From cf28967754bc6b554c9b7ab7c7f08af6f59b0140 Mon Sep 17 00:00:00 2001
From: Luke Parker <lukeparker5132@gmail.com>
Date: Sun, 10 Jul 2022 16:48:08 -0400
Subject: [PATCH] Consolidate macros in dalek-ff-group

---
 crypto/dalek-ff-group/src/field.rs |  56 +++---------
 crypto/dalek-ff-group/src/lib.rs   | 131 ++++++++++++++++-------------
 2 files changed, 81 insertions(+), 106 deletions(-)

diff --git a/crypto/dalek-ff-group/src/field.rs b/crypto/dalek-ff-group/src/field.rs
index 2e7db7ca..63a6a817 100644
--- a/crypto/dalek-ff-group/src/field.rs
+++ b/crypto/dalek-ff-group/src/field.rs
@@ -7,7 +7,7 @@ use crypto_bigint::{Encoding, U256, U512};
 
 use ff::{Field, PrimeField, FieldBits, PrimeFieldBits};
 
-use crate::{choice, from_wrapper, from_uint};
+use crate::{choice, constant_time, math_op, math, from_wrapper, from_uint};
 
 const FIELD_MODULUS: U256 = U256::from_be_hex(
   "7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed"
@@ -20,64 +20,30 @@ pub const SQRT_M1: FieldElement = FieldElement(
   U256::from_be_hex("2b8324804fc1df0b2b4d00993dfbd7a72f431806ad2fe478c4ee1b274a0ea0b0")
 );
 
-macro_rules! math {
-  ($Op: ident, $op_fn: ident, $Assign: ident, $assign_fn: ident, $function: expr) => {
-    impl $Op<FieldElement> for FieldElement {
-      type Output = Self;
-      fn $op_fn(self, other: FieldElement) -> Self::Output {
-        Self($function(&self.0, &other.0, &FIELD_MODULUS))
-      }
-    }
-    impl $Assign<FieldElement> for FieldElement {
-      fn $assign_fn(&mut self, other: FieldElement) {
-        self.0 = $function(&self.0, &other.0, &FIELD_MODULUS);
-      }
-    }
-    impl<'a> $Op<&'a FieldElement> for FieldElement {
-      type Output = Self;
-      fn $op_fn(self, other: &'a FieldElement) -> Self::Output {
-        Self($function(&self.0, &other.0, &FIELD_MODULUS))
-      }
-    }
-    impl<'a> $Assign<&'a FieldElement> for FieldElement {
-      fn $assign_fn(&mut self, other: &'a FieldElement) {
-        self.0 = $function(&self.0, &other.0, &FIELD_MODULUS);
-      }
-    }
-  }
-}
-math!(Add, add, AddAssign, add_assign, U256::add_mod);
-math!(Sub, sub, SubAssign, sub_assign, U256::sub_mod);
+constant_time!(FieldElement, U256);
 math!(
-  Mul, mul,
-  MulAssign, mul_assign,
-  |a, b, _: &U256| {
+  FieldElement,
+  FieldElement,
+  |x, y| U256::add_mod(&x, &y, &FIELD_MODULUS),
+  |x, y| U256::sub_mod(&x, &y, &FIELD_MODULUS),
+  |x, y| {
     #[allow(non_snake_case)]
     let WIDE_MODULUS: U512 = U512::from((U256::ZERO, FIELD_MODULUS));
     debug_assert_eq!(FIELD_MODULUS.to_le_bytes()[..], WIDE_MODULUS.to_le_bytes()[.. 32]);
 
-    let wide = U256::mul_wide(a, b);
+    let wide = U256::mul_wide(&x, &y);
     U256::from_le_slice(
       &U512::from((wide.1, wide.0)).reduce(&WIDE_MODULUS).unwrap().to_le_bytes()[.. 32]
     )
   }
 );
+from_uint!(FieldElement, U256);
 
 impl Neg for FieldElement {
   type Output = Self;
   fn neg(self) -> Self::Output { Self(self.0.neg_mod(&FIELD_MODULUS)) }
 }
 
