Skip to main content

ConstantTimeEqExt

secure_gate

Trait ConstantTimeEqExt 

Source 
pub trait ConstantTimeEqExt: ConstantTimeEq {
    // Required methods
    fn len(&self) -> usize;
    fn ct_eq_hash(&self, other: &Self) -> bool;

    // Provided method
    fn ct_eq_auto(&self, other: &Self, threshold_bytes: Option<usize>) -> bool { ... }
}

Required Methods§

Source

fn len(&self) -> usize

Get the length of the secret data in bytes.

Note: This trait does not provide .is_empty() to avoid method ambiguity with ExposeSecret::len, which already offers the same functionality via len(). Use .len() == 0 or .expose_secret().is_empty() when you need emptiness checks.

Source

fn ct_eq_hash(&self, other: &Self) -> bool

Force BLAKE3 digest comparison (constant-time on 32-byte output).

Probabilistic when "rand" feature is enabled (per-process random key). Deterministic otherwise.

Collision probability ~2⁻²⁵⁶ — negligible for equality checks, but not zero. Use ct_eq when strict determinism is required.

Keyed mode resists multi-target precomputation attacks across many comparisons.

DoS warning: hashing very large untrusted inputs is costly — bound sizes.

Provided Methods§

Source

fn ct_eq_auto(&self, other: &Self, threshold_bytes: Option<usize>) -> bool

Recommended hybrid constant-time equality check.

  • Length mismatch → false (public metadata, non-constant-time compare)
  • Size ≤ threshold → self.ct_eq(other) (strict deterministic)
  • Size > threshold → self.ct_eq_hash(other) (probabilistic, fast)

Default threshold: 32 bytes Customize with threshold_bytes: Some(n) if your benchmarks show a different optimal crossover point (e.g., 64, 1024, or 0 for always using ct_eq).

Prefer this method in almost all cases unless you need:

  • Guaranteed zero-collision → use ct_eq
  • Uniform probabilistic behavior → use ct_eq_hash

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§

Source§

impl<T> ConstantTimeEqExt for Dynamic<T>
where T: AsRef<[u8]> + ConstantTimeEq + ?Sized,

Available on crate feature ct-eq-hash only.
Source§

impl<T> ConstantTimeEqExt for Fixed<T>
where T: AsRef<[u8]> + ConstantTimeEq,

Available on crate feature ct-eq-hash only.