Adapt existing ristretto225 implementation to the CIRCL Group interfaces()

go.mod

@@ -3,6 +3,9 @@ module github.com/cloudflare/circl
 go 1.12
 
 require (
+	github.com/armfazh/h2c-go-ref v0.0.0-20210215173008-07e12a6f8e0d
+	github.com/bwesterb/go-ristretto v1.1.1
+	github.com/stretchr/testify v1.7.0
 	golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9
 	golang.org/x/sys v0.0.0-20201211090839-8ad439b19e0f
 )

go.sum

@@ -1,4 +1,18 @@
+github.com/armfazh/h2c-go-ref v0.0.0-20210215173008-07e12a6f8e0d h1:0YBiQ+rXap26i6apP7AldB+h50fAP7XSzpbio4ElXQo=
+github.com/armfazh/h2c-go-ref v0.0.0-20210215173008-07e12a6f8e0d/go.mod h1:8fwPDRbWg9lh+s+iVv/7yAthCGHoGLTpeXnHf/J5EXs=
+github.com/armfazh/tozan-ecc v0.1.3 h1:g3OKE0KR4L/GZaoQYzsOUdg97Ey5lZRl1i1fD/QkUUw=
+github.com/armfazh/tozan-ecc v0.1.3/go.mod h1:u25eZC5Z8uJFQxJxGBz1Blfii/7m3DfmwX0vFnwtG9I=
+github.com/bwesterb/go-ristretto v1.1.1 h1:ScMQxfIReRWsrKhQ+rR9R4CoaS+9Mf+GqaGP8NQEEJg=
+github.com/bwesterb/go-ristretto v1.1.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9 h1:sYNJzB4J8toYPQTM6pAkcmBRgw9SnQKP9oXCHfgy604=
 golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -8,3 +22,6 @@ golang.org/x/sys v0.0.0-20201211090839-8ad439b19e0f h1:QdHQnPce6K4XQewki9WNbG5KO
 golang.org/x/sys v0.0.0-20201211090839-8ad439b19e0f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

group/group_test.go

@@ -16,6 +16,7 @@ func TestGroup(t *testing.T) {
 		group.P256,
 		group.P384,
 		group.P521,
+		group.Ristretto255,
 	} {
 		g := g
 		n := g.(fmt.Stringer).String()
@@ -113,16 +114,24 @@ func testOrder(t *testing.T, testTimes int, g group.Group) {
 	}
 }
 
+func isZero(b []byte) bool {
+	for i := 0; i < len(b); i++ {
+		if b[i] != 0x00 {
+			return false
+		}
+	}
+	return true
+}
+
 func testMarshal(t *testing.T, testTimes int, g group.Group) {
 	I := g.Identity()
 	got, _ := I.MarshalBinary()
-	want := []byte{0}
-	if !bytes.Equal(got, want) {
-		test.ReportError(t, got, want)
+	if !isZero(got) {
+		test.ReportError(t, got, "Non-zero identity")
 	}
 	got, _ = I.MarshalBinaryCompress()
-	if !bytes.Equal(got, want) {
-		test.ReportError(t, got, want)
+	if !isZero(got) {
+		test.ReportError(t, got, "Non-zero identity")
 	}
 	II := g.NewElement()
 	err := II.UnmarshalBinary(got)