-impl ConstantTimeEq for FieldElement {
-  fn ct_eq(&self, other: &Self) -> Choice { self.0.ct_eq(&other.0) }
-}
-
-impl ConditionallySelectable for FieldElement {
-  fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
-    FieldElement(U256::conditional_select(&a.0, &b.0, choice))
-  }
-}
-
 impl Field for FieldElement {
   fn random(mut rng: impl RngCore) -> Self {
     let mut bytes = [0; 64];
@@ -119,8 +85,6 @@ impl Field for FieldElement {
   fn pow_vartime<S: AsRef<[u64]>>(&self, _exp: S) -> Self { unimplemented!() }
 }
 
-from_uint!(FieldElement, U256);
-
 impl PrimeField for FieldElement {
   type Repr = [u8; 32];
   const NUM_BITS: u32 = 255;
@@ -174,5 +138,5 @@ impl FieldElement {
 fn test_mul() {
   assert_eq!(FieldElement(FIELD_MODULUS) * FieldElement::one(), FieldElement::zero());
   assert_eq!(FieldElement(FIELD_MODULUS) * FieldElement::one().double(), FieldElement::zero());
-  assert_eq!(FieldElement(SQRT_M1).square(), -FieldElement::one());
+  assert_eq!(SQRT_M1.square(), -FieldElement::one());
 }
diff --git a/crypto/dalek-ff-group/src/lib.rs b/crypto/dalek-ff-group/src/lib.rs
index 1e3d12b2..590485d7 100644
--- a/crypto/dalek-ff-group/src/lib.rs
+++ b/crypto/dalek-ff-group/src/lib.rs
@@ -6,10 +6,12 @@ use core::{
   iter::{Iterator, Sum}
 };
 
+use subtle::{ConstantTimeEq, ConditionallySelectable};
+
 use rand_core::RngCore;
 use digest::{consts::U64, Digest};
 
-use subtle::{Choice, CtOption, ConstantTimeEq, ConditionallySelectable};
+use subtle::{Choice, CtOption};
 
 pub use curve25519_dalek as dalek;
 
@@ -65,60 +67,77 @@ macro_rules! deref_borrow {
   }
 }
 
+#[doc(hidden)]
+#[macro_export]
+macro_rules! constant_time {
+  ($Value: ident, $Inner: ident) => {
+    impl ConstantTimeEq for $Value {
+      fn ct_eq(&self, other: &Self) -> Choice { self.0.ct_eq(&other.0) }
+    }
+
+    impl ConditionallySelectable for $Value {
+      fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
+        $Value($Inner::conditional_select(&a.0, &b.0, choice))
+      }
+    }
+  }
+}
+
+#[doc(hidden)]
+#[macro_export]
+macro_rules! math_op {
+  (
+    $Value: ident,
+    $Other: ident,
+    $Op: ident,
+    $op_fn: ident,
+    $Assign: ident,
+    $assign_fn: ident,
+    $function: expr
+  ) => {
+    impl $Op<$Other> for $Value {
+      type Output = $Value;
+      fn $op_fn(self, other: $Other) -> Self::Output {
+        Self($function(self.0, other.0))
+      }
+    }
+    impl $Assign<$Other> for $Value {
+      fn $assign_fn(&mut self, other: $Other) {
+        self.0 = $function(self.0, other.0);
+      }
+    }
+    impl<'a> $Op<&'a $Other> for $Value {
+      type Output = $Value;
+      fn $op_fn(self, other: &'a $Other) -> Self::Output {
+        Self($function(self.0, other.0))
+      }
+    }
+    impl<'a> $Assign<&'a $Other> for $Value {
+      fn $assign_fn(&mut self, other: &'a $Other) {
+        self.0 = $function(self.0, other.0);
+      }
+    }
+  }
+}
+
+#[doc(hidden)]
+#[macro_export]
 macro_rules! math {
-  ($Value: ident, $Factor: ident, $Product: ident) => {
-    impl Add<$Value> for $Value {
-      type Output = Self;
-      fn add(self, other: $Value) -> Self::Output { Self(self.0 + other.0) }
-    }
-    impl AddAssign for $Value {
-      fn add_assign(&mut self, other: $Value) { self.0 += other.0 }
-    }
+  ($Value: ident, $Factor: ident, $add: expr, $sub: expr, $mul: expr) => {
+    math_op!($Value, $Value, Add, add, AddAssign, add_assign, $add);
+    math_op!($Value, $Value, Sub, sub, SubAssign, sub_assign, $sub);
+    math_op!($Value, $Factor, Mul, mul, MulAssign, mul_assign, $mul);
+  }
+}
 
