dagenix/rust-crypto

A (mostly) pure-Rust implementation of various common cryptographic algorithms

Rust-Crypto seeks to create practical, auditable, pure-Rust implementations of common cryptographic

Rust-Crypto

.

algorithms with a minimum amount of assembly code where appropriate. The x86-64, x86, and ARM architectures are supported, although the x86-64 architecture receives the most testing.

Rust-Crypto targets the current, stable build of Rust. If you are having issues while using an older version, please try upgrading to the latest stable.

Rust-Crypto has not been thoroughly audited for correctness, so any use where security is important is not recommended at this time.

Usage

To use Rust-Crypto, add the following to your Cargo.toml:

[dependencies]
rust-crypto = "^0.2"

and the following to your crate root:

extern crate crypto;

Contributions

Contributions are extremely welcome. The most significant needs are help adding documentation, implementing new algorithms, and general cleanup and improvement of the code. By submitting a pull request you are agreeing to make you work available under the license terms of the Rust-Crypto project.

License

Rust-Crypto is dual licensed under the MIT and Apache 2.0 licenses, the same licenses as the Rust compiler.

Algorithms

Rust-Crypto already supports a significant number of algorithms and with your help it will support even more in the future. Currently supported algorithms include:

  • AES
  • Bcrypt
  • BLAKE2b
  • BLAKE2s
  • Blowfish
  • ChaCha20
  • Curve25519
  • ECB, CBC, and CTR block cipher modes
  • Ed25519
  • Fortuna
  • Ghash
  • HC128
  • HMAC
  • MD5
  • PBKDF2
  • PKCS padding for CBC block cipher mode
  • Poly1305
  • RC4
  • RIPEMD-160
  • Salsa20 and XSalsa20
  • Scrypt
  • Sha1
  • Sha2 (All fixed output size variants)
  • Sha3
  • Sosemanuk
  • Whirlpool
Issues

Collection of the latest Issues

cam510

cam510

Comment Icon1

rust-crypto = "0.2.36"

key = vkWlFRxheBecchrd; input text = {"datas":{"email":null,"phone":null,"nickName":null,"lastIp":null,"userStatus":null},"status":-1,"msg":"Login Failed"}

main code below: let mut encrypter = aes::ecb_encryptor(aes::KeySize::KeySize128, key, PkcsPadding); let json_to_string = {input text below}; let mut result = vec![0; json_to_string.as_bytes().len() * 4]; let mut read_buffer = RefReadBuffer::new(json_to_string.as_bytes()); let mut write_buffer = RefWriteBuffer::new(&mut result); let encrypt_result = encrypter.encrypt(&mut read_buffer, &mut write_buffer, true);

aes::ecb_encryptor result = lRu5mBFQWBYWT2xNRWUGw5lkxJYQp11/v0d4ngcHp+HASfcfGh37EdjYZyEjST1/LwdkQXhxSeYUD+X/5gM2P2Fk7unIC0cNSU/S7HwlAhBZQDpgz02EZOvN/ejR3gRuMIG92xM8UXzyv6wQeURpBta68Oem4IDWpiixsx8lSw==

right result = lRu5mBFQWBYWT2xNRWUGw5lkxJYQp11/v0d4ngcHp+HASfcfGh37EdjYZyEjST1/LwdkQXhxSeYUD+X/5gM2P2Fk7unIC0cNSU/S7HwlAhBZQDpgz02EZOvN/ejR3gRuMIG92xM8UXzyv6wQeURpBta68Oem4IDWpgAosbMfJUs=

Could you please help to check?

dhcn

dhcn

Comment Icon1

error: failed to run custom build command for rust-crypto v0.2.36

Caused by: process didn't exit successfully: /Users/denghui/dev_codes/parity-bitcoin/target/debug/build/rust-crypto-3ba811552027839f/build-script-build (signal: 11, SIGSEGV: invalid memory reference) --- stderr thread '' panicked at 'attempted to leave type nodrop::NoDrop<(epoch::Epoch, garbage::Bag)> uninitialized, which is invalid', /rustc/2fd73fabe469357a12c2c974c140f67e7cdd76d0/library/core/src/mem/mod.rs:671:9 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace warning: build failed, waiting for other jobs to finish...

