Overview of the Rust cryptography ecosystem
37.2% of vulnerabilities in cryptographic libraries are memory safety issues, while only 27.2% are cryptographic issues, according to an empirical Study of Vulnerabilities in Cryptographic Libraries (Jenny Blessing, Michael A. Specter, Daniel J. Weitzner - MIT).
I think it's time that we move on from C as the de-facto language for implementing cryptographic primitive.
This post is an excerpt of my book Black Hat Rust
Due to its high-level nature with low-level controls, absence of garbage collector, portability, and ease of embedding, Rust is our best bet to replace today's most famous crypto libraries: OpenSSL, BoringSSL and libsodium, which are all written in C.
It will take time for sure, but in 2019, rustls
(a library we will see later) was benchmarked to be 5% to 70% faster than OpenSSL
, depending on the task. One of the most important thing (that is missing today) to see broad adoption? Certifications (such as FIPS).
Without further ado, here is a survey of the Rust cryptography ecosystem in 2021.
sodiumoxide
sodiumoxide is a Rust wrapper for libsodium, the renowned C cryptography library recommended by most applied cryptographers.
The drawback of this library is that as it's C bindings, it may introduce hard-to-debug bugs.
Also, please note that the original maintainer announced in November 2020 that he is stepping back from the project. That being said, at its current state, the project is fairly stable, and urgent issues (if any) will surely be fixed promptly.
ring
ring is focused on the implementation, testing, and optimization of a core set of cryptographic operations exposed via an easy-to-use (and hard-to-misuse) API. ring exposes a Rust API and is written in a hybrid of Rust, C, and assembly language.
ring provides low-level primitives to use in your higher-level protocols and applications. The principal maintainer is known for being very serious about cryptography and the code to be high-quality.
The only problem is that some algorithms, such as XChaCha20-Poly1305
, are missing.
dalek cryptography
dalek-cryptography is a GitHub organization regrouping multiple packages about pure-Rust elliptic curve cryptography such as x25519
and ed25519
.
The projects are used by organizations serious about cryptography, such as Signal and Diem.
Rust Crypto
Rust Crypto is a GitHub organization regrouping all the crypto primitives you will need, in pure Rust, most of the time by providing a base trait and implementing it for all the different algorithms (look at aead for example).
Unfortunately, not all the crates are audited by a professional third party.
rustls
rustls is a modern TLS library written in Rust. It uses ring
under the hood for cryptography. Its goal is to provide only safe to use features by allowing only TLS 1.2 and upper, for example.
In my opinion, this library is on the right track to replace OpenSSL
and BoringSSL
.
Other crates
There are many other crates such as blake3
, but, in my opinion, they should be evaluated only if you can't find your primitive in the crates/organizations above.
Summary
As of June 2021
crate | audited | Total downloads |
---|---|---|
ring | Yes ✅ | 10,339,221 |
rustls | Yes ✅ | 7,882,370 |
ed25519-dalek | ❌ No | 2,148,849 |
x25519-dalek | ❌ No | 1,554,105 |
aes-gcm | Yes ✅ | 2,203,807 |
chacha20poly1305 | Yes ✅ | 864,288 |
sodiumoxide | ❌ No | 842,287 |