encoding icon indicating copy to clipboard operation
encoding copied to clipboard

Published 20 hours ago verified publisher icon 05nelsonm

Implement constant time decoding

Open 05nelsonm opened this issue 2 years ago • 1 comments

Add as a config option the ability to set constant time.

Some operations (e.g. encryption/decryption) require processing the entire contents of the input before throwing exception in order to mitigate timing attacks.

As module :library:encoding-core does not have knowledge of the higher level implementation details, this will need to be something added to them individually.

  • When an EncoderDecoder is configured for constant time and encounters an unrecognized input, it should substitute that unknown input so operations continue (e.g. character TABLE[0]) and set an error flag.
  • When Feed.doFinalProtected is invoked, it should process the remaining contents in its buffer, and then throw an exception.
    • invoking flush() should not produce an exception, only upon after Feed.doFinal is invoked. Implementations can check isClosed within their doFinalProtected function to check whether flush or doFinal has been invoked.

05nelsonm avatar Jun 04 '23 18:06 05nelsonm

Think about adding a static EncoderDecoder configured specifically for this, too.

public class Base64(
    config: Base64.Config
) : EncoderDecoder<Base64.Config>(config) {

    // ...

    public object Default {

        @JvmField
        public val CT: Base64 = Base64 {
            lineBreakInterval = 64
            constantTime = true
        }
    }

    // ...
}

05nelsonm avatar Jun 04 '23 18:06 05nelsonm

Actually, this could be implemented in core by adding another constructor with the new parameter (and deprecating the prior constructor), then handled in the Decoder.Feed abstraction.

I think the parameter would need to be of type Char?, where by if it is null, constant time is not enabled, and if it is non-null, that character will be substituted in the event of an encoding exception ocurrs.

May need to add a new exception type, like InvalidDecoderInputException that can be caught to trigger the functionality in order to substitute with the defined alternative.

EDIT: Actually, throwing an exception would defeat the purpose because that would generate a stacktrace (which takes time). Implementations need to handle substitution somehow. Need to rethink and play with implementation/abstractions to see how best to do this.

05nelsonm avatar Dec 13 '24 14:12 05nelsonm