Redirected from 
README
¶
Package bigmod implements constant-time big integer arithmetic modulo large moduli. Unlike math/big, this package is suitable for implementing security-sensitive cryptographic operations. It is a re-exported version the standard library package crypto/internal/fips140/bigmod used to implement crypto/rsa amongst others.
v0.1.0 is up to date with Go 1.24.
The API is NOT stable.
Documentation
¶
Overview ¶
Package bigmod implements constant-time big integer arithmetic modulo large moduli. Unlike math/big, this package is suitable for implementing security-sensitive cryptographic operations. It is a re-exported version the standard library package crypto/internal/fips140/bigmod used to implement crypto/rsa amongst others.
The API is NOT stable. The caller is responsible for ensuring that Nats are reduced modulo the Modulus they are used with.
Index ¶
- type Modulus
- type Nat
- func (x *Nat) Add(y *Nat, m *Modulus) *Nat
- func (x *Nat) BitLenVarTime() int
- func (x *Nat) Bits() []uint
- func (x *Nat) Bytes(m *Modulus) []byte
- func (x *Nat) DivShortVarTime(y uint) uint
- func (x *Nat) Equal(y *Nat) uint
- func (x *Nat) Exp(y *Nat, e []byte, m *Modulus) *Nat
- func (x *Nat) ExpShortVarTime(y *Nat, e uint, m *Modulus) *Nat
- func (x *Nat) ExpandFor(m *Modulus) *Nat
- func (x *Nat) GCDVarTime(a, b *Nat) (*Nat, error)
- func (x *Nat) InverseVarTime(a *Nat, m *Modulus) (*Nat, bool)
- func (x *Nat) IsMinusOne(m *Modulus) uint
- func (x *Nat) IsOdd() uint
- func (x *Nat) IsOne() uint
- func (x *Nat) IsZero() uint
- func (x *Nat) Mod(y *Nat, m *Modulus) *Nat
- func (x *Nat) Mul(y *Nat, m *Modulus) *Nat
- func (x *Nat) SetBytes(b []byte, m *Modulus) (*Nat, error)
- func (x *Nat) SetOverflowingBytes(b []byte, m *Modulus) (*Nat, error)
- func (x *Nat) SetUint(y uint) *Nat
- func (x *Nat) ShiftRightVarTime(n uint) *Nat
- func (x *Nat) Sub(y *Nat, m *Modulus) *Nat
- func (x *Nat) SubOne(m *Modulus) *Nat
- func (x *Nat) TrailingZeroBitsVarTime() uint
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Modulus ¶
type Modulus struct {
// contains filtered or unexported fields
}
Modulus is used for modular arithmetic, precomputing relevant constants.
A Modulus can leak the exact number of bits needed to store its value and is stored without padding. Its actual value is still kept secret.
func NewModulus ¶ added in v0.1.0
NewModulus creates a new Modulus from a slice of big-endian bytes. The modulus must be greater than one.
The number of significant bits and whether the modulus is even is leaked through timing side-channels.
func NewModulusProduct ¶ added in v0.1.0
NewModulusProduct creates a new Modulus from the product of two numbers represented as big-endian byte slices. The result must be greater than one.
type Nat ¶
type Nat struct {
// contains filtered or unexported fields
}
Nat represents an arbitrary natural number
Each Nat has an announced length, which is the number of limbs it has stored. Operations on this number are allowed to leak this length, but will not leak any information about the values contained in those limbs.
func NewNat ¶
func NewNat() *Nat
NewNat returns a new nat with a size of zero, just like new(Nat), but with the preallocated capacity to hold a number of up to 2048 bits. NewNat inlines, so the allocation can live on the stack.
func (*Nat) Add ¶
Add computes x = x + y mod m.
The length of both operands must be the same as the modulus. Both operands must already be reduced modulo m.
func (*Nat) BitLenVarTime ¶ added in v0.1.0
BitLenVarTime returns the actual size of x in bits.
