forked from RustCrypto/crypto-bigint
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathct.rs
74 lines (59 loc) · 2.11 KB
/
ct.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
//! Constant-time helper functions.
use super::BoxedUint;
use crate::{ConstantTimeSelect, Limb};
use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable};
/// NOTE: can't impl `subtle`'s [`ConditionallySelectable`] trait due to its `Copy` bound
impl ConstantTimeSelect for BoxedUint {
#[inline]
fn ct_select(a: &Self, b: &Self, choice: Choice) -> Self {
debug_assert_eq!(a.bits_precision(), b.bits_precision());
let mut limbs = vec![Limb::ZERO; a.nlimbs()].into_boxed_slice();
for i in 0..a.nlimbs() {
limbs[i] = Limb::conditional_select(&a.limbs[i], &b.limbs[i], choice);
}
Self { limbs }
}
#[inline]
fn ct_assign(&mut self, other: &Self, choice: Choice) {
debug_assert_eq!(self.bits_precision(), other.bits_precision());
for i in 0..self.nlimbs() {
self.limbs[i].conditional_assign(&other.limbs[i], choice);
}
}
#[inline]
fn ct_swap(a: &mut Self, b: &mut Self, choice: Choice) {
debug_assert_eq!(a.bits_precision(), b.bits_precision());
for i in 0..a.nlimbs() {
Limb::conditional_swap(&mut a.limbs[i], &mut b.limbs[i], choice);
}
}
}
impl ConditionallyNegatable for BoxedUint {
#[inline]
fn conditional_negate(&mut self, choice: Choice) {
let self_neg = self.wrapping_neg();
self.ct_assign(&self_neg, choice)
}
}
#[cfg(test)]
mod tests {
use crate::{BoxedUint, ConstantTimeSelect};
use subtle::{Choice, ConditionallyNegatable};
#[test]
fn conditional_select() {
let a = BoxedUint::zero_with_precision(128);
let b = BoxedUint::max(128);
assert_eq!(a, BoxedUint::ct_select(&a, &b, Choice::from(0)));
assert_eq!(b, BoxedUint::ct_select(&a, &b, Choice::from(1)));
}
#[test]
fn conditional_negate() {
let mut a = BoxedUint::from(123u64);
let control = a.clone();
a.conditional_negate(Choice::from(0));
assert_eq!(a, control);
a.conditional_negate(Choice::from(1));
assert_ne!(a, control);
assert_eq!(a, control.wrapping_neg());
}
}