|
…
|
||
|---|---|---|
| .. | ||
| nss | ||
| src | ||
| Cargo.toml | ||
| README.md | ||
README.md
rc_crypto
The rc_crypto crate, like its name implies, handles all of our cryptographic needs.
For consumers, it pretty much follows the very rust-idiomatic ring crate API and offers the following functionality:
- Cryptographically secure pseudorandom number generation.
- Cryptographic digests, hmac, and hkdf.
- Authenticated encryption (AEAD) routines.
- ECDH key agreement.
- ECDSA signature verification.
- Constant-time string comparison.
- HTTP Hawk Authentication through the rust-hawk crate.
- HTTP Encrypted Content-Encoding through the ece crate.
Under the hood, it is backed by Mozilla's NSS library, through bindings in the nss crate. This has a number of advantages for our use-case:
- Uses Mozilla-owned-and-audited crypto primitives.
- Decouples us from ring's fast-moving versioning and stability policy.
Rust features
geckowill avoid linking against libsqlite3_sys's libsqlite. See #2882 for context.