Struct timing_shield::TpU64

pub struct TpU64(_);

A number type that prevents its value from being leaked to attackers through timing information.

Use this type's protect method as early as possible to prevent the value from being used in variable-time computations.

Unlike Rust's built-in number types, rust-timing-shield number types have no overflow checking, even in debug mode. In other words, they behave like Rust's Wrapping types.

Additionally, all shift distances are reduced mod the bit width of the type (e.g. some_i64 << 104 is equivalent to some_i64 << 40).

// Protect the value as early as possible to limit the risk
let protected_value = TpU8::protect(some_u8);
let other_protected_value = TpU8::protect(some_other_u8);

// Do some computation with the protected values
let x = (other_protected_value + protected_value) & 0x40;

// If needed, remove protection using `expose`
println!("{}", x.expose());

Methods

impl TpU64

fn protect(input: u64) -> Self

Hide input behind a protective abstraction to prevent the value from being used in such a way that the value could leak out via a timing side channel.

let protected = TpU32::protect(secret_u32);

// Use `protected` instead of `secret_u32` to avoid timing leaks

fn as_u8(self) -> TpU8

Casts from one number type to another, following the same conventions as Rust's as keyword.

fn as_u16(self) -> TpU16

Casts from one number type to another, following the same conventions as Rust's as keyword.

fn as_u32(self) -> TpU32

Casts from one number type to another, following the same conventions as Rust's as keyword.

fn as_i8(self) -> TpI8

Casts from one number type to another, following the same conventions as Rust's as keyword.

fn as_i16(self) -> TpI16

Casts from one number type to another, following the same conventions as Rust's as keyword.

fn as_i32(self) -> TpI32

Casts from one number type to another, following the same conventions as Rust's as keyword.

fn as_i64(self) -> TpI64

Casts from one number type to another, following the same conventions as Rust's as keyword.

fn rotate_left(self, n: u32) -> Self

Shifts left by n bits, wrapping truncated bits around to the right side of the resulting value.

If n is larger than the bitwidth of this number type, n is reduced mod that bitwidth. For example, rotating an i16 with n = 35 is equivalent to rotating with n = 3, since 35 = 3 mod 16.

fn rotate_right(self, n: u32) -> Self

Shifts right by n bits, wrapping truncated bits around to the left side of the resulting value.

If n is larger than the bitwidth of this number type, n is reduced mod that bitwidth. For example, rotating an i16 with n = 35 is equivalent to rotating with n = 3, since 35 = 3 mod 16.

fn expose(self) -> u64

Remove the timing protection and expose the raw number value. Once a value is exposed, it is the library user's responsibility to prevent timing leaks (if necessary).

Commonly, this method is used when a value is safe to make public (e.g. when an encryption algorithm outputs a ciphertext). Alternatively, this method may need to be used when providing a secret value to an interface that does not use timing-shield's types (e.g. writing a secret key to a file using a file system API).

