Crate purecrypto

Expand description

purecrypto — a cryptography toolkit written entirely in Rust, depending on no foreign code.

The crate is built in layers, from the bottom up:

Constant-time primitives (ct) — branchless boolean logic, equality, selection and ordering. Everything secret-dependent rests on this layer.
Hashing, symmetric ciphers, constant-time bignum arithmetic, asymmetric keys (RSA, ECDSA, Ed25519), the post-quantum schemes ML-KEM, ML-DSA and SLH-DSA, ASN.1, X.509, and TLS/DTLS — added on top as the project grows.

purecrypto is usable as a Rust library, a C library, and a standalone command-line tool.

§`no_std`

The crate is #![no_std] at its core. The alloc feature pulls in the alloc crate for heap-backed types, and the std feature (enabled by default, implies alloc) adds the pieces that genuinely need the operating system, such as file I/O, the CLI, and system randomness. Build with --no-default-features for a bare no_std target.

Modules§

ascon: Ascon lightweight cryptography (NIST SP 800-232).
bignum: Constant-time big-integer arithmetic.
cipher: Symmetric ciphers.
ct: Constant-time primitives.
der: Minimal ASN.1 DER (Distinguished Encoding Rules) reader and writer.
dh: Finite-field Diffie-Hellman over RFC 3526 MODP safe-prime groups, and RFC 4419 group-exchange (caller-supplied custom group).
dtls: DTLS (Datagram TLS) — RFC 6347 (DTLS 1.2) and RFC 9147 (DTLS 1.3).
ec: Elliptic-curve cryptography.
hash: Cryptographic hash functions.
kdf: Key-derivation functions.
lms: LMS / HSS stateful hash-based signatures (RFC 8554, NIST SP 800-208).
mac: Standalone message authentication codes.
mldsa: ML-DSA — the Module-Lattice Digital Signature Algorithm (FIPS 204), the standardized form of Dilithium.
mlkem: ML-KEM — the FIPS 203 module-lattice key-encapsulation mechanism (the standardized form of Kyber), in all three parameter sets:
quic: QUIC v1 (RFC 9000) — transport layer over UDP, secured by TLS 1.3 keys per RFC 9001. Includes RFC 9002 loss recovery + congestion control and RFC 9221 unreliable datagram extension.
rng: Random number generation.
rsa: RSA.
signature_registry: Re-exported at the crate root: the signature-algorithm registry that X.509 chain validation and TLS 1.3 CertificateVerify both dispatch through. Gated on the x509 feature (which pulls in the SPKI parsers and the underlying primitives). A registry of digital-signature algorithms, and a whitelist policy controlling which algorithms a verifier accepts.
slhdsa: SLH-DSA — the Stateless Hash-Based Digital Signature Algorithm (FIPS 205), the standardized form of SPHINCS+.
tls: Transport Layer Security — TLS 1.2 (RFC 5246, AEAD suites per RFC 7905 + Extended Master Secret per RFC 7627), TLS 1.3 (RFC 8446) including session resumption, 0-RTT, and key update — and a unified Config / Connection that also drives DTLS 1.2 / 1.3 (see crate::dtls) and is reused by the QUIC stack (crate::quic) through an internal handshake-seam.
x509: X.509 v3 certificates (RFC 5280), built on the der and rsa layers.
xmss: XMSS / XMSS^MT stateful hash-based signatures (RFC 8391, NIST SP 800-208).