Crate ssb_crypto[−][src]
Expand description
This crate provides the cryptographic functionality needed to implement the Secure Scuttlebutt networking protocols and content signing and encryption.
There are two implementations of the crypto operations available; one that uses libsodium C library (via the sodiumoxide crate), and a pure-rust implementation that uses dalek and RustCrypto crates (which is the default). You can select which implementation to use via Cargo.toml feature flags (see below).
Features
If you only need the struct definitions and basic operations, disable default features, and (optionally) enable b64.
[dependencies.ssb-crypto] version = "0.2" default_features = false features = ["b64"]
dalek
On by default. Use the dalek/RustCrypto implementation of the crypto operations.
The crypto functionality is exposed via convenient methods, eg Keypair::sign and
PublicKey::verify. If neither dalek nor sodium features are enabled,
these methods won’t be available.
rand
On by default. Provide functions to generate keys and nonces with user-specified
cryptographically-secure random number generator (Eg. Nonce::generate_with_rng).
These functions can be used in no_std environments that aren’t supported by getrandom.
Enabled if dalek is enabled.
getrandom
On by default. Provide functions to generate keys and nonces using the OS-provided
cryptographically-secure random number generator (via the getrandom crate).
For environments that aren’t supported by getrandom, disable this feature and
use the generate_with_rng() functions instead.
b64
On by default. Enable from_base64 functions for Keypair, PublicKey, Signature, Hash, and NetworkKey.
Also enabled by alloc.
alloc
On by default. Enable as_base64() -> String functions for Keypair, PublicKey, Signature, and Hash.
sodium
Use the libsodium/sodiumoxide implementation of the crypto operations.
If the sodium and dalek features are both enabled, struct methods (eg. Keypair::sign)
will use the dalek implementation. Note that this can happen if multiple dependencies
use ssb-crypto, some preferring sodium, and others preferring dalek.
To force the methods to use the sodium implementation, enable the force_sodium feature.
WARNING: if you use the sodium implementation, you must call ssb_crypto::sodium::init(). If you don’t, libsodium’s random-number generation and key-generation functions are not thread-safe.
[dependencies.ssb-crypto] version = "0.2" default_features = false features = ["sodium", "b64"]
sodium_module
Enable the sodium module, which contains standalone functions
for all the crypto operations, implemented using libsodium/sodiumoxide.
This is mostly useful for testing; eg. cargo test --features sodium_module
will test the dalek and sodium implementations for compatibility.
Note that the sodium and dalek modules are hidden from the docs; you’ll have
to look at the code if you want to use them directly.
no_std support
To build for an embedded (aka no_std) environment, disable default features,
enable dalek and optionally b64.
For example:
cargo build --no-default-features --features dalek,b64 --target thumbv7em-none-eabihf
Modules
Ephemeral (curve25519) keys and operations for deriving shared secrets via Elliptic-curve Diffie–Hellman
Secret (encrypted) “boxes” of data. (libsodium’s secretbox, aka xsalsa20poly1305)
crypto util(s). Just memzero for now.
Structs
A sha256 hash digest. The standard hash in the scuttleverse.
A public/secret long-term key pair.
An authentication code, produced by NetworkKey::authenticate
and verified by NetworkKey::verify.
The network key, or network identifier, used during the secret handshake to prove that both parties are participating in the same ssb network.
The public half of a Keypair.
The secret half of a Keypair.
A cryptographic signature of some content, generated by Keypair::sign
and verified by PublicKey::verify.
Traits
Types which are safe to treat as an immutable byte slice.
Types for which any byte pattern is valid.
Functions
Generate a sha256 hash digest from the given byte slice.