primefield+p384: upgrade to fiat-crypto v0.1.4 (#1157)

Updates the field element type generating macros in the `primefield`
crate to be compatible with the latest `fiat-crypto` code as
postprocessed by `fiat-constify`, and regenerates the `p384` field impls
using `fiat-crypto` v0.1.4.

This update leverages `const_mut_refs` to be much closer to the upstream
`fiat-crypto` output, while still providing `const fn` support.

This change also starts extracting a `fiat` module within `primeorder`
for macros that are specific to `fiat-crypto` output.

With this upgrade in place, upgrading the rest of the curve crates
should be comparatively straightforward.

Author: tarcieri

Cargo.lock

@@ -25,5 +25,6 @@ ecdsa = { git = "https://github.com/RustCrypto/signatures.git" }
 rfc6979 = { git = "https://github.com/RustCrypto/signatures.git" }
 
 # https://github.com/RustCrypto/traits/pull/1777
+crypto-bigint = { git = "https://github.com/RustCrypto/crypto-bigint.git" }
 elliptic-curve = { git = "https://github.com/RustCrypto/traits.git" }
-signature      = { git = "https://github.com/RustCrypto/traits.git" }
+signature = { git = "https://github.com/RustCrypto/traits.git" }

Cargo.toml

@@ -23,6 +23,7 @@ elliptic-curve = { version = "0.14.0-rc.0", default-features = false, features =
 # optional dependencies
 ecdsa-core = { version = "=0.17.0-pre.9", package = "ecdsa", optional = true, default-features = false, features = ["der"] }
 hex-literal = { version = "1", optional = true }
+primefield = { version = "=0.14.0-pre.0", optional = true, path = "../primefield" }
 primeorder = { version = "=0.14.0-pre.2", optional = true, path = "../primeorder" }
 serdect = { version = "0.3", optional = true, default-features = false }
 sha2 = { version = "=0.11.0-pre.5", optional = true, default-features = false }
@@ -41,7 +42,12 @@ default = ["arithmetic", "ecdsa", "pem", "std"]
 alloc = ["ecdsa-core?/alloc", "elliptic-curve/alloc", "primeorder?/alloc"]
 std = ["alloc", "ecdsa-core?/std", "elliptic-curve/std"]
 
-arithmetic = ["dep:primeorder", "elliptic-curve/arithmetic", "elliptic-curve/digest"]
+arithmetic = [
+    "dep:primefield",
+    "dep:primeorder",
+    "elliptic-curve/arithmetic",
+    "elliptic-curve/digest"
+]
 bits = ["arithmetic", "elliptic-curve/bits"]
 digest = ["ecdsa-core/digest", "ecdsa-core/hazmat"]
 ecdh = ["arithmetic", "elliptic-curve/ecdh"]

p384/Cargo.toml

@@ -25,18 +25,13 @@ mod field_impl;
 
 use self::field_impl::*;
 use crate::{FieldBytes, NistP384};
-use core::{
-    fmt::{self, Debug},
-    iter::{Product, Sum},
-    ops::{AddAssign, MulAssign, Neg, SubAssign},
-};
-use elliptic_curve::ops::Invert;
+use core::fmt::{self, Debug};
 use elliptic_curve::{
-    bigint::{Limb, U384},
+    bigint::U384,
     ff::PrimeField,
+    ops::Invert,
     subtle::{Choice, ConstantTimeEq, CtOption},
 };
-use primeorder::impl_bernstein_yang_invert;
 
 /// Constant representing the modulus
 /// p = 2^{384} − 2^{128} − 2^{96} + 2^{32} − 1
@@ -46,50 +41,28 @@ pub(crate) const MODULUS: U384 = U384::from_be_hex(FieldElement::MODULUS);
 #[derive(Clone, Copy)]
 pub struct FieldElement(pub(super) U384);
 
-primeorder::impl_mont_field_element!(
-    NistP384,
+primefield::field_element_type!(NistP384, FieldElement, FieldBytes, U384, MODULUS);
+
+primefield::fiat_field_arithmetic!(
     FieldElement,
     FieldBytes,
     U384,
-    MODULUS,
+    fiat_p384_non_montgomery_domain_field_element,
     fiat_p384_montgomery_domain_field_element,
     fiat_p384_from_montgomery,
     fiat_p384_to_montgomery,
     fiat_p384_add,
     fiat_p384_sub,
     fiat_p384_mul,
     fiat_p384_opp,
-    fiat_p384_square
+    fiat_p384_square,
+    fiat_p384_divstep_precomp,
+    fiat_p384_divstep,
+    fiat_p384_msat,
+    fiat_p384_selectznz
 );
 
 impl FieldElement {
-    /// Compute [`FieldElement`] inversion: `1 / self`.
-    pub fn invert(&self) -> CtOption<Self> {
-        CtOption::new(self.invert_unchecked(), !self.is_zero())
-    }
-
-    /// Returns the multiplicative inverse of self.
-    ///
-    /// Does not check that self is non-zero.
-    const fn invert_unchecked(&self) -> Self {
-        let words = impl_bernstein_yang_invert!(
-            self.0.as_words(),
-            Self::ONE.0.to_words(),
-            384,
-            U384::LIMBS,
-            Limb,
-            fiat_p384_from_montgomery,
-            fiat_p384_mul,
-            fiat_p384_opp,
-            fiat_p384_divstep_precomp,
-            fiat_p384_divstep,
-            fiat_p384_msat,
-            fiat_p384_selectznz,
-        );
-
-        Self(U384::from_words(words))
-    }
-
     /// Returns the square root of self mod p, or `None` if no square root
     /// exists.
     pub fn sqrt(&self) -> CtOption<Self> {
@@ -175,10 +148,6 @@ impl Invert for FieldElement {
 mod tests {
     use super::FieldElement;
     use elliptic_curve::ff::PrimeField;
-    use primeorder::{
-        impl_field_identity_tests, impl_field_invert_tests, impl_field_sqrt_tests,
-        impl_primefield_tests,
-    };
 
     /// t = (modulus - 1) >> S
     const T: [u64; 6] = [
@@ -190,8 +159,8 @@ mod tests {
         0x7fffffffffffffff,
     ];
 
-    impl_field_identity_tests!(FieldElement);
-    impl_field_invert_tests!(FieldElement);
-    impl_field_sqrt_tests!(FieldElement);
-    impl_primefield_tests!(FieldElement, T);
+    primefield::test_field_constants!(FieldElement, T);
+    primefield::test_field_identity!(FieldElement);
+    primefield::test_field_invert!(FieldElement);
+    primefield::test_field_sqrt!(FieldElement);
 }