1#![no_std]
2#![cfg_attr(docsrs, feature(doc_cfg))]
3#![cfg_attr(
4 feature = "getrandom",
5 doc = include_str!("../README.md")
6)]
7#![doc(
8 html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
9 html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg"
10)]
11#![allow(non_snake_case)]
12#![forbid(unsafe_code)]
13#![warn(
14 clippy::unwrap_used,
15 clippy::mod_module_files,
16 missing_copy_implementations,
17 missing_debug_implementations,
18 missing_docs,
19 trivial_casts,
20 trivial_numeric_casts,
21 unused,
22 unused_attributes,
23 unused_imports,
24 unused_mut,
25 unused_must_use
26)]
27
28#[cfg(feature = "alloc")]
43#[macro_use]
44extern crate alloc;
45#[cfg(feature = "std")]
46extern crate std;
47
48#[cfg(feature = "alloc")]
49use alloc::{boxed::Box, vec::Vec};
50
51#[macro_use]
53pub(crate) mod macros;
54
55pub use elliptic_curve;
56pub use hash2curve;
57pub use rand_core;
58pub use shake;
59pub use subtle;
60
61pub(crate) mod curve;
62pub(crate) mod decaf;
63pub(crate) mod edwards;
64pub(crate) mod field;
65pub(crate) mod montgomery;
66#[cfg(feature = "signing")]
67pub(crate) mod sign;
68
69pub(crate) use field::{GOLDILOCKS_BASE_POINT, TWISTED_EDWARDS_BASE_POINT};
70
71pub use decaf::{
72 AffinePoint as DecafAffinePoint, CompressedDecaf, DecafPoint, DecafScalar, DecafScalarBytes,
73 WideDecafScalarBytes,
74};
75pub use edwards::{
76 AffinePoint, CompressedEdwardsY, EdwardsPoint, EdwardsScalar, EdwardsScalarBytes,
77 WideEdwardsScalarBytes,
78};
79pub use field::{MODULUS_LIMBS, ORDER, Scalar, WIDE_ORDER};
80pub use montgomery::{MontgomeryPoint, ProjectiveMontgomeryPoint};
81#[cfg(feature = "signing")]
82pub use sign::*;
83
84use elliptic_curve::{
85 ByteOrder, Curve, PrimeCurve,
86 array::typenum::{U56, U57},
87 bigint::{ArrayEncoding, Odd, U448},
88 point::PointCompression,
89};
90use hash2curve::{ExpandMsgXof, GroupDigest};
91use shake::Shake256;
92
93#[derive(Copy, Clone, Debug, Default, Eq, PartialEq, Ord, PartialOrd, Hash)]
95pub struct Ed448;
96
97pub type Ed448FieldBytes = elliptic_curve::FieldBytes<Ed448>;
99
100pub type Ed448NonZeroScalar = elliptic_curve::NonZeroScalar<Ed448>;
102
103impl Curve for Ed448 {
104 type FieldBytesSize = U57;
105 type Uint = U448;
106
107 const ORDER: Odd<U448> = ORDER;
108 const FIELD_ENDIANNESS: ByteOrder = ByteOrder::LittleEndian;
109}
110
111impl PrimeCurve for Ed448 {}
112
113impl PointCompression for Ed448 {
114 const COMPRESS_POINTS: bool = true;
115}
116
117impl elliptic_curve::CurveArithmetic for Ed448 {
118 type AffinePoint = AffinePoint;
119 type ProjectivePoint = EdwardsPoint;
120 type Scalar = EdwardsScalar;
121}
122
123impl GroupDigest for Ed448 {
124 const HASH_TO_CURVE_ID: &[u8] = b"edwards448_XOF:SHAKE256_ELL2_RO_";
125 const ENCODE_TO_CURVE_ID: &[u8] = b"edwards448_XOF:SHAKE256_ELL2_NU_";
126
127 type ExpandMsg = ExpandMsgXof<Shake256>;
128}
129
130#[derive(Copy, Clone, Debug, Default, Eq, PartialEq, Ord, PartialOrd, Hash)]
132pub struct Decaf448;
133
134pub type Decaf448FieldBytes = elliptic_curve::FieldBytes<Decaf448>;
136
137pub type Decaf448NonZeroScalar = elliptic_curve::NonZeroScalar<Decaf448>;
139
140impl Curve for Decaf448 {
141 type FieldBytesSize = U56;
142 type Uint = U448;
143
144 const ORDER: Odd<U448> = ORDER;
145}
146
147impl PrimeCurve for Decaf448 {}
148
149impl PointCompression for Decaf448 {
150 const COMPRESS_POINTS: bool = true;
151}
152
153impl elliptic_curve::CurveArithmetic for Decaf448 {
154 type AffinePoint = DecafAffinePoint;
155 type ProjectivePoint = DecafPoint;
156 type Scalar = DecafScalar;
157}
158
159impl GroupDigest for Decaf448 {
160 const HASH_TO_CURVE_ID: &[u8] = b"decaf448_XOF:SHAKE256_D448MAP_RO_";
161 const ENCODE_TO_CURVE_ID: &[u8] = b"decaf448_XOF:SHAKE256_D448MAP_NU_";
162
163 type ExpandMsg = ExpandMsgXof<Shake256>;
164}