TpI32

timing_shield

Struct TpI32 

Source 
pub struct TpI32(/* private fields */);
Expand description

A number type that prevents its value from being leaked to attackers through timing information.

Use this type’s protect method as early as possible to prevent the value from being used in variable-time computations.

Unlike Rust’s built-in number types, rust-timing-shield number types have no overflow checking, even in debug mode. In other words, they behave like Rust’s Wrapping types.

Additionally, all shift distances are reduced mod the bit width of the type (e.g. some_i64 << 104 is equivalent to some_i64 << 40).

// Protect the value as early as possible to limit the risk
let protected_value = TpU8::protect(some_u8);
let other_protected_value = TpU8::protect(some_other_u8);

// Do some computation with the protected values
let x = (other_protected_value + protected_value) & 0x40;

// If needed, remove protection using `expose`
println!("{}", x.expose());

Implementations§

Source§

impl TpI32

Source

pub fn protect(input: i32) -> Self

Hide input behind a protective abstraction to prevent the value from being used in such a way that the value could leak out via a timing side channel.

let protected = TpU32::protect(secret_u32);

// Use `protected` instead of `secret_u32` to avoid timing leaks
Source

pub fn as_u8(self) -> TpU8

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_u16(self) -> TpU16

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_u32(self) -> TpU32

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_u64(self) -> TpU64

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_i8(self) -> TpI8

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_i16(self) -> TpI16

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_i64(self) -> TpI64

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn rotate_left(self, n: u32) -> Self

Shifts left by n bits, wrapping truncated bits around to the right side of the resulting value.

If n is larger than the bitwidth of this number type, n is reduced mod that bitwidth. For example, rotating an i16 with n = 35 is equivalent to rotating with n = 3, since 35 = 3 mod 16.

Source

pub fn rotate_right(self, n: u32) -> Self

Shifts right by n bits, wrapping truncated bits around to the left side of the resulting value.

If n is larger than the bitwidth of this number type, n is reduced mod that bitwidth. For example, rotating an i16 with n = 35 is equivalent to rotating with n = 3, since 35 = 3 mod 16.

Source

pub fn expose(self) -> i32

Remove the timing protection and expose the raw number value. Once a value is exposed, it is the library user’s responsibility to prevent timing leaks (if necessary).

Commonly, this method is used when a value is safe to make public (e.g. when an encryption algorithm outputs a ciphertext). Alternatively, this method may need to be used when providing a secret value to an interface that does not use timing-shield’s types (e.g. writing a secret key to a file using a file system API).

Trait Implementations§

Source§

impl Add<TpI32> for i32

Source§

type Output = TpI32

The resulting type after applying the + operator.
Source§

fn add(self, other: TpI32) -> TpI32

Performs the + operation. Read more
Source§

impl Add<i32> for TpI32

Source§

type Output = TpI32

The resulting type after applying the + operator.
Source§

fn add(self, other: i32) -> TpI32

Performs the + operation. Read more
Source§

impl Add for TpI32

Source§

type Output = TpI32

The resulting type after applying the + operator.
Source§

fn add(self, other: TpI32) -> TpI32

Performs the + operation. Read more
Source§

impl AddAssign<i32> for TpI32

Source§

fn add_assign(&mut self, rhs: i32)

Performs the += operation. Read more
Source§

impl AddAssign for TpI32

Source§

fn add_assign(&mut self, rhs: TpI32)

Performs the += operation. Read more
Source§

impl BitAnd<TpI32> for i32

Source§

type Output = TpI32

The resulting type after applying the & operator.
Source§

fn bitand(self, other: TpI32) -> TpI32

Performs the & operation. Read more
Source§

impl BitAnd<i32> for TpI32

Source§

type Output = TpI32

The resulting type after applying the & operator.
Source§

fn bitand(self, other: i32) -> TpI32

Performs the & operation. Read more
Source§

impl BitAnd for TpI32

Source§

type Output = TpI32

The resulting type after applying the & operator.
Source§

fn bitand(self, other: TpI32) -> TpI32

Performs the & operation. Read more
Source§

impl BitAndAssign<i32> for TpI32

Source§

fn bitand_assign(&mut self, rhs: i32)

Performs the &= operation. Read more
Source§

impl BitAndAssign for TpI32

Source§

fn bitand_assign(&mut self, rhs: TpI32)

Performs the &= operation. Read more
Source§

impl BitOr<TpI32> for i32

Source§

type Output = TpI32

The resulting type after applying the | operator.
Source§

fn bitor(self, other: TpI32) -> TpI32

Performs the | operation. Read more
Source§

impl BitOr<i32> for TpI32

Source§

type Output = TpI32

The resulting type after applying the | operator.
Source§

fn bitor(self, other: i32) -> TpI32

Performs the | operation. Read more
Source§

impl BitOr for TpI32

Source§

type Output = TpI32

The resulting type after applying the | operator.
Source§

fn bitor(self, other: TpI32) -> TpI32

Performs the | operation. Read more
Source§

impl BitOrAssign<i32> for TpI32

Source§

fn bitor_assign(&mut self, rhs: i32)

Performs the |= operation. Read more
Source§

impl BitOrAssign for TpI32

Source§

fn bitor_assign(&mut self, rhs: TpI32)

Performs the |= operation. Read more
Source§

impl BitXor<TpI32> for i32

Source§

type Output = TpI32

The resulting type after applying the ^ operator.
Source§

fn bitxor(self, other: TpI32) -> TpI32

Performs the ^ operation. Read more
Source§

impl BitXor<i32> for TpI32

Source§

type Output = TpI32

The resulting type after applying the ^ operator.
Source§

fn bitxor(self, other: i32) -> TpI32

Performs the ^ operation. Read more
Source§

impl BitXor for TpI32

Source§

type Output = TpI32

The resulting type after applying the ^ operator.
Source§

fn bitxor(self, other: TpI32) -> TpI32

Performs the ^ operation. Read more
Source§

impl BitXorAssign<i32> for TpI32

Source§

fn bitxor_assign(&mut self, rhs: i32)

