Expand description
§Libcrux Secrets
This crate implements classification and declassification operations over machine integers and arrays/slices of machine integers
To check your code for secret independence, you first identify all the secret values in your code and swap their types to use secret integers:
- u8 -> U8, i16 -> I16 etc.
- u8 -> U8, [i16; N] -> [I16; N], etc You should be able to run your code as before with no performance impact
Then you can turn on the feature check-secret-independence to check
whether your code obeys the secret independent coding discipline:
- does it branch on comparisons over secret values?
- does it access arrays on secret indices?
- does it use non-constant-time operations like division or modulus?
To convince the typechecker, you will need to convert some public values to secret
using .classify() operations.
In some cases, you may decide that a certain declassification of secret values to
public values is safe, and in this case you may use a .declassify() operation.
However, note that every use of .declassify() is at the responsibility of the
programmer and represents a potential side-channel leak
Traits§
- CastOps
- A trait defining cast operations for secret/public integers
- Classify
- A trait for public types that can be classified into secret types
- Classify
Ref - A trait for classifying immutable references to public types
- Classify
RefMut - A trait for classifying mutable references to public types
- Declassify
- A trait for declassifying secret types into public types
- Declassify
Ref - A trait for declassifying references to secret types
- Declassify
RefMut - A trait for declassifying mutable references to secret types
- Encode
Ops - A trait for byte conversion operations provided by Rust for machine integers
- IntOps
- A trait for integer operations provided by Rust for machine integers
- Scalar
- Marker trait for scalar types (machine integers)
- Select
- Best effort constant time selection of values.
- Swap
- Best effort constant time swapping of values.
Functions§
- I8
- I16
- I32
- I64
- I128
- U8
- U16
- U32
- U64
- U128
- classify_
mut_ slice - Classify a mutable slice (identity) We define a separate function for this because hax has limited support for &mut-returning functions
- declassify_
mut_ slice - Classify a mutable slice (identity) We define a separate function for this because hax has limited support for &mut-returning functions
- secret
- Construct a public integer (identity)