BoxedUint: add cond_map and cond_and_then
#352
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Unfortunately `BoxedUint` can't impl `subtle::ConditionallySelectable` due to a supertrait bound on `Copy`. See dalek-cryptography/subtle#94 This bound is required by `CtOption::map` and `CtOption::and_then` which are important for writing constant-time code. As a workaround which makes it still possible to leverate `CtOption`, this adds special `BoxedUint`-specialized combinators that are able to work around this issue by generating a placeholder (zero) value to pass to the provided callbacks in the event `CtOption` is none. This requires branching on the output of `CtOption` (which is unavoidable without an upstream fix in `subtle` itself), but still ensures that the provided callback function is called with a `BoxedUint` of a matching number of limbs regardless of whether the `CtOption` is some or none, which is the best we can do for now (and really quite close to what `subtle` is doing under the hood anyway).
75 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Unfortunately
BoxedUintcan't implsubtle::ConditionallySelectabledue to a supertrait bound onCopy. See dalek-cryptography/subtle#94This bound is required by
CtOption::mapandCtOption::and_thenwhich are important for writing constant-time code.As a workaround which makes it still possible to leverate
CtOption, this adds specialBoxedUint-specialized combinators that are able to work around this issue by generating a placeholder (zero) value to pass to the provided callbacks in the eventCtOptionis none.This requires branching on the output of
CtOption(which is unavoidable without an upstream fix insubtleitself), but still ensures that the provided callback function is called with aBoxedUintof a matching number of limbs regardless of whether theCtOptionis some or none, which is the best we can do for now (and really quite close to whatsubtleis doing under the hood anyway).