-    impl<'a> Add<&'a $Value> for $Value {
-      type Output = Self;
-      fn add(self, other: &'a $Value) -> Self::Output { Self(self.0 + other.0) }
-    }
-    impl<'a> AddAssign<&'a $Value> for $Value {
-      fn add_assign(&mut self, other: &'a $Value) { self.0 += other.0 }
-    }
-
-    impl Sub<$Value> for $Value {
-      type Output = Self;
-      fn sub(self, other: $Value) -> Self::Output { Self(self.0 - other.0) }
-    }
-    impl SubAssign for $Value {
-      fn sub_assign(&mut self, other: $Value) { self.0 -= other.0 }
-    }
-
-    impl<'a> Sub<&'a $Value> for $Value {
-      type Output = Self;
-      fn sub(self, other: &'a $Value) -> Self::Output { Self(self.0 - other.0) }
-    }
-    impl<'a> SubAssign<&'a $Value> for $Value {
-      fn sub_assign(&mut self, other: &'a $Value) { self.0 -= other.0 }
-    }
+macro_rules! math_neg {
+  ($Value: ident, $Factor: ident, $add: expr, $sub: expr, $mul: expr) => {
+    math!($Value, $Factor, $add, $sub, $mul);
 
     impl Neg for $Value {
       type Output = Self;
       fn neg(self) -> Self::Output { Self(-self.0) }
     }
-
-    impl Mul<$Factor> for $Value {
-      type Output = $Product;
-      fn mul(self, other: $Factor) -> Self::Output { Self(self.0 * other.0) }
-    }
-    impl MulAssign<$Factor> for $Value {
-      fn mul_assign(&mut self, other: $Factor) { self.0 *= other.0 }
-    }
-
-    impl<'a> Mul<&'a $Factor> for $Value {
-      type Output = Self;
-      fn mul(self, b: &'a $Factor) -> $Product { Self(b.0 * self.0) }
-    }
-    impl<'a> MulAssign<&'a $Factor> for $Value {
-      fn mul_assign(&mut self, other: &'a $Factor) { self.0 *= other.0 }
-    }
   }
 }
 
@@ -147,7 +166,8 @@ macro_rules! from_uint {
 #[derive(Clone, Copy, PartialEq, Eq, Debug, Default)]
 pub struct Scalar(pub DScalar);
 deref_borrow!(Scalar, DScalar);
-math!(Scalar, Scalar, Scalar);
+constant_time!(Scalar, DScalar);
+math_neg!(Scalar, Scalar, DScalar::add, DScalar::sub, DScalar::mul);
 from_uint!(Scalar, DScalar);
 
 impl Scalar {
@@ -164,16 +184,6 @@ impl Scalar {
   }
 }
 
-impl ConstantTimeEq for Scalar {
-  fn ct_eq(&self, other: &Self) -> Choice { self.0.ct_eq(&other.0) }
-}
-
-impl ConditionallySelectable for Scalar {
-  fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
-    Scalar(DScalar::conditional_select(a, b, choice))
-  }
-}
-
 impl Field for Scalar {
   fn random(mut rng: impl RngCore) -> Self {
     let mut r = [0; 64];
@@ -244,7 +254,8 @@ macro_rules! dalek_group {
     #[derive(Clone, Copy, PartialEq, Eq, Debug)]
     pub struct $Point(pub $DPoint);
     deref_borrow!($Point, $DPoint);
-    math!($Point, Scalar, $Point);
+    constant_time!($Point, $DPoint);
+    math_neg!($Point, Scalar, $DPoint::add, $DPoint::sub, $DPoint::mul);
 
     pub const $BASEPOINT_POINT: $Point = $Point(constants::$BASEPOINT_POINT);