Crates.io | dryoc |
lib.rs | dryoc |
version | |
source | src |
created_at | 2021-03-05 19:27:39.386972 |
updated_at | 2024-12-08 12:18:42.39944 |
description | Don't Roll Your Own Crypto: pure-Rust, hard to misuse cryptography library |
homepage | |
repository | https://github.com/brndnmtthws/dryoc |
max_upload_size | |
id | 364491 |
Cargo.toml error: | TOML parse error at line 19, column 1 | 19 | autolib = false | ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include` |
size | 0 |
dryoc is a pure-Rust, general-purpose cryptography library that's hard to misuse. It's based on the excellent libsodium library, but in pure Rust. It also includes protected memory features throughout, which makes it dead simple to build secure, robust, and safe cryptographic software. The original goal of this library was to provide a pure-Rust alternative to libsodium.
The purpose of this project is to provide a pure-Rust, mostly drop-in replacement for libsodium. This library has nearly the same ergonomics as libsodium (referred to in dryoc as the Classic API), such that people familiar with libsodium can use this library nearly interchangeably. While the API is not 100% identical to libsodium, most functions have the same or very similar signatures.
In addition to the Classic API, there's a Rustaceous API which aims to bring an idiomatic Rust implementation of libsodium's core features: public and secret key authenticated cryptography and general-purpose cryptography tools.
Not all features from libsodium are implemented here, either because there exist better implementations in other crates, or because they aren't necessary as part of this crate.
Additionally, this crate provides exceptionally safe cryptography thanks to Rust's safety features. The Rustaceous API is designed designed to make it difficult to shoot yourself in the foot. It's worth noting, however, you certainly can still shoot yourself if you choose (either by leaking private data, using insecure hardware, OPSEC issues, etc).
For example usage, refer to the official docs or the integration tests.
mprotect()
+ mlock()
, along with Windows equivalents)features = ["serde"]
)features = ["simd_backend", "nightly"]
features = ["simd_backend", "nightly"]
To enable all the SIMD backends through 3rd party crates, you'll need to also
set RUSTFLAGS
:
RUSTFLAGS=-Ctarget-cpu=haswell -Ctarget-feature=+avx2
RUSTFLAGS=-Ctarget-feature=+sse2
RUSTFLAGS=-Ctarget-feature=+neon
Note that eventually this project will converge on portable SIMD implementations for all the core algos which will work across all platforms supported by LLVM, rather than relying on hand-coded assembly or intrinsics, but this is a work in progress.
The following libsodium features are currently implemented, or awaiting implementation:
crypto_box_*
) libsodium linkcrypto_secretbox_*
) libsodium linkcrypto_scalarmult*
) libsodium linksodium_memzero
) with zeroize libsodium linkrandombytes_buf
) libsodium linkcrypto_secretstream_*
) libsodium linksodium_mlock
, sodium_munlock
, sodium_mprotect_*
) libsodium linksodium_increment
) libsodium linkcrypto_generichash_*
) libsodium linkcrypto_auth*
) libsodium linkcrypto_onetimeauth_*
) libsodium linkcrypto_box_seal*
) libsodium linkcrypto_kdf_*
) libsodium linkcrypto_kx_*
) libsodium linkcrypto_sign_*
) libsodium linkcrypto_sign_ed25519_*
) libsodium linkcrypto_shorthash
) libsodium linkcrypto_pwhash_*
) libsodium linkThe following libsodium features are either incomplete, not exposed as public APIs, or not implemented; you may find equivalent functionality in other crates:
Not actually trademarked. ↩
The protected memory features described in the [protected] mod require custom memory allocation, system calls, and pointer arithmetic, which are unsafe in Rust. Some of the 3rd party libraries used by this crate, such as those with SIMD, may contain unsafe code. In particular, most SIMD implementations are considered "unsafe" due to their use of assembly or intrinsics, however without SIMD-based cryptography you may be exposed to timing attacks. ↩