Expand description
§Apple CryptoKit for Rust
This crate provides Rust bindings to Apple’s CryptoKit, enabling the use of optimized cryptographic algorithms on macOS, iOS, and other Apple platforms.
§Features
- Hash Algorithms: SHA256, SHA384, SHA512, etc.
- Message Authentication Codes: HMAC-SHA256, HMAC-SHA384, etc.
- Symmetric Encryption: AES-GCM, ChaCha20-Poly1305
- Asymmetric Encryption: Elliptic Curve Cryptography (P256, P384, P521, Curve25519)
- Quantum-Safe Algorithms: ML-KEM, X-Wing, ML-DSA (quantum-resistant)
- Key Derivation: HKDF
- Key Management: Symmetric key generation and management
§Examples
§Traditional Cryptography
use apple_cryptokit::hashing::{sha256_hash, SHA256, HashFunction};
use apple_cryptokit::symmetric::aes::{aes_gcm_encrypt, aes_gcm_decrypt};
// Hash computation
let data = b"Hello, World!";
let hash = sha256_hash(data);
// Or use the trait
let hash = SHA256::hash(data);
// Symmetric encryption
let key = b"0123456789abcdef0123456789abcdef"; // 32-byte key
let nonce = b"cdef01234567"; // 12-byte nonce
let plaintext = b"Secret message";
let ciphertext = aes_gcm_encrypt(key, nonce, plaintext)?;
let decrypted = aes_gcm_decrypt(key, nonce, &ciphertext)?;§Quantum-Safe Cryptography
use apple_cryptokit::quantum::{MLKem768, XWingMLKem768X25519, MLDsa65};
use apple_cryptokit::quantum::{KEMPrivateKey, KEMPublicKey, KeyEncapsulationMechanism};
use apple_cryptokit::quantum::{SignaturePrivateKey, SignaturePublicKey, DigitalSignatureAlgorithm};
// ML-KEM768 key encapsulation
let private_key = MLKem768::generate_private_key()?;
let public_key = private_key.public_key();
let (ciphertext, shared_secret) = public_key.encapsulate()?;
let decapsulated_secret = private_key.decapsulate(&ciphertext)?;
assert_eq!(shared_secret, decapsulated_secret);
// X-Wing hybrid KEM (combining ML-KEM768 and X25519)
let xwing_private = XWingMLKem768X25519::generate_private_key()?;
let xwing_public = xwing_private.public_key();
let (xwing_ciphertext, xwing_secret) = xwing_public.encapsulate()?;
let xwing_decapsulated = xwing_private.decapsulate(&xwing_ciphertext)?;
assert_eq!(xwing_secret, xwing_decapsulated);
// ML-DSA65 digital signature
let sign_private = MLDsa65::generate_private_key()?;
let sign_public = sign_private.public_key();
let message = b"Hello, post-quantum world!";
let signature = sign_private.sign(message)?;
let is_valid = sign_public.verify(message, &signature)?;
assert!(is_valid);Re-exports§
pub use error::CryptoKitError;pub use error::Result;pub use hashing::sha1_hash;pub use hashing::sha256_hash;pub use hashing::sha384_hash;pub use hashing::sha512_hash;pub use hashing::HashAlgorithm;pub use hashing::HashBuilder;pub use hashing::HashFunction;pub use hashing::Sha256;pub use hashing::Sha384;pub use hashing::Sha512;pub use hashing::SHA1;pub use hashing::SHA256;pub use hashing::SHA384;pub use hashing::SHA512;pub use authentication::HMAC;pub use authentication::hmac_sha1;pub use authentication::hmac_sha256;pub use authentication::hmac_sha384;pub use authentication::hmac_sha512;pub use symmetric::aes::aes_gcm_decrypt;pub use symmetric::aes::aes_gcm_decrypt_with_aad;pub use symmetric::aes::aes_gcm_encrypt;pub use symmetric::aes::aes_gcm_encrypt_with_aad;pub use symmetric::aes::AESGCMNonce;pub use symmetric::aes::AESKey;pub use symmetric::aes::AESKeySize;pub use symmetric::aes::AesGcm;pub use symmetric::chacha::chacha20poly1305_decrypt;pub use symmetric::chacha::chacha20poly1305_decrypt_with_aad;pub use symmetric::chacha::chacha20poly1305_encrypt;pub use symmetric::chacha::chacha20poly1305_encrypt_with_aad;pub use symmetric::chacha::ChaChaKey;pub use symmetric::chacha::ChaChaPoly;pub use symmetric::chacha::ChaChaPolyNonce;pub use symmetric::AuthenticatedCipher;pub use symmetric::Cipher;pub use key_derivation::hkdf_sha256_derive;pub use key_derivation::hkdf_sha384_derive;pub use key_derivation::hkdf_sha512_derive;pub use key_derivation::KeyDerivationFunction;pub use keys::SymmetricKey;pub use keys::SymmetricKeySize;pub use quantum::DigitalSignatureAlgorithm;pub use quantum::KEMPrivateKey;pub use quantum::KEMPublicKey;pub use quantum::KeyEncapsulationMechanism;pub use quantum::MLDsa65;pub use quantum::MLDsa65PrivateKey;pub use quantum::MLDsa65PublicKey;pub use quantum::MLDsa87;pub use quantum::MLDsa87PrivateKey;pub use quantum::MLDsa87PublicKey;pub use quantum::MLKem1024;pub use quantum::MLKem1024PrivateKey;pub use quantum::MLKem1024PublicKey;pub use quantum::MLKem768;pub use quantum::MLKem768PrivateKey;pub use quantum::MLKem768PublicKey;pub use quantum::QuantumSafe;pub use quantum::SignaturePrivateKey;pub use quantum::SignaturePublicKey;pub use quantum::XWingMLKem768X25519;pub use quantum::XWingMLKem768X25519PrivateKey;pub use quantum::XWingMLKem768X25519PublicKey;
Modules§
- asymmetric
- authentication
- error
- hashing
- key_
derivation - keys
- quantum
- Quantum-Safe Cryptography
- symmetric