base64-ng 1.0.7

no_std-first Base64 encoding and decoding with strict APIs and a security-heavy release process
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

# Trust Dashboard

This dashboard is a concise adoption checklist for security-sensitive users.
It describes the current release posture and should be refreshed before each
stable release.

| Area | Current Status | Evidence |
| --- | --- | --- |
| License | `MIT OR Apache-2.0` | `Cargo.toml`, `LICENSE-MIT`, `LICENSE-APACHE` |
| MSRV | Rust `1.90.0` | `Cargo.toml`, `rust-toolchain.toml` |
| Runtime dependencies | Zero external crates | `scripts/validate-dependencies.sh` |
| Default dev dependencies | Zero external crates | `Cargo.toml` |
| Optional runtime features | `alloc`, `std`, `stream`; `allow-wasm32-best-effort-wipe` explicit wasm cleanup-limit acceptance; `allow-compiler-fence-only-wipe` explicit unsupported-native cleanup-limit acceptance; reserved `simd`, `tokio`, `kani`, `fuzzing`. AArch64 CSDB attestation uses custom cfg `base64_ng_aarch64_csdb_attested`, not a feature. | `Cargo.toml`, `scripts/check_reserved_features.sh`, `scripts/check_wasm_wipe_policy.sh` |
| Unsafe policy | Scalar encode/decode remains safe Rust; audited unsafe is limited to volatile wiping, constant-time comparison, CT alphabet scan and result-gate barriers, and test-only SIMD prototypes; runtime unsafe-boundary reports are conservative and mark SIMD-enabled builds as not high-assurance-boundary-enforced | `src/cleanup.rs`, `src/ct.rs`, `src/simd.rs`, `docs/UNSAFE.md` |
| Active backend | Scalar only | `runtime::backend_report()` tests |
| SIMD status | Reserved prototypes only; no accelerated backend admitted | `docs/SIMD.md` |
| Strict decoding | Default behavior rejects whitespace, mixed alphabets, malformed padding, and non-canonical trailing bits | integration tests |
| Legacy compatibility | Explicit opt-in APIs only | `decode_slice_legacy`, `validate_legacy` |
| Constant-time API | Constant-time-oriented scalar validation/decode and equal-length redacted-buffer comparison helpers exist with isolated dudect-style timing evidence; no formal cryptographic constant-time guarantee | `docs/CONSTANT_TIME.md`, `docs/DUDECT.md` |
| Generated-code review | Assembly evidence is generated by the release gate; manual ct review remains required before stronger wording | `scripts/generate_ct_asm_evidence.sh`, `docs/CT_ASM_REVIEW.md` |
| Cleanup posture | Clear-tail APIs, stream cleanup, `EncodedBuffer`, `DecodedBuffer`, and `SecretBuffer` provide best-effort cleanup; `SecretBuffer` also clears vector spare capacity when wrapping and dropping owned vectors. `wasm32` fails closed by default unless `allow-wasm32-best-effort-wipe` is enabled, and unsupported native architectures fail closed unless `allow-compiler-fence-only-wipe` is enabled. | `SECURITY.md`, `docs/UNSAFE.md`, `scripts/check_wasm_wipe_policy.sh` |
| Fuzzing | Isolated `cargo-fuzz` harnesses outside the published dependency graph | `fuzz/`, `docs/RELEASE_EVIDENCE.md` |
| Miri | Release gate runs Miri when nightly Miri is installed and writes evidence artifacts | `scripts/check_miri.sh`, `target/release-evidence/miri/` |
| Kani | 17 bounded no-default-features harnesses verify cleanly with Rust `1.90.0` and `cargo-kani 0.67.0`; incompatible future verifier/toolchain pairs must skip explicitly rather than pretending to prove. | `scripts/check_kani.sh`, `docs/KANI.md` |
| Bounds invariants | Remaining internal indexing is grouped by documented local invariants | `docs/INVARIANTS.md` |
| Audit | RustSec check required | `cargo audit`, `scripts/checks.sh` |
| License policy | `cargo deny` and `cargo license --json` required | `deny.toml`, `scripts/checks.sh` |
| SBOM | SPDX and CycloneDX SBOM generation in release evidence | `scripts/generate-sbom.sh` |
| Reproducibility | Package/build reproducibility check in release gate | `scripts/stable_release_gate.sh` |

## Deployment Checks

High-assurance deployments should record `runtime::backend_report()` at process
startup, including `candidate_detection_mode`, and consider enforcing:

```rust
base64_ng::runtime::require_backend_policy(
    base64_ng::runtime::BackendPolicy::HighAssuranceScalarOnly,
)?;
```

Use this policy when deterministic scalar execution matters more than future
acceleration. It requires scalar execution, no detected SIMD candidate, the
`simd` feature disabled, no active accelerated backend, and the conservative
unsafe-boundary flag marked as enforced. It also requires an attested hardware
speculation barrier for the CT result gate; AArch64 reports its CSDB sequence
as `hardware-speculation-barrier-unattested`, so deployments that rely on CSDB
must carry platform attestation outside this built-in policy. The
unsafe-boundary flag is intentionally false when the reserved `simd` feature is
enabled, even if execution remains scalar-only.
For secret-bearing Base64 payloads, combine this policy with the `ct` module
when avoiding future SIMD-induced timing variation is more important than
hardware acceleration.
Treat `candidate_detection_mode=compile-time-target-features` as a build-time
statement, not a runtime CPU attestation. It is used on `no_std` and targets
without `std`-equivalent runtime probing.

## Non-Claims

`base64-ng` currently does not claim:

- formally verified cryptographic constant-time behavior
- formal zeroization of all historical memory copies
- an active hardware-accelerated backend
- async/Tokio support
- serde or bytes integration
- Kani-complete whole-crate formal verification

Those features remain admission-gated until their evidence is strong enough for
security-sensitive users.