montgomery: Clarify minimum limb width for bn_mul_mont.

briansmith · Dec 5, 2023 · 24327cb · 24327cb
1 parent 317a062
commit 24327cb
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 45 deletions.
diff --git a/src/arithmetic/bigint/modulus.rs b/src/arithmetic/bigint/modulus.rs
@@ -12,7 +12,7 @@
 // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-use super::{BoxedLimbs, Elem, PublicModulus, Unencoded, N0};
+use super::{super::montgomery, BoxedLimbs, Elem, PublicModulus, Unencoded, N0};
 use crate::{
     bits::BitLength,
     cpu, error,
@@ -21,13 +21,6 @@ use crate::{
 };
 use core::marker::PhantomData;
 
-/// The x86 implementation of `bn_mul_mont`, at least, requires at least 4
-/// limbs. For a long time we have required 4 limbs for all targets, though
-/// this may be unnecessary. TODO: Replace this with
-/// `n.len() < 256 / LIMB_BITS` so that 32-bit and 64-bit platforms behave the
-/// same.
-pub const MODULUS_MIN_LIMBS: usize = 4;
-
 pub const MODULUS_MAX_LIMBS: usize = super::super::BIGINT_MODULUS_MAX_LIMBS;
 
 /// The modulus *m* for a ring ℤ/mℤ, along with the precomputed values needed
@@ -99,7 +92,7 @@ impl<M> OwnedModulus<M> {
         if n.len() > MODULUS_MAX_LIMBS {
             return Err(error::KeyRejected::too_large());
         }
-        if n.len() < MODULUS_MIN_LIMBS {
+        if n.len() < montgomery::MIN_LIMBS {
             return Err(error::KeyRejected::unexpected_error());
         }
         if limb::limbs_are_even_constant_time(&n) != LimbMask::False {

diff --git a/src/arithmetic/montgomery.rs b/src/arithmetic/montgomery.rs
@@ -112,17 +112,24 @@ impl ProductEncoding for (RRR, RInverse) {
 #[allow(unused_imports)]
 use crate::{bssl, c, limb::Limb};
 
+/// The x86 implementation of `bn_mul_mont`, at least, requires at least 4
+/// limbs. For a long time we have required 4 limbs for all targets, though
+/// this may be unnecessary. TODO: Replace this with
+/// `n.len() < 256 / LIMB_BITS` so that 32-bit and 64-bit platforms behave the
+/// same.
+pub const MIN_LIMBS: usize = 4;
+
 #[inline(always)]
 unsafe fn mul_mont(
     r: *mut Limb,
     a: *const Limb,
     b: *const Limb,
-    n: *const Limb,
+    m: &[Limb],
     n0: &N0,
-    num_limbs: c::size_t,
     _: cpu::Features,
 ) {
-    bn_mul_mont(r, a, b, n, n0, num_limbs)
+    debug_assert!(m.len() >= MIN_LIMBS);
+    bn_mul_mont(r, a, b, m.as_ptr(), n0, m.len())
 }
 
 #[cfg(not(any(
@@ -260,17 +267,7 @@ pub(super) fn limbs_mont_mul(
 ) {
     debug_assert_eq!(r.len(), m.len());
     debug_assert_eq!(a.len(), m.len());
-    unsafe {
-        mul_mont(
-            r.as_mut_ptr(),
-            r.as_ptr(),
-            a.as_ptr(),
-            m.as_ptr(),
-            n0,
-            r.len(),
-            cpu_features,
-        )
-    }
+    unsafe { mul_mont(r.as_mut_ptr(), r.as_ptr(), a.as_ptr(), m, n0, cpu_features) }
 }
 
 /// r = a * b
@@ -287,33 +284,13 @@ pub(super) fn limbs_mont_product(
     debug_assert_eq!(a.len(), m.len());
     debug_assert_eq!(b.len(), m.len());
 
-    unsafe {
-        mul_mont(
-            r.as_mut_ptr(),
-            a.as_ptr(),
-            b.as_ptr(),
-            m.as_ptr(),
-            n0,
-            r.len(),
-            cpu_features,
-        )
-    }
+    unsafe { mul_mont(r.as_mut_ptr(), a.as_ptr(), b.as_ptr(), m, n0, cpu_features) }
 }
 
 /// r = r**2
 pub(super) fn limbs_mont_square(r: &mut [Limb], m: &[Limb], n0: &N0, cpu_features: cpu::Features) {
     debug_assert_eq!(r.len(), m.len());
-    unsafe {
-        mul_mont(
-            r.as_mut_ptr(),
-            r.as_ptr(),
-            r.as_ptr(),
-            m.as_ptr(),
-            n0,
-            r.len(),
-            cpu_features,
-        )
-    }
+    unsafe { mul_mont(r.as_mut_ptr(), r.as_ptr(), r.as_ptr(), m, n0, cpu_features) }
 }
 #[cfg(test)]
 mod tests {