constant_time_eq-0.3.1/.cargo_vcs_info.json0000644000000001360000000000100143710ustar { "git": { "sha1": "bea93a336b65dee32f1ed871ea1eecdf47977bb2" }, "path_in_vcs": "" }constant_time_eq-0.3.1/.github/workflows/ci.yml000064400000000000000000000075251046102023000177050ustar 00000000000000name: tests on: [push, pull_request] jobs: tests: name: Run tests runs-on: ubuntu-latest strategy: matrix: toolchain: [1.74.0, stable, beta, nightly] steps: - uses: actions/checkout@v3 - uses: actions/cache@v3 with: path: | ~/.cargo/registry/index/ ~/.cargo/registry/cache/ ~/.cargo/git/db/ target/ key: ${{ runner.os }}-cargo-${{ matrix.toolchain }}-${{ hashFiles('**/Cargo.lock', '**/Cargo.toml') }} - run: rustup toolchain install ${{ matrix.toolchain }} --profile=minimal --no-self-update - run: rustup default ${{ matrix.toolchain }} - run: rustup override set ${{ matrix.toolchain }} - run: rustc --verbose --version - run: cargo --verbose --version - run: cargo build --verbose - run: cargo build --verbose --release - run: cargo test --verbose - run: cargo test --verbose --release - name: Cross-compile x86_64-unknown-linux-gnu env: TARGET: x86_64-unknown-linux-gnu run: | rustup target add $TARGET cargo build --verbose --target $TARGET cargo build --verbose --release --target $TARGET - name: Cross-compile i686-unknown-linux-gnu env: TARGET: i686-unknown-linux-gnu run: | rustup target add $TARGET cargo build --verbose --target $TARGET cargo build --verbose --release --target $TARGET - name: Cross-compile aarch64-unknown-linux-gnu env: TARGET: aarch64-unknown-linux-gnu run: | rustup target add $TARGET cargo build --verbose --target $TARGET cargo build --verbose --release --target $TARGET - name: Cross-compile armv7-unknown-linux-gnueabihf env: TARGET: armv7-unknown-linux-gnueabihf run: | rustup target add $TARGET cargo build --verbose --target $TARGET cargo build --verbose --release --target $TARGET - name: Cross-compile riscv64gc-unknown-linux-gnu env: TARGET: riscv64gc-unknown-linux-gnu run: | rustup target add $TARGET cargo build --verbose --target $TARGET cargo build --verbose --release --target $TARGET - name: Cross-compile riscv32imac-unknown-none-elf env: TARGET: riscv32imac-unknown-none-elf run: | rustup target add $TARGET cargo build --verbose --target $TARGET cargo build --verbose --release --target $TARGET - name: Cross-compile wasm32-unknown-unknown env: TARGET: wasm32-unknown-unknown run: | rustup target add $TARGET cargo build --verbose --target $TARGET cargo build --verbose --release --target $TARGET - name: Cross-compile wasm32-wasi env: TARGET: wasm32-wasi run: | rustup target add $TARGET cargo build --verbose --target $TARGET cargo build --verbose --release --target $TARGET - run: cargo test --verbose --release --features count_instructions_test - run: cargo bench --verbose miri: name: Run tests under Miri runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/cache@v3 with: path: | ~/.cargo/registry/index/ ~/.cargo/registry/cache/ ~/.cargo/git/db/ target/ key: ${{ runner.os }}-cargo-nightly-${{ hashFiles('**/Cargo.lock', '**/Cargo.toml') }} - run: rustup toolchain install nightly --profile=minimal --no-self-update - run: rustup default nightly - run: rustup override set nightly - run: rustup component add miri - run: rustc --verbose --version - run: cargo --verbose --version - run: cargo miri test --verbose constant_time_eq-0.3.1/.gitignore000064400000000000000000000000221046102023000151430ustar 00000000000000target Cargo.lock constant_time_eq-0.3.1/CHANGES000064400000000000000000000023421046102023000141550ustar 00000000000000# 0.3.1 * Use the portable optimizer_hide() when running under Miri. # 0.3.0 * Use black_box instead of volatile read when inline assembly is not available. * Increase minimum Rust version to 1.66, which is when black_box was stabilized. # 0.2.6 * New tests using the count_instructions crate; no functional changes. # 