Expand description
Pure Rust cryptography, hardware-accelerated on ten architectures. no_std first.
rscrypto is a single-crate cryptography stack: hashes, AEADs, MACs, KDFs,
password hashing, signatures, key exchange, and checksums. Enable one leaf
feature for a minimal build (sha2, aes-gcm, ed25519, anything) or
full for the entire primitive set. Zero default dependencies; getrandom,
serde, and rayon are opt-in.
The portable Rust path is the byte-for-byte authority. SIMD and ASM kernels
are accelerators, differential-tested against the portable path on every
release. Three-tier dispatch (compile-time target_feature → runtime
detection → portable fallback) picks the fastest safe backend at runtime;
without std, only the compile-time tier runs.
[dependencies]
rscrypto = { version = "0.5.0", default-features = false, features = ["sha2"] }§Guides
- Repository README: https://github.com/loadingalias/rscrypto#readme
- Runnable examples: https://github.com/loadingalias/rscrypto/tree/main/examples
- Additional docs: https://github.com/loadingalias/rscrypto/tree/main/docs
- Security guidance: https://github.com/loadingalias/rscrypto/blob/main/docs/security.md
§API Shape
- Checksums:
Type::checksum(data)ornew/update/finalize. - Digests:
Type::digest(data)ornew/update/finalize. - XOFs:
Type::xof(data)ornew/update/finalize_xof. - MACs:
Type::mac(key, data)andType::verify_tag(key, data, tag). - AEADs: typed keys and nonces, with combined and detached APIs.
§Quick Start
use rscrypto::{Digest, Sha256};
let digest = Sha256::digest(b"hello world");
let mut h = Sha256::new();
h.update(b"hello ");
h.update(b"world");
assert_eq!(h.finalize(), digest);§AEAD
use rscrypto::{Aead, ChaCha20Poly1305, ChaCha20Poly1305Key};
let key = ChaCha20Poly1305Key::from_bytes([0x11; 32]);
let cipher = ChaCha20Poly1305::new(&key);
let mut sealed = [0u8; 4 + ChaCha20Poly1305::TAG_SIZE];
let nonce = cipher.seal_random(b"aad", b"data", &mut sealed)?;
let mut opened = [0u8; 4];
cipher.decrypt(&nonce, b"aad", &sealed, &mut opened)?;
assert_eq!(&opened, b"data");§Password Hashing
use rscrypto::{Argon2Params, Argon2VerifyPolicy, Argon2id};
let params = Argon2Params::new().build()?;
let encoded = Argon2id::hash_string(¶ms, b"correct horse battery staple")?;
assert!(
Argon2id::verify_string_with_policy(
b"correct horse battery staple",
&encoded,
&Argon2VerifyPolicy::default(),
)
.is_ok()
);§Feature Groups
checksums: CRC families.hashes: SHA-2, SHA-3, BLAKE2, BLAKE3, Ascon, XXH3, RapidHash.auth: MACs, KDFs, password hashing, ECDSA signing/verification, Ed25519, RSA signing/verification/OAEP, X25519.aead: AES-GCM, AES-GCM-SIV, ChaCha20-Poly1305, XChaCha20-Poly1305, AEGIS-256, Ascon-AEAD128.full: all public primitive families.
Leaf features are available for size-conscious builds.
§Security Posture
Constant-time equality and fixed-width verification checks where the input
shape has already reached the primitive boundary. Public structural rejects
such as malformed lengths, unsupported algorithms, or out-of-range RSA
representatives may fail before the full primitive work. Opaque verification
errors leak no failure detail. Zeroize on drop for every secret-bearing
type. strict_* arithmetic on counters and lengths; release builds keep
overflow-checks = true. Continuous libFuzzer with corpus replay in CI;
Miri on the portable backends.
rscrypto is a primitives crate, not a FIPS 140-3 validated module. It
exposes FIPS-aligned primitives (AES-256-GCM, SHA-2, SHA-3 / SHAKE, HMAC,
KMAC, HKDF, PBKDF2) alongside non-FIPS ones. The portable-only feature
makes runtime capability detection report no SIMD/ASM capabilities, so
dispatchers that consult runtime caps fall through to portable backends.
It is a deployment control, not a substitute for release constant-time
evidence. See the security guidance for nonce lifecycle, PHC verification
limits, and platform fallback notes.
