Struct timing_shield::TpU8
source · [−]pub struct TpU8(_);
Expand description
A number type that prevents its value from being leaked to attackers through timing information.
Use this type’s protect
method as early as possible to prevent the value from being
used in variable-time computations.
Unlike Rust’s built-in number types, rust-timing-shield
number types have no overflow
checking, even in debug mode. In other words, they behave like Rust’s
Wrapping types.
Additionally, all shift distances are reduced mod the bit width of the type
(e.g. some_i64 << 104
is equivalent to some_i64 << 40
).
// Protect the value as early as possible to limit the risk
let protected_value = TpU8::protect(some_u8);
let other_protected_value = TpU8::protect(some_other_u8);
// Do some computation with the protected values
let x = (other_protected_value + protected_value) & 0x40;
// If needed, remove protection using `expose`
println!("{}", x.expose());
Implementations
sourceimpl TpU8
impl TpU8
sourcepub fn protect(input: u8) -> Self
pub fn protect(input: u8) -> Self
Hide input
behind a protective abstraction to prevent the value from being used
in such a way that the value could leak out via a timing side channel.
let protected = TpU32::protect(secret_u32);
// Use `protected` instead of `secret_u32` to avoid timing leaks
sourcepub fn as_u16(self) -> TpU16
pub fn as_u16(self) -> TpU16
Casts from one number type to another, following the same conventions as Rust’s as
keyword.
sourcepub fn as_u32(self) -> TpU32
pub fn as_u32(self) -> TpU32
Casts from one number type to another, following the same conventions as Rust’s as
keyword.
sourcepub fn as_u64(self) -> TpU64
pub fn as_u64(self) -> TpU64
Casts from one number type to another, following the same conventions as Rust’s as
keyword.
sourcepub fn as_i8(self) -> TpI8
pub fn as_i8(self) -> TpI8
Casts from one number type to another, following the same conventions as Rust’s as
keyword.
sourcepub fn as_i16(self) -> TpI16
pub fn as_i16(self) -> TpI16
Casts from one number type to another, following the same conventions as Rust’s as
keyword.
sourcepub fn as_i32(self) -> TpI32
pub fn as_i32(self) -> TpI32
Casts from one number type to another, following the same conventions as Rust’s as
keyword.
sourcepub fn as_i64(self) -> TpI64
pub fn as_i64(self) -> TpI64
Casts from one number type to another, following the same conventions as Rust’s as
keyword.
sourcepub fn rotate_left(self, n: u32) -> Self
pub fn rotate_left(self, n: u32) -> Self
Shifts left by n
bits, wrapping truncated bits around to the right side of the
resulting value.
If n
is larger than the bitwidth of this number type,
n
is reduced mod that bitwidth.
For example, rotating an i16
with n = 35
is equivalent to rotating with n = 3
, since 35 = 3 mod 16
.
sourcepub fn rotate_right(self, n: u32) -> Self
pub fn rotate_right(self, n: u32) -> Self
Shifts right by n
bits, wrapping truncated bits around to the left side of the
resulting value.
If n
is larger than the bitwidth of this number type,
n
is reduced mod that bitwidth.
For example, rotating an i16
with n = 35
is equivalent to rotating with n = 3
, since 35 = 3 mod 16
.
sourcepub fn expose(self) -> u8
pub fn expose(self) -> u8
Remove the timing protection and expose the raw number value. Once a value is exposed, it is the library user’s responsibility to prevent timing leaks (if necessary).
Commonly, this method is used when a value is safe to make public (e.g. when an
encryption algorithm outputs a ciphertext). Alternatively, this method may need to
be used when providing a secret value to an interface that does not use
timing-shield
’s types (e.g. writing a secret key to a file using a file system
API).
Trait Implementations
sourceimpl AddAssign<TpU8> for TpU8
impl AddAssign<TpU8> for TpU8
sourcefn add_assign(&mut self, rhs: TpU8)
fn add_assign(&mut self, rhs: TpU8)
Performs the +=
operation. Read more
sourceimpl AddAssign<u8> for TpU8
impl AddAssign<u8> for TpU8
sourcefn add_assign(&mut self, rhs: u8)
fn add_assign(&mut self, rhs: u8)
Performs the +=
operation. Read more
sourceimpl BitAndAssign<TpU8> for TpU8
impl BitAndAssign<TpU8> for TpU8
sourcefn bitand_assign(&mut self, rhs: TpU8)
fn bitand_assign(&mut self, rhs: TpU8)
Performs the &=
operation. Read more
sourceimpl BitAndAssign<u8> for TpU8
impl BitAndAssign<u8> for TpU8
sourcefn bitand_assign(&mut self, rhs: u8)
fn bitand_assign(&mut self, rhs: u8)
Performs the &=
operation. Read more
sourceimpl BitOrAssign<TpU8> for TpU8
impl BitOrAssign<TpU8> for TpU8
sourcefn bitor_assign(&mut self, rhs: TpU8)
fn bitor_assign(&mut self, rhs: TpU8)
Performs the |=
operation. Read more
sourceimpl BitOrAssign<u8> for TpU8
impl BitOrAssign<u8> for TpU8
sourcefn bitor_assign(&mut self, rhs: u8)
fn bitor_assign(&mut self, rhs: u8)
