#holochain #holo #nacl #libsodium #cryptography

sodoken

libsodium wrapper providing tokio safe memory secure api access

23 releases

0.0.1 Oct 22, 2021
0.0.1-alpha.22 Oct 5, 2021
0.0.1-alpha.21 Sep 30, 2021
0.0.1-alpha.11 Aug 27, 2021
0.0.1-alpha.2 Dec 18, 2020

#11 in #nacl

Download history 238/week @ 2021-08-10 303/week @ 2021-08-17 361/week @ 2021-08-24 292/week @ 2021-08-31 532/week @ 2021-09-07 642/week @ 2021-09-14 1154/week @ 2021-09-21 1134/week @ 2021-09-28 815/week @ 2021-10-05 708/week @ 2021-10-12 523/week @ 2021-10-19 551/week @ 2021-10-26 652/week @ 2021-11-02 457/week @ 2021-11-09 398/week @ 2021-11-16 174/week @ 2021-11-23

1,740 downloads per month
Used in 24 crates (4 directly)

Apache-2.0

185KB
4K SLoC

Crates.io Crates.io

sodoken

lib SOdium + haDOKEN = SODOKEN!

libsodium wrapper providing tokio safe memory secure api access.

This crate-level documentation mainly describes how to work with the sodoken buffer types. Please see the individual module-level documentation for usage examples and descriptions of individual crypto functions.

Sodoken Buffers

Sodoken buffers provide implementors with the ability to optionally use secured memory (mlock + mprotect) to mitigate some secret exposure channels like disk swapping. Buffers created with new_mem_locked are secured, buffers created with new_no_lock are not.

Please note that on most systems, locked memory is a finite resource, so you should use it for private keys, but not everything.

All buffers are shallow-cloned by default, so buf.clone() or any of the buf.to_*() apis will give you a reference to the same buffer. You can deep clone the buffers with the buf.deep_clone_mem_locked() or buf.deep_clone_no_lock() apis.

In general, the steps for working with sodoken apis are:

  • create a writable buffer
  • shallow clone that buffer into an api
  • translate that buffer into a read-only version for future use
Buffer Example
// create a writable buffer
let salt: sodoken::BufWriteSized<{ sodoken::hash::argon2id::SALTBYTES }> =
    sodoken::BufWriteSized::new_no_lock();

// shallow clone that buffer into an api
sodoken::random::bytes_buf(salt.clone()).await.unwrap();

// translate that buffer into a read-only version for future use
let salt = salt.to_read_sized();

Dependencies

~8.5MB
~112K SLoC

!sa