Move expander out of group module.

Author: armfazh

ecc/bls12381/g1.go

@@ -2,12 +2,13 @@ package bls12381
 
 import (
 	"crypto"
+	_ "crypto/sha256" // to link library
 	"crypto/subtle"
 	"fmt"
 	"math/big"
 
 	"github.com/cloudflare/circl/ecc/bls12381/ff"
-	"github.com/cloudflare/circl/group"
+	"github.com/cloudflare/circl/expander"
 )
 
 // G1Size is the length in bytes of an element in G1 in uncompressed form..
@@ -336,7 +337,7 @@ func (g *G1) toAffine() {
 // be used as a hash function, otherwise use G1.Hash instead.
 func (g *G1) Encode(input, dst []byte) {
 	const L = 64
-	pseudo := group.NewExpanderMD(crypto.SHA256, dst).Expand(input, L)
+	pseudo := expander.NewExpanderMD(crypto.SHA256, dst).Expand(input, L)
 
 	bu := new(big.Int).SetBytes(pseudo)
 	bu.Mod(bu, new(big.Int).SetBytes(ff.FpOrder()))
@@ -356,7 +357,7 @@ func (g *G1) Encode(input, dst []byte) {
 // random oracle returning points in G1 be required.
 func (g *G1) Hash(input, dst []byte) {
 	const L = 64
-	pseudo := group.NewExpanderMD(crypto.SHA256, dst).Expand(input, 2*L)
+	pseudo := expander.NewExpanderMD(crypto.SHA256, dst).Expand(input, 2*L)
 
 	var u0, u1 ff.Fp
 	fpOrder := new(big.Int).SetBytes(ff.FpOrder())

group/expander.go renamed to expander/expander.go

@@ -1,4 +1,5 @@
-package group
+// Package expander generates arbitrary bytes from an XOF or Hash function.
+package expander
 
 import (
 	"crypto"

group/expander_test.go renamed to expander/expander_test.go

@@ -1,8 +1,10 @@
-package group_test
+package expander_test
 
 import (
 	"bytes"
 	"crypto"
+	_ "crypto/sha256" // to link libraries
+	_ "crypto/sha512" // to link libraries
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
@@ -11,13 +13,13 @@ import (
 	"strconv"
 	"testing"
 
-	"github.com/cloudflare/circl/group"
+	"github.com/cloudflare/circl/expander"
 	"github.com/cloudflare/circl/internal/test"
 	"github.com/cloudflare/circl/xof"
 )
 
 func TestExpander(t *testing.T) {
-	fileNames, err := filepath.Glob("./testdata/expand*.json")
+	fileNames, err := filepath.Glob("./testdata/*.json")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -40,16 +42,16 @@ func TestExpander(t *testing.T) {
 }
 
 func testExpander(t *testing.T, vs *vectorExpanderSuite) {
-	var exp group.Expander
+	var exp expander.Expander
 	switch vs.Hash {
 	case "SHA256":
-		exp = group.NewExpanderMD(crypto.SHA256, []byte(vs.DST))
+		exp = expander.NewExpanderMD(crypto.SHA256, []byte(vs.DST))
 	case "SHA512":
-		exp = group.NewExpanderMD(crypto.SHA512, []byte(vs.DST))
+		exp = expander.NewExpanderMD(crypto.SHA512, []byte(vs.DST))
 	case "SHAKE128":
-		exp = group.NewExpanderXOF(xof.SHAKE128, vs.K, []byte(vs.DST))
+		exp = expander.NewExpanderXOF(xof.SHAKE128, vs.K, []byte(vs.DST))
 	case "SHAKE256":
-		exp = group.NewExpanderXOF(xof.SHAKE256, vs.K, []byte(vs.DST))
+		exp = expander.NewExpanderXOF(xof.SHAKE256, vs.K, []byte(vs.DST))
 	default:
 		t.Skip("hash not supported: " + vs.Hash)
 	}
@@ -92,10 +94,10 @@ func BenchmarkExpander(b *testing.B) {
 
 	for _, v := range []struct {
 		Name string
-		Exp  group.Expander
+		Exp  expander.Expander
 	}{
-		{"XMD", group.NewExpanderMD(crypto.SHA256, dst)},
-		{"XOF", group.NewExpanderXOF(xof.SHAKE128, 0, dst)},
+		{"XMD", expander.NewExpanderMD(crypto.SHA256, dst)},
+		{"XOF", expander.NewExpanderXOF(xof.SHAKE128, 0, dst)},
 	} {
 		exp := v.Exp
 		for l := 8; l <= 10; l++ {

group/testdata/expand_message_xmd_SHA256_256.json renamed to expander/testdata/expand_message_xmd_SHA256_256.json

