bifurcation
commented
4 months ago I note that the approach in #424 effectively uses runtime dependency injection, so maybe it's not a bad idea to support runtime provider selection.
Open bifurcation opened 4 months ago
bifurcation
commented
4 months ago I note that the approach in #424 effectively uses runtime dependency injection, so maybe it's not a bad idea to support runtime provider selection.
Right now, we support three different crypto providers: OpenSSL 1.1, OpenSSL 3, and BoringSSL. These providers have largely the same API, so we have a slightly hairy mess of
#ifdefs to account for the differences. If we were to try to add support for CryptoKit, X-CUBE-CRYPTOLIB or liboqs, we would need things to look substantially different.We should consider introducing a stronger interface/implementation separation, and segregating the implementation code according to the underlying crypto provider.
Prior art in
mls-rs:https://docs.rs/mls-rs/latest/mls_rs/trait.CryptoProvider.htmlhttps://docs.rs/mls-rs/latest/mls_rs/trait.CipherSuiteProvider.htmlOverall concept:
lib/hpke/srchas files for some set of providers