Merge pull request #96 from dsprenkels/black-box

Replace black_box with std::hint::black_box
dalek-cryptography · Feb 7, 2023 · bd282be · bd282be
2 parents 72993f2 + 0dfc572
commit bd282be
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 5 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -25,7 +25,9 @@ matrix:
 script:
   - cargo test && cargo test --no-default-features &&
     cargo test --no-default-features --features std &&
-    cargo test --no-default-features --features "std i128"
+    cargo test --no-default-features --features "std i128" &&
+    cargo test --no-default-features --features "std core_hint_black_box" &&
+    cargo test --no-default-features --features "std i128 core_hint_black_box"
 
 notifications:
   slack:

diff --git a/Cargo.toml b/Cargo.toml
@@ -28,6 +28,7 @@ travis-ci = { repository = "dalek-cryptography/subtle", branch = "master"}
 rand = { version = "0.7" }
 
 [features]
+core_hint_black_box = []
 default = ["std", "i128"]
 std = []
 i128 = []

diff --git a/README.md b/README.md
@@ -26,6 +26,10 @@ prevent this refinement, the crate tries to hide the value of a `Choice`'s
 inner `u8` by passing it through a volatile read. For more information, see
 the _About_ section below.
 
+Rust versions from 1.66 or higher support a new best-effort optimization
+barrier ([`core::hint::black_box`]).  To use the new optimization barrier,
+enable the `core_hint_black_box` feature.
+
 Versions prior to `2.2` recommended use of the `nightly` feature to enable an
 optimization barrier; this is not required in versions `2.2` and above.
 
@@ -48,10 +52,15 @@ Minimum supported Rust version can be changed in the future, but it will be done
 
 This library aims to be the Rust equivalent of Go’s `crypto/subtle` module.
 
-The optimization barrier in `impl From<u8> for Choice` was based on Tim
-Maclean's [work on `rust-timing-shield`][rust-timing-shield], which attempts to
-provide a more comprehensive approach for preventing software side-channels in
-Rust code.
+Old versions of the optimization barrier in `impl From<u8> for Choice` were
+based on Tim Maclean's [work on `rust-timing-shield`][rust-timing-shield],
+which attempts to provide a more comprehensive approach for preventing
+software side-channels in Rust code.
+
+From version `2.2`, it was based on Diane Hosfelt and Amber Sprenkels' work on
+"Secret Types in Rust".  Version `2.3` adds the `core_hint_black_box` feature,
+which uses the original method through the [`core::hint::black_box`] function
+from the Rust standard library.
 
 `subtle` is authored by isis agora lovecruft and Henry de Valence.
 
@@ -66,4 +75,5 @@ effort is fundamentally limited.
 **USE AT YOUR OWN RISK**
 
 [docs]: https://docs.rs/subtle
+[`core::hint::black_box`]: https://doc.rust-lang.org/core/hint/fn.black_box.html
 [rust-timing-shield]: https://www.chosenplaintext.ca/open-source/rust-timing-shield/security
diff --git a/src/lib.rs b/src/lib.rs
@@ -210,6 +210,7 @@ impl Not for Choice {
 /// Note: Rust's notion of "volatile" is subject to change over time. While this
 /// code may break in a non-destructive way in the future, “constant-time” code
 /// is a continually moving target, and this is better than doing nothing.
+#[cfg(not(feature = "core_hint_black_box"))]
 #[inline(never)]
 fn black_box(input: u8) -> u8 {
     debug_assert!((input == 0u8) | (input == 1u8));
@@ -227,6 +228,13 @@ fn black_box(input: u8) -> u8 {
     }
 }
 
+#[cfg(feature = "core_hint_black_box")]
+#[inline]
+fn black_box(input: u8) -> u8 {
+    debug_assert!((input == 0u8) | (input == 1u8));
+    core::hint::black_box(input)
+}
+
 impl From<u8> for Choice {
     #[inline]
     fn from(input: u8) -> Choice {