Highly modular & configurable hash & crypto library

Overview

Octavo

Join the chat at https://gitter.im/libOctavo/octavo

Crates.io License Build Status Coverage Status GetBadges Game Gratipay

Octavo

Highly modular & configurable hash & crypto library written in pure Rust.

Installation

[dependencies]
octavo = { git = "https://github.com/libOctavo/octavo" }

WARNING!!! Octavo is in very early stage of development. There is a hell lot of issues and vulnerabilities to enormous kind of attacks! Do not use it in production code (yet)!

Contributing

You can help with this project in 3 ways:

  1. Help me code this up! Just fork, create branch, code & pull-request. Yay!
  2. Audit code or use it. If you find a bug just file an issue, it also is a great help.
  3. Support us at Gratipay.

Full disclosure

If you find security bugs, contact me via mail [email protected] using my PGP key.

Licence

Check LICENSE file.

Comments
  • overflowing_add has been depreciated.

    overflowing_add has been depreciated.

    This fixes the issue that overflow_add was removed. That broke the Blake2.rs module in the Octavo-Digest module.

    Also have you considered breaking these into separate git repos?

    opened by ghost 8
  • Add SHA-512/224 and SHA-512/256 hash functions

    Add SHA-512/224 and SHA-512/256 hash functions

    SHA2-512/224 and SHA-512/256 implemented, using existing macros for sha2 functions. However, SHA2-512/224 has 224 bits, and that is not a multiple of 64. Thus, write_u64() used for writing state to resulting out slice cannot be used directly (as it would copy 4 bytes to few to out, or 4 to many).

    Because of that a proxy struct _Sha512_224 which outputs 256 bits is created, and its methods are simply called by proper Sha512_224 struct. In the result() method a new vec, res is created, result is written to it, and then 28 first bytes are copied to out using a simple for loop.

    SHA2-512/256 is implemented with just impl_sha!(high Sha512_256, SHA512_256_INIT, 256).

    It closes #47.

    opened by silmeth 8
  • Use safe initialization in fn hex_result()

    Use safe initialization in fn hex_result()

    Use safe initialization in fn hex_result()

    fn hex_result would pass a slice of uninitialized data to Digest::result and MAC::result respectively.

    Instead use vec![0; size] to produce a properly zero-initialized vector instead.

    Motivation:

    • Properly initializing buffers is good practice for crypto libraries
    • Using unintialized buffers mean you have to audit all users (all fn result implementors).
    • Using uninitialized buffers make the traits unsafe! Safe code gets acess to uninit data, which produces UB in safe rust.
    • vec![0; size] compiles to good code (it will use memset).
    opened by bluss 8
  • Revise Octavo `digest` structure

    Revise Octavo `digest` structure

    Currently I found that using octavo::digest is quite verbose, ex.:

    use octavo::digest::Digest;
    use octavo::digest::sha1::Sha1;
    

    I am thinking about making all modules private and reexport hash functions as all of them currently has unique names (some ugly as Sha3224). But I am not so sure about it. What you guys think?

    There are 3 options:

    • left as is
    • privatize and reexport
    • left as is and simplify Sha3XXX names to ShaXXX (possible name collisions between octavo::digest::sha2 and octavo::digest::sha3).
    M-digest A-docs A-API discussion 
    opened by hauleth 6
  • Move tests to separate folder

    Move tests to separate folder

    This will help with maintaining and reviewing tests.

    TODO:

    • [x] Move digest tests
    • [x] Move crypto::asymmetric tests
    • [x] Move crypto::block tests
    • [x] Move crypto::stream tests
    • [ ] Use external files to describe tests in human readable form (YAML or custom format)
    opened by hauleth 5
  • Improve locality of SHA-1 implementation

    Improve locality of SHA-1 implementation

    Before:

    test sha1::_1024_block_size            ... bench:       4,008 ns/iter (+/- 14) = 255 MB/s
    test sha1::_16_block_size              ... bench:          76 ns/iter (+/- 9) = 210 MB/s
    test sha1::_256_block_size             ... bench:       1,019 ns/iter (+/- 4) = 251 MB/s
    test sha1::_64_block_size              ... bench:         262 ns/iter (+/- 1) = 244 MB/s
    test sha1::_8192_block_size            ... bench:      31,975 ns/iter (+/- 123) = 256 MB/s
    

