Don't use "ct_" prefixes for constant-time methods - it is the default

RustCrypto · Dec 12, 2023 · 84df9c3 · 84df9c3
1 parent 5ee582b
commit 84df9c3
Show file tree

Hide file tree

Showing 18 changed files with 86 additions and 77 deletions.
diff --git a/src/limb/cmp.rs b/src/limb/cmp.rs
@@ -28,13 +28,13 @@ impl Limb {
 
     /// Return `b` if `c` is truthy, otherwise return `a`.
     #[inline]
-    pub(crate) const fn ct_select(a: Self, b: Self, c: CtChoice) -> Self {
+    pub(crate) const fn select(a: Self, b: Self, c: CtChoice) -> Self {
         Self(c.select_word(a.0, b.0))
     }
 
     /// Returns the truthy value if `self != 0` and the falsy value otherwise.
     #[inline]
-    pub(crate) const fn ct_is_nonzero(&self) -> CtChoice {
+    pub(crate) const fn is_nonzero(&self) -> CtChoice {
         CtChoice::from_word_nonzero(self.0)
     }
 }

diff --git a/src/modular/div_by_2.rs b/src/modular/div_by_2.rs
@@ -26,5 +26,5 @@ pub(crate) fn div_by_2<const LIMBS: usize>(a: &Uint<LIMBS>, modulus: &Uint<LIMBS
         .wrapping_add(&half_modulus)
         .wrapping_add(&Uint::<LIMBS>::ONE);
 
-    Uint::<LIMBS>::ct_select(&if_even, &if_odd, is_odd)
+    Uint::<LIMBS>::select(&if_even, &if_odd, is_odd)
 }
diff --git a/src/modular/dyn_residue.rs b/src/modular/dyn_residue.rs
@@ -40,7 +40,7 @@ impl<const LIMBS: usize> DynResidueParams<LIMBS> {
         let r = Uint::MAX.const_rem(modulus).0.wrapping_add(&Uint::ONE);
         let r2 = Uint::const_rem_wide(r.square_wide(), modulus).0;
 
-        // If the inverse does not exist, it means the modulus is odd.
+        // If the inverse exists, it means the modulus is odd.
         let (inv_mod_limb, modulus_is_odd) = modulus.inv_mod2k_vartime(Word::BITS);
         let mod_neg_inv = Limb(Word::MIN.wrapping_sub(inv_mod_limb.limbs[0].0));
 

diff --git a/src/modular/pow.rs b/src/modular/pow.rs
@@ -164,7 +164,7 @@ const fn multi_exponentiate_montgomery_form_internal<const LIMBS: usize, const R
                 let mut j = 1;
                 while j < 1 << WINDOW {
                     let choice = CtChoice::from_word_eq(j, idx);
-                    power = Uint::<LIMBS>::ct_select(&power, &powers[j as usize], choice);
+                    power = Uint::<LIMBS>::select(&power, &powers[j as usize], choice);
                     j += 1;
                 }
 

diff --git a/src/modular/residue.rs b/src/modular/residue.rs
@@ -100,7 +100,7 @@ impl<MOD: ResidueParams<LIMBS>, const LIMBS: usize> Residue<MOD, LIMBS> {
     /// [`new_checked`][`Residue::new_checked`] if you want to be able to detect an invalid modulus.
     pub const fn new(integer: &Uint<LIMBS>) -> Self {
         // A valid modulus must be odd
-        if MOD::MODULUS.ct_is_odd().to_u8() == 0 {
+        if MOD::MODULUS.is_odd().to_u8() == 0 {
             panic!("modulus must be odd");
         }
 
@@ -117,7 +117,7 @@ impl<MOD: ResidueParams<LIMBS>, const LIMBS: usize> Residue<MOD, LIMBS> {
         // A valid modulus must be odd.
         CtOption::new(
             Self::generate_residue(integer),
-            MOD::MODULUS.ct_is_odd().into(),
+            MOD::MODULUS.is_odd().into(),
         )
     }
 