0.2.5 * Add #[must_use] to all functions. # 0.2.4 * Since CC0 is no longer accepted as a license for code by Fedora, also allow MIT-0 or Apache-2.0 as options. No code changes. # 0.2.3 * Add fixed-size variant for arrays of any size (using const generics). # 0.2.2 * Set rust-version in Cargo.toml to 1.59. # 0.2.1 * Reduce inlining of variable-size variant. In 0.1.5, the loop was not inlined, and it can be a bit large due to the auto-vectorization. Go back to how it was in 0.1.5, but allowing the compiler to inline if it believes it would be a speed gain. # 0.2.0 * Use inline assembly when available to hide from the optimizer. * When inline assembly is not available, use both a volatile read and disabled inlining. * Increase minimum Rust version to 1.59, which is the first with inline assembly. # 0.1.5 * Add fixed-size variant for arrays with sizes 16 bytes, 32 bytes, and 64 bytes. constant_time_eq-0.3.1/Cargo.toml0000644000000026340000000000100123740ustar # THIS FILE IS AUTOMATICALLY GENERATED BY CARGO # # When uploading crates to the registry Cargo will automatically # "normalize" Cargo.toml files for maximal compatibility # with all versions of Cargo and also rewrite `path` dependencies # to registry (e.g., crates.io) dependencies. # # If you are reading this file be aware that the original Cargo.toml # will likely look very different (and much more reasonable). # See Cargo.toml.orig for the original contents. [package] edition = "2021" rust-version = "1.66.0" name = "constant_time_eq" version = "0.3.1" authors = ["Cesar Eduardo Barros "] build = false autobins = false autoexamples = false autotests = false autobenches = false description = "Compares two equal-sized byte strings in constant time." documentation = "https://docs.rs/constant_time_eq" readme = "README" keywords = ["constant_time"] categories = [ "cryptography", "no-std", ] license = "CC0-1.0 OR MIT-0 OR Apache-2.0" repository = "https://github.com/cesarb/constant_time_eq" [lib] name = "constant_time_eq" path = "src/lib.rs" [[test]] name = "count_instructions" path = "tests/count_instructions.rs" [[bench]] name = "bench" path = "benches/bench.rs" harness = false [dev-dependencies.count_instructions] version = "0.1.3" [dev-dependencies.criterion] version = "0.5.1" features = [ "cargo_bench_support", "html_reports", ] [features] count_instructions_test = [] constant_time_eq-0.3.1/Cargo.toml.orig000064400000000000000000000013501046102023000160470ustar 00000000000000[package] name = "constant_time_eq" version = "0.3.1" edition = "2021" authors = ["Cesar Eduardo Barros "] description = "Compares two equal-sized byte strings in constant time." documentation = "https://docs.rs/constant_time_eq" repository = "https://github.com/cesarb/constant_time_eq" readme = "README" keywords = ["constant_time"] categories = ["cryptography", "no-std"] license = "CC0-1.0 OR MIT-0 OR Apache-2.0" rust-version = "1.66.0" [dev-dependencies] criterion = { version = "0.5.1", features = ["cargo_bench_support", "html_reports"] } count_instructions = "0.1.3" [features] # Enables tests which depend on the count_instructions crate. count_instructions_test = [] [[bench]] name = "bench" harness = false constant_time_eq-0.3.1/LICENSE-APACHE000064400000000000000000000227731046102023000151200ustar 00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS constant_time_eq-0.3.1/LICENSE-CC0000064400000000000000000000156101046102023000145340ustar 00000000000000Creative Commons Legal Code CC0 1.0 Universal CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER. Statement of Purpose The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work"). Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others. For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights. 1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: i. