Move the encoding code into the point module.

src/ed25519/mod.rs

@@ -76,7 +76,7 @@ impl ED25519Private {
         curve25519_scalar_mask(&mut result.private);
         let mut a = Point::new();
         x25519_ge_scalarmult_base(&mut a, &result.private);
-        into_encoded_point(&mut result.public, &a.x, &a.y, &a.z);
+        a.encode_to(&mut result.public);
         result
     }
 
@@ -96,7 +96,7 @@ impl ED25519Private {
         println!("ME:r.y: {:?}", r.y);
         println!("ME:r.z: {:?}", r.z);
         println!("ME:r.t: {:?}", r.t);
-        into_encoded_point(&mut signature_r, &r.x, &r.y, &r.z);
+        r.encode_to(&mut signature_r);
         println!("ME:signature_r: {:?}", signature_r);
         let hram_digest = eddsa_digest(&signature_r, &self.public, &msg);
         let hram = digest_scalar(&hram_digest);
@@ -134,14 +134,15 @@ impl ED25519Public {
             return false;
         }
 
-        let mut a = from_encoded_point(&self.public);
+        let mut a = Point::new();
+        x25519_ge_frombytes_vartime(&mut a, &self.public);
         invert_vartime(&mut a);
         let h_digest = eddsa_digest(signature_r, &self.public, msg);
         let h = digest_scalar(&h_digest);
         let mut r = Point2::new();
         ge_double_scalarmult_vartime(&mut r, &h, &a, &signature_s);
         let mut r_check = [0; 32];
-        into_encoded_point(&mut r_check, &r.x, &r.y, &r.z);
+        r.encode_to(&mut r_check);
         signature_r == r_check
     }
 }
@@ -163,30 +164,6 @@ fn digest_scalar(digest: &[u8]) -> Vec<u8> {
     copy[..32].to_vec()
 }
 
-fn into_encoded_point(bytes: &mut [u8], x: &Element, y: &Element, z: &Element)
-{
-    let mut x_over_z = [0; NUM_ELEMENT_LIMBS];
-    let mut y_over_z = [0; NUM_ELEMENT_LIMBS];
-    assert_eq!(bytes.len(), 32);
-
-    let recip = fe_invert(z);
-    fe_mul(&mut x_over_z, x, &recip);
-    fe_mul(&mut y_over_z, y, &recip);
-    fe_tobytes(bytes, &y_over_z);
-    let sign_bit = if fe_isnegative(&x_over_z) { 1 } else { 0 };
-
-    // The preceding computations must execute in constant time, but this
-    // doesn't need to.
-    bytes[31] ^= sign_bit << 7;
-}
-
-fn from_encoded_point(encoded: &[u8]) -> Point
-{
-    let mut point = Point::new();
-    x25519_ge_frombytes_vartime(&mut point, encoded);
-    point
-}
-
 fn invert_vartime(v: &mut Point)
 {
     for i in 0..NUM_ELEMENT_LIMBS {
@@ -225,9 +202,9 @@ fn rfc8072() {
     run_test(fname.to_string(), 4, run_signing_testcase);
 }
 
-//#[cfg(test)]
+#[cfg(test)]
-//#[test]
+#[test]
-//fn signing() {
+fn signing() {
-//    let fname = "testdata/ed25519/sign.test";
+    let fname = "testdata/ed25519/sign.test";
-//    run_test(fname.to_string(), 4, run_signing_testcase);
+    run_test(fname.to_string(), 4, run_signing_testcase);
-//}
+}

src/ed25519/point.rs

@@ -34,6 +34,11 @@ impl Point {
       t: test_from_bytes(&xs[120..])
     }
   }
+
+  pub fn encode_to(&self, target: &mut [u8])
+  {
+    into_encoded_point(target, &self.x, &self.y, &self.z);
+  }
 }
 
 const D: Element = [-10913610, 13857413, -15372611, 6949391,   114729,
@@ -148,6 +153,11 @@ impl Point2 {
       z: test_from_bytes(&xs[80..120]),
     }
   }
+
+  pub fn encode_to(&self, target: &mut [u8])
+  {
+    into_encoded_point(target, &self.x, &self.y, &self.z);
+  }
 }
 
 fn ge_p2_0(h: &mut Point2)
@@ -1809,3 +1819,19 @@ fn public_from_private() {
     });
 }
 
+fn into_encoded_point(bytes: &mut [u8], x: &Element, y: &Element, z: &Element)
+{
+    let mut x_over_z = [0; NUM_ELEMENT_LIMBS];
+    let mut y_over_z = [0; NUM_ELEMENT_LIMBS];
+    assert!(bytes.len() >= 32);
+
+    let recip = fe_invert(z);
+    fe_mul(&mut x_over_z, x, &recip);
+    fe_mul(&mut y_over_z, y, &recip);
+    fe_tobytes(bytes, &y_over_z);
+    let sign_bit = if fe_isnegative(&x_over_z) { 1 } else { 0 };
+
+    // The preceding computations must execute in constant time, but this
+    // doesn't need to.
+    bytes[31] ^= sign_bit << 7;
+}