Radikant Crypto C

 Encrypt 🔒 Decrypt

Device Screen

Radikant Crypto is a cryptolibrary providing cryptograhpic primivitves such as ECC, Hash and various ciphers and mac’s.  Written in C with no external dependencies.

Introduction

Radikant Crypto is a eductional implementation supporting common primitives. The cryptograhic core is seperated and decoupled. Currently works on arm64 hardware (apple silicon) and in software mode on 64 bit architecture, but can be easliy modified to run on other platforms or architectures aswell.

This library is an infamous example of “don’t roll your own crypto” it is incredibly insecure, its branchy, it leaks memory, information and secrets and is not constant time,  lacks data validating api’s that are hardened against malicious input. Testing against RFC vectors has proven that the library is capable to produce the correct bit output and is further proven as it used as dependency inside Radikant TLS. There is only handfull of situations where it would be acceptable to use this in production. In general i highly recommend against it.

Cryptography is incredibly complex and it's suprisingly easy to get wrong. Don’t use this library for any other purposes other than research unless you are very confident about what you are doing.

Ciphers

Symmetric, Asysmetic, Block and Stream ciphers

cms icon

AES

Advances Encryption Standard for arm64 supporting cbc, ccm, ctr, ecb and gcm modes. 

cms icon

ChaCha20

ChaCha with support for Poly1305 mac. Some arm64 support, by design for software mode.

cms icon

Salsa20

Software only support for Salsa20  stream ciphers.

cms icon

RSA

Bit accurate implementation of RSA for 2048 bit encryption.

cms icon

Kuznyechik

Software only implementation of  from 3th party source.

cms icon

SM4

Software only implementation of  SM4 cipher.

cms icon

TwoFish

Software only implementation of TwoFish cipher from 3th party source.

cms icon

Serpent

Software only implementation of TwoFish.

Example AES gcm 

    uint8_t key[32] = {
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
    };
    uint8_t iv[12] = {
        0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE, 0xDB, 0xAD,
        0xDE, 0xCA, 0xF8, 0x88
    };
    const char *aad_str = "Metadata: Header info";
    const char *pt_str = "Secret Message: The eagle has landed.";
    
    uint8_t *aad = (uint8_t*)aad_str;     uint8_t *pt = (uint8_t*)pt_str;
    size_t aad_len = strlen(aad_str);     size_t pt_len = strlen(pt_str);

    // 3. Prepare Output Buffers
    uint8_t ct[pt_len];
    uint8_t tag[16]; // 128-bit tag
    uint8_t decrypted[pt_len + 1];

    // 4. Initialize AES Context
    aes_context_t ctx;
    aes_key_setup(&ctx, key, sizeof(key));
    aes_gcm_encrypt(&ctx, iv, sizeof(iv), aad, aad_len, pt, pt_len, ct, tag, sizeof(tag));
    int res = aes_gcm_decrypt(&ctx, iv, sizeof(iv), aad, aad_len, ct, pt_len, tag, sizeof(tag), decrypted);
11:05:12 System --- AES-GCM Encryption ---
11:05:12 Plaintext Secret Message: The eagle has landed.
11:05:12 Cipher D9C6C354CF0E6F5623782EBC1C78B31F5948A571BA780D182BFF6C10CDA9099EC334A422EF
11:05:12 Tag 8AA1C657B41B034526775E0CBED5A5DF
11:05:13 System --- AES-GCM Decryption ---
11:05:13 Decrypted Secret Message: The eagle has landed.

Hash

Hashing algorithms

cms icon

BLAKE3

Implementation of Blake3

cms icon

Keccak

Keccak that powers SHA3

cms icon

Md5

Basic MD5 implementation

cms icon

SM3

Chinese Hash

cms icon

SHA1

SHA1 software implementation.

cms icon

SHA2

SHA2 software implementation.

cms icon

SHA3

SHA3 software implementation.

cms icon

SHAKE

SHAKE software implementation

Example shake 

	int main() {
	    printf("\n--- SHAKE256 Example ---\n");
	    const char *shake_input = "Seychelles and Bonaire have beautiful beaches.";
	    uint8_t shake_output[64]; // 512 bits output
	    
	    shake256(shake_output, sizeof(shake_output), shake_input, strlen(shake_input));
	    printf("Input: %s\n", shake_input);
	    print_hex("SHAKE256 Output (64 bytes)", shake_output, sizeof(shake_output));
	    return 0;
	}
07:45:12 System --- SHAKE256 XOF Hashing ---
07:45:12 Input Seychelles has beautiful beaches.
07:45:12 Params Length: 64 bytes (512 bits)
07:45:13 Hash B3A073A5658357FFCE7F5C2DF42D778642A90FF194DB1E2EEEF19BD433C59199AF608704BAC673CDF9A4422A57DEEDCBF2B9AF2753762FE8B7589B0A938DF07E

