ctutils: core::num::NonZero<T> support (#1368)

Adds initial support for the following aliases of `NonZero<T>`:

- NonZeroI8
- NonZeroI16
- NonZeroI32
- NonZeroI64
- NonZeroI128
- NonZeroU8
- NonZeroU16
- NonZeroU32
- NonZeroU64
- NonZeroU128

(We can't yet implement things generically because `NonZero` bounds on
`T: ZeroablePrimitive` which is unstable)

The following traits are impl'd for all of the above:
- `CtAssign`
- `CtEq`
- `CtNeg`
- `CtSelect`

The following are impl'd for the unsigned `NonZeroU*` types:
- `CtGt`
- `CtLt`

Author: tarcieri

ctutils/src/lib.rs

@@ -17,6 +17,8 @@
     clippy::panic_in_result_fn,
     clippy::std_instead_of_alloc,
     clippy::std_instead_of_core,
+    clippy::undocumented_unsafe_blocks,
+    clippy::unnecessary_safety_comment,
     missing_copy_implementations,
     missing_debug_implementations,
     missing_docs,

ctutils/src/traits/ct_assign.rs

@@ -1,6 +1,12 @@
 use crate::{Choice, CtSelect};
 use cmov::Cmov;
-use core::cmp;
+use core::{
+    cmp,
+    num::{
+        NonZeroI8, NonZeroI16, NonZeroI32, NonZeroI64, NonZeroI128, NonZeroU8, NonZeroU16,
+        NonZeroU32, NonZeroU64, NonZeroU128,
+    },
+};
 
 #[cfg(feature = "alloc")]
 use alloc::{boxed::Box, vec::Vec};
@@ -29,7 +35,19 @@ macro_rules! impl_ct_assign_with_ct_select {
     };
 }
 
-impl_ct_assign_with_ct_select!(cmp::Ordering);
+impl_ct_assign_with_ct_select!(
+    cmp::Ordering,
+    NonZeroI8,
+    NonZeroI16,
+    NonZeroI32,
+    NonZeroI64,
+    NonZeroI128,
+    NonZeroU8,
+    NonZeroU16,
+    NonZeroU32,
+    NonZeroU64,
+    NonZeroU128
+);
 
 /// Impl `CtAssign` using the `cmov::Cmov` trait
 macro_rules! impl_ct_assign_with_cmov {

ctutils/src/traits/ct_eq.rs

@@ -1,6 +1,12 @@
 use crate::Choice;
 use cmov::CmovEq;
-use core::cmp;
+use core::{
+    cmp,
+    num::{
+        NonZeroI8, NonZeroI16, NonZeroI32, NonZeroI64, NonZeroI128, NonZeroU8, NonZeroU16,
+        NonZeroU32, NonZeroU64, NonZeroU128,
+    },
+};
 
 #[cfg(feature = "subtle")]
 use crate::CtOption;
@@ -24,7 +30,7 @@ where
     }
 }
 
-// Impl `CtEq` using the `cmov::CmovEq` trait
+/// Impl `CtEq` using the `cmov::CmovEq` trait
 macro_rules! impl_ct_eq_with_cmov_eq {
     ( $($ty:ty),+ ) => {
         $(
@@ -42,6 +48,33 @@ macro_rules! impl_ct_eq_with_cmov_eq {
 
 impl_ct_eq_with_cmov_eq!(i8, i16, i32, i64, i128, u8, u16, u32, u64, u128);
 
+/// Impl `CtEq` for `NonZero<T>` by calling `NonZero::get`.
+macro_rules! impl_ct_eq_for_nonzero_integer {
+    ( $($ty:ty),+ ) => {
+        $(
+            impl CtEq for $ty {
+                #[inline]
+                fn ct_eq(&self, other: &Self) -> Choice {
+                    self.get().ct_eq(&other.get())
+                }
+            }
+        )+
+    };
+}
+
+impl_ct_eq_for_nonzero_integer!(
+    NonZeroI8,
+    NonZeroI16,
+    NonZeroI32,
+    NonZeroI64,
+    NonZeroI128,
+    NonZeroU8,
+    NonZeroU16,
+    NonZeroU32,
+    NonZeroU64,
+    NonZeroU128
+);
+
 #[cfg(any(target_pointer_width = "32", target_pointer_width = "64"))]
 impl CtEq for isize {
     #[cfg(target_pointer_width = "32")]

ctutils/src/traits/ct_gt.rs

@@ -1,5 +1,8 @@
 use crate::Choice;
-use core::cmp;
+use core::{
+    cmp,
+    num::{NonZeroU8, NonZeroU16, NonZeroU32, NonZeroU64, NonZeroU128},
+};
 
 /// Constant time greater than.
 pub trait CtGt {
@@ -24,6 +27,22 @@ macro_rules! impl_unsigned_ct_gt {
 
 impl_unsigned_ct_gt!(u8, u16, u32, u64, u128);
 
+/// Impl `CtGt` for `NonZero<T>` by calling `NonZero::get`.
+macro_rules! impl_ct_gt_for_nonzero_integer {
+    ( $($ty:ty),+ ) => {
+        $(
+            impl CtGt for $ty {
+                #[inline]
+                fn ct_gt(&self, other: &Self) -> Choice {
+                    self.get().ct_gt(&other.get())
+                }
+            }
+        )+
+    };
+}
+
+impl_ct_gt_for_nonzero_integer!(NonZeroU8, NonZeroU16, NonZeroU32, NonZeroU64, NonZeroU128);
+
 impl CtGt for cmp::Ordering {
     #[inline]
     fn ct_gt(&self, other: &Self) -> Choice {

ctutils/src/traits/ct_lt.rs

@@ -1,5 +1,8 @@
 use crate::Choice;
-use core::cmp;
+use core::{
+    cmp,
+    num::{NonZeroU8, NonZeroU16, NonZeroU32, NonZeroU64, NonZeroU128},
+};
 
