const-crypto 0.3.0

A `#[no_std]` library for `const` sha2/sha3 hashing, ed25519 off-curve point evaluation, and bs58 decoding/encoding with minimal dependencies.
Documentation

const-crypto

A #[no_std] library for const sha2/sha3 hashing, ed25519 off-curve point evaluation, and bs58 decoding/encoding with minimal dependencies.

Features

  • We write a const implementation of Edwards point decompression and use it to provide a const implementation of on/off curve evaluation. This is then used to build a const implementation of Solana's Pubkey::find_program_address. NOTE: this point decompression implementation is not cryptographically safe; it does not use constant time implementations for the internal math operations, as it is not intended to be used with secrets. Do not reuse.
  • Base58 encoding of 32 byte arrays into strings (and vice versa, i.e. decoding). The encoding is taken from fd_bs58, and adapted for const/`#[no_std] with some bug fixes.
  • Full sha2/sha3 hash suites. Re-exports of sha2-const-stable (authored by yours truly) and keccak-const (authored by OffChainLabs)

Usage

The file examples/pda.rs concisely demonstrates all functionality:

use const_crypto::{bs58, ed25519, sha2, sha3};

/// Uses const bs58 to roundtrip (decode + encode) system_program ID
pub const PROGRAM_KEY: [u8; 32] = bs58::decode_pubkey("11111111111111111111111111111111");
pub const PROGRAM_KEY_STR: &'static str = bs58::encode_pubkey(&PROGRAM_KEY).str();
const _: () = assert!(ascii_str_eq(
    PROGRAM_KEY_STR,
    "11111111111111111111111111111111"
));

/// Uses const ed25519 (and thus const sha2 internally)
pub const PROGRAM_DERIVED_ADDRESS: [u8; 32] =
    ed25519::derive_program_address(&[b"seed"], &PROGRAM_KEY).0;

// the address is off curve
const _: () = assert!(!ed25519::crypto_unsafe_is_on_curve(
    &PROGRAM_DERIVED_ADDRESS
));

pub fn main() {
    pub const KECCAK_DEMO: [u8; 32] = sha3::Keccak256::new().update(b"const-keccak").finalize();
    pub const SHA3_256_DEMO: [u8; 32] = sha3::Sha3_256::new().update(b"const-sha3").finalize();
    pub const SHA256_DEMO: [u8; 32] = sha2::Sha256::new().update(b"const-sha2").finalize();

    println!("pda      = {PROGRAM_DERIVED_ADDRESS:?}\n");
    println!("keccak   = {KECCAK_DEMO:?}\n");
    println!("sha3_256 = {SHA3_256_DEMO:?}\n");
    println!("sha256   = {SHA256_DEMO:?}\n");
}

/// A utility function used to show round trip is correct
pub const fn ascii_str_eq(a: &str, b: &str) -> bool {
    assert!(a.len() == b.len());
    assert!(a.is_ascii());
    assert!(b.is_ascii());

    let mut i = 0;
    while i < a.len() {
        assert!(a.as_bytes()[i] == b.as_bytes()[i]);
        i += 1
    }
    true
}