Encoding functions resistant to cache-timing attacks

[sarciszewski]

Motivation:

• http://blog.ircmaxell.com/2014/11/its-all-about-time.html
• http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
• https://defuse.ca/side-channels-in-encoding-functions.htm

This is #909 without the git merge crud. Thanks to @jedisct1 for writing sodium_bin2hex()

DONE:

• bin2hex_ts()

TODO:

• hex2bin_ts()
• base64_encode_ts()
• base64_decode_ts()

DISCUSSED AS POSSIBILITIES:

• json_encode()
• json_decode()
• parse_ini_file()
• uuencode()
• uudecode()

(I will probably not bother with the ones that are not done or marked TODO)

[krakjoe]

@sarciszewski can I know the current status of this PR please ?

Nobody is likely to merge a patch that the author has said is incomplete, if you feel there is justification for providing one of the functions you are suggesting, please provide it.

Alternatively, if you consider this work abandoned, please close this PR.

[krakjoe]

Having waited more than a month for feedback, and having received nothing, I'm closing this PR as it would appear abandoned.

[paragonie-scott]

Oh, I never received the email notification for the previous message. Yeah, closing this is the right move for now.

The immediate solution for anyone who needs one is https://github.com/paragonie/constant_time_encoding

[ghost]

It seems bin2hex and hex2bin were already constant time in PHP >= 7? See #1453

And also since PHP 7.2 there are the sodium functions for base64/hex:

• sodium_base642bin
• sodium_bin2base64
• sodium_hex2bin
• sodium_bin2hex

[jedisct1]

The code in PHP >=7 assumes that a 16-bytes alignment for a lookup table is enough to make lookups constant time. This is a very fragile assumption.

I'd recommend using the libsodium functions, that don't use LUTs instead.