daf5ecc153
Generated with the following commands: ``` cargo set-version --bump minor -p tor-cell cargo set-version --bump minor -p tor-linkspec cargo set-version --bump minor -p tor-proto cargo set-version --bump minor -p tor-netdoc cargo set-version --bump minor -p tor-circmgr cargo set-version --bump patch -p tor-cert cargo set-version --bump patch -p tor-basic-utils cargo set-version --bump patch -p tor-rpcbase cargo set-version --bump patch -p tor-llcrypto cargo set-version --bump patch -p tor-hscrypto cargo set-version --bump patch -p tor-checkable cargo set-version --bump patch -p tor-async-utils cargo set-version --bump patch -p caret cargo set-version --bump patch -p fs-mistrust cargo set-version --bump patch -p safelog cargo set-version --bump patch -p retry-error cargo set-version --bump patch -p tor-error cargo set-version --bump patch -p tor-config cargo set-version --bump patch -p tor-events cargo set-version --bump patch -p tor-units cargo set-version --bump patch -p tor-rtcompat cargo set-version --bump patch -p tor-rtmock cargo set-version --bump patch -p tor-protover cargo set-version --bump patch -p tor-bytes cargo set-version --bump patch -p tor-socksproto cargo set-version --bump patch -p tor-consdiff cargo set-version --bump patch -p tor-netdir cargo set-version --bump patch -p tor-congestion cargo set-version --bump patch -p tor-persist cargo set-version --bump patch -p tor-chanmgr cargo set-version --bump patch -p tor-ptmgr cargo set-version --bump patch -p tor-guardmgr cargo set-version --bump patch -p tor-dirclient cargo set-version --bump patch -p tor-dirmgr cargo set-version --bump patch -p tor-hsclient cargo set-version --bump patch -p tor-hsservice cargo set-version --bump patch -p arti-client cargo set-version --bump patch -p arti-rpcserver cargo set-version --bump patch -p arti-config cargo set-version --bump patch -p arti-hyper cargo set-version --bump patch -p arti cargo set-version --bump patch -p arti-bench cargo set-version --bump patch -p arti-testing ``` |
||
---|---|---|
.. | ||
fuzz | ||
src | ||
testdata | ||
tests | ||
Cargo.toml | ||
README.md |
README.md
tor-llcrypto
Low-level cryptographic implementations for Tor.
Overview
The tor-llcrypto
crate wraps lower-level cryptographic primitives that Tor
needs, and provides a few smaller pieces of cryptographic functionality that
are commonly required to implement Tor correctly.
This crate is part of Arti, a project to implement Tor in Rust. Many other crates in Arti depend on it.
You probably wouldn't want to use this crate for implementing non-Tor-based protocols; instead you should probably use the other crates that it depends on if you have a low-level protocol to implement, or a higher-level cryptographic system if you want to add security to something else. It is easy to accidentally put these functions together in ways that are unsafe.
Why a separate crate?
Why do we collect and re-export our cryptography here in tor-llcrypto
,
instead of having the different crates in Arti use underlying cryptographic
crates directly?
By wrapping our cryptography in this crate, we ensure that we're using the same implementations across our ecosystem, and provide a single place to upgrade and test our cryptography.
Adding to tor-llcrypto
Any low-level cryptographic algorithm that is used by at least two other
crates in Arti is a candidate for inclusion in tor-llcrypto
, especially if
that algorithm's purpose is not specific to any single piece of the Tor
algorithm.
Cryptographic traits (like those from RustCrypto) don't have to go in
tor-llcrypto
, since they are interfaces rather than implementations.
Contents
Encryption is implemented in [cipher
]: Currently only AES is exposed or
needed.
Cryptographic digests are in [d
]: The Tor protocol uses several digests in
different places, and these are all collected here.
Public key cryptography (including signatures, encryption, and key
agreement) are in [pk
]. Older parts of the Tor protocol require RSA;
newer parts are based on Curve25519 and Ed25519. There is also functionality
here for key manipulation for the keys used in these symmetric algorithms.
The [util
] module has some miscellaneous compatibility utilities for
manipulating cryptography-related objects and code.
Features
API features
relay
-- enable cryptography that's only used on relays.
hsv3-client
-- enable cryptography that's only needed when running as a v3
onion service client.
Acceleration features
These features should never be enabled by default from libraries, since they are not "strictly additive": they disable one implementation in order to enable another.
with-openssl
-- Use openssl
as the backend for those cryptographic
features it supports.
with-sha1-asm
-- Use an assembly implementation of the sha1 algorithm, if
one is enabled.
License: MIT OR Apache-2.0