feat: add constant-time trait bounds #219
Merged
+38
−11
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, the only implementation of the
SecretKey
andPublicKey
traits is for Ristretto, where both scalars and group elements use constant-time equality in their underlyingPartialEq
implementations, and which support theConstantTimeEq
trait.This PR does what it can to encourage the use of constant-time equality for keys by doing a few things.
First, it requires that any types implementing
SecretKey
orPublicKey
also implementConstantTimeEq
. Unfortunately, this doesn't guarantee that theirPartialEq
implementation defaults to this, and it doesn't appear possible to enforce this at the trait level.It also sets a good example by manually implementing
PartialEq
on the Ristretto key types to use theirConstantTimeEq
implementations. This isn't strictly necessary, but hopefully helps to indicate best practice. It also implementsConstantTimeEq
directly as required by the new trait bounds.Finally, it implements
ConstantTimeEq
forDiffieHellmanSharedSecret
using the new trait bound, and removes a redundantZeroize
trait bound.Note that this doesn't actually change the current implementations' behavior, and therefore incurs no performance hit.
Closes #139.