Skip to content

script: Use base64ct instead of base64 in SubtleCrypto #40334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yezhizhen merged 1 commit into from
Nov 3, 2025
Merged

script: Use base64ct instead of base64 in SubtleCrypto #40334

yezhizhen merged 1 commit into from
Nov 3, 2025

Conversation

@kkoyung
Copy link
Member

@kkoyung kkoyung commented Nov 1, 2025
edited
Loading

The SubtleCrypto interface of WebCrypto API needs to encode and decode keys in base64 alphabets when exporting/importing keys in JsonWebKey format.

We currently use the base64 crate to handle base64 encoding and decoding. This patch switches to use the base64ct crate, which is a constant-time implementation of base64 alphabets.

Using constant-time implementation to handle base64 encoding and decoding of cryptographic secret provides a better protection against time-based sidechannel attack.

Remarks: The multi-line changes in ecdh_operation.rs are mostly caused by ./mach fmt.

Testing: Refactoring. Existing tests suffice.

@kkoyung
script: Use base64ct instead of base64 in SubtleCrypto
36375ec 
The `SubtleCrypto` interface of WebCrypto API needs to encode and decode
keys in base64 alphabets when exporting/importing keys in JsonWebKey
format.

We currently use the `base64` crate to handle base64 encoding and
decoding. This patch switches to use the `base64ct` crate which is a
constant-time implementation of base64 alphabets.

Using constant-time implementation to handle base64 encoding and
decoding of cryptographic secret provides a better protection from
time-based sidechannel attack.

Remarks: The multi-line changes in `ecdh_operation.rs` are mostly caused
by `./mach fmt`.

Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
@kkoyung kkoyung requested a review from gterzian as a code owner November 1, 2025 05:56
@servo-highfive servo-highfive added the S-awaiting-review There is new code that needs to be reviewed. label Nov 1, 2025
yezhizhen
yezhizhen approved these changes Nov 3, 2025
View reviewed changes
Copy link
Member

@yezhizhen yezhizhen left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

provides a better protection against time-based sidechannel attack.

Nice to know! I suppose it is slightly slower than base64, as it tries to make each operation constant time?

@servo-highfive servo-highfive removed the S-awaiting-review There is new code that needs to be reviewed. label Nov 3, 2025
@yezhizhen yezhizhen added this pull request to the merge queue Nov 3, 2025
@servo-highfive servo-highfive added the S-awaiting-merge The PR is in the process of compiling and running tests on the automated CI. label Nov 3, 2025
@yezhizhen yezhizhen added the S-awaiting-answer Someone asked a question that requires an answer. label Nov 3, 2025
@kkoyung
Copy link
Member Author

kkoyung commented Nov 3, 2025

Nice to know! I suppose it is slightly slower than base64, as it tries to make each operation constant time?

Yes. It doesn't include a data-related heuristic for maintaining constant runtime, making it less efficient than base64 in terms of running time.

Therefore, I only made these changes to the WebCrypto API code. Other parts of servo still use base64.

Merged via the queue into servo:main with commit 7640a38 Nov 3, 2025
39 checks passed
@servo-highfive servo-highfive removed the S-awaiting-merge The PR is in the process of compiling and running tests on the automated CI. label Nov 3, 2025
@kkoyung kkoyung deleted the base64ct branch November 3, 2025 13:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yezhizhen yezhizhen yezhizhen approved these changes

@gterzian gterzian Awaiting requested review from gterzian gterzian is a code owner

Assignees

No one assigned

Labels

S-awaiting-answer Someone asked a question that requires an answer.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kkoyung @yezhizhen @servo-highfive