Skip to main content

Crate pqc_nostd

Crate pqc_nostd 

Source
Expand description

§PQC-NOSTD

Post-Quantum Cryptography library for no_std environments. Implements ML-KEM-1024 (FIPS 203) and ML-DSA-65 (FIPS 204).

§Features

  • ml-kem: Enables ML-KEM-1024.
  • ml-dsa: Enables ML-DSA-65.
  • fips_140_3: Enables FIPS 140-3 Approved mode (POST, CASTs, state machine).

§Approved-Mode Usage

This example demonstrates the correct initialization and usage of the module in FIPS Approved mode.

use pqc_nostd::{run_post_or_panic, is_operational, FIPS_CONTEXT};
use pqc_nostd::auth::{login, Role};

fn main() {
    // 1. Power-On Self-Tests (POST) MUST be run before any crypto operation.
    run_post_or_panic();
     
    // 2. Verify the module is in the Operational state.
    assert!(is_operational());

    // 3. Login as User (Level 2 Requirement)
    // In a real app, you would prompt for credentials.
    login(Role::User, b"user123").expect("Login failed");

    // 4. Use Approved Algorithms
     
    // ML-KEM-1024 (Key Encapsulation)
    let kyber_kp = pqc_nostd::kyber_generate_key_pair([0x01u8; 64]).unwrap();
    let (ct, ss_alice) = pqc_nostd::encapsulate(&kyber_kp.public_key(), [0x02u8; 32]).unwrap();
    let ss_bob = pqc_nostd::decapsulate(&kyber_kp.private_key(), &ct).unwrap();
    assert_eq!(ss_alice, ss_bob);

    // ML-DSA-65 (Digital Signatures)
    let dil_kp = pqc_nostd::dilithium_generate_key_pair([0x03u8; 32]).unwrap();
    let msg = b"FIPS 140-3 approved mode test";
    // Note: FIPS_CONTEXT is required for FIPS 204 compliance
    let sig = pqc_nostd::dilithium_sign(&dil_kp.signing_key, msg, FIPS_CONTEXT, [0x04u8; 32]).unwrap();
    assert!(pqc_nostd::dilithium_verify(&dil_kp.verification_key, msg, FIPS_CONTEXT, &sig).is_ok());
}

Re-exports§

pub use error::PqcError;
pub use error::Result;
pub use preop::run_post;
pub use preop::run_post_or_panic;
pub use state::get_fips_state;
pub use state::is_operational;
pub use state::FipsState;

Modules§

auth
Role-Based Authentication (Level 2). Role-Based Authentication (Level 2 Requirement).
cast
Conditional Algorithm Self-Tests (CASTs). FIPS 140-3 CASTs – now compiles with digest 0.10
csp
Critical Security Parameter (CSP) management. Critical Security Parameter (CSP) management.
error
Error types and Result alias.
integrity
Software Integrity Test (Level 1/2). Software Integrity Test (Section 6.10.1).
integrity_data
Generated integrity data (HMAC).
pct
Pair-wise Consistency Tests (PCTs).
preop
Pre-operational self-tests (POST).
state
FIPS module state management.

Constants§

ML_DSA_65_PK_BYTES
ML-DSA-65 public key size in bytes.
ML_DSA_65_SIG_BYTES
ML-DSA-65 signature size in bytes.
ML_DSA_65_SK_BYTES
ML-DSA-65 secret key size in bytes.
ML_KEM_1024_CT_BYTES
ML-KEM-1024 ciphertext size in bytes.
ML_KEM_1024_PK_BYTES
ML-KEM-1024 public key size in bytes.
ML_KEM_1024_SK_BYTES
ML-KEM-1024 secret key size in bytes.
ML_KEM_1024_SS_BYTES
ML-KEM-1024 shared secret size in bytes.