wolfcrypt 0.1.0

# NOTE: Most tests for this crate live in the wolfcrypt-conformance
# workspace member.  After making changes here, run:
#   cargo test -p wolfcrypt-conformance

[package]
name = "wolfcrypt"
authors = ["WolfSSL Inc"]
version = "0.1.0"
edition = "2021"
rust-version = "1.71.0"
license = "MIT"
description = "RustCrypto trait implementations backed by wolfCrypt"
homepage = "http://wolfssl.com"
repository = "https://github.com/wolfSSL/wolfssl-rs"
keywords = ["wolfcrypt", "wolfssl", "fips", "rustcrypto", "cryptography"]
categories = ["cryptography"]

[features]
default = ["digest", "rand"]
digest   = ["dep:digest_trait", "dep:crypto-common"]
hmac     = ["dep:hmac_trait", "digest"]
cmac     = ["digest"]
hkdf     = ["hmac"]
pbkdf2   = ["hmac"]
aead     = ["dep:aead_trait"]
cipher   = ["dep:cipher_trait"]
poly1305 = ["digest"]
signature = ["dep:signature_trait"]
ecdsa    = ["signature"]
ed25519  = ["signature", "dep:ed25519_trait"]
ed448    = ["signature"]
rsa      = ["signature"]
mldsa    = ["signature"]
mlkem    = []
keywrap  = []
dh       = []
des3     = ["dep:cipher_trait"]
ecdh     = []
rand     = ["dep:rand_core"]
blake2   = []
shake    = []
kdf      = []
ecc      = []
lms      = []
rsa-direct = ["rsa", "rand"]
cryptocb = []
hpke     = ["rand"]
fips     = ["wolfcrypt-rs/fips"]
riscv-bare-metal = ["wolfcrypt-rs/riscv-bare-metal"]

[dependencies]
wolfcrypt-rs = { version = "0.1.0", path = "../wolfcrypt-rs" }

# RustCrypto trait crates (renamed to avoid module name collision).
#
# VERSION POLICY — two remaining tiers:
#
# rand_core has been upgraded to 0.10 (done).
#
# BLOCKED ON generic-array → hybrid-array MIGRATION (stable but large blast radius):
#   - digest 0.10 → 0.11, cipher 0.4 → 0.5: these pull in crypto-common 0.2,
#     which replaces generic-array 0.14 with hybrid-array. Nearly every file
#     in wolfcrypt/src/ uses GenericArray. Do this once, together, when the
#     remaining rc crates also go stable so we only migrate GenericArray once.
#
# BLOCKED ON STABLE RELEASE (still release candidates):
#   - signature 2.2 → 3.0 (rc), hmac 0.12 → 0.13 (rc), aead 0.5 → 0.6 (rc),
#     ed25519 2.2 → next (tied to signature). Upgrade when these reach stable.
#     This will also eliminate the FFI bridging in ssh-key-wolfcrypt/signature.rs.
#
# ssh-key-wolfcrypt uses the rc versions because it's a fork of upstream
# ssh-key which tracks the RustCrypto SSH crates' own next-gen pre-releases.
# That version mismatch is handled via direct FFI calls in ssh-key-wolfcrypt's
# signature.rs, bypassing wolfcrypt's trait impls entirely.
digest_trait    = { package = "digest",         version = "0.10", optional = true }
hmac_trait      = { package = "hmac",           version = "0.12", optional = true }
aead_trait      = { package = "aead",           version = "0.5",  optional = true, features = ["alloc"] }
cipher_trait    = { package = "cipher",         version = "0.4",  optional = true }
signature_trait = { package = "signature",      version = "2.2",  optional = true }
ed25519_trait   = { package = "ed25519",        version = "2.2",  optional = true }
rand_core       = { version = "0.10", optional = true }
crypto-common   = { version = "0.1",  optional = true }
generic-array   = "0.14"
typenum         = "1"
zeroize         = { version = "1", features = ["zeroize_derive"] }

[dev-dependencies]
hex = "0.4"
hex-literal = "0.4"
rand_core = "0.10"
aead_trait = { package = "aead", version = "0.5", features = ["alloc"] }
cipher_trait = { package = "cipher", version = "0.4" }
signature_trait = { package = "signature", version = "2.2" }
ed25519_trait = { package = "ed25519", version = "2.2" }
hkdf_trait = { package = "hkdf", version = "0.12" }
hmac_trait = { package = "hmac", version = "0.12" }
pbkdf2_trait = { package = "pbkdf2", version = "0.12" }
digest_trait = { package = "digest", version = "0.10" }