    After:

    test sha1::_1024_block_size            ... bench:       3,241 ns/iter (+/- 2,351) = 315 MB/s
    test sha1::_16_block_size              ... bench:          60 ns/iter (+/- 43) = 266 MB/s
    test sha1::_256_block_size             ... bench:         820 ns/iter (+/- 8) = 312 MB/s
    test sha1::_64_block_size              ... bench:         214 ns/iter (+/- 3) = 299 MB/s
    test sha1::_8192_block_size            ... bench:      25,816 ns/iter (+/- 5,956) = 317 MB/s
    
    opened by hauleth 4
  • refactor(digest::ripemd): Unwrap loop

    refactor(digest::ripemd): Unwrap loop

    Old:

    digest::ripemd::_100x_block_size  102,215 ns/iter (+/- 268,471) =  62 MB/s
    digest::ripemd::_10x_block_size    10,199 ns/iter (+/- 34,334)  =  62 MB/s
    digest::ripemd::_1x_block_size      1,024 ns/iter (+/- 1,477)   =  62 MB/s
    

    New:

    digest::ripemd::_100x_block_size   34,825 ns/iter (+/- 162)     = 183 MB/s
    digest::ripemd::_10x_block_size     3,485 ns/iter (+/- 50)      = 183 MB/s
    digest::ripemd::_1x_block_size        351 ns/iter (+/- 7)       = 182 MB/s
    
    opened by hauleth 4
  • refactor(digest:sha3): optimizing sha3 implementation

    refactor(digest:sha3): optimizing sha3 implementation

    inlining/unrolling message scheduling and compression function

    SHA3 Performance:

    • Intel Xeon E5-1650 v3 (Haswell): sha3-256: 108 MB/s => 299 MB/s sha3-512: 57 MB/s => 162 MB/s
    • AMD A10-7850K (Kaveri): sha3-256: 87 MB/s => 206 MB/s sha3-512: 48 MB/s => 110 MB/s
    opened by kazuki 4
  • Diffie-Hellman implementation

    Diffie-Hellman implementation

    This is an implementation of the Diffie-Hellman exchange algorithm. I have a PR with the same implementation with small changes to DaGenix/rust-crypto#379. I would appreciate any feedback.

    opened by palaviv 3
  • refactor(digest:sha2): optimizing sha2 implementation

    refactor(digest:sha2): optimizing sha2 implementation

    inlining/unrolling message scheduling and compression function

    • Intel Xeon E5-1650 v3 (Haswell, 64bit Linux): sha256: 190 MB/s => 190 MB/s sha512: 282 MB/s => 354 MB/s
    • AMD A10-7850K (Kaveri, 64bit Linux): sha256: 120 MB/s => 151 MB/s sha512: 182 MB/s => 244 MB/s
    opened by kazuki 3
  • error[E0658]: use of unstable library feature 'wrapping_int_impl' (see issue #32463)

    error[E0658]: use of unstable library feature 'wrapping_int_impl' (see issue #32463)

    Context: redox-os error[E0658]: use of unstable library feature 'wrapping_int_impl' (see issue #32463) Solution: add #![feature(wrapping_int_impl)] to the crate attributes to enable to digest/src/lib.rs

    opened by fabiao 0
  • Constant Time Story

    Constant Time Story

    Currently Octavo seems to pay very little attention to resisting side-channel attacks (see e.g. the use of data-dependent array indices in blowfish and the use of noncryptographic big integers in RSA). While this isn't critical for some cryptographic settings, many applications (e.g. TLS) can easily be broken by timing attacks. Octavo should probably decide what its plan is.

    M-crypto A-security A-implementation P-high C-timing-attacks K-hard 
    opened by gereeter 1
A modern, portable, easy to use crypto library.

