Apply prettier to 4.0.3 to fix error

azuchi · Feb 5, 2024 · 5d6d05a · 5d6d05a
1 parent c38a31b
commit 5d6d05a
Show file tree

Hide file tree

Showing 7 changed files with 136 additions and 6 deletions.
diff --git a/Gemfile b/Gemfile
@@ -9,7 +9,7 @@ gem "rake", "~> 13.0"
 
 gem "rspec", "~> 3.0"
 
-gem 'prettier'
+gem 'prettier', '4.0.3'
 
 gem 'rubocop-rake'
 gem 'rubocop-rspec'
diff --git a/lib/ext/curve.rb b/lib/ext/curve.rb
@@ -3,3 +3,4 @@
 require_relative "curve/secp256k1_3iso"
 require_relative "curve/bls12381_g1"
 require_relative "curve/bls12381_g1_11iso"
+require_relative "curve/bls12381_g2"
diff --git a/lib/ext/curve/bls12381_g2.rb b/lib/ext/curve/bls12381_g2.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+module BLS
+  class Group
+    BLS12381G2 =
+      ECDSA::Group.new(
+        name: "bls12381_g2",
+        p:
+          0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab,
+        a: 0,
+        b: 4,
+        g: [
+          0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb,
+          0x8b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1
+        ],
+        n: 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001,
+        h:
+          0xbc69f08f2ee75b3584c6a0ea91b352888e2a8e9145ad7689986ff031508ffe1329c2f178731db956d82bf015d1212b02ec0ec69d7477c1ae954cbc06689f6a359894c0adebbf6b4e8020005aaa95551
+      )
+  end
+end
diff --git a/lib/ext/curve/bls12381_g2_11iso.rb b/lib/ext/curve/bls12381_g2_11iso.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module BLS
+  class Group
+    BLS12381G1_11ISO =
+      ECDSA::Group.new(
+        name: "bls12381_g2_11iso",
+        p:
+          0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab,
+        a:
+          0x144698a3b8e9433d693a02c96d4982b0ea985383ee66a8d8e8981aefd881ac98936f8da0e0f97f5cf428082d584c1d,
+        b:
+          0x12e2908d11688030018b12e8753eee3b2016c1f0f24f4070a0b9c14fcef35ef55a23215a316ceaa5d1cc48e98e172be0,
+        g: [
+          0x6a0ead062ba73a09984eb7351a2d851bc817625345ce033a6eb7d78242b6466c877e022dda626a79ddb85bce57997e2,
+          0x3b89d8bb9326270e46b6b74e19f7b3f10082fbf1a46df72da50c6571b969afc570d6529350b1b9b05ab4fe5c29920b4
+        ],
+        n: 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001,
+        h: 0xd201000000010001
+      )
+  end
+end
diff --git a/lib/h2c/expander.rb b/lib/h2c/expander.rb
@@ -4,6 +4,7 @@ module H2C
   # Expander allows to generate a pseudo-random byte string of a determined length.
   module Expander
     autoload :XMD, "h2c/expander/xmd"
+    autoload :XOF, "h2c/expander/xof"
 
     # Maximum allowed length for domain separation tags.
     MAX_DST_LENGTH = 255
@@ -33,13 +34,15 @@ module Expander
     # Get expander implementation
     # @param [String] func Hash function name. Currently supported by 'SHA-256' and 'SHA-512'.
     # @raise [H2C::Error] If invalid func specified.
-    # @return [XMD] expander implementation, currently only XMD is supported.
-    def get(func, dst, _k)
-      unless HashFunc::XMD_FUNCS.include?(func)
+    # @return [XMD, XOF] expander implementation, currently only XMD is supported.
+    def get(func, dst, k = nil)
+      if HashFunc::XMD_FUNCS.include?(func)
+        XMD.new(func, dst)
+      elsif HashFunc::XOF_FUNCS.include?(func)
+        XOF.new(func, dst, k)
+      else
         raise H2C::Error, "func #{func} is unsupported."
       end
-      XMD.new(func, dst)
-      # TODO: XOR
     end
 
