From 5876a43df614737f1b3fa3254e7716fb73837027 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 13 Jan 2025 15:11:11 +0100 Subject: [PATCH 1/5] Remove redundant match arms --- libcrux-kem/src/kem.rs | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/libcrux-kem/src/kem.rs b/libcrux-kem/src/kem.rs index 6aa54551f..99866ad05 100644 --- a/libcrux-kem/src/kem.rs +++ b/libcrux-kem/src/kem.rs @@ -850,26 +850,6 @@ impl Ct { ct_x.try_into().map_err(|_| Error::InvalidCiphertext)?, )) } - #[cfg(feature = "kyber")] - Algorithm::X25519Kyber768Draft00 => { - let key: [u8; MlKem768Ciphertext::len() + 32] = - bytes.try_into().map_err(|_| Error::InvalidCiphertext)?; - let (xct, kct) = key.split_at(32); - Ok(Self::X25519Kyber768Draft00( - kct.try_into().map_err(|_| Error::InvalidCiphertext)?, - xct.try_into().map_err(|_| Error::InvalidCiphertext)?, - )) - } - #[cfg(feature = "kyber")] - Algorithm::XWingKyberDraft02 => { - let key: [u8; MlKem768Ciphertext::len() + 32] = - bytes.try_into().map_err(|_| Error::InvalidCiphertext)?; - let (ct_m, ct_x) = key.split_at(MlKem768Ciphertext::len()); - Ok(Self::XWingKyberDraft02( - ct_m.try_into().map_err(|_| Error::InvalidCiphertext)?, - ct_x.try_into().map_err(|_| Error::InvalidCiphertext)?, - )) - } Algorithm::MlKem1024 => bytes .try_into() .map_err(|_| Error::InvalidCiphertext) From 247adb2d905fcb7f07f6ca9da22bf38b5cc06a9d Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 13 Jan 2025 15:12:37 +0100 Subject: [PATCH 2/5] `no_std` support for top level `libcrux` via `alloc` --- Cargo.toml | 2 ++ src/aead.rs | 6 ++++++ src/digest.rs | 5 +++++ src/drbg.rs | 11 ++++++++--- src/hacl/aesgcm.rs | 4 ++-- src/hacl/sha3.rs | 4 ++-- src/hpke/aead.rs | 5 +++++ src/hpke/errors.rs | 5 +++++ src/hpke/hpke.rs | 5 +++++ src/hpke/kdf.rs | 6 +++++- src/hpke/kem.rs | 5 +++++ src/lib.rs | 8 ++++++++ src/signature.rs | 8 +++++++- 13 files changed, 65 insertions(+), 9 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 8d2974349..bc214d207 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -107,6 +107,8 @@ wasm-bindgen-test = "0.3" getrandom = { version = "0.2", features = ["js"] } [features] +default = ["std"] +std = [] hacspec = [] # TODO: #7 Use specs instead of efficient implementations rand = [] wasm = ["wasm-bindgen", "getrandom"] diff --git a/src/aead.rs b/src/aead.rs index 9b59a3894..65efeefd2 100644 --- a/src/aead.rs +++ b/src/aead.rs @@ -17,6 +17,12 @@ use crate::hacl::chacha20_poly1305; use libcrux_platform::{aes_ni_support, simd128_support, simd256_support}; +#[cfg(feature = "std")] +use std::vec::Vec; + +#[cfg(not(feature = "std"))] +use alloc::vec::Vec; + /// The caller has provided an invalid argument. #[derive(Debug, PartialEq, Eq, Clone, Copy)] pub enum InvalidArgumentError { diff --git a/src/digest.rs b/src/digest.rs index dd60390e1..d77d7a092 100644 --- a/src/digest.rs +++ b/src/digest.rs @@ -16,6 +16,11 @@ use crate::hacl::{blake2, sha3}; use libcrux_platform::{simd128_support, simd256_support}; +#[cfg(feature = "std")] +use std::vec::Vec; + +#[cfg(not(feature = "std"))] +use