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, i

Frank Denis 10.7k Jan 3, 2023
Rust FFI bindings for StarkWare's crypto-cpp library

starkware-crypto-rs Rust FFI bindings for StarkWare's crypto-cpp library Note that currently target x86_64-pc-windows-msvc is not supported. If you're

Jonathan LEI 11 Aug 22, 2022
The parser library to parse messages from crypto-crawler.

crypto-msg-parser The parser library to parse messages from crypto-crawler. Architecture crypto-msg-parser is the parser library to parse messages fro

null 5 Jan 2, 2023
Cross-chain hub for Crypto Asset on Polkadot

ChainX ChainX is a community-driven project built on the next-generation blockchain framework substrate, the largest Layer-2 network of Bitcoin using

ChainX 261 Dec 28, 2022
Safe, fast, small crypto using Rust

THE SOFTWARE IS PROVIDED "AS IS" AND BRIAN SMITH AND THE AUTHORS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES

Brian Smith 3k Jan 2, 2023
Usable, easy and safe pure-Rust crypto

orion About Orion is a cryptography library written in pure Rust. It aims to provide easy and usable crypto while trying to minimize the use of unsafe

Johannes 476 Dec 22, 2022
A young, simple and naive file crypto lib based on AES.

naive-file-crypto A young, simple and naive file crypto lib based on AES. The MAC implementation is not standard GCM, so it may be vulnerable. All cpu

DF_XYZ 1 Jan 16, 2022
Crypto in, power out

Cipo Crypto in, power out Cipo makes it easy to let users pay for electricity for their camper-van, electric cars, boat, caravan and other high load c

Jonny Heggheim 9 Dec 9, 2022
Usable, easy and safe pure-Rust crypto

orion About Orion is a cryptography library written in pure Rust. It aims to provide easy and usable crypto while trying to minimize the use of unsafe

Orion - Rust cryptography library 477 Dec 29, 2022
A boringssl-based rustls crypto provider

boring-rustls-provider This is supposed to be the start to a boringssl-based rustls crypto provider. Status This is just a dump of me figuring out how

Jan 5 Nov 28, 2023
Convenience crate for verifying crypto-signed messages

signature-verifier This crate provide an easy way to verify Solana and Ethereum wallet-signed messages. Installation Add the crate to your Cargo.toml

Tim Plotnikov 3 Apr 2, 2024
An implementation of the paper "Honey Badger of BFT Protocols" in Rust. This is a modular library of consensus.

Honey Badger Byzantine Fault Tolerant (BFT) consensus algorithm Welcome to a Rust library of the Honey Badger Byzantine Fault Tolerant (BFT) consensus

null 335 Dec 25, 2022
Collection of cryptographic hash functions written in pure Rust

RustCrypto: hashes Collection of cryptographic hash functions written in pure Rust. All algorithms reside in the separate crates and implemented using

Rust Crypto 1.2k Jan 8, 2023
A rust binding for nodejs to generate md5 hash value

Hasher A rust binding for creating node module to generate md5 hash value This project was bootstrapped by create-neon. Installing hasher Installing h

Md. Al-Amin 0 Nov 7, 2021
Reference implementation for the Poseidon Snark-friendly Hash algorithm.

Dusk-Poseidon Reference implementation for the Poseidon Hashing algorithm. Reference Starkad and Poseidon: New Hash Functions for Zero Knowledge Proof

Dusk Network 96 Jan 2, 2023
the official Rust and C implementations of the BLAKE3 cryptographic hash function

BLAKE3 is a cryptographic hash function that is: Much faster than MD5, SHA-1, SHA-2, SHA-3, and BLAKE2. Secure, unlike MD5 and SHA-1. And secure again

BLAKE3 team 3.7k Jan 6, 2023
paq files to hash.

paq paq files to hash. Hash a single file or all files in directory recursively. Installation Requires cargo. Run cargo install paq. Usage Run paq [sr

gregory langlais 3 Oct 10, 2022
Fastmurmur3 - Fast non-cryptographic hash, with the benchmarks to prove it.

Fastmurmur3 Murmur3 is a fast, non-cryptographic hash function. fastmurmur3 is, in my testing, the fastest implementation of Murmur3. Usage let bytes:

Kurt Wolf 13 Dec 2, 2022
An implementation of Jakobsson's Fractal Hash Sequence Traversal algorithm

fractal-hash-traversal An implementation of Jakobsson's Fractal Hash Sequence Traversal algorithm. There is at least one hash traversal algorithm that

Dan Cline 1 Jan 12, 2022