Expand description
OpenSSL-backed implementation of a ring-compatible cryptography API.
This crate mirrors the public surface of several ring modules so that
code written against ring can be compiled against OpenSSL instead, without
pulling in ring itself. All cryptographic operations are delegated to
OpenSSL through the native-ossl crate.
§Modules mirrored
| Module | ring counterpart |
|---|---|
aead | ring::aead |
agreement | ring::agreement |
digest | ring::digest |
error | ring::error |
hkdf | ring::hkdf |
hmac | ring::hmac |
rand | ring::rand |
signature | ring::signature |
The internal spki module is not public; it holds the shared
SubjectPublicKeyInfo DER header constants used by agreement and signature.
§What is not included
This crate does not reproduce ring-internal sealed-trait hierarchies. The
rand::SecureRandom trait is defined in this crate and is used as a bound
in agreement and signature; callers should use it in place of
ring::rand::SecureRandom.
RSA key generation is not implemented; RSA keys can be loaded from PKCS#8
or PKCS#1 DER through the signature types.
§Example
use ring_native_ossl::{digest, hmac, rand, agreement};
// One-shot digest
let hash = digest::digest(&digest::SHA256, b"hello world");
assert_eq!(hash.as_ref().len(), 32);
// HMAC sign and verify
let key = hmac::Key::new(hmac::HMAC_SHA256, b"my-key");
let tag = hmac::sign(&key, b"data");
hmac::verify(&key, b"data", tag.as_ref()).unwrap();
// X25519 ephemeral key agreement
let rng = rand::SystemRandom::new();
let alice = agreement::EphemeralPrivateKey::generate(&agreement::X25519, &rng).unwrap();
let alice_pub = alice.compute_public_key().unwrap();Modules§
- aead
- Authenticated encryption with associated data (AEAD), mirroring
ring::aead. - agreement
- Ephemeral Diffie-Hellman key agreement, mirroring
ring::agreement. - digest
- Cryptographic hash functions, mirroring
ring::digest. - error
- Error types, mirroring
ring::error. - hkdf
- HKDF key derivation, mirroring
ring::hkdf. - hmac
- HMAC message authentication, mirroring
ring::hmac. - rand
- Cryptographically secure random byte generation, mirroring
ring::rand. - signature
- Digital signature creation and verification, mirroring
ring::signature.