fixup scalars

Author: baloo

x448/src/lib.rs

@@ -1,14 +1,12 @@
 #![no_std]
 
 use ed448_goldilocks::{
-    MontgomeryPoint,
+    MontgomeryScalar, MontgomeryXpoint,
     elliptic_curve::{bigint::U448, scalar::FromUintUnchecked},
 };
 use rand_core::{CryptoRng, RngCore};
 use zeroize::Zeroize;
 
-type MontgomeryScalar = ed448_goldilocks::Scalar<ed448_goldilocks::Ed448>;
-
 /// Computes a Scalar according to RFC7748
 /// given a byte array of length 56
 impl From<[u8; 56]> for Secret {
@@ -25,14 +23,14 @@ impl From<[u8; 56]> for Secret {
 impl From<&Secret> for PublicKey {
     fn from(secret: &Secret) -> PublicKey {
         let secret = secret.as_scalar();
-        let point = &MontgomeryPoint::GENERATOR * &secret;
-        PublicKey(point)
+        let point = &MontgomeryXpoint::GENERATOR * &secret;
+        PublicKey(point.to_affine())
     }
 }
 
 /// A PublicKey is a point on Curve448.
 #[derive(Debug, PartialEq, Eq, Copy, Clone)]
-pub struct PublicKey(MontgomeryPoint);
+pub struct PublicKey(MontgomeryXpoint);
 
 /// A Secret is a Scalar on Curve448.
 #[derive(Clone, Zeroize)]
@@ -43,7 +41,7 @@ pub struct Secret([u8; 56]);
 /// This point is the result of a Diffie-Hellman key exchange.
 #[derive(Zeroize)]
 #[zeroize(drop)]
-pub struct SharedSecret(MontgomeryPoint);
+pub struct SharedSecret(MontgomeryXpoint);
 
 impl PublicKey {
     /// Converts a bytes slice into a Public key
@@ -68,7 +66,7 @@ impl PublicKey {
 
         // Check if the point has low order
         let arr = slice_to_array(bytes);
-        let point = MontgomeryPoint(arr);
+        let point = MontgomeryXpoint(arr);
 
         Some(PublicKey(point))
     }
@@ -119,7 +117,7 @@ impl Secret {
             return None;
         }
         let shared_key = &public_key.0 * &self.as_scalar();
-        Some(SharedSecret(shared_key))
+        Some(SharedSecret(shared_key.to_affine()))
     }
 
     /// Performs a Diffie-hellman key exchange once between the secret key and an external public key
@@ -159,17 +157,17 @@ fn slice_to_array(bytes: &[u8]) -> [u8; 56] {
 pub fn x448(scalar_bytes: [u8; 56], point_bytes: [u8; 56]) -> Option<[u8; 56]> {
     let point = PublicKey::from_bytes(&point_bytes)?;
     let scalar = Secret::from(scalar_bytes).as_scalar();
-    Some((&point.0 * &scalar).0)
+    Some((&point.0 * &scalar).to_affine().0)
 }
 /// An unchecked version of the x448 function defined in RFC448
 /// No checks are made on the points.
 pub fn x448_unchecked(scalar_bytes: [u8; 56], point_bytes: [u8; 56]) -> [u8; 56] {
-    let point = MontgomeryPoint(point_bytes);
+    let point = MontgomeryXpoint(point_bytes);
     let scalar = Secret::from(scalar_bytes).as_scalar();
-    (&point * &scalar).0
+    (&point * &scalar).to_affine().0
 }
 
-pub const X448_BASEPOINT_BYTES: [u8; 56] = MontgomeryPoint::GENERATOR.0;
+pub const X448_BASEPOINT_BYTES: [u8; 56] = MontgomeryXpoint::GENERATOR.0;
 
 #[cfg(test)]
 mod test {
@@ -182,16 +180,16 @@ mod test {
     fn test_low_order() {
         // Notice, that this is the only way to add low order points into the system
         // and this is not exposed to the user. The user will use `from_bytes` which will check for low order points.
-        let bad_key_a = PublicKey(MontgomeryPoint::LOW_A);
-        let checked_bad_key_a = PublicKey::from_bytes(&MontgomeryPoint::LOW_A.0);
+        let bad_key_a = PublicKey(MontgomeryXpoint::LOW_A);
+        let checked_bad_key_a = PublicKey::from_bytes(&MontgomeryXpoint::LOW_A.0);
         assert!(checked_bad_key_a.is_none());
 
-        let bad_key_b = PublicKey(MontgomeryPoint::LOW_B);
-        let checked_bad_key_b = PublicKey::from_bytes(&MontgomeryPoint::LOW_B.0);
+        let bad_key_b = PublicKey(MontgomeryXpoint::LOW_B);
+        let checked_bad_key_b = PublicKey::from_bytes(&MontgomeryXpoint::LOW_B.0);
         assert!(checked_bad_key_b.is_none());
 
-        let bad_key_c = PublicKey(MontgomeryPoint::LOW_C);
-        let checked_bad_key_c = PublicKey::from_bytes(&MontgomeryPoint::LOW_C.0);
+        let bad_key_c = PublicKey(MontgomeryXpoint::LOW_C);
+        let checked_bad_key_c = PublicKey::from_bytes(&MontgomeryXpoint::LOW_C.0);
         assert!(checked_bad_key_c.is_none());
 
         let mut rng = rand::rng();
@@ -379,8 +377,8 @@ mod test {
             0xda, 0x8d, 0x52, 0x4d, 0xe3, 0xd6, 0x9b, 0xd9, 0xd9, 0xd6, 0x6b, 0x99, 0x7e, 0x37,
         ];
 
-        let mut point = MontgomeryPoint::GENERATOR.0;
-        let mut scalar = MontgomeryPoint::GENERATOR.0;
+        let mut point = MontgomeryXpoint::GENERATOR.0;
+        let mut scalar = MontgomeryXpoint::GENERATOR.0;
         let mut result = [0u8; 56];
 
         // Iterate 1 time then check value on 1st iteration