Thanks to visit codestin.com
Credit goes to lib.rs

Lib.rs

Cryptography
#hash #verification #checksum #checksum-verification

pulith-verify

Content verification primitives for downloaded artifacts

Owned by lvyuemeng.

2 unstable releases

Uses new Rust 2024

0.2.0 Apr 12, 2026
0.1.0 Apr 10, 2026

#1979 in Cryptography


Used in 4 crates (via pulith-fetch)

Apache-2.0

16KB
267 lines

Content verification primitives for downloaded artifacts.

Zero-copy streaming verification for downloaded artifacts, ensuring integrity without additional memory overhead.

Design Principles

  • Zero-Copy Verification: CPU cache touches bytes only once (hashing + I/O)
  • Composability: Generic over any Hasher trait implementation
  • Extensibility: Built on digest::Digest for broad algorithm support
  • Error Handling: Concrete error types using thiserror

Key Features

  • Zero-copy verification: CPU cache touches bytes only once (for both hashing and writing)
  • Incremental: Computes digests as data streams through
  • Extensible: Minimal Hasher trait allows custom implementations
  • Thread-safe: All public types implement Send + Sync

Example

use pulith_verify::{VerifiedReader, Sha256Hasher, VerifyError};
use std::fs::File;
use std::io::{self, Read};

fn verify_artifact(path: &str, expected_hash_hex: &str) -> Result<(), VerifyError> {
    let expected = hex::decode(expected_hash_hex)?;
    let file = File::open(path)?;
    let hasher = Sha256Hasher::new();
    let mut reader = VerifiedReader::new(file, hasher);

    let mut buffer = vec![0; 8192];
    loop {
        match reader.read(&mut buffer) {
            Ok(0) => break,
            Ok(_) => {},
            Err(e) => return Err(VerifyError::Io(e)),
        }
    }

    reader.finish(&expected)?;
    Ok(())
}

pulith-verify

Streaming content verification primitives.

Role

pulith-verify verifies bytes. It should stay verification-only.

It does not own:

  • fetch orchestration
  • trust-policy decisions
  • resource semantics

Main APIs

  • VerifiedReader
  • Hasher
  • DigestHasher
  • Sha256Hasher (feature)
  • Blake3Hasher (feature)

Basic Usage

use pulith_verify::{Sha256Hasher, VerifiedReader};
use std::io::Read;

let data = std::io::Cursor::new(b"hello".to_vec());
let mut reader = VerifiedReader::new(data, Sha256Hasher::new());
let mut out = Vec::new();
reader.read_to_end(&mut out)?;
# Ok::<(), std::io::Error>(())

How To Use It

Use this crate to stream data through a verifier while another crate decides:

  • where bytes come from
  • whether a failure is retriable
  • what trust policy to enforce

See docs/design/verify.md.

Dependencies

~0.6–1.6MB
~38K SLoC