Expand description
Constant-time operation wrapper.
Enforces a fixed wall-clock duration for wrapped operations to prevent
timing side-channels from leaking information about internal control flow.
The configured target_duration_ns
must exceed the worst-case execution time of the protected function;
if the operation overruns the target the call returns after its natural
duration (time cannot be compressed).
The wrapper uses compiler_fence(SeqCst) and core::hint::black_box to
prevent the compiler from eliding the busy-wait or reordering the result
past the timing barrier.
§Platform semantics
- Native +
std:std::time::Instantprovides monotonic nanosecond resolution forTimingProtection::target_duration_ns. wasm32+wasmfeature (browser or worker with Web APIs): time is read fromPerformance::nowonglobalThis.performance(sub-millisecond resolution; values are converted to nanoseconds for the sametarget_duration_nsfield).- Other
no_std/ bare-metal, orwasm32withoutwasm: there is no portable monotonic wall clock. The implementation falls back to an atomic call counter, sotarget_duration_nsis not wall nanoseconds and sub-microsecond padding is not meaningful. Prefer disabling the wrapper (TimingProtection::permissive) on those targets unless you accept tick-based (non wall-clock) pacing only.
This layer does not make non-constant-time algorithms constant-time; it only pads elapsed time when a real clock (or explicit tick fallback) is used.
Structs§
- Timing
Protection - Constant-time wrapper configuration.
Functions§
- get_
timing_ protection - Get the global timing protection configuration.
- protect_
timing - Apply global constant-time protection to
func. - protect_
timing_ async - Async variant of
protect_timing. - protect_
timing_ with_ timing - Apply global constant-time protection and return
(result, elapsed). - protect_
timing_ with_ timing_ async - Async variant of
protect_timing_with_timing. - set_
timing_ protection - Set the global timing protection configuration.