Rust Support

The leancrypto Rust bindings offer a native Rust API. It allows Rust-native access to all leancrypto algorithms including their accelerations. The leancrypto Rust crate is available at crates.io as well as within the leancrypto source distribution in the subdirectory rust.

The the offered interfaces follow the same concepts as provided with the general C API. Nonetheless, not all C APIs are yet provided via the Rust bindings which is purely due to lack of time. Adding the missing interfaces, however, is straight forward. If a Rust API binding is missing, either please open an issue at Github or provide a patch.

Compile example code

The following steps apply to the rust directory in the leancrypto source directory.

  1. Install leancrypto by either building it from the source code tree or install it via the distribution. The installation must include the development header files.

  2. Build test code: cargo build --release

  3. Execute test code: cargo test --release

  4. Build application example/lc_hash_sha3_512.rs: cargo run --example lc_hash_sha3_512

Develop your own code

The Rust bindings can be obtained from either crates.io or from the leancrypto source distribution in the subdirectory rust.

Use the sample applications in examples/ as well as test code in tests/ as starting point.

The API offered by the Rust bindings is very closely following the general C API. The key differences are:

  • Each API category is wrapped into Rust structs with associated implementation.

  • The general approach is that caller-data must be imported into the struct with different load functions before they can be operated on.

  • Data generated by leancrypto is stored in the struct and can be obtained with different getter functions.

The caller interacts with the API using simple u8 buffers.

RustDoc Documentation

See RustDoc.

Auxiliary Guidance

An excellent introduction into the RUST code development with linkage to a C library is given by Quin Darcy.

Subsections of Rust Support

Rustls Provider

The leancrypto Rustls provider allows the use of a TLS stack with cryptographic primitives that are solely implemented by leancrypto.

TLS Protocol Support

The leancrypto Rustls provider offer the following TLS protocol support:

  • TLS v1.3

  • QUIC

The following cryptographic algorithms are supported:

  • Cipher suites

    • TLS13_AES_256_GCM_SHA384

    • TLS13_AES_128_GCM_SHA256

    • TLS13_CHACHA20_POLY1305_SHA256

  • Supported key establishment in the following order of precedence

    • X25519MLKEM768

    • MLKEM1024

    • MLKEM768

    • X25519 (only provided to ease transition to PQC)

  • Supported signature algorithms

    • ED25519 (only provided to ease transition to PQC)

    • (Support for ML-DSA[87|65|44] is prepared and activated once rustls provides support)

    • (Support for SLH-DSA[128|192|256][f|s] will be added once rustls provides support)

Compile example code

The following steps apply to the rustls directory in the leancrypto source directory.

  1. Install leancrypto by either building it from the source code tree or install it via the distribution. The installation must include the development header files.

  2. Build test code: cargo build --release

  3. Execute test code: cargo test --release

Develop your own code

An example code for using the provider is given in rustls/src/lib.rs.

PKCS#11 Provider

The Kryoptic offers a Rust implementation of a PKCS#11 provider. Leancrypto currently is in the process of providing a crypto backend which implies that leancrypto can be accessed via a PKCS#11 API.

PKCS#11 Protocol Support

The leancrypto support to the Kryoptic PKCS#11 token implementation offer the following algorithm support:

  • PBKDFv2

Testing

  1. clone leancrypto

  2. compile and install the HEAD: meson setup build && meson compile -C build && sudo meson install -C build && sudo ldconfig

  3. clone Kryoptic with leancrypto support

  4. symlink the leancrypto code repository into the root directory of Kryoptic

  5. build/test Kryoptic: cargo test -F leancrypto