ec suite_b: Make CommonOps::num_limbs and ops::elem::Elem::* private.

2023-12-03 12:22:44 -08:00 · 2023-12-03 12:22:44 -08:00 · f55712e909
commit f55712e909
parent e952c64eba
5 changed files with 21 additions and 12 deletions
--- a/src/ec/suite_b/ecdsa/digest_scalar.rs
+++ b/src/ec/suite_b/ecdsa/digest_scalar.rs
@ -95,7 +95,6 @@ mod tests {
                    }
                };

-                let num_limbs = ops.public_key_ops.common.num_limbs;
                assert_eq!(input.len(), digest_alg.output_len());
                assert_eq!(output.len(), ops.scalar_ops.scalar_bytes_len());

@ -107,7 +106,10 @@ mod tests {
                .unwrap();

                let actual = digest_bytes_scalar(ops.scalar_ops, &input);
-                assert_eq!(actual.limbs[..num_limbs], expected.limbs[..num_limbs]);
+                assert_eq!(
+                    ops.scalar_ops.leak_limbs(&actual),
+                    ops.scalar_ops.leak_limbs(&expected)
+                );

                Ok(())
            },
--- a/src/ec/suite_b/ecdsa/signing.rs
+++ b/src/ec/suite_b/ecdsa/signing.rs
@ -386,10 +386,10 @@ fn format_rs_fixed(ops: &'static ScalarOps, r: &Scalar, s: &Scalar, out: &mut [u
    let scalar_len = ops.scalar_bytes_len();

    let (r_out, rest) = out.split_at_mut(scalar_len);
-    limb::big_endian_from_limbs(&r.limbs[..ops.common.num_limbs], r_out);
+    limb::big_endian_from_limbs(ops.leak_limbs(r), r_out);

    let (s_out, _) = rest.split_at_mut(scalar_len);
-    limb::big_endian_from_limbs(&s.limbs[..ops.common.num_limbs], s_out);
+    limb::big_endian_from_limbs(ops.leak_limbs(s), s_out);

    2 * scalar_len
 }
@ -400,7 +400,7 @@ fn format_rs_asn1(ops: &'static ScalarOps, r: &Scalar, s: &Scalar, out: &mut [u8
    fn format_integer_tlv(ops: &ScalarOps, a: &Scalar, out: &mut [u8]) -> usize {
        let mut fixed = [0u8; ec::SCALAR_MAX_BYTES + 1];
        let fixed = &mut fixed[..(ops.scalar_bytes_len() + 1)];
-        limb::big_endian_from_limbs(&a.limbs[..ops.common.num_limbs], &mut fixed[1..]);
+        limb::big_endian_from_limbs(ops.leak_limbs(a), &mut fixed[1..]);

        // Since `a_fixed_out` is an extra byte long, it is guaranteed to start
        // with a zero.
--- a/src/ec/suite_b/ops.rs
+++ b/src/ec/suite_b/ops.rs
@ -52,7 +52,7 @@ impl Point {

 /// Operations and values needed by all curve operations.
 pub struct CommonOps {
-    pub num_limbs: usize,
+    num_limbs: usize,
    q: Modulus,
    n: Elem<Unencoded>,

@ -186,6 +186,10 @@ pub struct PrivateKeyOps {
 }

 impl PrivateKeyOps {
+    pub fn leak_limbs<'a>(&self, a: &'a Elem<Unencoded>) -> &'a [Limb] {
+        &a.limbs[..self.common.num_limbs]
+    }
+
    #[inline(always)]
    pub fn point_mul_base(&self, a: &Scalar) -> Point {
        (self.point_mul_base_impl)(a)
@ -255,6 +259,10 @@ impl ScalarOps {
        self.common.len()
    }

+    pub fn leak_limbs<'s>(&self, s: &'s Scalar) -> &'s [Limb] {
+        &s.limbs[..self.common.num_limbs]
+    }
+
    /// Returns the modular inverse of `a` (mod `n`). Panics of `a` is zero,
    /// because zero isn't invertible.
    pub fn scalar_inv_to_mont(&self, a: &Scalar) -> Scalar<R> {
--- a/src/ec/suite_b/ops/elem.rs
+++ b/src/ec/suite_b/ops/elem.rs
@ -26,14 +26,14 @@ use core::marker::PhantomData;
 #[derive(Clone, Copy)]
 pub struct Elem<M, E: Encoding> {
    // XXX: pub
-    pub limbs: [Limb; MAX_LIMBS],
+    pub(super) limbs: [Limb; MAX_LIMBS],

    /// The modulus *m* for the ring ℤ/mℤ for which this element is a value.
-    pub m: PhantomData<M>,
+    pub(super) m: PhantomData<M>,

    /// The number of Montgomery factors that need to be canceled out from
    /// `value` to get the actual value.
-    pub encoding: PhantomData<E>,
+    pub(super) encoding: PhantomData<E>,
 }

 impl<M, E: Encoding> Elem<M, E> {
--- a/src/ec/suite_b/private_key.rs
+++ b/src/ec/suite_b/private_key.rs
@ -183,14 +183,13 @@ pub fn big_endian_affine_from_jacobian(
    p: &Point,
 ) -> Result<(), error::Unspecified> {
    let (x_aff, y_aff) = affine_from_jacobian(ops, p)?;
-    let num_limbs = ops.common.num_limbs;
    if let Some(x_out) = x_out {
        let x = ops.common.elem_unencoded(&x_aff);
-        limb::big_endian_from_limbs(&x.limbs[..num_limbs], x_out);
+        limb::big_endian_from_limbs(ops.leak_limbs(&x), x_out);
    }
    if let Some(y_out) = y_out {
        let y = ops.common.elem_unencoded(&y_aff);
-        limb::big_endian_from_limbs(&y.limbs[..num_limbs], y_out);
+        limb::big_endian_from_limbs(ops.leak_limbs(&y), y_out);
    }

    Ok(())