alloc::vec::Vec; #[derive(Debug)] pub enum Error { diff --git a/src/drbg.rs b/src/drbg.rs index dd7f70536..bfcb4b43e 100644 --- a/src/drbg.rs +++ b/src/drbg.rs @@ -5,6 +5,11 @@ use crate::hacl::drbg; // re-export here for convenience pub use rand::{CryptoRng, RngCore}; +#[cfg(feature = "std")] +use std::{fmt, vec, vec::Vec}; + +#[cfg(not(feature = "std"))] +use alloc::{fmt, vec, vec::Vec}; #[derive(Debug)] pub enum Error { @@ -16,13 +21,13 @@ pub enum Error { UnableToGenerate, } -impl std::fmt::Display for Error { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { +impl fmt::Display for Error { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.write_fmt(format_args!("{self:?}")) } } -impl std::error::Error for Error {} +impl core::error::Error for Error {} pub struct Drbg { state: drbg::Drbg, diff --git a/src/hacl/aesgcm.rs b/src/hacl/aesgcm.rs index dae20e762..037a53eb5 100644 --- a/src/hacl/aesgcm.rs +++ b/src/hacl/aesgcm.rs @@ -57,7 +57,7 @@ macro_rules! implement { let mut tag = Tag::default(); hardware_support()?; let ok = unsafe { - let mut state_ptr: *mut EverCrypt_AEAD_state_s = std::ptr::null_mut(); + let mut state_ptr: *mut EverCrypt_AEAD_state_s = core::ptr::null_mut(); let e = EverCrypt_AEAD_create_in($alg as u8, &mut state_ptr, key.as_ptr() as _); if e != 0 { return Err(Error::InvalidArgument); @@ -99,7 +99,7 @@ macro_rules! implement { ) -> Result<(), Error> { hardware_support()?; let ok = unsafe { - let mut state_ptr: *mut EverCrypt_AEAD_state_s = std::ptr::null_mut(); + let mut state_ptr: *mut EverCrypt_AEAD_state_s = core::ptr::null_mut(); let e = EverCrypt_AEAD_create_in($alg as u8, &mut state_ptr, key.as_ptr() as _); if e != 0 { return Err(Error::UnsupportedHardware); diff --git a/src/hacl/sha3.rs b/src/hacl/sha3.rs index 014447aab..522462087 100644 --- a/src/hacl/sha3.rs +++ b/src/hacl/sha3.rs @@ -232,7 +232,7 @@ pub mod x4 { /// bytes in increments. /// TODO: This module should not be public, see: https://github.com/cryspen/libcrux/issues/157 pub mod incremental { - use std::ptr::null_mut; + use core::ptr::null_mut; use libcrux_hacl::{ Hacl_Hash_SHA3_Scalar_shake128_absorb_final, Hacl_Hash_SHA3_Scalar_shake128_absorb_nblocks, @@ -322,7 +322,7 @@ pub mod incremental { } pub mod incremental_x4 { - use std::ptr::null_mut; + use core::ptr::null_mut; use libcrux_hacl::{ Hacl_Hash_SHA3_Scalar_shake128_absorb_final, Hacl_Hash_SHA3_Scalar_shake128_absorb_nblocks, diff --git a/src/hpke/aead.rs b/src/hpke/aead.rs index f7c331d3c..92abcabfe 100644 --- a/src/hpke/aead.rs +++ b/src/hpke/aead.rs @@ -34,6 +34,11 @@ use crate::{ aead::{self, *}, hmac::tag_size, }; +#[cfg(feature = "std")] +use std::{vec, vec::Vec}; + +#[cfg(not(feature = "std"))] +use alloc::{vec, vec::Vec}; use super::errors::*; diff --git a/src/hpke/errors.rs b/src/hpke/errors.rs index a0217d2a9..f058f9e00 100644 --- a/src/hpke/errors.rs +++ b/src/hpke/errors.rs @@ -63,6 +63,11 @@ //! - `CryptoError`: An opaque error happened in a crypto operation outside of this code. use crate::aead::InvalidArgumentError; +#[cfg(feature = "std")] +use std::vec::Vec; + +#[cfg(not(feature = "std"))] +use alloc::vec::Vec; /// Explicit errors generated throughout this specification. #[derive(Debug, Copy, Clone, PartialEq)] diff --git a/src/hpke/hpke.rs b/src/hpke/hpke.rs index e42bbeebc..87bd7bb5d 100644 --- a/src/hpke/hpke.rs +++ b/src/hpke/hpke.rs @@ -1,4 +1,9 @@ #![allow(non_camel_case_types, non_snake_case, unused_imports)] +#[cfg(feature = "std")] +use std::{vec, vec::Vec}; + +#[cfg(not(feature = "std"))] +use alloc::{vec, vec::Vec}; use libcrux_ecdh::{self, secret_to_public, x25519_derive, X25519PublicKey}; use libcrux_ml_kem::mlkem768; diff --git a/src/hpke/kdf.rs b/src/hpke/kdf.rs index fcce60217..36e1478dc 100644 --- a/src/hpke/kdf.rs +++ b/src/hpke/kdf.rs @@ -1,9 +1,13 @@ #![doc = include_str!("KDF_Readme.md")] #![allow(non_snake_case, non_camel_case_types)] +use super::errors::*; use crate::hkdf::Algorithm; +#[cfg(feature = "std")] +use std::{vec, vec::Vec}; -use super::errors::*; +#[cfg(not(feature = "std"))] +use alloc::{vec, vec::Vec}; /// ## Key Derivation Functions (KDFs) /// diff --git a/src/hpke/kem.rs b/src/hpke/kem.rs index 96e96bcd6..e9ec96aa3 100644 --- a/src/hpke/kem.rs +++ b/src/hpke/kem.rs @@ -3,6 +3,11 @@ #![allow(non_camel_case_types, non_snake_case)] use libcrux_ecdh::{X25519PrivateKey, X25519PublicKey}; +#[cfg(feature = "std")] +use std::{vec, vec::Vec}; + +#[cfg(not(feature = "std"))] +use alloc::{vec, vec::Vec}; use super::errors::*; use super::kdf::*; diff --git a/src/lib.rs b/src/lib.rs index 8642eaa91..150e56131 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -2,6 +2,14 @@ //! //! The unified, formally verified, cryptography library. +#![no_std] + +#[cfg(feature = "std")] +extern crate std; + +#[cfg(not(feature = "std"))] +extern crate alloc; + pub use libcrux_platform::aes_ni_support; // Jasmin diff --git a/src/signature.rs b/src/signature.rs index b8e7dbd9d..d6e1f86a2 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -4,6 +4,12 @@ //! * EdDSA 25519 //! * RSA PSS +#[cfg(feature = "std")] +use std::{vec, vec::Vec}; + +#[cfg(not(feature = "std"))] +use alloc::{vec, vec::Vec}; + use crate::{ ecdh, hacl::{self, ed25519}, @@ -84,7 +90,7 @@ pub mod rsa_pss { Hacl_RSAPSS_rsapss_sign, Hacl_RSAPSS_rsapss_verify, }; - use super::{DigestAlgorithm, Error}; + use super::{vec, DigestAlgorithm, Error, Vec}; /// A [`Algorithm::RsaPss`](super::Algorithm::RsaPss) Signature #[derive(Debug, Clone, PartialEq, Eq)] From 81e362009cbbf137acb7125678cd8d44cdded64d Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 13 Jan 2025 15:22:46 +0100 Subject: [PATCH 3/5] Update Readme --- Readme.