#constant-time #serde #secret-key

no-std serdect

Constant-time serde serializer/deserializer helpers for data that potentially contains secrets (e.g. cryptographic keys)

4 releases (2 breaking)

0.3.0-rc.0 Sep 10, 2024
0.3.0-pre.0 Jan 7, 2024
0.2.0 Feb 26, 2023
0.1.0 Mar 29, 2022

#101 in Encoding

Download history 64786/week @ 2024-07-06 84206/week @ 2024-07-13 89309/week @ 2024-07-20 79893/week @ 2024-07-27 77947/week @ 2024-08-03 95316/week @ 2024-08-10 77332/week @ 2024-08-17 91390/week @ 2024-08-24 96630/week @ 2024-08-31 96023/week @ 2024-09-07 92290/week @ 2024-09-14 101648/week @ 2024-09-21 95483/week @ 2024-09-28 105862/week @ 2024-10-05 102386/week @ 2024-10-12 114892/week @ 2024-10-19

432,494 downloads per month
Used in 499 crates (27 directly)

Apache-2.0 OR MIT

42KB
616 lines

RustCrypto: Constant-Time Serde Helpers

Crate Docs Build Status Apache 2.0/MIT Licensed MSRV

Constant-time serde serializer/deserializer helpers for data that potentially contains secrets (e.g. cryptographic keys)

Documentation

About

Serialization is a potential sidechannel for leaking sensitive secrets such as cryptographic keys.

This crate provides "best effort" constant-time helper methods for reducing the amount of timing variability involved in serializing/deserializing data when using serde, Rust's standard serialization framework.

These helper methods conditionally serialize data as hexadecimal using the constant-time base16ct crate when using human-readable formats such as JSON or TOML. When using a binary format, the data is serialized as-is into binary.

While this crate can't ensure that format implementations don't perform other kinds of data-dependent branching on the contents of the serialized data, using a constant-time hex serialization with human-readable formats should help reduce the overall timing variability.

serdect is tested against the following crates:

Minimum Supported Rust Version

Rust 1.70 or newer.

In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope for this crate's SemVer guarantees), however when we do it will be accompanied by a minor version bump.

License

Licensed under either of:

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~110–350KB