Crate purecrypto

Expand description

purecrypto — a cryptography toolkit written entirely in Rust, depending on no foreign code.

The crate is built in layers, from the bottom up:

Constant-time primitives (ct) — branchless boolean logic, equality, selection and ordering. Everything secret-dependent rests on this layer.
Hashing, symmetric ciphers, constant-time bignum arithmetic, asymmetric keys (RSA, ECDSA, Ed25519), the post-quantum schemes ML-KEM, ML-DSA and SLH-DSA, ASN.1, X.509, and TLS/DTLS — added on top as the project grows.

purecrypto is usable as a Rust library, a C library, and a standalone command-line tool.

§`no_std`

The crate is #![no_std] at its core. The alloc feature pulls in the alloc crate for heap-backed types, and the std feature (enabled by default, implies alloc) adds the pieces that genuinely need the operating system, such as file I/O, the CLI, and system randomness. Build with --no-default-features for a bare no_std target.

Modules§

bignum: Constant-time big-integer arithmetic.
cipher: Symmetric ciphers.
ct: Constant-time primitives.
der: Minimal ASN.1 DER (Distinguished Encoding Rules) reader and writer.
dtls: DTLS (Datagram TLS) — RFC 6347 (DTLS 1.2) and RFC 9147 (DTLS 1.3).
ec: Elliptic-curve cryptography.
hash: Cryptographic hash functions.
kdf: Key-derivation functions.
mldsa: ML-DSA — the Module-Lattice Digital Signature Algorithm (FIPS 204), the standardized form of Dilithium.
mlkem: ML-KEM — the FIPS 203 module-lattice key-encapsulation mechanism (the standardized form of Kyber), in all three parameter sets:
rng: Random number generation.
rsa: RSA.
signature_registry: Re-exported at the crate root: the signature-algorithm registry that X.509 chain validation and TLS 1.3 CertificateVerify both dispatch through. Gated on the x509 feature (which pulls in the SPKI parsers and the underlying primitives). A registry of digital-signature algorithms, and a whitelist policy controlling which algorithms a verifier accepts.
slhdsa: SLH-DSA — the Stateless Hash-Based Digital Signature Algorithm (FIPS 205), the standardized form of SPHINCS+.
tls: TLS 1.3 (RFC 8446).
x509: X.509 v3 certificates (RFC 5280), built on the der and rsa layers.