yggdrasil/ring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ec suite_b: Make CommonOps::num_limbs and ops::elem::Elem::* private.

Browse Source
This commit is contained in:
Brian Smith 2023-12-03 12:22:44 -08:00
parent e952c64eba
commit f55712e909
5 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ec/suite_b/ecdsa/digest_scalar.rs
View File

@ -95,7 +95,6 @@ mod tests {
} }
}; };
let num_limbs = ops.public_key_ops.common.num_limbs;
assert_eq!(input.len(), digest_alg.output_len()); assert_eq!(input.len(), digest_alg.output_len());
assert_eq!(output.len(), ops.scalar_ops.scalar_bytes_len()); assert_eq!(output.len(), ops.scalar_ops.scalar_bytes_len());
@ -107,7 +106,10 @@ mod tests {
.unwrap(); .unwrap();
let actual = digest_bytes_scalar(ops.scalar_ops, &input); let actual = digest_bytes_scalar(ops.scalar_ops, &input);
assert_eq!(actual.limbs[..num_limbs], expected.limbs[..num_limbs]); assert_eq!(
ops.scalar_ops.leak_limbs(&actual),
ops.scalar_ops.leak_limbs(&expected)
);
Ok(()) Ok(())
}, },

6
src/ec/suite_b/ecdsa/signing.rs
View File

@ -386,10 +386,10 @@ fn format_rs_fixed(ops: &'static ScalarOps, r: &Scalar, s: &Scalar, out: &mut [u
let scalar_len = ops.scalar_bytes_len(); let scalar_len = ops.scalar_bytes_len();
let (r_out, rest) = out.split_at_mut(scalar_len); let (r_out, rest) = out.split_at_mut(scalar_len);
limb::big_endian_from_limbs(&r.limbs[..ops.common.num_limbs], r_out); limb::big_endian_from_limbs(ops.leak_limbs(r), r_out);
let (s_out, _) = rest.split_at_mut(scalar_len); let (s_out, _) = rest.split_at_mut(scalar_len);
limb::big_endian_from_limbs(&s.limbs[..ops.common.num_limbs], s_out); limb::big_endian_from_limbs(ops.leak_limbs(s), s_out);
2 * scalar_len 2 * scalar_len
} }
@ -400,7 +400,7 @@ fn format_rs_asn1(ops: &'static ScalarOps, r: &Scalar, s: &Scalar, out: &mut [u8
fn format_integer_tlv(ops: &ScalarOps, a: &Scalar, out: &mut [u8]) -> usize { fn format_integer_tlv(ops: &ScalarOps, a: &Scalar, out: &mut [u8]) -> usize {
let mut fixed = [0u8; ec::SCALAR_MAX_BYTES + 1]; let mut fixed = [0u8; ec::SCALAR_MAX_BYTES + 1];
let fixed = &mut fixed[..(ops.scalar_bytes_len() + 1)]; let fixed = &mut fixed[..(ops.scalar_bytes_len() + 1)];
limb::big_endian_from_limbs(&a.limbs[..ops.common.num_limbs], &mut fixed[1..]); limb::big_endian_from_limbs(ops.leak_limbs(a), &mut fixed[1..]);
// Since `a_fixed_out` is an extra byte long, it is guaranteed to start // Since `a_fixed_out` is an extra byte long, it is guaranteed to start
// with a zero. // with a zero.

10
src/ec/suite_b/ops.rs
View File

@ -52,7 +52,7 @@ impl Point {
/// Operations and values needed by all curve operations. /// Operations and values needed by all curve operations.
pub struct CommonOps { pub struct CommonOps {
pub num_limbs: usize, num_limbs: usize,
q: Modulus, q: Modulus,
n: Elem<Unencoded>, n: Elem<Unencoded>,
@ -186,6 +186,10 @@ pub struct PrivateKeyOps {
} }
impl PrivateKeyOps { impl PrivateKeyOps {
pub fn leak_limbs<'a>(&self, a: &'a Elem<Unencoded>) -> &'a [Limb] {
&a.limbs[..self.common.num_limbs]
}
#[inline(always)] #[inline(always)]
pub fn point_mul_base(&self, a: &Scalar) -> Point { pub fn point_mul_base(&self, a: &Scalar) -> Point {
(self.point_mul_base_impl)(a) (self.point_mul_base_impl)(a)
@ -255,6 +259,10 @@ impl ScalarOps {
self.common.len() self.common.len()
} }
pub fn leak_limbs<'s>(&self, s: &'s Scalar) -> &'s [Limb] {
&s.limbs[..self.common.num_limbs]
}
/// Returns the modular inverse of `a` (mod `n`). Panics of `a` is zero, /// Returns the modular inverse of `a` (mod `n`). Panics of `a` is zero,
/// because zero isn't invertible. /// because zero isn't invertible.
pub fn scalar_inv_to_mont(&self, a: &Scalar) -> Scalar<R> { pub fn scalar_inv_to_mont(&self, a: &Scalar) -> Scalar<R> {

6
src/ec/suite_b/ops/elem.rs
View File

@ -26,14 +26,14 @@ use core::marker::PhantomData;
#[derive(Clone, Copy)] #[derive(Clone, Copy)]
pub struct Elem<M, E: Encoding> { pub struct Elem<M, E: Encoding> {
// XXX: pub // XXX: pub
pub limbs: [Limb; MAX_LIMBS], pub(super) limbs: [Limb; MAX_LIMBS],
/// The modulus *m* for the ring /m for which this element is a value. /// The modulus *m* for the ring /m for which this element is a value.
pub m: PhantomData<M>, pub(super) m: PhantomData<M>,
/// The number of Montgomery factors that need to be canceled out from /// The number of Montgomery factors that need to be canceled out from
/// `value` to get the actual value. /// `value` to get the actual value.
pub encoding: PhantomData<E>, pub(super) encoding: PhantomData<E>,
} }
impl<M, E: Encoding> Elem<M, E> { impl<M, E: Encoding> Elem<M, E> {

5
src/ec/suite_b/private_key.rs
View File

@ -183,14 +183,13 @@ pub fn big_endian_affine_from_jacobian(
p: &Point, p: &Point,
) -> Result<(), error::Unspecified> { ) -> Result<(), error::Unspecified> {
let (x_aff, y_aff) = affine_from_jacobian(ops, p)?; let (x_aff, y_aff) = affine_from_jacobian(ops, p)?;
let num_limbs = ops.common.num_limbs;
if let Some(x_out) = x_out { if let Some(x_out) = x_out {
let x = ops.common.elem_unencoded(&x_aff); let x = ops.common.elem_unencoded(&x_aff);
limb::big_endian_from_limbs(&x.limbs[..num_limbs], x_out); limb::big_endian_from_limbs(ops.leak_limbs(&x), x_out);
} }
if let Some(y_out) = y_out { if let Some(y_out) = y_out {
let y = ops.common.elem_unencoded(&y_aff); let y = ops.common.elem_unencoded(&y_aff);
limb::big_endian_from_limbs(&y.limbs[..num_limbs], y_out); limb::big_endian_from_limbs(ops.leak_limbs(&y), y_out);
} }
Ok(()) Ok(())