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; ii. moral rights retained by the original author(s) and/or performer(s); iii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work; iv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below; v. rights protecting the extraction, dissemination, use and reuse of data in a Work; vi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and vii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof. 2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. 3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. 4. Limitations and Disclaimers. a. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. b. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law. c. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work. d. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work. constant_time_eq-0.3.1/LICENSE-MIT0000064400000000000000000000015321046102023000146760ustar 00000000000000Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. constant_time_eq-0.3.1/README000064400000000000000000000004201046102023000140350ustar 00000000000000Compares two equal-sized byte strings in constant time. Inspired by the Linux kernel's crypto_memneq. Licensed under either of * Apache License, Version 2.0 (LICENSE-APACHE) * MIT No Attribution License (LICENSE-MIT0) * CC0 1.0 Universal (LICENSE-CC0) at your option. constant_time_eq-0.3.1/benches/bench.rs000064400000000000000000000032771046102023000162260ustar 00000000000000use constant_time_eq::{constant_time_eq, constant_time_eq_n}; use criterion::{criterion_group, criterion_main, BenchmarkId, Criterion, Throughput}; fn bench_array(c: &mut Criterion) { let mut group = c.benchmark_group("constant_time_eq_n"); let input = (&[1; 16], &[2; 16]); group.throughput(Throughput::Bytes(16)); group.bench_with_input(BenchmarkId::from_parameter(16), &input, |b, &(x, y)| { b.iter(|| constant_time_eq_n(x, y)) }); let input = (&[1; 20], &[2; 20]); group.throughput(Throughput::Bytes(20)); group.bench_with_input(BenchmarkId::from_parameter(20), &input, |b, &(x, y)| { b.iter(|| constant_time_eq_n(x, y)) }); let input = (&[1; 32], &[2; 32]); group.throughput(Throughput::Bytes(32)); group.bench_with_input(BenchmarkId::from_parameter(32), &input, |b, &(x, y)| { b.iter(|| constant_time_eq_n(x, y)) }); let input = (&[1; 64], &[2; 64]); group.throughput(Throughput::Bytes(64)); group.bench_with_input(BenchmarkId::from_parameter(64), &input, |b, &(x, y)| { b.iter(|| constant_time_eq_n(x, y)) }); group.finish(); } fn bench_slice(c: &mut Criterion) { let mut group = c.benchmark_group("constant_time_eq"); let input = (&[1; 65536], &[2; 65536]); for &size in &[16, 20, 32, 64, 4 * 1024, 16 * 1024, 64 * 1024] { let input = (&input.0[..size], &input.1[..size]); group.throughput(Throughput::Bytes(size as u64)); group.bench_with_input(BenchmarkId::from_parameter(size), &input, |b, &(x, y)| { b.iter(|| constant_time_eq(x, y)) }); } group.finish(); } criterion_group!(benches, bench_array, bench_slice); criterion_main!(benches); constant_time_eq-0.3.1/src/lib.rs000064400000000000000000000142101046102023000150620ustar 00000000000000#![no_std] #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] #[cfg(not(miri))] #[inline] #[must_use] fn optimizer_hide(mut value: u8) -> u8 { // SAFETY: the input value is passed unchanged to the output, the inline assembly does nothing. unsafe { core::arch::asm!("/* {0} */", inout(reg_byte) value, options(pure, nomem, nostack, preserves_flags)); value } } #[cfg(any( target_arch = "arm", target_arch = "aarch64", target_arch = "riscv32", target_arch = "riscv64" ))] #[cfg(not(miri))] #[inline] #[must_use] #[allow(asm_sub_register)] fn optimizer_hide(mut value: u8) -> u8 { // SAFETY: the input value is passed unchanged to the output, the inline assembly does nothing. unsafe { core::arch::asm!