k256+p256: make FromEncodedPoint return a CtOption (#445)

Corresponding changes for: RustCrypto/traits#782 Internally these were already returning `CtOption` anyway. It should also simplify the implementation of `GroupEncoding`.
RustCrypto · Oct 2, 2021 · 3b1d44a · 3b1d44a
1 parent 9a93c97
commit 3b1d44a
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 72 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/k256/src/arithmetic/affine.rs b/k256/src/arithmetic/affine.rs
@@ -105,40 +105,6 @@ impl PartialEq for AffinePoint {
 
 impl Eq for AffinePoint {}
 
-impl AffinePoint {
- /// Decode this point from a SEC1-encoded point.
- pub(crate) fn decode(encoded_point: &EncodedPoint) -> CtOption<Self> {
- match encoded_point.coordinates() {
- sec1::Coordinates::Identity => CtOption::new(Self::identity(), 1.into()),
- sec1::Coordinates::Compact { .. } => {
- // TODO(tarcieri): add decompaction support
- CtOption::new(Self::default(), 0.into())
- }
- sec1::Coordinates::Compressed { x, y_is_odd } => {
- AffinePoint::decompress(x, Choice::from(y_is_odd as u8))
- }
- sec1::Coordinates::Uncompressed { x, y } => {
- let x = FieldElement::from_bytes(x);
- let y = FieldElement::from_bytes(y);
-
- x.and_then(|x| {
- y.and_then(|y| {
- // Check that the point is on the curve
- let lhs = (y * &y).negate(1);
- let rhs = x * &x * &x + &CURVE_EQUATION_B;
- let point = AffinePoint {
- x,
- y,
- infinity: Choice::from(0),
- };
- CtOption::new(point, (lhs + &rhs).normalizes_to_zero())
- })
- })
- }
- }
- }
-}
-
 impl DecompressPoint<Secp256k1> for AffinePoint {
  fn decompress(x_bytes: &FieldBytes, y_is_odd: Choice) -> CtOption<Self> {
  FieldElement::from_bytes(x_bytes).and_then(|x| {
@@ -189,8 +155,35 @@ impl FromEncodedPoint<Secp256k1> for AffinePoint {
  /// # Returns
  ///
  /// `None` value if `encoded_point` is not on the secp256k1 curve.
- fn from_encoded_point(encoded_point: &EncodedPoint) -> Option<Self> {
- Self::decode(encoded_point).into()
+ fn from_encoded_point(encoded_point: &EncodedPoint) -> CtOption<Self> {
+ match encoded_point.coordinates() {
+ sec1::Coordinates::Identity => CtOption::new(Self::identity(), 1.into()),
+ sec1::Coordinates::Compact { .. } => {
+ // TODO(tarcieri): add decompaction support
+ CtOption::new(Self::default(), 0.into())
+ }
+ sec1::Coordinates::Compressed { x, y_is_odd } => {
+ AffinePoint::decompress(x, Choice::from(y_is_odd as u8))
+ }
+ sec1::Coordinates::Uncompressed { x, y } => {
+ let x = FieldElement::from_bytes(x);
+ let y = FieldElement::from_bytes(y);
+
+ x.and_then(|x| {
+ y.and_then(|y| {
+ // Check that the point is on the curve
+ let lhs = (y * &y).negate(1);
+ let rhs = x * &x * &x + &CURVE_EQUATION_B;
+ let point = AffinePoint {
+ x,
+ y,
+ infinity: Choice::from(0),
+ };
+ CtOption::new(point, (lhs + &rhs).normalizes_to_zero())
+ })
+ })
+ }
+ }
  }
 }
 

diff --git a/k256/src/arithmetic/projective.rs b/k256/src/arithmetic/projective.rs
@@ -62,7 +62,7 @@ impl From<ProjectivePoint> for AffinePoint {
 }
 
 impl FromEncodedPoint<Secp256k1> for ProjectivePoint {
- fn from_encoded_point(p: &EncodedPoint) -> Option<Self> {
+ fn from_encoded_point(p: &EncodedPoint) -> CtOption<Self> {
  AffinePoint::from_encoded_point(p).map(ProjectivePoint::from)
  }
 }

diff --git a/p256/src/arithmetic/affine.rs b/p256/src/arithmetic/affine.rs
@@ -105,36 +105,6 @@ impl PartialEq for AffinePoint {
  }
 }
 