Performs the ^= operation. Read more
Source§

impl BitXorAssign for TpI32

Source§

fn bitxor_assign(&mut self, rhs: TpI32)

Performs the ^= operation. Read more
Source§

impl Clone for TpI32

Source§

fn clone(&self) -> TpI32

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Mul<TpI32> for i32

Source§

type Output = TpI32

The resulting type after applying the * operator.
Source§

fn mul(self, other: TpI32) -> TpI32

Performs the * operation. Read more
Source§

impl Mul<i32> for TpI32

Source§

type Output = TpI32

The resulting type after applying the * operator.
Source§

fn mul(self, other: i32) -> TpI32

Performs the * operation. Read more
Source§

impl Mul for TpI32

Source§

type Output = TpI32

The resulting type after applying the * operator.
Source§

fn mul(self, other: TpI32) -> TpI32

Performs the * operation. Read more
Source§

impl MulAssign<i32> for TpI32

Source§

fn mul_assign(&mut self, rhs: i32)

Performs the *= operation. Read more
Source§

impl MulAssign for TpI32

Source§

fn mul_assign(&mut self, rhs: TpI32)

Performs the *= operation. Read more
Source§

impl Neg for TpI32

Source§

type Output = TpI32

The resulting type after applying the - operator.
Source§

fn neg(self) -> TpI32

Performs the unary - operation. Read more
Source§

impl Not for TpI32

Source§

type Output = TpI32

The resulting type after applying the ! operator.
Source§

fn not(self) -> TpI32

Performs the unary ! operation. Read more
Source§

impl Shl<u32> for TpI32

Source§

type Output = TpI32

The resulting type after applying the << operator.
Source§

fn shl(self, other: u32) -> TpI32

Performs the << operation. Read more
Source§

impl ShlAssign<u32> for TpI32

Source§

fn shl_assign(&mut self, rhs: u32)

Performs the <<= operation. Read more
Source§

impl Shr<u32> for TpI32

Source§

type Output = TpI32

The resulting type after applying the >> operator.
Source§

fn shr(self, other: u32) -> TpI32

Performs the >> operation. Read more
Source§

impl ShrAssign<u32> for TpI32

Source§

fn shr_assign(&mut self, rhs: u32)

Performs the >>= operation. Read more
Source§

impl Sub<TpI32> for i32

Source§

type Output = TpI32

The resulting type after applying the - operator.
Source§

fn sub(self, other: TpI32) -> TpI32

Performs the - operation. Read more
Source§

impl Sub<i32> for TpI32

Source§

type Output = TpI32

The resulting type after applying the - operator.
Source§

fn sub(self, other: i32) -> TpI32

Performs the - operation. Read more
Source§

impl Sub for TpI32

Source§

type Output = TpI32

The resulting type after applying the - operator.
Source§

fn sub(self, other: TpI32) -> TpI32

Performs the - operation. Read more
Source§

impl SubAssign<i32> for TpI32

Source§

fn sub_assign(&mut self, rhs: i32)

Performs the -= operation. Read more
Source§

impl SubAssign for TpI32

Source§

fn sub_assign(&mut self, rhs: TpI32)

Performs the -= operation. Read more
Source§

impl TpCondSwap for TpI32

Source§

fn tp_cond_swap(condition: TpBool, a: &mut TpI32, b: &mut TpI32)

Swap a and b if and only if condition is true. Read more
Source§

impl TpEq<TpI32> for i32

Source§

fn tp_eq(&self, other: &TpI32) -> TpBool

Compare self with other for equality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

fn tp_not_eq(&self, other: &TpI32) -> TpBool

Compare self with other for inequality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

impl TpEq<i32> for TpI32

Source§

fn tp_eq(&self, other: &i32) -> TpBool

Compare self with other for equality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

fn tp_not_eq(&self, other: &i32) -> TpBool

Compare self with other for inequality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

impl TpEq for TpI32

Source§

fn tp_eq(&self, other: &TpI32) -> TpBool

Compare self with other for equality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

fn tp_not_eq(&self, other: &TpI32) -> TpBool

Compare self with other for inequality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

impl TpOrd<TpI32> for i32

Source§

fn tp_lt(&self, other: &TpI32) -> TpBool

Compute self < other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt(&self, other: &TpI32) -> TpBool

Compute self > other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_lt_eq(&self, other: &TpI32) -> TpBool

Compute self <= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt_eq(&self, other: &TpI32) -> TpBool

Compute self >= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

impl TpOrd<i32> for TpI32

Source§

fn tp_lt(&self, other: &i32) -> TpBool

Compute self < other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt(&self, other: &i32) -> TpBool

Compute self > other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_lt_eq(&self, other: &i32) -> TpBool

Compute self <= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt_eq(&self, other: &i32) -> TpBool

Compute self >= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

impl TpOrd for TpI32

Source§

fn tp_lt(&self, other: &TpI32) -> TpBool

Compute self < other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt(&self, other: &TpI32) -> TpBool

Compute self > other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_lt_eq(&self, other: &TpI32) -> TpBool

Compute self <= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt_eq(&self, other: &TpI32) -> TpBool

Compute self >= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

impl Copy for TpI32

Auto Trait Implementations§

§

impl Freeze for TpI32

§

impl RefUnwindSafe for TpI32

§

impl Send for TpI32

§

impl Sync for TpI32

§

impl Unpin for TpI32

§

impl UnwindSafe for TpI32

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.