Skip to main content

Rust-backed crypto provider for Swarmauri using Maturin

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_crypto_rust


Swarmauri Crypto Rust

High-performance Rust-backed crypto provider implementing the ICrypto contract via CryptoBase using the ring cryptography library.

  • ChaCha20-Poly1305 authenticated encryption exposed through the async Swarmauri crypto interface
  • Key wrapping helpers that demonstrate envelope creation for multiple recipients
  • Sealed payload helpers that reuse the AEAD primitive for simple sender-to-recipient encryption flows
  • Native Rust performance for the core symmetric operations with Python ergonomics provided via Maturin/PyO3

Features

โœจ Rust-powered AEAD: ChaCha20-Poly1305 encrypt/decrypt is implemented in Rust via the ring crate ๐Ÿ”’ Memory Safe: Rust's memory safety guarantees prevent common crypto vulnerabilities ๐Ÿงฐ Utility Primitives: Helper methods wrap keys and build multi-recipient envelopes on top of the AEAD primitive ๐Ÿ“ฆ Self-Contained: No external C library dependencies are required ๐Ÿ Python Integration: Seamless integration with existing Python crypto workflows

Installation

Pre-built wheels are published for common platforms. The Python facade requires the compiled Rust extension โ€“ if the wheel cannot be loaded the import will raise an ImportError, so be sure to install from PyPI or build the project locally before using RustCrypto.

pip

pip install swarmauri_crypto_rust

Poetry

poetry add swarmauri_crypto_rust

uv

If you manage dependencies with uv, add the package to your project manifest:

uv add swarmauri_crypto_rust

For ad-hoc usage you can also install directly into the current environment:

uv pip install swarmauri_crypto_rust

Building from Source

Requirements:

  • Rust (1.70+)
  • Python (3.10+)
  • Maturin
# Install maturin
pip install maturin

# Build and install in development mode
maturin develop

# Or build a wheel
maturin build --release

Usage

The provider implements the asynchronous ICrypto contract, so you can await the core operations directly from Python. The example below generates a symmetric key, performs an encrypt/decrypt round-trip, and inspects the version metadata published by the Rust backend:

from swarmauri_crypto_rust import RustCrypto
from swarmauri_core.crypto.types import KeyRef, KeyType, KeyUse, ExportPolicy
import asyncio

async def main():
    crypto = RustCrypto()

    # Create a symmetric key
    sym_key = KeyRef(
        kid="sym1",
        version=1,
        type=KeyType.SYMMETRIC,
        uses=(KeyUse.ENCRYPT, KeyUse.DECRYPT),
        export_policy=ExportPolicy.SECRET_WHEN_ALLOWED,
        material=crypto.generate_key(32),  # 32-byte key
    )

    # Encrypt and decrypt
    plaintext = b"Hello, Rust crypto world!"
    ciphertext = await crypto.encrypt(sym_key, plaintext)
    decrypted = await crypto.decrypt(sym_key, ciphertext)

    print(f"Original:  {plaintext}")
    print(f"Decrypted: {decrypted}")
    print(f"Match:     {plaintext == decrypted}")

    # Get version information
    version_info = crypto.get_version_info()
    print(f"Backend:   {version_info['backend']}")
    print(f"Version:   {version_info['rust_crypto_version']}")

asyncio.run(main())

Algorithms Supported

Operation Algorithm Description
Symmetric Encryption ChaCha20-Poly1305 AEAD cipher with 256-bit keys implemented in Rust via ring
Key Wrapping ECDH-ES+A256KW Demonstration helper that pads the DEK instead of performing ECDH
Sealed Boxes X25519-SEAL Simplified helper that serialises AEAD output for recipients

Note: The wrapping, unwrapping, sealing, and multi-recipient helpers are intentionally simple demonstrations. They reuse the ChaCha20-Poly1305 primitive and do not implement authenticated X25519 key exchange. Treat them as examples rather than production-grade cryptography.

Performance

The AEAD primitive is executed inside compiled Rust code, so ChaCha20-Poly1305 operations benefit from the optimisations that ring provides:

  • Native Speed: Compiled Rust code runs at near C-level performance
  • Memory Efficiency: The PyO3 bindings avoid unnecessary copies for common workloads
  • CPU Optimisation: ring enables SIMD and hardware acceleration where available

The helper methods (wrap, unwrap, seal, and encrypt_for_many) are intentionally lightweight Python demonstrations and do not provide additional performance characteristics beyond what the AEAD primitive already offers.

Architecture

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚              Python Layer                   โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”   โ”‚
โ”‚  โ”‚   RustCrypto    โ”‚  โ”‚  swarmauri_core โ”‚   โ”‚
โ”‚  โ”‚    (Bridge)     โ”‚  โ”‚    (Types)      โ”‚   โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜   โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                       โ”‚
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚               Rust Layer                    โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”   โ”‚
โ”‚  โ”‚   PyO3 Bindings โ”‚  โ”‚   ring crypto   โ”‚   โ”‚
โ”‚  โ”‚   (Interface)   โ”‚  โ”‚   (Backend)     โ”‚   โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜   โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

Security

  • Uses the ring cryptography library, which is:

    • Maintained by security experts
    • Used in production by major tech companies
    • Focused on avoiding vulnerable patterns
    • Regularly audited for security issues
  • Memory Safety: Rust prevents buffer overflows, use-after-free, and other memory corruption vulnerabilities common in C crypto libraries

  • Side-Channel Resistance: The ring library implements constant-time operations to prevent timing attacks

โš ๏ธ The helper methods for wrapping, sealing, and envelope creation are illustrative and intentionally omit a full X25519 key agreement. Do not rely on them for production key exchange without hardening the implementation.

Development

Testing

# Run the full test suite from the package root
uv run --directory . --package swarmauri_crypto_rust pytest -v

# Execute only example-backed documentation tests
uv run --directory . --package swarmauri_crypto_rust pytest -m example -v

Building

# Development build
maturin develop

# Release build
maturin build --release

# Build with specific Python version
maturin build --interpreter python3.11

Entry Points

The provider is registered under multiple entry-points:

  • swarmauri.cryptos: RustCrypto
  • peagen.plugins.cryptos: rust

License

Apache-2.0 - See LICENSE for details.

Contributing

Contributions are welcome! Please see CONTRIBUTING.md for guidelines.

Changelog

v0.1.0

  • Initial release with ChaCha20-Poly1305 AEAD
  • Basic X25519 key agreement (simplified)
  • Multi-recipient envelope support
  • Maturin build system integration
  • Comprehensive test suite

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_crypto_rust-0.3.0.dev37.tar.gz (22.3 kB view details)

Uploaded Source

File details

Details for the file swarmauri_crypto_rust-0.3.0.dev37.tar.gz.

File metadata

  • Download URL: swarmauri_crypto_rust-0.3.0.dev37.tar.gz
  • Upload date:
  • Size: 22.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.4 {"installer":{"name":"uv","version":"0.10.4","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_crypto_rust-0.3.0.dev37.tar.gz
Algorithm Hash digest
SHA256 affafb53e81e385901cde9f9cff70f8bb0f47ca583ff2ff16e02e58b96b04a8d
MD5 2d8fdaeffa359e8f4938a699b00394e7
BLAKE2b-256 7502538e3dec1f4715e294b1d50f608b4a119cfa67a1635f4a7ba95eb546ec54

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page