Add BoxedUint::{from_be_slice_vartime, from_le_slice_vartime} (#833)

tarcieri · web-flow · commit c451e15c3c88 · 2025-06-02T14:06:45.000-06:00
Adds methods for decoding `BoxedUint` which infer the precision from the
input size.

This is useful for decoding public parameters, especially when the size
of other parameters is inferred from some public parameter that needs to
be decoded first, e.g. RSA modulus.
diff --git a/src/uint/boxed/encoding.rs b/src/uint/boxed/encoding.rs
@@ -39,6 +39,20 @@ impl BoxedUint {
         Ok(ret)
     }
 
+    /// Create a new [`BoxedUint`] from the provided big endian bytes, automatically selecting its
+    /// precision based on the size of the input.
+    ///
+    /// This method is variable-time with respect to all subsequent operations since it chooses the
+    /// limb count based on the input size, and is therefore only suitable for public inputs.
+    ///
+    /// When working with secret values, use [`BoxedUint::from_be_slice`].
+    pub fn from_be_slice_vartime(bytes: &[u8]) -> Self {
+        let bits_precision = (bytes.len() as u32).saturating_mul(8);
+
+        // TODO(tarcieri): avoid panic
+        Self::from_be_slice(bytes, bits_precision).expect("precision should be large enough")
+    }
+
     /// Create a new [`BoxedUint`] from the provided little endian bytes.
     ///
     /// The `bits_precision` argument represents the precision of the resulting integer, which is
@@ -72,6 +86,20 @@ impl BoxedUint {
         Ok(ret)
     }
 
+    /// Create a new [`BoxedUint`] from the provided little endian bytes, automatically selecting
+    /// its precision based on the size of the input.
+    ///
+    /// This method is variable-time with respect to all subsequent operations since it chooses the
+    /// limb count based on the input size, and is therefore only suitable for public inputs.
+    ///
+    /// When working with secret values, use [`BoxedUint::from_le_slice`].
+    pub fn from_le_slice_vartime(bytes: &[u8]) -> Self {
+        let bits_precision = (bytes.len() as u32).saturating_mul(8);
+
+        // TODO(tarcieri): avoid panic
+        Self::from_le_slice(bytes, bits_precision).expect("precision should be large enough")
+    }
+
     /// Serialize this [`BoxedUint`] as big-endian.
     #[inline]
     pub fn to_be_bytes(&self) -> Box<[u8]> {
@@ -343,6 +371,15 @@ mod tests {
         );
     }
 
+    #[test]
+    fn from_be_slice_vartime() {
+        let bytes = hex!(
+            "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111F"
+        );
+        let uint = BoxedUint::from_be_slice_vartime(&bytes);
+        assert_eq!(&*uint.to_be_bytes_trimmed_vartime(), bytes.as_slice());
+    }
+
     #[test]
     #[cfg(target_pointer_width = "32")]
     fn from_le_slice_eq() {
@@ -436,6 +473,15 @@ mod tests {
         );
     }
 
+    #[test]
+    fn from_le_slice_vartime() {
+        let bytes = hex!(
+            "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111F"
+        );
+        let uint = BoxedUint::from_le_slice_vartime(&bytes);
+        assert_eq!(&*uint.to_le_bytes_trimmed_vartime(), bytes.as_slice());
+    }
+
     #[test]
     fn to_be_bytes() {
         let bytes = hex!("00112233445566778899aabbccddeeff");
diff --git a/tests/boxed_uint.rs b/tests/boxed_uint.rs
@@ -283,7 +283,6 @@ proptest! {
         }
     }
 
-
     #[test]
     fn shr_vartime(a in uint(), shift in any::<u16>()) {
         let a_bi = to_biguint(&a);
@@ -302,7 +301,6 @@ proptest! {
         }
     }
 
-
     #[test]
     fn radix_encode_vartime(a in uint(), radix in 2u32..=36) {
         let a_bi = to_biguint(&a);
@@ -316,4 +314,18 @@ proptest! {
         prop_assert_eq!(dec_bi, a_bi);
 
     }
+
+    #[test]
+    fn from_be_slice_vartime(a in uint()) {
+        let a_bytes = a.to_be_bytes_trimmed_vartime();
+        let b = BoxedUint::from_be_slice_vartime(&a_bytes);
+        prop_assert_eq!(a, b);
+    }
+
+    #[test]
+    fn from_le_slice_vartime(a in uint()) {
+        let a_bytes = a.to_le_bytes_trimmed_vartime();
+        let b = BoxedUint::from_le_slice_vartime(&a_bytes);
+        prop_assert_eq!(a, b);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -283,7 +283,6 @@ proptest! {`
`283`	`283`	`}`
`284`	`284`	`}`
`285`	`285`
`286`		`-`
`287`	`286`	`#[test]`
`288`	`287`	`fn shr_vartime(a in uint(), shift in any::<u16>()) {`
`289`	`288`	`let a_bi = to_biguint(&a);`
`@@ -302,7 +301,6 @@ proptest! {`
`302`	`301`	`}`
`303`	`302`	`}`
`304`	`303`
`305`		`-`
`306`	`304`	`#[test]`
`307`	`305`	`fn radix_encode_vartime(a in uint(), radix in 2u32..=36) {`
`308`	`306`	`let a_bi = to_biguint(&a);`
`@@ -316,4 +314,18 @@ proptest! {`
`316`	`314`	`prop_assert_eq!(dec_bi, a_bi);`
`317`	`315`
`318`	`316`	`}`
	`317`	`+`
	`318`	`+ #[test]`
	`319`	`+ fn from_be_slice_vartime(a in uint()) {`
	`320`	`+ let a_bytes = a.to_be_bytes_trimmed_vartime();`
	`321`	`+ let b = BoxedUint::from_be_slice_vartime(&a_bytes);`
	`322`	`+ prop_assert_eq!(a, b);`
	`323`	`+ }`
	`324`	`+`
	`325`	`+ #[test]`
	`326`	`+ fn from_le_slice_vartime(a in uint()) {`
	`327`	`+ let a_bytes = a.to_le_bytes_trimmed_vartime();`
	`328`	`+ let b = BoxedUint::from_le_slice_vartime(&a_bytes);`
	`329`	`+ prop_assert_eq!(a, b);`
	`330`	`+ }`
`319`	`331`	`}`