Skip to content

Commit

Permalink
arithmetic/limb: Clarify memory safety of limbs_reduce_once_constant_…
Browse files Browse the repository at this point in the history
…time.
  • Loading branch information
briansmith committed Jan 26, 2025
1 parent e5a1cf1 commit e3c1fba
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 7 deletions.
3 changes: 2 additions & 1 deletion src/arithmetic/bigint.rs
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,8 @@ pub fn elem_reduced_once<A, M>(
assert_eq!(m.len_bits(), other_modulus_len_bits);

let mut r = a.limbs.clone();
limb::limbs_reduce_once_constant_time(&mut r, m.limbs());
limb::limbs_reduce_once_constant_time(&mut r, m.limbs())
.unwrap_or_else(unwrap_impossible_len_mismatch_error);
Elem {
limbs: BoxedLimbs::new_unchecked(r.into_limbs()),
encoding: PhantomData,
Expand Down
6 changes: 4 additions & 2 deletions src/ec/suite_b/ops.rs
Original file line number Diff line number Diff line change
Expand Up @@ -493,7 +493,8 @@ impl Modulus<N> {
pub fn elem_reduced_to_scalar(&self, elem: &Elem<Unencoded>) -> Scalar<Unencoded> {
let num_limbs = self.num_limbs.into();
let mut r_limbs = elem.limbs;
limbs_reduce_once_constant_time(&mut r_limbs[..num_limbs], &self.limbs[..num_limbs]);
limbs_reduce_once_constant_time(&mut r_limbs[..num_limbs], &self.limbs[..num_limbs])
.unwrap_or_else(unwrap_impossible_len_mismatch_error);
Scalar {
limbs: r_limbs,
m: PhantomData,
Expand Down Expand Up @@ -575,7 +576,8 @@ pub(super) fn scalar_parse_big_endian_partially_reduced_variable_consttime(
{
let r = &mut r.limbs[..num_limbs];
parse_big_endian_and_pad_consttime(bytes, r)?;
limbs_reduce_once_constant_time(r, &n.limbs[..num_limbs]);
limbs_reduce_once_constant_time(r, &n.limbs[..num_limbs])
.unwrap_or_else(unwrap_impossible_len_mismatch_error);
}

Ok(r)
Expand Down
11 changes: 7 additions & 4 deletions src/limb.rs
Original file line number Diff line number Diff line change
Expand Up @@ -156,12 +156,15 @@ pub fn limbs_minimal_bits(a: &[Limb]) -> bits::BitLength {

/// Equivalent to `if (r >= m) { r -= m; }`
#[inline]
pub fn limbs_reduce_once_constant_time(r: &mut [Limb], m: &[Limb]) {
pub fn limbs_reduce_once_constant_time(r: &mut [Limb], m: &[Limb]) -> Result<(), LenMismatchError> {
prefixed_extern! {
fn LIMBS_reduce_once(r: *mut Limb, m: *const Limb, num_limbs: c::size_t);
fn LIMBS_reduce_once(r: *mut Limb, m: *const Limb, num_limbs: c::NonZero_size_t);
}
assert_eq!(r.len(), m.len());
unsafe { LIMBS_reduce_once(r.as_mut_ptr(), m.as_ptr(), m.len()) };
let num_limbs = NonZeroUsize::new(r.len()).ok_or_else(|| LenMismatchError::new(m.len()))?;
let r = r.as_mut_ptr(); // Non-dangling because num_limbs is non-zero.
let m = m.as_ptr(); // Non-dangling because num_limbs is non-zero.
unsafe { LIMBS_reduce_once(r, m, num_limbs) };
Ok(())
}

#[derive(Clone, Copy, PartialEq)]
Expand Down

0 comments on commit e3c1fba

Please sign in to comment.