elliptic-curve: make FromEncodedPoint return a CtOption (#782)

Internally `k256`/`p256` return a `CtOption` for this method, then
convert to an `Option`.

It would be helpful when implementing other traits from the `group`
crate, e.g. `GroupEncoding`, if this instead returned a `CtOption`.

elliptic-curve/src/dev.rs

@@ -367,8 +367,13 @@ impl ConstantTimeEq for AffinePoint {
 }
 
 impl ConditionallySelectable for AffinePoint {
- fn conditional_select(_a: &Self, _b: &Self, _choice: Choice) -> Self {
- unimplemented!();
+ fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
+ // Not really constant time, but this is dev code
+ if choice.into() {
+ *b
+ } else {
+ *a
+ }
  }
 }
 
@@ -381,12 +386,14 @@ impl Default for AffinePoint {
 impl DefaultIsZeroes for AffinePoint {}
 
 impl FromEncodedPoint<MockCurve> for AffinePoint {
- fn from_encoded_point(point: &EncodedPoint) -> Option<Self> {
- if point.is_identity() {
- Some(Self::Identity)
+ fn from_encoded_point(encoded_point: &EncodedPoint) -> CtOption<Self> {
+ let point = if encoded_point.is_identity() {
+ Self::Identity
  } else {
- Some(Self::Other(*point))
- }
+ Self::Other(*encoded_point)
+ };
+
+ CtOption::new(point, Choice::from(1))
  }
 }
 
@@ -472,7 +479,7 @@ impl From<ProjectivePoint> for AffinePoint {
 }
 
 impl FromEncodedPoint<MockCurve> for ProjectivePoint {
- fn from_encoded_point(_point: &EncodedPoint) -> Option<Self> {
+ fn from_encoded_point(_point: &EncodedPoint) -> CtOption<Self> {
  unimplemented!();
  }
 }

elliptic-curve/src/jwk.rs

@@ -6,7 +6,7 @@
 use crate::{
  sec1::{Coordinates, EncodedPoint, ModulusSize, ValidatePublicKey},
  secret_key::SecretKey,
- Curve, Error, FieldBytes, FieldSize, PrimeCurve, Result,
+ Curve, Error, FieldBytes, FieldSize, Result,
 };
 use alloc::{
  borrow::ToOwned,
@@ -114,7 +114,7 @@ impl JwkEcKey {
  #[cfg_attr(docsrs, doc(cfg(feature = "arithmetic")))]
  pub fn to_public_key<C>(&self) -> Result<PublicKey<C>>
  where
- C: PrimeCurve + JwkParameters + ProjectiveArithmetic,
+ C: Curve + JwkParameters + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
  {
@@ -124,7 +124,7 @@ impl JwkEcKey {
  /// Create a JWK from a SEC1 [`EncodedPoint`].
  pub fn from_encoded_point<C>(point: &EncodedPoint<C>) -> Option<Self>
  where
- C: PrimeCurve + JwkParameters,
+ C: Curve + JwkParameters,
  FieldSize<C>: ModulusSize,
  {
  match point.coordinates() {
@@ -141,7 +141,7 @@ impl JwkEcKey {
  /// Get the public key component of this JWK as a SEC1 [`EncodedPoint`].
  pub fn to_encoded_point<C>(&self) -> Result<EncodedPoint<C>>
  where
- C: PrimeCurve + JwkParameters,
+ C: Curve + JwkParameters,
  FieldSize<C>: ModulusSize,
  {
  if self.crv != C::CRV {
@@ -158,7 +158,7 @@ impl JwkEcKey {
  #[cfg_attr(docsrs, doc(cfg(feature = "arithmetic")))]
  pub fn to_secret_key<C>(&self) -> Result<SecretKey<C>>
  where
- C: PrimeCurve + JwkParameters + ValidatePublicKey,
+ C: Curve + JwkParameters + ValidatePublicKey,
  FieldSize<C>: ModulusSize,
  {
  self.try_into()
@@ -179,23 +179,10 @@ impl ToString for JwkEcKey {
  }
 }
 
