Amazon Releases Open Cryptographic Library for Rust

Amazon has introduced a cryptographic library called AWS-lc-r, which is designed to work with Rust applications and is compatible with the API level of Rust-Biblical ring. The code for the project is distributed under the Apache 2.0 and ISC licenses. The library supports work on Linux platforms (X86, X86-64, AARCH64) and MacOS (x86-64).

AWS-lc-r is based on the AWS Libcrypto library, written in C++, which is in turn based on the code of the BoringsSSL project (supported by Google, offensl branch). Additionally, two low-level Crate packages were proposed: AWS-LC-Sys (automatically generated low-level strands over AWS-LC) and AWS-LC-FIPS-SYS (low-level FFIs (Foreign Function Interface)), which produce the API AWS-LC.

The AWS-LC library includes formally verified implementation of the SHA-2, HMAC, AES-GCM, Aes-AES KWP, HKDF, ECDH, and ECDSA that meet the requirements for cryptographic systems that can be used in state institutions in the USA and Canada. Amazon decided to create a strain for the Rust language to meet the standards of FIPS that could be used in Rust projects. In the AWS-LC-RS library, Amazon combined the usual and common API Ring and verified implementation of algorithms from the AWS-LC library that meets the FIPS.

The use of the AWS-LC library as the basis of the AWS-LC-RS library has also allowed all specific optimizations developed by Amazon in AWS-LC-RS. For example, AWS-LC options are available for Chachia20-Poly1305 and NIST P-256 algorithms, separately optimized for ARM processors, as well as significant optimization for X86 systems that accelerate the processing of ECDSA digital signatures. During testing of the work of the TLS 1.2 and 1.3 protocols, the AWS-LC-RS library noticeably outperformed the Rustls package, demonstrating both a reduction in the installation time and an increase in throughput (in the ECDSA tests, it is more than twice).

An AWS-LC-RS chart indicates that the library has better performance than the Rustls package.

Overall, this move by Amazon showcases their continued efforts to promote open-source cryptographic software that is secure, reliable and efficient for developers.

/Reports, release notes, official announcements.