Migrate from subtle to ctutils (#507)

tarcieri · web-flow · commit 0284c59ca6fe · 2026-05-09T18:49:43.000-06:00
See RustCrypto/meta#29
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/ssh-cipher/Cargo.toml b/ssh-cipher/Cargo.toml
@@ -28,10 +28,10 @@ aes = { version = "0.9.0-rc.4", optional = true, default-features = false }
 aes-gcm = { version = "0.11.0-rc.3", optional = true, default-features = false, features = ["aes"] }
 cbc = { version = "0.2", optional = true }
 ctr = { version = "0.10.0-rc.4", optional = true, default-features = false }
+ctutils = { version = "0.4", optional = true, default-features = false }
 chacha20 = { version = "0.10.0-rc.10", optional = true, default-features = false, features = ["cipher", "legacy"] }
 des = { version = "0.9.0-rc.3", optional = true, default-features = false }
 poly1305 = { version = "0.9.0-rc.6", optional = true, default-features = false }
-subtle = { version = "2", optional = true, default-features = false }
 zeroize = { version = "1", optional = true, default-features = false }
 
 [dev-dependencies]
@@ -41,7 +41,7 @@ hex-literal = "1"
 aes-cbc = ["dep:aes", "dep:cbc"]
 aes-ctr = ["dep:aes", "dep:ctr"]
 aes-gcm = ["dep:aead", "dep:aes", "dep:aes-gcm"]
-chacha20poly1305 = ["dep:aead", "dep:chacha20", "dep:poly1305", "dep:subtle"]
+chacha20poly1305 = ["dep:aead", "dep:chacha20", "dep:poly1305", "dep:ctutils"]
 tdes = ["dep:des", "dep:cbc"]
 zeroize = [
     "dep:zeroize",
diff --git a/ssh-cipher/src/chacha20poly1305.rs b/ssh-cipher/src/chacha20poly1305.rs
@@ -9,8 +9,8 @@ use aead::{
     inout::InOutBuf,
 };
 use cipher::{KeyIvInit, StreamCipher, StreamCipherSeek};
+use ctutils::CtEq;
 use poly1305::{Poly1305, universal_hash::UniversalHash};
-use subtle::ConstantTimeEq;
 
 #[cfg(feature = "zeroize")]
 use zeroize::{Zeroize, ZeroizeOnDrop};
diff --git a/ssh-encoding/Cargo.toml b/ssh-encoding/Cargo.toml
@@ -19,10 +19,10 @@ rust-version = "1.85"
 base64ct = { version = "1.8", optional = true }
 bigint = { package = "crypto-bigint", version = "0.7", optional = true, default-features = false, features = ["alloc"] }
 bytes = { version = "1", optional = true, default-features = false }
+ctutils = { version = "0.4", optional = true, default-features = false }
 digest = { version = "0.11", optional = true, default-features = false }
 pem-rfc7468 = { version = "1", optional = true }
 ssh-derive = { version = "0.3.0-rc.0", optional = true }
-subtle = { version = "2", optional = true, default-features = false }
 zeroize = { version = "1", optional = true, default-features = false }
 
 [dev-dependencies]
diff --git a/ssh-encoding/src/mpint.rs b/ssh-encoding/src/mpint.rs
@@ -7,8 +7,8 @@ use core::fmt;
 #[cfg(feature = "bigint")]
 use crate::Uint;
 
-#[cfg(feature = "subtle")]
-use subtle::{Choice, ConstantTimeEq};
+#[cfg(feature = "ctutils")]
+use ctutils::{Choice, CtEq};
 
 #[cfg(any(feature = "bigint", feature = "zeroize"))]
 use zeroize::Zeroize;
@@ -40,8 +40,8 @@ use zeroize::Zeroizing;
 /// | 80              | `00 00 00 02 00 80`
 /// |-1234            | `00 00 00 02 ed cc`
 /// | -deadbeef       | `00 00 00 05 ff 21 52 41 11`
-#[cfg_attr(not(feature = "subtle"), derive(Clone))]
-#[cfg_attr(feature = "subtle", derive(Clone, Ord, PartialOrd))] // TODO: constant time (Partial)`Ord`?
+#[cfg_attr(not(feature = "ctutils"), derive(Clone))]
+#[cfg_attr(feature = "ctutils", derive(Clone, Ord, PartialOrd))] // TODO: constant time (Partial)`Ord`?
 pub struct Mpint {
     /// Inner big endian-serialized integer value
     inner: Box<[u8]>,
@@ -112,17 +112,17 @@ impl AsRef<[u8]> for Mpint {
     }
 }
 