-#[cfg(feature = "arithmetic")]
-#[cfg_attr(docsrs, doc(cfg(feature = "arithmetic")))]
-impl<C> FromEncodedPoint<C> for JwkEcKey
-where
- C: PrimeCurve + JwkParameters + ProjectiveArithmetic,
- AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
- FieldSize<C>: ModulusSize,
-{
- fn from_encoded_point(point: &EncodedPoint<C>) -> Option<Self> {
- Self::from_encoded_point::<C>(point)
- }
-}
-
 #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
 impl<C> TryFrom<JwkEcKey> for SecretKey<C>
 where
- C: PrimeCurve + JwkParameters + ValidatePublicKey,
+ C: Curve + JwkParameters + ValidatePublicKey,
  FieldSize<C>: ModulusSize,
 {
  type Error = Error;
@@ -208,7 +195,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
 impl<C> TryFrom<&JwkEcKey> for SecretKey<C>
 where
- C: PrimeCurve + JwkParameters + ValidatePublicKey,
+ C: Curve + JwkParameters + ValidatePublicKey,
  FieldSize<C>: ModulusSize,
 {
  type Error = Error;
@@ -235,7 +222,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
 impl<C> From<SecretKey<C>> for JwkEcKey
 where
- C: PrimeCurve + JwkParameters + ProjectiveArithmetic,
+ C: Curve + JwkParameters + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -249,7 +236,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
 impl<C> From<&SecretKey<C>> for JwkEcKey
 where
- C: PrimeCurve + JwkParameters + ProjectiveArithmetic,
+ C: Curve + JwkParameters + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -267,7 +254,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
 impl<C> TryFrom<JwkEcKey> for PublicKey<C>
 where
- C: PrimeCurve + JwkParameters + ProjectiveArithmetic,
+ C: Curve + JwkParameters + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -283,7 +270,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
 impl<C> TryFrom<&JwkEcKey> for PublicKey<C>
 where
- C: PrimeCurve + JwkParameters + ProjectiveArithmetic,
+ C: Curve + JwkParameters + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -299,7 +286,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
 impl<C> From<PublicKey<C>> for JwkEcKey
 where
- C: PrimeCurve + JwkParameters + ProjectiveArithmetic,
+ C: Curve + JwkParameters + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -313,7 +300,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
 impl<C> From<&PublicKey<C>> for JwkEcKey
 where
- C: PrimeCurve + JwkParameters + ProjectiveArithmetic,
+ C: Curve + JwkParameters + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -587,7 +574,7 @@ impl Serialize for JwkEcKey {
 }
 
 /// Decode a Base64url-encoded field element
-fn decode_base64url_fe<C: PrimeCurve>(s: &str) -> Result<FieldBytes<C>> {
+fn decode_base64url_fe<C: Curve>(s: &str) -> Result<FieldBytes<C>> {
  let mut result = FieldBytes::<C>::default();
  Base64Url::decode(s, &mut result).map_err(|_| Error)?;
  Ok(result)

elliptic-curve/src/public_key.rs

@@ -22,9 +22,10 @@ use {core::str::FromStr, pkcs8::ToPublicKey};
 use {
  crate::{
  sec1::{EncodedPoint, FromEncodedPoint, ModulusSize, ToEncodedPoint},
- FieldSize, PointCompression, PrimeCurve,
+ FieldSize, PointCompression,
  },
  core::cmp::Ordering,
+ subtle::CtOption,
 };
 
 #[cfg(any(feature = "jwk", feature = "pem"))]
@@ -96,12 +97,12 @@ where
  #[cfg(feature = "sec1")]
  pub fn from_sec1_bytes(bytes: &[u8]) -> Result<Self>
  where
- C: PrimeCurve,
+ C: Curve,
  FieldSize<C>: ModulusSize,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  {
  let point = EncodedPoint::<C>::from_bytes(bytes).map_err(|_| Error)?;
- Self::from_encoded_point(&point).ok_or(Error)
+ Option::from(Self::from_encoded_point(&point)).ok_or(Error)
  }
 
