absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 12:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

\#242 Expand usage of black_box/zeroize

Browse Source 
This commit greatly expands the usage of black_box/zeroize on bits, as it
originally should have. It is likely overkill, leading to less efficient
code generation, yet does its best to be comprehensive where comprehensiveness
is extremely annoying to achieve.

In the future, this usage of black_box may be desirable to move to its own
crate.

Credit to @AaronFeickert for identifying the original commit was incomplete.
This commit is contained in:
Luke Parker
2023-03-10 06:27:44 -05:00
parent 62dfc63532
commit ad470bc969
10 changed files with 163 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/multiexp/Cargo.toml
View File

@@ -27,4 +27,5 @@ k256 = { version = "0.12", features = ["bits"] }
dalek-ff-group = { path = "../dalek-ff-group" }
[features]
black_box = []
batch = ["rand_core"]

31
crypto/multiexp/src/lib.rs
View File

@@ -1,5 +1,7 @@
#![cfg_attr(docsrs, feature(doc_auto_cfg))]
use core::ops::DerefMut;
use zeroize::Zeroize;
use ff::PrimeFieldBits;
@@ -19,6 +21,29 @@ pub use batch::BatchVerifier;
#[cfg(test)]
mod tests;
// Feature gated due to MSRV requirements
#[cfg(feature = "black_box")]
pub(crate) fn black_box<T>(val: T) -> T {
core::hint::black_box(val)
}
#[cfg(not(feature = "black_box"))]
pub(crate) fn black_box<T>(val: T) -> T {
val
}
fn u8_from_bool(bit_ref: &mut bool) -> u8 {
let bit_ref = black_box(bit_ref);
let mut bit = black_box(*bit_ref);
let res = black_box(bit as u8);
bit.zeroize();
debug_assert!((res | 1) == 1);
bit_ref.zeroize();
res
}
// Convert scalars to `window`-sized bit groups, as needed to index a table
// This algorithm works for `window <= 8`
pub(crate) fn prep_bits<G: Group>(pairs: &[(G::Scalar, G)], window: u8) -> Vec<Vec<u8>>
@@ -33,10 +58,8 @@ where
let mut bits = pair.0.to_le_bits();
groupings.push(vec![0; (bits.len() + (w_usize - 1)) / w_usize]);
for (i, mut raw_bit) in bits.iter_mut().enumerate() {
let mut bit = u8::from(*raw_bit);
(*raw_bit).zeroize();
for (i, mut bit) in bits.iter_mut().enumerate() {
let mut bit = u8_from_bool(bit.deref_mut());
groupings[p][i / w_usize] |= bit << (i % w_usize);
bit.zeroize();
}