• Stars
    star
    266
  • Rank 154,103 (Top 4 %)
  • Language
    Rust
  • License
    MIT License
  • Created almost 4 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Don't Roll Your Own Crypto: pure-Rust, hard to misuse cryptography library

Docs Crates.io Build & test Codecov

πŸ’¬ Join the Matrix chat

dryoc: Don't Roll Your Own Cryptoβ„’1

dryoc is a pure-Rust, general-purpose cryptography library that's hard to misuse. It's based on the excellent libsodium library, but in pure Rust. It also includes protected memory features throughout, which makes it dead simple to build secure, robust, and safe cryptographic software. The original goal of this library was to provide a pure-Rust alternative to libsodium.

Granny says no

The purpose of this project is to provide a pure-Rust, mostly drop-in replacement for libsodium. This library has nearly the same ergonomics as libsodium (referred to in dryoc as the Classic API), such that people familiar with libsodium can use this library nearly interchangeably. While the API is not 100% identical to libsodium, most functions have the same or very similar signatures.

In addition to the Classic API, there's a Rustaceous API which aims to bring an idiomatic Rust implementation of libsodium's core features: public and secret key authenticated cryptography and general-purpose cryptography tools.

Not all features from libsodium are implemented here, either because there exist better implementations in other crates, or because they aren't necessary as part of this crate.

Additionally, this crate provides exceptionally safe cryptography thanks to Rust's safety features. The Rustaceous API is designed designed to make it difficult to shoot yourself in the foot. It's worth noting, however, you certainly can still shoot yourself if you choose (either by leaking private data, using insecure hardware, OPSEC issues, etc).

For example usage, refer to the official docs or the integration tests.

Features

  • 100% pure Rust, no hidden C libraries
  • mostly free of unsafe code2
  • Hard to misuse, helping you avoid common costly cryptography mistakes
  • Many libsodium features implemented with both Classic and Rustaceous API
  • Protected memory handling (mprotect() + mlock(), along with Windows equivalents)
  • Serde support (with features = ["serde"])
  • Portable SIMD implementation for Blake2b (used by generic hashing, password hashing, and key derivation) on nightly, with features = ["simd_backend", "nightly"]
  • SIMD backend for Curve25519 (used by public/private key functions) on nightly with features = ["simd_backend", "nightly"]
  • SHA2 (used by sealed boxes) includes SIMD implementation for AVX2
  • ChaCha20 (used by streaming interface) includes SIMD implementations for Neon, AVX2, and SSE2

To enable all the SIMD backends through 3rd party crates, you'll need to also set RUSTFLAGS:

  • For AVX2 set RUSTFLAGS=-Ctarget-cpu=haswell -Ctarget-feature=+avx2
  • For SSE2 set RUSTFLAGS=-Ctarget-feature=+sse2
  • For Neon set RUSTFLAGS=-Ctarget-feature=+neon

Note that eventually this project will converge on portable SIMD implementations for all the core algos which will work across all platforms supported by LLVM, rather than relying on hand-coded assembly or intrinsics, but his is a work in progress.

Project status

The following libsodium features are currently implemented, or awaiting implementation:

The following libsodium features are either incomplete, not exposed as public APIs, or not implemented; you may find equivalent functionality in other crates:

Stargazers over time

Stargazers over time

Other NaCl-related Rust implementations worth mentioning

Footnotes

  1. Not actually trademarked. ↩

  2. The protected memory features described in the [protected] mod require custom memory allocation, system calls, and pointer arithmetic, which are unsafe in Rust. Some of the 3rd party libraries used by this crate, such as those with SIMD, may contain unsafe code. In particular, most SIMD implementations are considered "unsafe" due to their use of assembly or intrinsics, however without SIMD-based cryptography you may be exposed to timing attacks. ↩

