Skip to content

Sample MCP Server - Rust (crypto-tools-server) #901

New issue
New issue
Open
Feature
Open
Sample MCP Server - Rust (crypto-tools-server)#901
Feature
Labels
enhancementNew feature or requestmcp-serversMCP Server SamplesoicOpen Innovation Community ContributionsrustRust programming
Milestone
Release 1.0.0-BETA-1
@crivetimihai

Description

@crivetimihai
crivetimihai
opened on Sep 5, 2025

Overview

Create a sample MCP Server in Rust that provides cryptographic tools and security utilities including hashing, encryption, key generation, and digital signatures.

Server Specifications

Server Details

  • Name: crypto-tools-server
  • Language: Rust 1.75+
  • Location: mcp-servers/rust/crypto-tools-server/
  • Purpose: Demonstrate secure cryptographic operations via MCP

Core Features

  • Secure random number generation
  • Hash functions (SHA, BLAKE3, Argon2)
  • Symmetric encryption (AES, ChaCha20)
  • Asymmetric cryptography (RSA, Ed25519, ECDSA)
  • Digital signatures and verification
  • Key derivation and management

Tools Provided

1. generate_hash

Compute cryptographic hashes with multiple algorithms

#[derive(Deserialize)]
struct HashRequest {
    data: String,           // Input data (text or hex)
    algorithm: String,      // sha256, sha3_256, blake3, argon2
    encoding: String,       // hex, base64, raw
    salt: Option<String>,   // For salted hashes
    iterations: Option<u32>, // For key derivation functions
}

2. generate_key_pair

Generate cryptographic key pairs

#[derive(Deserialize)]
struct KeyPairRequest {
    algorithm: String,      // rsa, ed25519, ecdsa_p256, ecdsa_secp256k1
    key_size: Option<u32>, // For RSA (2048, 3072, 4096)
    format: String,        // pem, der, jwk
    password: Option<String>, // For encrypted private keys
}

3. encrypt_data

Symmetric and asymmetric encryption

#[derive(Deserialize)]
struct EncryptRequest {
    data: String,
    algorithm: String,      // aes_256_gcm, chacha20poly1305, rsa_oaep
    key: String,           // Key material (hex, base64, or PEM)
    nonce: Option<String>, // For symmetric algorithms
    encoding: String,      // hex, base64
}

4. decrypt_data

Decrypt encrypted data

#[derive(Deserialize)]
struct DecryptRequest {
    encrypted_data: String,
    algorithm: String,
    key: String,           // Private key or symmetric key
    nonce: Option<String>,
    encoding: String,
    password: Option<String>, // For encrypted private keys
}

5. sign_data

Create digital signatures

#[derive(Deserialize)]
struct SignRequest {
    data: String,          // Data to sign
    private_key: String,   // Private key (PEM, DER, or hex)
    algorithm: String,     // rsa_pss, rsa_pkcs1, ed25519, ecdsa
    hash_algorithm: Option<String>, // sha256, sha384, sha512
    encoding: String,      // hex, base64
}

6. verify_signature

Verify digital signatures

#[derive(Deserialize)]
struct VerifyRequest {
    data: String,          // Original data
    signature: String,     // Signature to verify
    public_key: String,    // Public key
    algorithm: String,
    hash_algorithm: Option<String>,
    encoding: String,
}

7. derive_key

Key derivation and password-based key generation

#[derive(Deserialize)]  
struct KeyDerivationRequest {
    password: String,      // Input password or key material
    salt: String,         // Random salt
    algorithm: String,    // pbkdf2, scrypt, argon2id
    iterations: u32,      // Iteration count
    key_length: u32,      // Desired key length in bytes
    encoding: String,     // Output encoding
}

8. secure_random

Generate cryptographically secure random data

#[derive(Deserialize)]
struct RandomRequest {
    length: u32,          // Number of bytes
    encoding: String,     // hex, base64, raw
    charset: Option<String>, // For random strings (alphanumeric, ascii, etc.)
}

Implementation Requirements

Directory Structure

mcp-servers/rust/crypto-tools-server/
├── src/
│   ├── main.rs
│   ├── lib.rs
│   ├── crypto/
│   │   ├── mod.rs
│   │   ├── hashing.rs
│   │   ├── symmetric.rs
│   │   ├── asymmetric.rs
│   │   ├── signatures.rs
│   │   └── random.rs
│   ├── handlers/
│   │   ├── mod.rs
│   │   ├── hash_handler.rs
│   │   ├── encryption_handler.rs
│   │   └── key_handler.rs
│   ├── utils/
│   │   ├── mod.rs
│   │   ├── encoding.rs
│   │   └── validation.rs
│   └── config.rs
├── Cargo.toml
├── Cargo.lock
├── README.md
├── tests/
│   ├── integration_tests.rs
│   └── crypto_tests.rs
└── examples/
    ├── basic_crypto.rs
    ├── key_management.rs
    └── digital_signatures.rs

Dependencies

# Cargo.toml
[package]
name = "crypto-tools-server"
version = "0.1.0"
edition = "2021"

[dependencies]
mcp = { path = "../mcp-rust" }
tokio = { version = "1.35", features = ["full"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"

