montgomery: Use a distinct error for length checks.

briansmith · briansmith · commit 9a393e1e3f58 · 2023-12-06T10:38:21.000-08:00
diff --git a/src/arithmetic.rs b/src/arithmetic.rs
@@ -17,7 +17,9 @@ mod constant;
 #[cfg(feature = "alloc")]
 pub mod bigint;
 
+mod error;
 pub mod montgomery;
 
 mod n0;
 pub use constant::limbs_from_hex;
+pub(crate) use error::ImpossibleLengthError;
diff --git a/src/arithmetic/bigint.rs b/src/arithmetic/bigint.rs
@@ -41,6 +41,7 @@ pub(crate) use self::{
     modulus::{Modulus, OwnedModulus, MODULUS_MAX_LIMBS},
     private_exponent::PrivateExponent,
 };
+use super::ImpossibleLengthError;
 use crate::{
     arithmetic::montgomery::*,
     bits::BitLength,
@@ -404,7 +405,7 @@ pub fn elem_exp_consttime<M>(
     base: Elem<M, R>,
     exponent: &PrivateExponent,
     m: &Modulus<M>,
-) -> Result<Elem<M, Unencoded>, error::Unspecified> {
+) -> Result<Elem<M, Unencoded>, ImpossibleLengthError> {
     use crate::{bssl, limb::Window};
 
     const WINDOW_BITS: usize = 5;
@@ -490,7 +491,7 @@ pub fn elem_exp_consttime<M>(
     base: Elem<M, R>,
     exponent: &PrivateExponent,
     m: &Modulus<M>,
-) -> Result<Elem<M, Unencoded>, error::Unspecified> {
+) -> Result<Elem<M, Unencoded>, ImpossibleLengthError> {
     use crate::{cpu, limb::LIMB_BYTES};
 
     // Pretty much all the math here requires CPU feature detection to have
@@ -629,7 +630,7 @@ pub fn elem_exp_consttime<M>(
         mut i: Window,
         num_limbs: usize,
         cpu_features: cpu::Features,
-    ) -> Result<(), error::Unspecified> {
+    ) -> Result<(), ImpossibleLengthError> {
         loop {
             scatter(table, acc, i, num_limbs);
             i *= 2;
diff --git a/src/arithmetic/error.rs b/src/arithmetic/error.rs
@@ -0,0 +1,32 @@
+// Copyright 2023 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+use crate::error;
+
+/// `ImpossibleLengthError` should never occur.
+#[derive(Debug)]
+pub struct ImpossibleLengthError(());
+
+impl ImpossibleLengthError {
+    pub(super) fn new() -> Self {
+        // unreachable!();
+        Self(())
+    }
+}
+
+impl From<ImpossibleLengthError> for error::Unspecified {
+    fn from(_: ImpossibleLengthError) -> Self {
+        Self
+    }
+}
diff --git a/src/arithmetic/montgomery.rs b/src/arithmetic/montgomery.rs
@@ -13,7 +13,8 @@
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 pub use super::n0::N0;
-use crate::{cpu, error};
+use super::ImpossibleLengthError;
+use crate::cpu;
 
 // Indicates that the element is not encoded; there is no *R* factor
 // that needs to be canceled out.
@@ -133,9 +134,9 @@ unsafe fn mul_mont(
     m: &[Limb],
     n0: &N0,
     _: cpu::Features,
-) -> Result<(), error::Unspecified> {
+) -> Result<(), ImpossibleLengthError> {
     if m.len() < MIN_LIMBS || m.len() > MAX_LIMBS {
-        return Err(error::Unspecified);
+        return Err(ImpossibleLengthError::new());
     }
     bn_mul_mont(r, a, b, m.as_ptr(), n0, m.len());
     Ok(())
@@ -273,9 +274,9 @@ pub(super) fn limbs_mont_mul(
     m: &[Limb],
     n0: &N0,
     cpu_features: cpu::Features,
-) -> Result<(), error::Unspecified> {
+) -> Result<(), ImpossibleLengthError> {
     if r.len() != m.len() || a.len() != m.len() {
-        return Err(error::Unspecified);
+        return Err(ImpossibleLengthError::new());
     }
     unsafe { mul_mont(r.as_mut_ptr(), r.as_ptr(), a.as_ptr(), m, n0, cpu_features) }
 }
@@ -289,9 +290,9 @@ pub(super) fn limbs_mont_product(
     m: &[Limb],
     n0: &N0,
     cpu_features: cpu::Features,
-) -> Result<(), error::Unspecified> {
+) -> Result<(), ImpossibleLengthError> {
     if r.len() != m.len() || a.len() != m.len() || b.len() != m.len() {
-        return Err(error::Unspecified);
+        return Err(ImpossibleLengthError::new());
     }
     unsafe { mul_mont(r.as_mut_ptr(), a.as_ptr(), b.as_ptr(), m, n0, cpu_features) }
 }
@@ -302,9 +303,9 @@ pub(super) fn limbs_mont_square(
     m: &[Limb],
     n0: &N0,
     cpu_features: cpu::Features,
-) -> Result<(), error::Unspecified> {
+) -> Result<(), ImpossibleLengthError> {
     if r.len() != m.len() {
-        return Err(error::Unspecified);
+        return Err(ImpossibleLengthError::new());
     }
     unsafe { mul_mont(r.as_mut_ptr(), r.as_ptr(), r.as_ptr(), m, n0, cpu_features) }
 }
diff --git a/src/rsa/keypair.rs b/src/rsa/keypair.rs
@@ -21,6 +21,7 @@ use crate::{
     arithmetic::{
         bigint,
         montgomery::{R, RR, RRR},
+        ImpossibleLengthError,
     },
     bits::BitLength,
     cpu, digest,
@@ -487,7 +488,7 @@ fn elem_exp_consttime<M>(
     p: &PrivateCrtPrime<M>,
     other_prime_len_bits: BitLength,
     cpu_features: cpu::Features,
-) -> Result<bigint::Elem<M>, error::Unspecified> {
+) -> Result<bigint::Elem<M>, ImpossibleLengthError> {
     let m = &p.modulus.modulus(cpu_features);
     let c_mod_m = bigint::elem_reduced(c, m, other_prime_len_bits);
     let c_mod_m = bigint::elem_mul(p.oneRRR.as_ref(), c_mod_m, m);
