[−][src]Crate b64_ct
This crate provides an implementation of Base64 encoding/decoding that is designed to be resistant against software side-channel attacks (such as timing & cache attacks), see below for details. On certain platforms it also uses SIMD making it very fast. This makes it suitable for e.g. decoding cryptographic private keys in PEM format.
The API is very similar to the base64 implementation in the old rustc-serialize crate, making it easy to use in existing projects.
Resistance against Software Side-Channel Attacks
An indistinguishable-time (colloquially: constant-time) implementation of an algorithm has a runtime that's independent of the data being processed. This indistinguishability is usually based on the control flow of the program as well as its memory access pattern. In that case, indistinguishability may be achieved by making sure the control flow and memory access pattern don't depend on the data. Other factors, such as instruction cycle count may also be consequential.
See the BearSSL page on constant-time cryptography for more information.
The runtime of the implementations in this crate is intended to be dependent only on whitespace and the length of the valid data, not the data itself.
Implementation
Depending on the runtime CPU architecture, this crate uses different implementations with different security properties.
- x86 with AVX2: All lookup tables are implemented with SIMD instructions. No secret-dependent memory accceses.
- Other platforms: Lookups are limited to 64-byte aligned lookup tables. On platforms with 64-byte cache lines this may be sufficient to prevent certain cache side-channel attacks. However, it's known that this is [not sufficient for all platforms].
Re-exports
pub use self::CharacterSet::*; |
Structs
| Config | Contains configuration parameters for |
Enums
| CharacterSet | Available encoding character sets |
| FromBase64Error | Errors that can occur when decoding a base64 encoded string |
| Newline | Available newline types |
Statics
| MIME | Configuration for RFC 2045 MIME base64 encoding |
| STANDARD | Configuration for RFC 4648 standard base64 encoding |
| URL_SAFE | Configuration for RFC 4648 base64url encoding |
Traits
| FromBase64 | A trait for converting from base64 encoded values. |
| ToBase64 | A trait for converting a value to base64 encoding. |