Regarding rust-crypto and timing attacks: in general the library tries to provide constant time implementations where possible. There are two implementations of AES - the AES-NI implementation and a bit-sliced pure software implementation. There isn't currently a table lookup based implementation included. I believe that the AES-NI implementation is likely constant time since all that actual crypto work is being done by the AES-NI instructions. The bit sliced software implementation is hopefully constant time - there aren't any conditionals or table lookups on keys, plaintext, or ciphertext in the code. However, no one has verified that LLVM optimizations don't add some in.
Memory comparisons are done using assembly code to prevent LLVM doing optimizations and there are implementations for x86 and ARM. It might be possible to adopt these routines to build something like rust-constanttime. Rust-crypto isn't currently doing anything special to protect key material or plaintext data in memory other than using as little unsafe code as possible. -Palmer Cox On Fri, Oct 3, 2014 at 9:35 PM, Kevin Cantu <m...@kevincantu.org> wrote: > Thanks for the updates, Tony! > > > Kevin > > On Wed, Oct 1, 2014 at 1:47 PM, Tony Arcieri <basc...@gmail.com> wrote: > > On Wed, Oct 1, 2014 at 12:42 PM, Jordan Earls <ea...@lastyearswishes.com > > > > wrote: > >> > >> Is there an Ed22519 implementation for Rust yet? > > > > > > There's an Ed25519 binding in sodiumoxide: > > > > > https://github.com/dnaq/sodiumoxide/blob/master/src/sodiumoxide/crypto/ed25519.rs > > > >> > >> Also, I take it none of this is actually secure yet, since it's not been > >> audited and lacks time-constant code and what not > > > > > > sodiumoxide is fine, since it's a binding to the libsodium C/ASM code. > > Likewise rust-openssl is "fine" > > > > Pure Rust implementations of cryptographic primitives are definitely in > need > > of expert scrutiny before they should be used for anything serious. > > > > -- > > Tony Arcieri > > > > _______________________________________________ > > Rust-dev mailing list > > Rust-dev@mozilla.org > > https://mail.mozilla.org/listinfo/rust-dev > > > _______________________________________________ > Rust-dev mailing list > Rust-dev@mozilla.org > https://mail.mozilla.org/listinfo/rust-dev >
_______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev
