Sanitization 1.2.0

sanitization 1.2.0

This release is the largest hardening and usability update since 1.0.0. It adds a native dependency-free data-oblivious API, stronger verification/evidence tooling, stricter high-assurance feature profiles, safer enum/secret replacement patterns, and expanded release checks.

Added

• Added sanitization::ct, a native data-oblivious primitive layer:

  • Choice
  • Mask
  • CtOption
  • CtResult
  • CtOrdering
  • ConstantTimeEq
  • ConstantTimeOrd
  • ConditionallySelectable
  • fixed-length equality and ordering helpers
  • public-length equality helpers
  • explicit declassify(...) boundaries for public branching

• Added data-oblivious memory helpers:

  • oblivious_lookup
  • oblivious_lookup_secret
  • conditional_copy
  • conditional_swap
  • select_slice

• Added native ct integration for secret containers, including SecretBytes comparison and selection support.

• Added optional derive support for conservative field-wise ConstantTimeEq and ConditionallySelectable.

• Added strict high-assurance profiles:

  • strict-ct
  • strict-canary-check
  • require-fork-exclusion

• Added AArch64 support for the asm-compare backend.

• Added secure_replace to sanitize values before replacement.

• Added ct_primitives example covering equality, ordering, selection, CtOption, CtResult, oblivious lookup, slice selection, and conditional swap.

Security Hardening

• Hardened enum sanitization workflows and documented inactive-variant byte limits.
• Added strict-enum-derive for opt-in compile-time acknowledgment of enum derive risk.
• Hardened split-secret construction against trivially constant mask shares.
• Added consuming split-secret construction that clears the source SecretBytes.
• Aligned expiring secret replacement paths to build-clear-install behavior.
• Tightened CtOrdering construction and comparison internals based on pentest feedback.
• Added debug invariant checks for internal CtOrdering normalized-bit construction.
• Made SecretPool::allocate fail closed on random-canary setup failure.
• Bounded Linux getrandom retry loops.
• Improved deterministic pool canary derivation from slot addresses.
• Removed consumed-state disclosure from ReadOnceSecret debug output.

Verification & Evidence

• Added EVIDENCE.md.
• Added GUARANTEES.md, NON_GUARANTEES.md, BARRIERS.md, TARGETS.md, and LEAKAGE_TESTS.md.
• Added machine-readable ct-evidence.json.
• Added scripts/verify-evidence.py.
• Added scripts/evidence-report.py.
• Added tools/ct-leakage, a dudect-style Welch t-test leakage harness for local timing evidence collection.
• Added scripts/verify-leakage-smoke.sh.
• Expanded Kani proof coverage for:
  • Choice
  • fixed equality
  • public-length mismatch behavior
  • CtOption
  • CtResult
  • ordering primitives
  • conditional copy/swap
  • slice selection
  • oblivious lookup

Release Process

• Renamed and updated the crates.io release helper to scripts/release_crates.py.
• Release preflight now captures local release-evidence metadata.
• scripts/checks.sh now validates evidence metadata, derive rejection paths, leakage smoke checks, strict enum derive, all-feature workspace tests, clippy, docs, and package listing coverage.

Documentation

• Updated README examples and feature documentation for 1.2.0.
• Added clearer target-tier and non-guarantee language for data-oblivious behavior.
• Updated crates.io-facing links to permanent GitHub URLs.
• Expanded roadmap and threat-model documentation for the new ct API and evidence workflow.

Crates

Published crates for this release:

• sanitization 1.2.0
• sanitization-derive 1.2.0
• sanitization-arrayvec 1.2.0
• sanitization-bytes 1.2.0