Expand description
Adaptive Crypto Engine
Автоматический выбор шифра в зависимости от HW capabilities:
- AES-256-GCM (ring asm) → Apple Silicon (FEAT_AES), x86_64 (AES-NI)
- ChaCha20-Poly1305 (ring asm) → ARM без AES, MIPS, RISC-V, IoT
На устройствах без HW AES ChaCha20 в 3-4x быстрее. На устройствах с HW AES AES-GCM в ~1.3x быстрее ChaCha20.
Under --features fips the AEAD backend swaps to aws-lc-rs
(FIPS-validated AWS-LC). The Rust API surface is identical to
ring::aead, so the rest of this module is untouched. The cipher
suite enum keeps ChaCha20Poly1305 (wire-format stability) but the
negotiation/build paths reject it under fips.
Structs§
- Crypto
Session - Unified crypto session — works with any supported cipher suite.
- HwCaps
- Hardware capabilities report
Enums§
- Cipher
Suite - Supported cipher suites.
- Crypto
Error - Crypto errors
Constants§
- AEAD_
MAX_ INVOCATIONS - Hard upper bound on per-direction AEAD invocations before forcing a key rotation (or, in the absence of rekey, failing the operation).
- AEAD_
OVERHEAD - Overhead bytes: both AES-GCM and ChaCha20-Poly1305 produce a 16-byte tag
Functions§
- negotiate_
cipher - Negotiate best cipher suite between client and server.