Skip to main content

Choice

ctutils

Struct Choice 

Source 
pub struct Choice(/* private fields */);
Expand description

Constant-time analogue of bool providing a “best effort” optimization barrier.

This type attempts to hint to the compiler and its codegen backends that optimizations should not be applied which depend on specific values of this type.

This is used as a “belt-and-suspenders” defense in addition to mechanisms like constant-time predication intrinsics provided by the cmov crate, and is never expected to be the only line of defense.

Implementations§

Source§

impl Choice

Source

pub const FALSE: Self

Equivalent of false.

Source

pub const TRUE: Self

Equivalent of true.

Source

pub const fn and(self, rhs: Choice) -> Choice

Apply an and conditional to the given Choices.

Source

pub const fn or(self, rhs: Choice) -> Choice

Apply an or conditional to the given Choices.

Source

pub const fn xor(self, rhs: Choice) -> Choice

Apply an xor conditional to the given Choices.

Source

pub const fn not(self) -> Choice

Compute the boolean inverse of self.

Source

pub const fn eq(self, other: Self) -> Self

const fn equality operation.

Source

pub const fn ne(self, other: Self) -> Self

const fn not equal operation.

Source

pub const fn from_i64_eq(x: i64, y: i64) -> Self

Returns Choice::TRUE if x == y, and Choice::FALSE otherwise.

Source

pub const fn from_u8_eq(x: u8, y: u8) -> Self

Returns Choice::TRUE if x == y, and Choice::FALSE otherwise.

Source

pub const fn from_u8_le(x: u8, y: u8) -> Self

Returns Choice::TRUE if x <= y and Choice::FALSE otherwise.

Source

pub const fn from_u8_lsb(value: u8) -> Self

Initialize from the least significant bit of a u8.

Source

pub const fn from_u8_lt(x: u8, y: u8) -> Self

Returns Choice::TRUE if x < y, and Choice::FALSE otherwise.

Source

pub const fn from_u8_nz(value: u8) -> Self

Returns Choice::TRUE if value != 0, and Choice::FALSE otherwise.

Source

pub const fn from_u16_eq(x: u16, y: u16) -> Self

Returns Choice::TRUE if x == y, and Choice::FALSE otherwise.

Source

pub const fn from_u16_le(x: u16, y: u16) -> Self

Returns Choice::TRUE if x <= y and Choice::FALSE otherwise.

Source

pub const fn from_u16_lsb(value: u16) -> Self

Initialize from the least significant bit of a u16.

Source

pub const fn from_u16_lt(x: u16, y: u16) -> Self

Returns Choice::TRUE if x < y, and Choice::FALSE otherwise.

Source

pub const fn from_u16_nz(value: u16) -> Self

Returns Choice::TRUE if value != 0, and Choice::FALSE otherwise.

Source

pub const fn from_u32_eq(x: u32, y: u32) -> Self

Returns Choice::TRUE if x == y, and Choice::FALSE otherwise.

Source

pub const fn from_u32_le(x: u32, y: u32) -> Self

Returns Choice::TRUE if x <= y and Choice::FALSE otherwise.

Source

pub const fn from_u32_lsb(value: u32) -> Self

Initialize from the least significant bit of a u32.

Source

pub const fn from_u32_lt(x: u32, y: u32) -> Self

Returns Choice::TRUE if x < y, and Choice::FALSE otherwise.

Source

pub const fn from_u32_nz(value: u32) -> Self

Returns Choice::TRUE if value != 0, and Choice::FALSE otherwise.

Source

pub const fn from_u64_eq(x: u64, y: u64) -> Self

Returns Choice::TRUE if x == y, and Choice::FALSE otherwise.

Source

pub const fn from_u64_le(x: u64, y: u64) -> Self

Returns Choice::TRUE if x <= y and Choice::FALSE otherwise.

Source

pub const fn from_u64_lsb(value: u64) -> Self

Initialize from the least significant bit of a u64.

Source

pub const fn from_u64_lt(x: u64, y: u64) -> Self

Returns Choice::TRUE if x < y, and Choice::FALSE otherwise.

Source

pub const fn from_u64_nz(value: u64) -> Self

Returns Choice::TRUE if value != 0, and Choice::FALSE otherwise.

