shr_vartime and shl_vartime should behave identically across Uint and BoxedUint

Author: xuganyu96

src/uint/boxed/bits.rs

@@ -116,7 +116,7 @@ mod tests {
     fn uint_with_bits_at(positions: &[u32]) -> BoxedUint {
         let mut result = BoxedUint::zero_with_precision(256);
         for &pos in positions {
-            result |= BoxedUint::one_with_precision(256).shl_vartime(pos).unwrap();
+            result |= BoxedUint::one_with_precision(256).shl_vartime(pos).0;
         }
         result
     }

src/uint/boxed/div.rs

@@ -38,7 +38,7 @@ impl BoxedUint {
         let mut bd = self.bits_precision() - mb;
         let mut rem = self.clone();
         // Will not overflow since `bd < bits_precision`
-        let mut c = rhs.shl_vartime(bd).expect("shift within range");
+        let mut c = rhs.shl_vartime(bd).0;
 
         loop {
             let (r, borrow) = rem.sbb(&c, Limb::ZERO);
@@ -112,7 +112,7 @@ impl BoxedUint {
         let mut remainder = self.clone();
         let mut quotient = Self::zero_with_precision(self.bits_precision());
         // Will not overflow since `bd < bits_precision`
-        let mut c = rhs.shl_vartime(bd).expect("shift within range");
+        let mut c = rhs.shl_vartime(bd).0;
 
         loop {
             let (mut r, borrow) = remainder.sbb(&c, Limb::ZERO);

src/uint/boxed/shl.rs

@@ -1,6 +1,6 @@
 //! [`BoxedUint`] bitwise left shift operations.
 
-use crate::{BoxedUint, Limb};
+use crate::{BoxedUint, ConstChoice, Limb};
 use core::ops::{Shl, ShlAssign};
 use subtle::{Choice, ConstantTimeLess};
 
@@ -78,10 +78,16 @@ impl BoxedUint {
     ///
     /// When used with a fixed `shift`, this function is constant-time with respect to `self`.
     #[inline(always)]
-    pub fn shl_vartime(&self, shift: u32) -> Option<Self> {
+    pub fn shl_vartime(&self, shift: u32) -> (Self, ConstChoice) {
         let mut result = Self::zero_with_precision(self.bits_precision());
-        let success = self.shl_vartime_into(&mut result, shift);
-        success.map(|_| result)
+        if self.shl_vartime_into(&mut result, shift).is_some() {
+            return (result, ConstChoice::FALSE);
+        } else {
+            return (
+                Self::zero_with_precision(self.bits_precision()),
+                ConstChoice::TRUE,
+            );
+        }
     }
 
     /// Computes `self << 1` in constant-time.
@@ -149,19 +155,19 @@ mod tests {
         assert_eq!(BoxedUint::from(4u8), one.shl(2).0);
         assert_eq!(
             BoxedUint::from(0x80000000000000000u128),
-            one.shl_vartime(67).unwrap()
+            one.shl_vartime(67).0
         );
     }
 
     #[test]
     fn shl_vartime() {
         let one = BoxedUint::one_with_precision(128);
 
-        assert_eq!(BoxedUint::from(2u8), one.shl_vartime(1).unwrap());
-        assert_eq!(BoxedUint::from(4u8), one.shl_vartime(2).unwrap());
+        assert_eq!(BoxedUint::from(2u8), one.shl_vartime(1).0);
+        assert_eq!(BoxedUint::from(4u8), one.shl_vartime(2).0);
         assert_eq!(
             BoxedUint::from(0x80000000000000000u128),
-            one.shl_vartime(67).unwrap()
+            one.shl_vartime(67).0
         );
     }
 }

src/uint/boxed/shr.rs

@@ -1,6 +1,6 @@
 //! [`BoxedUint`] bitwise right shift operations.
 
-use crate::{BoxedUint, Limb};
+use crate::{BoxedUint, ConstChoice, Limb};
 use core::ops::{Shr, ShrAssign};
 use subtle::{Choice, ConstantTimeLess};
 
@@ -76,10 +76,16 @@ impl BoxedUint {
     ///
     /// When used with a fixed `shift`, this function is constant-time with respect to `self`.
     #[inline(always)]
-    pub fn shr_vartime(&self, shift: u32) -> Option<Self> {
+    pub fn shr_vartime(&self, shift: u32) -> (Self, ConstChoice) {
         let mut result = Self::zero_with_precision(self.bits_precision());
-        let success = self.shr_vartime_into(&mut result, shift);
-        success.map(|_| result)
+        if self.shr_vartime_into(&mut result, shift).is_some() {
+            return (result, ConstChoice::FALSE);
+        } else {
+            return (
+                Self::zero_with_precision(self.bits_precision()),
+                ConstChoice::TRUE,
+            );
+        }
     }
 
     /// Computes `self >> 1` in constant-time, returning a true [`Choice`]
@@ -160,9 +166,9 @@ mod tests {
     #[test]
     fn shr_vartime() {
         let n = BoxedUint::from(0x80000000000000000u128);
-        assert_eq!(BoxedUint::zero(), n.shr_vartime(68).unwrap());
-        assert_eq!(BoxedUint::one(), n.shr_vartime(67).unwrap());
-        assert_eq!(BoxedUint::from(2u8), n.shr_vartime(66).unwrap());
-        assert_eq!(BoxedUint::from(4u8), n.shr_vartime(65).unwrap());
+        assert_eq!(BoxedUint::zero(), n.shr_vartime(68).0);
+        assert_eq!(BoxedUint::one(), n.shr_vartime(67).0);
+        assert_eq!(BoxedUint::from(2u8), n.shr_vartime(66).0);
+        assert_eq!(BoxedUint::from(4u8), n.shr_vartime(65).0);
     }
 }

tests/boxed_uint_proptests.rs

@@ -239,13 +239,14 @@ proptest! {
         let shift = u32::from(shift) % (a.bits_precision() * 2);
 
         let expected = to_uint((a_bi << shift as usize) & ((BigUint::one() << a.bits_precision() as usize) - BigUint::one()));
-        let actual = a.shl_vartime(shift);
+        let (actual, overflow) = a.shl_vartime(shift);
+        let overflow: bool = overflow.into();
 
         if shift >= a.bits_precision() {
-            assert!(actual.is_none());
+            assert!(overflow);
         }
         else {
-            assert_eq!(expected, actual.unwrap());
+            assert_eq!(expected, actual);
         }
     }
 
@@ -275,13 +276,14 @@ proptest! {
         let shift = u32::from(shift) % (a.bits_precision() * 2);
 
         let expected = to_uint(a_bi >> shift as usize);
-        let actual = a.shr_vartime(shift);
+        let (actual, overflow) = a.shr_vartime(shift);
+        let overflow: bool = overflow.into();
 
         if shift >= a.bits_precision() {
-            assert!(actual.is_none());
+            assert!(overflow);
         }
         else {
-            assert_eq!(expected, actual.unwrap());
+            assert_eq!(expected, actual);
         }
     }
 }