Fix size mismatches

Author: fjarri

src/hazmat/jacobi.rs

@@ -84,7 +84,7 @@ pub(crate) fn jacobi_symbol_vartime<T: Integer>(
     };
 
     // A degenerate case.
-    if abs_a == 1 || p_long.as_ref() == &T::one() {
+    if abs_a == 1 || p_long.as_ref() == &T::one_like(p_long) {
         return result;
     }
 

src/hazmat/lucas.rs

@@ -1,5 +1,5 @@
 //! Lucas primality test.
-use crypto_bigint::{Integer, Monty, Odd, Square, Word};
+use crypto_bigint::{Integer, Limb, Monty, Odd, Square, Word};
 
 use super::{
     gcd::gcd_vartime,
@@ -161,7 +161,7 @@ impl LucasBase for BruteForceBase {
                 // Since the loop proceeds in increasing P and starts with P - 2 == 1,
                 // the shared prime factor must be P + 2.
                 // If P + 2 == n, then n is prime; otherwise P + 2 is a proper factor of n.
-                let primality = if n.as_ref() == &T::from(p + 2) {
+                let primality = if n.as_ref() == &T::from_limb_like(Limb::from(p + 2), n.as_ref()) {
                     Primality::Prime
                 } else {
                     Primality::Composite
@@ -182,6 +182,7 @@ fn decompose<T: Integer>(n: &Odd<T>) -> (u32, Odd<T>) {
     // Need to be careful here since `n + 1` can overflow.
     // Instead of adding 1 and counting trailing 0s, we count trailing ones on the original `n`.
 
+    let one = T::one_like(n);
     let s = n.trailing_ones_vartime();
     let d = if s < n.bits_precision() {
         // The shift won't overflow because of the check above.
@@ -190,10 +191,10 @@ fn decompose<T: Integer>(n: &Odd<T>) -> (u32, Odd<T>) {
         n.as_ref()
             .overflowing_shr_vartime(s)
             .expect("shift should be within range by construction")
-            .checked_add(&T::one())
+            .checked_add(&one)
             .expect("addition should not overflow by construction")
     } else {
-        T::one()
+        one
     };
 
     (s, Odd::new(d).expect("`d` should be odd by construction"))
@@ -293,6 +294,9 @@ pub fn lucas_test<T: Integer>(
     //   R. Crandall, C. Pomerance, "Prime numbers: a computational perspective",
     //   2nd ed., Springer (2005) (ISBN: 0-387-25282-7, 978-0387-25282-7)
 
+    // A word-to-big integer conversion helper
+    let to_integer = |x: Word| T::from_limb_like(Limb::from(x), candidate.as_ref());
+
     // Find the base for the Lucas sequence.
     let (p, abs_q, q_is_negative) = match base.generate(candidate) {
         Ok(pq) => pq,
@@ -328,7 +332,7 @@ pub fn lucas_test<T: Integer>(
     // it does not noticeably affect the performance.
     if abs_q != 1
         && gcd_vartime(candidate.as_ref(), abs_q) != 1
-        && candidate.as_ref() > &T::from(abs_q)
+        && candidate.as_ref() > &to_integer(abs_q)
     {
         return Primality::Composite;
     }
@@ -351,7 +355,7 @@ pub fn lucas_test<T: Integer>(
     let q = if q_is_one {
         one.clone()
     } else {
-        let abs_q = <T as Integer>::Monty::new(T::from(abs_q), params.clone());
+        let abs_q = <T as Integer>::Monty::new(to_integer(abs_q), params.clone());
         if q_is_negative {
             -abs_q
         } else {
@@ -364,7 +368,7 @@ pub fn lucas_test<T: Integer>(
     let p = if p_is_one {
         one.clone()
     } else {
-        <T as Integer>::Monty::new(T::from(p), params.clone())
+        <T as Integer>::Monty::new(to_integer(p), params.clone())
     };
 
     // Compute d-th element of Lucas sequence (U_d(P, Q), V_d(P, Q)), where:
@@ -387,7 +391,7 @@ pub fn lucas_test<T: Integer>(
     let mut qk = one.clone(); // keeps Q^k
 
     // D in Montgomery representation - note that it can be negative.
-    let abs_d = <T as Integer>::Monty::new(T::from(abs_d), params);
+    let abs_d = <T as Integer>::Monty::new(to_integer(abs_d), params);
     let d_m = if d_is_negative { -abs_d } else { abs_d };
 
     for i in (0..d.bits_vartime()).rev() {

src/hazmat/miller_rabin.rs

@@ -1,6 +1,6 @@
 //! Miller-Rabin primality test.
 
