Begin crate smashing

coins/monero/generators/src/hash_to_point.rs

@@ -1,27 +1,20 @@
 use subtle::ConditionallySelectable;
 
-use curve25519_dalek::edwards::{EdwardsPoint, CompressedEdwardsY};
+use curve25519_dalek::edwards::EdwardsPoint;
 
 use group::ff::{Field, PrimeField};
 use dalek_ff_group::FieldElement;
 
-use crate::hash;
+use monero_io::decompress_point;
 
-/// Decompress canonically encoded ed25519 point
-/// It does not check if the point is in the prime order subgroup
-pub fn decompress_point(bytes: [u8; 32]) -> Option<EdwardsPoint> {
-  CompressedEdwardsY(bytes)
-    .decompress()
-    // Ban points which are either unreduced or -0
-    .filter(|point| point.compress().to_bytes() == bytes)
-}
+use crate::keccak256;
 
 /// Monero's hash to point function, as named `hash_to_ec`.
 pub fn hash_to_point(bytes: [u8; 32]) -> EdwardsPoint {
   #[allow(non_snake_case)]
   let A = FieldElement::from(486662u64);
 
-  let v = FieldElement::from_square(hash(&bytes)).double();
+  let v = FieldElement::from_square(keccak256(&bytes)).double();
   let w = v + FieldElement::ONE;
   let x = w.square() + (-A.square() * v);
 

coins/monero/generators/src/lib.rs

@@ -1,8 +1,5 @@
-//! Generators used by Monero in both its Pedersen commitments and Bulletproofs(+).
-//!
-//! An implementation of Monero's `ge_fromfe_frombytes_vartime`, simply called
-//! `hash_to_point` here, is included, as needed to generate generators.
-
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![doc = include_str!("../README.md")]
 #![cfg_attr(not(feature = "std"), no_std)]
 
 use std_shims::{sync::OnceLock, vec::Vec};
@@ -14,16 +11,15 @@ use curve25519_dalek::edwards::{EdwardsPoint as DalekPoint};
 use group::{Group, GroupEncoding};
 use dalek_ff_group::EdwardsPoint;
 
-mod varint;
-use varint::write_varint;
+use monero_io::{write_varint, decompress_point};
 
 mod hash_to_point;
-pub use hash_to_point::{hash_to_point, decompress_point};
+pub use hash_to_point::hash_to_point;
 
 #[cfg(test)]
 mod tests;
 
-fn hash(data: &[u8]) -> [u8; 32] {
+fn keccak256(data: &[u8]) -> [u8; 32] {
   Keccak256::digest(data).into()
 }
 
@@ -32,7 +28,7 @@ static H_CELL: OnceLock<DalekPoint> = OnceLock::new();
 #[allow(non_snake_case)]
 pub fn H() -> DalekPoint {
   *H_CELL.get_or_init(|| {
-    decompress_point(hash(&EdwardsPoint::generator().to_bytes())).unwrap().mul_by_cofactor()
+    decompress_point(keccak256(&EdwardsPoint::generator().to_bytes())).unwrap().mul_by_cofactor()
   })
 }
 
@@ -70,10 +66,10 @@ pub fn bulletproofs_generators(dst: &'static [u8]) -> Generators {
     even.extend(dst);
     let mut odd = even.clone();
 
-    write_varint(&i.try_into().unwrap(), &mut even).unwrap();
-    write_varint(&(i + 1).try_into().unwrap(), &mut odd).unwrap();
-    res.H.push(EdwardsPoint(hash_to_point(hash(&even))));
-    res.G.push(EdwardsPoint(hash_to_point(hash(&odd))));
+    write_varint::<Vec<u8>, u64>(&i.try_into().unwrap(), &mut even).unwrap();
+    write_varint::<Vec<u8>, u64>(&(i + 1).try_into().unwrap(), &mut odd).unwrap();
+    res.H.push(EdwardsPoint(hash_to_point(keccak256(&even))));
+    res.G.push(EdwardsPoint(hash_to_point(keccak256(&odd))));
   }
   res
 }

coins/monero/generators/src/varint.rs

@@ -1,16 +0,0 @@
-use std_shims::io::{self, Write};
-
-const VARINT_CONTINUATION_MASK: u8 = 0b1000_0000;
-pub(crate) fn write_varint<W: Write>(varint: &u64, w: &mut W) -> io::Result<()> {
-  let mut varint = *varint;
-  while {
-    let mut b = u8::try_from(varint & u64::from(!VARINT_CONTINUATION_MASK)).unwrap();
-    varint >>= 7;
-    if varint != 0 {
-      b |= VARINT_CONTINUATION_MASK;
-    }
-    w.write_all(&[b])?;
-    varint != 0
-  } {}
-  Ok(())
-}