p521: fiat-constify update (#1003)

Implementation for the fiat-constify update @ RustCrypto/utils#992

.github/workflows/p521.yml

@@ -38,6 +38,18 @@ jobs:
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features alloc
 
+  benches:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust: stable
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+      - run: cargo build --all-features --benches
+
   test:
     runs-on: ubuntu-latest
     strategy:

bign256/Cargo.toml

@@ -20,7 +20,7 @@ rust-version = "1.65"
 elliptic-curve = { version = "0.13.8", features = ["hazmat", "sec1"] }
 
 # optional dependencies
-primeorder = { version = "0.13.5", optional = true, path = "../primeorder" }
+primeorder = { version = "0.13.5", optional = true }
 signature = { version = "2", optional = true }
 belt-hash = { version = "0.1.0", optional = true, default-features = false }
 crypto-bigint = { version = "0.5.5", optional = true }

bp256/Cargo.toml

@@ -17,7 +17,7 @@ elliptic-curve = { version = "0.13", default-features = false, features = ["hazm
 
 # optional dependencies
 ecdsa = { version = "0.16", optional = true, default-features = false, features = ["der"] }
-primeorder = { version = "0.13.5", optional = true, path = "../primeorder" }
+primeorder = { version = "0.13.5", optional = true }
 sha2 = { version = "0.10", optional = true, default-features = false }
 
 [features]

bp384/Cargo.toml

@@ -17,7 +17,7 @@ elliptic-curve = { version = "0.13", default-features = false, features = ["hazm
 
 # optional dependencies
 ecdsa = { version = "0.16", optional = true, default-features = false, features = ["der"] }
-primeorder = { version = "0.13.5", optional = true, path = "../primeorder" }
+primeorder = { version = "0.13.5", optional = true }
 sha2 = { version = "0.10", optional = true, default-features = false }
 
 [features]

p192/Cargo.toml

@@ -22,13 +22,13 @@ sec1 = { version = "0.7.3", default-features = false }
 # optional dependencies
 ecdsa-core = { version = "0.16.6", package = "ecdsa", optional = true, default-features = false, features = ["der"] }
 hex-literal = { version = "0.4", optional = true }
-primeorder = { version = "0.13.5", optional = true, path = "../primeorder" }
+primeorder = { version = "0.13.5", optional = true }
 serdect = { version = "0.2", optional = true, default-features = false }
 
 [dev-dependencies]
 ecdsa-core = { version = "0.16", package = "ecdsa", default-features = false, features = ["dev"] }
 hex-literal = "0.4"
-primeorder = { version = "0.13", features = ["dev"], path = "../primeorder" }
+primeorder = { version = "0.13", features = ["dev"] }
 
 [features]
 default = ["arithmetic", "ecdsa", "pem", "std"]

p224/Cargo.toml

@@ -21,15 +21,15 @@ elliptic-curve = { version = "0.13.8", default-features = false, features = ["ha
 # optional dependencies
 ecdsa-core = { version = "0.16.6", package = "ecdsa", optional = true, default-features = false, features = ["der"] }
 hex-literal = { version = "0.4", optional = true }
-primeorder = { version = "0.13.5", optional = true, path = "../primeorder" }
+primeorder = { version = "0.13.5", optional = true }
 serdect = { version = "0.2", optional = true, default-features = false }
 sha2 = { version = "0.10", optional = true, default-features = false }
 
 [dev-dependencies]
 blobby = "0.3"
 ecdsa-core = { version = "0.16", package = "ecdsa", default-features = false, features = ["dev"] }
 hex-literal = "0.4"
-primeorder = { version = "0.13", features = ["dev"], path = "../primeorder" }
+primeorder = { version = "0.13", features = ["dev"] }
 rand_core = { version = "0.6", features = ["getrandom"] }
 
 [features]

p256/Cargo.toml

@@ -22,7 +22,7 @@ elliptic-curve = { version = "0.13.8", default-features = false, features = ["ha
 # optional dependencies
 ecdsa-core = { version = "0.16", package = "ecdsa", optional = true, default-features = false, features = ["der"] }
 hex-literal = { version = "0.4", optional = true }
-primeorder = { version = "0.13", optional = true, path = "../primeorder" }
+primeorder = { version = "0.13", optional = true }
 serdect = { version = "0.2", optional = true, default-features = false }
 sha2 = { version = "0.10", optional = true, default-features = false }
 
