A Boring(SSL)-compatible API abstraction for Rust cryptographic implementations.
Superboring hides the complexity, diversity and instability of cryptographic implementations written in Rust behind an emulation of the boring API (Rust excellent wrappers for BoringSSL).
This allows applications written using the boring API to be able to also use pure Rust implementations without having to maintain two code bases.
Here are valid reasons why using boring may sometimes not be an option.
All of them are just features that haven't been implemented in the boring crate yet, and that the boring maintainers would probably love getting help with, rather than people finding workarounds.
While BoringSSL itself can be compiled to WebAssembly, the boring crate currently doesn't support this.
OpenSSL and BoringSSL share a lot of symbols, which can cause collisions.
BoringSSL has the ability to prefix symbols in order to avoid this. But the boring crate currently doesn't support this.
The real boring crate supports static builds using musl, so emulation is not required. Just use cargo-zigbuild:
cargo zigbuild --target=x86_64-unknown-linux-musl- RSA operations: key generation (2048/3072/4096 bits), import/export (DER/PEM, PKCS1/PKCS8), encryption/decryption (PKCS1v15 and OAEP), signatures (PKCS1v15 and PSS with SHA-256/384/512)
- ML-DSA post-quantum signatures: ML-DSA-44, ML-DSA-65 and ML-DSA-87, with key generation from random or seed, signing and verification
- AES key wrap: RFC 3394 key wrapping with AES-128 and AES-256
- AES-GCM: authenticated encryption with AES-128-GCM and AES-256-GCM, with streaming support and additional authenticated data
- Hash functions: SHA-256, SHA-384, SHA-512 (via
MessageDigest) - HMAC: HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
When compiling for wasm32-wasip1, the optional wasi-crypto feature uses the WASI-Crypto host extension through the wasi-crypto-guest crate for supported operations. With WasmEdge's wasi_crypto plugin, this currently accelerates RSA key generation/signing/verification for the plugin's supported RSA signature algorithms, AES-128-GCM, AES-256-GCM, HMAC-SHA-256 and HMAC-SHA-512. Operations not exposed by the plugin, such as AES key wrap, RSA encryption/OAEP, HMAC-SHA-384 and ML-DSA, keep using the Rust implementations.
cargo test --target wasm32-wasip1 --features wasi-crypto