-use crypto_bigint::{Integer, Monty, NonZero, Odd, PowBoundedExp, RandomMod, Square};
+use crypto_bigint::{Integer, Limb, Monty, NonZero, Odd, PowBoundedExp, RandomMod, Square};
 use rand_core::CryptoRngCore;
 
 use super::Primality;
@@ -28,14 +28,16 @@ impl<T: Integer + RandomMod> MillerRabin<T> {
     /// Initializes a Miller-Rabin test for `candidate`.
     pub fn new(candidate: &Odd<T>) -> Self {
         let params = <T as Integer>::Monty::new_params_vartime(candidate.clone());
-        let one = <T as Integer>::Monty::one(params.clone());
-        let minus_one = -one.clone();
+        let m_one = <T as Integer>::Monty::one(params.clone());
+        let m_minus_one = -m_one.clone();
+
+        let one = T::one_like(candidate.as_ref());
 
         // Find `s` and odd `d` such that `candidate - 1 == 2^s * d`.
-        let (s, d) = if candidate.as_ref() == &T::one() {
-            (0, T::one())
+        let (s, d) = if candidate.as_ref() == &one {
+            (0, one)
         } else {
-            let candidate_minus_one = candidate.wrapping_sub(&T::one());
+            let candidate_minus_one = candidate.wrapping_sub(&one);
             let s = candidate_minus_one.trailing_zeros_vartime();
             // Will not overflow because `candidate` is odd and greater than 1.
             let d = candidate_minus_one
@@ -48,8 +50,8 @@ impl<T: Integer + RandomMod> MillerRabin<T> {
             candidate: candidate.as_ref().clone(),
             bit_length: candidate.bits_vartime(),
             montgomery_params: params,
-            one,
-            minus_one,
+            one: m_one,
+            minus_one: m_minus_one,
             s,
             d,
         }
@@ -85,7 +87,7 @@ impl<T: Integer + RandomMod> MillerRabin<T> {
 
     /// Perform a Miller-Rabin check with base 2.
     pub fn test_base_two(&self) -> Primality {
-        self.test(&T::from(2u32))
+        self.test(&T::from_limb_like(Limb::from(2u32), &self.candidate))
     }
 
     /// Perform a Miller-Rabin check with a random base (in the range `[3, candidate-2]`)

src/hazmat/sieve.rs

@@ -19,7 +19,7 @@ pub fn random_odd_integer<T: Integer + RandomBits>(
     let bit_length = bit_length.get();
 
     let mut random = T::random_bits_with_precision(rng, bit_length, bits_precision);
-
+    assert!(random.bits_precision() == bits_precision);
     // Make it odd
     random.set_bit_vartime(0, true);
 
@@ -100,7 +100,7 @@ impl<T: Integer> Sieve<T> {
             base = T::from(3u32);
         } else {
             // Adjust the base so that we hit odd numbers when incrementing it by 2.
-            base |= T::one();
+            base |= T::one_like(start);
         }
 
         // Only calculate residues by primes up to and not including `base`,
@@ -158,9 +158,12 @@ impl<T: Integer> Sieve<T> {
         }
 
         // Find the increment limit.
-        let max_value = match T::one().overflowing_shl_vartime(self.max_bit_length).into() {
+        let max_value = match T::one_like(&self.base)
+            .overflowing_shl_vartime(self.max_bit_length)
+            .into()
+        {
             Some(val) => val,
-            None => T::one(),
+            None => T::one_like(&self.base),
         };
         let incr_limit = max_value.wrapping_sub(&self.base);
         self.incr_limit = if incr_limit > T::from(INCR_LIMIT) {
@@ -219,7 +222,7 @@ impl<T: Integer> Sieve<T> {
                 .checked_add(&self.incr.into())
                 .expect("addition should not overflow by construction");
             if self.safe_primes {
-                num = num.wrapping_shl_vartime(1) | T::one();
+                num = num.wrapping_shl_vartime(1) | T::one_like(&self.base);
             }
             Some(num)
         };

src/presets.rs

@@ -1,6 +1,6 @@
 use core::num::NonZeroU32;
 
-use crypto_bigint::{Integer, Odd, RandomBits, RandomMod};
+use crypto_bigint::{Integer, Limb, Odd, RandomBits, RandomMod};
 use rand_core::CryptoRngCore;
 
 #[cfg(feature = "default-rng")]
@@ -132,7 +132,7 @@ pub fn generate_safe_prime_with_rng<T: Integer + RandomBits + RandomMod>(
 ///       Math. Comp. 90 1931-1955 (2021),
 ///       DOI: [10.1090/mcom/3616](https://doi.org/10.1090/mcom/3616)
 pub fn is_prime_with_rng<T: Integer + RandomMod>(rng: &mut impl CryptoRngCore, num: &T) -> bool {
-    if num == &T::from(2u32) {
+    if num == &T::from_limb_like(Limb::from(2u32), num) {
         return true;
     }
 
@@ -154,7 +154,7 @@ pub fn is_safe_prime_with_rng<T: Integer + RandomMod>(
     // Since, by the definition of safe prime, `(num - 1) / 2` must also be prime,
     // and therefore odd, `num` has to be equal to 3 modulo 4.
     // 5 is the only exception, so we check for it.
-    if num == &T::from(5u32) {
+    if num == &T::from_limb_like(Limb::from(5u32), num) {
         return true;
     }
     if num.as_ref()[0].0 & 3 != 3 {