init

.github/workflows/test.yml

@@ -0,0 +1,160 @@
+name: test
+
+
+on: [ push, pull_request ]
+
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+  RUSTDOCFLAGS: "-Dwarnings"
+
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.72  # MSRV 1.70 GA flaky
+          - stable
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+          - s390x-unknown-linux-gnu
+          - powerpc64-unknown-linux-gnu
+          - riscv64gc-unknown-none-elf
+          - x86_64-pc-windows-gnu
+          - x86_64-apple-darwin
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          targets: ${{ matrix.target }}
+      - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features "ml-kem-512 ml-kem-768 ml-kem-1024"
+
+
+  cargo_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: rustsec/audit-check@v1.4.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+
+  cargo_deny:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: EmbarkStudios/cargo-deny-action@v1
+
+
+  cargo_outdated:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - name: Install cargo outdated
+        run: cargo install --locked cargo-outdated
+      - name: Run cargo outdated
+        run: cargo outdated -R
+
+
+  clippy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Clippy
+        run: cargo clippy --all-targets --all-features
+
+
+  coverage:
+    runs-on: ubuntu-latest
+    env:
+      CARGO_TERM_COLOR: always
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - name: Install cargo-llvm-cov
+        uses: taiki-e/install-action@cargo-llvm-cov
+      - name: Generate code coverage
+        run: cargo llvm-cov --all-features --workspace --exclude fips203-ffi
+    # No codecov account, so stop here for now
+    #  - name: Upload coverage to Codecov
+    #    uses: codecov/codecov-action@v3
+    #      with:
+    #        files: lcov.info
+    #        fail_ci_if_error: true
+
+
+  cross:
+    strategy:
+      matrix:
+        include:
+          # ARM32
+          - target: armv7-unknown-linux-gnueabihf
+            rust: 1.72  # MSRV 1.70 GA flaky
+          - target: armv7-unknown-linux-gnueabihf
+            rust: stable
+          # ARM64
+          - target: aarch64-unknown-linux-gnu
+            rust: 1.72  # MSRV 1.70 GA flaky
+          - target: aarch64-unknown-linux-gnu
+            rust: stable
+          # PPC32
+          - target: powerpc-unknown-linux-gnu
+            rust: 1.72  # MSRV 1.70 GA flaky
+          - target: powerpc-unknown-linux-gnu
+            rust: stable
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: ${{ matrix.deps }}
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          targets: ${{ matrix.target }}
+      - uses: RustCrypto/actions/cross-install@master
+      - run: cross test --release --target ${{ matrix.target }} --no-default-features --features "ml-kem-512 ml-kem-768 ml-kem-1024"
+
+
+  doc:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: RustCrypto/actions/cargo-cache@master
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: stable
+      - run: cargo doc --all-features
+
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          # 32-bit Linux
+          - target: i686-unknown-linux-gnu
+            rust: 1.72 # MSRV 1.70 GA flaky
+            deps: sudo apt update && sudo apt install gcc-multilib
+          - target: i686-unknown-linux-gnu
+            rust: stable
+            deps: sudo apt update && sudo apt install gcc-multilib
+          # 64-bit Linux
+          - target: x86_64-unknown-linux-gnu
+            rust: 1.72 # MSRV 1.70 GA flaky
+          - target: x86_64-unknown-linux-gnu
+            rust: stable
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          targets: ${{ matrix.target }}
+      - run: ${{ matrix.deps }}
+      - run: cargo check --target ${{ matrix.target }} --all-features
+      - run: cargo test --release --target ${{ matrix.target }}

.gitignore

@@ -0,0 +1,9 @@
+/.idea
+**/Cargo.lock
+**/artifacts
+**/corpus
+**/coverate
+**/target
+**/pkg
+**/node_modules
+**/package-lock.json

CHANGELOG.md

@@ -0,0 +1,45 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 0.2.1 (2024-05-01)
+
+- Very minor dev dependency downgrade for compat (flate2)
+
+## 0.2.0 (2024-04-26)
+
+- Removed `_vt` suffix from top-level API as constant-time operation is now measured
+
+## 0.1.6 (2024-04-24)
+
+- Additional tests in `validate_keypair_vt()`, implemented second round review feedback
+
+## 0.1.5 (2024-04-14)
+
+- Significant performance optimizations and internal revisions based upon review feedback
+
+## 0.1.4 (2024-04-01)
+
+- Constant-time fixes and measurement
+- Significant internal clean up, additional SerDes validation
+
+## 0.1.3 (2024-02-27)
+
+- Adjustments to dependency versions to support MSRV 1.70
+
+## 0.1.2 (2024-02-21)
+
+- Added (serialized) keypair validation functionality
+- General clean-up, refined checks, some constant-time work
+- Cargo deny and codecov; revised bench, fuzz, dudect and ct_cm4
+
+## 0.1.1 (2023-10-30)
+
+- Fully functional in all three parameter sets
+
+## 0.1.0 (2023-10-15)
+
+- Initial API release skeleton

Cargo.toml

@@ -0,0 +1,69 @@
+workspace = { members = ['ffi'], exclude = ["ct_cm4", "dudect", "fuzz", "wasm"] }
+
+[package]
+name = "fips203"
+version = "0.2.1"
+edition = "2021"
+license = "MIT OR Apache-2.0"
+description = "FIPS 203 (draft): Module-Lattice-Based Key-Encapsulation Mechanism"
+authors = ["Eric Schorn <eric.schorn@nccgroup.com>"]
+documentation = "https://docs.rs/fips203"
+categories = ["cryptography", "no-std"]
+repository = "https://github.com/nccgroup/fips203"
+keywords = ["kem", "FIPS203", "lattice", "kyber", "encapsulation"]
+# MSRV set at 1.70 for debian testing, e.g. https://packages.debian.org/search?keywords=rustc
+# This requires several marginally outdated dependencies, see below
+rust-version = "1.70"
+
+
+[features]
+default = ["default-rng", "ml-kem-512", "ml-kem-768", "ml-kem-1024"]
+default-rng = ["rand_core/getrandom"]
+ml-kem-512 = []
+ml-kem-768 = []
+ml-kem-1024 = []
+
+
+[dependencies]  # Some are marginally outdated to retain MSRV 1.70
+rand_core = { version = "0.6.4", default-features = false }
+sha3 = { version = "0.10.2", default-features = false }
+subtle = { version = "2.5.0", default-features = false, features = ['const-generics'] }
+zeroize = { version = "1.6.0", default-features = false, features = ["zeroize_derive"] }
+
+
+[dev-dependencies]  # Some are marginally outdated to retain MSRV 1.70
+rand = "0.8.5"
+regex = "1.10.2"
+hex = "0.4.3"
+rand_chacha = "0.3.1"
+criterion = "0.4.0"
+flate2 = "1.0.27"
+hex-literal = "0.4.1"
+
+
+[[bench]]
+name = "benchmark"
+harness = false
+
+
+[profile.dev]
+debug = true
+#lto = true
+#opt-level = 3
+#codegen-units = 1
+
+
+[profile.release]
+lto = true
+opt-level = "s"
+codegen-units = 1
+
+
+[profile.bench]
+debug = true
+debug-assertions = false
+incremental = false
+lto = true
+opt-level = 3
+overflow-checks = false
+codegen-units = 1