Emm54321

Emm54321

Comment Icon0

Is there any reason for aes::cbc_encryptor (& co) to return a Box<dyn Encryptor + 'static> and not a Box<dyn Encryptor + Send + 'static> ? The CbcEncryptor it returns is Send and the function requires a PaddingProcessor+Send.

lattice0

lattice0

Comment Icon1

Can I add optional dependencies to I can remove libc dependencies and other things? Will this be welcome?

I'm trying to determinate which algorithms use libc. Looks like it's used on

which are for algorithms dependent on time. Which one?

Looks like serialize is only needed if you use result_str on digest or on pbkdf2

rand is only used on scrypt

time is only used on fortuna.

Well, since these algorithms depend on other crates, can I make these features: pbkdf2, scrypt, fortuna?

I'm trying to get rid of unnecessary dependencies on my project so I'd like for this crate to have no dependencies.

I still need to determinate what src/util_helpers.asm, src/aesni_helpers.asm are used for.

Also, why this lib isn't updated since 2016? Is it because it's too good that everything is ok or because no one maintains it anymore?

zwq1792966796

zwq1792966796

Comment Icon1

extern crate crypto; use crypto::digest::Digest; use crypto::sha3::Sha3; fn main() { let mut shake_128 = Sha3::shake_128(); shake_128.input_str("123"); println!("shake_128 {}",shake_128.result_str()); } //But It's noting

Take an example for Sha3::shake_128()

kornelski

kornelski

Comment Icon0

Some old versions of rust-crypto have dependencies specified with "*" version requirement (rand = "*", rustc-serialize = "*", libc = "*", gcc = "*", etc.).

Crates with such vague dependency versions became unusable, because * allows picking too-new semver-incompatible dependencies. It also breaks Cargo's minimal-versions feature, because * requirement allows picking very very old dependencies that aren't compatible with Rust 1.0.

Because these old versions of rust-crypto are unusable and cause problems for Cargo, I suggest yanking them:

NickeZ

NickeZ

Comment Icon0

Is there a way to use pbkdf2 and get progress updates while it is deriving the key? If not, do you know of a nice way to write such a function?

I guess this is quite a generic question regarding functions that take a lot of time in environment where there is only 1 thread.

kstwoak

kstwoak

Comment Icon1

[email protected]:~/rust/wasm/hello$ wasm-pack build [INFO]: Checking for the Wasm target... [INFO]: Compiling to Wasm... Compiling autocfg v0.1.7 Compiling rustc-serialize v0.3.24 Compiling wasm-bindgen-macro-support v0.2.54 error[E0046]: not all trait items implemented, missing: encode --> /home/panda/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/rustc-serialize-0.3.24/src/serialize.rs:1358:1 | 853 | fn encode<S: Encoder>(&self, s: &mut S) -> Result<(), S::Error>; | ---------------------------------------------------------------- encode from trait ... 1358 | impl Encodable for path::Path { | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ missing encode in implementation

error[E0046]: not all trait items implemented, missing: decode --> /home/panda/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/rustc-serialize-0.3.24/src/serialize.rs:1382:1 | 904 | fn decode<D: Decoder>(d: &mut D) -> Result<Self, D::Error>; | ----------------------------------------------------------- decode from trait ... 1382 | impl Decodable for path::PathBuf { | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ missing decode in implementation

Compiling num-traits v0.2.8 Compiling num-integer v0.1.41 error: aborting due to 2 previous errors

For more information about this error, try rustc --explain E0046. error: could not compile rustc-serialize. warning: build failed, waiting for other jobs to finish... error: build failed Error: Compiling your crate to WebAssembly failed Caused by: failed to execute cargo build: exited with exit code: 101

cemeyer

cemeyer

Comment Icon1

::reseed() should not be a public-facing API (easy to misuse).

::reseed() incorrectly implements SHA_d-256(). (It's missing zero blocks as initial input to the inner invocation of SHA256.) I don't believe this has any real security impact, it's just non-compliant with the spec.

Similarly, Pool incorrectly implements SHA_d-256() in the same way. I don't believe this has any impact on the security properties of Fortuna, it's just non-spec. The implementation I have worked on also has this bug, FWIW.

