[WIP] elliptic-curve: transition from subtle to ctutils

We can't completely remove `subtle` because it's used by the
`ff`/`group` traits, however as much s possible this migrates from
`subtle` to `ctutils`.

It's a bit annoying because we end up with a mixed API of `ctutils` and
`subtle`, but perhaps we can get `ff`/`group` to migrate upstream as
well: RustCrypto/ff#148.

See also: #2275

Author: tarcieri

Cargo.lock

@@ -17,24 +17,25 @@ and public/secret keys composed thereof.
 """
 
 [dependencies]
-array = { package = "hybrid-array", version = "0.4", default-features = false, features = ["zeroize"] }
-bigint = { package = "crypto-bigint", version = "0.7", default-features = false, features = ["hybrid-array", "rand_core", "subtle", "zeroize"] }
+array = { package = "hybrid-array", version = "0.4.10", default-features = false, features = ["ctutils", "zeroize"] }
+bigint = { package = "crypto-bigint", version = "0.7", default-features = false, features = ["hybrid-array", "rand_core", "zeroize"] }
 base16ct = "1"
+ctutils = { version = "0.4", features = ["subtle"] }
 common = { package = "crypto-common", version = "0.2", features = ["rand_core"] }
 rand_core = { version = "0.10", default-features = false }
 subtle = { version = "2.6", default-features = false }
 zeroize = { version = "1.7", default-features = false }
 
 # optional dependencies
 digest = { version = "0.11", optional = true }
-ff = { version = "0.14.0-rc.0", package = "rustcrypto-ff", optional = true, default-features = false }
-group = { version = "0.14.0-rc.0", package = "rustcrypto-group", optional = true, default-features = false }
+ff = { version = "0.14.0-rc.1", package = "rustcrypto-ff", optional = true, default-features = false }
+group = { version = "0.14.0-rc.1", package = "rustcrypto-group", optional = true, default-features = false }
 hkdf = { version = "0.13", optional = true, default-features = false }
 hex-literal = { version = "1", optional = true }
 once_cell = { version = "1.21", optional = true, default-features = false }
 pem-rfc7468 = { version = "1", optional = true, features = ["alloc"] }
 pkcs8 = { version = "0.11.0-rc.10", optional = true, default-features = false }
-sec1 = { version = "0.8", optional = true, features = ["ctutils", "subtle", "zeroize"] }
+sec1 = { version = "0.8.1", optional = true, features = ["ctutils", "zeroize"] }
 serdect = { version = "0.4", optional = true, default-features = false, features = ["alloc"] }
 
 [dev-dependencies]

elliptic-curve/Cargo.toml

@@ -2,15 +2,14 @@
 
 use crate::{
     Curve, CurveGroup, Error, FieldBytes, Group, NonZeroScalar, PrimeCurve, ScalarValue,
-    ctutils::{CtEq, CtSelect},
+    ctutils::{CtEq, CtOption, CtSelect},
     ops::{Invert, LinearCombination, Mul, Reduce},
     point::{AffineCoordinates, NonIdentity},
     scalar::{FromUintUnchecked, IsHigh},
 };
 use bigint::modular::Retrieve;
 use common::Generate;
 use core::fmt::Debug;
-use subtle::{ConditionallySelectable, ConstantTimeEq, CtOption};
 use zeroize::DefaultIsZeroes;
 
 /// Elliptic curve with an arithmetic implementation.
@@ -19,8 +18,6 @@ pub trait CurveArithmetic: Curve {
     type AffinePoint: 'static
         + AffineCoordinates<FieldRepr = FieldBytes<Self>>
         + Copy
-        + ConditionallySelectable
-        + ConstantTimeEq
         + CtEq
         + CtSelect
         + Debug
@@ -46,9 +43,7 @@ pub trait CurveArithmetic: Curve {
     /// - [`Sized`]
     /// - [`Send`]
     /// - [`Sync`]
-    type ProjectivePoint: ConditionallySelectable
-        + ConstantTimeEq
-        + CtEq
+    type ProjectivePoint: CtEq
         + CtSelect
         + Default
         + DefaultIsZeroes
@@ -68,8 +63,8 @@ pub trait CurveArithmetic: Curve {
     /// - `'static`
     /// - [`Copy`]
     /// - [`Clone`]
-    /// - [`ConditionallySelectable`]
-    /// - [`ConstantTimeEq`]
+    /// - [`CtSelect`]
+    /// - [`CtEq`]
     /// - [`Debug`]
     /// - [`Default`]
     /// - [`Send`]