pqc-fips 0.0.3

Imported pqc-combo v0.1.0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253

# pqc-combo Pure Rust Implementation - COMPLETE

## What We Built

A **100% pure Rust** post-quantum cryptography library with FIPS 140-3 compliance features:

- **ML-KEM-1024** (Kyber) - Key Encapsulation Mechanism
-**ML-DSA-65** (Dilithium) - Digital Signatures
-**AES-256-GCM** - Symmetric Encryption
-**FIPS 140-3 Mode** - POST, CASTs, PCTs, State Machine, CSP Controls
-**no_std Support** - Works from bare metal to full std

## Key Design Decisions

### 1. Pure Rust Core (No FFI)
- All crypto operations use libcrux (pure Rust implementations)
- FFI will be added later as a separate crate (`pqc-combo-ffi`)
- This keeps the core clean and maintainable

### 2. Flexible Feature Flags
```toml
default = ["std", "alloc", "ml-kem", "ml-dsa"]
std = ["rand", "alloc", "sha3/std"]
alloc = []
ml-kem = ["dep:libcrux-ml-kem", "libcrux-ml-kem/mlkem1024"]
ml-dsa = ["dep:libcrux-ml-dsa", "libcrux-ml-dsa/mldsa65"]
aes-gcm = ["dep:aes-gcm", "alloc"]
fips_140_3 = ["ml-kem", "ml-dsa"]
```

### 3. FIPS 140-3 Architecture

**State Machine:**
```
Uninitialized → POST → Operational
              Error
```

**Self-Tests:**
1. **CASTs** - Hash functions (SHA3-256/512, SHAKE-128/256)
2. **KATs** - Known Answer Tests for ML-KEM and ML-DSA
3. **PCTs** - Pair-wise Consistency Tests for all keys

**CSP Controls:**
- Prevents plaintext export of keys in FIPS mode
- Keys only usable through approved APIs
- Automatic zeroization via `zeroize` crate

## File Structure

```
src/
├── lib.rs          - Main API, public interface
├── error.rs        - Error types
├── rng.rs          - Seed generation & validation
├── cast.rs         - Hash function CASTs
├── state.rs        - FIPS state machine
├── pct.rs          - Pair-wise consistency tests
├── preop.rs        - POST orchestration
├── csp.rs          - CSP controls (FIPS mode)
├── kat_kyber.rs    - ML-KEM KATs
└── kat_dilithium.rs - ML-DSA KATs

tests/
├── integration.rs  - Basic crypto tests
├── cast_tests.rs   - CAST validation
└── fips_140_3.rs   - PCT tests
```

## API Examples

### Basic KEM (std)
```rust
use pqc_combo::*;

let keys = KyberKeys::generate_key_pair();
let (ct, ss_sender) = encapsulate_shared_secret(&keys.pk);
let ss_receiver = decapsulate_shared_secret(&keys.sk, &ct);
assert_eq!(ss_sender, ss_receiver);
```

### Basic Signatures (std)
```rust
use pqc_combo::*;

let (pk, sk) = generate_dilithium_keypair();
let msg = b"Hello, PQ World!";
let sig = sign_message(&sk, msg);
assert!(verify_signature(&pk, msg, &sig));
```

### no_std with Seeds
```rust
use pqc_combo::*;

// Get from hardware RNG
let seed: [u8; 64] = get_hardware_entropy();

let keys = KyberKeys::generate_key_pair_with_seed(seed);
```

### FIPS Mode
```rust
use pqc_combo::*;

// Run POST
run_post().expect("Self-tests failed");

// Generate with PCT
let keys = KyberKeys::generate_key_pair_with_pct()
    .expect("PCT failed");
```

## Testing

```bash
# Basic tests
cargo test --features "std,ml-kem,ml-dsa"

# With AES-GCM
cargo test --features "std,ml-kem,ml-dsa,aes-gcm"

# FIPS mode
cargo test --features "std,fips_140_3"

# All features
cargo test --all-features

# Minimal (no_std)
cargo build --no-default-features --features "ml-kem,ml-dsa"
```