Trait Implementations

impl Clone for TpU64

fn clone(&self) -> TpU64

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Copy for TpU64

impl Not for TpU64

type Output = TpU64

The resulting type after applying the ! operator

fn not(self) -> TpU64

The method for the unary ! operator

impl Add<TpU64> for TpU64

type Output = TpU64

The resulting type after applying the + operator

fn add(self, other: TpU64) -> TpU64

The method for the + operator

impl Add<u64> for TpU64

type Output = TpU64

The resulting type after applying the + operator

fn add(self, other: u64) -> TpU64

The method for the + operator

impl Sub<TpU64> for TpU64

type Output = TpU64

The resulting type after applying the - operator

fn sub(self, other: TpU64) -> TpU64

The method for the - operator

impl Sub<u64> for TpU64

type Output = TpU64

The resulting type after applying the - operator

fn sub(self, other: u64) -> TpU64

The method for the - operator

impl Mul<TpU64> for TpU64

type Output = TpU64

The resulting type after applying the * operator

fn mul(self, other: TpU64) -> TpU64

The method for the * operator

impl Mul<u64> for TpU64

type Output = TpU64

The resulting type after applying the * operator

fn mul(self, other: u64) -> TpU64

The method for the * operator

impl BitAnd<TpU64> for TpU64

type Output = TpU64

The resulting type after applying the & operator

fn bitand(self, other: TpU64) -> TpU64

The method for the & operator

impl BitAnd<u64> for TpU64

type Output = TpU64

The resulting type after applying the & operator

fn bitand(self, other: u64) -> TpU64

The method for the & operator

impl BitOr<TpU64> for TpU64

type Output = TpU64

The resulting type after applying the | operator

fn bitor(self, other: TpU64) -> TpU64

The method for the | operator

impl BitOr<u64> for TpU64

type Output = TpU64

The resulting type after applying the | operator

fn bitor(self, other: u64) -> TpU64

The method for the | operator

impl BitXor<TpU64> for TpU64

type Output = TpU64

The resulting type after applying the ^ operator

fn bitxor(self, other: TpU64) -> TpU64

The method for the ^ operator

impl BitXor<u64> for TpU64

type Output = TpU64

The resulting type after applying the ^ operator

fn bitxor(self, other: u64) -> TpU64

The method for the ^ operator

impl Shl<u32> for TpU64

type Output = TpU64

The resulting type after applying the << operator

fn shl(self, other: u32) -> TpU64

The method for the << operator

impl Shr<u32> for TpU64

type Output = TpU64

The resulting type after applying the >> operator

fn shr(self, other: u32) -> TpU64

The method for the >> operator

impl AddAssign<TpU64> for TpU64

fn add_assign(&mut self, rhs: TpU64)

The method for the += operator

impl AddAssign<u64> for TpU64

fn add_assign(&mut self, rhs: u64)

The method for the += operator

impl SubAssign<TpU64> for TpU64

fn sub_assign(&mut self, rhs: TpU64)

The method for the -= operator

impl SubAssign<u64> for TpU64

fn sub_assign(&mut self, rhs: u64)

The method for the -= operator

impl MulAssign<TpU64> for TpU64

fn mul_assign(&mut self, rhs: TpU64)

The method for the *= operator

impl MulAssign<u64> for TpU64

fn mul_assign(&mut self, rhs: u64)

The method for the *= operator

impl BitAndAssign<TpU64> for TpU64

fn bitand_assign(&mut self, rhs: TpU64)

The method for the &= operator

impl BitAndAssign<u64> for TpU64

fn bitand_assign(&mut self, rhs: u64)

The method for the &= operator

impl BitOrAssign<TpU64> for TpU64

fn bitor_assign(&mut self, rhs: TpU64)

The method for the |= operator

impl BitOrAssign<u64> for TpU64

fn bitor_assign(&mut self, rhs: u64)

The method for the |= operator

impl BitXorAssign<TpU64> for TpU64

fn bitxor_assign(&mut self, rhs: TpU64)

The method for the ^= operator

impl BitXorAssign<u64> for TpU64

fn bitxor_assign(&mut self, rhs: u64)

The method for the ^= operator

impl ShlAssign<u32> for TpU64

fn shl_assign(&mut self, rhs: u32)

The method for the <<= operator

impl ShrAssign<u32> for TpU64

fn shr_assign(&mut self, rhs: u32)

The method for the >>= operator

impl TpEq<TpU64> for TpU64

fn tp_eq(&self, other: &TpU64) -> TpBool

Compare self with other for equality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

fn tp_not_eq(&self, other: &TpU64) -> TpBool

Compare self with other for inequality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

impl TpEq<u64> for TpU64

fn tp_eq(&self, other: &u64) -> TpBool

Compare self with other for equality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

fn tp_not_eq(&self, other: &u64) -> TpBool

Compare self with other for inequality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

impl TpOrd<TpU64> for TpU64

fn tp_lt(&self, other: &TpU64) -> TpBool

Compute self < other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

fn tp_gt(&self, other: &TpU64) -> TpBool

Compute self > other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

fn tp_lt_eq(&self, other: &TpU64) -> TpBool

Compute self <= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

fn tp_gt_eq(&self, other: &TpU64) -> TpBool

Compute self >= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

impl TpOrd<u64> for TpU64

fn tp_lt(&self, other: &u64) -> TpBool

Compute self < other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

fn tp_gt(&self, other: &u64) -> TpBool

Compute self > other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

fn tp_lt_eq(&self, other: &u64) -> TpBool

Compute self <= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

fn tp_gt_eq(&self, other: &u64) -> TpBool

Compute self >= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.

impl TpCondSwap for TpU64

fn tp_cond_swap(condition: TpBool, a: &mut TpU64, b: &mut TpU64)

Swap a and b if and only if condition is true.