sonr/crypto/core/curves/native/hash2field.go

package native

import (
	"hash"

	"golang.org/x/crypto/sha3"
)

// OversizeDstSalt is the salt used to hash a dst over MaxDstLen
var OversizeDstSalt = []byte("H2C-OVERSIZE-DST-")

// MaxDstLen the max size for dst in hash to curve
const MaxDstLen = 255

func getDomainXmd(h hash.Hash, domain []byte) []byte {
	var out []byte
	if len(domain) > MaxDstLen {
		h.Reset()
		_, _ = h.Write(OversizeDstSalt)
		_, _ = h.Write(domain)
		out = h.Sum(nil)
	} else {
		out = domain
	}
	return out
}

func getDomainXof(h sha3.ShakeHash, domain []byte) []byte {
	var out []byte
	if len(domain) > MaxDstLen {
		h.Reset()
		_, _ = h.Write(OversizeDstSalt)
		_, _ = h.Write(domain)
		var tv [64]byte
		_, _ = h.Read(tv[:])
		out = tv[:]
	} else {
		out = domain
	}
	return out
}

// ExpandMsgXmd expands the msg with the domain to output a byte array
// with outLen in size using a fixed size hash.
// See https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-13#section-5.4.1
func ExpandMsgXmd(h *EllipticPointHasher, msg, domain []byte, outLen int) []byte {
	domain = getDomainXmd(h.xmd, domain)
	domainLen := byte(len(domain))
	h.xmd.Reset()
	// DST_prime = DST || I2OSP(len(DST), 1)
	// b_0 = H(Z_pad || msg || l_i_b_str || I2OSP(0, 1) || DST_prime)
	_, _ = h.xmd.Write(make([]byte, h.xmd.BlockSize()))
	_, _ = h.xmd.Write(msg)
	_, _ = h.xmd.Write([]byte{uint8(outLen >> 8), uint8(outLen)})
	_, _ = h.xmd.Write([]byte{0})
	_, _ = h.xmd.Write(domain)
	_, _ = h.xmd.Write([]byte{domainLen})
	b0 := h.xmd.Sum(nil)

	// b_1 = H(b_0 || I2OSP(1, 1) || DST_prime)
	h.xmd.Reset()
	_, _ = h.xmd.Write(b0)
	_, _ = h.xmd.Write([]byte{1})
	_, _ = h.xmd.Write(domain)
	_, _ = h.xmd.Write([]byte{domainLen})
	b1 := h.xmd.Sum(nil)

	// b_i = H(strxor(b_0, b_(i - 1)) || I2OSP(i, 1) || DST_prime)
	ell := (outLen + h.xmd.Size() - 1) / h.xmd.Size()
	bi := b1
	out := make([]byte, outLen)
	for i := 1; i < ell; i++ {
		h.xmd.Reset()
		// b_i = H(strxor(b_0, b_(i - 1)) || I2OSP(i, 1) || DST_prime)
		tmp := make([]byte, h.xmd.Size())
		for j := 0; j < h.xmd.Size(); j++ {
			tmp[j] = b0[j] ^ bi[j]
		}
		_, _ = h.xmd.Write(tmp)
		_, _ = h.xmd.Write([]byte{1 + uint8(i)})
		_, _ = h.xmd.Write(domain)
		_, _ = h.xmd.Write([]byte{domainLen})

		// b_1 || ... || b_(ell - 1)
		copy(out[(i-1)*h.xmd.Size():i*h.xmd.Size()], bi[:])
		bi = h.xmd.Sum(nil)
	}
	// b_ell
	copy(out[(ell-1)*h.xmd.Size():], bi[:])
	return out[:outLen]
}

// ExpandMsgXof expands the msg with the domain to output a byte array
// with outLen in size using a xof hash
// See https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-13#section-5.4.2
func ExpandMsgXof(h *EllipticPointHasher, msg, domain []byte, outLen int) []byte {
	domain = getDomainXof(h.xof, domain)
	domainLen := byte(len(domain))
	h.xof.Reset()
	_, _ = h.xof.Write(msg)
	_, _ = h.xof.Write([]byte{uint8(outLen >> 8), uint8(outLen)})
	_, _ = h.xof.Write(domain)
	_, _ = h.xof.Write([]byte{domainLen})
	out := make([]byte, outLen)
	_, _ = h.xof.Read(out)
	return out
}
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`package native`

			`import (`
			`"hash"`

			`"golang.org/x/crypto/sha3"`
			`)`

			`// OversizeDstSalt is the salt used to hash a dst over MaxDstLen`
			`var OversizeDstSalt = []byte("H2C-OVERSIZE-DST-")`

