pub trait Alphabet {
const ENCODE: [u8; 64];
// Required method
fn decode(byte: u8) -> Option<u8>;
// Provided method
fn encode(value: u8) -> u8 { ... }
}Expand description
A Base64 alphabet.
§Security
The default Alphabet::encode implementation is constant-time-oriented:
it scans all 64 alphabet entries instead of using ENCODE[value as usize].
If an implementation overrides encode with a direct table lookup, normal
Engine encoding becomes timing-sensitive with respect to
the emitted 6-bit value.
The normal strict decode path calls Alphabet::decode and is not a
constant-time decoder. The ct module does not call
Alphabet::decode; it scans Alphabet::ENCODE directly with its own
fixed 64-entry mapper. A custom non-constant-time decode implementation
therefore affects normal strict decode diagnostics and timing, but not the
ct module’s symbol-mapping loop.
Required Associated Constants§
Required Methods§
Sourcefn decode(byte: u8) -> Option<u8>
fn decode(byte: u8) -> Option<u8>
Decode one byte into a 6-bit value.
Implementations that want conservative custom-alphabet timing posture
should delegate to decode_alphabet_byte, which scans all 64 entries
before returning. The ct module ignores this method and scans
Self::ENCODE directly.
Provided Methods§
Sourcefn encode(value: u8) -> u8
fn encode(value: u8) -> u8
Encode one 6-bit value into an alphabet byte.
The default implementation scans the alphabet table instead of using a secret-indexed table lookup. Built-in alphabets override this with the branch-minimized ASCII arithmetic mapper. Custom alphabets that keep the default method prioritize timing posture over throughput: every emitted Base64 byte performs a fixed 64-entry scan. For massive payloads with user-defined alphabets, profile this cost and consider an audited custom override only if the alphabet has a structure that can be mapped without secret-indexed table access.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".