ec: Use LeakyWord for squarings in inversions.

The number of squarings isn't secret, nor is it the size of anything.
briansmith · Dec 7, 2024 · d3bbfcf · d3bbfcf
1 parent 81a6a7c
commit d3bbfcf
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 17 deletions.
diff --git a/mk/generate_curves.py b/mk/generate_curves.py
@@ -75,12 +75,12 @@
     //    %(q_minus_3)s
 
     #[inline]
-    fn sqr_mul(a: &Elem<R>, squarings: usize, b: &Elem<R>) -> Elem<R> {
+    fn sqr_mul(a: &Elem<R>, squarings: LeakyWord, b: &Elem<R>) -> Elem<R> {
         elem_sqr_mul(&COMMON_OPS, a, squarings, b)
     }
 
     #[inline]
-    fn sqr_mul_acc(a: &mut Elem<R>, squarings: usize, b: &Elem<R>) {
+    fn sqr_mul_acc(a: &mut Elem<R>, squarings: LeakyWord, b: &Elem<R>) {
         elem_sqr_mul_acc(&COMMON_OPS, a, squarings, b)
     }
 
@@ -148,7 +148,7 @@
     }
 
     // Returns (`a` squared `squarings` times) * `b`.
-    fn sqr_mul(a: &Scalar<R>, squarings: usize, b: &Scalar<R>) -> Scalar<R> {
+    fn sqr_mul(a: &Scalar<R>, squarings: LeakyWord, b: &Scalar<R>) -> Scalar<R> {
         debug_assert!(squarings >= 1);
         let mut tmp = sqr(a);
         for _ in 1..squarings {
@@ -158,7 +158,7 @@
     }
 
     // Sets `acc` = (`acc` squared `squarings` times) * `b`.
-    fn sqr_mul_acc(acc: &mut Scalar<R>, squarings: usize, b: &Scalar<R>) {
+    fn sqr_mul_acc(acc: &mut Scalar<R>, squarings: LeakyWord, b: &Scalar<R>) {
         debug_assert!(squarings >= 1);
         for _ in 0..squarings {
             sqr_mut(acc);
@@ -189,7 +189,7 @@
     ];
 
     for &(squarings, digit) in &REMAINING_WINDOWS[..] {
-        sqr_mul_acc(&mut acc, usize::from(squarings), &d[usize::from(digit)]);
+        sqr_mul_acc(&mut acc, LeakyWord::from(squarings), &d[usize::from(digit)]);
     }
 
     acc

diff --git a/src/ec/suite_b/ops.rs b/src/ec/suite_b/ops.rs
@@ -12,7 +12,10 @@
 // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-use crate::{arithmetic::limbs_from_hex, arithmetic::montgomery::*, cpu, error, limb::*};
+use crate::{
+    arithmetic::limbs_from_hex, arithmetic::montgomery::*, constant_time::LeakyWord, cpu, error,
+    limb::*,
+};
 use core::marker::PhantomData;
 
 pub use self::elem::*;
@@ -391,7 +394,7 @@ pub fn scalar_sum(ops: &CommonOps, a: &Scalar, mut b: Scalar) -> Scalar {
 }
 
 // Returns (`a` squared `squarings` times) * `b`.
-fn elem_sqr_mul(ops: &CommonOps, a: &Elem<R>, squarings: usize, b: &Elem<R>) -> Elem<R> {
+fn elem_sqr_mul(ops: &CommonOps, a: &Elem<R>, squarings: LeakyWord, b: &Elem<R>) -> Elem<R> {
     debug_assert!(squarings >= 1);
     let mut tmp = ops.elem_squared(a);
     for _ in 1..squarings {
@@ -401,7 +404,7 @@ fn elem_sqr_mul(ops: &CommonOps, a: &Elem<R>, squarings: usize, b: &Elem<R>) ->
 }
 
 // Sets `acc` = (`acc` squared `squarings` times) * `b`.
-fn elem_sqr_mul_acc(ops: &CommonOps, acc: &mut Elem<R>, squarings: usize, b: &Elem<R>) {
+fn elem_sqr_mul_acc(ops: &CommonOps, acc: &mut Elem<R>, squarings: LeakyWord, b: &Elem<R>) {
     debug_assert!(squarings >= 1);
     for _ in 0..squarings {
         ops.elem_square(acc);

diff --git a/src/ec/suite_b/ops/p256.rs b/src/ec/suite_b/ops/p256.rs
@@ -56,12 +56,12 @@ fn p256_elem_inv_squared(a: &Elem<R>, _cpu: cpu::Features) -> Elem<R> {
     //    0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc
 
