### TODO - [ ] #98 - [ ] #99 ### Problem As described in #98, the Signal client crypto implementation wants to use `subtle` to filter and sort `PrivateKey` structs with constant-time operations, but goes through a hacky two-step process to achieve this by first serializing the `PrivateKey` struct to a byte slice (which often incurs a heap allocation for legacy reasons with the Signal code), then calling the `.ct_eq()` implementation predefined for byte slices. #98 proposes a method with a lookup table to process `Ordering`-like results without branching. ### Solution I'm not deeply familiar with the problem space of constant-time operations, but I saw that someone else had already worked out how to accumulate sequences of constant-time logical operations in that `.ct_eq()` implementation for byte slices, so in #99 I exposed the `IteratedOperation` trait and related structs for specific iterated logical comparisons. ### Result I created a proc macro crate at https://github.com/cosmicexplorer/subtle-derive. Example doctest from that crate: ```rust use subtle::ConstantTimeOrd; use subtle_derive::{ConstantTimeEq, ConstantTimeGreater, ConstantTimeLess, ConstEq, ConstPartialOrd, ConstOrd}; #[derive(Debug, ConstantTimeEq, ConstantTimeGreater, ConstantTimeLess, ConstEq, ConstPartialOrd, ConstOrd)] pub struct S(pub u8); impl ConstantTimeOrd for S {} assert!(S(0) == S(0)); assert!(S(0) < S(1)); assert!(S(0) <= S(1)); ``` If the current maintainers think it fits, I could instead convert my `subtle-derive` crate into a PR against this repo instead (and we could hide the proc macro dependency behind a `"derive"` feature flag the way `serde` does: https://serde.rs/derive.html).