cachekit-core 0.1.1

LZ4 compression, xxHash3 integrity, AES-256-GCM encryption for byte payloads
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

[package]
name = "cachekit-core"
version = "0.1.1"
edition = "2021"
authors = ["cachekit Contributors"]
description = "LZ4 compression, xxHash3 integrity, AES-256-GCM encryption for byte payloads"
rust-version = "1.82"
license = "MIT"
repository = "https://github.com/cachekit-io/cachekit-core"
homepage = "https://github.com/cachekit-io/cachekit-core"
documentation = "https://docs.rs/cachekit-core"
readme = "README.md"
keywords = ["lz4", "xxhash3", "aes-gcm", "encryption", "compression"]
categories = ["compression", "cryptography"]

[lib]
name = "cachekit_core"
# cdylib for C FFI, rlib for Rust crates, staticlib for static linking
crate-type = ["cdylib", "rlib", "staticlib"]

[dependencies]
# Error handling
thiserror = "1.0"

# Core serialization
serde = { version = "1.0", features = ["derive"] }
serde_bytes = "0.11"

# MessagePack serialization (optional)
rmp-serde = { version = "1.3", optional = true }

# High-performance LZ4 compression (optional)
lz4_flex = { version = "0.11", features = ["frame", "std"], optional = true }

# Fast non-cryptographic hashing for data integrity (optional)
# xxHash3-64: ~36 GB/s, sufficient for corruption detection (security via AES-GCM auth tag)
xxhash-rust = { version = "0.8", features = ["xxh3"], optional = true }


# Encryption dependencies (all optional, gated by encryption feature)
# Uses HKDF-SHA256 for key derivation (NOT Blake2b - that's only for Python cache keys)
ring = { version = "0.17", optional = true }
zeroize = { version = "1.8", features = ["derive"], optional = true }
hkdf = { version = "0.12", optional = true }
sha2 = { version = "0.10", optional = true }
hmac = { version = "0.12", optional = true }
generic-array = { version = "0.14", optional = true }

# Byte utilities
bytes = "1.5"
byteorder = "1.5"

[build-dependencies]
# C header generation (required for ffi feature)
cbindgen = "0.29"

[dev-dependencies]
proptest = "1.4"
serde_json = "1.0"
blake2 = "0.10"
hex = "0.4"

[features]
default = ["compression", "checksum", "messagepack"]

# Core features
compression = ["dep:lz4_flex"]
checksum = ["dep:xxhash-rust"]
messagepack = ["dep:rmp-serde"]

# Encryption (AES-256-GCM with HKDF-SHA256 key derivation)
encryption = [
    "dep:ring",
    "dep:zeroize",
    "dep:hkdf",
    "dep:sha2",
    "dep:hmac",
    "dep:generic-array",
]

# C FFI layer (generates include/cachekit.h)
ffi = []

# Kani formal verification configuration
# Provides mathematical proofs of memory safety for unsafe code and FFI boundaries
[package.metadata.kani]
default-unwind = 10
output-format = "terse"
concrete-playback = "print"
enable-unstable = false
solver = "cadical"

[package.metadata.kani.unstable]
stubbing = false

# Lint configuration
[lints.rust]
# Suppress benign warnings about cfg(kani) which is set by Kani verifier
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(kani)'] }