dryoc: Don't Roll Your Own Crypto™1
dryoc is a pure-Rust, general-purpose cryptography library. It's provides an implementation of the excellent libsodium library, in pure Rust.
The purpose of this project is to provide a pure-Rust, mostly drop-in replacement for libsodium. This library has nearly the same ergonomics as libsodium (referred to in dryoc as the Classic API), such that people familiar with libsodium can use this library nearly interchangeably. While the API is not 100% identical to libsodium, most functions have the same or very similar signatures.
In addition to the Classic API, there's a Rustaceous API which aims to bring an idiomatic Rust implementation of libsodium's core features: public and secret key authenticated cryptography and general-purpose cryptography tools.
Not all features from libsodium are implemented here, either because there exist better implementations in other crates, or because they aren't necessary as part of this crate.
Additionally, this crate provides exceptionally safe cryptography thanks to Rust's safety features. The Rustaceous API is designed designed to make it difficult to shoot yourself in the foot. It's worth noting, however, you certainly can still shoot yourself if you choose (either by leaking private data, using insecure hardware, OPSEC issues, etc).
- Many libsodium implemented with both Classic and Rustaceous API
- Protected memory handling
- Serde support (with
features = ["serde"]
)
The following libsodium features are currently implemented, or awaiting implementation:
- Public-key cryptography (
crypto_box_*
) libsodium link - Secret-key cryptography (
crypto_secretbox_*
) libsodium link - Point*scalar multiplication (
crypto_scalarmult*
) libsodium link - Zeroing memory (
sodium_memzero
) with zeroize libsodium link - Generating random data (
randombytes_buf
) libsodium link - Encrypted streams (
crypto_secretstream_*
) libsodium link - Memory locking (
sodium_mlock
,sodium_munlock
,sodium_mprotect_*
) libsodium link - Encrypting related messages (
sodium_increment
) libsodium link - Generic hashing (
crypto_generichash_*
) libsodium link - Secret-key authentication (
crypto_auth*
) libsodium link - One-time authentication (
crypto_onetimeauth_*
) libsodium link - Sealed boxes (
crypto_box_seal*
) libsodium link - Key derivation (
crypto_kdf_*
) libsodium link - Key exchange (
crypto_kx_*
) libsodium link - Public-key signatures (
crypto_sign_*
) libsodium link - Ed25519 to Curve25519 (
crypto_sign_ed25519_*
) libsodium link - Short-input hashing (
crypto_shorthash
) libsodium link - Password hashing (
crypto_pwhash_*
) libsodium link
The following libsodium features are either incomplete, not exposed as public APIs, or not implemented; you may find equivalent functionality in other crates:
- Stream ciphers (use salsa20 crate directly instead)
- Helpers and padding utilities
- Advanced features:
- Scrypt (use scrypt crate directly instead)
- Finite field arithmetic (try the curve25519-dalek crate)
Footnotes
-
Not actually trademarked. ↩