Upgrade fiat-crypto, rewrite to use new types (#719)

divviup · Sep 1, 2023 · a964428 · a964428
1 parent e15de68
commit a964428
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 24 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -15,7 +15,7 @@ aes = { version = "0.8.3", optional = true }
 bitvec = { version = "1.0.1", optional = true }
 byteorder = "1.4.3"
 ctr = { version = "0.9.2", optional = true }
-fiat-crypto = { version = "0.1.20", optional = true }
+fiat-crypto = { version = "0.2.0", optional = true }
 fixed = { version = "1.23", optional = true }
 getrandom = { version = "0.2.10", features = ["std"] }
 hmac = { version = "0.12.1", optional = true }

diff --git a/src/field/field255.rs b/src/field/field255.rs
@@ -8,8 +8,9 @@ use crate::{
     field::{FieldElement, FieldElementVisitor, FieldError},
 };
 use fiat_crypto::curve25519_64::{
-    fiat_25519_add, fiat_25519_carry, fiat_25519_carry_mul, fiat_25519_from_bytes, fiat_25519_opp,
-    fiat_25519_selectznz, fiat_25519_sub, fiat_25519_tight_field_element, fiat_25519_to_bytes,
+    fiat_25519_add, fiat_25519_carry, fiat_25519_carry_mul, fiat_25519_from_bytes,
+    fiat_25519_loose_field_element, fiat_25519_opp, fiat_25519_relax, fiat_25519_selectznz,
+    fiat_25519_sub, fiat_25519_tight_field_element, fiat_25519_to_bytes,
 };
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
 use std::{
@@ -71,7 +72,7 @@ impl Field255 {
             return Err(FieldError::ModulusOverflow);
         }
 
-        let mut output = [0; 5];
+        let mut output = fiat_25519_tight_field_element([0; 5]);
         fiat_25519_from_bytes(&mut output, &value);
 
         Ok(Field255(output))
@@ -95,8 +96,8 @@ impl ConstantTimeEq for Field255 {
 impl ConditionallySelectable for Field255 {
     fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
         let mut output = [0; 5];
-        fiat_25519_selectznz(&mut output, choice.unwrap_u8(), &a.0, &b.0);
-        Field255(output)
+        fiat_25519_selectznz(&mut output, choice.unwrap_u8(), &(a.0).0, &(b.0).0);
+        Field255(fiat_25519_tight_field_element(output))
     }
 }
 
@@ -112,17 +113,17 @@ impl Add for Field255 {
     type Output = Field255;
 
     fn add(self, rhs: Self) -> Field255 {
-        let mut loose_output = [0; 5];
+        let mut loose_output = fiat_25519_loose_field_element([0; 5]);
         fiat_25519_add(&mut loose_output, &self.0, &rhs.0);
-        let mut output = [0; 5];
+        let mut output = fiat_25519_tight_field_element([0; 5]);
         fiat_25519_carry(&mut output, &loose_output);
         Field255(output)
     }
 }
 
 impl AddAssign for Field255 {
     fn add_assign(&mut self, rhs: Self) {
-        let mut loose_output = [0; 5];
+        let mut loose_output = fiat_25519_loose_field_element([0; 5]);
         fiat_25519_add(&mut loose_output, &self.0, &rhs.0);
         fiat_25519_carry(&mut self.0, &loose_output);
     }
@@ -132,17 +133,17 @@ impl Sub for Field255 {
     type Output = Field255;
 
     fn sub(self, rhs: Self) -> Field255 {
-        let mut loose_output = [0; 5];
+        let mut loose_output = fiat_25519_loose_field_element([0; 5]);
         fiat_25519_sub(&mut loose_output, &self.0, &rhs.0);
-        let mut output = [0; 5];
+        let mut output = fiat_25519_tight_field_element([0; 5]);
         fiat_25519_carry(&mut output, &loose_output);
         Field255(output)
     }
 }
 
