Cleanup & Version bumps

.github/workflows/rust.yml

@@ -2,9 +2,14 @@ name: Build & Test
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "main", "dev" ]
   pull_request:
-    branches: [ "main" ]
+    branches: [ "main", "dev" ]
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 env:
   CARGO_TERM_COLOR: always
@@ -14,31 +19,68 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
+        bits: [32, 64]
         os:
           - macos-latest
           - ubuntu-latest
           - windows-latest
+        exclude:
+          - bits: 32
+            os: "macos-latest"
 
     runs-on: ${{ matrix.os }}
+    defaults:
+      run:
+        shell: bash
 
     steps:
-
+    - uses: actions/checkout@v3
+
     - name: Setup Ubuntu
       if: matrix.os == 'ubuntu-latest'
-      run: sudo apt-get install ninja-build
+      run: |
+        sudo apt-get update
+        sudo apt-get install ninja-build gcc-multilib g++-multilib
+        rustup target add i686-unknown-linux-gnu
+
     - name: Setup MacOS
       if: matrix.os == 'macos-latest'
       run: brew install ninja
-    - name: Setup Windows
-      if: matrix.os == 'windows-latest'
+
+    - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV
+      if: ${{ matrix.bits == 64 }}
+
+    - name: Config Windows x86
+      run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV
+      if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }}
+
+    - name: Config Linux x86
+      run: |
+        echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV
+      if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }}
+
+    - name: Setup Windows x86
+      if: ${{ matrix.os == 'windows-latest' }}
+      shell: pwsh
       run: |
         echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append
-        vcpkg install openssl:x64-windows-static-md
+        vcpkg install openssl:x86-windows-static-md
 
-    - uses: actions/checkout@v3
+    - name: Setup Windows x64
+      if: ${{ matrix.os == 'windows-latest' }}
+      shell: pwsh
+      run: |
+        echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append
+        vcpkg install openssl:x64-windows-static-md
 
     - name: Build
-      run: cargo build --verbose
+      if: ${{ !(matrix.bits == 32 && matrix.os == 'macos-latest' ) }}
+      run: cargo build --verbose $RUST_TARGET_FLAG
 
     - name: Run tests
-      run: cargo test --verbose
+      if: ${{ !(matrix.bits == 32 && matrix.os == 'macos-latest' ) }}
+      run: cargo test --verbose $RUST_TARGET_FLAG
+
+    - name: Run tests release
+      if: ${{ !(matrix.bits == 32 && matrix.os == 'macos-latest' ) }}
+      run: cargo test --verbose --release $RUST_TARGET_FLAG

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libcrux"
-version = "0.0.1"
+version = "0.0.2-pre.1"
 edition = "2021"
 authors = ["Franziskus Kiefer <[email protected]>"]
 license = "Apache-2.0"
@@ -14,11 +14,11 @@ exclude = ["/tests"]
 crate-type = ["staticlib", "cdylib", "lib"]
 
 [dependencies]
-hacl = { version = "=0.0.2", features = ["hazmat"] }
+hacl = { version = "=0.0.3-pre.1", features = ["hazmat"] }
 rand = { version = "0.8" }
 log = "0.4"
 
-[target.'cfg(any(target_arch = "x86_64", target_arch = "x86"))'.dependencies]
+[target.'cfg(target_arch = "x86_64")'.dependencies]
 libjade-sys = { version = "0.0.1", path = "sys/libjade" }
 
 [dev-dependencies]

src/digest.rs

@@ -121,13 +121,13 @@ pub type Sha3_512Digest = [u8; digest_size(Algorithm::Sha3_512)];
 
 macro_rules! sha3_impl {
     ($fun_name:ident, $output:ty, $jasmin_fun:expr, $hacl_fun:expr) => {
-        #[cfg(any(target_arch = "x86", target_arch = "x86_64"))]
+        #[cfg(target_arch = "x86_64")]
         pub fn $fun_name(payload: &[u8]) -> $output {
             // On x64 we use Jasmin for AVX2 and fallback.
             $jasmin_fun(payload)
         }
 
-        #[cfg(not(any(target_arch = "x86", target_arch = "x86_64")))]
+        #[cfg(target_arch = "x86_64")]
         pub fn $fun_name(payload: &[u8]) -> $output {
             // On all other platforms we use HACL
             $hacl_fun(payload)

src/lib.rs

@@ -6,7 +6,7 @@ pub(crate) mod hw_detection;
 pub use hw_detection::aes_ni_support;
 
 // Jasmin
-#[cfg(any(target_arch = "x86", target_arch = "x86_64"))]
+#[cfg(target_arch = "x86_64")]
 pub(crate) mod jasmin;
 
 // libcrux

src/signature.rs

@@ -3,7 +3,10 @@
 //! * EcDSA P256 with Sha256, Sha384, and Sha512
 //! * EdDSA 25519
 
-use hacl::hazmat::{self, ed25519, p256};
+use hacl::{
+    hazmat::{self, ed25519, p256},
+    rsa_pss,
+};
 use rand::{CryptoRng, Rng, RngCore};
 
 use crate::ecdh;
@@ -14,6 +17,7 @@ pub enum Error {
     SigningError,
     InvalidSignature,
     KeyGenError,
+    InvalidKey,
 }
 