The actual size of x (but nothing more) leaks through timing side-channels. Note that this is ordinarily secret, as opposed to the announced size of x.
func (*Nat) Bits ¶ added in v0.1.0
Bits returns x as a little-endian slice of uint. The length of the slice matches the announced length of x. The result and x share the same underlying array.
func (*Nat) Bytes ¶
Bytes returns x as a zero-extended big-endian byte slice. The size of the slice will match the size of m.
x must have the same size as m and it must be less than or equal to m.
func (*Nat) DivShortVarTime ¶ added in v0.1.0
DivShortVarTime calculates x = x / y and returns the remainder.
It panics if y is zero.
func (*Nat) Equal ¶
Equal returns 1 if x == y, and 0 otherwise.
Both operands must have the same announced length.
func (*Nat) Exp ¶
Exp calculates x = y^e mod m.
The exponent e is represented in big-endian order. The output will be resized to the size of m and overwritten. y must already be reduced modulo m.
m must be odd, or Exp will panic.
func (*Nat) ExpShortVarTime ¶ added in v0.1.0
ExpShortVarTime calculates out = x^e mod m.
The output will be resized to the size of m and overwritten. x must already be reduced modulo m. This leaks the exponent through timing side-channels.
m must be odd, or ExpShortVarTime will panic.
func (*Nat) ExpandFor ¶
ExpandFor ensures x has the right size to work with operations modulo m.
The announced size of x must be smaller than or equal to that of m.
func (*Nat) GCDVarTime ¶ added in v0.1.0
GCDVarTime calculates x = GCD(a, b) where at least one of a or b is odd, and both are non-zero. If GCDVarTime returns an error, x is not modified.
The output will be resized to the size of the larger of a and b.
func (*Nat) InverseVarTime ¶ added in v0.1.0
InverseVarTime calculates x = a⁻¹ mod m and returns (x, true) if a is invertible. Otherwise, InverseVarTime returns (x, false) and x is not modified.
a must be reduced modulo m, but doesn't need to have the same size. The output will be resized to the size of m and overwritten.
func (*Nat) IsMinusOne ¶ added in v0.1.0
IsMinusOne returns 1 if x == -1 mod m, and 0 otherwise.
The length of x must be the same as the modulus. x must already be reduced modulo m.
func (*Nat) Mod ¶
Mod calculates out = y mod m.
This works regardless how large the value of y is.
The output will be resized to the size of m and overwritten.
func (*Nat) Mul ¶
Mul calculates x = x * y mod m.
The length of both operands must be the same as the modulus. Both operands must already be reduced modulo m.
func (*Nat) SetBytes ¶
SetBytes assigns x = b, where b is a slice of big-endian bytes. SetBytes returns an error if b >= m.
The output will be resized to the size of m and overwritten.
func (*Nat) SetOverflowingBytes ¶
SetOverflowingBytes assigns x = b, where b is a slice of big-endian bytes. SetOverflowingBytes returns an error if b has a longer bit length than m, but reduces overflowing values up to 2^⌈log2(m)⌉ - 1.
The output will be resized to the size of m and overwritten.
func (*Nat) SetUint ¶ added in v0.1.0
SetUint assigns x = y.
The output will be resized to a single limb and overwritten.
func (*Nat) ShiftRightVarTime ¶ added in v0.1.0
ShiftRightVarTime sets x = x >> n.
The announced length of x is unchanged.
func (*Nat) Sub ¶
Sub computes x = x - y mod m.
The length of both operands must be the same as the modulus. Both operands must already be reduced modulo m.
func (*Nat) SubOne ¶ added in v0.1.0
SubOne computes x = x - 1 mod m.
The length of x must be the same as the modulus.
func (*Nat) TrailingZeroBitsVarTime ¶ added in v0.1.0
TrailingZeroBitsVarTime returns the number of trailing zero bits in x.
Source Files