Add subtle trait impls for DynResidue and DynResidueParams (#269)

fjarri · web-flow · commit ed9a92f93254 · 2023-08-30T12:53:23.000-06:00
diff --git a/src/uint/modular/runtime_mod.rs b/src/uint/modular/runtime_mod.rs
@@ -7,7 +7,7 @@ use super::{
     Retrieve,
 };
 
-use subtle::CtOption;
+use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 /// Additions between residues with a modulus set at runtime
 mod runtime_add;
@@ -103,6 +103,28 @@ impl<const LIMBS: usize> DynResidueParams<LIMBS> {
     }
 }
 
+impl<const LIMBS: usize> ConditionallySelectable for DynResidueParams<LIMBS> {
+    fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
+        Self {
+            modulus: Uint::conditional_select(&a.modulus, &b.modulus, choice),
+            r: Uint::conditional_select(&a.r, &b.r, choice),
+            r2: Uint::conditional_select(&a.r2, &b.r2, choice),
+            r3: Uint::conditional_select(&a.r3, &b.r3, choice),
+            mod_neg_inv: Limb::conditional_select(&a.mod_neg_inv, &b.mod_neg_inv, choice),
+        }
+    }
+}
+
+impl<const LIMBS: usize> ConstantTimeEq for DynResidueParams<LIMBS> {
+    fn ct_eq(&self, other: &Self) -> Choice {
+        self.modulus.ct_eq(&other.modulus)
+            & self.r.ct_eq(&other.r)
+            & self.r2.ct_eq(&other.r2)
+            & self.r3.ct_eq(&other.r3)
+            & self.mod_neg_inv.ct_eq(&other.mod_neg_inv)
+    }
+}
+
 /// A residue represented using `LIMBS` limbs. The odd modulus of this residue is set at runtime.
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub struct DynResidue<const LIMBS: usize> {
@@ -211,6 +233,30 @@ impl<const LIMBS: usize, P: ResidueParams<LIMBS>> From<&Residue<P, LIMBS>> for D
     }
 }
 
+impl<const LIMBS: usize> ConditionallySelectable for DynResidue<LIMBS> {
+    fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
+        Self {
+            montgomery_form: Uint::conditional_select(
+                &a.montgomery_form,
+                &b.montgomery_form,
+                choice,
+            ),
+            residue_params: DynResidueParams::conditional_select(
+                &a.residue_params,
+                &b.residue_params,
+                choice,
+            ),
+        }
+    }
+}
+
+impl<const LIMBS: usize> ConstantTimeEq for DynResidue<LIMBS> {
+    fn ct_eq(&self, other: &Self) -> Choice {
+        self.montgomery_form.ct_eq(&other.montgomery_form)
+            & self.residue_params.ct_eq(&other.residue_params)
+    }
+}
+
 /// NOTE: this does _not_ zeroize the parameters, in order to maintain some form of type consistency
 #[cfg(feature = "zeroize")]
 impl<const LIMBS: usize> zeroize::Zeroize for DynResidue<LIMBS> {
