WIP: make things compile

Author: baloo

ed448-goldilocks/src/lib.rs

@@ -60,10 +60,11 @@ pub use edwards::{
     AffinePoint, CompressedEdwardsY, EdwardsPoint, EdwardsScalar, EdwardsScalarBytes,
     WideEdwardsScalarBytes,
 };
-pub use field::{MODULUS_LIMBS, ORDER, Scalar, WIDE_ORDER};
+pub use field::{MODULUS_LIMBS, ORDER, Scalar, ScalarBytes, WIDE_ORDER};
 pub use montgomery::{
-    MontgomeryPoint, MontgomeryScalar, MontgomeryScalarBytes, MontgomeryXpoint,
-    ProjectiveMontgomeryPoint, ProjectiveMontgomeryXpoint, WideMontgomeryScalarBytes,
+    LOW_A, LOW_B, LOW_C, MontgomeryPoint, MontgomeryScalar, MontgomeryScalarBytes,
+    MontgomeryXpoint, ProjectiveMontgomeryPoint, ProjectiveMontgomeryXpoint,
+    WideMontgomeryScalarBytes,
 };
 pub use ristretto::{CompressedRistretto, RistrettoPoint};
 #[cfg(feature = "signing")]

ed448-goldilocks/src/montgomery.rs

@@ -15,7 +15,7 @@ mod x;
 
 pub use point::{MontgomeryPoint, ProjectiveMontgomeryPoint};
 pub use scalar::{MontgomeryScalar, MontgomeryScalarBytes, WideMontgomeryScalarBytes};
-pub use x::{MontgomeryXpoint, ProjectiveMontgomeryXpoint};
+pub use x::{LOW_A, LOW_B, LOW_C, MontgomeryXpoint, ProjectiveMontgomeryXpoint};
 
 /// The default hash to curve domain separation tag
 const DEFAULT_HASH_TO_CURVE_SUITE: &[u8] = b"curve448_XOF:SHAKE256_ELL2_RO_";

ed448-goldilocks/src/montgomery/x.rs

@@ -21,19 +21,19 @@ use super::{
 };
 
 // Low order points on Curve448 and it's twist
-const LOW_A: MontgomeryXpoint = MontgomeryXpoint([
+pub const LOW_A: MontgomeryXpoint = MontgomeryXpoint([
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 ]);
-const LOW_B: MontgomeryXpoint = MontgomeryXpoint([
+pub const LOW_B: MontgomeryXpoint = MontgomeryXpoint([
     0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 ]);
-const LOW_C: MontgomeryXpoint = MontgomeryXpoint([
+pub const LOW_C: MontgomeryXpoint = MontgomeryXpoint([
     0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff,
     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

x448/src/lib.rs

@@ -1,15 +1,20 @@
 #![no_std]
 
-use ed448_goldilocks::MontgomeryPoint;
-use ed448_goldilocks::Scalar;
+use ed448_goldilocks::Curve448;
+use ed448_goldilocks::MontgomeryScalar;
+use ed448_goldilocks::MontgomeryScalar as Scalar;
+use ed448_goldilocks::MontgomeryXpoint;
+use ed448_goldilocks::ProjectiveMontgomeryPoint as MontgomeryPoint;
+use ed448_goldilocks::ScalarBytes;
+use ed448_goldilocks::elliptic_curve::group::GroupEncoding;
 use rand_core::{CryptoRng, RngCore};
 use zeroize::Zeroize;
 
 /// Computes a Scalar according to RFC7748
 /// given a byte array of length 56
 impl From<[u8; 56]> for Secret {
     fn from(arr: [u8; 56]) -> Secret {
-        let mut secret = Secret(arr);
+        let mut secret = Secret(arr.into());
         secret.clamp();
         secret
     }
@@ -20,25 +25,26 @@ impl From<[u8; 56]> for Secret {
 /// XXX: Waiting for upstream PR to use pre-computation
 impl From<&Secret> for PublicKey {
     fn from(secret: &Secret) -> PublicKey {
-        let point = &MontgomeryPoint::GENERATOR * &Scalar::from_bytes(&secret.0);
+        let point =
+            &MontgomeryXpoint::GENERATOR * &Scalar::from_canonical_bytes(&secret.0).unwrap();
         PublicKey(point)
     }
 }
 
 /// A PublicKey is a point on Curve448.
 #[derive(Debug, PartialEq, Eq, Copy, Clone)]
-pub struct PublicKey(MontgomeryPoint);
+pub struct PublicKey(MontgomeryXpoint);
 