ECC

Eliptic curve cryptography

cms icon

P224

NIST secp224r1

cms icon

P256

NIST secp256r1

cms icon

P384

NIST secp384r1

cms icon

P521

NIST secp521r1

cms icon

Curve25519

Software Implementation of DJB curve

cms icon

ED/X25519

ECDH & EdDSA for Curve 25519

cms icon

Curve448

Software Implementation of MH Curve

cms icon

ED/X448

ECDH & EdDSA for Curve 448

Example secp381r1 

    uint8_t private_key[48];
    uint8_t public_key[96];
    uint8_t signature[96];
    uint8_t msg_hash[48];
    p384_generate_random(msg_hash, sizeof(msg_hash));
    p384_gen_keypair(private_key, public_key)
    p384_ecdsa_sign(signature, private_key, msg_hash, sizeof(msg_hash)
    p384_ecdsa_verify(signature, public_key, msg_hash, sizeof(msg_hash)
10:04:12 System --- P-384 Minimal Example ---
10:04:12 ECDSA Keypair generated.
10:04:12 Private 7ec46c166d556bd65f4f20955a53293e2cdc4788813f6045f61c18fb4d562fc7ab5d0d53a0a9c6e2b8d9bdf124077015
10:04:12 Public 234ccf2e85387e087d5e87b20f0001292ceca6c3aa983a9d05783386baa0c442deb61a6d018713b14d403146a34fdf478d0226917626b316de9997b6de19de5d2a9c8163e41187804e47c556c5bfdfe6ab300deac35fa7f72f88d32b18a51a5b
10:04:13 Sign Signature created.
10:04:13 Hash 081ae5c1da33e90284964b11b42b5965224ab781f1226c63a343fce98ec06d7000300f0445294b5616a2d7090cde6a4d
10:04:13 Verify Signature verified.

MAC

Message Authentication Code

cms icon

GHASH

achieved 2x improvcement over openSSL using Kurdi  & Möller 2025 paper on arm64.

cms icon

HMAC

Support for SHA1, SHA2-256, SHA2-384, SHA2-512, 

cms icon

POLY

Software implementation of Poly1305 only.

cms icon

VMAC

Fast software implementation of VMAC.

Example HMAC-SHA512 

	int main()
	{
	    const char *key = "secret-key";
	    const char *msg = "Hello, world!";
	    uint8_t mac[SHA512_DIGEST_SIZE];
	    hmac_sha512(key, strlen(key), msg, strlen(msg), mac);
	    return 0;
	}
12:45:01 Module --- HMAC-SHA512 Example ---
12:45:01 Secret Key: secret-key
12:45:01 Input Msg: Hello, world!
12:45:02 Output HMAC: 748647ebeeeaebede1f627e0137c314c58f387e52f4336581c749dcd34888f60c790c8e1669493dd171aaf898c7e68ffebb774d06e60ef30c3ab482eafe984f2
Ghash performance : Kurdi  & Möller November 2025
BENCH Config GHASH | Buffer: 256 MB | Iterations: 200 | Total: 50.00 GB
14:20:01 Radikant Time: 3.6511s | Throughput: 13.69 GB/s
14:20:05 OpenSSL Time: 6.7905s | Throughput: 7.36 GB/s

KDF

Key Derivation Functions

cms icon

Argon2

Argon2 with Blake2

cms icon

HKDF

HMAC-based Extract-and-Expand Key Derivation Function

cms icon

PBKDF2

Password-Based Key Derivation Function 2

cms icon

SCRYPT

Scrypt

Example PBKDF2 

	int main()
	{
	    const char *password = "password";
	    const uint8_t salt[] = { 0x12, 0x34, 0x56, 0x78 };
	    uint32_t iterations = 4096;
	    uint8_t dk[64];
	
	    printf("--- PBKDF2-HMAC-SHA512 Example ---\n");
	    pbkdf2_hmac_sha512((const uint8_t*)password, strlen(password),
	                       salt, sizeof(salt),
	                       iterations, dk, sizeof(dk));
	
	    printf("Password: %s\n", password);
	    print_hex("Salt", salt, sizeof(salt));
	    printf("Iterations: %d\n", iterations);
	    print_hex("Derived Key", dk, sizeof(dk));
	    return 0;
	}
14:20:10 Config --- PBKDF2-HMAC-SHA512 Example ---
14:20:10 Secret Password: password
14:20:10 Params Salt: 12345678 | Iterations: 4096
14:20:11 Derived 33320e9d66500d5b6021d717da567732f323a8775b39fcef4f83f75fe34441592b72c82cb97068ad5a6b72a71b0487d8bcaab379962c165c8e795bce83c6d435

Testing

In order to test the bit output of this library the build can produce seperate testing binaries specific for testing against rfc vectors. Since alot of cryptographic primitives are build ontop of eachother a very simple and rudimentary test setup is used for regression testing. Radikant probe is utilized for  quick testing and Radikant Log for logging. The most commonly used primitives are now tested, but quite a few ciphers like SM2, Grashopper and many more havent been fully tested on correct output, but appear functional at first glance. One of the first next great improvements would be to focus on memory and constant time for  major primitives. 

Radikant Probe Output 

 FINAL SUMMARY REPORT | Radikant ECC X25519 Suite | RFC 7748                    
|------------------------------------------------------------------------------|
| S | M | Ψ | ID   | Status | Name                           | Standard        |
|---+---+---+------+--------+--------------------------------+-----------------|
|  |  |  | 0    | PASS   | test_arithmetic_fuzz           | Arithmetic Fuzz |
|  |  |  | 1    | PASS   | test_rfc7748_vectors           | RFC 7748 Vector |
|  |  |  | 2    | PASS   | test_properties                | Properties      |
|  |  |  | 3    | PASS   | test_edge_cases                | Edge Cases      |
|  |  |  | 4    | PASS   | test_clamping_safety           | Clamping Safety |
|  |  |  | 5    | PASS   | test_monte_carlo_1k            | Monte Carlo 1k  |
|  |  |  | 6    | PASS   | test_monte_carlo_1m            | Monte Carlo 1M  |
================================================================================
 SUMMARY: 7 Tests Run | 7 Passed | 0 Failed
================================================================================