move hkdf_* to src/fp.cpp

5 years ago · 63fb03524b
parent c4472e1747
commit 63fb03524b
3 changed files with 25 additions and 22 deletions
--- a/include/mcl/fp.hpp
+++ b/include/mcl/fp.hpp
@ -73,6 +73,9 @@ bool isEnableJIT(); // 1st call is not threadsafe
 uint32_t sha256(void *out, uint32_t maxOutSize, const void *msg, uint32_t msgSize);
 uint32_t sha512(void *out, uint32_t maxOutSize, const void *msg, uint32_t msgSize);

+void hkdf_extract_addZeroByte(uint8_t hmac[32], const uint8_t *salt, size_t saltSize, const uint8_t *msg, size_t msgSize);
+void hkdf_expand(uint8_t out[64], const uint8_t prk[32], char info[6]);
+
 namespace local {

 inline void byteSwap(void *x, size_t n)
--- a/include/mcl/mapto_wb19.hpp
+++ b/include/mcl/mapto_wb19.hpp
@ -8,26 +8,6 @@
 	ref. https://eprint.iacr.org/2019/403 , https://github.com/algorand/bls_sigs_ref
 */

-inline void hkdf_extract_addZeroByte(uint8_t hmac[32], const uint8_t *salt, size_t saltSize, const uint8_t *msg, size_t msgSize)
-{
-	uint8_t saltZero[32];
-	if (salt == 0 || saltSize == 0) {
-		memset(saltZero, 0, sizeof(saltZero));
-		salt = saltZero;
-		saltSize = sizeof(saltZero);
-	}
-	cybozu::hmac256addZeroByte(hmac, salt, saltSize, msg, msgSize);
-}
-
-inline void hkdf_expand(uint8_t out[64], const uint8_t prk[32], char info[6])
-{
-	info[5] = 1;
-	cybozu::hmac256(out, prk, 32, info, 6);
-	info[5] = 2;
-	memcpy(out + 32, info, 6);
-	cybozu::hmac256(out + 32, prk, 32, out, 32 + 6);
-}
-
 // ctr = 0 or 1 or 2
 inline void hashToFp2(Fp2& out, const void *msg, size_t msgSize, uint8_t ctr, const void *dst, size_t dstSize)
 {
@ -36,13 +16,13 @@ inline void hashToFp2(Fp2& out, const void *msg, size_t msgSize, uint8_t ctr, co
 	uint8_t msg_prime[32];
 	// add '\0' at the end of dst
 	// see. 5.3. Implementation of https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve
-	hkdf_extract_addZeroByte(msg_prime, reinterpret_cast<const uint8_t*>(dst), dstSize, reinterpret_cast<const uint8_t*>(msg), msgSize);
+	fp::hkdf_extract_addZeroByte(msg_prime, reinterpret_cast<const uint8_t*>(dst), dstSize, reinterpret_cast<const uint8_t*>(msg), msgSize);
 	char info_pfx[] = "H2C000";
 	info_pfx[3] = ctr;
 	for (size_t i = 0; i < degree; i++) {
 		info_pfx[4] = char(i + 1);
 		uint8_t t[64];
-		hkdf_expand(t, msg_prime, info_pfx);
+		fp::hkdf_expand(t, msg_prime, info_pfx);
 		fp::local::byteSwap(t, 64);
 		bool b;
 		out.getFp0()[i].setArrayMod(&b, t, 64);
--- a/src/fp.cpp
+++ b/src/fp.cpp
@ -128,6 +128,26 @@ uint32_t sha512(void *out, uint32_t maxOutSize, const void *msg, uint32_t msgSiz
 	return (uint32_t)cybozu::Sha512().digest(out, maxOutSize, msg, msgSize);
 }

+void hkdf_extract_addZeroByte(uint8_t hmac[32], const uint8_t *salt, size_t saltSize, const uint8_t *msg, size_t msgSize)
+{
+	uint8_t saltZero[32];
+	if (salt == 0 || saltSize == 0) {
+		memset(saltZero, 0, sizeof(saltZero));
+		salt = saltZero;
+		saltSize = sizeof(saltZero);
+	}
+	cybozu::hmac256addZeroByte(hmac, salt, saltSize, msg, msgSize);
+}
+
+void hkdf_expand(uint8_t out[64], const uint8_t prk[32], char info[6])
+{
+	info[5] = 1;
+	cybozu::hmac256(out, prk, 32, info, 6);
+	info[5] = 2;
+	memcpy(out + 32, info, 6);
+	cybozu::hmac256(out + 32, prk, 32, out, 32 + 6);
+}
+
 #ifndef MCL_USE_VINT
 static inline void set_mpz_t(mpz_t& z, const Unit* p, int n)
 {