@@ -226,7 +226,7 @@ where
         D: Deserializer<'de>,
     {
         Uint::<LIMBS>::deserialize(deserializer).and_then(|montgomery_form| {
-            if Uint::ct_lt(&montgomery_form, &MOD::MODULUS).into() {
+            if montgomery_form < MOD::MODULUS {
                 Ok(Self {
                     montgomery_form,
                     phantom: PhantomData,

diff --git a/src/non_zero.rs b/src/non_zero.rs
@@ -28,15 +28,15 @@ impl NonZero<Limb> {
     /// Creates a new non-zero limb in a const context.
     /// The second return value is `FALSE` if `n` is zero, `TRUE` otherwise.
     pub const fn const_new(n: Limb) -> (Self, CtChoice) {
-        (Self(n), n.ct_is_nonzero())
+        (Self(n), n.is_nonzero())
     }
 }
 
 impl<const LIMBS: usize> NonZero<Uint<LIMBS>> {
     /// Creates a new non-zero integer in a const context.
     /// The second return value is `FALSE` if `n` is zero, `TRUE` otherwise.
     pub const fn const_new(n: Uint<LIMBS>) -> (Self, CtChoice) {
-        (Self(n), n.ct_is_nonzero())
+        (Self(n), n.is_nonzero())
     }
 }
 

diff --git a/src/uint/add.rs b/src/uint/add.rs
@@ -24,7 +24,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
     /// Perform saturating addition, returning `MAX` on overflow.
     pub const fn saturating_add(&self, rhs: &Self) -> Self {
         let (res, overflow) = self.adc(rhs, Limb::ZERO);
-        Self::ct_select(&res, &Self::MAX, CtChoice::from_word_lsb(overflow.0))
+        Self::select(&res, &Self::MAX, CtChoice::from_word_lsb(overflow.0))
     }
 
     /// Perform wrapping addition, discarding overflow.
@@ -39,7 +39,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
         rhs: &Self,
         choice: CtChoice,
     ) -> (Self, CtChoice) {
-        let actual_rhs = Uint::ct_select(&Uint::ZERO, rhs, choice);
+        let actual_rhs = Uint::select(&Uint::ZERO, rhs, choice);
         let (sum, carry) = self.adc(&actual_rhs, Limb::ZERO);
         (sum, CtChoice::from_word_lsb(carry.0))
     }

diff --git a/src/uint/cmp.rs b/src/uint/cmp.rs
@@ -10,46 +10,46 @@ use subtle::{Choice, ConstantTimeEq, ConstantTimeGreater, ConstantTimeLess};
 impl<const LIMBS: usize> Uint<LIMBS> {
     /// Return `b` if `c` is truthy, otherwise return `a`.
     #[inline]
-    pub(crate) const fn ct_select(a: &Self, b: &Self, c: CtChoice) -> Self {
+    pub(crate) const fn select(a: &Self, b: &Self, c: CtChoice) -> Self {
         let mut limbs = [Limb::ZERO; LIMBS];
 
         let mut i = 0;
         while i < LIMBS {
-            limbs[i] = Limb::ct_select(a.limbs[i], b.limbs[i], c);
+            limbs[i] = Limb::select(a.limbs[i], b.limbs[i], c);
             i += 1;
         }
 
         Uint { limbs }
     }
 
     #[inline]
-    pub(crate) const fn ct_swap(a: &Self, b: &Self, c: CtChoice) -> (Self, Self) {
-        let new_a = Self::ct_select(a, b, c);
-        let new_b = Self::ct_select(b, a, c);
+    pub(crate) const fn swap(a: &Self, b: &Self, c: CtChoice) -> (Self, Self) {
+        let new_a = Self::select(a, b, c);
+        let new_b = Self::select(b, a, c);
 