  /// Borrow the inner [`AffinePoint`] from this [`PublicKey`].
@@ -121,7 +122,7 @@ where
  #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
  pub fn from_jwk(jwk: &JwkEcKey) -> Result<Self>
  where
- C: PrimeCurve + JwkParameters,
+ C: Curve + JwkParameters,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
  {
@@ -133,7 +134,7 @@ where
  #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
  pub fn from_jwk_str(jwk: &str) -> Result<Self>
  where
- C: PrimeCurve + JwkParameters,
+ C: Curve + JwkParameters,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
  {
@@ -145,7 +146,7 @@ where
  #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
  pub fn to_jwk(&self) -> JwkEcKey
  where
- C: PrimeCurve + JwkParameters,
+ C: Curve + JwkParameters,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
  {
@@ -157,7 +158,7 @@ where
  #[cfg_attr(docsrs, doc(cfg(feature = "jwk")))]
  pub fn to_jwk_string(&self) -> String
  where
- C: PrimeCurve + JwkParameters,
+ C: Curve + JwkParameters,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
  {
@@ -180,22 +181,24 @@ impl<C> Copy for PublicKey<C> where C: Curve + ProjectiveArithmetic {}
 #[cfg_attr(docsrs, doc(cfg(feature = "sec1")))]
 impl<C> FromEncodedPoint<C> for PublicKey<C>
 where
- C: PrimeCurve + ProjectiveArithmetic,
+ C: Curve + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
  /// Initialize [`PublicKey`] from an [`EncodedPoint`]
- fn from_encoded_point(encoded_point: &EncodedPoint<C>) -> Option<Self> {
- AffinePoint::<C>::from_encoded_point(encoded_point)
- .and_then(|point| PublicKey::from_affine(point).ok())
+ fn from_encoded_point(encoded_point: &EncodedPoint<C>) -> CtOption<Self> {
+ AffinePoint::<C>::from_encoded_point(encoded_point).and_then(|point| {
+ let is_identity = ProjectivePoint::<C>::from(point).is_identity();
+ CtOption::new(PublicKey { point }, !is_identity)
+ })
  }
 }
 
 #[cfg(feature = "sec1")]
 #[cfg_attr(docsrs, doc(cfg(feature = "sec1")))]
 impl<C> ToEncodedPoint<C> for PublicKey<C>
 where
- C: PrimeCurve + ProjectiveArithmetic,
+ C: Curve + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -210,7 +213,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "sec1")))]
 impl<C> From<PublicKey<C>> for EncodedPoint<C>
 where
- C: PrimeCurve + ProjectiveArithmetic + PointCompression,
+ C: Curve + ProjectiveArithmetic + PointCompression,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -223,7 +226,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "sec1")))]
 impl<C> From<&PublicKey<C>> for EncodedPoint<C>
 where
- C: PrimeCurve + ProjectiveArithmetic + PointCompression,
+ C: Curve + ProjectiveArithmetic + PointCompression,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -236,7 +239,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "sec1")))]
 impl<C> PartialOrd for PublicKey<C>
 where
- C: PrimeCurve + ProjectiveArithmetic,
+ C: Curve + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -249,7 +252,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "sec1")))]
 impl<C> Ord for PublicKey<C>
 where
- C: PrimeCurve + ProjectiveArithmetic,
+ C: Curve + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -265,7 +268,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(all(feature = "pkcs8", feature = "sec1"))))]
 impl<C> FromPublicKey for PublicKey<C>
 where
- C: PrimeCurve + AlgorithmParameters + ProjectiveArithmetic,
+ C: Curve + AlgorithmParameters + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -292,7 +295,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
 impl<C> ToPublicKey for PublicKey<C>
 where
- C: PrimeCurve + AlgorithmParameters + ProjectiveArithmetic,
+ C: Curve + AlgorithmParameters + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -311,7 +314,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
 impl<C> FromStr for PublicKey<C>
 where
- C: PrimeCurve + AlgorithmParameters + ProjectiveArithmetic,
+ C: Curve + AlgorithmParameters + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -326,7 +329,7 @@ where
 #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
 impl<C> ToString for PublicKey<C>
 where
- C: PrimeCurve + AlgorithmParameters + ProjectiveArithmetic,
+ C: Curve + AlgorithmParameters + ProjectiveArithmetic,
  AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
  FieldSize<C>: ModulusSize,
 {
@@ -345,6 +348,8 @@ mod tests {
  #[test]
  fn from_encoded_point_rejects_identity() {
  let identity = EncodedPoint::identity();
- assert_eq!(PublicKey::from_encoded_point(&identity), None);
+ assert!(bool::from(
+ PublicKey::from_encoded_point(&identity).is_none()
+ ));
  }
 }