#constant-time-cryptography #constant-time #serde #key

no-std serdect

Constant-time serde serializer/deserializer helpers for data that potentially contains secrets (e.g. cryptographic keys)

5 unstable releases

0.3.0 Jan 6, 2025
0.3.0-rc.0 Sep 10, 2024
0.3.0-pre.0 Jan 7, 2024
0.2.0 Feb 26, 2023
0.1.0 Mar 29, 2022

#87 in Encoding

Download history 123253/week @ 2025-01-28 139841/week @ 2025-02-04 142003/week @ 2025-02-11 141176/week @ 2025-02-18 141091/week @ 2025-02-25 144065/week @ 2025-03-04 159935/week @ 2025-03-11 157211/week @ 2025-03-18 159071/week @ 2025-03-25 157391/week @ 2025-04-01 175212/week @ 2025-04-08 142401/week @ 2025-04-15 183834/week @ 2025-04-22 177460/week @ 2025-04-29 177563/week @ 2025-05-06 155136/week @ 2025-05-13

713,378 downloads per month
Used in 892 crates (32 directly)

Apache-2.0 OR MIT

42KB
616 lines

RustCrypto: Constant-Time Serde Helpers

Crate Docs Build Status Apache 2.0/MIT Licensed MSRV

Constant-time serde serializer/deserializer helpers for data that potentially contains secrets (e.g. cryptographic keys)

Documentation

About

Serialization is a potential sidechannel for leaking sensitive secrets such as cryptographic keys.

This crate provides "best effort" constant-time helper methods for reducing the amount of timing variability involved in serializing/deserializing data when using serde, Rust's standard serialization framework.

These helper methods conditionally serialize data as hexadecimal using the constant-time base16ct crate when using human-readable formats such as JSON or TOML. When using a binary format, the data is serialized as-is into binary.

While this crate can't ensure that format implementations don't perform other kinds of data-dependent branching on the contents of the serialized data, using a constant-time hex serialization with human-readable formats should help reduce the overall timing variability.

serdect is tested against the following crates:

Minimum Supported Rust Version

Rust 1.70 or newer.

In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope for this crate's SemVer guarantees), however when we do it will be accompanied by a minor version bump.

License

Licensed under either of:

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~95–320KB