#crypto #cryptography #psa

sys psa-crypto-sys

Wrapper around the PSA Cryptography API

17 unstable releases

0.9.3 Sep 2, 2022
0.9.2 Feb 16, 2022
0.9.1 Nov 30, 2021
0.8.0 Mar 17, 2021
0.3.0 Jul 14, 2020

#358 in Cryptography

Download history 178/week @ 2022-06-12 272/week @ 2022-06-19 290/week @ 2022-06-26 249/week @ 2022-07-03 267/week @ 2022-07-10 301/week @ 2022-07-17 249/week @ 2022-07-24 602/week @ 2022-07-31 198/week @ 2022-08-07 156/week @ 2022-08-14 156/week @ 2022-08-21 134/week @ 2022-08-28 590/week @ 2022-09-04 198/week @ 2022-09-11 111/week @ 2022-09-18 155/week @ 2022-09-25

1,082 downloads per month
Used in 6 crates (via psa-crypto)


128K SLoC

C 99K SLoC // 0.1% comments Shell 12K SLoC // 0.1% comments Visual Studio Project 9K SLoC Python 4.5K SLoC // 0.4% comments Perl 1.5K SLoC // 0.3% comments Visual Studio Solution 704 SLoC Rust 697 SLoC // 0.0% comments C++ 73 SLoC // 0.2% comments Batch 25 SLoC GDB Script 22 SLoC // 0.7% comments TCL 4 SLoC

PSA Cryptography API Rust Wrapper

This is the lower-level wrapper that exposes a minimal low-level C interface to Rust.

Crates.io Code documentation CI tests


This crate exposes an interface for the PSA Crypto API and thus links to libraries that expose this interface. The expected name of the library is derived from the reference implementation of the API - mbedcrypto.

If the library and its headers folder are already installed locally you can specify their location (the full absolute path) using the MBEDTLS_LIB_DIR and MBEDTLS_INCLUDE_DIR environment variables at build time. By default dynamic linking is attempted - if you wish to link statically you can enable the static feature or pass the MBEDCRYPTO_STATIC environment variable, set to any value.

Alternatively, the crate will attempt to build the library from scratch and link against it statically. In this use case enabling the static feature makes no difference and there is no way to allow dynamic linking. The requirements for configuring and building MbedTLS can be found on their repository homepage.

Linking and generating implementation-specific APIs is controlled by the operations feature that is enabled by default. Therefore, if you require only the specification-defined bits of the API (namely the constants and types) you can simply disable default features.

You might want to only use the interface part (including the implementation-defined bits) of this crate to build for example a PSA Secure Element Driver. With the feature interface, this crate will only produce the implementation-defined types and their helpers/accessors using the MBEDTLS_INCLUDE_DIR variable that you need to pass.


The interface and operations features need a C toolchain. When cross-compiling, the appropriate C toolchain will automatically be selected. Compilation will fail if it is not available on your system.

The CI currently tests cross-compilation for the following targets:

  • aarch64-unknown-linux-gnu
  • armv7-unknown-linux-gnueabihf