arithmetic: Make Elem::{add,sub} methods.

Make these methods instead of a freestanding function to make it
easier to read/write code that uses them, but mostly to be
consistent with other similar changes.

Author: briansmith

src/arithmetic/bigint.rs

@@ -48,7 +48,7 @@ use crate::{
 pub(crate) use {
     self::{
         boxed_limbs::Uninit,
-        elem::{elem_add, elem_sub, elem_verify_equal_consttime, verify_inverses_consttime, Elem},
+        elem::{elem_verify_equal_consttime, verify_inverses_consttime, Elem},
         exp::elem_exp_consttime,
         modulus::{BoxedIntoMont, IntoMont, Mont, One},
         oversized_uninit::OversizedUninit,

src/arithmetic/bigint/elem.rs

@@ -244,36 +244,36 @@ impl<M> Uninit<M> {
     }
 }
 
-// TODO: Document why this works for all Montgomery factors.
-pub fn elem_add<M, E>(mut a: Elem<M, E>, b: Elem<M, E>, m: &Mont<M>) -> Elem<M, E> {
-    limb::limbs_add_assign_mod(a.limbs.as_mut(), b.limbs.as_ref(), m.limbs())
-        .unwrap_or_else(unwrap_impossible_len_mismatch_error);
-    a
-}
+impl<M, E> Elem<M, E> {
+    pub fn add(mut self, b: &Elem<M, E>, m: &Mont<M>) -> Elem<M, E> {
+        limb::limbs_add_assign_mod(self.limbs.as_mut(), b.limbs.as_ref(), m.limbs())
+            .unwrap_or_else(unwrap_impossible_len_mismatch_error);
+        self
+    }
 
-// TODO: Document why this works for all Montgomery factors.
-pub fn elem_sub<M, E>(mut a: Elem<M, E>, b: &Elem<M, E>, m: &Mont<M>) -> Elem<M, E> {
-    prefixed_extern! {
-        // `r` and `a` may alias.
-        fn LIMBS_sub_mod(
-            r: *mut Limb,
-            a: *const Limb,
-            b: *const Limb,
-            m: *const Limb,
-            num_limbs: c::NonZero_size_t,
-        );
+    pub fn sub(mut self, b: &Elem<M, E>, m: &Mont<M>) -> Elem<M, E> {
+        prefixed_extern! {
+            // `r` and `a` may alias.
+            fn LIMBS_sub_mod(
+                r: *mut Limb,
+                a: *const Limb,
+                b: *const Limb,
+                m: *const Limb,
+                num_limbs: c::NonZero_size_t,
+            );
+        }
+        let num_limbs = NonZeroUsize::new(m.limbs().len()).unwrap();
+        let _: &[Limb] = (InOut(self.limbs.as_mut()), b.limbs.as_ref())
+            .with_non_dangling_non_null_pointers(num_limbs, |mut r, [a, b]| {
+                let m = m.limbs().as_ptr(); // Also non-dangling because num_limbs is non-zero.
+                unsafe {
+                    LIMBS_sub_mod(r.start_mut_ptr(), a, b, m, num_limbs);
+                    r.deref_unchecked().assume_init()
+                }
+            })
+            .unwrap_or_else(unwrap_impossible_len_mismatch_error);
+        self
     }
-    let num_limbs = NonZeroUsize::new(m.limbs().len()).unwrap();
-    let _: &[Limb] = (InOut(a.limbs.as_mut()), b.limbs.as_ref())
-        .with_non_dangling_non_null_pointers(num_limbs, |mut r, [a, b]| {
-            let m = m.limbs().as_ptr(); // Also non-dangling because num_limbs is non-zero.
-            unsafe {
-                LIMBS_sub_mod(r.start_mut_ptr(), a, b, m, num_limbs);
-                r.deref_unchecked().assume_init()
-            }
-        })
-        .unwrap_or_else(unwrap_impossible_len_mismatch_error);
-    a
 }
 
 /// Verified a == b**-1 (mod m), i.e. a**-1 == b (mod m).

src/rsa/keypair.rs

@@ -626,7 +626,7 @@ impl KeyPair {
         let h = {
             let pm = &p.modulus(cpu_features);
             let m_2 = pm.alloc_uninit().elem_reduced_once(&m_2, pm, q.len_bits());
-            bigint::elem_sub(m_1, &m_2, pm).mul(&self.qInv, pm)
+            m_1.sub(&m_2, pm).mul(&self.qInv, pm)
         };
 
         // Step 2.b.iv. The reduction in the modular multiplication isn't
@@ -643,7 +643,7 @@ impl KeyPair {
             .encode_mont(n, cpu_features)
             .mul(&h, nm);
         let m_2 = nm.alloc_uninit().elem_widen(&m_2, nm, q.len_bits())?;
-        let m = bigint::elem_add(m_2, q_times_h, nm);
+        let m = m_2.add(&q_times_h, nm);
 
         // Step 2.b.v isn't needed since there are only two primes.