Source

pub const fn from_u128_eq(x: u128, y: u128) -> Self

Returns Choice::TRUE if x == y, and Choice::FALSE otherwise.

Source

pub const fn from_u128_le(x: u128, y: u128) -> Self

Returns Choice::TRUE if x <= y and Choice::FALSE otherwise.

Source

pub const fn from_u128_lsb(value: u128) -> Self

Initialize from the least significant bit of a u128.

Source

pub const fn from_u128_lt(x: u128, y: u128) -> Self

Returns Choice::TRUE if x < y, and Choice::FALSE otherwise.

Source

pub const fn from_u128_nz(value: u128) -> Self

Returns Choice::TRUE if value != 0, and Choice::FALSE otherwise.

Source

pub const fn select_i64(self, a: i64, b: i64) -> i64

const fn helper: return b if self is Choice::TRUE, otherwise return a.

Only use this instead of the [CtSelect] trait in the event you’re in a const fn context and can’t use the trait. The former will provide better constant-time assurances.

Source

pub const fn select_u8(self, a: u8, b: u8) -> u8

const fn helper: return b if self is Choice::TRUE, otherwise return a.

Only use this instead of the [CtSelect] trait in the event you’re in a const fn context and can’t use the trait. The former will provide better constant-time assurances.

Source

pub const fn select_u16(self, a: u16, b: u16) -> u16

const fn helper: return b if self is Choice::TRUE, otherwise return a.

Only use this instead of the [CtSelect] trait in the event you’re in a const fn context and can’t use the trait. The former will provide better constant-time assurances.

Source

pub const fn select_u32(self, a: u32, b: u32) -> u32

const fn helper: return b if self is Choice::TRUE, otherwise return a.

Only use this instead of the [CtSelect] trait in the event you’re in a const fn context and can’t use the trait. The former will provide better constant-time assurances.

Source

pub const fn select_u64(self, a: u64, b: u64) -> u64

const fn helper: return b if self is Choice::TRUE, otherwise return a.

Only use this instead of the [CtSelect] trait in the event you’re in a const fn context and can’t use the trait. The former will provide better constant-time assurances.

Source

pub const fn select_u128(self, a: u128, b: u128) -> u128

const fn helper: return b if self is Choice::TRUE, otherwise return a.

Only use this instead of the [CtSelect] trait in the event you’re in a const fn context and can’t use the trait. The former will provide better constant-time assurances.

Source

pub fn to_bool(self) -> bool

Convert Choice into a bool.

Security Warning

Using this function will introduce timing variability, since computing this at all currently requires a branch.

This is intended to be used as either the one and only branch at the end of a constant-time operation to e.g. differentiate between success and failure, or in contexts where constant-time doesn’t matter, e.g. variable-time code that operates on “maybe secret” types which aren’t secrets in a particular context.

If you are trying to use this in the context of a constant-time operation, be warned that the small amount of timing variability it introduces can potentially be exploited. Whenever possible, prefer fully constant-time approaches instead.

Source

pub fn to_u8(self) -> u8

Convert Choice to a u8, attempting to apply a “best effort” optimization barrier.

Source

pub const fn to_bool_vartime(self) -> bool

HACK: workaround to allow const fn boolean support on Rust 1.85.

This does not apply black_box to the output.

Security Warning

See the security warnings for Choice::to_bool.

Source

pub const fn to_u8_vartime(self) -> u8

HACK: workaround to allow const fn boolean support on Rust 1.85.

This does not apply black_box to the output.

Source

pub const fn to_u8_mask(self) -> u8

Create a u8 bitmask.

§Returns
  • 0 for Choice::FALSE
  • u8::MAX for Choice::TRUE
Source

pub const fn to_u16_mask(self) -> u16

Create a u16 bitmask.

§Returns
  • 0 for Choice::FALSE
  • u16::MAX for Choice::TRUE
Source

pub const fn to_u32_mask(self) -> u32

Create a u32 bitmask.

§Returns
  • 0 for Choice::FALSE
  • u32::MAX for Choice::TRUE
Source

pub const fn to_u64_mask(self) -> u64

Create a u64 bitmask.