-#[cfg(feature = "subtle")]
-impl ConstantTimeEq for Mpint {
+#[cfg(feature = "ctutils")]
+impl CtEq for Mpint {
     fn ct_eq(&self, other: &Self) -> Choice {
         self.as_ref().ct_eq(other.as_ref())
     }
 }
 
-#[cfg(feature = "subtle")]
+#[cfg(feature = "ctutils")]
 impl Eq for Mpint {}
 
-#[cfg(feature = "subtle")]
+#[cfg(feature = "ctutils")]
 impl PartialEq for Mpint {
     fn eq(&self, other: &Self) -> bool {
         self.ct_eq(other).into()
diff --git a/ssh-key/Cargo.toml b/ssh-key/Cargo.toml
@@ -27,12 +27,12 @@ features = ["zeroize"]
 [dependencies.encoding]
 version = "0.3.0-rc.8"
 package = "ssh-encoding"
-features = ["base64", "digest", "pem", "subtle", "zeroize"]
+features = ["base64", "digest", "pem", "ctutils", "zeroize"]
 
 [dependencies]
+ctutils = { version = "0.4", default-features = false }
 sha2 = { version = "0.11", default-features = false }
 signature = { version = "3", default-features = false }
-subtle = { version = "2", default-features = false }
 zeroize = { version = "1", default-features = false }
 
 # optional dependencies
diff --git a/ssh-key/src/ppk.rs b/ssh-key/src/ppk.rs
@@ -17,9 +17,9 @@ use sha2::Sha256;
 use crate::private::KeypairData;
 use crate::public::KeyData;
 use crate::{Algorithm, Error, PublicKey};
+use ctutils::CtEq;
 use encoding::base64::{self, Base64, Encoding};
 use encoding::{Decode, Encode, LabelError, Reader};
-use subtle::ConstantTimeEq;
 
 #[derive(Debug)]
 pub enum Kdf {
diff --git a/ssh-key/src/private.rs b/ssh-key/src/private.rs
@@ -143,11 +143,11 @@ pub use self::sk::SkEcdsaSha2NistP256;
 use crate::{Algorithm, Cipher, Error, Fingerprint, HashAlg, Kdf, PublicKey, Result, public};
 use cipher::Tag;
 use core::str;
+use ctutils::{Choice, CtEq};
 use encoding::{
     CheckedSum, Decode, DecodePem, Encode, EncodePem, Reader, Writer,
     pem::{LineEnding, PemLabel},
 };
-use subtle::{Choice, ConstantTimeEq};
 
 #[cfg(feature = "alloc")]
 use {
@@ -737,7 +737,7 @@ impl PrivateKey {
     }
 }
 
-impl ConstantTimeEq for PrivateKey {
+impl CtEq for PrivateKey {
     fn ct_eq(&self, other: &Self) -> Choice {
         // Constant-time with respect to private key data
         self.key_data.ct_eq(&other.key_data)
diff --git a/ssh-key/src/private/dsa.rs b/ssh-key/src/private/dsa.rs
@@ -2,8 +2,8 @@
 
 use crate::{Error, Mpint, Result, public::DsaPublicKey};
 use core::fmt;
+use ctutils::{Choice, CtEq};
 use encoding::{CheckedSum, Decode, Encode, Reader, Writer};
-use subtle::{Choice, ConstantTimeEq};
 use zeroize::Zeroize;
 
 #[cfg(feature = "dsa")]
@@ -51,7 +51,7 @@ impl AsRef<[u8]> for DsaPrivateKey {
     }
 }
 
-impl ConstantTimeEq for DsaPrivateKey {
+impl CtEq for DsaPrivateKey {
     fn ct_eq(&self, other: &Self) -> Choice {
         self.inner.ct_eq(&other.inner)
     }
@@ -181,7 +181,7 @@ impl DsaKeypair {
     }
 }
 
-impl ConstantTimeEq for DsaKeypair {
+impl CtEq for DsaKeypair {
     fn ct_eq(&self, other: &Self) -> Choice {
         Choice::from((self.public == other.public) as u8) & self.private.ct_eq(&other.private)
     }
diff --git a/ssh-key/src/private/ecdsa.rs b/ssh-key/src/private/ecdsa.rs
@@ -2,9 +2,9 @@
 
 use crate::{Algorithm, EcdsaCurve, Error, Result, public::EcdsaPublicKey};
 use core::fmt;
+use ctutils::{Choice, CtEq};
 use encoding::{CheckedSum, Decode, Encode, Reader, Writer};
 use sec1::consts::{U32, U48, U66};
-use subtle::{Choice, ConstantTimeEq};
 use zeroize::Zeroize;
 
