RustCrypto Release Announcements
source link: https://users.rust-lang.org/t/rustcrypto-release-announcements/59149/4
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
The RustCrypto Project 134 has just completed another round of crate releases. We wanted to highlight some of the work we've been doing which has gone into this round of releases.
Symmetric Ciphers
Our project repos can be found at:
Release highlights
Some crates to highlight from this release:
Traits
-
aead
43 v0.4: high-level authenticated encryption support -
cipher
10 v0.3: low-level block and stream cipher traits
Ciphers
-
aes
23 v0.7: Advanced Encryption Standard (low-level crate) -
chacha20
7 v0.7: ChaCha20 family of ciphers (low-level crate)
AEADs
These are the recommended crates to use for end-user encryption applications:
CPU feature detection
We implement several symmetric cipher crates with SIMD backends, such as aes
and chacha20
, along with universal hash function crates like ghash
, polyval
, and poly1305
. Before, in order to get optimum performance, you used to have to explicitly specify RUSTFLAGS with the correct -C target-features
to activate the performance-oriented backends.
Not anymore: CPU features like AES-NI, AVX2, and CLMUL, are now automatically detected on i686/x86_64 CPUs. This means on these CPUs you should get optimal performance out of the box.
This applies to higher-level AEAD constructions like the aes-gcm
and chacha20poly1305
crates as well.
Unified aes
crate
Regarding the aes
crate specifically: previously it served as a facade for the aesni
and aes-soft
crates. We have since combined all of these crates into the aes
crate and will be retiring the aesni
and aes-soft
crates.
The aes
crate will now autodetect AES-NI (and in the future, other CPU-specific instructions) and use it if available, and if it isn't, will fall back to a software implementation.
The force-soft
feature can be used to always use the software implementation, avoiding CPU-specific instructions.
To force AES-NI all of the time, pass -C target-features=+aes
in the RUSTFLAGS. This will assume AES-NI is always available, and will crash with an invalid instruction if it is disabled.
AEAD streaming
A common question we get with AEAD ciphers like aes-gcm
and chacha20poly1305
is how to securely operate over large plaintexts/ciphertexts, particularly ones too big to process in RAM.
In the aead
v0.4 crate, we have introduced a stream
module which implements the STREAM nonce-based online authenticated encryption 15 protocol designed by Phil Rogaway:
https://docs.rs/aead/latest/aead/stream/ 13
STREAM allows any AEAD cipher to be used in an incremental/streaming manner, with every chunk's integrity verified before it is decrypted. It provably defends against reordering and truncation attacks.
Elliptic Curves
See the project repo at: GitHub - RustCrypto/elliptic-curves: Collection of pure Rust elliptic curve implementations (e.g. P-256, P-384, secp256k1) 8
Release highlights
-
elliptic-curve
12 v0.9: traits for generic programming over elliptic curves -
ecdsa
5 v0.11: Elliptic Curve Digital Signature Algorithm
Curves
-
bp256
3 v0.1: Brainpool P-256 elliptic curves -
bp384
2 v0.1: Brainpool P-384 elliptic curves -
k256
5 v0.8: secp256k1 elliptic curve -
p256
4 v0.8: NIST P-256 elliptic curve -
p384
1 v0.7: NIST P-384 elliptic curve
JWK Support
The elliptic-curve
crate now natively implements JSON Web Keys (JWKs) 12 in the form of the elliptic_curve::JwkEcKey
2 type.
You will need to enable the jwk
feature of your desired crate to use it.
When enabled, the corresponding SecretKey
type for a given curve (e.g. p256::SecretKey
) will have methods such as:
-
SecretKey::from_jwk_str
1: decode a secret key from a string containing a serialized JWK -
SecretKey::to_jwk_string
1: serialize an elliptic curve secret key as a JWK string
crypto
crate v0.2
Last but not least, we've cut a new release of the crypto
crate 61, which provides a high-level facade over our other trait crates.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK