncompressed
-		x, y := elliptic.Unmarshal(e.wG.c, b)
-		if x == nil {
+		_, err := e.wG.ecdhC().NewPublicKey(b)
+		if err != nil {
 			return ErrUnmarshal
 		}
-		e.x, e.y = x, y
+
+		e.x.SetBytes(b[1 : 1+byteLen])
+		e.y.SetBytes(b[1+byteLen : 1+2*byteLen])
 	default:
 		return ErrUnmarshal
 	}
