We are thrilled to announce a significant enhancement to the wolfSSL repository: the addition of Rust wrappers for wolfCrypt! This integration, available now in our official wolfSSL GitHub repository, allows developers to leverage the robust cryptographic primitives of wolfCrypt directly within their Rust applications, benefiting from Rust’s safety, performance, and modern language features.
Why Rust
Rust has rapidly gained popularity for its focus on safety, particularly memory safety, without sacrificing performance. Its strong type system and ownership model prevent common programming errors like null pointer dereferences and data races, making it an ideal choice for building secure and reliable software. Cryptographic implementations, in particular, demand the highest levels of correctness and security, which align perfectly with Rust’s design principles.
Introducing wolfCrypt Rust Wrappers
The new Rust wrappers provide a safe and idiomatic interface to wolfCrypt’s comprehensive suite of cryptographic algorithms. Rust wrapper development is an ongoing effort and more functionality is planned. Initially Rust wrappers are targeting the wolfCrypt FIPS API. Currently, developers can now easily integrate features such as:
- Asymmetric Cryptography: RSA and ECC
- Symmetric Ciphers: AES
- Hashing: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256
- Key Exchange: Diffie-Hellman, ECDH
- Random Number Generation: FIPS 140-2 certified random number generator (RNG)
More Rust wrappers for functionality such as HMAC, CMAC, KDF, Ed25591, and Ed448, and more are planned.
Key Benefits
- Memory Safety,/strong>: Rust’s ownership and borrowing system eliminates common memory-related vulnerabilities that plague C/C++ implementations, such as buffer overflows and use-after-free errors.
- Thread Safety: The Rust type system prevents data races, ensuring that cryptographic operations are safe in multi-threaded environments.
- Performance: wolfCrypt is renowned for its small footprint and high performance, and these characteristics are preserved when used through the Rust wrappers.
- Ease of Use,/strong>: The wrappers are designed to be intuitive and follow Rust’s best practices, making it straightforward for Rust developers to incorporate powerful cryptography into their projects.
- FIPS 140-2 Compliance: Leverage wolfCrypt’s FIPS 140-2 validated cryptographic modules directly from Rust.
Getting Started
Integrating the wolfCrypt Rust wrappers into your project is simple. You can find the necessary files and detailed instructions within the wolfSSL GitHub repository in the wrapper/rust directory.
Example Usage
Here’s a sneak peek at how easy it is to use the new wrappers (specific API details can be found in the repository).
RNG
use wolfssl::wolfcrypt::random::RNG;
fn main() {
// Create a RNG instance.
let mut rng = RNG::new().expect("Failed to create RNG");
// Generate a single random byte value.
let byte = rng.generate_byte().expect("Failed to generate a single byte");
// Generate a random block.
let mut buffer = [0u32; 8];
rng.generate_block(&mut buffer).expect("Failed to generate a block");
}
SHA-256
use wolfssl::wolfcrypt::sha::SHA256;
fn main() {
// Create a SHA256 instance.
let mut sha = SHA256::new().expect("Error with new()");
// Feed input data (can be called multiple times).
sha.update(b"input").expect("Error with update()");
// Retrieve the final SHA-256 hash.
let mut hash = [0u8; SHA256::DIGEST_SIZE];
sha.finalize(&mut hash).expect("Error with finalize()");
}
ECC
use wolfssl::wolfcrypt::random::RNG;
use wolfssl::wolfcrypt::ecc::ECC;
fn main () {
let mut rng = RNG::new().expect("Failed to create RNG");
// Generate a new ECC key.
let mut ecc = ECC::generate(32, &mut rng).expect("Error with generate()");
let hash = [0x42u8; 32];
let mut signature = [0u8; 128];
// Sign a hash with the ECC key.
let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()");
let signature = &signature[0..signature_length];
}
Community and Support
We encourage the Rust community to explore these new wrappers and provide feedback. Your contributions and insights are invaluable as we continue to improve and expand our offerings. If you encounter any issues or have suggestions, please open an issue or submit a pull request on our GitHub repository.
What’s Next?
wolfSSL is committed to enhancing the security and usability of our products across various platforms and languages. The introduction of Rust wrappers is a testament to this commitment. We plan to continue expanding the functionality and improving the developer experience for our Rust users.
Stay tuned for more updates and exciting developments from wolfSSL!
Useful Links
If you have any questions, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247. We look forward to seeing what you build with wolfCrypt and Rust!
Download wolfSSL Now