@@ -31,7 +31,7 @@ blobby = "0.3"
 criterion = "0.5"
 ecdsa-core = { version = "0.16", package = "ecdsa", default-features = false, features = ["dev"] }
 hex-literal = "0.4"
-primeorder = { version = "0.13.5", features = ["dev"], path = "../primeorder" }
+primeorder = { version = "0.13.5", features = ["dev"] }
 proptest = "1"
 rand_core = { version = "0.6", features = ["getrandom"] }
 

p384/Cargo.toml

@@ -22,7 +22,7 @@ elliptic-curve = { version = "0.13", default-features = false, features = ["hazm
 # optional dependencies
 ecdsa-core = { version = "0.16", package = "ecdsa", optional = true, default-features = false, features = ["der"] }
 hex-literal = { version = "0.4", optional = true }
-primeorder = { version = "0.13.1", optional = true, path = "../primeorder" }
+primeorder = { version = "0.13.1", optional = true }
 serdect = { version = "0.2", optional = true, default-features = false }
 sha2 = { version = "0.10", optional = true, default-features = false }
 
@@ -31,7 +31,7 @@ blobby = "0.3"
 criterion = "0.5"
 ecdsa-core = { version = "0.16", package = "ecdsa", default-features = false, features = ["dev"] }
 hex-literal = "0.4"
-primeorder = { version = "0.13.5", features = ["dev"], path = "../primeorder" }
+primeorder = { version = "0.13.5", features = ["dev"] }
 proptest = "1.4"
 rand_core = { version = "0.6", features = ["getrandom"] }
 

p521/Cargo.toml

@@ -34,6 +34,7 @@ hex-literal = "0.4"
 primeorder = { version = "0.13.3", features = ["dev"], path = "../primeorder" }
 proptest = "1.4"
 rand_core = { version = "0.6", features = ["getrandom"] }
+criterion = "0.5.1"
 
 [features]
 default = ["arithmetic", "ecdsa", "getrandom", "pem", "std"]
@@ -44,6 +45,7 @@ arithmetic = ["dep:primeorder"]
 digest = ["ecdsa-core/digest", "ecdsa-core/hazmat"]
 ecdh = ["arithmetic", "elliptic-curve/ecdh"]
 ecdsa = ["arithmetic", "ecdsa-core/signing", "ecdsa-core/verifying", "sha512"]
+expose-field = ["arithmetic"]
 getrandom = ["rand_core/getrandom"]
 hash2curve = ["arithmetic", "elliptic-curve/hash2curve"]
 jwk = ["elliptic-curve/jwk"]
@@ -57,3 +59,12 @@ voprf = ["elliptic-curve/voprf", "dep:sha2"]
 [package.metadata.docs.rs]
 all-features = true
 rustdoc-args = ["--cfg", "docsrs"]
+
+[[bench]]
+name = "field"
+harness = false
+required-features = ["expose-field"]
+
+[[bench]]
+name = "scalar"
+harness = false

p521/benches/field.rs

@@ -0,0 +1,54 @@
+//! secp521r1 field element benchmarks
+
+use criterion::{
+    black_box, criterion_group, criterion_main, measurement::Measurement, BenchmarkGroup, Criterion,
+};
+use hex_literal::hex;
+use p521::{FieldBytes, FieldElement};
+
+fn test_field_element_x() -> FieldElement {
+    black_box(FieldElement::from_bytes(
+        &FieldBytes::clone_from_slice(&hex!("01a7596d38aac7868327ddc1ef5e8178cf052b7ebc512828e8a45955d85bef49494d15278198bbcc5454358c12a2af9a3874e7002e1a2f02fcb36ff3e3b4bc0c69e7"))
+    )
+    .unwrap())
+}
+
+fn test_field_element_y() -> FieldElement {
+    black_box(FieldElement::from_bytes(
+        &FieldBytes::clone_from_slice(&hex!("0184902e515982bb225b8c84f245e61b327c08e94d41c07d0b4101a963e02fe52f6a9f33e8b1de2394e0cb74c40790b4e489b5500e6804cabed0fe8c192443d4027b"))
+    )
+    .unwrap())
+}
+
+fn bench_field_element_mul<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
+    let x = test_field_element_x();
+    let y = test_field_element_y();
+    group.bench_function("mul", |b| b.iter(|| &x * &y));
+}
+
+fn bench_field_element_square<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
+    let x = test_field_element_x();
+    group.bench_function("square", |b| b.iter(|| x.square()));
+}
+
+fn bench_field_element_sqrt<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
+    let x = test_field_element_x();
+    group.bench_function("sqrt", |b| b.iter(|| x.sqrt()));
+}
+
+fn bench_field_element_invert<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
+    let x = test_field_element_x();
+    group.bench_function("invert", |b| b.iter(|| x.invert()));
+}
+
+fn bench_field_element(c: &mut Criterion) {
+    let mut group = c.benchmark_group("field element operations");
+    bench_field_element_mul(&mut group);
+    bench_field_element_square(&mut group);
+    bench_field_element_invert(&mut group);
+    bench_field_element_sqrt(&mut group);
+    group.finish();
+}
+
+criterion_group!(benches, bench_field_element);
+criterion_main!(benches);

