From 5c98d00476965ce11809a45e5daa068d86cc4fd1 Mon Sep 17 00:00:00 2001 From: Isis Lovecruft Date: Wed, 23 Oct 2019 18:59:58 +0000 Subject: [PATCH] Implement TryFrom<&[u8]> and ValidityCheck for MontgomeryPoint. --- src/montgomery.rs | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/src/montgomery.rs b/src/montgomery.rs index 0cd6f8a8a..4e1da68e1 100644 --- a/src/montgomery.rs +++ b/src/montgomery.rs @@ -48,6 +48,7 @@ // affine and projective cakes and eat both of them too. #![allow(non_snake_case)] +use core::convert::TryFrom; use core::ops::{Mul, MulAssign}; use constants::APLUS2_OVER_FOUR; @@ -56,6 +57,7 @@ use field::FieldElement; use scalar::Scalar; use traits::Identity; +use traits::ValidityCheck; use subtle::Choice; use subtle::ConditionallySelectable; @@ -90,6 +92,45 @@ impl PartialEq for MontgomeryPoint { impl Eq for MontgomeryPoint {} +impl ValidityCheck for MontgomeryPoint { + /// Decode the \\(u\\)-coordinate field element and re-encode it + /// to its canonical form to check whether the original was valid. + /// + /// There are no other required checks for the Mongomery form of the curve, + /// as every element in \\( \mathbb{F}\_{q} \\) lies either on the curve or + /// its quadratic twist. (cf. ยง5.2 of "Montgomery Curves and Their + /// Arithmetic" by [Costello and Smith][costello-smith].) + /// + /// [costello-smith]: https://eprint.iacr.org/2017/212.pdf + fn is_valid(&self) -> bool { + let maybe_u: FieldElement = FieldElement::from_bytes(&self.0); + let u: [u8; 32] = maybe_u.to_bytes(); + + u.ct_eq(&self.0).into() + } +} + +impl TryFrom<&[u8]> for MontgomeryPoint { + type Error = (); + + fn try_from(bytes: &[u8]) -> Result { + if bytes.len() != 32 { + return Err(()); + } + + let mut array = [0u8; 32]; + array.copy_from_slice(&bytes[..32]); + + let P = MontgomeryPoint(array); + + if P.is_valid() { + return Ok(P); + } + + Err(()) + } +} + impl MontgomeryPoint { /// View this `MontgomeryPoint` as an array of bytes. pub fn as_bytes<'a>(&'a self) -> &'a [u8; 32] {