Skip to main content

Module adaptive_crypto

Module adaptive_crypto 

Source
Available on crate feature std only.
Expand description

Adaptive Crypto Engine

Picks the AEAD cipher automatically from the host’s hardware capabilities:

  • AES-256-GCM (ring asm) → Apple Silicon (FEAT_AES), x86_64 (AES-NI)
  • ChaCha20-Poly1305 (ring asm) → ARM without AES, MIPS, RISC-V, IoT

Without HW AES, ChaCha20 is ~3-4x faster; with HW AES, AES-GCM is ~1.3x faster than ChaCha20.

Under --features fips the AEAD backend swaps to aws-lc-rs (FIPS-validated AWS-LC). The Rust API surface is identical to ring::aead, so the rest of this module is untouched. The cipher suite enum keeps ChaCha20Poly1305 (wire-format stability) but the negotiation/build paths reject it under fips.

Structs§

CryptoSession
Unified crypto session — works with any supported cipher suite.
HwCaps
Hardware capabilities report

Enums§

CipherSuite
Supported cipher suites.
CryptoError
Crypto errors

Constants§

AEAD_MAX_INVOCATIONS
Hard upper bound on per-direction AEAD invocations before forcing a key rotation (or, in the absence of rekey, failing the operation).
AEAD_OVERHEAD
Overhead bytes: both AES-GCM and ChaCha20-Poly1305 produce a 16-byte tag

Functions§

negotiate_cipher
Negotiate best cipher suite between client and server.