On 30.09.2014 07:39, Tony Arcieri wrote: > I've been trying to keep an eye on what's been brewing in the Rust > crypto-world. There's a lot of parts that people have been working on > that I'd really love to see brought together in a coherent manner, > perhaps in the form of an (out-of-tree) common crypto library for Rust. > Here are a few highlights: > > - common.rs <https://github.com/seb-m/common.rs>: a cool library with a > terrible name! This library implements SBufs > <https://github.com/seb-m/common.rs/blob/master/src/sbuf.rs>: secure > buffers with guard pages, suitable for storing keying material. I would > still love to see this extended to do RAII-style memory protection that > sets PROT_NONE on buffer pages when they're not in use > > - rust-constanttime > <https://gist.github.com/lifthrasiir/56cdcf404edce0a8f256>: [ WARNING: > BROKEN DO NOT USE ] a library similar to Go's crypto/subtle > <http://golang.org/pkg/crypto/subtle/>: data types that try to ensure > constant-time operations, unfortunately LLVM is really smart and likes > to performance optimize by adding branches even when you really don't > want it to. If someone knew of a way to make it actually verifiably > constant time, that would be amazing. > > - suruga <https://github.com/klutzy/suruga>: a Rust implementation of > TLS 1.2. Wouldn't it be great if a Servo-powered browser didn't have to > use OpenSSL? ;) This seems like it could benefit from SBufs and > rust-constanttime, if they were fully baked. Right now it does no memory > protections around keying material or internal cipher state. >
Is there any particular reason you chose this three projects? I was rather surprised rust-crypto <https://github.com/DaGenix/rust-crypto> isn't on your list. Also common.rs links to the two projects it was written for: crypto.rs <https://github.com/seb-m/crypto.rs> and Curve41417.rs <https://github.com/seb-m/curve41417.rs>, which seem rather interesting to me. Regards, Florian Zeitz _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
