TpI64

timing_shield

Struct TpI64 

Source 
pub struct TpI64(/* private fields */);
Expand description

A number type that prevents its value from being leaked to attackers through timing information.

Use this type’s protect method as early as possible to prevent the value from being used in variable-time computations.

Unlike Rust’s built-in number types, rust-timing-shield number types have no overflow checking, even in debug mode. In other words, they behave like Rust’s Wrapping types.

Additionally, all shift distances are reduced mod the bit width of the type (e.g. some_i64 << 104 is equivalent to some_i64 << 40).

// Protect the value as early as possible to limit the risk
let protected_value = TpU8::protect(some_u8);
let other_protected_value = TpU8::protect(some_other_u8);

// Do some computation with the protected values
let x = (other_protected_value + protected_value) & 0x40;

// If needed, remove protection using `expose`
println!("{}", x.expose());

Implementations§

Source§

impl TpI64

Source

pub fn protect(input: i64) -> Self

Hide input behind a protective abstraction to prevent the value from being used in such a way that the value could leak out via a timing side channel.

let protected = TpU32::protect(secret_u32);

// Use `protected` instead of `secret_u32` to avoid timing leaks
Source

pub fn as_u8(self) -> TpU8

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_u16(self) -> TpU16

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_u32(self) -> TpU32

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_u64(self) -> TpU64

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_i8(self) -> TpI8

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_i16(self) -> TpI16

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn as_i32(self) -> TpI32

Casts from one number type to another, following the same conventions as Rust’s as keyword.

Source

pub fn rotate_left(self, n: u32) -> Self

Shifts left by n bits, wrapping truncated bits around to the right side of the resulting value.

If n is larger than the bitwidth of this number type, n is reduced mod that bitwidth. For example, rotating an i16 with n = 35 is equivalent to rotating with n = 3, since 35 = 3 mod 16.

Source

pub fn rotate_right(self, n: u32) -> Self

Shifts right by n bits, wrapping truncated bits around to the left side of the resulting value.

If n is larger than the bitwidth of this number type, n is reduced mod that bitwidth. For example, rotating an i16 with n = 35 is equivalent to rotating with n = 3, since 35 = 3 mod 16.

Source

pub fn expose(self) -> i64

Remove the timing protection and expose the raw number value. Once a value is exposed, it is the library user’s responsibility to prevent timing leaks (if necessary).

Commonly, this method is used when a value is safe to make public (e.g. when an encryption algorithm outputs a ciphertext). Alternatively, this method may need to be used when providing a secret value to an interface that does not use timing-shield’s types (e.g. writing a secret key to a file using a file system API).

Trait Implementations§

Source§

impl Add<TpI64> for i64

Source§

type Output = TpI64

The resulting type after applying the + operator.
Source§

fn add(self, other: TpI64) -> TpI64

Performs the + operation. Read more
Source§

impl Add<i64> for TpI64

Source§

type Output = TpI64

The resulting type after applying the + operator.
Source§

fn add(self, other: i64) -> TpI64

Performs the + operation. Read more
Source§

impl Add for TpI64

Source§

type Output = TpI64

The resulting type after applying the + operator.
Source§

fn add(self, other: TpI64) -> TpI64

Performs the + operation. Read more
Source§

impl AddAssign<i64> for TpI64

Source§

fn add_assign(&mut self, rhs: i64)

Performs the += operation. Read more
Source§

impl AddAssign for TpI64

Source§

fn add_assign(&mut self, rhs: TpI64)

Performs the += operation. Read more
Source§

impl BitAnd<TpI64> for i64

Source§

type Output = TpI64

The resulting type after applying the & operator.
Source§

fn bitand(self, other: TpI64) -> TpI64

Performs the & operation. Read more
Source§

impl BitAnd<i64> for TpI64

Source§

type Output = TpI64

The resulting type after applying the & operator.
Source§

fn bitand(self, other: i64) -> TpI64

Performs the & operation. Read more
Source§

impl BitAnd for TpI64

Source§

type Output = TpI64

The resulting type after applying the & operator.
Source§

fn bitand(self, other: TpI64) -> TpI64

Performs the & operation. Read more
Source§

impl BitAndAssign<i64> for TpI64

Source§

fn bitand_assign(&mut self, rhs: i64)