         (new_a, new_b)
     }
 
     /// Returns the truthy value if `self`!=0 or the falsy value otherwise.
     #[inline]
-    pub(crate) const fn ct_is_nonzero(&self) -> CtChoice {
+    pub(crate) const fn is_nonzero(&self) -> CtChoice {
         let mut b = 0;
         let mut i = 0;
         while i < LIMBS {
             b |= self.limbs[i].0;
             i += 1;
         }
-        Limb(b).ct_is_nonzero()
+        Limb(b).is_nonzero()
     }
 
     /// Returns the truthy value if `self` is odd or the falsy value otherwise.
-    pub(crate) const fn ct_is_odd(&self) -> CtChoice {
+    pub(crate) const fn is_odd(&self) -> CtChoice {
         CtChoice::from_word_lsb(self.limbs[0].0 & 1)
     }
 
     /// Returns the truthy value if `self == rhs` or the falsy value otherwise.
     #[inline]
-    pub(crate) const fn ct_eq(lhs: &Self, rhs: &Self) -> CtChoice {
+    pub(crate) const fn eq(lhs: &Self, rhs: &Self) -> CtChoice {
         let mut acc = 0;
         let mut i = 0;
 
@@ -59,12 +59,12 @@ impl<const LIMBS: usize> Uint<LIMBS> {
         }
 
         // acc == 0 if and only if self == rhs
-        Limb(acc).ct_is_nonzero().not()
+        Limb(acc).is_nonzero().not()
     }
 
     /// Returns the truthy value if `self <= rhs` and the falsy value otherwise.
     #[inline]
-    pub(crate) const fn ct_lt(lhs: &Self, rhs: &Self) -> CtChoice {
+    pub(crate) const fn lt(lhs: &Self, rhs: &Self) -> CtChoice {
         // We could use the same approach as in Limb::ct_lt(),
         // but since we have to use Uint::wrapping_sub(), which calls `sbb()`,
         // there are no savings compared to just calling `sbb()` directly.
@@ -74,7 +74,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
 
     /// Returns the truthy value if `self >= rhs` and the falsy value otherwise.
     #[inline]
-    pub(crate) const fn ct_gt(lhs: &Self, rhs: &Self) -> CtChoice {
+    pub(crate) const fn gt(lhs: &Self, rhs: &Self) -> CtChoice {
         let (_res, borrow) = rhs.sbb(lhs, Limb::ZERO);
         CtChoice::from_word_mask(borrow.0)
     }
@@ -85,7 +85,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
     ///   0 is Equal
     ///   1 is Greater
     #[inline]
-    pub(crate) const fn ct_cmp(lhs: &Self, rhs: &Self) -> i8 {
+    pub(crate) const fn cmp(lhs: &Self, rhs: &Self) -> i8 {
         let mut i = 0;
         let mut borrow = Limb::ZERO;
         let mut diff = Limb::ZERO;
@@ -97,7 +97,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
             i += 1;
         }
         let sgn = ((borrow.0 & 2) as i8) - 1;
-        (diff.ct_is_nonzero().to_u8() as i8) * sgn
+        (diff.is_nonzero().to_u8() as i8) * sgn
     }
 
     /// Returns the Ordering between `self` and `rhs` in variable time.
@@ -123,29 +123,29 @@ impl<const LIMBS: usize> Uint<LIMBS> {
 impl<const LIMBS: usize> ConstantTimeEq for Uint<LIMBS> {
     #[inline]
     fn ct_eq(&self, other: &Self) -> Choice {
-        Uint::ct_eq(self, other).into()
+        Uint::eq(self, other).into()
     }
 }
 
 impl<const LIMBS: usize> ConstantTimeGreater for Uint<LIMBS> {
     #[inline]
     fn ct_gt(&self, other: &Self) -> Choice {
-        Uint::ct_gt(self, other).into()
+        Uint::gt(self, other).into()
     }
 }
 
 impl<const LIMBS: usize> ConstantTimeLess for Uint<LIMBS> {
     #[inline]
     fn ct_lt(&self, other: &Self) -> Choice {
-        Uint::ct_lt(self, other).into()
+        Uint::lt(self, other).into()
     }
 }
 
 impl<const LIMBS: usize> Eq for Uint<LIMBS> {}
 
 impl<const LIMBS: usize> Ord for Uint<LIMBS> {
     fn cmp(&self, other: &Self) -> Ordering {
-        let c = Self::ct_cmp(self, other);
+        let c = Self::cmp(self, other);
         match c {
             -1 => Ordering::Less,
             0 => Ordering::Equal,
@@ -181,9 +181,15 @@ mod tests {
 