Re-exports§
pub use aead::AeadBufferError;aeadpub use aead::OpenError;aeadpub use aead::Aegis256;aegis256pub use aead::Aegis256Key;aegis256pub use aead::Aegis256Tag;aegis256pub use aead::Aes128Gcm;aes-gcmpub use aead::Aes128GcmKey;aes-gcmpub use aead::Aes128GcmTag;aes-gcmpub use aead::Aes128GcmSiv;aes-gcm-sivpub use aead::Aes128GcmSivKey;aes-gcm-sivpub use aead::Aes128GcmSivTag;aes-gcm-sivpub use aead::Aes256Gcm;aes-gcmpub use aead::Aes256GcmKey;aes-gcmpub use aead::Aes256GcmTag;aes-gcmpub use aead::Aes256GcmSiv;aes-gcm-sivpub use aead::Aes256GcmSivKey;aes-gcm-sivpub use aead::Aes256GcmSivTag;aes-gcm-sivpub use aead::AsconAead128;ascon-aeadpub use aead::AsconAead128Key;ascon-aeadpub use aead::AsconAead128Tag;ascon-aeadpub use aead::ChaCha20Poly1305;chacha20poly1305pub use aead::ChaCha20Poly1305Key;chacha20poly1305pub use aead::ChaCha20Poly1305Tag;chacha20poly1305pub use aead::XChaCha20Poly1305;xchacha20poly1305pub use aead::XChaCha20Poly1305Key;xchacha20poly1305pub use aead::XChaCha20Poly1305Tag;xchacha20poly1305pub use auth::EcdsaError;ecdsa-p256orecdsa-p384pub use auth::HkdfOutputLengthError;hkdfpub use auth::Kmac256;kmacpub use auth::PhcError;phc-stringspub use auth::diag_ed25519_select_basepoint_cached_limb_digest;diaganded25519pub use auth::Argon2Error;argon2pub use auth::Argon2Params;argon2pub use auth::Argon2VerifyPolicy;argon2pub use auth::Argon2Version;argon2pub use auth::Argon2d;argon2pub use auth::Argon2i;argon2pub use auth::Argon2id;argon2pub use auth::EcdsaP256Keypair;ecdsa-p256pub use auth::EcdsaP256PublicKey;ecdsa-p256pub use auth::EcdsaP256SecretKey;ecdsa-p256pub use auth::EcdsaP256Signature;ecdsa-p256pub use auth::EcdsaP384Keypair;ecdsa-p384pub use auth::EcdsaP384PublicKey;ecdsa-p384pub use auth::EcdsaP384SecretKey;ecdsa-p384pub use auth::EcdsaP384Signature;ecdsa-p384pub use auth::Ed25519Keypair;ed25519pub use auth::Ed25519PublicKey;ed25519pub use auth::Ed25519SecretKey;ed25519pub use auth::Ed25519Signature;ed25519pub use auth::HkdfSha256;hkdfpub use auth::HkdfSha384;hkdfpub use auth::HmacSha256;hmacpub use auth::HmacSha256Tag;hmacpub use auth::HmacSha384;hmacpub use auth::HmacSha384Tag;hmacpub use auth::HmacSha512;hmacpub use auth::HmacSha512Tag;hmacpub use auth::MlKem512;ml-kempub use auth::MlKem512Ciphertext;ml-kempub use auth::MlKem512DecapsulationKey;ml-kempub use auth::MlKem512EncapsulationKey;ml-kempub use auth::MlKem512PreparedDecapsulationKey;ml-kempub use auth::MlKem512PreparedEncapsulationKey;ml-kempub use auth::MlKem768;ml-kempub use auth::MlKem768Ciphertext;ml-kempub use auth::MlKem768DecapsulationKey;ml-kempub use auth::MlKem768EncapsulationKey;ml-kempub use auth::MlKem768PreparedDecapsulationKey;ml-kempub use auth::MlKem768PreparedEncapsulationKey;ml-kempub use auth::MlKem1024;ml-kempub use auth::MlKem1024Ciphertext;ml-kempub use auth::MlKem1024DecapsulationKey;ml-kempub use auth::MlKem1024EncapsulationKey;ml-kempub use auth::MlKem1024PreparedDecapsulationKey;ml-kempub use auth::MlKem1024PreparedEncapsulationKey;ml-kempub use auth::MlKemError;ml-kempub use auth::Pbkdf2Error;pbkdf2pub use auth::Pbkdf2Params;pbkdf2pub use auth::Pbkdf2Sha256;pbkdf2pub use auth::Pbkdf2Sha512;pbkdf2pub use auth::Pbkdf2VerifyPolicy;pbkdf2pub use auth::RsaEncryptionError;rsapub use auth::RsaKeyError;rsapub use auth::RsaKeyGenerationContract;rsapub use auth::RsaKeyGenerationError;rsapub use auth::RsaOaepProfile;rsapub use auth::RsaPkcs1v15Profile;rsapub use auth::RsaPrivateKey;rsapub