Performs the &= operation. Read more
Source§

impl BitAndAssign for TpI64

Source§

fn bitand_assign(&mut self, rhs: TpI64)

Performs the &= operation. Read more
Source§

impl BitOr<TpI64> for i64

Source§

type Output = TpI64

The resulting type after applying the | operator.
Source§

fn bitor(self, other: TpI64) -> TpI64

Performs the | operation. Read more
Source§

impl BitOr<i64> for TpI64

Source§

type Output = TpI64

The resulting type after applying the | operator.
Source§

fn bitor(self, other: i64) -> TpI64

Performs the | operation. Read more
Source§

impl BitOr for TpI64

Source§

type Output = TpI64

The resulting type after applying the | operator.
Source§

fn bitor(self, other: TpI64) -> TpI64

Performs the | operation. Read more
Source§

impl BitOrAssign<i64> for TpI64

Source§

fn bitor_assign(&mut self, rhs: i64)

Performs the |= operation. Read more
Source§

impl BitOrAssign for TpI64

Source§

fn bitor_assign(&mut self, rhs: TpI64)

Performs the |= operation. Read more
Source§

impl BitXor<TpI64> for i64

Source§

type Output = TpI64

The resulting type after applying the ^ operator.
Source§

fn bitxor(self, other: TpI64) -> TpI64

Performs the ^ operation. Read more
Source§

impl BitXor<i64> for TpI64

Source§

type Output = TpI64

The resulting type after applying the ^ operator.
Source§

fn bitxor(self, other: i64) -> TpI64

Performs the ^ operation. Read more
Source§

impl BitXor for TpI64

Source§

type Output = TpI64

The resulting type after applying the ^ operator.
Source§

fn bitxor(self, other: TpI64) -> TpI64

Performs the ^ operation. Read more
Source§

impl BitXorAssign<i64> for TpI64

Source§

fn bitxor_assign(&mut self, rhs: i64)

Performs the ^= operation. Read more
Source§

impl BitXorAssign for TpI64

Source§

fn bitxor_assign(&mut self, rhs: TpI64)

Performs the ^= operation. Read more
Source§

impl Clone for TpI64

Source§

fn clone(&self) -> TpI64

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Mul<TpI64> for i64

Source§

type Output = TpI64

The resulting type after applying the * operator.
Source§

fn mul(self, other: TpI64) -> TpI64

Performs the * operation. Read more
Source§

impl Mul<i64> for TpI64

Source§

type Output = TpI64

The resulting type after applying the * operator.
Source§

fn mul(self, other: i64) -> TpI64

Performs the * operation. Read more
Source§

impl Mul for TpI64

Source§

type Output = TpI64

The resulting type after applying the * operator.
Source§

fn mul(self, other: TpI64) -> TpI64

Performs the * operation. Read more
Source§

impl MulAssign<i64> for TpI64

Source§

fn mul_assign(&mut self, rhs: i64)

Performs the *= operation. Read more
Source§

impl MulAssign for TpI64

Source§

fn mul_assign(&mut self, rhs: TpI64)

Performs the *= operation. Read more
Source§

impl Neg for TpI64

Source§

type Output = TpI64

The resulting type after applying the - operator.
Source§

fn neg(self) -> TpI64

Performs the unary - operation. Read more
Source§

impl Not for TpI64

Source§

type Output = TpI64

The resulting type after applying the ! operator.
Source§

fn not(self) -> TpI64

Performs the unary ! operation. Read more
Source§

impl Shl<u32> for TpI64

Source§

type Output = TpI64

The resulting type after applying the << operator.
Source§

fn shl(self, other: u32) -> TpI64

Performs the << operation. Read more
Source§

impl ShlAssign<u32> for TpI64

Source§

fn shl_assign(&mut self, rhs: u32)