("/* {0} */", inout(reg) value, options(pure, nomem, nostack, preserves_flags)); value } } #[cfg(any( not(any( target_arch = "x86", target_arch = "x86_64", target_arch = "arm", target_arch = "aarch64", target_arch = "riscv32", target_arch = "riscv64", )), miri, ))] #[inline(never)] #[must_use] fn optimizer_hide(value: u8) -> u8 { // The current implementation of black_box in the main codegen backends is similar to // { // let result = value; // asm!("", in(reg) &result); // result // } // which round-trips the value through the stack, instead of leaving it in a register. // Experimental codegen backends might implement black_box as a pure identity function, // without the expected optimization barrier, so it's less guaranteed than inline asm. // For that reason, we also use the #[inline(never)] hint, which makes it harder for an // optimizer to look inside this function. core::hint::black_box(value) } #[inline] #[must_use] fn constant_time_ne(a: &[u8], b: &[u8]) -> u8 { assert!(a.len() == b.len()); // These useless slices make the optimizer elide the bounds checks. // See the comment in clone_from_slice() added on Rust commit 6a7bc47. let len = a.len(); let a = &a[..len]; let b = &b[..len]; let mut tmp = 0; for i in 0..len { tmp |= a[i] ^ b[i]; } // The compare with 0 must happen outside this function. optimizer_hide(tmp) } /// Compares two equal-sized byte strings in constant time. /// /// # Examples /// /// ``` /// use constant_time_eq::constant_time_eq; /// /// assert!(constant_time_eq(b"foo", b"foo")); /// assert!(!constant_time_eq(b"foo", b"bar")); /// assert!(!constant_time_eq(b"bar", b"baz")); /// # assert!(constant_time_eq(b"", b"")); /// /// // Not equal-sized, so won't take constant time. /// assert!(!constant_time_eq(b"foo", b"")); /// assert!(!constant_time_eq(b"foo", b"quux")); /// ``` #[must_use] pub fn constant_time_eq(a: &[u8], b: &[u8]) -> bool { a.len() == b.len() && constant_time_ne(a, b) == 0 } // Fixed-size array variant. #[inline] #[must_use] fn constant_time_ne_n(a: &[u8; N], b: &[u8; N]) -> u8 { let mut tmp = 0; for i in 0..N { tmp |= a[i] ^ b[i]; } // The compare with 0 must happen outside this function. optimizer_hide(tmp) } /// Compares two fixed-size byte strings in constant time. /// /// # Examples /// /// ``` /// use constant_time_eq::constant_time_eq_n; /// /// assert!(constant_time_eq_n(&[3; 20], &[3; 20])); /// assert!(!constant_time_eq_n(&[3; 20], &[7; 20])); /// ``` #[must_use] pub fn constant_time_eq_n(a: &[u8; N], b: &[u8; N]) -> bool { constant_time_ne_n(a, b) == 0 } // Fixed-size variants for the most common sizes. /// Compares two 128-bit byte strings in constant time. /// /// # Examples /// /// ``` /// use constant_time_eq::constant_time_eq_16; /// /// assert!(constant_time_eq_16(&[3; 16], &[3; 16])); /// assert!(!constant_time_eq_16(&[3; 16], &[7; 16])); /// ``` #[inline] #[must_use] pub fn constant_time_eq_16(a: &[u8; 16], b: &[u8; 16]) -> bool { constant_time_eq_n(a, b) } /// Compares two 256-bit byte strings in constant time. /// /// # Examples /// /// ``` /// use constant_time_eq::constant_time_eq_32; /// /// assert!(constant_time_eq_32(&[3; 32], &[3; 32])); /// assert!(!constant_time_eq_32(&[3; 32], &[7; 32])); /// ``` #[inline] #[must_use] pub fn constant_time_eq_32(a: &[u8; 32], b: &[u8; 32]) -> bool { constant_time_eq_n(a, b) } /// Compares two 512-bit byte strings in constant time. /// /// # Examples /// /// ``` /// use constant_time_eq::constant_time_eq_64; /// /// assert!(constant_time_eq_64(&[3; 64], &[3; 64])); /// assert!(!constant_time_eq_64(&[3; 64], &[7; 64])); /// ``` #[inline] #[must_use] pub fn constant_time_eq_64(a: &[u8; 64], b: &[u8; 64]) -> bool { constant_time_eq_n(a, b) } #[cfg(test)] mod tests { #[cfg(feature = "count_instructions_test")] extern crate std; #[cfg(feature = "count_instructions_test")] #[test] fn count_optimizer_hide_instructions() -> std::io::Result<()> { use super::optimizer_hide; use count_instructions::count_instructions; fn count() -> std::io::Result { // If optimizer_hide does not work, constant propagation and folding // will make this identical to count_optimized() below. let mut count = 0; assert_eq!