     #[test]
     fn is_odd() {
+        // inherent methods
         assert!(!bool::from(U128::ZERO.is_odd()));
         assert!(bool::from(U128::ONE.is_odd()));
         assert!(bool::from(U128::MAX.is_odd()));
+
+        // `Integer` methods
+        assert!(!bool::from(<U128 as Integer>::is_odd(&U128::ZERO)));
+        assert!(bool::from(<U128 as Integer>::is_odd(&U128::ONE)));
+        assert!(bool::from(<U128 as Integer>::is_odd(&U128::MAX)));
     }
 
     #[test]

diff --git a/src/uint/div.rs b/src/uint/div.rs
@@ -9,7 +9,10 @@ impl<const LIMBS: usize> Uint<LIMBS> {
     /// Computes `self` / `rhs` using a pre-made reciprocal,
     /// returns the quotient (q) and remainder (r).
     #[inline(always)]
-    pub const fn ct_div_rem_limb_with_reciprocal(&self, reciprocal: &Reciprocal) -> (Self, Limb) {
+    pub const fn const_div_rem_limb_with_reciprocal(
+        &self,
+        reciprocal: &Reciprocal,
+    ) -> (Self, Limb) {
         div_rem_limb_with_reciprocal(self, reciprocal)
     }
 
@@ -27,8 +30,8 @@ impl<const LIMBS: usize> Uint<LIMBS> {
     /// Returns the truthy value as the third element of the tuple if `rhs != 0`,
     /// and the falsy value otherwise.
     #[inline(always)]
-    pub(crate) const fn ct_div_rem_limb(&self, rhs: Limb) -> (Self, Limb, CtChoice) {
-        let (reciprocal, is_some) = Reciprocal::ct_new(rhs);
+    pub(crate) const fn const_div_rem_limb(&self, rhs: Limb) -> (Self, Limb, CtChoice) {
+        let (reciprocal, is_some) = Reciprocal::const_new(rhs);
         let (quo, rem) = div_rem_limb_with_reciprocal(self, &reciprocal);
         (quo, rem, is_some)
     }
@@ -37,7 +40,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
     #[inline(always)]
     pub fn div_rem_limb(&self, rhs: NonZero<Limb>) -> (Self, Limb) {
         // Guaranteed to succeed since `rhs` is nonzero.
-        let (quo, rem, _is_some) = self.ct_div_rem_limb(*rhs);
+        let (quo, rem, _is_some) = self.const_div_rem_limb(*rhs);
         (quo, rem)
     }
 
@@ -59,9 +62,9 @@ impl<const LIMBS: usize> Uint<LIMBS> {
         let mut done = CtChoice::FALSE;
         loop {
             let (mut r, borrow) = rem.sbb(&c, Limb::ZERO);
-            rem = Self::ct_select(&r, &rem, CtChoice::from_word_mask(borrow.0).or(done));
+            rem = Self::select(&r, &rem, CtChoice::from_word_mask(borrow.0).or(done));
             r = quo.bitor(&Self::ONE);
-            quo = Self::ct_select(&r, &quo, CtChoice::from_word_mask(borrow.0).or(done));
+            quo = Self::select(&r, &quo, CtChoice::from_word_mask(borrow.0).or(done));
             if i == 0 {
                 break;
             }
@@ -70,11 +73,11 @@ impl<const LIMBS: usize> Uint<LIMBS> {
             // aren't modified further (but do the remaining iterations anyway to be constant-time)
             done = CtChoice::from_word_lt(i as Word, mb as Word);
             c = c.shr1();
-            quo = Self::ct_select(&quo.shl1(), &quo, done);
+            quo = Self::select(&quo.shl1(), &quo, done);
         }
 