Performs the <<= operation. Read more
Source§

impl Shr<u32> for TpI64

Source§

type Output = TpI64

The resulting type after applying the >> operator.
Source§

fn shr(self, other: u32) -> TpI64

Performs the >> operation. Read more
Source§

impl ShrAssign<u32> for TpI64

Source§

fn shr_assign(&mut self, rhs: u32)

Performs the >>= operation. Read more
Source§

impl Sub<TpI64> for i64

Source§

type Output = TpI64

The resulting type after applying the - operator.
Source§

fn sub(self, other: TpI64) -> TpI64

Performs the - operation. Read more
Source§

impl Sub<i64> for TpI64

Source§

type Output = TpI64

The resulting type after applying the - operator.
Source§

fn sub(self, other: i64) -> TpI64

Performs the - operation. Read more
Source§

impl Sub for TpI64

Source§

type Output = TpI64

The resulting type after applying the - operator.
Source§

fn sub(self, other: TpI64) -> TpI64

Performs the - operation. Read more
Source§

impl SubAssign<i64> for TpI64

Source§

fn sub_assign(&mut self, rhs: i64)

Performs the -= operation. Read more
Source§

impl SubAssign for TpI64

Source§

fn sub_assign(&mut self, rhs: TpI64)

Performs the -= operation. Read more
Source§

impl TpCondSwap for TpI64

Source§

fn tp_cond_swap(condition: TpBool, a: &mut TpI64, b: &mut TpI64)

Swap a and b if and only if condition is true. Read more
Source§

impl TpEq<TpI64> for i64

Source§

fn tp_eq(&self, other: &TpI64) -> TpBool

Compare self with other for equality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

fn tp_not_eq(&self, other: &TpI64) -> TpBool

Compare self with other for inequality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

impl TpEq<i64> for TpI64

Source§

fn tp_eq(&self, other: &i64) -> TpBool

Compare self with other for equality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

fn tp_not_eq(&self, other: &i64) -> TpBool

Compare self with other for inequality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

impl TpEq for TpI64

Source§

fn tp_eq(&self, other: &TpI64) -> TpBool

Compare self with other for equality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

fn tp_not_eq(&self, other: &TpI64) -> TpBool

Compare self with other for inequality without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them. Read more
Source§

impl TpOrd<TpI64> for i64

Source§

fn tp_lt(&self, other: &TpI64) -> TpBool

Compute self < other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt(&self, other: &TpI64) -> TpBool

Compute self > other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_lt_eq(&self, other: &TpI64) -> TpBool

Compute self <= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt_eq(&self, other: &TpI64) -> TpBool

Compute self >= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

impl TpOrd<i64> for TpI64

Source§

fn tp_lt(&self, other: &i64) -> TpBool

Compute self < other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt(&self, other: &i64) -> TpBool

Compute self > other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_lt_eq(&self, other: &i64) -> TpBool

Compute self <= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt_eq(&self, other: &i64) -> TpBool

Compute self >= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

impl TpOrd for TpI64

Source§

fn tp_lt(&self, other: &TpI64) -> TpBool

Compute self < other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt(&self, other: &TpI64) -> TpBool

Compute self > other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_lt_eq(&self, other: &TpI64) -> TpBool

Compute self <= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

fn tp_gt_eq(&self, other: &TpI64) -> TpBool

Compute self >= other without leaking the result. Important: if either input is not a timing-protected type, this operation might leak the value of that type. To prevent timing leaks, protect values before performing any operations on them.
Source§

impl Copy for TpI64

Auto Trait Implementations§

§

impl Freeze for TpI64

§

impl RefUnwindSafe for TpI64

§

impl Send for TpI64

§

impl Sync for TpI64

§

impl Unpin for TpI64

§

impl UnwindSafe for TpI64

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.