OSSWU update

[daxpedda]

I found some code I had lying around that I never got to upstream because it has some error in it.

When we were working on hash2curve, I was always confused by the algorithm @mikelodder7 was using for OSSWU, because it wasn't the one used in the specification, later when I finally started digging I found that he was using the "original one" from the paper.

Considering we are not implementing the paper but the specification, I would have liked to update it to the specification, which should basically be the same but definitely yield the exact same results: https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#straightline-sswu.

This would also have the advantage of removing the limitation to q = 3 mod 4 curves in the future, as the spec defines a subroutine that works for all: https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#name-sqrt_ratio-for-any-field. The optimized one can be overwritten for when implementing the trait.

For some reason though I never got it to work. It fails the tests in the p256 crate and I also tried it against the P-384 implementation I did: RustCrypto/elliptic-curves#600.

I would appreciate somebody taking a look so this work doesn't go to waste (or somebody telling me why this isn't a good idea).
Cc @mikelodder7.

[mikelodder7]

Thanks for reviewing. I’ll take a look after the week of thanksgiving. I’m swamped until then

[daxpedda]

Rebased after #1166.

[daxpedda]

Rebased after #1197.

[daxpedda]

@tarcieri this suddenly started working now on p256, p384 and k256. I can only assume there was some underlying bug that was fixed in the meantime.

[tarcieri]

Thanks!