CT-Codecs
A Rust implementation of constant-time Base64, Base32, and Hexadecimal codecs for cryptographic applications, originally derived from libsodium and libhydrogen.
Overview
This library provides constant-time encoding and decoding functions for Base64, Base32, and Hexadecimal formats. It is specifically designed for cryptographic applications where timing side-channel attacks are a concern.
Features
- Constant-time implementation: Resistant to timing side-channel attacks
- Multiple codec formats:
- Base64: Standard and URL-safe variants, with and without padding
- Base32: Standard and Hex variants, with and without padding
- Hexadecimal: Lowercase hex encoding and decoding
- Strict validation: Non-malleable strings for enhanced security
- Character filtering: Optional ignoring of specific characters during decoding (whitespace, etc.)
- Zero dependencies: No external crates required
no_stdcompatible: Works in environments without the standard library- Memory safety: No unsafe code (
#![forbid(unsafe_code)])
Installation
Add this to your Cargo.toml:
[]
= "1"
Usage Examples
Base64 Encoding/Decoding
use ;
// Standard Base64 with padding
let data = b"Hello, world!";
let encoded = encode_to_string?;
assert_eq!;
// Decoding
let decoded = decode_to_vec?;
assert_eq!;
// Ignoring specific characters (like whitespace)
let encoded_with_whitespace = "SGVsbG8s IHdvcmxk IQ==";
let decoded = decode_to_vec?;
assert_eq!;
Base64 Variants
use ;
let data = b"Hello, world!";
// Standard Base64 with padding
let encoded1 = encode_to_string?;
assert_eq!;
// Standard Base64 without padding
let encoded2 = encode_to_string?;
assert_eq!;
// URL-safe Base64 with padding
let encoded3 = encode_to_string?;
assert_eq!;
// URL-safe Base64 without padding
let encoded4 = encode_to_string?;
assert_eq!;
Base32 Encoding/Decoding
use ;
let data = b"Hello";
// Standard Base32 with padding
let encoded = encode_to_string?;
assert_eq!;
// Base32Hex variant
let encoded_hex = encode_to_string?;
assert_eq!;
// Decoding
let decoded = decode_to_vec?;
assert_eq!;
Hexadecimal Encoding/Decoding
use ;
let data = b"Hello, world!";
let encoded = encode_to_string?;
assert_eq!;
let decoded = decode_to_vec?;
assert_eq!;
Working in no_std Environments
use ;
// Preallocated buffers for no_std environments
let data = b"Hello, world!";
let mut encoded_buf = ; // Buffer must be large enough
let encoded = encode?;
let mut decoded_buf = ; // Buffer must be large enough
let decoded = decode?;
assert_eq!;
Error Handling
The library uses a simple error type with two variants:
Error::Overflow: The provided output buffer would be too smallError::InvalidInput: The input isn't valid for the given encoding
Security Considerations
Constant-Time Operations
All operations in this library are implemented to run in constant time relative to the input length, which helps prevent timing side-channel attacks. This makes it suitable for handling sensitive cryptographic material where traditional implementations might leak information about the data being processed.
Implementation Details
- No branches dependent on secret data
- No table lookups indexed by secret data
- Careful implementation of character validation
Strict Validation
The decoders apply strict validation rules to prevent malleability, making them suitable for cryptographic applications where data integrity is crucial.
License
This project is licensed under the MIT License - see the LICENSE file for details.