-impl AffinePoint {
- fn decode(encoded_point: &EncodedPoint) -> CtOption<Self> {
- match encoded_point.coordinates() {
- sec1::Coordinates::Identity => CtOption::new(Self::identity(), 1.into()),
- sec1::Coordinates::Compact { x } => AffinePoint::decompact(x),
- sec1::Coordinates::Compressed { x, y_is_odd } => {
- AffinePoint::decompress(x, Choice::from(y_is_odd as u8))
- }
- sec1::Coordinates::Uncompressed { x, y } => {
- let x = FieldElement::from_bytes(x);
- let y = FieldElement::from_bytes(y);
-
- x.and_then(|x| {
- y.and_then(|y| {
- // Check that the point is on the curve
- let lhs = y * &y;
- let rhs = x * &x * &x + &(CURVE_EQUATION_A * &x) + &CURVE_EQUATION_B;
- let point = AffinePoint {
- x,
- y,
- infinity: Choice::from(0),
- };
- CtOption::new(point, lhs.ct_eq(&rhs))
- })
- })
- }
- }
- }
-}
-
 impl DecompressPoint<NistP256> for AffinePoint {
  fn decompress(x_bytes: &FieldBytes, y_is_odd: Choice) -> CtOption<Self> {
  FieldElement::from_bytes(x_bytes).and_then(|x| {
@@ -205,8 +175,32 @@ impl FromEncodedPoint<NistP256> for AffinePoint {
  /// # Returns
  ///
  /// `None` value if `encoded_point` is not on the secp256r1 curve.
- fn from_encoded_point(encoded_point: &EncodedPoint) -> Option<Self> {
- Self::decode(encoded_point).into()
+ fn from_encoded_point(encoded_point: &EncodedPoint) -> CtOption<Self> {
+ match encoded_point.coordinates() {
+ sec1::Coordinates::Identity => CtOption::new(Self::identity(), 1.into()),
+ sec1::Coordinates::Compact { x } => AffinePoint::decompact(x),
+ sec1::Coordinates::Compressed { x, y_is_odd } => {
+ AffinePoint::decompress(x, Choice::from(y_is_odd as u8))
+ }
+ sec1::Coordinates::Uncompressed { x, y } => {
+ let x = FieldElement::from_bytes(x);
+ let y = FieldElement::from_bytes(y);
+
+ x.and_then(|x| {
+ y.and_then(|y| {
+ // Check that the point is on the curve
+ let lhs = y * &y;
+ let rhs = x * &x * &x + &(CURVE_EQUATION_A * &x) + &CURVE_EQUATION_B;
+ let point = AffinePoint {
+ x,
+ y,
+ infinity: Choice::from(0),
+ };
+ CtOption::new(point, lhs.ct_eq(&rhs))
+ })
+ })
+ }
+ }
  }
 }
 

diff --git a/p256/src/arithmetic/projective.rs b/p256/src/arithmetic/projective.rs
@@ -115,7 +115,7 @@ impl From<ProjectivePoint> for AffinePoint {
 }
 
 impl FromEncodedPoint<NistP256> for ProjectivePoint {
- fn from_encoded_point(p: &EncodedPoint) -> Option<Self> {
+ fn from_encoded_point(p: &EncodedPoint) -> CtOption<Self> {
  AffinePoint::from_encoded_point(p).map(ProjectivePoint::from)
  }
 }