use auth::RsaPrivateKeyParts;rsapub use auth::RsaPrivateOpError;rsapub use auth::RsaPrivateScratch;rsapub use auth::RsaProtocolAlgorithmError;rsapub use auth::RsaPssProfile;rsapub use auth::RsaPublicExponent;rsapub use auth::RsaPublicExponentPolicy;rsapub use auth::RsaPublicKey;rsapub use auth::RsaPublicKeyPolicy;rsapub use auth::RsaPublicOpError;rsapub use auth::RsaPublicScratch;rsapub use auth::RsaSignatureProfile;rsapub use auth::RsaTlsSignatureSchemes;rsapub use auth::RsaX509PublicKey;rsapub use auth::RsaX509PublicKeyAlgorithm;rsapub use auth::Scrypt;scryptpub use auth::ScryptError;scryptpub use auth::ScryptParams;scryptpub use auth::ScryptVerifyPolicy;scryptpub use auth::X25519Error;x25519pub use auth::X25519PublicKey;x25519pub use auth::X25519SecretKey;x25519pub use auth::diag_ecdsa_p256_basepoint_blinded_limb_digest;diagandecdsa-p256pub use auth::diag_ecdsa_p256_final_multiply_limb_digest;diagandecdsa-p256pub use auth::diag_ecdsa_p256_nonce_inverse_limb_digest;diagandecdsa-p256pub use auth::diag_ecdsa_p256_nonce_reduce_limb_digest;diagandecdsa-p256pub use auth::diag_ecdsa_p256_order_mul_fixed_r_limb_digest;diagandecdsa-p256pub use auth::diag_ecdsa_p256_reduce_wide_order_limb_digest;diagandecdsa-p256pub use auth::diag_ecdsa_p256_scalar_finish_limb_digest;diagandecdsa-p256pub use auth::diag_ecdsa_p256_select_signing_generator_affine_limb_digest;diagandecdsa-p256pub use auth::diag_ecdsa_p384_basepoint_blinded_limb_digest;diagandecdsa-p384pub use auth::diag_ecdsa_p384_final_multiply_limb_digest;diagandecdsa-p384pub use auth::diag_ecdsa_p384_nonce_inverse_limb_digest;diagandecdsa-p384pub use auth::diag_ecdsa_p384_nonce_reduce_limb_digest;diagandecdsa-p384pub use auth::diag_ecdsa_p384_order_mul_fixed_r_limb_digest;diagandecdsa-p384pub use auth::diag_ecdsa_p384_reduce_wide_order_limb_digest;diagandecdsa-p384pub use auth::diag_ecdsa_p384_scalar_finish_limb_digest;diagandecdsa-p384pub use auth::diag_ecdsa_p384_select_signing_generator_affine_limb_digest;diagandecdsa-p384pub use auth::diag_ed25519_select_basepoint_cached_avx2_limb_digest;x86-64 and diaganded25519pub use auth::diag_ed25519_select_basepoint_cached_ifma_limb_digest;x86-64 and diaganded25519pub use auth::diag_hkdf_sha256_derive_portable;diagandhkdfpub use auth::diag_hkdf_sha384_derive_portable;diagandhkdfpub use auth::diag_hmac_sha256_verify_portable;diagandhmacpub use auth::diag_hmac_sha384_verify_portable;diagandhmacpub use auth::diag_hmac_sha512_verify_portable;diagandhmacpub use auth::diag_mlkem512_keygen_secret_noise_digest;diagandml-kempub use auth::diag_mlkem768_keygen_secret_noise_digest;diagandml-kempub use auth::diag_mlkem1024_keygen_secret_noise_digest;diagandml-kempub use auth::diag_pbkdf2_sha256_verify_portable;diagandpbkdf2pub use auth::diag_pbkdf2_sha512_verify_portable;diagandpbkdf2pub use auth::diag_rsa_private_select_window_power_4;diagandrsapub use checksum::Crc24OpenPgp;crc24pub use checksum::Crc16Ccitt;crc16pub use checksum::Crc16Ibm;crc16pub use checksum::Crc32;crc32pub use checksum::Crc32C;crc32pub use checksum::Crc64;crc64pub use checksum::Crc64Nvme;crc64pub use hashes::crypto::ascon::AsconCxofCustomizationError;ascon-hashpub use hashes::crypto::AsconCxof128;ascon-hashpub use hashes::crypto::AsconCxof128Reader;ascon-hashpub use hashes::crypto::AsconHash256;ascon-hashpub use hashes::crypto::AsconXof;ascon-hashpub use hashes::crypto::AsconXofReader;ascon-hashpub use hashes::crypto::Blake2b;blake2bpub use