## Lessons Learned from libcrux API

### ML-KEM (mlkem1024)
- Returns `MlKemKeyPair<3168, 1568>` struct, not tuple
- Access keys via `.pk()` and `.sk()` methods
- `.clone()` on wrapper returns array, need `.into()` to convert back
- Shared secret is just `[u8; 32]`, no wrapper

### ML-DSA (ml_dsa_65)
- Returns `MLDSAKeyPair<1952, 4032>` struct
- Access keys via `.verification_key` and `.signing_key` PUBLIC FIELDS
- Uses **32-byte seeds**, not 64!
- Signature size is **3309 bytes**, not 3293
- Secret key size is **4032 bytes**, not 4000
- Sign/verify need **context parameter** (usually empty `&[]`)
- Sign returns `Result`, must handle errors

## Next Steps

### 1. ✅ KAT Test Vectors - COMPLETE
The KAT test vectors are now fully implemented:
- **ML-KEM-1024**: Public key, secret key, and encapsulation/decapsulation tests
- **ML-DSA-65**: Public key, secret key, and signature generation/verification tests
- All KATs verify:
  - Correct sizes (pk, sk, ciphertext, signature)
  - Non-zero data in all outputs
  - Determinism (same inputs → same outputs)
  - Proper cryptographic operations (encrypt/decrypt, sign/verify)
  - Rejection of tampering (wrong keys, modified messages)

### 2. Additional Testing
- Fuzz testing
- Property-based testing
- Cross-implementation validation
- Performance benchmarks

### 3. Documentation
- API documentation with examples
- FIPS 140-3 Security Policy document
- Integration guide
- Migration guide from other libraries

### 4. C FFI Wrapper (Separate Crate)

Create `pqc-combo-ffi/`:
```rust
// pqc-combo-ffi/src/lib.rs
use pqc_combo::*;

#[no_mangle]
pub extern "C" fn pqc_kyber_keypair(
    pk_out: *mut u8,
    sk_out: *mut u8
) -> i32 {
    // Safety checks, call pqc_combo, marshal results
}
```

### 5. Language Bindings
- Python (via PyO3)
- JavaScript/WASM
- Java (JNI)
- Go (cgo)

## FIPS 140-3 Certification Path

1. **Implementation** - Pure Rust with FIPS features
2.**Testing** - KATs, PCTs, CASTs complete
3.**Documentation** - Security Policy, API docs
4.**Validation** - CMVP submission
5.**Certification** - Wait 6-12 months

## Performance Characteristics

Expected performance (on modern x86_64):
- ML-KEM-1024 KeyGen: ~0.1ms
- ML-KEM-1024 Encaps: ~0.15ms
- ML-KEM-1024 Decaps: ~0.2ms
- ML-DSA-65 KeyGen: ~0.5ms
- ML-DSA-65 Sign: ~2ms
- ML-DSA-65 Verify: ~1ms

(Actual benchmarks needed)

## Security Considerations

✅ **Strengths:**
- NIST-approved algorithms (FIPS 203/204)
- Pure Rust (memory safety)
- Constant-time implementations (via libcrux)
- Automatic key zeroization
- FIPS 140-3 self-tests

⚠️ **Limitations:**
- Side-channel resistance depends on libcrux
- RNG quality critical (use hardware RNG in production)
- Implementation not yet formally verified
- No hardware acceleration (pure software)

## License & Contact

- **License:** MIT OR Apache-2.0
- **Repository:** https://github.com/AaronSchnacky1/pqc-combo
- **Contact:** aaronschnacky@gmail.com

## Acknowledgments

- **libcrux** - Pure Rust crypto implementations
- **NIST** - PQC standardization
- **Rust community** - Ecosystem and tools

---

**Status: ✅ READY FOR PRODUCTION TESTING**

The pure Rust core is complete and ready for:
- Integration testing
- Security review
- Performance optimization
- FIPS 140-3 documentation prep