Add RustCrypto feature #42
Conversation
|
Waiting for RustCrypto team to release newer crates. |
|
Sorry for the delay. Notification got buried. Thank you for this, I'll review tomorrow. |
|
The |
|
@njaremko will fix it this weekend. |
|
@itsbalamurali Thanks, ping me when you're ready for a review please |
|
Is this good for review @itsbalamurali? |
Reimplements PR njaremko#42 ("Add RustCrypto feature") on top of upstream's refactored crypto layer (CryptoProvider trait, crypto/xmlsec tree). Introduces a pluggable native crypto backend (src/crypto/native) for key generation, X.509 certificate generation, and HTTP-Redirect URL signing / verification, with two mutually-exclusive backends selected by feature: - openssl (default) - OpenSSL crate - rustcrypto - pure Rust: rsa (PKCS#1 v1.5 + SHA-256), p256/ecdsa (ECDSA P-256 + SHA-256), sha2, x509-cert The OpenSSL crate is now optional. xmlsec implies openssl (the xmlsec wrapper uses OpenSSL for decryption). signed_redirect no longer requires xmlsec - URL signing works under either native backend. Default feature set: [openssl, xmlsec]. Pure-Rust build: cargo build --no-default-features --features rustcrypto Both backends build and pass the full test suite (28 tests each), including RSA/ECDSA keygen -> self-signed cert -> sign -> verify round-trips for the rustcrypto backend.
|
@njaremko This is ready for review and merge. I've rebased this onto current What's here
Testing
One note: the RustCrypto deps are release-candidates ( Happy to adjust anything. |
This is continuation of P.R #26 by @martinjlowm's Rust crypto work