Re: [rust-dev] Rust crypto highlights

Tue, 30 Sep 2014 10:05:42 -0700 

Thanks for the updates, Tony.

On 09/29/2014 10:39 PM, Tony Arcieri wrote:
I've been trying to keep an eye on what's been brewing in the Rust crypto-world. There's a lot of parts that people have been working on that I'd really love to see brought together in a coherent manner, perhaps in the form of an (out-of-tree) common crypto library for Rust. Here are a few highlights: 


- common.rs <https://github.com/seb-m/common.rs>: a cool library with 
a terrible name! This library implements SBufs 
<https://github.com/seb-m/common.rs/blob/master/src/sbuf.rs>: secure 
buffers with guard pages, suitable for storing keying material. I 
would still love to see this extended to do RAII-style memory 
protection that sets PROT_NONE on buffer pages when they're not in use



- rust-constanttime 
<https://gist.github.com/lifthrasiir/56cdcf404edce0a8f256>: [ WARNING: 
BROKEN DO NOT USE ] a library similar to Go's crypto/subtle 
<http://golang.org/pkg/crypto/subtle/>: data types that try to ensure 
constant-time operations, unfortunately LLVM is really smart and likes 
to performance optimize by adding branches even when you really don't 
want it to. If someone knew of a way to make it actually verifiably 
constant time, that would be amazing.



I've been told by LLVM folks that getting LLVM to do constant time code 
generation is essentially hopeless, and it should just be written in 
asm. One could start by compiling with LLVM, then hand-inspecting the 
output.





- suruga <https://github.com/klutzy/suruga>: a Rust implementation of 
TLS 1.2. Wouldn't it be great if a Servo-powered browser didn't have 
to use OpenSSL? ;) This seems like it could benefit from SBufs and 
rust-constanttime, if they were fully baked. Right now it does no 
memory protections around keying material or internal cipher state.


--
Tony Arcieri


_______________________________________________
Rust-dev mailing list
Rust-dev@mozilla.org
https://mail.mozilla.org/listinfo/rust-dev



_______________________________________________
Rust-dev mailing list
Rust-dev@mozilla.org
https://mail.mozilla.org/listinfo/rust-dev






















					Reply via email to