{"id":13532222,"url":"https://github.com/dalek-cryptography/subtle","last_synced_at":"2025-06-10T17:39:35.095Z","repository":{"id":41262877,"uuid":"92902083","full_name":"dalek-cryptography/subtle","owner":"dalek-cryptography","description":"Pure-Rust traits and utilities for constant-time cryptographic implementations.","archived":false,"fork":false,"pushed_at":"2024-08-03T23:10:52.000Z","size":376,"stargazers_count":270,"open_issues_count":38,"forks_count":90,"subscribers_count":18,"default_branch":"main","last_synced_at":"2025-06-05T01:43:50.986Z","etag":null,"topics":["bit-manipulation","constant-time","cryptography","rust-traits"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dalek-cryptography.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-05-31T03:51:57.000Z","updated_at":"2025-05-14T01:56:48.000Z","dependencies_parsed_at":"2024-02-09T21:30:05.229Z","dependency_job_id":"9e73aafc-13bb-4c0f-9f9d-1daaf3cdeaec","html_url":"https://github.com/dalek-cryptography/subtle","commit_stats":{"total_commits":179,"total_committers":26,"mean_commits":6.884615384615385,"dds":0.7262569832402235,"last_synced_commit":"369e7463e85921377a5f2df80aabcbbc6d57a930"},"previous_names":[],"tags_count":32,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalek-cryptography%2Fsubtle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalek-cryptography%2Fsubtle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalek-cryptography%2Fsubtle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalek-cryptography%2Fsubtle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dalek-cryptography","download_url":"https://codeload.github.com/dalek-cryptography/subtle/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalek-cryptography%2Fsubtle/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259118827,"owners_count":22808063,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bit-manipulation","constant-time","cryptography","rust-traits"],"created_at":"2024-08-01T07:01:09.184Z","updated_at":"2025-06-10T17:39:35.059Z","avatar_url":"https://github.com/dalek-cryptography.png","language":"Rust","funding_links":[],"categories":["Cryptography"],"sub_categories":["Attack Defense"],"readme":"# subtle [![](https://img.shields.io/crates/v/subtle.svg)](https://crates.io/crates/subtle) [![](https://img.shields.io/badge/dynamic/json.svg?label=docs\u0026uri=https%3A%2F%2Fcrates.io%2Fapi%2Fv1%2Fcrates%2Fsubtle%2Fversions\u0026query=%24.versions%5B0%5D.num\u0026colorB=4F74A6)](https://doc.dalek.rs/subtle) [![](https://travis-ci.org/dalek-cryptography/subtle.svg?branch=master)](https://travis-ci.org/dalek-cryptography/subtle)\n\n**Pure-Rust traits and utilities for constant-time cryptographic implementations.**\n\nIt consists of a `Choice` type, and a collection of traits using `Choice`\ninstead of `bool` which are intended to execute in constant-time.  The `Choice`\ntype is a wrapper around a `u8` that holds a `0` or `1`.\n\n```toml\nsubtle = \"2.6\"\n```\n\nThis crate represents a “best-effort” attempt, since side-channels\nare ultimately a property of a deployed cryptographic system\nincluding the hardware it runs on, not just of software.\n\nThe traits are implemented using bitwise operations, and should execute in\nconstant time provided that a) the bitwise operations are constant-time and\nb) the bitwise operations are not recognized as a conditional assignment and\noptimized back into a branch.\n\nFor a compiler to recognize that bitwise operations represent a conditional\nassignment, it needs to know that the value used to generate the bitmasks is\nreally a boolean `i1` rather than an `i8` byte value. In an attempt to\nprevent this refinement, the crate tries to hide the value of a `Choice`'s\ninner `u8` by passing it through a volatile read. For more information, see\nthe _About_ section below.\n\nRust versions from 1.51 or higher have const generics support. You may enable\n`const-generics` feautre to have `subtle` traits implemented for arrays `[T; N]`.\n\nVersions prior to `2.2` recommended use of the `nightly` feature to enable an\noptimization barrier; this is not required in versions `2.2` and above.\n\nNote: the `subtle` crate contains `debug_assert`s to check invariants during\ndebug builds. These invariant checks involve secret-dependent branches, and\nare not present when compiled in release mode. This crate is intended to be\nused in release mode.\n\n## Documentation\n\nDocumentation is available [here][docs].\n\n## Minimum Supported Rust Version\n\nRust **1.41** or higher.\n\nMinimum supported Rust version can be changed in the future, but it will be done with a minor version bump.\n\n## About\n\nThis library aims to be the Rust equivalent of Go’s `crypto/subtle` module.\n\nOld versions of the optimization barrier in `impl From\u003cu8\u003e for Choice` were\nbased on Tim Maclean's [work on `rust-timing-shield`][rust-timing-shield],\nwhich attempts to provide a more comprehensive approach for preventing\nsoftware side-channels in Rust code.\nFrom version `2.2`, it was based on Diane Hosfelt and Amber Sprenkels' work on\n\"Secret Types in Rust\".\n\n`subtle` is authored by isis agora lovecruft and Henry de Valence.\n\n## Warning\n\nThis code is a low-level library, intended for specific use-cases implementing\ncryptographic protocols.  It represents a best-effort attempt to protect\nagainst some software side-channels.  Because side-channel resistance is not a\nproperty of software alone, but of software together with hardware, any such\neffort is fundamentally limited.\n\n**USE AT YOUR OWN RISK**\n\n[docs]: https://docs.rs/subtle\n[rust-timing-shield]: https://www.chosenplaintext.ca/open-source/rust-timing-shield/security\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdalek-cryptography%2Fsubtle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdalek-cryptography%2Fsubtle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdalek-cryptography%2Fsubtle/lists"}