-
Notifications
You must be signed in to change notification settings - Fork 183
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Michael Lodder <redmike7@gmail.com>
- Loading branch information
1 parent
dcbce6a
commit 72e11e3
Showing
7 changed files
with
171 additions
and
16 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
mod expand_msg; | ||
mod expand_msg_xmd; | ||
mod expand_msg_xof; | ||
|
||
use core::convert::TryFrom; | ||
pub use expand_msg::*; | ||
pub use expand_msg_xmd::*; | ||
pub use expand_msg_xof::*; | ||
|
||
/// The trait for helping to convert to a scalar | ||
pub trait FromOkm<const L: usize>: Sized { | ||
/// Convert a byte sequence into a scalar | ||
fn from_okm(data: &[u8; L]) -> Self; | ||
} | ||
|
||
/// Convert an arbitrary byte sequence according to | ||
/// <https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-11#section-5.3> | ||
pub fn hash_to_field<E, T, const L: usize, const COUNT: usize, const OUT: usize>( | ||
data: &[u8], | ||
domain: &[u8], | ||
) -> [T; COUNT] | ||
where | ||
E: ExpandMsg<OUT>, | ||
T: FromOkm<L> + Default + Copy, | ||
{ | ||
let random_bytes = E::expand_message(data, domain); | ||
let mut out = [T::default(); COUNT]; | ||
for i in 0..COUNT { | ||
let u = <[u8; L]>::try_from(&random_bytes[(L * i)..L * (i + 1)]).expect("not enough bytes"); | ||
out[i] = T::from_okm(&u); | ||
} | ||
out | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
/// Trait for types implementing expand_message interface for hash_to_field | ||
pub trait ExpandMsg<const OUT: usize> { | ||
/// Expands `msg` to the required number of bytes in `buf` | ||
fn expand_message(msg: &[u8], dst: &[u8]) -> [u8; OUT]; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
use super::ExpandMsg; | ||
use core::marker::PhantomData; | ||
use digest::{ | ||
generic_array::{typenum::Unsigned, GenericArray}, | ||
BlockInput, Digest, | ||
}; | ||
use subtle::{Choice, ConditionallySelectable}; | ||
|
||
/// Placeholder type for implementing expand_message_xmd based on a hash function | ||
#[derive(Debug)] | ||
pub struct ExpandMsgXmd<HashT> { | ||
phantom: PhantomData<HashT>, | ||
} | ||
|
||
/// ExpandMsgXmd implements expand_message_xmd for the ExpandMsg trait | ||
impl<HashT, const LEN_IN_BYTES: usize> ExpandMsg<LEN_IN_BYTES> for ExpandMsgXmd<HashT> | ||
where | ||
HashT: Digest + BlockInput, | ||
{ | ||
fn expand_message(msg: &[u8], dst: &[u8]) -> [u8; LEN_IN_BYTES] { | ||
let b_in_bytes = HashT::OutputSize::to_usize(); | ||
let ell = (LEN_IN_BYTES + b_in_bytes - 1) / b_in_bytes; | ||
if ell > 255 { | ||
panic!("ell was too big in expand_message_xmd"); | ||
} | ||
let b_0 = HashT::new() | ||
.chain(GenericArray::<u8, HashT::BlockSize>::default()) | ||
.chain(msg) | ||
.chain([(LEN_IN_BYTES >> 8) as u8, LEN_IN_BYTES as u8, 0u8]) | ||
.chain(dst) | ||
.chain([dst.len() as u8]) | ||
.finalize(); | ||
|
||
let mut b_vals = HashT::new() | ||
.chain(&b_0[..]) | ||
.chain([1u8]) | ||
.chain(dst) | ||
.chain([dst.len() as u8]) | ||
.finalize(); | ||
|
||
let mut buf = [0u8; LEN_IN_BYTES]; | ||
let mut offset = 0; | ||
|
||
for i in 1..ell { | ||
// b_0 XOR b_(idx - 1) | ||
let mut tmp = GenericArray::<u8, HashT::OutputSize>::default(); | ||
b_0.iter() | ||
.zip(&b_vals[..]) | ||
.enumerate() | ||
.for_each(|(j, (b0val, bi1val))| tmp[j] = b0val ^ bi1val); | ||
for b in b_vals { | ||
buf[offset % LEN_IN_BYTES].conditional_assign( | ||
&b, | ||
Choice::from(if offset < LEN_IN_BYTES { 1 } else { 0 }), | ||
); | ||
offset += 1; | ||
} | ||
b_vals = HashT::new() | ||
.chain(tmp) | ||
.chain([(i + 1) as u8]) | ||
.chain(dst) | ||
.chain([dst.len() as u8]) | ||
.finalize(); | ||
} | ||
for b in b_vals { | ||
buf[offset % LEN_IN_BYTES] | ||
.conditional_assign(&b, Choice::from(if offset < LEN_IN_BYTES { 1 } else { 0 })); | ||
offset += 1; | ||
} | ||
buf | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
use super::ExpandMsg; | ||
use core::marker::PhantomData; | ||
use digest::{ExtendableOutput, Update, XofReader}; | ||
|
||
/// Placeholder type for implementing expand_message_xof based on an extendable output function | ||
#[derive(Debug)] | ||
pub struct ExpandMsgXof<HashT> { | ||
phantom: PhantomData<HashT>, | ||
} | ||
|
||
/// ExpandMsgXof implements expand_message_xof for the ExpandMsg trait | ||
impl<HashT, const LEN_IN_BYTES: usize> ExpandMsg<LEN_IN_BYTES> for ExpandMsgXof<HashT> | ||
where | ||
HashT: Default + ExtendableOutput + Update, | ||
{ | ||
fn expand_message(msg: &[u8], dst: &[u8]) -> [u8; LEN_IN_BYTES] { | ||
let mut buf = [0u8; LEN_IN_BYTES]; | ||
let mut r = HashT::default() | ||
.chain(msg) | ||
.chain([(LEN_IN_BYTES >> 8) as u8, LEN_IN_BYTES as u8]) | ||
.chain(dst) | ||
.chain([dst.len() as u8]) | ||
.finalize_xof(); | ||
r.read(&mut buf); | ||
buf | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters