diff --git a/Cargo.lock b/Cargo.lock index 88ef5579..b5fdbc27 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -184,9 +184,9 @@ dependencies = [ [[package]] name = "crypto-bigint" -version = "0.7.0-rc.27" +version = "0.7.0-rc.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b43308b9b6a47554f4612d5b1fb95ff935040aa3927dd42b1d6cbc015a262d96" +checksum = "96dacf199529fb801ae62a9aafdc01b189e9504c0d1ee1512a4c16bcd8666a93" dependencies = [ "cpubits", "ctutils", diff --git a/Cargo.toml b/Cargo.toml index e613307a..e2f09dd7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,7 +15,7 @@ exclude = ["marvin_toolkit/", "thirdparty/"] [dependencies] const-oid = { version = "0.10", default-features = false } -crypto-bigint = { version = "0.7.0-rc.27", default-features = false, features = ["zeroize", "alloc"] } +crypto-bigint = { version = "0.7.0-rc.28", default-features = false, features = ["zeroize", "alloc"] } crypto-primes = { version = "0.7.0-pre.9", default-features = false } digest = { version = "0.11.0-rc.11", default-features = false, features = ["alloc", "oid"] } rand_core = { version = "0.10", default-features = false } diff --git a/src/algorithms/rsa.rs b/src/algorithms/rsa.rs index 18ca94de..f8781a9a 100644 --- a/src/algorithms/rsa.rs +++ b/src/algorithms/rsa.rs @@ -2,8 +2,10 @@ use core::cmp::Ordering; -use crypto_bigint::modular::{BoxedMontyForm, BoxedMontyParams}; -use crypto_bigint::{BoxedUint, Gcd, NonZero, Odd, RandomMod, Resize}; +use crypto_bigint::{ + modular::{BoxedMontyForm, BoxedMontyParams}, + BoxedUint, ConcatenatingMul, ConcatenatingSquare, Gcd, NonZero, Odd, RandomMod, Resize, +}; use rand_core::TryCryptoRng; use zeroize::Zeroize; @@ -116,7 +118,8 @@ pub fn rsa_decrypt( // m = m2 + h.q let m2 = m2.try_resize(n.bits_precision()).ok_or(Error::Internal)?; - let hq = (h * q) + let hq = h + .concatenating_mul(&q) .try_resize(n.bits_precision()) .ok_or(Error::Internal)?; m2.wrapping_add(&hq) @@ -263,14 +266,14 @@ pub fn recover_primes( let d = d.resize_unchecked(d.bits_precision()); let n = n.resize_unchecked(bits); - let a1 = d * e - &one; + let a1 = d.concatenating_mul(&e) - &one; let a2 = (n.as_ref() - &one).gcd(&a1); - let a = a1 * a2; + let a = a1.concatenating_mul(&a2); let n = n.resize_unchecked(a.bits_precision()); // 2. Let m = floor(a /n) and r = a – m n, so that a = m n + r and 0 ≤ r < n. let m = &a / &n; - let r = a - &m * n.as_ref(); + let r = a - m.concatenating_mul(&*n); let n = n.get(); // 3. Let b = ( (n – r)/(m + 1) ) + 1; if b is not an integer or b^2 ≤ 4n, then output an error indicator, @@ -282,8 +285,8 @@ pub fn recover_primes( let b = ((&n - &r) / NonZero::new(&m + &one).expect("adding one")) + one; let four = BoxedUint::from(4u32); - let four_n = &n * four; - let b_squared = b.square(); + let four_n = n.concatenating_mul(&four); + let b_squared = b.concatenating_square(); if b_squared <= four_n { return Err(Error::InvalidArguments); @@ -294,7 +297,7 @@ pub fn recover_primes( // then output an error indicator, and exit without further processing. let y = b_squared_minus_four_n.floor_sqrt(); - let y_squared = y.square(); + let y_squared = y.concatenating_square(); let sqrt_is_whole_number = y_squared == b_squared_minus_four_n; if !sqrt_is_whole_number { return Err(Error::InvalidArguments); @@ -315,7 +318,7 @@ pub(crate) fn compute_modulus(primes: &[BoxedUint]) -> Odd { let mut primes = primes.iter(); let mut out = primes.next().expect("must at least be one prime").clone(); for p in primes { - out *= p; + out = out.concatenating_mul(&p); } Odd::new(out).expect("modulus must be odd") } @@ -334,7 +337,7 @@ pub(crate) fn compute_private_exponent_euler_totient( let mut totient = BoxedUint::one_with_precision(bits); for prime in primes { - totient *= prime - &BoxedUint::one(); + totient = totient.concatenating_mul(&(prime - &BoxedUint::one())); } let exp = exp.resize_unchecked(totient.bits_precision()); @@ -367,7 +370,7 @@ pub(crate) fn compute_private_exponent_carmicheal( // LCM inlined let gcd = p1.gcd(&q1); - let lcm = p1 / NonZero::new(gcd).expect("gcd is non zero") * &q1; + let lcm = (p1 / NonZero::new(gcd).expect("gcd is non zero")).concatenating_mul(&q1); let exp = exp.resize_unchecked(lcm.bits_precision()); if let Some(d) = exp.invert_mod(&NonZero::new(lcm).expect("non zero")).into() { Ok(d) diff --git a/src/key.rs b/src/key.rs index 1ab20b59..5d1c7105 100644 --- a/src/key.rs +++ b/src/key.rs @@ -3,8 +3,10 @@ use core::cmp::Ordering; use core::fmt; use core::hash::{Hash, Hasher}; -use crypto_bigint::modular::{BoxedMontyForm, BoxedMontyParams}; -use crypto_bigint::{BoxedUint, Integer, NonZero, Odd, Resize}; +use crypto_bigint::{ + modular::{BoxedMontyForm, BoxedMontyParams}, + BoxedUint, ConcatenatingMul, Integer, NonZero, Odd, Resize, +}; use rand_core::CryptoRng; use zeroize::{Zeroize, ZeroizeOnDrop}; #[cfg(feature = "serde")] @@ -379,7 +381,11 @@ impl RsaPrivateKey { // Check that the product of primes matches the modulus. // This also ensures that `bit_precision` of each prime is <= that of the modulus, // and `bit_precision` of their product is >= that of the modulus. - if primes.iter().fold(BoxedUint::one(), |acc, p| acc * p) != n_c.as_ref() { + if primes + .iter() + .fold(BoxedUint::one(), |acc, p| acc.concatenating_mul(&p)) + != n_c.as_ref() + { return Err(Error::InvalidModulus); } } @@ -766,7 +772,7 @@ fn validate_private_key_parts(key: &RsaPrivateKey) -> Result<()> { // inverse. Therefore e is coprime to lcm(p-1,q-1,r-1,...) = // exponent(ℤ/nℤ). It also implies that a^de ≡ a mod p as a^(p-1) ≡ 1 // mod p. Thus a^de ≡ a mod n for all a coprime to n, as required. - let de = key.d.mul(&key.pubkey_components.e); + let de = key.d.concatenating_mul(&key.pubkey_components.e); for prime in &key.primes { let x = NonZero::new(prime.wrapping_sub(BoxedUint::one())).unwrap();