4 releases (2 breaking)
0.3.0-rc.0 | Sep 10, 2024 |
---|---|
0.3.0-pre.0 | Jan 7, 2024 |
0.2.0 | Feb 26, 2023 |
0.1.0 | Mar 29, 2022 |
#101 in Encoding
432,494 downloads per month
Used in 499 crates
(27 directly)
42KB
616 lines
RustCrypto: Constant-Time Serde Helpers
Constant-time serde serializer/deserializer helpers for data that potentially contains secrets (e.g. cryptographic keys)
About
Serialization is a potential sidechannel for leaking sensitive secrets such as cryptographic keys.
This crate provides "best effort" constant-time helper methods for reducing
the amount of timing variability involved in serializing/deserializing data
when using serde
, Rust's standard serialization framework.
These helper methods conditionally serialize data as hexadecimal using the
constant-time base16ct
crate when using human-readable formats such as
JSON or TOML. When using a binary format, the data is serialized as-is into
binary.
While this crate can't ensure that format implementations don't perform other kinds of data-dependent branching on the contents of the serialized data, using a constant-time hex serialization with human-readable formats should help reduce the overall timing variability.
serdect
is tested against the following crates:
bincode
v1ciborium
v0.2rmp-serde
v1serde-json-core
v0.5serde-json
v1toml
v0.7
Minimum Supported Rust Version
Rust 1.70 or newer.
In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope for this crate's SemVer guarantees), however when we do it will be accompanied by a minor version bump.
License
Licensed under either of:
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Dependencies
~110–350KB