Skip to main content

curve25519_dalek/edwards/
affine.rs

1use super::{CompressedEdwardsY, EdwardsPoint};
2use crate::traits::Identity;
3use crate::{Scalar, field::FieldElement};
4use core::ops::Mul;
5use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
6
7#[cfg(feature = "zeroize")]
8use zeroize::DefaultIsZeroes;
9
10/// Affine Edwards point on untwisted curve.
11#[derive(Copy, Clone, Debug)]
12pub struct AffinePoint {
13    pub(super) x: FieldElement,
14    pub(super) y: FieldElement,
15}
16
17impl ConstantTimeEq for AffinePoint {
18    fn ct_eq(&self, other: &Self) -> Choice {
19        self.x.ct_eq(&other.x) & self.y.ct_eq(&other.y)
20    }
21}
22
23impl ConditionallySelectable for AffinePoint {
24    fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
25        Self {
26            x: FieldElement::conditional_select(&a.x, &b.x, choice),
27            y: FieldElement::conditional_select(&a.y, &b.y, choice),
28        }
29    }
30}
31
32impl Default for AffinePoint {
33    fn default() -> AffinePoint {
34        AffinePoint::identity()
35    }
36}
37
38impl Identity for AffinePoint {
39    fn identity() -> AffinePoint {
40        AffinePoint {
41            x: FieldElement::ZERO,
42            y: FieldElement::ONE,
43        }
44    }
45}
46
47impl PartialEq for AffinePoint {
48    fn eq(&self, other: &Self) -> bool {
49        self.ct_eq(other).into()
50    }
51}
52
53impl Eq for AffinePoint {}
54
55#[cfg(feature = "zeroize")]
56impl DefaultIsZeroes for AffinePoint {}
57
58impl AffinePoint {
59    /// Convert to extended coordinates.
60    pub fn to_edwards(self) -> EdwardsPoint {
61        EdwardsPoint {
62            X: self.x,
63            Y: self.y,
64            Z: FieldElement::ONE,
65            T: &self.x * &self.y,
66        }
67    }
68
69    /// Compress affine Edwards coordinates into `CompressedEdwardsY` format.
70    #[inline]
71    pub fn compress(self) -> CompressedEdwardsY {
72        let mut s = self.y.to_bytes();
73        s[31] ^= self.x.is_negative().unwrap_u8() << 7;
74        CompressedEdwardsY(s)
75    }
76}
77
78impl Mul<AffinePoint> for Scalar {
79    type Output = EdwardsPoint;
80
81    #[inline]
82    fn mul(self, rhs: AffinePoint) -> EdwardsPoint {
83        self * &rhs
84    }
85}
86
87impl Mul<&AffinePoint> for Scalar {
88    type Output = EdwardsPoint;
89
90    #[inline]
91    fn mul(self, rhs: &AffinePoint) -> EdwardsPoint {
92        rhs.to_edwards() * self
93    }
94}
95
96#[cfg(test)]
97mod tests {
98    use super::{AffinePoint, EdwardsPoint, Identity};
99    use crate::constants;
100
101    #[test]
102    fn identity_conversion() {
103        assert_eq!(
104            AffinePoint::identity().to_edwards(),
105            EdwardsPoint::identity()
106        );
107    }
108
109    #[test]
110    fn generator_round_trip() {
111        let basepoint = constants::ED25519_BASEPOINT_POINT;
112        assert_eq!(basepoint.to_affine().to_edwards(), basepoint);
113    }
114}