ec suite_b: Make CommonOps::num_limbs and ops::elem::Elem::* priv…

…ate.
briansmith · Dec 4, 2023 · f55712e · f55712e
1 parent e952c64
commit f55712e
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 12 deletions.
diff --git a/src/ec/suite_b/ecdsa/digest_scalar.rs b/src/ec/suite_b/ecdsa/digest_scalar.rs
@@ -95,7 +95,6 @@ mod tests {
                     }
                 };
 
-                let num_limbs = ops.public_key_ops.common.num_limbs;
                 assert_eq!(input.len(), digest_alg.output_len());
                 assert_eq!(output.len(), ops.scalar_ops.scalar_bytes_len());
 
@@ -107,7 +106,10 @@ mod tests {
                 .unwrap();
 
                 let actual = digest_bytes_scalar(ops.scalar_ops, &input);
-                assert_eq!(actual.limbs[..num_limbs], expected.limbs[..num_limbs]);
+                assert_eq!(
+                    ops.scalar_ops.leak_limbs(&actual),
+                    ops.scalar_ops.leak_limbs(&expected)
+                );
 
                 Ok(())
             },

diff --git a/src/ec/suite_b/ecdsa/signing.rs b/src/ec/suite_b/ecdsa/signing.rs
@@ -386,10 +386,10 @@ fn format_rs_fixed(ops: &'static ScalarOps, r: &Scalar, s: &Scalar, out: &mut [u
     let scalar_len = ops.scalar_bytes_len();
 
     let (r_out, rest) = out.split_at_mut(scalar_len);
-    limb::big_endian_from_limbs(&r.limbs[..ops.common.num_limbs], r_out);
+    limb::big_endian_from_limbs(ops.leak_limbs(r), r_out);
 
     let (s_out, _) = rest.split_at_mut(scalar_len);
-    limb::big_endian_from_limbs(&s.limbs[..ops.common.num_limbs], s_out);
+    limb::big_endian_from_limbs(ops.leak_limbs(s), s_out);
 
     2 * scalar_len
 }
@@ -400,7 +400,7 @@ fn format_rs_asn1(ops: &'static ScalarOps, r: &Scalar, s: &Scalar, out: &mut [u8
     fn format_integer_tlv(ops: &ScalarOps, a: &Scalar, out: &mut [u8]) -> usize {
         let mut fixed = [0u8; ec::SCALAR_MAX_BYTES + 1];
         let fixed = &mut fixed[..(ops.scalar_bytes_len() + 1)];
-        limb::big_endian_from_limbs(&a.limbs[..ops.common.num_limbs], &mut fixed[1..]);
+        limb::big_endian_from_limbs(ops.leak_limbs(a), &mut fixed[1..]);
 
         // Since `a_fixed_out` is an extra byte long, it is guaranteed to start
         // with a zero.

diff --git a/src/ec/suite_b/ops.rs b/src/ec/suite_b/ops.rs
@@ -52,7 +52,7 @@ impl Point {
 
 /// Operations and values needed by all curve operations.
 pub struct CommonOps {
-    pub num_limbs: usize,
+    num_limbs: usize,
     q: Modulus,
     n: Elem<Unencoded>,
 
@@ -186,6 +186,10 @@ pub struct PrivateKeyOps {
 }
 
 impl PrivateKeyOps {
+    pub fn leak_limbs<'a>(&self, a: &'a Elem<Unencoded>) -> &'a [Limb] {
+        &a.limbs[..self.common.num_limbs]
+    }
+
     #[inline(always)]
     pub fn point_mul_base(&self, a: &Scalar) -> Point {
         (self.point_mul_base_impl)(a)
@@ -255,6 +259,10 @@ impl ScalarOps {
         self.common.len()
     }
 
+    pub fn leak_limbs<'s>(&self, s: &'s Scalar) -> &'s [Limb] {
+        &s.limbs[..self.common.num_limbs]
+    }
+
     /// Returns the modular inverse of `a` (mod `n`). Panics of `a` is zero,
     /// because zero isn't invertible.
     pub fn scalar_inv_to_mont(&self, a: &Scalar) -> Scalar<R> {

diff --git a/src/ec/suite_b/ops/elem.rs b/src/ec/suite_b/ops/elem.rs
@@ -26,14 +26,14 @@ use core::marker::PhantomData;
 #[derive(Clone, Copy)]
 pub struct Elem<M, E: Encoding> {
     // XXX: pub
-    pub limbs: [Limb; MAX_LIMBS],
+    pub(super) limbs: [Limb; MAX_LIMBS],
 
     /// The modulus *m* for the ring ℤ/mℤ for which this element is a value.
-    pub m: PhantomData<M>,
+    pub(super) m: PhantomData<M>,
 
     /// The number of Montgomery factors that need to be canceled out from
     /// `value` to get the actual value.
-    pub encoding: PhantomData<E>,
+    pub(super) encoding: PhantomData<E>,
 }
 
 impl<M, E: Encoding> Elem<M, E> {

diff --git a/src/ec/suite_b/private_key.rs b/src/ec/suite_b/private_key.rs
@@ -183,14 +183,13 @@ pub fn big_endian_affine_from_jacobian(
     p: &Point,
 ) -> Result<(), error::Unspecified> {
     let (x_aff, y_aff) = affine_from_jacobian(ops, p)?;
-    let num_limbs = ops.common.num_limbs;
     if let Some(x_out) = x_out {
         let x = ops.common.elem_unencoded(&x_aff);
-        limb::big_endian_from_limbs(&x.limbs[..num_limbs], x_out);
+        limb::big_endian_from_limbs(ops.leak_limbs(&x), x_out);
     }
     if let Some(y_out) = y_out {
         let y = ops.common.elem_unencoded(&y_aff);
-        limb::big_endian_from_limbs(&y.limbs[..num_limbs], y_out);
+        limb::big_endian_from_limbs(ops.leak_limbs(&y), y_out);
     }
 
     Ok(())