silentops/lib.rs
1//! # silentops — side-channel countermeasure toolkit
2//!
3//! `silentops` gathers the side-channel building blocks shared by the
4//! `krypteia` workspace (post-quantum crate `quantica` and classical
5//! crate `arcana`).
6//!
7//! Three modules are exposed today:
8//!
9//! - [`ct`] — constant-time primitives with architecture-specific
10//! assembly backends (`no_std`). This is the former `ct_ops` crate.
11//! - [`ct_grind`] — Valgrind memcheck client-request helpers
12//! (`poison` / `unpoison`) used to verify constant-time code under
13//! `valgrind --error-exitcode=1`. Emits real instrumentation on
14//! `x86_64-linux` / `aarch64-linux` when the `ct-grind` feature is
15//! enabled; elsewhere the calls are zero-cost no-ops (`no_std`).
16//! - [`verify`] — dudect-style timing leakage detector based on
17//! Welch's t-test (`std` only). This is the former `ct_verify`
18//! crate, refactored as a reusable library.
19//!
20//! Future modules will host additional shared SCA helpers (masking,
21//! shuffling, fault-injection countermeasures, …) so that both
22//! classical and post-quantum sides reuse the same primitives.
23//!
24//! # `no_std`
25//!
26//! The crate is `no_std` by default. The [`verify`] module is only
27//! compiled when the `std` feature is enabled.
28//!
29//! # Re-exports
30//!
31//! For convenience, all primitives from [`ct`] are re-exported at
32//! the crate root, so call sites can write `silentops::ct_eq(...)`
33//! instead of `silentops::ct::ct_eq(...)`.
34
35#![no_std]
36
37#[cfg(feature = "std")]
38extern crate std;
39
40pub mod ct;
41pub use ct::*;
42
43pub mod ct_grind;
44
45#[cfg(feature = "std")]
46pub mod verify;