@@ -1,10 +1,14 @@
 package group
 
-import "math/big"
+import (
+	"math/big"
+
+	"github.com/cloudflare/circl/expander"
+)
 
 // HashToField generates a set of elements {u1,..., uN} = Hash(b) where each
 // u in GF(p) and L is the security parameter.
-func HashToField(u []big.Int, b []byte, e Expander, p *big.Int, L uint) {
+func HashToField(u []big.Int, b []byte, e expander.Expander, p *big.Int, L uint) {
 	count := uint(len(u))
 	bytes := e.Expand(b, count*L)
 	for i := range u {

group/testdata/expand_message_xmd_SHA256_38.json renamed to expander/testdata/expand_message_xmd_SHA256_38.json

@@ -6,6 +6,7 @@ import (
 	"io"
 
 	r255 "github.com/bwesterb/go-ristretto"
+	"github.com/cloudflare/circl/expander"
 )
 
 var (
@@ -86,7 +87,7 @@ func (g ristrettoGroup) HashToElementNonUniform(b, dst []byte) Element {
 	return g.HashToElement(b, dst)
 }
 func (g ristrettoGroup) HashToElement(msg, dst []byte) Element {
-	xmd := NewExpanderMD(crypto.SHA512, dst)
+	xmd := expander.NewExpanderMD(crypto.SHA512, dst)
 	data := xmd.Expand(msg, 64)
 	e := g.NewElement()
 	e.(*ristrettoElement).p.Derive(data)

group/testdata/expand_message_xmd_SHA512_38.json renamed to expander/testdata/expand_message_xmd_SHA512_38.json

@@ -3,14 +3,13 @@ package group
 import (
 	"crypto"
 	"crypto/elliptic"
-	_ "crypto/sha256" // to link libraries
-	_ "crypto/sha512" // to link libraries
 	"crypto/subtle"
 	"fmt"
 	"io"
 	"math/big"
 
 	"github.com/cloudflare/circl/ecc/p384"
+	"github.com/cloudflare/circl/expander"
 )
 
 var (
@@ -36,12 +35,16 @@ func (g wG) Generator() Element  { return &wElt{g, g.c.Params().Gx, g.c.Params()
 func (g wG) Order() Scalar       { s := &wScl{g, nil}; s.fromBig(g.c.Params().N); return s }
 func (g wG) RandomElement(rd io.Reader) Element {
 	b := make([]byte, (g.c.Params().BitSize+7)/8)
-	mustReadFull(rd, b)
+	if n, err := io.ReadFull(rd, b); err != nil || n != len(b) {
+		panic(err)
+	}
 	return g.HashToElement(b, nil)
 }
 func (g wG) RandomScalar(rd io.Reader) Scalar {
 	b := make([]byte, (g.c.Params().BitSize+7)/8)
-	mustReadFull(rd, b)
+	if n, err := io.ReadFull(rd, b); err != nil || n != len(b) {
+		panic(err)
+	}
 	return g.HashToScalar(b, nil)
 }
 func (g wG) cvtElt(e Element) *wElt {
@@ -75,14 +78,14 @@ func (g wG) Params() *Params {
 func (g wG) HashToElementNonUniform(b, dst []byte) Element {
 	var u [1]big.Int
 	mapping, h, L := g.mapToCurveParams()
-	xmd := NewExpanderMD(h, dst)
+	xmd := expander.NewExpanderMD(h, dst)
 	HashToField(u[:], b, xmd, g.c.Params().P, L)
 	return mapping(&u[0])
 }
 func (g wG) HashToElement(b, dst []byte) Element {
 	var u [2]big.Int
 	mapping, h, L := g.mapToCurveParams()
-	xmd := NewExpanderMD(h, dst)
+	xmd := expander.NewExpanderMD(h, dst)
 	HashToField(u[:], b, xmd, g.c.Params().P, L)
 	Q0 := mapping(&u[0])
 	Q1 := mapping(&u[1])
@@ -91,7 +94,7 @@ func (g wG) HashToElement(b, dst []byte) Element {
 func (g wG) HashToScalar(b, dst []byte) Scalar {
 	var u [1]big.Int
 	_, h, L := g.mapToCurveParams()
-	xmd := NewExpanderMD(h, dst)
+	xmd := expander.NewExpanderMD(h, dst)
 	HashToField(u[:], b, xmd, g.c.Params().N, L)
 	s := g.NewScalar().(*wScl)
 	s.fromBig(&u[0])