 #[cfg(feature = "rand_core")]
@@ -106,7 +106,7 @@ impl<const SIZE: usize> AsRef<[u8; SIZE]> for EcdsaPrivateKey<SIZE> {
     }
 }
 
-impl<const SIZE: usize> ConstantTimeEq for EcdsaPrivateKey<SIZE> {
+impl<const SIZE: usize> CtEq for EcdsaPrivateKey<SIZE> {
     fn ct_eq(&self, other: &Self) -> Choice {
         self.as_ref().ct_eq(other.as_ref())
     }
@@ -282,7 +282,7 @@ impl EcdsaKeypair {
     }
 }
 
-impl ConstantTimeEq for EcdsaKeypair {
+impl CtEq for EcdsaKeypair {
     fn ct_eq(&self, other: &Self) -> Choice {
         let public_eq =
             Choice::from((EcdsaPublicKey::from(self) == EcdsaPublicKey::from(other)) as u8);
diff --git a/ssh-key/src/private/ed25519.rs b/ssh-key/src/private/ed25519.rs
@@ -4,8 +4,8 @@
 
 use crate::{Error, Result, public::Ed25519PublicKey};
 use core::fmt;
+use ctutils::{Choice, CtEq};
 use encoding::{CheckedSum, Decode, Encode, Reader, Writer};
-use subtle::{Choice, ConstantTimeEq};
 use zeroize::{Zeroize, Zeroizing};
 
 #[cfg(feature = "rand_core")]
@@ -45,7 +45,7 @@ impl AsRef<[u8; Self::BYTE_SIZE]> for Ed25519PrivateKey {
     }
 }
 
-impl ConstantTimeEq for Ed25519PrivateKey {
+impl CtEq for Ed25519PrivateKey {
     fn ct_eq(&self, other: &Self) -> Choice {
         self.as_ref().ct_eq(other.as_ref())
     }
@@ -192,7 +192,7 @@ impl Ed25519Keypair {
     }
 }
 
-impl ConstantTimeEq for Ed25519Keypair {
+impl CtEq for Ed25519Keypair {
     fn ct_eq(&self, other: &Self) -> Choice {
         Choice::from((self.public == other.public) as u8) & self.private.ct_eq(&other.private)
     }
diff --git a/ssh-key/src/private/keypair.rs b/ssh-key/src/private/keypair.rs
@@ -2,8 +2,8 @@
 
 use super::ed25519::Ed25519Keypair;
 use crate::{Algorithm, Error, Result, public};
+use ctutils::{Choice, CtEq};
 use encoding::{CheckedSum, Decode, Encode, Reader, Writer};
-use subtle::{Choice, ConstantTimeEq};
 
 #[cfg(feature = "alloc")]
 use {
@@ -269,7 +269,7 @@ impl KeypairData {
     }
 }
 
-impl ConstantTimeEq for KeypairData {
+impl CtEq for KeypairData {
     fn ct_eq(&self, other: &Self) -> Choice {
         // Note: constant-time with respect to key *data* comparisons, not algorithms
         match (self, other) {
diff --git a/ssh-key/src/private/opaque.rs b/ssh-key/src/private/opaque.rs
@@ -14,8 +14,8 @@ use crate::{
 };
 use alloc::vec::Vec;
 use core::fmt;
+use ctutils::{Choice, CtEq};
 use encoding::{CheckedSum, Decode, Encode, Reader, Writer};
-use subtle::{Choice, ConstantTimeEq};
 
 /// An opaque private key.
 ///
@@ -118,7 +118,7 @@ impl Encode for OpaqueKeypair {
     }
 }
 
-impl ConstantTimeEq for OpaqueKeypair {
+impl CtEq for OpaqueKeypair {
     fn ct_eq(&self, other: &Self) -> Choice {
         Choice::from((self.public == other.public) as u8) & self.private.ct_eq(&other.private)
     }
@@ -148,7 +148,7 @@ impl fmt::Debug for OpaqueKeypair {
     }
 }
 
-impl ConstantTimeEq for OpaquePrivateKeyBytes {
+impl CtEq for OpaquePrivateKeyBytes {
     fn ct_eq(&self, other: &Self) -> Choice {
         self.as_ref().ct_eq(other.as_ref())
     }
diff --git a/ssh-key/src/private/rsa.rs b/ssh-key/src/private/rsa.rs
@@ -2,8 +2,8 @@
 
 use crate::{Error, Mpint, Result, public::RsaPublicKey};
 use core::fmt;
+use ctutils::{Choice, CtEq};
 use encoding::{CheckedSum, Decode, Encode, Reader, Writer};
-use subtle::{Choice, ConstantTimeEq};
 use zeroize::Zeroize;
 