 /// A Secret is a Scalar on Curve448.
 #[derive(Clone, Zeroize)]
 #[zeroize(drop)]
-pub struct Secret([u8; 56]);
+pub struct Secret(ScalarBytes<Curve448>);
 
 /// A SharedSecret is a point on Curve448.
 /// This point is the result of a Diffie-Hellman key exchange.
 #[derive(Zeroize)]
 #[zeroize(drop)]
-pub struct SharedSecret(MontgomeryPoint);
+pub struct SharedSecret(MontgomeryXpoint);
 
 impl PublicKey {
     /// Converts a bytes slice into a Public key
@@ -63,7 +69,7 @@ impl PublicKey {
 
         // Check if the point has low order
         let arr = slice_to_array(bytes);
-        let point = MontgomeryPoint(arr);
+        let point = MontgomeryXpoint(arr);
 
         Some(PublicKey(point))
     }
@@ -102,8 +108,8 @@ impl Secret {
     }
 
     /// Views a Secret as a Scalar
-    fn as_scalar(&self) -> Scalar {
-        Scalar::from_bytes(&self.0)
+    fn as_scalar(&self) -> MontgomeryScalar {
+        Scalar::from_canonical_bytes(&self.0).unwrap()
     }
 
     /// Performs a Diffie-hellman key exchange between the secret key and an external public key
@@ -134,7 +140,7 @@ impl Secret {
 
     /// Converts a secret into a byte array
     pub fn as_bytes(&self) -> &[u8; 56] {
-        &self.0
+        &self.0.as_ref()
     }
 }
 
@@ -158,12 +164,12 @@ pub fn x448(scalar_bytes: [u8; 56], point_bytes: [u8; 56]) -> Option<[u8; 56]> {
 /// An unchecked version of the x448 function defined in RFC448
 /// No checks are made on the points.
 pub fn x448_unchecked(scalar_bytes: [u8; 56], point_bytes: [u8; 56]) -> [u8; 56] {
-    let point = MontgomeryPoint(point_bytes);
+    let point = MontgomeryXpoint(point_bytes);
     let scalar = Secret::from(scalar_bytes).as_scalar();
     (&point * &scalar).0
 }
 
-pub const X448_BASEPOINT_BYTES: [u8; 56] = MontgomeryPoint::GENERATOR.0;
+pub const X448_BASEPOINT_BYTES: [u8; 56] = MontgomeryXpoint::GENERATOR.0;
 
 #[cfg(test)]
 mod test {
@@ -172,27 +178,29 @@ mod test {
     use super::*;
     use alloc::vec;
 
+    use ed448_goldilocks::{LOW_A, LOW_B, LOW_C};
+
     #[test]
     fn test_low_order() {
         // These are also in ed448-goldilocks. We could export them, but I cannot see any use except for this test.
-        const LOW_A: MontgomeryPoint = MontgomeryPoint([
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        ]);
-        const LOW_B: MontgomeryPoint = MontgomeryPoint([
-            0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        ]);
-        const LOW_C: MontgomeryPoint = MontgomeryPoint([
-            0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-            0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-        ]);
+        //const LOW_A: MontgomeryPoint = MontgomeryPoint([
+        //    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        //    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        //    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        //    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        //]);
+        //const LOW_B: MontgomeryPoint = MontgomeryPoint([
+        //    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        //    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        //    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        //    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        //]);
+        //const LOW_C: MontgomeryPoint = MontgomeryPoint([
+        //    0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        //    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        //    0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        //    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        //]);
 
         // Notice, that this is the only way to add low order points into the system
         // and this is not exposed to the user. The user will use `from_bytes` which will check for low order points.
@@ -393,8 +401,8 @@ mod test {
             0xda, 0x8d, 0x52, 0x4d, 0xe3, 0xd6, 0x9b, 0xd9, 0xd9, 0xd6, 0x6b, 0x99, 0x7e, 0x37,
         ];
 
-        let mut point = MontgomeryPoint::GENERATOR.0;
-        let mut scalar = MontgomeryPoint::GENERATOR.0;
+        let mut point = MontgomeryXpoint::GENERATOR.0;
+        let mut scalar = MontgomeryXpoint::GENERATOR.0;
         let mut result = [0u8; 56];
 
         // Iterate 1 time then check value on 1st iteration