diff --git a/wrapper/rust/wolfssl-wolfcrypt/CHANGELOG.md b/wrapper/rust/wolfssl-wolfcrypt/CHANGELOG.md index 8109b0de9d..620bbee02f 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/CHANGELOG.md +++ b/wrapper/rust/wolfssl-wolfcrypt/CHANGELOG.md @@ -1,5 +1,31 @@ # wolfssl-wolfcrypt Change Log +## v2.0.0 + +New features: + +- Add RustCrypto trait support: digest, signature, mac, cipher, aead, rand_core, + kem, and password-hash traits +- Add RSA-OAEP API +- Add scrypt KDF support and scrypt password-hash trait implementation +- Add BLAKE2 digest module (blake2_digest) +- Add BLAKE2 MAC module (blake2_mac) +- Add Aes192Ccm and Aes192Gcm +- Implement Clone for HMAC types +- Improve cross-compilation and bare-metal target support in build.rs + +Fixes and improvements: + +- LMS fixes and improvements +- Replace Lms::sigs_left() with Lms::has_sigs_left() +- Fix CFB::encrypt1 and CFB::decrypt1 to take size in bits +- Dilithium: fix context-length API to take length in bytes +- Handle MAC_CMP_FAILED_E from CMAC::verify{,_ex}() +- Numerous memory-safety, zeroization, and buffer-length validation hardening + fixes (zeroize structs on drop, check slice/buffer length conversions, avoid + uninitialized and overlapping buffers, fix possible ECC resource leaks) +- Document minimum wolfSSL version requirement + ## v1.2.0 - Add LMS wrapper (wolfssl_wolfcrypt::lms module) diff --git a/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock b/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock index 12bfd102df..7cd14f34df 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock +++ b/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock @@ -485,7 +485,7 @@ checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486" [[package]] name = "wolfssl-wolfcrypt" -version = "1.2.0" +version = "2.0.0" dependencies = [ "aead", "bindgen", diff --git a/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml b/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml index 6a38933619..c4a095078f 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml +++ b/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "wolfssl-wolfcrypt" -version = "1.2.0" +version = "2.0.0" edition = "2024" description = "Rust wrapper for wolfssl C library cryptographic functionality" license = "GPL-3.0" diff --git a/wrapper/rust/wolfssl-wolfcrypt/README.md b/wrapper/rust/wolfssl-wolfcrypt/README.md index ec4fea9221..ad57b33ec3 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/README.md +++ b/wrapper/rust/wolfssl-wolfcrypt/README.md @@ -5,6 +5,12 @@ algorithms portion of the wolfSSL C library. This crate requires wolfSSL version 5.9.0 or newer. +The crate uses `no_std` so that no Rust standard library is required. +This makes it well-suited for embedded/bare-metal environments. + +There is an optional `alloc` feature that enables APIs which require heap +allocation. + ## Installation The `wolfssl` C library must be installed to be used by the Rust crate. @@ -16,7 +22,7 @@ For example: ``` [dependencies] -wolfssl-wolfcrypt = "1.0" +wolfssl-wolfcrypt = "2.0" ``` ## API Coverage @@ -44,6 +50,7 @@ functionality: * PRF * RNG * RSA + * scrypt * SHA * SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256 @@ -51,6 +58,35 @@ functionality: * SSH KDF * TLSv1.3 HKDF +## RustCrypto Trait Support + +In addition to its native API, this crate can implement the common +[RustCrypto](https://github.com/RustCrypto) traits for wolfCrypt-backed types. +Each set of trait implementations is gated behind a Cargo feature so that +projects only pull in the dependencies they need. All features are off by +default. + +| Feature | RustCrypto crate | wolfCrypt types | +| --------------- | ---------------- | ------------------------------------- | +| `digest` | `digest` | SHA (sha_digest), BLAKE2 (blake2_digest) | +| `mac` | `digest` (mac) | HMAC (hmac_mac), CMAC (cmac_mac), BLAKE2 (blake2_mac) | +| `signature` | `signature` | ECDSA (ecdsa), RSA PKCS#1 v1.5 (rsa_pkcs1v15) | +| `cipher` | `cipher` | AES (aes) | +| `aead` | `aead` | AES-GCM/CCM/EAX (aes), ChaCha20-Poly1305 | +| `rand_core` | `rand_core` | RNG (random) | +| `kem` | `kem` | ML-KEM (mlkem_kem) | +| `password-hash` | `password-hash` | PBKDF2 (pbkdf2_password_hash), scrypt (scrypt_password_hash) | + +The BLAKE2, CMAC, and HMAC trait modules additionally require the corresponding +algorithm support to be enabled in the wolfSSL C library. + +Enable features in your `Cargo.toml`, for example: + +``` +[dependencies] +wolfssl-wolfcrypt = { version = "2.0", features = ["digest", "signature"] } +``` + ## Build Notes ### WOLFSSL_PREFIX