 #[cfg(feature = "rsa")]
@@ -66,7 +66,7 @@ impl RsaPrivateKey {
     }
 }
 
-impl ConstantTimeEq for RsaPrivateKey {
+impl CtEq for RsaPrivateKey {
     fn ct_eq(&self, other: &Self) -> Choice {
         self.d.ct_eq(&other.d)
             & self.iqmp.ct_eq(&self.iqmp)
@@ -163,7 +163,7 @@ impl RsaKeypair {
     }
 }
 
-impl ConstantTimeEq for RsaKeypair {
+impl CtEq for RsaKeypair {
     fn ct_eq(&self, other: &Self) -> Choice {
         Choice::from((self.public == other.public) as u8) & self.private.ct_eq(&other.private)
     }

Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,8 @@`
`2`	`2`
`3`	`3`	`use crate::{Error, Mpint, Result, public::DsaPublicKey};`
`4`	`4`	`use core::fmt;`
	`5`	`+use ctutils::{Choice, CtEq};`
`5`	`6`	`use encoding::{CheckedSum, Decode, Encode, Reader, Writer};`
`6`		`-use subtle::{Choice, ConstantTimeEq};`
`7`	`7`	`use zeroize::Zeroize;`
`8`	`8`
`9`	`9`	`#[cfg(feature = "dsa")]`
`@@ -51,7 +51,7 @@ impl AsRef<[u8]> for DsaPrivateKey {`
`51`	`51`	`}`
`52`	`52`	`}`
`53`	`53`
`54`		`-impl ConstantTimeEq for DsaPrivateKey {`
	`54`	`+impl CtEq for DsaPrivateKey {`
`55`	`55`	`fn ct_eq(&self, other: &Self) -> Choice {`
`56`	`56`	`self.inner.ct_eq(&other.inner)`
`57`	`57`	`}`
`@@ -181,7 +181,7 @@ impl DsaKeypair {`
`181`	`181`	`}`
`182`	`182`	`}`
`183`	`183`
`184`		`-impl ConstantTimeEq for DsaKeypair {`
	`184`	`+impl CtEq for DsaKeypair {`
`185`	`185`	`fn ct_eq(&self, other: &Self) -> Choice {`
`186`	`186`	`Choice::from((self.public == other.public) as u8) & self.private.ct_eq(&other.private)`
`187`	`187`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,9 +2,9 @@`
`2`	`2`
`3`	`3`	`use crate::{Algorithm, EcdsaCurve, Error, Result, public::EcdsaPublicKey};`
`4`	`4`	`use core::fmt;`
	`5`	`+use ctutils::{Choice, CtEq};`
`5`	`6`	`use encoding::{CheckedSum, Decode, Encode, Reader, Writer};`
`6`	`7`	`use sec1::consts::{U32, U48, U66};`
`7`		`-use subtle::{Choice, ConstantTimeEq};`
`8`	`8`	`use zeroize::Zeroize;`
`9`	`9`
`10`	`10`	`#[cfg(feature = "rand_core")]`
`@@ -106,7 +106,7 @@ impl<const SIZE: usize> AsRef<[u8; SIZE]> for EcdsaPrivateKey<SIZE> {`
`106`	`106`	`}`
`107`	`107`	`}`
`108`	`108`
`109`		`-impl<const SIZE: usize> ConstantTimeEq for EcdsaPrivateKey<SIZE> {`
	`109`	`+impl<const SIZE: usize> CtEq for EcdsaPrivateKey<SIZE> {`
`110`	`110`	`fn ct_eq(&self, other: &Self) -> Choice {`
`111`	`111`	`self.as_ref().ct_eq(other.as_ref())`
`112`	`112`	`}`
`@@ -282,7 +282,7 @@ impl EcdsaKeypair {`
`282`	`282`	`}`
`283`	`283`	`}`
`284`	`284`
`285`		`-impl ConstantTimeEq for EcdsaKeypair {`
	`285`	`+impl CtEq for EcdsaKeypair {`
`286`	`286`	`fn ct_eq(&self, other: &Self) -> Choice {`
`287`	`287`	`let public_eq =`
`288`	`288`	`Choice::from((EcdsaPublicKey::from(self) == EcdsaPublicKey::from(other)) as u8);`