clean up making elligator a non-default feature

jmwample · Jun 26, 2024 · ee3d180 · ee3d180
1 parent 4bddb0e
commit ee3d180
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 7 deletions.
diff --git a/curve25519-dalek/Cargo.toml b/curve25519-dalek/Cargo.toml
@@ -27,7 +27,7 @@ rustdoc-args = [
     "--html-in-header", "docs/assets/rustdoc-include-katex-header.html",
     "--cfg", "docsrs",
 ]
-features = ["serde", "rand_core", "elligator2", "digest", "legacy_compatibility", "group-bits"]
+features = ["serde", "rand_core", "digest", "legacy_compatibility", "group-bits"]
 
 [dev-dependencies]
 sha2 = { version = "0.10", default-features = false }

diff --git a/curve25519-dalek/src/elligator2.rs b/curve25519-dalek/src/elligator2.rs
@@ -167,7 +167,7 @@ pub trait MapToPointVariant {
     }
 }
 
-/// Converts to/from a point on elliptic curve E (Curve25519) given an element of
+/// Converts between a point on elliptic curve E (Curve25519) and an element of
 /// the finite field F over which E is defined. See section 6.7.1 of
 /// [RFC 9380 specification](https://datatracker.ietf.org/doc/rfc9380/).
 ///
@@ -205,6 +205,11 @@ impl MapToPointVariant for RFC9380 {
     }
 }
 
+/// Converts between a point on elliptic curve E (Curve25519) and an element of
+/// the finite field F over which E is defined. Ensures that generated field
+/// elements are indistinguishable from uniform random at the cost of compatability
+/// with RFC 9380.
+///
 /// Differs from [`RFC9380`] in the implementation of the `to_representative` function
 /// as RFC9380 misses a computational distinguisher that would allow an attacker to
 /// distinguish the representative from random bytes.
@@ -226,9 +231,9 @@ impl MapToPointVariant for Randomized {
 }
 
 #[cfg(feature = "digest")]
-/// Calculates a point on elliptic curve E (Curve25519) from an element of
-/// the finite field F over which E is defined. See section 6.7.1 of
-/// [RFC 9380 specification](https://datatracker.ietf.org/doc/rfc9380/).
+/// Converts between a point on elliptic curve E (Curve25519) and an element of
+/// the finite field F over which E is defined. Supports older implementations
+/// with a common implementation bug (Signal, Kleshni-C).
 ///
 /// In contrast to the [`RFC9380`] variant, `Legacy` does NOT assume that input values are always
 /// going to be the least-square-root representation of the field element.

diff --git a/x25519-dalek/Cargo.toml b/x25519-dalek/Cargo.toml
@@ -35,7 +35,7 @@ rustdoc-args = [
     "--html-in-header", "docs/assets/rustdoc-include-katex-header.html",
     "--cfg", "docsrs",
 ]
-features = ["getrandom", "reusable_secrets", "serde", "static_secrets", "elligator2"]
+features = ["getrandom", "reusable_secrets", "serde", "static_secrets"]
 
 [dependencies]
 curve25519-dalek = { version = "4", path = "../curve25519-dalek", default-features = false }
@@ -61,4 +61,3 @@ alloc = ["curve25519-dalek/alloc", "serde?/alloc", "zeroize?/alloc"]
 precomputed-tables = ["curve25519-dalek/precomputed-tables"]
 reusable_secrets = []
 static_secrets = []
-elligator2 = ["curve25519-dalek/elligator2"]