untrusted icon indicating copy to clipboard operation
untrusted copied to clipboard

Published 20 hours ago verified publisher icon briansmith

Document the importance of avoiding (timing) side channels

Open briansmith opened this issue 4 years ago • 1 comments

When reviewing PR #47 by @stepancheg I realized that there's no documentation here about why or how we avoid leaking information about the contents of the slice held in an Input or Reader unless/until specifically requested.

ring internally uses untrusted to process secret buffers so untrusted.rs can only inspect/report/leak the value of any byte of the input if/when the caller specifically requests it. So, for example, peek() can inspect the value of the next byte but a Debug implementation cannot.

briansmith avatar Apr 27 '21 01:04 briansmith

Perhaps we should remove PartialEq and similar from Input? Or maybe we need a way to distinguish secret inputs from non-secret inputs that can enable such variable-time functions.

briansmith avatar May 04 '21 23:05 briansmith