Merge branch 'develop' into release/2.5

Author: isislovecruft

.travis.yml

@@ -27,7 +27,9 @@ script:
     cargo test --no-default-features --features std &&
     cargo test --no-default-features --features "std i128" &&
     cargo test --no-default-features --features "std core_hint_black_box" &&
-    cargo test --no-default-features --features "std i128 core_hint_black_box"
+    cargo test --no-default-features --features "std const-generics" &&
+    cargo test --no-default-features --features "std i128 core_hint_black_box" &&
+    cargo test --no-default-features --features "std i128 core_hint_black_box const-generics"
 
 notifications:
   slack:

Cargo.toml

@@ -6,6 +6,7 @@ name = "subtle"
 # - update README if necessary by semver
 # - if any updates were made to the README, also update the module documentation in src/lib.rs
 version = "2.5.0"
+edition = "2018"
 authors = ["Isis Lovecruft <isis@patternsinthevoid.net>",
            "Henry de Valence <hdevalence@hdevalence.ca>"]
 readme = "README.md"
@@ -25,9 +26,10 @@ exclude = [
 travis-ci = { repository = "dalek-cryptography/subtle", branch = "master"}
 
 [dev-dependencies]
-rand = { version = "0.7" }
+rand = { version = "0.8" }
 
 [features]
+const-generics = []
 core_hint_black_box = []
 default = ["std", "i128"]
 std = []

README.md

@@ -30,6 +30,9 @@ Rust versions from 1.66 or higher support a new best-effort optimization
 barrier ([`core::hint::black_box`]).  To use the new optimization barrier,
 enable the `core_hint_black_box` feature.
 
+Rust versions from 1.51 or higher have const generics support. You may enable
+`const-generics` feautre to have `subtle` traits implemented for arrays `[T; N]`.
+
 Versions prior to `2.2` recommended use of the `nightly` feature to enable an
 optimization barrier; this is not required in versions `2.2` and above.
 

fuzz/Cargo.toml

@@ -1,18 +1,19 @@
-
 [package]
 name = "subtle-fuzz"
 version = "0.0.1"
 authors = ["Automatically generated"]
 publish = false
+edition = "2018"
 
 [package.metadata]
 cargo-fuzz = true
 
 [dependencies.subtle]
 path = ".."
-features = ["nightly"]
-[dependencies.libfuzzer-sys]
-git = "https://github.com/rust-fuzz/libfuzzer-sys.git"
+features = ["nightly", "const-generics"]
+
+[dependencies]
+libfuzzer-sys = "0.4"
 
 # Prevent this from interfering with workspaces
 [workspace]
@@ -21,15 +22,27 @@ members = ["."]
 [[bin]]
 name = "conditional_assign_u8"
 path = "fuzzers/conditional_assign_u8.rs"
+test = false
+doc = false
 
 [[bin]]
 name = "conditional_assign_u16"
 path = "fuzzers/conditional_assign_u16.rs"
+test = false
+doc = false
 
 [[bin]]
 name = "conditional_assign_i8"
 path = "fuzzers/conditional_assign_i8.rs"
+test = false
+doc = false
 
 [[bin]]
 name = "conditional_assign_i128"
 path = "fuzzers/conditional_assign_i128.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "conditional_assign_array"
+path = "fuzzers/conditional_assign_array.rs"

fuzz/fuzzers/conditional_assign_array.rs

@@ -0,0 +1,29 @@
+#![no_main]
+
+#[macro_use]
+extern crate libfuzzer_sys;
+extern crate subtle;
+extern crate core;
+
+use core::convert::TryFrom;
+
+use subtle::ConditionallySelectable;
+
+fuzz_target!(|data: &[u8]| {
+    let chunk_size: usize = 16;
+
+    if data.len() % chunk_size != 0 {
+        return;
+    }
+
+    for bytes in data.chunks(chunk_size) {
+        let mut x = [0u8; 16];
+        let y = <[u8; 16]>::try_from(bytes).unwrap();
+
+        x.conditional_assign(&y, 0.into());
+        assert_eq!(x, [0u8; 16]);
+
+        x.conditional_assign(&y, 1.into());
+        assert_eq!(x, y);
+    }
+});

fuzz/fuzzers/conditional_assign_i128.rs

@@ -1,12 +1,6 @@
 #![no_main]
-
-#[macro_use]
-extern crate libfuzzer_sys;
-extern crate subtle;
-extern crate core;
-
+use libfuzzer_sys::fuzz_target;
 use core::intrinsics::transmute;
-
 use subtle::ConditionallySelectable;
 