p521/benches/scalar.rs

@@ -0,0 +1,73 @@
+//! secp521r1 scalar arithmetic benchmarks
+
+use criterion::{
+    black_box, criterion_group, criterion_main, measurement::Measurement, BenchmarkGroup, Criterion,
+};
+use hex_literal::hex;
+use p521::{elliptic_curve::group::ff::PrimeField, FieldBytes, ProjectivePoint, Scalar};
+
+fn test_scalar_x() -> Scalar {
+    black_box(Scalar::from_repr(
+        FieldBytes::clone_from_slice(&hex!("01d7bb864c5b5ecae019296cf9b5c63a166f5f1113942819b1933d889a96d12245777a99428f93de4fc9a18d709bf91889d7f8dddd522b4c364aeae13c983e9fae46"))
+    ).unwrap())
+}
+
+fn test_scalar_y() -> Scalar {
+    black_box(Scalar::from_repr(
+        FieldBytes::clone_from_slice(&hex!("017e49b8ea8f9d1b7c0378e378a7a42e68e12cf78779ed41dcd29a090ae7e0f883b0d0f2cbc8f0473c0ad6732bea40d371a7f363bc6537d075bd1a4c23e558b0bc73"))
+    ).unwrap())
+}
+
+fn bench_point_mul<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
+    let p = ProjectivePoint::GENERATOR;
+    let m = test_scalar_x();
+    let s = Scalar::from_repr(m.into()).unwrap();
+    group.bench_function("point-scalar mul", |b| b.iter(|| &p * &s));
+}
+
+fn bench_scalar_sub<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
+    let x = test_scalar_x();
+    let y = test_scalar_y();
+    group.bench_function("sub", |b| b.iter(|| &x - &y));
+}
+
+fn bench_scalar_add<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
+    let x = test_scalar_x();
+    let y = test_scalar_y();
+    group.bench_function("add", |b| b.iter(|| &x + &y));
+}
+
+fn bench_scalar_mul<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
+    let x = test_scalar_x();
+    let y = test_scalar_y();
+    group.bench_function("mul", |b| b.iter(|| &x * &y));
+}
+
+fn bench_scalar_negate<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
+    let x = test_scalar_x();
+    group.bench_function("negate", |b| b.iter(|| -x));
+}
+
+fn bench_scalar_invert<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
+    let x = test_scalar_x();
+    group.bench_function("invert", |b| b.iter(|| x.invert()));
+}
+
+fn bench_point(c: &mut Criterion) {
+    let mut group = c.benchmark_group("point operations");
+    bench_point_mul(&mut group);
+    group.finish();
+}
+
+fn bench_scalar(c: &mut Criterion) {
+    let mut group = c.benchmark_group("scalar operations");
+    bench_scalar_sub(&mut group);
+    bench_scalar_add(&mut group);
+    bench_scalar_mul(&mut group);
+    bench_scalar_negate(&mut group);
+    bench_scalar_invert(&mut group);
+    group.finish();
+}
+
+criterion_group!(benches, bench_point, bench_scalar);
+criterion_main!(benches);

p521/src/arithmetic/field.rs

@@ -397,13 +397,15 @@ impl From<u128> for FieldElement {
 
 impl ConditionallySelectable for FieldElement {
     fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
-        let mut ret = Self::ZERO;
+        let mut ret = Self::ZERO.0.into_inner();
+        let a = a.0.as_inner();
+        let b = b.0.as_inner();
 
-        for i in 0..ret.0.len() {
-            ret.0[i] = u64::conditional_select(&a.0[i], &b.0[i], choice);
+        for i in 0..ret.len() {
+            ret[i] = u64::conditional_select(&a[i], &b[i], choice);
         }
 
-        ret
+        Self(fiat_p521_tight_field_element(ret))
     }
 }