More Repositories

1

conky

Light-weight system monitor for X, Wayland (sort of), and other things, too
C++
7,128
star
2

thetagang

ThetaGang is an IBKR bot for collecting money
Python
1,930
star
3

cracking-the-coding-interview-rust

Cracking the Coding Interview problem solutions in Rust
Rust
394
star
4

optimal-buy-cbpro

Scheduled buying of BTC, ETH, and LTC from Coinbase Pro, optimally!
Python
334
star
5

facebook-hive-udfs

Facebook's Hive UDFs
Java
270
star
6

tweet-delete

Self-destructing Tweets so you too can be cool 😎
Python
94
star
7

code-like-a-pro-in-rust-book

Source code for Code Like a Pro in Rust
HTML
93
star
8

idiomatic-rust-book

Source code for Idiomatic Rust: Code like a Rustacean
Rust
78
star
9

rust-react-typescript-demo

Demo for Rust, React, Typescript, Docker, Terraform and Kubernetes
CSS
68
star
10

nginx-echo-headers

Have nginx return request headers to the client
Dockerfile
61
star
11

vault-dcos

Vault on DCOS
Shell
45
star
12

hodlermanifesto

The HODLer Manifesto
SCSS
38
star
13

labhub

GitHub bot for using GitLab CI in OSS projects
Rust
32
star
14

seed-otp

One-time pad tool for Bitcoin seed mnemonic cold storage
Python
21
star
15

metrics-cassandra

Dropwizard Metrics Cassandra reporter
Java
17
star
16

mother-of-dragons

🐲 DragonMint/Innosilicon miner management tool πŸ‰
Python
17
star
17

marathon-lb-autoscale

Autoscale your apps on Marathon
Ruby
14
star
18

kafka-on-marathon

Scripts for running Apache Kafka on Mesosphere's Marathon
HTML
14
star
19

citrine

Elixir library for running cron-based scheduled jobs on your Erlang cluster
Elixir
14
star
20

genserver

Elixir inspired async actor library for Rust
Rust
13
star
21

omploader

Enterprise quality file hosting web application.
Ruby
12
star
22

cgminer-rest

RESTful HTTP API wrapper for cgminer
Rust
9
star
23

hdfs

HA HDFS on Apache Mesos ~~~ aka 'Super Available' HDFS
Java
9
star
24

mlb-nginx-http2

Demo of marathon-lb with nginx and HTTP/2
Nginx
9
star
25

protect-yourself

A guide on how to protect your digital assets
HTML
9
star
26

dragon-rest

🐲 Python wrapper for DragonMint/Innosilicon REST API πŸ‰
Python
8
star
27

rust-action

All-in-one GitHub action for Rust projects
Rust
8
star
28

startup-ideas

Some startup ideas I'm considering
7
star
29

supertrees

Experimental Erlang/OTP-inspired supervision trees for Rust
Rust
6
star
30

resume

My Resume
TeX
6
star
31

brndn-io

It is my website
CSS
6
star
32

rust-action-cargo-binstall

GitHub action for installing Cargo packages
TypeScript
4
star
33

elasticsearch-router

An nginx based router for Elasticsearch on DCOS
Nginx
3
star
34

rust-action-rustup

GitHub action for installing rustup
TypeScript
3
star
35

grafana-dcos

Grafana on DCOS backed by Elasticsearch
3
star
36

cassandra-on-marathon

Scripts for running Apache Cassandra on Mesosphere's Marathon
Ruby
3
star
37

nginx-echo-sleep

Nginx
2
star
38

box-with-nonce

Rust
2
star
39

doge-streamer

Stream Doge
C++
2
star
40

nginx-redirect-to-https

Redirect all HTTP traffic to HTTPS (for use with Marathon & Marathon-lb)
Nginx
1
star
41

doge-stream-helper

Helper app for the Doge stream
HTML
1
star
42

dnstest

DNS client test tools
C
1
star
43

gitlab-gce-autoscaler

Simple GCE autoscaler for GitLab CI pipelines
Python
1
star
44

gwyh

Library for building gossip-based services in Rust
Rust
1
star