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Readme.md b/Readme.md index ab8a2e28b..70f387217 100644 --- a/Readme.md +++ b/Readme.md @@ -52,6 +52,11 @@ libcrux uses the following configurations for its hardware abstractions libcrux provides a DRBG implementation that can be used standalone (`drbg::Drbg`) or through the `Rng` traits. +## `no_std` support +`libcrux` and the individual primitive crates it depends on support +`no_std` environments given a global allocator for the target +platform. + ## Verification status As a quick indicator of overall verification status, subcrates in this workspace include the following badges: From d5d69989502283601d98388b6099f3e29ad47bc1 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 14 Jan 2025 08:41:46 +0100 Subject: [PATCH 4/5] Revert "Remove redundant match arms" This reverts commit 5876a43df614737f1b3fa3254e7716fb73837027. --- libcrux-kem/src/kem.rs | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/libcrux-kem/src/kem.rs b/libcrux-kem/src/kem.rs index 99866ad05..6aa54551f 100644 --- a/libcrux-kem/src/kem.rs +++ b/libcrux-kem/src/kem.rs @@ -850,6 +850,26 @@ impl Ct { ct_x.try_into().map_err(|_| Error::InvalidCiphertext)?, )) } + #[cfg(feature = "kyber")] + Algorithm::X25519Kyber768Draft00 => { + let key: [u8; MlKem768Ciphertext::len() + 32] = + bytes.try_into().map_err(|_| Error::InvalidCiphertext)?; + let (xct, kct) = key.split_at(32); + Ok(Self::X25519Kyber768Draft00( + kct.try_into().map_err(|_| Error::InvalidCiphertext)?, + xct.try_into().map_err(|_| Error::InvalidCiphertext)?, + )) + } + #[cfg(feature = "kyber")] + Algorithm::XWingKyberDraft02 => { + let key: [u8; MlKem768Ciphertext::len() + 32] = + bytes.try_into().map_err(|_| Error::InvalidCiphertext)?; + let (ct_m, ct_x) = key.split_at(MlKem768Ciphertext::len()); + Ok(Self::XWingKyberDraft02( + ct_m.try_into().map_err(|_| Error::InvalidCiphertext)?, + ct_x.try_into().map_err(|_| Error::InvalidCiphertext)?, + )) + } Algorithm::MlKem1024 => bytes .try_into() .map_err(|_| Error::InvalidCiphertext) From 7a033a712a2d910879f8038f0ad447661fa26391 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 14 Jan 2025 08:49:37 +0100 Subject: [PATCH 5/5] Simplify use of `alloc` --- src/aead.rs | 6 +----- src/digest.rs | 5 +---- src/drbg.rs | 5 +---- src/hpke/aead.rs | 5 +---- src/hpke/errors.rs | 6 +----- src/hpke/hpke.rs | 5 +---- src/hpke/kdf.rs | 5 +---- src/hpke/kem.rs | 5 +---- src/lib.rs | 3 +++ src/signature.rs | 6 +----- 10 files changed, 12 insertions(+), 39 deletions(-) diff --git a/src/aead.rs b/src/aead.rs index 65efeefd2..5483a7a1d 100644 --- a/src/aead.rs +++ b/src/aead.rs @@ -17,11 +17,7 @@ use crate::hacl::chacha20_poly1305; use libcrux_platform::{aes_ni_support, simd128_support, simd256_support}; -#[cfg(feature = "std")] -use std::vec::Vec; - -#[cfg(not(feature = "std"))] -use alloc::vec::Vec; +use crate::std::vec::Vec; /// The caller has provided an invalid argument. #[derive(Debug, PartialEq, Eq, Clone, Copy)] diff --git a/src/digest.rs b/src/digest.rs index d77d7a092..4f9cc5202 100644 --- a/src/digest.rs +++ b/src/digest.rs @@ -16,11 +16,8 @@ use crate::hacl::{blake2, sha3}; use libcrux_platform::{simd128_support, simd256_support}; -#[cfg(feature = "std")] -use std::vec::Vec; -#[cfg(not(feature = "std"))] -use alloc::vec::Vec; +use crate::std::vec::Vec; #[derive(Debug)] pub enum Error { diff --git a/src/drbg.rs b/src/drbg.rs index bfcb4b43e..5eef3db6f 100644 --- a/src/drbg.rs +++ b/src/drbg.rs @@ -5,11 +5,8 @@ use