Both FortunaGenerator::reseed() and Pool::result() must explicitly zero the old hasher/self.state iff self.state = Sha256::new() is a pointer-assignment rather than overwrite-in-place (not sure of Rust semantics, but if it's like Java or C++, this is broken).

reseed and add_random_event() APIs must take mut inputs and cryptoutil::zero() them immediately after use to prevent leakage of RNG state. (I'm making the assumption that cryptoutil::zero cannot be optimized out, like explicit_bzero() in C. If that can be optimized out, well, it needs to be fixed.) If the SeedableRng::from_seed interface requires non-mut seed, a mut copy of seed can be made and passed in to reseed().

Repeating RNG state on fork is a pretty bad failure mode. I get that Rust stdlib does not expose fork, but your library may be used in programs that invoke fork and ideally your library is defensive against that possibility. I'm not super familiar with Rust — is there any way to detect the compilation environment (i.e., POSIX target platform) and register an atfork suicide of some kind (zeroing the generator state, at a minimum)? Some platforms support minherit() with INHERIT_ZERO to automatically zero out sensitive state on fork, although this may be difficult to use in Rust.

It is needlessly inefficient for ::generate_blocks() to recreate a new Aes instance every time it is invoked with the same key. AES key scheduling is slow; you can instead save the key state in the Fortuna object.

Additionally, care must be taken to explicitly zero Encryptor state when it is no longer used (maybe there is a destructor which does this, I did not look).

Similarly, in ::generate_random_data() (depending on Rust's semantics here — not sure if self.key = new_key is a pointer or array copy), one of new_key or the previous key array must be explicitly zeroed.

The assertion in ::generate_random_data() is incorrect in excluding rem bytes of out.len(). Just use out.len() directly.

Fortuna::last_reseed_time being a floating point number is kind of odd and unsuitable for embedded systems use. Not a bug per se just a weird design choice.

The second assertion in ::fill_bytes is redundant, or should be a compile time assertion.

Stylistic: in ::fill_bytes, the 32 in let mut hash = [0; (32 * NUM_POOLS)]; and subsequent computations should be length sizeof(u32) * sha2.STATE_LEN, although ideally the constant would be exported from the sha2 module with a clearer name, like SHA256_DIGEST_LENGTH. No functional difference.

::next_u32 should explicitly zero ret to avoid leaking a generated value.

Versions

Find the latest versions by id

v0.2.36 - May 20, 2016

  • Implement Blake2s
  • Upgrade libc dependency to 0.2
  • Implement Clone + Copy for more structs

v0.2.35 - Apr 04, 2016

  • Improve cross compiling from GCC to msvc.
  • Fix BCrypt algorithm when using a cost of 31.
  • Improve building on OpenBSD.
  • Add implementation of SHA3 digest function.
  • Fix errors in Blake2b that could lead to incorrect output. The Blake2b initialization functions are modified to take parameters by value instead of by reference, which may break users of the interfaces.

Information - Updated Jul 13, 2022

Stars: 1.2K
Forks: 265
Issues: 111

Contest Algorithms in Rust

A collection of classic data structures and algorithms, emphasizing usability, beauty and clarity over full generality

Contest Algorithms in Rust

Linfa unlocks verified machine learning algorithms in Rust

Supports ML & data processing algorithms such as logistic regression, linear regression, vector machines, normalization & vectorization

Linfa unlocks verified machine learning algorithms in Rust

The Algorithms - Rust

All algorithms implemented in Rust (for educational purposes)

The Algorithms - Rust

Classic Algorithms in Rust

This repo contains the implementation of various classic algorithms for

Classic Algorithms in Rust

Exercises with data structures and algorithms in Rust

Currently, the data structure and algorithm implementations are stored in module folders

Exercises with data structures and algorithms in Rust

Rust Algorithms and Data structures

Various algorithms and data structures implemented in Rust

Rust Algorithms and Data structures

Multi-armed bandit algorithms in Rust

The bandit tools application allows you to analyse the stored state file and log file

Multi-armed bandit algorithms in Rust

rust_algorithms_datastructures

This repository contains implementations of a variety of algorithms and datastructures in Rust

rust_algorithms_datastructures

Graph Algorithms in Rust

Interesting algorithms that use a underling graph structure

Graph Algorithms in Rust

algorithms-by-rust

Implementations of basic algorithms by rust

algorithms-by-rust
Facebook Instagram Twitter GitHub Dribbble
Privacy