 impl SubAssign for Field255 {
     fn sub_assign(&mut self, rhs: Self) {
-        let mut loose_output = [0; 5];
+        let mut loose_output = fiat_25519_loose_field_element([0; 5]);
         fiat_25519_sub(&mut loose_output, &self.0, &rhs.0);
         fiat_25519_carry(&mut self.0, &loose_output);
     }
@@ -152,16 +153,23 @@ impl Mul for Field255 {
     type Output = Field255;
 
     fn mul(self, rhs: Self) -> Field255 {
-        let mut output = [0; 5];
-        fiat_25519_carry_mul(&mut output, &self.0, &rhs.0);
+        let mut self_relaxed = fiat_25519_loose_field_element([0; 5]);
+        fiat_25519_relax(&mut self_relaxed, &self.0);
+        let mut rhs_relaxed = fiat_25519_loose_field_element([0; 5]);
+        fiat_25519_relax(&mut rhs_relaxed, &rhs.0);
+        let mut output = fiat_25519_tight_field_element([0; 5]);
+        fiat_25519_carry_mul(&mut output, &self_relaxed, &rhs_relaxed);
         Field255(output)
     }
 }
 
 impl MulAssign for Field255 {
     fn mul_assign(&mut self, rhs: Self) {
-        let self_copy = self.0;
-        fiat_25519_carry_mul(&mut self.0, &self_copy, &rhs.0);
+        let mut self_relaxed = fiat_25519_loose_field_element([0; 5]);
+        fiat_25519_relax(&mut self_relaxed, &self.0);
+        let mut rhs_relaxed = fiat_25519_loose_field_element([0; 5]);
+        fiat_25519_relax(&mut rhs_relaxed, &rhs.0);
+        fiat_25519_carry_mul(&mut self.0, &self_relaxed, &rhs_relaxed);
     }
 }
 
@@ -191,9 +199,9 @@ impl<'a> Neg for &'a Field255 {
     type Output = Field255;
 
     fn neg(self) -> Field255 {
-        let mut loose_output = [0; 5];
+        let mut loose_output = fiat_25519_loose_field_element([0; 5]);
         fiat_25519_opp(&mut loose_output, &self.0);
-        let mut output = [0; 5];
+        let mut output = fiat_25519_tight_field_element([0; 5]);
         fiat_25519_carry(&mut output, &loose_output);
         Field255(output)
     }
@@ -294,11 +302,11 @@ impl FieldElement for Field255 {
     }
 
     fn zero() -> Self {
-        Field255([0, 0, 0, 0, 0])
+        Field255(fiat_25519_tight_field_element([0, 0, 0, 0, 0]))
     }
 
     fn one() -> Self {
-        Field255([1, 0, 0, 0, 0])
+        Field255(fiat_25519_tight_field_element([1, 0, 0, 0, 0]))
     }
 }
 
@@ -337,7 +345,9 @@ mod tests {
         },
     };
     use assert_matches::assert_matches;
-    use fiat_crypto::curve25519_64::{fiat_25519_from_bytes, fiat_25519_to_bytes};
+    use fiat_crypto::curve25519_64::{
+        fiat_25519_from_bytes, fiat_25519_tight_field_element, fiat_25519_to_bytes,
+    };
     use num_bigint::BigUint;
     use once_cell::sync::Lazy;
     use std::convert::{TryFrom, TryInto};
@@ -351,7 +361,7 @@ mod tests {
             let mut le_bytes_array = [0u8; 32];
             le_bytes_array[..le_bytes_vec.len()].copy_from_slice(&le_bytes_vec);
 
-            let mut output = [0; 5];
+            let mut output = fiat_25519_tight_field_element([0; 5]);
             fiat_25519_from_bytes(&mut output, &le_bytes_array);
             Field255(output)
         }

diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
@@ -158,6 +158,11 @@ who = "David Cook <dcook@divviup.org>"
 criteria = "safe-to-deploy"
 delta = "0.1.19 -> 0.1.20"
 
+[[audits.fiat-crypto]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "0.1.20 -> 0.2.0"
+
 [[audits.fixed]]
 who = "David Cook <dcook@divviup.org>"
 criteria = "safe-to-deploy"