 fuzz_target!(|data: &[u8]| {
@@ -20,10 +14,10 @@ fuzz_target!(|data: &[u8]| {
         unsafe {
             let mut x: i128 = 0;
             let y: i128 = transmute::<[u8; 16], i128>([
-                bytes[0],  bytes[1],  bytes[2],  bytes[3],
-                bytes[4],  bytes[5],  bytes[6],  bytes[7],
-                bytes[8],  bytes[9],  bytes[10], bytes[11],
-                bytes[12], bytes[13], bytes[14], bytes[15]]);
+                bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5], bytes[6], bytes[7],
+                bytes[8], bytes[9], bytes[10], bytes[11], bytes[12], bytes[13], bytes[14],
+                bytes[15],
+            ]);
 
             x.conditional_assign(&y, 0.into());
             assert_eq!(x, 0);

fuzz/fuzzers/conditional_assign_i8.rs

@@ -1,12 +1,6 @@
 #![no_main]
-
-#[macro_use]
-extern crate libfuzzer_sys;
-extern crate subtle;
-extern crate core;
-
+use libfuzzer_sys::fuzz_target;
 use core::intrinsics::transmute;
-
 use subtle::ConditionallySelectable;
 
 fuzz_target!(|data: &[u8]| {

fuzz/fuzzers/conditional_assign_u16.rs

@@ -1,12 +1,6 @@
 #![no_main]
-
-#[macro_use]
-extern crate libfuzzer_sys;
-extern crate subtle;
-extern crate core;
-
+use libfuzzer_sys::fuzz_target;
 use core::intrinsics::transmute;
-
 use subtle::ConditionallySelectable;
 
 fuzz_target!(|data: &[u8]| {

fuzz/fuzzers/conditional_assign_u8.rs

@@ -1,10 +1,5 @@
 #![no_main]
-
-#[macro_use]
-extern crate libfuzzer_sys;
-extern crate subtle;
-extern crate core;
-
+use libfuzzer_sys::fuzz_target;
 use subtle::ConditionallySelectable;
 
 fuzz_target!(|data: &[u8]| {

src/lib.rs

@@ -45,6 +45,9 @@
 //! barrier ([`core::hint::black_box`]).  To use the new optimization barrier,
 //! enable the `core_hint_black_box` feature.
 //!
+//! Rust versions from 1.51 or higher have const generics support. You may enable
+//! `const-generics` feautre to have `subtle` traits implemented for arrays `[T; N]`.
+//!
 //! Versions prior to `2.2` recommended use of the `nightly` feature to enable an
 //! optimization barrier; this is not required in versions `2.2` and above.
 //!
@@ -97,6 +100,7 @@
 #[macro_use]
 extern crate std;
 
+use core::cmp;
 use core::ops::{BitAnd, BitAndAssign, BitOr, BitOrAssign, BitXor, BitXorAssign, Neg, Not};
 use core::option::Option;
 
@@ -239,7 +243,7 @@ fn black_box(input: u8) -> u8 {
 }
 
 #[cfg(feature = "core_hint_black_box")]
-#[inline]
+#[inline(never)]
 fn black_box(input: u8) -> u8 {
     debug_assert!((input == 0u8) | (input == 1u8));
     core::hint::black_box(input)
@@ -381,6 +385,14 @@ generate_integer_equal!(u64, i64, 64);
 generate_integer_equal!(u128, i128, 128);
 generate_integer_equal!(usize, isize, ::core::mem::size_of::<usize>() * 8);
 
+/// `Ordering` is `#[repr(i8)]` making it possible to leverage `i8::ct_eq`.
+impl ConstantTimeEq for cmp::Ordering {
+    #[inline]
+    fn ct_eq(&self, other: &Self) -> Choice {
+        (*self as i8).ct_eq(&(*other as i8))
+    }
+}
+
 /// A type which can be conditionally selected in constant time.
 ///
 /// This trait also provides generic implementations of conditional
@@ -398,7 +410,6 @@ pub trait ConditionallySelectable: Copy {
     /// # Example
     ///
     /// ```
-    /// # extern crate subtle;
     /// use subtle::ConditionallySelectable;
     /// #
     /// # fn main() {
@@ -421,7 +432,6 @@ pub trait ConditionallySelectable: Copy {
     /// # Example
     ///
     /// ```
-    /// # extern crate subtle;
     /// use subtle::ConditionallySelectable;
     /// #
     /// # fn main() {
@@ -447,7 +457,6 @@ pub trait ConditionallySelectable: Copy {
     /// # Example
     ///
     /// ```
-    /// # extern crate subtle;
     /// use subtle::ConditionallySelectable;
     /// #
     /// # fn main() {
@@ -542,13 +551,52 @@ generate_integer_conditional_select!( u64  i64);
 #[cfg(feature = "i128")]
 generate_integer_conditional_select!(u128 i128);
 