 /// The digest algorithm used for the signature scheme (when required).
@@ -29,19 +33,22 @@ pub enum DigestAlgorithm {
 pub enum Algorithm {
     EcDsaP256(DigestAlgorithm),
     Ed25519,
+    RsaPss(DigestAlgorithm),
 }
 
 /// The signature
 #[derive(Debug)]
 pub enum Signature {
     EcDsaP256(EcDsaP256Signature),
     Ed25519(Ed25519Signature),
+    RsaPss(RsaPssSignature),
 }
 
 impl Signature {
     /// Convert the signature into a raw byte vector.
     ///
-    /// NIST P Curve signatures are returned as `r || s`.
+    /// * NIST P Curve signatures are returned as `r || s`.
+    /// * RSA PSS signatures are returned as the raw bytes.
     pub fn into_vec(self) -> Vec<u8> {
         match self {
             Signature::EcDsaP256(s) => {
@@ -50,6 +57,7 @@ impl Signature {
                 out
             }
             Signature::Ed25519(s) => s.signature.to_vec(),
+            Signature::RsaPss(s) => s.signature,
         }
     }
 }
@@ -68,6 +76,77 @@ pub struct Ed25519Signature {
     signature: [u8; 64],
 }
 
+/// A [`Algorithm::RsaPss`] Signature
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct RsaPssSignature {
+    signature: Vec<u8>,
+}
+
+/// A [`Algorithm::RsaPss`] public key.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct RsaPssPublicKey {
+    value: rsa_pss::PublicKey,
+}
+
+fn rsa_pss_digest(hash_algorithm: DigestAlgorithm) -> hacl::digest::Algorithm {
+    match hash_algorithm {
+        DigestAlgorithm::Sha256 => hacl::digest::Algorithm::Sha256,
+        DigestAlgorithm::Sha384 => hacl::digest::Algorithm::Sha384,
+        DigestAlgorithm::Sha512 => hacl::digest::Algorithm::Sha512,
+    }
+}
+
+impl RsaPssPublicKey {
+    pub fn new(key_size: rsa_pss::KeySize, n: &[u8]) -> Result<Self, Error> {
+        Ok(Self {
+            value: rsa_pss::PublicKey::new(key_size, n).map_err(|_| Error::InvalidKey)?,
+        })
+    }
+
+    pub fn verify(
+        &self,
+        hash_algorithm: DigestAlgorithm,
+        msg: &[u8],
+        salt_len: usize,
+        signature: &RsaPssSignature,
+    ) -> Result<(), Error> {
+        let hash_algorithm = rsa_pss_digest(hash_algorithm);
+        rsa_pss::verify(
+            hash_algorithm,
+            &self.value,
+            &signature.signature,
+            msg,
+            salt_len,
+        )
+        .map_err(|_| Error::InvalidSignature)
+    }
+}
+
+/// A [`Algorithm::RsaPss`] private key.
+pub struct RsaPssPrivateKey<'a> {
+    value: rsa_pss::PrivateKey<'a>,
+}
+
+impl<'a> RsaPssPrivateKey<'a> {
+    pub fn new(pk: &'a RsaPssPublicKey, value: &[u8]) -> Result<Self, Error> {
+        Ok(Self {
+            value: rsa_pss::PrivateKey::new(&pk.value, value).map_err(|_| Error::InvalidKey)?,
+        })
+    }
+
+    pub fn sign(
+        &self,
+        hash_algorithm: DigestAlgorithm,
+        salt: &[u8],
+        msg: &[u8],
+    ) -> Result<RsaPssSignature, Error> {
+        let hash_algorithm = rsa_pss_digest(hash_algorithm);
+        rsa_pss::sign(hash_algorithm, &self.value, salt, msg)
+            .map(|signature| RsaPssSignature { signature })
+            .map_err(|_| Error::SigningError)
+    }
+}
+
 impl Ed25519Signature {
     /// Generate a signature from the raw 64 bytes.
     pub fn from_bytes(signature: [u8; 64]) -> Self {
@@ -189,6 +268,9 @@ pub fn sign(
             .map_err(into_signing_error)?;
             Signature::Ed25519(Ed25519Signature { signature })
         }
+        Algorithm::RsaPss(_) => {
+            todo!()
+        }
     };
 
     Ok(signature)
@@ -247,6 +329,7 @@ pub fn verify(payload: &[u8], signature: &Signature, public_key: &[u8]) -> Resul
             let public_key = public_key.try_into().map_err(|_| Error::InvalidSignature)?;
             ed25519::verify(payload, public_key, &signature.signature).map_err(into_verify_error)
         }
+        Signature::RsaPss(_) => todo!(),
     }
 }
 
@@ -285,5 +368,6 @@ pub fn key_gen(
 
             Ok((sk.to_vec(), pk.to_vec()))
         }
+        Algorithm::RsaPss(_) => todo!(),
     }
 }