Crate darkbio_crypto

Expand description

§Rust Cryptography Wrappers

This repository is parameter selection and lightweight wrapper around a number of Rust cryptographic libraries. Its purpose isn’t to implement primitives, rather to unify the API surface of existing libraries; limited to the tiny subset needed by the Dark Bio project.

Certificates
- x509 (RFC-5280): xDSA, xHPKE
Digital signatures
- xDSA (RFC-DRAFT): MLDSA, EdDSA, SHA512
  - EdDSA (RFC-8032): Ed25519
  - MLDSA (RFC-DRAFT): Security level 3 (ML-DSA-65)
- RSA (RFC-8017): 2048-bit, SHA256
Encryption
- xHPKE (RFC-9180): X-WING, HKDF, SHA256, ChaCha20, Poly1305
  - X-WING (RFC-DRAFT): MLKEM, ECC
    - ECC (RFC-7748): X25519
    - MLKEM(RFC-DRAFT): Security level 3 (ML-KEM-768)
- STREAM (RFC N/A, Rage): ChaCha20, Poly1305, 16B tag, 64KB chunk
Key derivation
- Argon2 (RFC-9106): id variant
- HKDF (RFC-5869): SHA256
Serialization
- CBOR (RFC-8949): restricted to bool,null, integer, text, bytes, array, map[int], option
- COSE (RFC-8152): COSE_Sign1, COSE_Encrypt0, dark-bio-v1: domain prefix

All functionality is WASM ready.

The entire library is hidden behind feature flags to allow selectively depending on it from the firmware, cloud and mobile app, each cherry-picking only what’s needed. Please consult the docs on how to enable them.

§Siblings

This is a sibling package with the Go github.com/dark-bio/crypto-go; as in, both repositories implement the same feature sets and API surfaces at the same version points. This naturally means PRs merged into one project necessarily have to have a counter-PR in the other project.

§Acknowledgements

Shoutout to Filippo Valsorda (@filosottile) for lots of tips and nudges on what kind of cryptographic primitives to use and how to combine them properly; and also for his work in general on cryptography standards.

Naturally, many thanks to the authors of all the libraries this project depends on.

Modules§

argon2argon2: Argon2id cryptography wrappers and parametrization.
cborcbor: Tiny CBOR encoder and decoder.
cosecose: COSE wrappers for xDSA and xHPKE.
eddsaeddsa: EdDSA cryptography wrappers and parametrization.
hkdfhkdf: HKDF cryptography wrappers and parametrization.
mldsamldsa: ML-DSA cryptography wrappers and parametrization.
pempem: Strict PEM encoding and decoding.
randrand
rsarsa: RSA cryptography wrappers and parametrization.
streamstream: I/O helper structs for age file encryption and decryption.
x509x509: X.509 certificate wrappers and parametrization.
xdsaxdsa: Composite ML-DSA cryptography wrappers and parametrization.
xhpkexhpke: HPKE cryptography wrappers and parametrization.