     #[inline]
-    fn sqr_mul(a: &Elem<R>, squarings: usize, b: &Elem<R>) -> Elem<R> {
+    fn sqr_mul(a: &Elem<R>, squarings: LeakyWord, b: &Elem<R>) -> Elem<R> {
         elem_sqr_mul(&COMMON_OPS, a, squarings, b)
     }
 
     #[inline]
-    fn sqr_mul_acc(a: &mut Elem<R>, squarings: usize, b: &Elem<R>) {
+    fn sqr_mul_acc(a: &mut Elem<R>, squarings: LeakyWord, b: &Elem<R>) {
         elem_sqr_mul_acc(&COMMON_OPS, a, squarings, b)
     }
 
@@ -194,15 +194,15 @@ fn p256_scalar_inv_to_mont(a: Scalar<R>, _cpu: cpu::Features) -> Scalar<R> {
     }
 
     // Returns (`a` squared `squarings` times) * `b`.
-    fn sqr_mul(a: &Scalar<R>, squarings: Limb, b: &Scalar<R>) -> Scalar<R> {
+    fn sqr_mul(a: &Scalar<R>, squarings: LeakyWord, b: &Scalar<R>) -> Scalar<R> {
         debug_assert!(squarings >= 1);
         let mut tmp = Scalar::zero();
         unsafe { p256_scalar_sqr_rep_mont(tmp.limbs.as_mut_ptr(), a.limbs.as_ptr(), squarings) }
         mul(&tmp, b)
     }
 
     // Sets `acc` = (`acc` squared `squarings` times) * `b`.
-    fn sqr_mul_acc(acc: &mut Scalar<R>, squarings: Limb, b: &Scalar<R>) {
+    fn sqr_mul_acc(acc: &mut Scalar<R>, squarings: LeakyWord, b: &Scalar<R>) {
         debug_assert!(squarings >= 1);
         unsafe { p256_scalar_sqr_rep_mont(acc.limbs.as_mut_ptr(), acc.limbs.as_ptr(), squarings) }
         binary_op_assign(p256_scalar_mul_mont, acc, b);

diff --git a/src/ec/suite_b/ops/p384.rs b/src/ec/suite_b/ops/p384.rs
@@ -56,12 +56,12 @@ fn p384_elem_inv_squared(a: &Elem<R>, _cpu: cpu::Features) -> Elem<R> {
     //      ffffffff0000000000000000fffffffc
 
     #[inline]
-    fn sqr_mul(a: &Elem<R>, squarings: usize, b: &Elem<R>) -> Elem<R> {
+    fn sqr_mul(a: &Elem<R>, squarings: LeakyWord, b: &Elem<R>) -> Elem<R> {
         elem_sqr_mul(&COMMON_OPS, a, squarings, b)
     }
 
     #[inline]
-    fn sqr_mul_acc(a: &mut Elem<R>, squarings: usize, b: &Elem<R>) {
+    fn sqr_mul_acc(a: &mut Elem<R>, squarings: LeakyWord, b: &Elem<R>) {
         elem_sqr_mul_acc(&COMMON_OPS, a, squarings, b)
     }
 
@@ -161,7 +161,7 @@ fn p384_scalar_inv_to_mont(a: Scalar<R>, _cpu: cpu::Features) -> Scalar<R> {
     }
 
     // Returns (`a` squared `squarings` times) * `b`.
-    fn sqr_mul(a: &Scalar<R>, squarings: usize, b: &Scalar<R>) -> Scalar<R> {
+    fn sqr_mul(a: &Scalar<R>, squarings: LeakyWord, b: &Scalar<R>) -> Scalar<R> {
         debug_assert!(squarings >= 1);
         let mut tmp = sqr(a);
         for _ in 1..squarings {
@@ -171,7 +171,7 @@ fn p384_scalar_inv_to_mont(a: Scalar<R>, _cpu: cpu::Features) -> Scalar<R> {
     }
 
     // Sets `acc` = (`acc` squared `squarings` times) * `b`.
-    fn sqr_mul_acc(acc: &mut Scalar<R>, squarings: usize, b: &Scalar<R>) {
+    fn sqr_mul_acc(acc: &mut Scalar<R>, squarings: LeakyWord, b: &Scalar<R>) {
         debug_assert!(squarings >= 1);
         for _ in 0..squarings {
             sqr_mut(acc);
@@ -258,7 +258,7 @@ fn p384_scalar_inv_to_mont(a: Scalar<R>, _cpu: cpu::Features) -> Scalar<R> {
     ];
 
     for &(squarings, digit) in &REMAINING_WINDOWS[..] {
-        sqr_mul_acc(&mut acc, usize::from(squarings), &d[usize::from(digit)]);
+        sqr_mul_acc(&mut acc, LeakyWord::from(squarings), &d[usize::from(digit)]);
     }
 
     acc