timing-oracle

Detect timing side channels in Rust code with statistically rigorous methods.

$ cargo test --test aes_timing

timing-oracle
──────────────────────────────────────────────────────────────

  Samples: 5000 per class
  Quality: Excellent

  ✓ No timing leak detected

    Probability of leak: 2.3%
    Effect: 0.8 ns
      Shift: 0.5 ns
      Tail:  0.3 ns

──────────────────────────────────────────────────────────────

Installation

cargo add timing-oracle --dev

Quick Start

use timing_oracle::{timing_test_checked, TimingOracle, AttackerModel, Outcome};

#[test]
fn constant_time_compare() {
    let secret = [0u8; 32];

    let outcome = timing_test_checked! {
        oracle: TimingOracle::for_attacker(AttackerModel::AdjacentNetwork),
        baseline: || [0u8; 32],
        sample: || rand::random::<[u8; 32]>(),
        measure: |input| {
            constant_time_eq(&secret, &input);
        },
    };

    match outcome {
        Outcome::Pass { .. } => { /* No leak */ }
        Outcome::Fail { exploitability, .. } => panic!("Timing leak: {:?}", exploitability),
        Outcome::Inconclusive { .. } => { /* Could not determine */ }
        Outcome::Unmeasurable { .. } => { /* Operation too fast */ }
    }
}

Why Another Tool?

Existing tools like DudeCT output t-statistics and p-values that are hard to interpret. timing-oracle gives you what you actually want: the probability your code has a timing leak, plus how exploitable it would be.

Attacker Model Presets

Choose your threat model to define what timing differences matter:

Documentation

• API Documentation
• GitHub Repository

License

MPL-2.0