krypteia-silentops 0.1.0

Side-channel countermeasure toolkit: constant-time primitives, dudect-style timing leakage verifier, and shared SCA helpers for the krypteia workspace.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

//! Constant-time cryptographic primitives with architecture-specific
//! assembly backends.
//!
//! This module provides the fundamental constant-time operations
//! needed by both classical and post-quantum cryptographic
//! implementations:
//!
//! | Primitive | Operation |
//! |-----------|-----------|
//! | [`ct_select_u8`] | Conditional byte selection without branching |
//! | [`ct_select_i16`] | Conditional i16 selection (NTT coefficients) |
//! | [`ct_select_bytes`] | Conditional slice select into a fresh destination |
//! | [`ct_eq`] | Constant-time byte-slice equality comparison |
//! | [`ct_eq_u32`] | Constant-time `u32` equality comparison |
//! | [`ct_zeroize`] | Secure memory zeroization (resists DSE) |
//! | [`ct_copy`] | Conditional buffer copy |
//!
//! # Architecture dispatch
//!
//! At compile time, the crate selects the best implementation:
//!
//! | Target | Method | Instructions used |
//! |--------|--------|-------------------|
//! | `aarch64` + `asm-aarch64` | Inline asm | `csel`, `csinv` |
//! | `thumbv7em` + `asm-thumbv7` | Inline asm | IT blocks + conditional exec |
//! | `thumbv6m` + `asm-thumbv6m` | Inline asm | AND/OR/XOR (no IT, no csel) |
//! | `riscv32` + `asm-riscv32` | Inline asm | AND/OR/XOR (no cmov) |
//! | *(default)* | Pure Rust | Bitwise ops (relies on compiler) |

// Architecture-specific modules
#[cfg(all(target_arch = "x86_64", feature = "asm-x86_64"))]
mod x86_64;
#[cfg(all(target_arch = "x86_64", feature = "asm-x86_64"))]
pub use x86_64::*;

#[cfg(all(target_arch = "aarch64", feature = "asm-aarch64"))]
mod aarch64;
#[cfg(all(target_arch = "aarch64", feature = "asm-aarch64"))]
pub use aarch64::*;

#[cfg(all(target_arch = "arm", target_feature = "thumb2", feature = "asm-thumbv7"))]
mod thumbv7;
#[cfg(all(target_arch = "arm", target_feature = "thumb2", feature = "asm-thumbv7"))]
pub use thumbv7::*;

#[cfg(all(target_arch = "arm", not(target_feature = "thumb2"), feature = "asm-thumbv6m"))]
mod thumbv6m;
#[cfg(all(target_arch = "arm", not(target_feature = "thumb2"), feature = "asm-thumbv6m"))]
pub use thumbv6m::*;

#[cfg(all(target_arch = "riscv32", feature = "asm-riscv32"))]
mod riscv32;
#[cfg(all(target_arch = "riscv32", feature = "asm-riscv32"))]
pub use riscv32::*;

// Default: pure Rust fallback (used on desktop without asm-x86_64, or when
// no asm feature enabled at all).
#[cfg(not(any(
    all(target_arch = "x86_64", feature = "asm-x86_64"),
    all(target_arch = "aarch64", feature = "asm-aarch64"),
    all(target_arch = "arm", target_feature = "thumb2", feature = "asm-thumbv7"),
    all(target_arch = "arm", not(target_feature = "thumb2"), feature = "asm-thumbv6m"),
    all(target_arch = "riscv32", feature = "asm-riscv32"),
)))]
mod generic;
#[cfg(not(any(
    all(target_arch = "x86_64", feature = "asm-x86_64"),
    all(target_arch = "aarch64", feature = "asm-aarch64"),
    all(target_arch = "arm", target_feature = "thumb2", feature = "asm-thumbv7"),
    all(target_arch = "arm", not(target_feature = "thumb2"), feature = "asm-thumbv6m"),
    all(target_arch = "riscv32", feature = "asm-riscv32"),
)))]
pub use generic::*;

#[cfg(test)]
mod tests;