Performs the |=
operation. Read more
sourceimpl BitXorAssign<TpU8> for TpU8
impl BitXorAssign<TpU8> for TpU8
sourcefn bitxor_assign(&mut self, rhs: TpU8)
fn bitxor_assign(&mut self, rhs: TpU8)
Performs the ^=
operation. Read more
sourceimpl BitXorAssign<u8> for TpU8
impl BitXorAssign<u8> for TpU8
sourcefn bitxor_assign(&mut self, rhs: u8)
fn bitxor_assign(&mut self, rhs: u8)
Performs the ^=
operation. Read more
sourceimpl MulAssign<TpU8> for TpU8
impl MulAssign<TpU8> for TpU8
sourcefn mul_assign(&mut self, rhs: TpU8)
fn mul_assign(&mut self, rhs: TpU8)
Performs the *=
operation. Read more
sourceimpl MulAssign<u8> for TpU8
impl MulAssign<u8> for TpU8
sourcefn mul_assign(&mut self, rhs: u8)
fn mul_assign(&mut self, rhs: u8)
Performs the *=
operation. Read more
sourceimpl ShlAssign<u32> for TpU8
impl ShlAssign<u32> for TpU8
sourcefn shl_assign(&mut self, rhs: u32)
fn shl_assign(&mut self, rhs: u32)
Performs the <<=
operation. Read more
sourceimpl ShrAssign<u32> for TpU8
impl ShrAssign<u32> for TpU8
sourcefn shr_assign(&mut self, rhs: u32)
fn shr_assign(&mut self, rhs: u32)
Performs the >>=
operation. Read more
sourceimpl SubAssign<TpU8> for TpU8
impl SubAssign<TpU8> for TpU8
sourcefn sub_assign(&mut self, rhs: TpU8)
fn sub_assign(&mut self, rhs: TpU8)
Performs the -=
operation. Read more
sourceimpl SubAssign<u8> for TpU8
impl SubAssign<u8> for TpU8
sourcefn sub_assign(&mut self, rhs: u8)
fn sub_assign(&mut self, rhs: u8)
Performs the -=
operation. Read more
sourceimpl TpCondSwap for TpU8
impl TpCondSwap for TpU8
sourceimpl TpEq<TpU8> for TpU8
impl TpEq<TpU8> for TpU8
sourcefn tp_eq(&self, other: &TpU8) -> TpBool
fn tp_eq(&self, other: &TpU8) -> TpBool
Compare self
with other
for equality without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
sourcefn tp_not_eq(&self, other: &TpU8) -> TpBool
fn tp_not_eq(&self, other: &TpU8) -> TpBool
Compare self
with other
for inequality without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
sourceimpl TpEq<TpU8> for u8
impl TpEq<TpU8> for u8
sourcefn tp_eq(&self, other: &TpU8) -> TpBool
fn tp_eq(&self, other: &TpU8) -> TpBool
Compare self
with other
for equality without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
sourcefn tp_not_eq(&self, other: &TpU8) -> TpBool
fn tp_not_eq(&self, other: &TpU8) -> TpBool
Compare self
with other
for inequality without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
sourceimpl TpEq<u8> for TpU8
impl TpEq<u8> for TpU8
sourcefn tp_eq(&self, other: &u8) -> TpBool
fn tp_eq(&self, other: &u8) -> TpBool
Compare self
with other
for equality without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
sourcefn tp_not_eq(&self, other: &u8) -> TpBool
fn tp_not_eq(&self, other: &u8) -> TpBool
Compare self
with other
for inequality without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
sourceimpl TpOrd<TpU8> for TpU8
impl TpOrd<TpU8> for TpU8
sourcefn tp_lt(&self, other: &TpU8) -> TpBool
fn tp_lt(&self, other: &TpU8) -> TpBool
Compute self < other
without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
sourcefn tp_gt(&self, other: &TpU8) -> TpBool
fn tp_gt(&self, other: &TpU8) -> TpBool
Compute self > other
without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
sourceimpl TpOrd<TpU8> for u8
impl TpOrd<TpU8> for u8
sourcefn tp_lt(&self, other: &TpU8) -> TpBool
fn tp_lt(&self, other: &TpU8) -> TpBool
Compute self < other
without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
sourcefn tp_gt(&self, other: &TpU8) -> TpBool
fn tp_gt(&self, other: &TpU8) -> TpBool
Compute self > other
without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
sourceimpl TpOrd<u8> for TpU8
impl TpOrd<u8> for TpU8
sourcefn tp_lt(&self, other: &u8) -> TpBool
fn tp_lt(&self, other: &u8) -> TpBool
Compute self < other
without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
sourcefn tp_gt(&self, other: &u8) -> TpBool
fn tp_gt(&self, other: &u8) -> TpBool
Compute self > other
without leaking the result.
Important: if either input is not a timing-protected type, this operation might leak the
value of that type. To prevent timing leaks, protect values before performing any operations
on them. Read more
impl Copy for TpU8
Auto Trait Implementations
impl RefUnwindSafe for TpU8
impl Send for TpU8
impl Sync for TpU8
impl Unpin for TpU8
impl UnwindSafe for TpU8
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcepub fn borrow_mut(&mut self) -> &mut T
pub fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcepub fn to_owned(&self) -> T
pub fn to_owned(&self) -> T
Creates owned data from borrowed data, usually by cloning. Read more
sourcepub fn clone_into(&self, target: &mut T)
pub fn clone_into(&self, target: &mut T)
toowned_clone_into
)Uses borrowed data to replace owned data, usually by cloning. Read more