-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCargo.toml
More file actions
122 lines (101 loc) · 4.02 KB
/
Cargo.toml
File metadata and controls
122 lines (101 loc) · 4.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
[package]
name = "cachekit-core"
version = "0.2.0"
edition = "2021"
authors = ["cachekit Contributors"]
description = "LZ4 compression, xxHash3 integrity, AES-256-GCM encryption for byte payloads"
rust-version = "1.85"
license = "MIT"
repository = "https://github.com/cachekit-io/cachekit-core"
homepage = "https://github.com/cachekit-io/cachekit-core"
documentation = "https://docs.rs/cachekit-core"
readme = "README.md"
keywords = ["lz4", "xxhash3", "aes-gcm", "encryption", "compression"]
categories = ["compression", "cryptography"]
[lib]
name = "cachekit_core"
# cdylib for C FFI, rlib for Rust crates, staticlib for static linking
crate-type = ["cdylib", "rlib", "staticlib"]
[dependencies]
# Error handling
thiserror = "2.0"
# Core serialization
serde = { version = "1.0", features = ["derive"] }
serde_bytes = "0.11"
# MessagePack serialization (optional)
rmp-serde = { version = "1.3", optional = true }
# High-performance LZ4 compression (optional)
lz4_flex = { version = "0.12", features = ["frame", "std"], optional = true }
# Fast non-cryptographic hashing for data integrity (optional)
# xxHash3-64: ~36 GB/s, sufficient for corruption detection (security via AES-GCM auth tag)
xxhash-rust = { version = "0.8", features = ["xxh3"], optional = true }
# Encryption dependencies (all optional, gated by encryption feature)
# Uses HKDF-SHA256 for key derivation (NOT Blake2b - that's only for Python cache keys)
# ring is native-only (see [target.'cfg(not(target_arch = "wasm32"))'.dependencies])
zeroize = { version = "1.8", features = ["derive"], optional = true }
hkdf = { version = "0.12", optional = true }
sha2 = { version = "0.10", optional = true }
hmac = { version = "0.12", optional = true }
generic-array = { version = "0.14", optional = true }
# wasm32 RNG: getrandom with JS feature for wasm32-unknown-unknown targets
getrandom = { version = "0.2", features = ["js"], optional = true }
# RustCrypto: pure-Rust AES-256-GCM for wasm32 targets (ring requires clang + C asm)
aes-gcm = { version = "0.10", features = ["zeroize"], optional = true }
aes = { version = "0.8", features = ["zeroize"], optional = true }
# Byte utilities
bytes = "1.5"
byteorder = "1.5"
[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
# ring: hardware-accelerated AES-256-GCM for native targets only.
# Does NOT compile on wasm32-unknown-unknown (requires clang for C asm).
# Kept optional so it is only compiled when the `encryption` feature is active.
ring = { version = "0.17", optional = true }
[build-dependencies]
# C header generation (required for ffi feature)
cbindgen = "0.29"
[dev-dependencies]
proptest = "1.4"
serde_json = "1.0"
blake2 = "0.10"
hex = "0.4"
aes-gcm = { version = "0.10", features = ["zeroize"] }
[features]
default = ["compression", "checksum", "messagepack"]
# Core features
compression = ["dep:lz4_flex"]
checksum = ["dep:xxhash-rust"]
messagepack = ["dep:rmp-serde"]
# Encryption (AES-256-GCM with HKDF-SHA256 key derivation)
# Native: ring provides hardware-accelerated AES-256-GCM (target-conditional dep above)
# wasm32: aes-gcm (pure Rust) is used instead — automatically selected via cfg(target_arch)
# aes-gcm/aes/getrandom compile on native but are dead code (all usage behind wasm32 cfg);
# the compiler optimizes them out.
encryption = [
"dep:ring",
"dep:zeroize",
"dep:hkdf",
"dep:sha2",
"dep:hmac",
"dep:generic-array",
"dep:aes-gcm",
"dep:aes",
"dep:getrandom",
]
# C FFI layer (generates include/cachekit.h)
ffi = []
# wasm32 support: alias for encryption (deps now folded into encryption feature)
wasm = ["encryption"]
# Kani formal verification configuration
# Provides mathematical proofs of memory safety for unsafe code and FFI boundaries
[package.metadata.kani]
default-unwind = 10
output-format = "terse"
concrete-playback = "print"
enable-unstable = false
solver = "cadical"
[package.metadata.kani.unstable]
stubbing = false
# Lint configuration
[lints.rust]
# Suppress benign warnings about cfg(kani) which is set by Kani verifier
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(kani)'] }