PoS_EVM
/
mcl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add hkdf_extract without adding zero byte

Browse Source
update-fork
MITSUNARI Shigeo 5 years ago
parent 2f9f142043
commit 18b0a3bfa4
3 changed files with 26 additions and 6 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      include/mcl/fp.hpp
  2. 18
      include/mcl/mapto_wb19.hpp
  3. 11
      src/fp.cpp

1
include/mcl/fp.hpp
Unescape View File

@ -74,6 +74,7 @@ uint32_t sha256(void *out, uint32_t maxOutSize, const void *msg, uint32_t msgSiz
uint32_t sha512(void *out, uint32_t maxOutSize, const void *msg, uint32_t msgSize);
void hkdf_extract_addZeroByte(uint8_t hmac[32], const uint8_t *salt, size_t saltSize, const uint8_t *msg, size_t msgSize);
void hkdf_extract(uint8_t hmac[32], const uint8_t *salt, size_t saltSize, const uint8_t *msg, size_t msgSize);
void hkdf_expand(uint8_t out[64], const uint8_t prk[32], char info[6]);
namespace local {

18
include/mcl/mapto_wb19.hpp
Unescape View File

@ -9,14 +9,18 @@
*/
// ctr = 0 or 1 or 2
inline void hashToFp2(Fp2& out, const void *msg, size_t msgSize, uint8_t ctr, const void *dst, size_t dstSize)
inline void hashToFp2(Fp2& out, const void *msg, size_t msgSize, uint8_t ctr, const void *dst, size_t dstSize, bool addZero = true)
{
assert(ctr <= 2);
const size_t degree = 2;
uint8_t msg_prime[32];
// add '\0' at the end of dst
// see. 5.3. Implementation of https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve
if (addZero) {
fp::hkdf_extract_addZeroByte(msg_prime, reinterpret_cast<const uint8_t*>(dst), dstSize, reinterpret_cast<const uint8_t*>(msg), msgSize);
} else {
fp::hkdf_extract(msg_prime, reinterpret_cast<const uint8_t*>(dst), dstSize, reinterpret_cast<const uint8_t*>(msg), msgSize);
}
char info_pfx[] = "H2C000";
info_pfx[3] = ctr;
for (size_t i = 0; i < degree; i++) {
@ -480,13 +484,17 @@ struct MapToG2_WB19 {
iso3(P, Pp);
clear_h2(P, P);
}
void map2curve_osswu2(G2& out, const void *msg, size_t msgSize, const void *dst, size_t dstSize) const
void map2curve_osswu2(G2& out, const void *msg, size_t msgSize, const void *dst, size_t dstSize, bool addZero = true) const
{
Fp2 t1, t2;
hashToFp2(t1, msg, msgSize, 0, dst, dstSize);
hashToFp2(t2, msg, msgSize, 1, dst, dstSize);
hashToFp2(t1, msg, msgSize, 0, dst, dstSize, addZero);
hashToFp2(t2, msg, msgSize, 1, dst, dstSize, addZero);
opt_swu2_map(out, t1, &t2);
}
void msgToG2(G2& out, const void *msg, size_t msgSize) const
{
const char *dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO-_POP_";
map2curve_osswu2(out, msg, msgSize, dst, strlen(dst), false);
}
};

11
src/fp.cpp
Unescape View File

@ -139,6 +139,17 @@ void hkdf_extract_addZeroByte(uint8_t hmac[32], const uint8_t *salt, size_t salt
cybozu::hmac256addZeroByte(hmac, salt, saltSize, msg, msgSize);
}
void hkdf_extract(uint8_t hmac[32], const uint8_t *salt, size_t saltSize, const uint8_t *msg, size_t msgSize)
{
uint8_t saltZero[32];
if (salt == 0 || saltSize == 0) {
memset(saltZero, 0, sizeof(saltZero));
salt = saltZero;
saltSize = sizeof(saltZero);
}
cybozu::hmac256(hmac, salt, saltSize, msg, msgSize);
}
void hkdf_expand(uint8_t out[64], const uint8_t prk[32], char info[6])
{
info[5] = 1;

Write Preview
Loading…
Cancel
Save