Let's Build a FIPS-validated Rust Crypto Library

A few weeks ago, I wrote Rust Cryptography Should be Written in Rust. Briefly, I said we should have a FIPS-validated cryptography library that is written in 100% safe Rust. The next day, I received a message from the CEO of Ditto saying they want to financially support this. That effort is starting now.

Now I am investigating adding a “FIPS mode” of the *ring* cryptography library that provides a path for it to be FIPS 140-3 validated. Currently, many companies who are building products in Rust end up using a C cryptography library to support their customers who demand FIPS validation. My goal is to solve this problem so that most Rust projects have a better choice for meeting that demand. A FIPS-validated software module has some unique requirements that no other kind of library has, and doing it in Rust is uncharted territory. I intend to do this work openly, sharing the challenges this project encounters and the short-term and long-term solutions, so that the entire Rust cryptography community can benefit from what we learn.

In parallel with the FIPS-related work, I will release the 0.17 version of *ring* that supports a much wider set of targets than *ring* has supported up to now. I will also be working to replace the remaining C code with equivalent Rust code, so that a FIPS 140-3 validation can be done without any C code. I believe that in the near future we will be able to replace and/or reformulate the assembly language code in *ring* into 100% safe Rust code that is as fast or faster, and even more clearly free of side channel hazards.

I am especially excited about this project because it affords me the freedom to help other projects in the Rust community in a much more direct way than I've been able to before. I hope we can converge on a single 100% safe Rust cryptography library that everybody can use, and make Rust the default choice for implementing high-performance cryptography.