Crate fips205

source ·
Expand description

§IntegrityChain: FIPS 205 Stateless Hash-Based Digital Signature Standard

crate Docs Build Status Apache2/MIT licensed Rust Version

FIPS 205 (Initial Public Draft) Stateless Hash-Based Digital Signature Standard written in pure Rust for server, desktop, browser and embedded applications. The code repository includes C FFI and Python bindings.

This crate implements the FIPS 205 draft standard in pure Rust with minimal and mainstream dependencies. All twelve (!!) security parameter sets are fully functional. The implementation does not require the standard library, e.g. #[no_std], has no heap allocations, e.g. no alloc needed, and exposes the RNG so it is suitable for the full range of applications from server down to the bare-metal. The API is stabilized and the code is heavily biased towards safety and correctness; further performance optimizations will be implemented as the standard matures. This crate will quickly follow any changes to FIPS 205 as they become available.

See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.ipd.pdf for a full description of the target functionality.

The functionality is extremely simple to use, as demonstrated by the following example.

use fips205::slh_dsa_shake_128s; // Could use any of the twelve security parameter sets. 
use fips205::traits::{SerDes, Signer, Verifier};

let msg_bytes = [0u8, 1, 2, 3, 4, 5, 6, 7];

// Generate key pair and signature
let (pk1, sk) = slh_dsa_shake_128s::try_keygen_vt()?;  // Generate both public and secret keys
let sig_bytes = sk.try_sign_ct(&msg_bytes, true)?;  // Use the secret key to generate signature

// Serialize the public key, and send with message and signature bytes
let (pk_send, msg_send, sig_send) = (pk1.into_bytes(), msg_bytes, sig_bytes);
let (pk_recv, msg_recv, sig_recv) = (pk_send, msg_send, sig_send);

// Deserialize the public key, then use it to verify the msg signature
let pk2 = slh_dsa_shake_128s::PublicKey::try_from_bytes(&pk_recv)?;
let v = pk2.try_verify_vt(&msg_recv, &sig_recv)?;
assert!(v);

The detailed Rust Documentation lives under each Module corresponding to the desired security parameter below.

§Notes

  • This crate is fully functional and corresponds to the first initial public draft of FIPS 205.
  • Constant-time assurances target the source-code level only, and are a work in progress.
  • Note that FIPS 205 places specific requirements on randomness per section 3.1, hence the exposed RNG.
  • Requires Rust 1.70 or higher. The minimum supported Rust version may be changed in the future, but it will be done with a minor version bump.
  • All on-by-default features of this library are covered by SemVer.
  • This software is experimental and still under active development – USE AT YOUR OWN RISK!

§License

Contents are licensed under either the Apache License, Version 2.0 or MIT license at your option.

§Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Modules§

  • slh_dsa_sha2_128f
    Functionality for the SLH-DSA-SHA2-128f security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-128f parameter set is claimed to be in security strength category 1.
  • slh_dsa_sha2_128s
    Functionality for the SLH-DSA-SHA2-128s security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-128s parameter set is claimed to be in security strength category 1.
  • slh_dsa_sha2_192f
    Functionality for the SLH-DSA-SHA2-192f security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-192f parameter set is claimed to be in security strength category 3.
  • slh_dsa_sha2_192s
    Functionality for the SLH-DSA-SHA2-192s security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-192s parameter set is claimed to be in security strength category 3.
  • slh_dsa_sha2_256f
    Functionality for the SLH-DSA-SHA2-256f security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-256f parameter set is claimed to be in security strength category 5.
  • slh_dsa_sha2_256s
    Functionality for the SLH-DSA-SHA2-256s security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-256s parameter set is claimed to be in security strength category 5.
  • slh_dsa_shake_128f
    Functionality for the SLH-DSA-SHAKE-128f security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE-128f parameter set is claimed to be in security strength category 1.
  • slh_dsa_shake_128s
    Functionality for the SLH-DSA-SHAKE-128s security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE-128s parameter set is claimed to be in security strength category 1.
  • slh_dsa_shake_192f
    Functionality for the SLH-DSA-SHAKE-192f security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE-192f parameter set is claimed to be in security strength category 3.
  • slh_dsa_shake_192s
    Functionality for the SLH-DSA-SHAKE-192s security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE-192s parameter set is claimed to be in security strength category 3.
  • slh_dsa_shake_256f
    Functionality for the SLH-DSA-SHAKE-256f security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE-256f parameter set is claimed to be in security strength category 5.
  • slh_dsa_shake_256s
    Functionality for the SLH-DSA-SHAKE-256s security parameter set per FIPS 205 section 10. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE_256s parameter set is claimed to be in security strength category 5.
  • traits
    All functionality is covered by traits, such that consumers can utilize trait objects as desired.