crypto_bigint/
ct_choice.rs

1use subtle::Choice;
2
3use crate::Word;
4
5/// A boolean value returned by constant-time `const fn`s.
6// TODO: should be replaced by `subtle::Choice` or `CtOption`
7// when `subtle` starts supporting const fns.
8#[derive(Debug, Copy, Clone)]
9pub struct CtChoice(Word);
10
11impl CtChoice {
12    /// The falsy value.
13    pub const FALSE: Self = Self(0);
14
15    /// The truthy value.
16    pub const TRUE: Self = Self(Word::MAX);
17
18    /// Returns the truthy value if `value == Word::MAX`, and the falsy value if `value == 0`.
19    /// Panics for other values.
20    pub(crate) const fn from_mask(value: Word) -> Self {
21        debug_assert!(value == Self::FALSE.0 || value == Self::TRUE.0);
22        Self(value)
23    }
24
25    /// Returns the truthy value if `value == 1`, and the falsy value if `value == 0`.
26    /// Panics for other values.
27    pub(crate) const fn from_lsb(value: Word) -> Self {
28        debug_assert!(value == 0 || value == 1);
29        Self(value.wrapping_neg())
30    }
31
32    /// Returns the truthy value if `value != 0`, and the falsy value otherwise.
33    pub(crate) const fn from_usize_being_nonzero(value: usize) -> Self {
34        const HI_BIT: u32 = usize::BITS - 1;
35        Self::from_lsb(((value | value.wrapping_neg()) >> HI_BIT) as Word)
36    }
37
38    /// Returns the truthy value if `x == y`, and the falsy value otherwise.
39    pub(crate) const fn from_usize_equality(x: usize, y: usize) -> Self {
40        Self::from_usize_being_nonzero(x.wrapping_sub(y)).not()
41    }
42
43    /// Returns the truthy value if `x < y`, and the falsy value otherwise.
44    pub(crate) const fn from_usize_lt(x: usize, y: usize) -> Self {
45        let bit = (((!x) & y) | (((!x) | y) & (x.wrapping_sub(y)))) >> (usize::BITS - 1);
46        Self::from_lsb(bit as Word)
47    }
48
49    pub(crate) const fn not(&self) -> Self {
50        Self(!self.0)
51    }
52
53    pub(crate) const fn or(&self, other: Self) -> Self {
54        Self(self.0 | other.0)
55    }
56
57    pub(crate) const fn and(&self, other: Self) -> Self {
58        Self(self.0 & other.0)
59    }
60
61    /// Return `b` if `self` is truthy, otherwise return `a`.
62    pub(crate) const fn select(&self, a: Word, b: Word) -> Word {
63        a ^ (self.0 & (a ^ b))
64    }
65
66    /// Return `x` if `self` is truthy, otherwise return 0.
67    pub(crate) const fn if_true(&self, x: Word) -> Word {
68        x & self.0
69    }
70
71    pub(crate) const fn is_true_vartime(&self) -> bool {
72        self.0 == CtChoice::TRUE.0
73    }
74
75    pub(crate) const fn to_u8(self) -> u8 {
76        (self.0 as u8) & 1
77    }
78}
79
80impl From<CtChoice> for Choice {
81    fn from(choice: CtChoice) -> Self {
82        Choice::from(choice.to_u8())
83    }
84}
85
86impl From<CtChoice> for bool {
87    fn from(choice: CtChoice) -> Self {
88        choice.is_true_vartime()
89    }
90}
91
92#[cfg(test)]
93mod tests {
94    use super::CtChoice;
95    use crate::Word;
96
97    #[test]
98    fn select() {
99        let a: Word = 1;
100        let b: Word = 2;
101        assert_eq!(CtChoice::TRUE.select(a, b), b);
102        assert_eq!(CtChoice::FALSE.select(a, b), a);
103    }
104}