The RustCrypto Project has just completed another round of crate releases. We wanted to highlight some of the work we've been doing which has gone into this round of releases.
Our project repos can be found at:
- AEADs: GitHub - RustCrypto/AEADs: Authenticated Encryption with Associated Data Algorithms: high-level encryption ciphers
- Block ciphers: GitHub - RustCrypto/block-ciphers: Collection of block cipher algorithms written in pure Rust
- Stream ciphers: GitHub - RustCrypto/stream-ciphers: Collection of stream cipher algorithms
Some crates to highlight from this release:
aeadv0.4: high-level authenticated encryption support
cipherv0.3: low-level block and stream cipher traits
aesv0.7: Advanced Encryption Standard (low-level crate)
chacha20v0.7: ChaCha20 family of ciphers (low-level crate)
These are the recommended crates to use for end-user encryption applications:
We implement several symmetric cipher crates with SIMD backends, such as
chacha20, along with universal hash function crates like
poly1305. Before, in order to get optimum performance, you used to have to explicitly specify RUSTFLAGS with the correct
-C target-features to activate the performance-oriented backends.
Not anymore: CPU features like AES-NI, AVX2, and CLMUL, are now automatically detected on i686/x86_64 CPUs. This means on these CPUs you should get optimal performance out of the box.
This applies to higher-level AEAD constructions like the
chacha20poly1305 crates as well.
aes crate specifically: previously it served as a facade for the
aes-soft crates. We have since combined all of these crates into the
aes crate and will be retiring the
aes crate will now autodetect AES-NI (and in the future, other CPU-specific instructions) and use it if available, and if it isn't, will fall back to a software implementation.
force-soft feature can be used to always use the software implementation, avoiding CPU-specific instructions.
To force AES-NI all of the time, pass
-C target-features=+aes in the RUSTFLAGS. This will assume AES-NI is always available, and will crash with an invalid instruction if it is disabled.
A common question we get with AEAD ciphers like
chacha20poly1305 is how to securely operate over large plaintexts/ciphertexts, particularly ones too big to process in RAM.
aead v0.4 crate, we have introduced a
stream module which implements the STREAM nonce-based online authenticated encryption protocol designed by Phil Rogaway:
STREAM allows any AEAD cipher to be used in an incremental/streaming manner, with every chunk's integrity verified before it is decrypted. It provably defends against reordering and truncation attacks.
elliptic-curvev0.9: traits for generic programming over elliptic curves
ecdsav0.11: Elliptic Curve Digital Signature Algorithm
bp256v0.1: Brainpool P-256 elliptic curves
bp384v0.1: Brainpool P-384 elliptic curves
k256v0.8: secp256k1 elliptic curve
p256v0.8: NIST P-256 elliptic curve
p384v0.7: NIST P-384 elliptic curve
You will need to enable the
jwk feature of your desired crate to use it.
When enabled, the corresponding
SecretKey type for a given curve (e.g.
p256::SecretKey) will have methods such as:
SecretKey::from_jwk_str: decode a secret key from a string containing a serialized JWK
SecretKey::to_jwk_string: serialize an elliptic curve secret key as a JWK string
Last but not least, we've cut a new release of the
crypto crate, which provides a high-level facade over our other trait crates.