			`// MaxDstLen the max size for dst in hash to curve`
			`const MaxDstLen = 255`

			`func getDomainXmd(h hash.Hash, domain []byte) []byte {`
			`var out []byte`
			`if len(domain) > MaxDstLen {`
			`h.Reset()`
			`_, _ = h.Write(OversizeDstSalt)`
			`_, _ = h.Write(domain)`
			`out = h.Sum(nil)`
			`} else {`
			`out = domain`
			`}`
			`return out`
			`}`

			`func getDomainXof(h sha3.ShakeHash, domain []byte) []byte {`
			`var out []byte`
			`if len(domain) > MaxDstLen {`
			`h.Reset()`
			`_, _ = h.Write(OversizeDstSalt)`
			`_, _ = h.Write(domain)`
			`var tv [64]byte`
			`_, _ = h.Read(tv[:])`
			`out = tv[:]`
			`} else {`
			`out = domain`
			`}`
			`return out`
			`}`

			`// ExpandMsgXmd expands the msg with the domain to output a byte array`
			`// with outLen in size using a fixed size hash.`
			`// See https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-13#section-5.4.1`
			`func ExpandMsgXmd(h *EllipticPointHasher, msg, domain []byte, outLen int) []byte {`
			`domain = getDomainXmd(h.xmd, domain)`
			`domainLen := byte(len(domain))`
			`h.xmd.Reset()`
			`// DST_prime = DST \|\| I2OSP(len(DST), 1)`
			`// b_0 = H(Z_pad \|\| msg \|\| l_i_b_str \|\| I2OSP(0, 1) \|\| DST_prime)`
			`_, _ = h.xmd.Write(make([]byte, h.xmd.BlockSize()))`
			`_, _ = h.xmd.Write(msg)`
			`_, _ = h.xmd.Write([]byte{uint8(outLen >> 8), uint8(outLen)})`
			`_, _ = h.xmd.Write([]byte{0})`
			`_, _ = h.xmd.Write(domain)`
			`_, _ = h.xmd.Write([]byte{domainLen})`
			`b0 := h.xmd.Sum(nil)`

			`// b_1 = H(b_0 \|\| I2OSP(1, 1) \|\| DST_prime)`
			`h.xmd.Reset()`
			`_, _ = h.xmd.Write(b0)`
			`_, _ = h.xmd.Write([]byte{1})`
			`_, _ = h.xmd.Write(domain)`
			`_, _ = h.xmd.Write([]byte{domainLen})`
			`b1 := h.xmd.Sum(nil)`

			`// b_i = H(strxor(b_0, b_(i - 1)) \|\| I2OSP(i, 1) \|\| DST_prime)`
			`ell := (outLen + h.xmd.Size() - 1) / h.xmd.Size()`
			`bi := b1`
			`out := make([]byte, outLen)`
			`for i := 1; i < ell; i++ {`
			`h.xmd.Reset()`
			`// b_i = H(strxor(b_0, b_(i - 1)) \|\| I2OSP(i, 1) \|\| DST_prime)`
			`tmp := make([]byte, h.xmd.Size())`
			`for j := 0; j < h.xmd.Size(); j++ {`
			`tmp[j] = b0[j] ^ bi[j]`
			`}`
			`_, _ = h.xmd.Write(tmp)`
			`_, _ = h.xmd.Write([]byte{1 + uint8(i)})`
			`_, _ = h.xmd.Write(domain)`
			`_, _ = h.xmd.Write([]byte{domainLen})`

			`// b_1 \|\| ... \|\| b_(ell - 1)`
			`copy(out[(i-1)h.xmd.Size():ih.xmd.Size()], bi[:])`
			`bi = h.xmd.Sum(nil)`
			`}`
			`// b_ell`
			`copy(out[(ell-1)*h.xmd.Size():], bi[:])`
			`return out[:outLen]`
			`}`

			`// ExpandMsgXof expands the msg with the domain to output a byte array`
			`// with outLen in size using a xof hash`
			`// See https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-13#section-5.4.2`
			`func ExpandMsgXof(h *EllipticPointHasher, msg, domain []byte, outLen int) []byte {`
			`domain = getDomainXof(h.xof, domain)`
			`domainLen := byte(len(domain))`
			`h.xof.Reset()`
			`_, _ = h.xof.Write(msg)`
			`_, _ = h.xof.Write([]byte{uint8(outLen >> 8), uint8(outLen)})`
			`_, _ = h.xof.Write(domain)`
			`_, _ = h.xof.Write([]byte{domainLen})`
			`out := make([]byte, outLen)`
			`_, _ = h.xof.Read(out)`
			`return out`
			`}`