Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FFI for rustls-post-quantum provider crate #507

Open
cpu opened this issue Dec 17, 2024 · 1 comment · May be fixed by #520
Open

FFI for rustls-post-quantum provider crate #507

cpu opened this issue Dec 17, 2024 · 1 comment · May be fixed by #520
Assignees
@cpu

Comments

@cpu
Copy link
Member

cpu commented Dec 17, 2024
edited
Loading

Rustls presently offers post quantum hybrid X25519MLKEM768 via a separate crate that augments the aws-lc-rs CryptoProvider with the post-qc algorithms, rustls-post-quantum. The plan is to eventually roll this into the main crate (rustls/rustls#2056).

Previously I prototyped a FFI wrapper around this provider in cpu/rustls-post-quantum-ffi as a means of verifying external crypto providers worked with the FFI crypto provider API in this crate.

I think it makes sense to roll the FFI wrapper for the post-qc provider into the main rustls-ffi crate and offer it behind a default-off opt-in feature ala fips or cert-compression. Once the rustls-post-quantum crate is rolled into the main rustls crate and offered by default we can do the same for rustls-ffi.
@cpu
Copy link
Member Author

cpu commented Dec 21, 2024

Related: rustls/rustls#2288

@cpu cpu self-assigned this Dec 23, 2024
This was referenced Dec 28, 2024
Draft
Closed
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cpu cpu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add opt-in post-quantum KX feature flag cpu/rustls-ffi
1 participant
@cpu