group/ristretto255.go

@@ -0,0 +1,187 @@
+package group
+
+import (
+	"crypto"
+	"io"
+
+	h2c "github.com/armfazh/h2c-go-ref"
+
+	r255 "github.com/bwesterb/go-ristretto"
+)
+
+var (
+	Ristretto255 Group = ristrettoGroup{}
+)
+
+type ristrettoGroup struct {
+}
+
+func (g ristrettoGroup) String() string {
+	return "ristretto255"
+}
+
+type ristrettoElement struct {
+	p r255.Point
+}
+
+type ristrettoScalar struct {
+	s r255.Scalar
+}
+
+func (g ristrettoGroup) NewElement() Element {
+	return g.Identity()
+}
+
+func (g ristrettoGroup) NewScalar() Scalar {
+	return &ristrettoScalar{
+		s: r255.Scalar{},
+	}
+}
+
+func (g ristrettoGroup) Identity() Element {
+	var zero r255.Point
+	zero.SetZero()
+	return &ristrettoElement{
+		p: zero,
+	}
+}
+
+func (g ristrettoGroup) Generator() Element {
+	var base r255.Point
+	base.SetBase()
+	return &ristrettoElement{
+		p: base,
+	}
+}
+
+func (g ristrettoGroup) Order() Scalar {
+	q := r255.Scalar{
+		0x5cf5d3ed, 0x5812631a, 0xa2f79cd6, 0x14def9de,
+		0x00000000, 0x00000000, 0x00000000, 0x10000000,
+	}
+	return &ristrettoScalar{
+		s: q,
+	}
+}
+
+func (g ristrettoGroup) RandomElement(r io.Reader) Element {
+	var x r255.Point
+	x.Rand()
+	return &ristrettoElement{
+		p: x,
+	}
+}
+
+func (g ristrettoGroup) RandomScalar(r io.Reader) Scalar {
+	var x r255.Scalar
+	x.Rand()
+	return &ristrettoScalar{
+		s: x,
+	}
+}
+
+func (g ristrettoGroup) HashToElement(msg, dst []byte) Element {
+	e := g.NewElement()
+
+	expID := h2c.ExpanderDesc{
+		Type: h2c.XMD,
+		ID:   uint(crypto.SHA512),
+	}
+	exp, err := expID.Get(dst, 0)
+	if err != nil {
+		panic(err)
+	}
+	data := exp.Expand(msg, 64)
+
+	e.(*ristrettoElement).p.Derive(data)
+	return e
+}
+
+func (g ristrettoGroup) HashToScalar(msg, dst []byte) Scalar {
+	s := g.NewScalar()
+	s.(*ristrettoScalar).s.Derive(msg)
+	return s
+}
+
+func (e *ristrettoElement) IsIdentity() bool {
+	var zero r255.Point
+	zero.SetZero()
+	return e.p.Equals(&zero)
+}
+
+func (e *ristrettoElement) IsEqual(x Element) bool {
+	return e.p.Equals(&x.(*ristrettoElement).p)
+}
+
+func (e *ristrettoElement) Add(x Element, y Element) Element {
+	e.p.Add(&x.(*ristrettoElement).p, &y.(*ristrettoElement).p)
+	return e
+}
+
+func (e *ristrettoElement) Dbl(x Element) Element {
+	return e.Add(x, x)
+}
+
+func (e *ristrettoElement) Neg(x Element) Element {
+	e.p.Neg(&x.(*ristrettoElement).p)
+	return e
+}
+
+func (e *ristrettoElement) Mul(x Element, y Scalar) Element {
+	e.p.ScalarMult(&x.(*ristrettoElement).p, &y.(*ristrettoScalar).s)
+	return e
+}
+
+func (e *ristrettoElement) MulGen(x Scalar) Element {
+	e.p.ScalarMultBase(&x.(*ristrettoScalar).s)
+	return e
+}
+
+func (e *ristrettoElement) MarshalBinaryCompress() ([]byte, error) {
+	return e.p.MarshalBinary()
+}
+
+func (e *ristrettoElement) MarshalBinary() ([]byte, error) {
+	return e.p.MarshalBinary()
+}
+
+func (e *ristrettoElement) UnmarshalBinary(data []byte) error {
+	return e.p.UnmarshalBinary(data)
+}
+
+func (s *ristrettoScalar) IsEqual(x Scalar) bool {
+	return s.s.Equals(&x.(*ristrettoScalar).s)
+}
+
+func (s *ristrettoScalar) Add(x Scalar, y Scalar) Scalar {
+	s.s.Add(&x.(*ristrettoScalar).s, &y.(*ristrettoScalar).s)
+	return s
+}
+
+func (s *ristrettoScalar) Sub(x Scalar, y Scalar) Scalar {
+	s.s.Sub(&x.(*ristrettoScalar).s, &y.(*ristrettoScalar).s)
+	return s
+}
+
+func (s *ristrettoScalar) Mul(x Scalar, y Scalar) Scalar {
+	s.s.Mul(&x.(*ristrettoScalar).s, &y.(*ristrettoScalar).s)
+	return s
+}
+
+func (s *ristrettoScalar) Neg(x Scalar) Scalar {
+	s.s.Neg(&x.(*ristrettoScalar).s)
+	return s
+}
+
+func (s *ristrettoScalar) Inv(x Scalar) Scalar {
+	s.s.Inverse(&x.(*ristrettoScalar).s)
+	return s
+}
+
+func (s *ristrettoScalar) MarshalBinary() ([]byte, error) {
+	return s.s.MarshalBinary()
+}
+
+func (s *ristrettoScalar) UnmarshalBinary(data []byte) error {
+	return s.s.UnmarshalBinary(data)
+}