Add Ed25519 to FROST and remove expand_xmd for elliptic_curve's

Doesn't fully utilize ec's hash2curve module as k256 Scalar doesn't have 
FromOkm for some reason. The previously present bigint reduction is 
preserved.

Updates ff/group to 0.12.

Premised on https://github.com/cfrg/draft-irtf-cfrg-frost/pull/205 being 
merged, as while this Ed25519 is vector compliant, it's technically not 
spec compliant due to that conflict.

crypto/frost/src/tests/literal/ed25519.rs

@@ -0,0 +1,51 @@
+use rand::rngs::OsRng;
+
+use crate::{
+  curves::ed25519::{Ed25519, IetfEd25519Hram},
+  tests::{curve::test_curve, schnorr::test_schnorr, vectors::{Vectors, vectors}}
+};
+
+#[test]
+fn ed25519_curve() {
+  test_curve::<_, Ed25519>(&mut OsRng);
+}
+
+#[test]
+fn ed25519_schnorr() {
+  test_schnorr::<_, Ed25519>(&mut OsRng);
+}
+
+#[test]
+fn ed25519_vectors() {
+  vectors::<Ed25519, IetfEd25519Hram>(
+    Vectors {
+      threshold: 2,
+      shares: &[
+        "929dcc590407aae7d388761cddb0c0db6f5627aea8e217f4a033f2ec83d93509",
+        "a91e66e012e4364ac9aaa405fcafd370402d9859f7b6685c07eed76bf409e80d",
+        "d3cb090a075eb154e82fdb4b3cb507f110040905468bb9c46da8bdea643a9a02"
+      ],
+      group_secret: "7b1c33d3f5291d85de664833beb1ad469f7fb6025a0ec78b3a790c6e13a98304",
+      group_key: "15d21ccd7ee42959562fc8aa63224c8851fb3ec85a3faf66040d380fb9738673",
+
+      msg: "74657374",
+      included: &[1, 3],
+      nonces: &[
+        [
+          "8c76af04340e83bb5fc427c117d38347fc8ef86d5397feea9aa6412d96c05b0a",
+          "14a37ddbeae8d9e9687369e5eb3c6d54f03dc19d76bb54fb5425131bc37a600b"
+        ],
+        [
+          "5ca39ebab6874f5e7b5089f3521819a2aa1e2cf738bae6974ee80555de2ef70e",
+          "0afe3650c4815ff37becd3c6948066e906e929ea9b8f546c74e10002dbcc150c"
+        ]
+      ],
+      sig_shares: &[
+        "4369474a398aa10357b60d683da91ea6a767dcf53fd541a8ed6b4d780827ea0a",
+        "32fcc690d926075e45d2dfb746bab71447943cddbefe80d122c39174aa2e1004"
+      ],
+      sig: "2b8d9c6995333c5990e3a3dd6568785539d3322f7f0376452487ea35cfda587b".to_owned() +
+           "75650edb12b1a8619c88ed1f8463d6baeefb18d3fed3c279102fdfecb255fa0e"
+    }
+  );
+}

crypto/frost/src/tests/literal/expand_message.rs

@@ -1,15 +0,0 @@
-use crate::curves::expand_message_xmd_sha256;
-
-#[test]
-fn test_xmd_sha256() {
-  assert_eq!(
-    hex::encode(expand_message_xmd_sha256(b"QUUX-V01-CS02-with-expander", b"", 0x80).unwrap()),
-    (
-      "8bcffd1a3cae24cf9cd7ab85628fd111bb17e3739d3b53f8".to_owned() +
-      "9580d217aa79526f1708354a76a402d3569d6a9d19ef3de4d0b991" +
-      "e4f54b9f20dcde9b95a66824cbdf6c1a963a1913d43fd7ac443a02" +
-      "fc5d9d8d77e2071b86ab114a9f34150954a7531da568a1ea8c7608" +
-      "61c0cde2005afc2c114042ee7b5848f5303f0611cf297f"
-    )
-  );
-}

crypto/frost/src/tests/literal/kp256.rs

@@ -1,9 +1,7 @@
 use rand::rngs::OsRng;
 
 use crate::{
-  Curve,
-  curves::kp256::{KP256Instance, P256},
-  algorithm::Hram,
+  curves::kp256::{P256, IetfP256Hram},
   tests::{curve::test_curve, schnorr::test_schnorr, vectors::{Vectors, vectors}}
 };
 
@@ -20,18 +18,6 @@ fn p256_schnorr() {
   test_schnorr::<_, P256>(&mut OsRng);
 }
 
-#[derive(Clone)]
-pub struct IetfP256Hram;
-impl Hram<P256> for IetfP256Hram {
-  #[allow(non_snake_case)]
-  fn hram(R: &p256::ProjectivePoint, A: &p256::ProjectivePoint, m: &[u8]) -> p256::Scalar {
-    P256::hash_to_F(
-      &[P256::CONTEXT, b"chal"].concat(),
-      &[&P256::G_to_bytes(R), &P256::G_to_bytes(A), m].concat()
-    )
-  }
-}
-
 #[test]
 fn p256_vectors() {
   vectors::<P256, IetfP256Hram>(

crypto/frost/src/tests/literal/mod.rs

@@ -1,2 +1,3 @@
-mod expand_message;
 mod kp256;
+#[cfg(feature = "ed25519")]
+mod ed25519;