Adapt existing ristretto225 implementation to the CIRCL Group interfaces()

go.mod

@@ -3,6 +3,8 @@ module github.com/cloudflare/circl
 go 1.12
 
 require (
+	github.com/armfazh/h2c-go-ref v0.0.0-20210215173008-07e12a6f8e0d
+	github.com/bwesterb/go-ristretto v1.1.1
 	golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9
 	golang.org/x/sys v0.0.0-20201211090839-8ad439b19e0f
 )

go.sum

@@ -1,4 +1,11 @@
+github.com/armfazh/h2c-go-ref v0.0.0-20210215173008-07e12a6f8e0d h1:0YBiQ+rXap26i6apP7AldB+h50fAP7XSzpbio4ElXQo=
+github.com/armfazh/h2c-go-ref v0.0.0-20210215173008-07e12a6f8e0d/go.mod h1:8fwPDRbWg9lh+s+iVv/7yAthCGHoGLTpeXnHf/J5EXs=
+github.com/armfazh/tozan-ecc v0.1.3 h1:g3OKE0KR4L/GZaoQYzsOUdg97Ey5lZRl1i1fD/QkUUw=
+github.com/armfazh/tozan-ecc v0.1.3/go.mod h1:u25eZC5Z8uJFQxJxGBz1Blfii/7m3DfmwX0vFnwtG9I=
+github.com/bwesterb/go-ristretto v1.1.1 h1:ScMQxfIReRWsrKhQ+rR9R4CoaS+9Mf+GqaGP8NQEEJg=
+github.com/bwesterb/go-ristretto v1.1.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9 h1:sYNJzB4J8toYPQTM6pAkcmBRgw9SnQKP9oXCHfgy604=
 golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=

group/ristretto255.go

@@ -0,0 +1,179 @@
+package group
+
+import (
+	"crypto"
+	"io"
+
+	h2c "github.com/armfazh/h2c-go-ref"
+
+	r225 "github.com/bwesterb/go-ristretto"
+)
+
+var (
+	Ristretto255 Group = ristrettoGroup{}
+)
+
+type ristrettoGroup struct {
+}
+
+type ristrettoElement struct {
+	p *r225.Point
+}
+
+type ristrettoScalar struct {
+	s *r225.Scalar
+}
+
+func (g ristrettoGroup) NewElement() Element {
+	return &ristrettoElement{
+		p: &r225.Point{},
+	}
+}
+
+func (g ristrettoGroup) NewScalar() Scalar {
+	return &ristrettoScalar{
+		s: &r225.Scalar{},
+	}
+}
+
+func (g ristrettoGroup) Identity() Element {
+	var zero r225.Point
+	zero.SetZero()
+	return &ristrettoElement{
+		p: &zero,
+	}
+}
+
+func (g ristrettoGroup) Generator() Element {
+	var base r225.Point
+	base.SetBase()
+	return &ristrettoElement{
+		p: &base,
+	}
+}
+
+func (g ristrettoGroup) Order() Scalar {
+	panic("not implemented")
+	return nil
+}
+
+func (g ristrettoGroup) RandomElement(r io.Reader) Element {
+	var x r225.Point
+	x.Rand()
+	return &ristrettoElement{
+		p: &x,
+	}
+}
+
+func (g ristrettoGroup) RandomScalar(r io.Reader) Scalar {
+	var x r225.Scalar
+	x.Rand()
+	return &ristrettoScalar{
+		s: &x,
+	}
+}
+
+// Note(caw): this does NOT implement HashToElement as specified in the hash-to-curve draft
+// https://cfrg.github.io/draft-irtf-cfrg-hash-to-curve/draft-irtf-cfrg-hash-to-curve.html#section-appendix.b
+func (g ristrettoGroup) HashToElement(msg, dst []byte) Element {
+	e := g.NewElement()
+
+	expID := h2c.ExpanderDesc{h2c.XMD, uint(crypto.SHA512)}
+	exp, err := expID.Get(dst, 0)
+	if err != nil {
+		panic(err)
+	}
+	data := exp.Expand(msg, 64)
+
+	e.(*ristrettoElement).p.Derive(data)
+	return e
+}
+
+func (g ristrettoGroup) HashToScalar(msg, dst []byte) Scalar {
+	s := g.NewScalar()
+	s.(*ristrettoScalar).s.Derive(msg)
+	return s
+}
+
+func (e *ristrettoElement) IsIdentity() bool {
+	var zero r225.Point
+	zero.SetZero()
+	return e.p.Equals(&zero)
+}
+
+func (e *ristrettoElement) IsEqual(x Element) bool {
+	return e.p.Equals(x.(*ristrettoElement).p)
+}
+
+func (e *ristrettoElement) Add(x Element, y Element) Element {
+	e.p.Add(x.(*ristrettoElement).p, y.(*ristrettoElement).p)
+	return e
+}
+
+func (e *ristrettoElement) Dbl(x Element) Element {
+	return e.Add(x, x)
+}
+
+func (e *ristrettoElement) Neg(x Element) Element {
+	e.p.Neg(x.(*ristrettoElement).p)
+	return e
+}
+
+func (e *ristrettoElement) Mul(x Element, y Scalar) Element {
+	e.p.ScalarMult(x.(*ristrettoElement).p, y.(*ristrettoScalar).s)
+	return e
+}
+
+func (e *ristrettoElement) MulGen(x Scalar) Element {
+	e.p.ScalarMultBase(x.(*ristrettoScalar).s)
+	return e
+}
+
+func (e *ristrettoElement) MarshalBinaryCompress() ([]byte, error) {
+	return e.p.MarshalBinary()
+}
+
+func (e *ristrettoElement) MarshalBinary() ([]byte, error) {
+	return e.p.MarshalBinary()
+}
+
+func (e *ristrettoElement) UnmarshalBinary(data []byte) error {
+	return e.p.UnmarshalBinary(data)
+}
+
+func (s *ristrettoScalar) IsEqual(x Scalar) bool {
+	return s.s.Equals(x.(*ristrettoScalar).s)
+}
+
+func (s *ristrettoScalar) Add(x Scalar, y Scalar) Scalar {
+	s.s.Add(x.(*ristrettoScalar).s, y.(*ristrettoScalar).s)
+	return s
+}
+
+func (s *ristrettoScalar) Sub(x Scalar, y Scalar) Scalar {
+	s.s.Sub(x.(*ristrettoScalar).s, y.(*ristrettoScalar).s)
+	return s
+}
+
+func (s *ristrettoScalar) Mul(x Scalar, y Scalar) Scalar {
+	s.s.Mul(x.(*ristrettoScalar).s, y.(*ristrettoScalar).s)
+	return s
+}
+
+func (s *ristrettoScalar) Neg(x Scalar) Scalar {
+	s.s.Neg(x.(*ristrettoScalar).s)
+	return s
+}
+
+func (s *ristrettoScalar) Inv(x Scalar) Scalar {
+	s.s.Inverse(x.(*ristrettoScalar).s)
+	return s
+}
+
+func (s *ristrettoScalar) MarshalBinary() ([]byte, error) {
+	return s.s.MarshalBinary()
+}
+
+func (s *ristrettoScalar) UnmarshalBinary(data []byte) error {
+	return s.s.UnmarshalBinary(data)
+}