-        let is_some = Limb(mb as Word).ct_is_nonzero();
-        quo = Self::ct_select(&Self::ZERO, &quo, is_some);
+        let is_some = Limb(mb as Word).is_nonzero();
+        quo = Self::select(&Self::ZERO, &quo, is_some);
         (quo, rem, is_some)
     }
 
@@ -97,9 +100,9 @@ impl<const LIMBS: usize> Uint<LIMBS> {
 
         loop {
             let (mut r, borrow) = rem.sbb(&c, Limb::ZERO);
-            rem = Self::ct_select(&r, &rem, CtChoice::from_word_mask(borrow.0));
+            rem = Self::select(&r, &rem, CtChoice::from_word_mask(borrow.0));
             r = quo.bitor(&Self::ONE);
-            quo = Self::ct_select(&r, &quo, CtChoice::from_word_mask(borrow.0));
+            quo = Self::select(&r, &quo, CtChoice::from_word_mask(borrow.0));
             if bd == 0 {
                 break;
             }
@@ -109,7 +112,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
         }
 
         let is_some = CtChoice::from_u32_nonzero(mb);
-        quo = Self::ct_select(&Self::ZERO, &quo, is_some);
+        quo = Self::select(&Self::ZERO, &quo, is_some);
         (quo, rem, is_some)
     }
 
@@ -129,7 +132,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
 
         loop {
             let (r, borrow) = rem.sbb(&c, Limb::ZERO);
-            rem = Self::ct_select(&r, &rem, CtChoice::from_word_mask(borrow.0));
+            rem = Self::select(&r, &rem, CtChoice::from_word_mask(borrow.0));
             if bd == 0 {
                 break;
             }
@@ -164,8 +167,8 @@ impl<const LIMBS: usize> Uint<LIMBS> {
             let (lower_sub, borrow) = lower.sbb(&c.0, Limb::ZERO);
             let (upper_sub, borrow) = upper.sbb(&c.1, borrow);
 
-            lower = Self::ct_select(&lower_sub, &lower, CtChoice::from_word_mask(borrow.0));
-            upper = Self::ct_select(&upper_sub, &upper, CtChoice::from_word_mask(borrow.0));
+            lower = Self::select(&lower_sub, &lower, CtChoice::from_word_mask(borrow.0));
+            upper = Self::select(&upper_sub, &upper, CtChoice::from_word_mask(borrow.0));
             if bd == 0 {
                 break;
             }
@@ -191,7 +194,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
 
         let outmask = Limb(out.limbs[limb_num].0 & mask);
 
-        out.limbs[limb_num] = Limb::ct_select(out.limbs[limb_num], outmask, le);
+        out.limbs[limb_num] = Limb::select(out.limbs[limb_num], outmask, le);
 
         // TODO: this is not constant-time.
         let mut i = limb_num + 1;
@@ -305,7 +308,7 @@ impl<const LIMBS: usize> Div<NonZero<Limb>> for Uint<LIMBS> {
     type Output = Uint<LIMBS>;
 
     fn div(self, rhs: NonZero<Limb>) -> Self::Output {
-        let (q, _, _) = self.ct_div_rem_limb(*rhs);
+        let (q, _, _) = self.const_div_rem_limb(*rhs);
         q
     }
 }
@@ -394,7 +397,7 @@ impl<const LIMBS: usize> Rem<NonZero<Limb>> for Uint<LIMBS> {
     type Output = Limb;
 
     fn rem(self, rhs: NonZero<Limb>) -> Self::Output {
-        let (_, r, _) = self.ct_div_rem_limb(*rhs);
+        let (_, r, _) = self.const_div_rem_limb(*rhs);
         r
     }
 }