add msgToG2

include/mcl/bn.hpp

@@ -332,7 +332,7 @@ struct MapTo {
 	int type_;
 	int mapToMode_;
 	bool useOriginalG2cofactor_;
-	MapToG2_WB19 maptog2_wb19_;
+	MapToG2_WB19 mapToG2_WB19_;
 	MapTo()
 		: type_(0)
 		, mapToMode_(MCL_MAP_TO_MODE_ORIGINAL)
@@ -542,7 +542,7 @@ struct MapTo {
 			break;
 		case MCL_MAP_TO_MODE_WB19:
 			mapToMode_ = mode;
-			maptog2_wb19_.init();
+			mapToG2_WB19_.init();
 			return true;
 			break;
 		default:
@@ -616,6 +616,10 @@ struct MapTo {
 	}
 	bool calc(G2& P, const Fp2& t, bool fast = false) const
 	{
+		if (mapToMode_ == MCL_MAP_TO_MODE_WB19) {
+			mapToG2_WB19_.opt_swu2_map(P, t);
+			return true;
+		}
 		if (!mapToEc(P, t)) return false;
 		if (mapToMode_ == MCL_MAP_TO_MODE_ETH2) {
 			Fp2 negY;
@@ -2175,6 +2179,10 @@ inline void hashAndMapToG1(G1& P, const void *buf, size_t bufSize)
 }
 inline void hashAndMapToG2(G2& P, const void *buf, size_t bufSize)
 {
+	if (getMapToMode() == MCL_MAP_TO_MODE_WB19) {
+		BN::param.mapTo.mapToG2_WB19_.msgToG2(P, buf, bufSize);
+		return;
+	}
 	Fp2 t;
 	t.a.setHashOf(buf, bufSize);
 	t.b.clear();

include/mcl/mapto_wb19.hpp

@@ -9,14 +9,15 @@
 */
 
 // ctr = 0 or 1 or 2
-inline void hashToFp2(Fp2& out, const void *msg, size_t msgSize, uint8_t ctr, const void *dst, size_t dstSize, bool addZero = true)
+inline void hashToFp2(Fp2& out, const void *msg, size_t msgSize, uint8_t ctr, const void *dst, size_t dstSize)
 {
+	const bool addZeroByte = false; // append zero byte to msg
 	assert(ctr <= 2);
 	const size_t degree = 2;
 	uint8_t msg_prime[32];
 	// add '\0' at the end of dst
 	// see. 5.3. Implementation of https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve
-	if (addZero) {
+	if (addZeroByte) {
 		fp::hkdf_extract_addZeroByte(msg_prime, reinterpret_cast<const uint8_t*>(dst), dstSize, reinterpret_cast<const uint8_t*>(msg), msgSize);
 	} else {
 		fp::hkdf_extract(msg_prime, reinterpret_cast<const uint8_t*>(dst), dstSize, reinterpret_cast<const uint8_t*>(msg), msgSize);
@@ -484,17 +485,17 @@ struct MapToG2_WB19 {
 		iso3(P, Pp);
 		clear_h2(P, P);
 	}
-	void map2curve_osswu2(G2& out, const void *msg, size_t msgSize, const void *dst, size_t dstSize, bool addZero = true) const
+	void map2curve_osswu2(G2& out, const void *msg, size_t msgSize, const void *dst, size_t dstSize) const
 	{
 		Fp2 t1, t2;
-		hashToFp2(t1, msg, msgSize, 0, dst, dstSize, addZero);
-		hashToFp2(t2, msg, msgSize, 1, dst, dstSize, addZero);
+		hashToFp2(t1, msg, msgSize, 0, dst, dstSize);
+		hashToFp2(t2, msg, msgSize, 1, dst, dstSize);
 		opt_swu2_map(out, t1, &t2);
 	}
 	void msgToG2(G2& out, const void *msg, size_t msgSize) const
 	{
 		const char *dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO-_POP_";
-		map2curve_osswu2(out, msg, msgSize, dst, strlen(dst), false);
+		map2curve_osswu2(out, msg, msgSize, dst, strlen(dst));
 	}
 };