4 releases (2 breaking)
| 0.3.0-rc.0 | Sep 10, 2024 |
|---|---|
| 0.3.0-pre.0 | Jan 7, 2024 |
| 0.2.0 | Feb 26, 2023 |
| 0.1.0 | Mar 29, 2022 |
#119 in Encoding
432,263 downloads per month
Used in 536 crates
(28 directly)
42KB
616 lines
RustCrypto: Constant-Time Serde Helpers
Constant-time serde serializer/deserializer helpers for data that potentially contains secrets (e.g. cryptographic keys)
About
Serialization is a potential sidechannel for leaking sensitive secrets such as cryptographic keys.
This crate provides "best effort" constant-time helper methods for reducing
the amount of timing variability involved in serializing/deserializing data
when using serde, Rust's standard serialization framework.
These helper methods conditionally serialize data as hexadecimal using the
constant-time base16ct crate when using human-readable formats such as
JSON or TOML. When using a binary format, the data is serialized as-is into
binary.
While this crate can't ensure that format implementations don't perform other kinds of data-dependent branching on the contents of the serialized data, using a constant-time hex serialization with human-readable formats should help reduce the overall timing variability.
serdect is tested against the following crates:
bincodev1ciboriumv0.2rmp-serdev1serde-json-corev0.5serde-jsonv1tomlv0.7
Minimum Supported Rust Version
Rust 1.70 or newer.
In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope for this crate's SemVer guarantees), however when we do it will be accompanied by a minor version bump.
License
Licensed under either of:
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Dependencies
~100–335KB