crate::hacl::drbg; // re-export here for convenience pub use rand::{CryptoRng, RngCore}; -#[cfg(feature = "std")] -use std::{fmt, vec, vec::Vec}; -#[cfg(not(feature = "std"))] -use alloc::{fmt, vec, vec::Vec}; +use crate::std::{fmt, vec, vec::Vec}; #[derive(Debug)] pub enum Error { diff --git a/src/hpke/aead.rs b/src/hpke/aead.rs index 92abcabfe..0ca6d5f3e 100644 --- a/src/hpke/aead.rs +++ b/src/hpke/aead.rs @@ -34,11 +34,8 @@ use crate::{ aead::{self, *}, hmac::tag_size, }; -#[cfg(feature = "std")] -use std::{vec, vec::Vec}; -#[cfg(not(feature = "std"))] -use alloc::{vec, vec::Vec}; +use crate::std::{vec, vec::Vec}; use super::errors::*; diff --git a/src/hpke/errors.rs b/src/hpke/errors.rs index f058f9e00..108282d70 100644 --- a/src/hpke/errors.rs +++ b/src/hpke/errors.rs @@ -63,11 +63,7 @@ //! - `CryptoError`: An opaque error happened in a crypto operation outside of this code. use crate::aead::InvalidArgumentError; -#[cfg(feature = "std")] -use std::vec::Vec; - -#[cfg(not(feature = "std"))] -use alloc::vec::Vec; +use crate::std::vec::Vec; /// Explicit errors generated throughout this specification. #[derive(Debug, Copy, Clone, PartialEq)] diff --git a/src/hpke/hpke.rs b/src/hpke/hpke.rs index 87bd7bb5d..54b0f80ae 100644 --- a/src/hpke/hpke.rs +++ b/src/hpke/hpke.rs @@ -1,9 +1,6 @@ #![allow(non_camel_case_types, non_snake_case, unused_imports)] -#[cfg(feature = "std")] -use std::{vec, vec::Vec}; -#[cfg(not(feature = "std"))] -use alloc::{vec, vec::Vec}; +use crate::std::{vec, vec::Vec}; use libcrux_ecdh::{self, secret_to_public, x25519_derive, X25519PublicKey}; use libcrux_ml_kem::mlkem768; diff --git a/src/hpke/kdf.rs b/src/hpke/kdf.rs index 36e1478dc..a7d3eb598 100644 --- a/src/hpke/kdf.rs +++ b/src/hpke/kdf.rs @@ -3,11 +3,8 @@ use super::errors::*; use crate::hkdf::Algorithm; -#[cfg(feature = "std")] -use std::{vec, vec::Vec}; -#[cfg(not(feature = "std"))] -use alloc::{vec, vec::Vec}; +use crate::std::{vec, vec::Vec}; /// ## Key Derivation Functions (KDFs) /// diff --git a/src/hpke/kem.rs b/src/hpke/kem.rs index e9ec96aa3..7c7a76045 100644 --- a/src/hpke/kem.rs +++ b/src/hpke/kem.rs @@ -3,11 +3,8 @@ #![allow(non_camel_case_types, non_snake_case)] use libcrux_ecdh::{X25519PrivateKey, X25519PublicKey}; -#[cfg(feature = "std")] -use std::{vec, vec::Vec}; -#[cfg(not(feature = "std"))] -use alloc::{vec, vec::Vec}; +use crate::std::{vec, vec::Vec}; use super::errors::*; use super::kdf::*; diff --git a/src/lib.rs b/src/lib.rs index 150e56131..a8f458710 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -10,6 +10,9 @@ extern crate std; #[cfg(not(feature = "std"))] extern crate alloc; +#[cfg(not(feature = "std"))] +use alloc as std; + pub use libcrux_platform::aes_ni_support; // Jasmin diff --git a/src/signature.rs b/src/signature.rs index d6e1f86a2..68acb7ebf 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -4,11 +4,7 @@ //! * EdDSA 25519 //! * RSA PSS -#[cfg(feature = "std")] -use std::{vec, vec::Vec}; - -#[cfg(not(feature = "std"))] -use alloc::{vec, vec::Vec}; +use crate::std::{vec, vec::Vec}; use crate::{ ecdh,