#rustls #tls #rust-crypto #pure #algorithm #fips

no-std rustls-rustcrypto

Pure Rust cryptography provider for the Rustls TLS library using algorithm implementations from the RustCrypto organization

1 unstable release

0.0.2-alpha Apr 24, 2024
0.0.1-alpha Apr 24, 2024
0.0.0 Sep 13, 2023

#2751 in Cryptography

34 downloads per month

MIT/Apache

78KB
1.5K SLoC

rustls-rustcrypto

crate Docs Build Status Apache2/MIT licensed Rust Version Project Chat

RustCrypto-based provider implementation for version 0.23 of rustls, maintained by the RustCrypto organization.

⚠️USE THIS AT YOUR OWN RISK! DO NOT USE THIS IN PRODUCTION⚠️

Not only that this is incomplete that only few selected TLS suites implemented (it should be well enough to cover 70% of the usage), but the elephant in the room is that neither did rustls nor RustCrypto packages were formally verified and certified with FIPS compliance.

Note that RustCrypto performance is generally inferior than ring, but in exchange you got a pure Rust implementation that theoretically compiles everywhere Rust was ported to. In our case, we need to have std but foundational support for future no_std expansion is already here.

Supported Cipher Suites

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS13_AES_128_GCM_SHA256
  • TLS13_AES_256_GCM_SHA384
  • TLS13_CHACHA20_POLY1305_SHA256

License

Licensed under either of:

at your option.

Some code authored by @ctz was adapted from upstream rustls. Licensed as above with permission.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~16–24MB
~464K SLoC