1# What is this? 2 3A crypto provider that abstracts over different crypto implementations, mainly the Rust 4implementations by [RustCrypto](https://github.com/RustCrypto), OpenSSL and BoringSSL. 5 6## Project structure 7 8### `crypto_provider` 9 10Our own abstraction on top of crypto implementations, including functionalities 11like AES, SHA2, X25519 and P256 ECDH, HKDF, HMAC, etc. 12 13Two implementations are currently provided, `crypto_provider_rustcrypto` and 14`crypto_provider_openssl`. 15 16#### `crypto_provider::aes` 17Abstraction on top plain AES, including AES-CTR and AES-CBC. 18 19Since we know we'll have multiple AES implementations in practice (an embedded 20device might want to use mbed, but a phone or server might use BoringSSL, etc), 21it's nice to define our own minimal AES interface that exposes only what we need 22and is easy to use from FFI (when we get to that point). 23 24### `crypto_provider_rustcrypto` 25 26Implementations of `crypto_provider` types using the convenient pure-Rust primitives 27from [Rust Crypto](https://github.com/RustCrypto). 28 29### `crypto_provider_openssl` 30 31Implementations of `crypto_provider` types using the 32[openSSL Rust crate](https://github.com/sfackler/rust-openssl), which is a Rust 33wrapper for openSSL. 34 35#### Using BoringSSL 36 37`crypto_provider_openssl` can also be made to use BoringSSL via the `boringssl` feature. This 38translates to using the `openssl` and `openssl-sys` crates' `unstable_boringssl` feature. Since the 39depenedency `bssl-sys` is not on crates.io, to test the BoringSSL integration, you'll need to run 40`scripts/prepare-boringssl.sh`, which clones BoringSSL and the Android version of `rust-openssl`. 41 42* Run `scripts/prepare-boringssl.sh` to setup the workspace 43* Run `cargo --config=.cargo/config-boringssl.toml test --features=boringssl` to test the crypto 44 provider implementations. 45* Run `cargo --config=.cargo/config-boringssl.toml run -p <package> --features=openssl,boringssl 46 --no-default-features` on FFI, JNI, or shell targets to make them use BoringSSL. 47 48## Setup 49 50See `nearby/presence/README.md` for machine setup instructions. 51