curve25519_dalek/edwards/
affine.rs1use super::{CompressedEdwardsY, EdwardsPoint};
2use crate::traits::Identity;
3use crate::{Scalar, field::FieldElement};
4use core::ops::Mul;
5use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
6
7#[cfg(feature = "zeroize")]
8use zeroize::DefaultIsZeroes;
9
10#[derive(Copy, Clone, Debug)]
12pub struct AffinePoint {
13 pub(super) x: FieldElement,
14 pub(super) y: FieldElement,
15}
16
17impl ConstantTimeEq for AffinePoint {
18 fn ct_eq(&self, other: &Self) -> Choice {
19 self.x.ct_eq(&other.x) & self.y.ct_eq(&other.y)
20 }
21}
22
23impl ConditionallySelectable for AffinePoint {
24 fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
25 Self {
26 x: FieldElement::conditional_select(&a.x, &b.x, choice),
27 y: FieldElement::conditional_select(&a.y, &b.y, choice),
28 }
29 }
30}
31
32impl Default for AffinePoint {
33 fn default() -> AffinePoint {
34 AffinePoint::identity()
35 }
36}
37
38impl Identity for AffinePoint {
39 fn identity() -> AffinePoint {
40 AffinePoint {
41 x: FieldElement::ZERO,
42 y: FieldElement::ONE,
43 }
44 }
45}
46
47impl PartialEq for AffinePoint {
48 fn eq(&self, other: &Self) -> bool {
49 self.ct_eq(other).into()
50 }
51}
52
53impl Eq for AffinePoint {}
54
55#[cfg(feature = "zeroize")]
56impl DefaultIsZeroes for AffinePoint {}
57
58impl AffinePoint {
59 pub fn to_edwards(self) -> EdwardsPoint {
61 EdwardsPoint {
62 X: self.x,
63 Y: self.y,
64 Z: FieldElement::ONE,
65 T: &self.x * &self.y,
66 }
67 }
68
69 #[inline]
71 pub fn compress(self) -> CompressedEdwardsY {
72 let mut s = self.y.to_bytes();
73 s[31] ^= self.x.is_negative().unwrap_u8() << 7;
74 CompressedEdwardsY(s)
75 }
76}
77
78impl Mul<AffinePoint> for Scalar {
79 type Output = EdwardsPoint;
80
81 #[inline]
82 fn mul(self, rhs: AffinePoint) -> EdwardsPoint {
83 self * &rhs
84 }
85}
86
87impl Mul<&AffinePoint> for Scalar {
88 type Output = EdwardsPoint;
89
90 #[inline]
91 fn mul(self, rhs: &AffinePoint) -> EdwardsPoint {
92 rhs.to_edwards() * self
93 }
94}
95
96#[cfg(test)]
97mod tests {
98 use super::{AffinePoint, EdwardsPoint, Identity};
99 use crate::constants;
100
101 #[test]
102 fn identity_conversion() {
103 assert_eq!(
104 AffinePoint::identity().to_edwards(),
105 EdwardsPoint::identity()
106 );
107 }
108
109 #[test]
110 fn generator_round_trip() {
111 let basepoint = constants::ED25519_BASEPOINT_POINT;
112 assert_eq!(basepoint.to_affine().to_edwards(), basepoint);
113 }
114}