# Cryptographic libraries
ring = "0.17"
ed25519-dalek = "2.1"
rsa = "0.9"
aes-gcm = "0.10"
chacha20poly1305 = "0.10"
argon2 = "0.5"
blake3 = "1.5"
sha3 = "0.10"
pbkdf2 = "0.12"
scrypt = "0.11"

# Encoding and utilities
base64 = "0.21"
hex = "0.4"
rand = "0.8"
zeroize = { version = "1.7", features = ["zeroize_derive"] }
pem = "3.0"

# Error handling
thiserror = "1.0"
anyhow = "1.0"

Security Configuration

# config.toml
[security]
max_key_size = 4096           # Maximum RSA key size
max_data_size = "10MB"        # Maximum data size for operations
allow_weak_algorithms = false  # Block weak crypto algorithms
require_secure_random = true   # Enforce secure RNG

[algorithms]
enabled_hashes = ["sha256", "sha3_256", "blake3", "argon2id"]
enabled_symmetric = ["aes_256_gcm", "chacha20poly1305"]
enabled_asymmetric = ["rsa", "ed25519", "ecdsa_p256"]

[rate_limiting]
max_operations_per_minute = 100
max_key_generations_per_hour = 10

Usage Examples

Generate and Use Key Pair

# Generate Ed25519 key pair
echo '{
  "method": "tools/call",
  "params": {
    "name": "generate_key_pair",
    "arguments": {
      "algorithm": "ed25519",
      "format": "pem"
    }
  }
}' | crypto-tools-server

# Sign data with private key
echo '{
  "method": "tools/call",
  "params": {
    "name": "sign_data", 
    "arguments": {
      "data": "Hello, World!",
      "private_key": "-----BEGIN PRIVATE KEY-----...",
      "algorithm": "ed25519",
      "encoding": "hex"
    }
  }
}' | crypto-tools-server

Hash and Encryption Operations

# Generate secure hash
echo '{
  "method": "tools/call",
  "params": {
    "name": "generate_hash",
    "arguments": {
      "data": "sensitive_password",
      "algorithm": "argon2id", 
      "salt": "random_salt_value",
      "iterations": 100000,
      "encoding": "hex"
    }
  }
}' | crypto-tools-server

# Encrypt data with AES-GCM
echo '{
  "method": "tools/call",
  "params": {
    "name": "encrypt_data",
    "arguments": {
      "data": "confidential information",
      "algorithm": "aes_256_gcm",
      "key": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
      "encoding": "base64"
    }
  }
}' | crypto-tools-server

Key Derivation

# Derive key from password
echo '{
  "method": "tools/call",
  "params": {
    "name": "derive_key",
    "arguments": {
      "password": "user_password",
      "salt": "unique_salt_per_user", 
      "algorithm": "argon2id",
      "iterations": 100000,
      "key_length": 32,
      "encoding": "hex"
    }
  }
}' | crypto-tools-server

Advanced Features

  • Key Management: Secure key storage and rotation
  • Certificate Handling: X.509 certificate operations
  • HMAC Operations: Message authentication codes
  • Secure Memory: Zero-on-drop for sensitive data
  • Hardware Security: TPM and HSM integration support
  • Batch Operations: Process multiple operations efficiently

Security Features

  • Memory Safety: Rust's ownership model prevents memory bugs
  • Secure Defaults: Safe algorithm choices by default
  • Input Validation: Comprehensive input sanitization
  • Side-Channel Resistance: Constant-time implementations
  • Key Zeroization: Automatic secret cleanup
  • Algorithm Restrictions: Configurable algorithm allowlists

Performance Optimizations

  • Async Operations: Non-blocking crypto operations
  • Memory Pooling: Efficient memory reuse
  • SIMD Instructions: Hardware-accelerated crypto
  • Batch Processing: Multiple operations in single call
  • Caching: Optimized for repeated operations

Testing Requirements

  • Unit tests for all cryptographic operations
  • Property-based testing with quickcheck
  • Security tests against known attack vectors
  • Performance benchmarks
  • Cross-platform compatibility testing
  • Fuzzing tests for input validation

Documentation Requirements

  • Comprehensive API documentation with examples
  • Security best practices guide
  • Algorithm selection guidelines
  • Performance benchmarking results
  • Integration examples for common use cases

Acceptance Criteria

  • Rust MCP server with 8+ cryptographic tools
  • Support for modern crypto algorithms (Ed25519, ChaCha20, BLAKE3, Argon2)
  • Secure key generation and management
  • Digital signature creation and verification
  • Symmetric and asymmetric encryption/decryption
  • Secure random number generation
  • Memory-safe implementation with secret zeroization
  • Comprehensive test suite including security tests (>95% coverage)
  • Performance benchmarks and optimization
  • Complete documentation with security guidelines

Priority

High - Demonstrates security-critical applications and Rust's memory safety benefits

Use Cases

  • Secure application development
  • Digital signature and verification workflows
  • Password hashing and key derivation
  • Data encryption for privacy compliance
  • Cryptographic research and education
  • Security tool development
  • Blockchain and cryptocurrency applications

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestmcp-serversMCP Server SamplesoicOpen Innovation Community ContributionsrustRust programming

    Type

    Feature

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions