Fix KeyMaterial::concatenate logic and improve Condition<T> correctness for i64/u64

Cargo.toml

@@ -15,6 +15,7 @@ bouncycastle-factory = { path = "./crypto/factory", version = "0.1.1"}
 bouncycastle-hex = { path = "./crypto/hex", version = "0.1.1" }
 bouncycastle-hkdf = { path = "./crypto/hkdf", version = "0.1.1"}
 bouncycastle-hmac = { path = "./crypto/hmac", version = "0.1.1"}
+bouncycastle-mldsa = { path = "./crypto/mldsa", version = "0.1.2" }
 bouncycastle-rng = { path = "./crypto/rng", version = "0.1.1" }
 bouncycastle-sha2 = { path = "./crypto/sha2", version = "0.1.1"}
 bouncycastle-sha3 = { path = "./crypto/sha3", version = "0.1.1"}
@@ -42,6 +43,7 @@ bouncycastle-factory.workspace = true
 bouncycastle-hex.workspace = true
 bouncycastle-hkdf.workspace = true
 bouncycastle-hmac.workspace = true
+bouncycastle-mldsa.workspace = true
 bouncycastle-rng.workspace = true
 bouncycastle-sha2.workspace = true
 bouncycastle-sha3.workspace = true

alpha_0.1.2_release_notes.md

@@ -0,0 +1,17 @@
+# TODO
+[remove this section before publication]
+
+[ ] Finish ML-DSA
+[ ] Ensure that all crates have `#![forbid(missing_docs)]`
+[ ] Apply Secret trait consistently across the library --> study the `Zeroize` trait in RustCrypto
+[ ] Change all "[u8;0]" to "[]" throughout the code and docs ... or better yet, change the APIs to take an Option<>
+[ ] Enhance the default HashDRBG instantiation to take in NIST-compatible CPU jitter entropy
+[ ] Get an opinion from Bob Beck or Dennis about the factories ... Are they worth it?
+[ ] Do a pass over KeyMaterial, taking into account Dennis Jackson's input (maybe ping him for a phone call?)
+[ ] Open github issues
+
+# 0.1.2 Features / Changelog
+
+* ML-DSA
+* Github issues resolved:
+  * #2, or whatever

cli/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cli"
-version = "0.1.0"
+version = "0.1.2"
 edition.workspace = true
 
 [dependencies]

cli/src/encoders_cmd.rs

@@ -8,50 +8,60 @@ pub(crate) fn hex_encode_cmd() {
     // Stream from stdin to stdout in chunks of 1 kb
     let mut buf: [u8; 1024] = [0u8; 1024];
     let mut bytes_read = io::stdin().read(&mut buf).expect("Failed to read from stdin");
-    while bytes_read == 1024 {
-        print!("{}", hex::encode(&buf));
+    while bytes_read != 0 {
+        io::stdout().write_all(
+            hex::encode(&buf[..bytes_read]).as_bytes()
+        ).expect("Failed to write to stdout");
+
         bytes_read = io::stdin().read(&mut buf).expect("Failed to read from stdin");
     }
-    print!("{}", hex::encode(&buf));
 }
 
 pub(crate) fn hex_decode_cmd() {
     // Stream from stdin to stdout in chunks of 1 kb
     let mut buf: [u8; 1024] = [0u8; 1024];
     let mut bytes_read = io::stdin().read(&mut buf).expect("Failed to read from stdin");
-    let mut chunk_str: String = String::from_utf8(Vec::from(buf.as_slice())).unwrap();
-    while bytes_read == 1024 {
-        io::stdout().write_all(&*hex::decode(chunk_str.as_str()).unwrap()).expect("Failed to write to stdout");
+    while bytes_read != 0 {
+        let chunk_str: String = String::from_utf8(
+            Vec::from(&buf[..bytes_read])
+        ).expect("Input was not valid utf8.");
+
+        io::stdout().write_all(
+            &*hex::decode(chunk_str.as_str()).expect("Input was not valid hex.")
+        ).expect("Failed to write to stdout");
 
         bytes_read = io::stdin().read(&mut buf).expect("Failed to read from stdin");
-        chunk_str = String::from_utf8(Vec::from(buf.as_slice())).unwrap();
     }
-    io::stdout().write_all(&*hex::decode(chunk_str.as_str()).unwrap()).expect("Failed to write to stdout");
 }
 
 pub(crate) fn base64_encode_cmd() {
     let mut encoder = base64::Base64Encoder::new();
     // Stream from stdin to stdout in chunks of 1 kb
     let mut buf: [u8; 1024] = [0u8; 1024];
     let mut bytes_read = io::stdin().read(&mut buf).expect("Failed to read from stdin");
-    while bytes_read == 1024 {
-        print!("{}", encoder.do_update(&buf));
+    while bytes_read != 0 {
+        io::stdout().write_all(
+            encoder.do_update(&buf[..bytes_read]).as_bytes()
+        ).expect("Failed to write to stdout");
+
         bytes_read = io::stdin().read(&mut buf).expect("Failed to read from stdin");
     }
-    print!("{}", encoder.do_final(&buf[..bytes_read]));
 }
 
 pub(crate) fn base64_decode_cmd() {
     // Stream from stdin to stdout in chunks of 1 kb
     let mut buf: [u8; 1024] = [0u8; 1024];
     let mut decoder = base64::Base64Decoder::new(true);
     let mut bytes_read = io::stdin().read(&mut buf).expect("Failed to read from stdin");
-    let mut chunk_str: String = String::from_utf8(Vec::from(buf.as_slice())).unwrap();
-    while bytes_read == 1024 {
-        io::stdout().write_all(decoder.do_update(chunk_str.as_str()).unwrap().as_slice()).expect("Failed to write to stdout");
+    while bytes_read != 0 {
+        let chunk_str: String = String::from_utf8(
+            Vec::from(&buf[..bytes_read])
+        ).expect("Input was not valid utf8.");
+
+        io::stdout().write_all(
+            decoder.do_update(chunk_str.as_str()).expect("Input was not valid base64.").as_slice()
+        ).expect("Failed to write to stdout");
 
         bytes_read = io::stdin().read(&mut buf).expect("Failed to read from stdin");
-        chunk_str = String::from_utf8(Vec::from(buf.as_slice())).unwrap();
     }
-    io::stdout().write_all(decoder.do_final(chunk_str.as_str()).unwrap().as_slice()).expect("Failed to write to stdout");
 }

cli/src/hkdf_cmd.rs

@@ -2,7 +2,7 @@ use std::{fs, io};
 use std::io::Write;
 use std::process::exit;
 
-use bouncycastle::core_interface::key_material::{KeyMaterialInternal, KeyType};
+use bouncycastle::core_interface::key_material::{KeyMaterialSized, KeyType};
 use bouncycastle::core_interface::traits::KeyMaterial;
 use bouncycastle::hex;
 use bouncycastle::hkdf;
@@ -19,7 +19,7 @@ pub(crate) fn hkdf_cmd(hkdfname: &str,
     let salt_bytes: Vec<u8>;
     let ikm_bytes: Vec<u8>;
     let additional_input_bytes: Vec<u8>;
-    let mut out_key = KeyMaterialInternal::<1024>::new();
+    let mut out_key = KeyMaterialSized::<1024>::new();
 
     if len > 1024 {
         eprintln!("Error: The CLI only supports output lengths up to 128 bytes (1024 bits).");
@@ -40,7 +40,7 @@ pub(crate) fn hkdf_cmd(hkdfname: &str,
         eprintln!("Error: The CLI only supports HKDF salts up to 128 bytes (1024 bytes).");
         exit(-1);
     }
-    let mut salt_key = KeyMaterialInternal::<1024>::from_bytes(&salt_bytes).unwrap();
+    let mut salt_key = KeyMaterialSized::<1024>::from_bytes(&salt_bytes).unwrap();
     // force it just so the CLI behaves properly even with all-zero or zero-length keys
     salt_key.allow_hazardous_operations();
     salt_key.convert_key_type(KeyType::MACKey).unwrap();

cli/src/main.rs

@@ -4,8 +4,11 @@ mod sha2_cmd;
 mod mac_cmd;
 mod hkdf_cmd;
 mod rng_cmd;
+mod mldsa_cmd;
 