§Returns
  • 0 for Choice::FALSE
  • u64::MAX for Choice::TRUE
Source

pub const fn to_u128_mask(self) -> u128

Create a u128 bitmask.

§Returns
  • 0 for Choice::FALSE
  • u128::MAX for Choice::TRUE

Trait Implementations§

Source§

impl BitAnd for Choice

Source§

type Output = Choice

The resulting type after applying the & operator.
Source§

fn bitand(self, rhs: Choice) -> Choice

Performs the & operation. Read more
Source§

impl BitAndAssign for Choice

Source§

fn bitand_assign(&mut self, rhs: Choice)

Performs the &= operation. Read more
Source§

impl BitOr for Choice

Source§

type Output = Choice

The resulting type after applying the | operator.
Source§

fn bitor(self, rhs: Choice) -> Choice

Performs the | operation. Read more
Source§

impl BitOrAssign for Choice

Source§

fn bitor_assign(&mut self, rhs: Choice)

Performs the |= operation. Read more
Source§

impl BitXor for Choice

Source§

type Output = Choice

The resulting type after applying the ^ operator.
Source§

fn bitxor(self, rhs: Choice) -> Choice

Performs the ^ operation. Read more
Source§

impl BitXorAssign for Choice

Source§

fn bitxor_assign(&mut self, rhs: Choice)

Performs the ^= operation. Read more
Source§

impl Clone for Choice

Source§

fn clone(&self) -> Choice

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl CtAssign for Choice

Source§

fn ct_assign(&mut self, other: &Self, choice: Choice)

Conditionally assign src to self if choice is Choice::TRUE.
Source§

impl CtAssignSlice for Choice

Source§

fn ct_assign_slice(dst: &mut [Self], src: &[Self], choice: Choice)

Conditionally assign src to dst if choice is Choice::TRUE, or leave it unchanged for Choice::FALSE.
Source§

impl CtEq for Choice

Source§

fn ct_eq(&self, other: &Self) -> Self

Determine if self is equal to other in constant-time.
Source§

fn ct_ne(&self, other: &Rhs) -> Choice

Determine if self is NOT equal to other in constant-time.
Source§

impl CtEqSlice for Choice

Source§

fn ct_eq_slice(a: &[Self], b: &[Self]) -> Choice

Determine if a is equal to b in constant-time.
Source§

fn ct_ne_slice(a: &[Self], b: &[Self]) -> Choice

Determine if a is NOT equal to b in constant-time.
Source§

impl Debug for Choice

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<Choice> for bool

Convert Choice into a bool.

Security Warning

Using this function will introduce timing variability, since computing this at all currently requires a branch.

See the security warnings for Choice::to_bool.

Source§

fn from(choice: Choice) -> bool

Converts to this type from the input type.
Source§

impl From<Choice> for u8

Source§

fn from(choice: Choice) -> u8

Converts to this type from the input type.
Source§

impl From<u8> for Choice

DEPRECATED: this exists to aid migrating code from subtle. Use Choice::from_u8_lsb instead.

Note

Rust doesn’t actually let us deprecate an impl block, however this comment is here to discourage future use and warn that this will be removed in a future release.

Source§

fn from(value: u8) -> Self

Converts to this type from the input type.
Source§

impl Not for Choice

Source§

type Output = Choice

The resulting type after applying the ! operator.
Source§

fn not(self) -> Choice

Performs the unary ! operation. Read more
Source§

impl Copy for Choice

Source§

impl CtSelectUsingCtAssign for Choice

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> CtSelect for T
where T: CtSelectUsingCtAssign,

Source§

fn ct_select(&self, other: &T, choice: Choice) -> T

Select between self and other based on choice, returning a copy of the value. Read more
Source§

fn ct_swap(&mut self, other: &mut Self, choice: Choice)

Conditionally swap self and other if choice is Choice::TRUE.
Source§

impl<T, const N: usize> CtSelectArray<N> for T
where T: Clone + CtAssignSlice + CtSelect,

Source§

fn ct_select_array(a: &[T; N], b: &[T; N], choice: Choice) -> [T; N]

Select between a and b in constant-time based on choice.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.