 /// Constant time less than.
 pub trait CtLt {
@@ -24,6 +27,22 @@ macro_rules! impl_unsigned_ct_lt {
 
 impl_unsigned_ct_lt!(u8, u16, u32, u64, u128);
 
+/// Impl `CtLt` for `NonZero<T>` by calling `NonZero::get`.
+macro_rules! impl_ct_lt_for_nonzero_integer {
+    ( $($ty:ty),+ ) => {
+        $(
+            impl CtLt for $ty {
+                #[inline]
+                fn ct_lt(&self, other: &Self) -> Choice {
+                    self.get().ct_lt(&other.get())
+                }
+            }
+        )+
+    };
+}
+
+impl_ct_lt_for_nonzero_integer!(NonZeroU8, NonZeroU16, NonZeroU32, NonZeroU64, NonZeroU128);
+
 impl CtLt for cmp::Ordering {
     #[inline]
     fn ct_lt(&self, other: &Self) -> Choice {

ctutils/src/traits/ct_neg.rs

@@ -1,4 +1,8 @@
 use crate::{Choice, CtAssign, CtSelect};
+use core::num::{
+    NonZeroI8, NonZeroI16, NonZeroI32, NonZeroI64, NonZeroI128, NonZeroU8, NonZeroU16, NonZeroU32,
+    NonZeroU64, NonZeroU128,
+};
 
 /// Constant-time conditional negation: negates a value when `choice` is [`Choice::TRUE`].
 pub trait CtNeg: Sized {
@@ -58,6 +62,42 @@ macro_rules! impl_unsigned_ct_neg {
 impl_signed_ct_neg!(i8, i16, i32, i64, i128);
 impl_unsigned_ct_neg!(u8, u16, u32, u64, u128);
 
+/// Impl `CtNeg` for `NonZero<T>` by calling the `CtNeg` impl for `T`.
+macro_rules! impl_ct_neg_for_nonzero_integer {
+    ( $($nzint:ident),+ ) => {
+        $(
+             impl CtNeg for $nzint {
+                #[inline]
+                fn ct_neg(&self, choice: Choice) -> Self {
+                    let n = self.get().ct_neg(choice);
+
+                    // SAFETY: we are constructing `NonZero` from a value we obtained from
+                    // `NonZero::get`, which ensures it's non-zero, and the negation of a non-zero
+                    // integer will always be non-zero:
+                    //
+                    // - signed: `{i*}::MIN` and `{i*}::MAX` are each other's negations
+                    // - unsigned: `1` and `{u*}::MAX` are each other's negations
+                    #[allow(unsafe_code)]
+                    unsafe { $nzint::new_unchecked(n) }
+                }
+            }
+        )+
+    };
+}
+
+impl_ct_neg_for_nonzero_integer!(
+    NonZeroI8,
+    NonZeroI16,
+    NonZeroI32,
+    NonZeroI64,
+    NonZeroI128,
+    NonZeroU8,
+    NonZeroU16,
+    NonZeroU32,
+    NonZeroU64,
+    NonZeroU128
+);
+
 #[cfg(test)]
 mod tests {
     /// Test `CtNeg` impl on `i*`

ctutils/src/traits/ct_select.rs

@@ -1,5 +1,11 @@
 use crate::{Choice, CtAssign};
-use core::cmp;
+use core::{
+    cmp,
+    num::{
+        NonZeroI8, NonZeroI16, NonZeroI32, NonZeroI64, NonZeroI128, NonZeroU8, NonZeroU16,
+        NonZeroU32, NonZeroU64, NonZeroU128,
+    },
+};
 
 #[cfg(feature = "subtle")]
 use crate::CtOption;
@@ -47,6 +53,38 @@ macro_rules! impl_ct_select_with_ct_assign {
 
 impl_ct_select_with_ct_assign!(i8, i16, i32, i64, i128, u8, u16, u32, u64, u128);
 
+/// Impl `CtSelect` for `NonZero<T>` by calling the `CtSelect` impl for `T`.
+macro_rules! impl_ct_select_for_nonzero_integer {
+    ( $($nzint:ident),+ ) => {
+        $(
+             impl CtSelect for $nzint {
+                #[inline]
+                fn ct_select(&self, rhs: &Self, choice: Choice) -> Self {
+                    let n = self.get().ct_select(&rhs.get(), choice);
+
+                    // SAFETY: we are constructing `NonZero` from a value we obtained from
+                    // `NonZero::get`, which ensures it's non-zero.
+                    #[allow(unsafe_code)]
+                    unsafe { $nzint::new_unchecked(n) }
+                }
+            }
+        )+
+    };
+}
+
+impl_ct_select_for_nonzero_integer!(
+    NonZeroI8,
+    NonZeroI16,
+    NonZeroI32,
+    NonZeroI64,
+    NonZeroI128,
+    NonZeroU8,
+    NonZeroU16,
+    NonZeroU32,
+    NonZeroU64,
+    NonZeroU128
+);
+
 #[cfg(any(target_pointer_width = "32", target_pointer_width = "64"))]
 impl CtSelect for isize {
     #[cfg(target_pointer_width = "32")]