( 10u8, count_instructions( || optimizer_hide(1) + optimizer_hide(2) + optimizer_hide(3) + optimizer_hide(4), |_| count += 1 )? ); Ok(count) } fn count_optimized() -> std::io::Result { #[inline] fn inline_identity(value: u8) -> u8 { value } let mut count = 0; assert_eq!( 10u8, count_instructions( || inline_identity(1) + inline_identity(2) + inline_identity(3) + inline_identity(4), |_| count += 1 )? ); Ok(count) } assert!(count()? > count_optimized()?); Ok(()) } } constant_time_eq-0.3.1/tests/count_instructions.rs000064400000000000000000000105011046102023000206420ustar 00000000000000#[cfg(feature = "count_instructions_test")] mod tests { use std::io::Result; use constant_time_eq::{constant_time_eq, constant_time_eq_n}; use count_instructions::{count_instructions, Address}; #[inline(never)] fn count(l: &[u8], r: &[u8], capacity: usize) -> Result> { let mut addresses = Vec::with_capacity(capacity); assert!(!count_instructions( || constant_time_eq(l, r), |instruction| addresses.push(instruction.address()) )?); Ok(addresses) } #[inline(never)] fn count_n(l: &[u8; N], r: &[u8; N], capacity: usize) -> Result> { let mut addresses = Vec::with_capacity(capacity); assert!(!count_instructions( || constant_time_eq_n(l, r), |instruction| addresses.push(instruction.address()) )?); Ok(addresses) } fn test(a: u8, b: u8) -> Result<()> { const N: usize = 64; let l = vec![a; N]; let r = vec![b; N]; let baseline = count(&l, &r, 0)?; let mut t = r.clone(); for n in 0..(N - 1) { t[n] = a; assert_eq!(count(&l, &t, baseline.len())?, baseline); } t[N - 1] = a; assert!(constant_time_eq(&l, &t)); let mut t = r.clone(); for n in 1..N { t[N - n] = a; assert_eq!(count(&l, &t, baseline.len())?, baseline); } t[0] = a; assert!(constant_time_eq(&l, &t)); Ok(()) } fn test_n(a: u8, b: u8) -> Result<()> { let l = [a; N]; let r = [b; N]; let baseline = count_n(&l, &r, 0)?; let mut t = r.clone(); for n in 0..(N - 1) { t[n] = a; assert_eq!(count_n(&l, &t, baseline.len())?, baseline); } t[N - 1] = a; assert!(constant_time_eq_n(&l, &t)); let mut t = r.clone(); for n in 1..N { t[N - n] = a; assert_eq!(count_n(&l, &t, baseline.len())?, baseline); } t[0] = a; assert!(constant_time_eq_n(&l, &t)); Ok(()) } #[test] fn count_instructions_test() -> Result<()> { test(b'A', b'B')?; test(0x55, 0xAA)?; Ok(()) } fn count_instructions_test_n() -> Result<()> { test_n::(b'A', b'B')?; test_n::(0x55, 0xAA)?; Ok(()) } #[test] fn count_instructions_test_n_16() -> Result<()> { count_instructions_test_n::<16>() } #[test] fn count_instructions_test_n_20() -> Result<()> { count_instructions_test_n::<20>() } #[test] fn count_instructions_test_n_24() -> Result<()> { count_instructions_test_n::<24>() } #[test] fn count_instructions_test_n_32() -> Result<()> { count_instructions_test_n::<32>() } #[test] fn count_instructions_test_n_48() -> Result<()> { count_instructions_test_n::<48>() } #[test] fn count_instructions_test_n_64() -> Result<()> { count_instructions_test_n::<64>() } // This silly test shows that count_instructions() can detect early returns. #[test] fn count_instructions_test_variable() -> Result<()> { #[inline(never)] fn variable_time_eq(a: &[u8], b: &[u8]) -> bool { if a.len() != b.len() { false } else { for i in 0..a.len() { if a[i] != b[i] { return false; } } true } } #[inline(never)] fn count_variable(l: &[u8], r: &[u8], capacity: usize) -> Result> { let mut addresses = Vec::with_capacity(capacity); assert!(!count_instructions( || variable_time_eq(l, r), |instruction| addresses.push(instruction.address()) )?); Ok(addresses) } const N: usize = 64; let l = vec![b'A'; N]; let r = vec![b'B'; N]; let mut t = r.clone(); t[0] = b'A'; let short = count_variable(&l, &t, 0)?; let mut t = l.clone(); t[N - 1] = b'B'; let long = count_variable(&l, &t, short.len())?; assert_ne!(short, long); Ok(()) } }