+/// `Ordering` is `#[repr(i8)]` where:
+///
+/// - `Less` => -1
+/// - `Equal` => 0
+/// - `Greater` => 1
+///
+/// Given this, it's possible to operate on orderings as if they're integers,
+/// which allows leveraging conditional masking for predication.
+impl ConditionallySelectable for cmp::Ordering {
+    fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
+        let a = *a as i8;
+        let b = *b as i8;
+        let ret = i8::conditional_select(&a, &b, choice);
+
+        // SAFETY: `Ordering` is `#[repr(i8)]` and `ret` has been assigned to
+        // a value which was originally a valid `Ordering` then cast to `i8`
+        unsafe { *((&ret as *const _) as *const cmp::Ordering) }
+    }
+}
+
 impl ConditionallySelectable for Choice {
     #[inline]
     fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
         Choice(u8::conditional_select(&a.0, &b.0, choice))
     }
 }
 
+#[cfg(feature = "const-generics")]
+impl<T, const N: usize> ConditionallySelectable for [T; N]
+where
+    T: ConditionallySelectable,
+{
+    #[inline]
+    fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
+        let mut output = *a;
+        output.conditional_assign(b, choice);
+        output
+    }
+
+    fn conditional_assign(&mut self, other: &Self, choice: Choice) {
+        for (a_i, b_i) in self.iter_mut().zip(other) {
+            a_i.conditional_assign(b_i, choice)
+        }
+    }
+}
+
 /// A type which can be conditionally negated in constant time.
 ///
 /// # Note
@@ -794,7 +842,6 @@ pub trait ConstantTimeGreater {
     /// # Example
     ///
     /// ```
-    /// # extern crate subtle;
     /// use subtle::ConstantTimeGreater;
     ///
     /// let x: u8 = 13;
@@ -847,7 +894,7 @@ macro_rules! generate_unsigned_integer_greater {
                 Choice::from((bit & 1) as u8)
             }
         }
-    }
+    };
 }
 
 generate_unsigned_integer_greater!(u8, 8);
@@ -857,6 +904,16 @@ generate_unsigned_integer_greater!(u64, 64);
 #[cfg(feature = "i128")]
 generate_unsigned_integer_greater!(u128, 128);
 
+impl ConstantTimeGreater for cmp::Ordering {
+    #[inline]
+    fn ct_gt(&self, other: &Self) -> Choice {
+        // No impl of `ConstantTimeGreater` for `i8`, so use `u8`
+        let a = (*self as i8) + 1;
+        let b = (*other as i8) + 1;
+        (a as u8).ct_gt(&(b as u8))
+    }
+}
+
 /// A type which can be compared in some manner and be determined to be less
 /// than another of the same type.
 pub trait ConstantTimeLess: ConstantTimeEq + ConstantTimeGreater {
@@ -878,7 +935,6 @@ pub trait ConstantTimeLess: ConstantTimeEq + ConstantTimeGreater {
     /// # Example
     ///
     /// ```
-    /// # extern crate subtle;
     /// use subtle::ConstantTimeLess;
     ///
     /// let x: u8 = 13;
@@ -908,3 +964,13 @@ impl ConstantTimeLess for u32 {}
 impl ConstantTimeLess for u64 {}
 #[cfg(feature = "i128")]
 impl ConstantTimeLess for u128 {}
+
+impl ConstantTimeLess for cmp::Ordering {
+    #[inline]
+    fn ct_lt(&self, other: &Self) -> Choice {
+        // No impl of `ConstantTimeLess` for `i8`, so use `u8`
+        let a = (*self as i8) + 1;
+        let b = (*other as i8) + 1;
+        (a as u8).ct_lt(&(b as u8))
+    }
+}