     # XOR two byte(+x+ and +y+) string.

diff --git a/lib/h2c/expander/xof.rb b/lib/h2c/expander/xof.rb
@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+require "digest"
+
+module H2C
+  module Expander
+    # Expander::XOF produces a uniformly random byte string using a cryptographic hash function H that outputs b bits.
+    class XOF
+      attr_reader :dst, :digest, :k
+
+      # Constructor
+      # @param [String] func Hash function name. Currently supported by 'SHA256' and 'SHA512'
+      # @param [String] dst Domain separation tag with binary format.
+      # @param [Integer] k
+      def initialize(func, dst, k)
+        @dst = dst
+        @digest = Digest(func).new
+        @k = k
+      end
+
+      # Expand message.
+      # https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#name-expand_message_xmd
+      # @param [String] msg The message to be expanded with binary format.
+      # @param [Integer] len The length of the requested output in bytes.
+      # @return [String] Expanded message.
+      # @raise [H2C::Error]
+      def expand(msg, len)
+        b_len = digest.digest_length
+        ell = (len + b_len - 1) / b_len
+        dst_prime = construct_dst_prime
+
+        if ell >= 0xff || len >= 0xffff || dst_prime.bytesize >= 0xff
+          raise H2C::Error, "requested too many bytes"
+        end
+        lib_str = [(len >> 8) & 0xFF, (len & 0xff)].pack("CC")
+        z_pad = Array.new(digest.block_length, 0)
+
+        digest.reset
+        digest.update(z_pad.pack("C*"))
+        digest.update(msg)
+        digest.update(lib_str)
+        digest.update([0].pack("C"))
+        digest.update(dst_prime)
+
+        b0 = digest.digest
+        digest.reset
+        digest.update(b0)
+        digest.update([1].pack("C"))
+        digest.update(dst_prime)
+
+        bi = digest.digest
+        pseudo = bi
+        (2..(ell + 1)).each do |i|
+          digest.reset
+          digest.update(Expander.xor(b0, bi))
+          digest.update([i].pack("C"))
+          digest.update(dst_prime)
+          bi = digest.digest
+          pseudo += bi
+        end
+        pseudo[0...len]
+      end
+
+      # Construct DST prime.
+      # @return [String] DST prime
+      def construct_dst_prime
+        dst_prime =
+          if dst.bytesize > MAX_DST_LENGTH
+            digest.digest(LONG_DST_PREFIX + dst)
+          else
+            dst
+          end
+        dst_prime + [dst_prime.bytesize].pack("C")
+      end
+    end
+  end
+end
diff --git a/lib/h2c/suite.rb b/lib/h2c/suite.rb
@@ -8,6 +8,8 @@ class Suite
     SECP256K1_XMDSHA256_SSWU_RO_ = "secp256k1_XMD:SHA-256_SSWU_RO_"
     BLS12381G1_XMDSHA256_SSWU_NU_ = "BLS12381G1_XMD:SHA-256_SSWU_NU_"
     BLS12381G1_XMDSHA256_SSWU_RO_ = "BLS12381G1_XMD:SHA-256_SSWU_RO_"
+    BLS12381G2_XMDSHA256_SWU_NU_ = "BLS12381G2_XMD:SHA-256_SSWU_NU_"
+    BLS12381G2_XMDSHA256_SWU_RO_ = "BLS12381G2_XMD:SHA-256_SSWU_RO_"
     P256_XMDSHA256_SSWU_NU_ = "P256_XMD:SHA-256_SSWU_NU_"
     P256_XMDSHA256_SSWU_RO_ = "P256_XMD:SHA-256_SSWU_RO_"
     P384_XMDSHA384_SSWU_NU_ = "P384_XMD:SHA-384_SSWU_NU_"
@@ -35,6 +37,13 @@ def initialize(id, dst)
         @l = 64
         @map = M2C::SSWUAB0.new(H2C::M2C::ISOGeny::BLS12381G1.new, 11)
         @ro = (id == BLS12381G1_XMDSHA256_SSWU_RO_)
+      when BLS12381G2_XMDSHA256_SWU_NU_, BLS12381G2_XMDSHA256_SWU_RO_
+        @curve = BLS::Group::BLS12381G2
+        @exp = Expander.get(HashFunc::SHA256, dst, @k)
+        @l = 64
+        @m = 2
+        @map = M2C::SSWUAB0.new(H2C::M2C::ISOGeny::BLS12381G1.new, 11)
+        @ro = (id == BLS12381G1_XMDSHA256_SSWU_RO_)
       when P256_XMDSHA256_SSWU_NU_, P256_XMDSHA256_SSWU_RO_
         @curve = ECDSA::Group::Nistp256
         @exp = Expander.get(HashFunc::SHA256, dst, @k)