hashes::crypto::Blake2b256;blake2bpub use hashes::crypto::Blake2b512;blake2bpub use hashes::crypto::Blake2bParams;blake2bpub use hashes::crypto::Blake2s128;blake2spub use hashes::crypto::Blake2s256;blake2spub use hashes::crypto::Blake2sParams;blake2spub use hashes::crypto::Blake3;blake3pub use hashes::crypto::Blake3KeyedHash;blake3pub use hashes::crypto::Blake3XofReader;blake3pub use hashes::crypto::Cshake256;sha3pub use hashes::crypto::Cshake256XofReader;sha3pub use hashes::crypto::Sha3_224;sha3pub use hashes::crypto::Sha3_256;sha3pub use hashes::crypto::Sha3_384;sha3pub use hashes::crypto::Sha3_512;sha3pub use hashes::crypto::Shake128;sha3pub use hashes::crypto::Shake128XofReader;sha3pub use hashes::crypto::Shake256;sha3pub use hashes::crypto::Shake256XofReader;sha3pub use hashes::crypto::Sha224;sha2pub use hashes::crypto::Sha256;sha2pub use hashes::crypto::Sha384;sha2pub use hashes::crypto::Sha512;sha2pub use hashes::crypto::Sha512_256;sha2pub use hashes::fast::RapidBuildHasher;allocandrapidhashpub use hashes::fast::RapidHasher;allocandrapidhashpub use hashes::fast::RapidHash;rapidhashpub use hashes::fast::RapidHash128;rapidhashpub use hashes::fast::RapidHashFast64;rapidhashpub use hashes::fast::RapidHashFast128;rapidhashpub use hashes::fast::Xxh3;xxh3pub use hashes::fast::Xxh3_128;xxh3pub use hashes::fast::Xxh3BuildHasher;allocandxxh3pub use hashes::fast::Xxh3Hasher;allocandxxh3pub use traits::Aead;aegis256oraes-gcm-sivoraes-gcmorascon-aeadorchacha20poly1305orxchacha20poly1305pub use traits::Checksum;pub use traits::ChecksumCombine;pub use traits::ConstantTimeEq;pub use traits::Kem;pub use traits::Mac;pub use traits::VerificationError;pub use traits::ct;pub use traits::Digest;ascon-hashorblake2borblake2sorblake3orrapidhashorsha2orsha3orxxh3pub use traits::FastHash;ascon-hashorblake2borblake2sorblake3orrapidhashorsha2orsha3orxxh3pub use traits::Xof;ascon-hashorblake2borblake2sorblake3orrapidhashorsha2orsha3orxxh3
Modules§
- aead
aegis256oraes-gcm-sivoraes-gcmorascon-aeadorchacha20poly1305orxchacha20poly1305 - Authenticated encryption with associated data foundations.
- auth
argon2orecdsa-p256orecdsa-p384ored25519orhkdforhmacorkmacorml-kemorphc-stringsorrsaorscryptorx25519 - Authentication and key-derivation primitives.
- checksum
crc16orcrc24orcrc32orcrc64 - High-performance CRC checksums.
- hashes
ascon-hashorblake2borblake2sorblake3orrapidhashorsha2orsha3orxxh3 - Cryptographic digests and fast non-cryptographic hashes.
- platform
- CPU detection and capability reporting.
- prelude
- Trait-first imports for rscrypto user code.
- traits
- Core cryptographic traits for rscrypto.
Structs§
- Display
Secret ( aegis256oraes-gcm-sivoraes-gcmorascon-aeadorblake3orchacha20poly1305orecdsa-p256orecdsa-p384ored25519orml-kemorx25519orxchacha20poly1305) and (aegis256oraes-gcm-sivoraes-gcmorascon-aeadorchacha20poly1305orecdsa-p256orecdsa-p384ored25519orml-kemorx25519orxchacha20poly1305) - Explicit opt-in wrapper for displaying secret key bytes as hex.
- Secret
Bytes - Owned secret bytes that zeroize on drop.
Enums§
- Invalid
HexError ( aegis256oraes-gcm-sivoraes-gcmorascon-aeadorblake3orchacha20poly1305orecdsa-p256orecdsa-p384ored25519orml-kemorx25519orxchacha20poly1305) and (aegis256oraes-gcm-sivoraes-gcmorascon-aeadorchacha20poly1305orecdsa-p256orecdsa-p384ored25519orml-kemorx25519orxchacha20poly1305) - Hex decoding error.
Functions§
- diag_
curve25519_ conditional_ swap diagandx25519and (ed25519orx25519)