diff --git a/Cargo.lock b/Cargo.lock index 36e33610..baff96e6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -963,6 +963,6 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "zeroize" -version = "1.6.0" +version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +checksum = "12a3946ecfc929b583800f4629b6c25b88ac6e92a40ea5670f77112a85d40a8b" diff --git a/src/checked.rs b/src/checked.rs index caf0dfd8..d1f61604 100644 --- a/src/checked.rs +++ b/src/checked.rs @@ -8,7 +8,7 @@ use serdect::serde::{Deserialize, Deserializer, Serialize, Serializer}; /// Provides intentionally-checked arithmetic on `T`. /// /// Internally this leverages the [`CtOption`] type from the [`subtle`] crate -/// in order to handle overflows in constant time. +/// in order to handle overflows. #[derive(Copy, Clone, Debug)] pub struct Checked(pub CtOption); diff --git a/src/uint/add_mod.rs b/src/uint/add_mod.rs index 70674f5e..091ba463 100644 --- a/src/uint/add_mod.rs +++ b/src/uint/add_mod.rs @@ -3,7 +3,7 @@ use crate::{AddMod, Limb, Uint}; impl Uint { - /// Computes `self + rhs mod p` in constant time. + /// Computes `self + rhs mod p`. /// /// Assumes `self + rhs` as unbounded integer is `< 2p`. pub const fn add_mod(&self, rhs: &Uint, p: &Uint) -> Uint { @@ -21,7 +21,7 @@ impl Uint { w.wrapping_add(&p.bitand(&mask)) } - /// Computes `self + rhs mod p` in constant time for the special modulus + /// Computes `self + rhs mod p` for the special modulus /// `p = MAX+1-c` where `c` is small enough to fit in a single [`Limb`]. /// /// Assumes `self + rhs` as unbounded integer is `< 2p`. diff --git a/src/uint/bits.rs b/src/uint/bits.rs index 9e6c1d71..da514058 100644 --- a/src/uint/bits.rs +++ b/src/uint/bits.rs @@ -2,6 +2,9 @@ use crate::{CtChoice, Limb, Uint, Word}; impl Uint { /// Returns `true` if the bit at position `index` is set, `false` otherwise. + /// + /// # Remarks + /// This operation is variable time with respect to `index` only. #[inline(always)] pub const fn bit_vartime(&self, index: usize) -> bool { if index >= Self::BITS { diff --git a/src/uint/div_limb.rs b/src/uint/div_limb.rs index c00bc77c..3edf80af 100644 --- a/src/uint/div_limb.rs +++ b/src/uint/div_limb.rs @@ -81,7 +81,7 @@ const fn ct_select(a: u32, b: u32, c: u32) -> u32 { a ^ (c & (a ^ b)) } -/// Calculates `dividend / divisor` in constant time, given `dividend` and `divisor` +/// Calculates `dividend / divisor`, given `dividend` and `divisor` /// along with their maximum bitsizes. #[inline(always)] const fn short_div(dividend: u32, dividend_bits: u32, divisor: u32, divisor_bits: u32) -> u32 { diff --git a/src/uint/modular/constant_mod.rs b/src/uint/modular/constant_mod.rs index b775af45..bb499550 100644 --- a/src/uint/modular/constant_mod.rs +++ b/src/uint/modular/constant_mod.rs @@ -115,7 +115,7 @@ impl, const LIMBS: usize> Residue { // TODO: remove this method when we can use `generic_const_exprs.` to ensure the modulus is // always valid. pub fn new_checked(integer: &Uint) -> CtOption { - // A valid modulus must be odd, which we can check in constant time + // A valid modulus must be odd. CtOption::new( Self::generate_residue(integer), MOD::MODULUS.ct_is_odd().into(), diff --git a/src/uint/modular/runtime_mod.rs b/src/uint/modular/runtime_mod.rs index ad5cfd58..3a25d80d 100644 --- a/src/uint/modular/runtime_mod.rs +++ b/src/uint/modular/runtime_mod.rs @@ -80,7 +80,7 @@ impl DynResidueParams { note = "This functionality will be moved to `new` in a future release." )] pub fn new_checked(modulus: &Uint) -> CtOption { - // A valid modulus must be odd, which we check in constant time + // A valid modulus must be odd. CtOption::new(Self::generate_params(modulus), modulus.ct_is_odd().into()) } diff --git a/src/uint/mul_mod.rs b/src/uint/mul_mod.rs index 0916ede4..c46274a4 100644 --- a/src/uint/mul_mod.rs +++ b/src/uint/mul_mod.rs @@ -3,7 +3,7 @@ use crate::{Limb, Uint, WideWord, Word}; impl Uint { - /// Computes `self * rhs mod p` in constant time for the special modulus + /// Computes `self * rhs mod p` for the special modulus /// `p = MAX+1-c` where `c` is small enough to fit in a single [`Limb`]. /// For the modulus reduction, this function implements Algorithm 14.47 from /// the "Handbook of Applied Cryptography", by A. Menezes, P. van Oorschot, diff --git a/src/uint/neg_mod.rs b/src/uint/neg_mod.rs index aaed2768..38580ed5 100644 --- a/src/uint/neg_mod.rs +++ b/src/uint/neg_mod.rs @@ -3,7 +3,7 @@ use crate::{Limb, NegMod, Uint}; impl Uint { - /// Computes `-a mod p` in constant time. + /// Computes `-a mod p`. /// Assumes `self` is in `[0, p)`. pub const fn neg_mod(&self, p: &Self) -> Self { let z = self.ct_is_nonzero(); @@ -18,7 +18,7 @@ impl Uint { ret } - /// Computes `-a mod p` in constant time for the special modulus + /// Computes `-a mod p` for the special modulus /// `p = MAX+1-c` where `c` is small enough to fit in a single [`Limb`]. pub const fn neg_mod_special(&self, c: Limb) -> Self { Self::ZERO.sub_mod_special(self, c) diff --git a/src/uint/sub_mod.rs b/src/uint/sub_mod.rs index b32babb8..936c6d7a 100644 --- a/src/uint/sub_mod.rs +++ b/src/uint/sub_mod.rs @@ -3,7 +3,7 @@ use crate::{Limb, SubMod, Uint}; impl Uint { - /// Computes `self - rhs mod p` in constant time. + /// Computes `self - rhs mod p`. /// /// Assumes `self - rhs` as unbounded signed integer is in `[-p, p)`. pub const fn sub_mod(&self, rhs: &Uint, p: &Uint) -> Uint { @@ -34,7 +34,7 @@ impl Uint { out.wrapping_add(&p.bitand(&mask)) } - /// Computes `self - rhs mod p` in constant time for the special modulus + /// Computes `self - rhs mod p` for the special modulus /// `p = MAX+1-c` where `c` is small enough to fit in a single [`Limb`]. /// /// Assumes `self - rhs` as unbounded signed integer is in `[-p, p)`.