dryoc: Don't Roll Your Own Crypto™1
dryoc is a pure-Rust, general-purpose cryptography library. It's provides an implementation of the excellent libsodium library, in pure Rust.
The purpose of this project is to provide a pure-Rust, mostly drop-in replacement for libsodium. This library has nearly the same ergonomics as libsodium (referred to in dryoc as the Classic API), such that people familiar with libsodium can use this library nearly interchangeably. While the API is not 100% identical to libsodium, most functions have the same or very similar signatures.
In addition to the Classic API, there's a Rustaceous API which aims to bring an idiomatic Rust implementation of libsodium's core features: public and secret key authenticated cryptography and general-purpose cryptography tools.
Not all features from libsodium are implemented here, either because there exist better implementations in other crates, or because they aren't necessary as part of this crate.
Additionally, this crate provides exceptionally safe cryptography thanks to Rust's safety features. The Rustaceous API is designed designed to make it difficult to shoot yourself in the foot. It's worth noting, however, you certainly can still shoot yourself if you choose (either by leaking private data, using insecure hardware, OPSEC issues, etc).
- Many libsodium implemented with both Classic and Rustaceous API
- Protected memory handling
- Serde support (with
features = ["serde"]
)
The following libsodium features are currently implemented, or awaiting implementation:
- Public-key cryptography (
crypto_box_*
) - Secret-key cryptography (
crypto_secretbox_*
) - Point*scalar multiplication (
crypto_scalarmult_base
) - Zeroing memory with zeroize
- Generating random data (
randombytes_buf
) - Encrypted streams (
crypto_secretstream_*
) - Memory locking (
sodium_mlock
,sodium_munlock
,sodium_mprotect_*
) - Encrypting related messages (
sodium_increment
) - Generic hashing (
crypto_generichash_*
) - Secret-key authentication
- One-time authentication (
crypto_onetimeauth_*
) - Sealed boxes
- Key derivation (
crypto_kdf_*
) - Key exchange (
crypto_kx_*
) - Public-key signatures (
crypto_sign_*
) - Ed25519 to Curve25519 (
crypto_sign_ed25519_*
) - Short-input hashing (
crypto_shorthash
) - Password hashing (
crypto_pwhash_*
)
The following libsodium features are either incomplete, not exposed as public APIs, or not implemented; you may find equivalent functionality in other crates:
- Stream ciphers (use salsa20 crate directly instead)
- Helpers and padding utilities
- Advanced features:
- Scrypt (use scrypt crate directly instead)
- Finite field arithmetic (try the curve25519-dalek crate)
- Not actually trademarked.