-use clap::{Parser, Subcommand};
+use std::io;
+use std::io::Write;
+use clap::{Parser, Subcommand, ValueEnum};
 use crate::mac_cmd::HMACVariant;
 
 #[derive(Parser)]
@@ -269,6 +272,194 @@ enum Subcommands {
         /// Output in hex format.
         x: bool,
     },
+
+    /// The ML-DSA-44 signature algorithm.
+    MLDSA44 {
+        action: MLDSAAction,
+
+        #[arg(long)]
+        /// The file containing context string (in hex) for signing or verifying
+        ctxfile: Option<String>,
+
+        #[arg(long)]
+        /// The private key file (in hex or binary) for signing
+        skfile: Option<String>,
+
+        #[arg(long)]
+        /// The public key file (in hex or binary) for verifying
+        pkfile: Option<String>,
+
+        #[arg(long)]
+        /// The signature value file (in hex or binary) for verifying
+        sigfile: Option<String>,
+
+
+        #[arg(short)]
+        /// Output in hex format.
+        x: bool,
+    },
+
+    /// The ML-DSA-65 signature algorithm.
+    MLDSA65 {
+        action: MLDSAAction,
+
+        #[arg(long)]
+        /// The file containing context string (in hex) for signing or verifying
+        ctxfile: Option<String>,
+
+        #[arg(long)]
+        /// The private key file (in hex or binary) for signing
+        skfile: Option<String>,
+
+        #[arg(long)]
+        /// The public key file (in hex or binary) for verifying
+        pkfile: Option<String>,
+
+        #[arg(long)]
+        /// The signature value file (in hex or binary) for verifying
+        sigfile: Option<String>,
+
+
+        #[arg(short)]
+        /// Output in hex format.
+        x: bool,
+    },
+
+    /// The ML-DSA-87 signature algorithm.
+    MLDSA87 {
+        action: MLDSAAction,
+
+        #[arg(long)]
+        /// The file containing context string (in hex) for signing or verifying
+        ctxfile: Option<String>,
+
+        #[arg(long)]
+        /// The private key file (in hex or binary) for signing
+        skfile: Option<String>,
+
+        #[arg(long)]
+        /// The public key file (in hex or binary) for verifying
+        pkfile: Option<String>,
+
+        #[arg(long)]
+        /// The signature value file (in hex or binary) for verifying
+        sigfile: Option<String>,
+
+
+        #[arg(short)]
+        /// Output in hex format.
+        x: bool,
+    },
+
+    /// The HashML-DSA-44 signature algorithm.
+    HashMLDSA44 {
+        action: MLDSAAction,
+
+        #[arg(long)]
+        /// The file containing context string (in hex) for signing or verifying
+        ctxfile: Option<String>,
+
+        #[arg(long)]
+        /// The private key file (in hex or binary) for signing
+        skfile: Option<String>,
+
+        #[arg(long)]
+        /// The public key file (in hex or binary) for verifying
+        pkfile: Option<String>,
+
+        #[arg(long)]
+        /// The signature value file (in hex or binary) for verifying
+        sigfile: Option<String>,
+
+
+        #[arg(short)]
+        /// Output in hex format.
+        x: bool,
+    },
+
+    /// The HashML-DSA-65 signature algorithm.
+    HashMLDSA65 {
+        action: MLDSAAction,
+
+        #[arg(long)]
+        /// The file containing context string (in hex) for signing or verifying
+        ctxfile: Option<String>,
+
+        #[arg(long)]
+        /// The private key file (in hex or binary) for signing
+        skfile: Option<String>,
+
+        #[arg(long)]
+        /// The public key file (in hex or binary) for verifying
+        pkfile: Option<String>,
+
+        #[arg(long)]
+        /// The signature value file (in hex or binary) for verifying
+        sigfile: Option<String>,
+
+
+        #[arg(short)]
+        /// Output in hex format.
+        x: bool,
+    },
+
+    /// The HashML-DSA87 signature algorithm.
+    HashMLDSA87 {
+        action: MLDSAAction,
+
+        #[arg(long)]
+        /// The file containing context string (in hex) for signing or verifying
+        ctxfile: Option<String>,
+
+        #[arg(long)]
+        /// The private key file (in hex or binary) for signing
+        skfile: Option<String>,
+
+        #[arg(long)]
+        /// The public key file (in hex or binary) for verifying
+        pkfile: Option<String>,
+
+        #[arg(long)]
+        /// The signature value file (in hex or binary) for verifying
+        sigfile: Option<String>,
+
+
+        #[arg(short)]
+        /// Output in hex format.
+        x: bool,
+    },
+}
+
+#[derive(ValueEnum, Clone, Debug)]
+pub(crate) enum MLDSAAction {
+    /// Generate and output a new private key
+    Keygen,
+    /// Generate and output a private key from a seed read from stdin.
+    /// Accepts either binary or hex.
+    KeygenFromSeed,
+    /// Generate and output a new public key from a private key read from stdin.
+    /// Accepts either binary or hex.
+    PkFromSk,
+    /// Accepts a sk and pk, and checks that they match.
+    CheckConsistency,
+    /// Sign a message read from stdin with a private key file and output the signature.
+    /// Accepts private key as full or seed, binary or hex.
+    Sign,
+    /// Verify a message read from stdin with a public key file and a signature file
+    /// Accepts the public key and signature as binary or hex.
+    Verify,
+}
+
+pub(crate) fn write_bytes_or_hex(bytes: &[u8], output_hex: bool) {
+    // first flush stdout to ensure any buffered data is written
+    io::stdout().flush().unwrap();
+    if output_hex {
+        for b in bytes.iter() {
+            print!("{b:02x}");
+        }
+    } else {
+        io::stdout().write_all(bytes).unwrap();
+    }
 }
 
 fn main() {
@@ -294,6 +485,12 @@ fn main() {
         Some(Subcommands::HKDF_SHA256 { salt, salt_file, ikm, ikm_file, additional_input, additional_input_file, len, x}) => { hkdf_cmd::hkdf_cmd("HKDF-SHA256", salt, salt_file, ikm, ikm_file, additional_input, additional_input_file, *len, *x)},
         Some(Subcommands::HKDF_SHA512 { salt, salt_file, ikm, ikm_file, additional_input, additional_input_file, len, x}) => { hkdf_cmd::hkdf_cmd("HKDF-SHA512", salt, salt_file, ikm, ikm_file, additional_input, additional_input_file, *len, *x)},
         Some(Subcommands::RNG {  len, x}) => { rng_cmd::rng_cmd(*len, *x)},
+        Some(Subcommands::MLDSA44 { action, ctxfile, skfile, pkfile, sigfile, x }) => { mldsa_cmd::mldsa44_cmd(action, ctxfile, skfile, pkfile, sigfile, *x); }
+        Some(Subcommands::MLDSA65 { action, ctxfile, skfile, pkfile, sigfile, x }) => { mldsa_cmd::mldsa65_cmd(action, ctxfile, skfile, pkfile, sigfile, *x); }
+        Some(Subcommands::MLDSA87 { action, ctxfile, skfile, pkfile, sigfile, x }) => { mldsa_cmd::mldsa87_cmd(action, ctxfile, skfile, pkfile, sigfile, *x); }
+        Some(Subcommands::HashMLDSA44 { action, ctxfile, skfile, pkfile, sigfile, x }) => { mldsa_cmd::hash_mldsa44_sha512_cmd(action, ctxfile, skfile, pkfile, sigfile, *x); }
+        Some(Subcommands::HashMLDSA65 { action, ctxfile, skfile, pkfile, sigfile, x }) => { mldsa_cmd::hash_mldsa65_sha512_cmd(action, ctxfile, skfile, pkfile, sigfile, *x); }
+        Some(Subcommands::HashMLDSA87 { action, ctxfile, skfile, pkfile, sigfile, x }) => { mldsa_cmd::hash_mldsa87_sha512_cmd(action, ctxfile, skfile, pkfile, sigfile, *x); }
         None => { eprintln!("No command provided. See -h") },
     }
 }