k256+p256: make FromEncodedPoint return a CtOption (#445)

Corresponding changes for:

RustCrypto/traits#782

Internally these were already returning `CtOption` anyway. It should
also simplify the implementation of `GroupEncoding`.

Author: tarcieri

Cargo.lock

@@ -105,40 +105,6 @@ impl PartialEq for AffinePoint {
 
 impl Eq for AffinePoint {}
 
-impl AffinePoint {
-    /// Decode this point from a SEC1-encoded point.
-    pub(crate) fn decode(encoded_point: &EncodedPoint) -> CtOption<Self> {
-        match encoded_point.coordinates() {
-            sec1::Coordinates::Identity => CtOption::new(Self::identity(), 1.into()),
-            sec1::Coordinates::Compact { .. } => {
-                // TODO(tarcieri): add decompaction support
-                CtOption::new(Self::default(), 0.into())
-            }
-            sec1::Coordinates::Compressed { x, y_is_odd } => {
-                AffinePoint::decompress(x, Choice::from(y_is_odd as u8))
-            }
-            sec1::Coordinates::Uncompressed { x, y } => {
-                let x = FieldElement::from_bytes(x);
-                let y = FieldElement::from_bytes(y);
-
-                x.and_then(|x| {
-                    y.and_then(|y| {
-                        // Check that the point is on the curve
-                        let lhs = (y * &y).negate(1);
-                        let rhs = x * &x * &x + &CURVE_EQUATION_B;
-                        let point = AffinePoint {
-                            x,
-                            y,
-                            infinity: Choice::from(0),
-                        };
-                        CtOption::new(point, (lhs + &rhs).normalizes_to_zero())
-                    })
-                })
-            }
-        }
-    }
-}
-
 impl DecompressPoint<Secp256k1> for AffinePoint {
     fn decompress(x_bytes: &FieldBytes, y_is_odd: Choice) -> CtOption<Self> {
         FieldElement::from_bytes(x_bytes).and_then(|x| {
@@ -189,8 +155,35 @@ impl FromEncodedPoint<Secp256k1> for AffinePoint {
     /// # Returns
     ///
     /// `None` value if `encoded_point` is not on the secp256k1 curve.
-    fn from_encoded_point(encoded_point: &EncodedPoint) -> Option<Self> {
-        Self::decode(encoded_point).into()
+    fn from_encoded_point(encoded_point: &EncodedPoint) -> CtOption<Self> {
+        match encoded_point.coordinates() {
+            sec1::Coordinates::Identity => CtOption::new(Self::identity(), 1.into()),
+            sec1::Coordinates::Compact { .. } => {
+                // TODO(tarcieri): add decompaction support
+                CtOption::new(Self::default(), 0.into())
+            }
+            sec1::Coordinates::Compressed { x, y_is_odd } => {
+                AffinePoint::decompress(x, Choice::from(y_is_odd as u8))
+            }
+            sec1::Coordinates::Uncompressed { x, y } => {
+                let x = FieldElement::from_bytes(x);
+                let y = FieldElement::from_bytes(y);
+
+                x.and_then(|x| {
+                    y.and_then(|y| {
+                        // Check that the point is on the curve
+                        let lhs = (y * &y).negate(1);
+                        let rhs = x * &x * &x + &CURVE_EQUATION_B;
+                        let point = AffinePoint {
+                            x,
+                            y,
+                            infinity: Choice::from(0),
+                        };
+                        CtOption::new(point, (lhs + &rhs).normalizes_to_zero())
+                    })
+                })
+            }
+        }
     }
 }
 

k256/src/arithmetic/affine.rs

@@ -62,7 +62,7 @@ impl From<ProjectivePoint> for AffinePoint {
 }
 
 impl FromEncodedPoint<Secp256k1> for ProjectivePoint {
-    fn from_encoded_point(p: &EncodedPoint) -> Option<Self> {
+    fn from_encoded_point(p: &EncodedPoint) -> CtOption<Self> {
         AffinePoint::from_encoded_point(p).map(ProjectivePoint::from)
     }
 }

k256/src/arithmetic/projective.rs

@@ -105,36 +105,6 @@ impl PartialEq for AffinePoint {
     }
 }
 
-impl AffinePoint {
-    fn decode(encoded_point: &EncodedPoint) -> CtOption<Self> {
-        match encoded_point.coordinates() {
-            sec1::Coordinates::Identity => CtOption::new(Self::identity(), 1.into()),
-            sec1::Coordinates::Compact { x } => AffinePoint::decompact(x),
-            sec1::Coordinates::Compressed { x, y_is_odd } => {
-                AffinePoint::decompress(x, Choice::from(y_is_odd as u8))
-            }
-            sec1::Coordinates::Uncompressed { x, y } => {
-                let x = FieldElement::from_bytes(x);
-                let y = FieldElement::from_bytes(y);
-
-                x.and_then(|x| {
-                    y.and_then(|y| {
-                        // Check that the point is on the curve
-                        let lhs = y * &y;
-                        let rhs = x * &x * &x + &(CURVE_EQUATION_A * &x) + &CURVE_EQUATION_B;
-                        let point = AffinePoint {
-                            x,
-                            y,
-                            infinity: Choice::from(0),
-                        };
-                        CtOption::new(point, lhs.ct_eq(&rhs))
-                    })
-                })
-            }
-        }
-    }
-}
-
 impl DecompressPoint<NistP256> for AffinePoint {
     fn decompress(x_bytes: &FieldBytes, y_is_odd: Choice) -> CtOption<Self> {
         FieldElement::from_bytes(x_bytes).and_then(|x| {
@@ -205,8 +175,32 @@ impl FromEncodedPoint<NistP256> for AffinePoint {
     /// # Returns
     ///
     /// `None` value if `encoded_point` is not on the secp256r1 curve.
-    fn from_encoded_point(encoded_point: &EncodedPoint) -> Option<Self> {
-        Self::decode(encoded_point).into()
+    fn from_encoded_point(encoded_point: &EncodedPoint) -> CtOption<Self> {
+        match encoded_point.coordinates() {
+            sec1::Coordinates::Identity => CtOption::new(Self::identity(), 1.into()),
+            sec1::Coordinates::Compact { x } => AffinePoint::decompact(x),
+            sec1::Coordinates::Compressed { x, y_is_odd } => {
+                AffinePoint::decompress(x, Choice::from(y_is_odd as u8))
+            }
+            sec1::Coordinates::Uncompressed { x, y } => {
+                let x = FieldElement::from_bytes(x);
+                let y = FieldElement::from_bytes(y);
+
+                x.and_then(|x| {
+                    y.and_then(|y| {
+                        // Check that the point is on the curve
+                        let lhs = y * &y;
+                        let rhs = x * &x * &x + &(CURVE_EQUATION_A * &x) + &CURVE_EQUATION_B;
+                        let point = AffinePoint {
+                            x,
+                            y,
+                            infinity: Choice::from(0),
+                        };
+                        CtOption::new(point, lhs.ct_eq(&rhs))
+                    })
+                })
+            }
+        }
     }
 }
 

p256/src/arithmetic/affine.rs

@@ -115,7 +115,7 @@ impl From<ProjectivePoint> for AffinePoint {
 }
 
 impl FromEncodedPoint<NistP256> for ProjectivePoint {
-    fn from_encoded_point(p: &EncodedPoint) -> Option<Self> {
+    fn from_encoded_point(p: &EncodedPoint) -> CtOption<Self> {
         AffinePoint::from_encoded_point(p).map(ProjectivePoint::from)
     }
 }