start on Dilithium5

WebOfTrust · Aug 13, 2023 · fb972b0 · fb972b0
1 parent 0fc4e02
commit fb972b0
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 4 deletions.
diff --git a/src/core/matter/tables.rs b/src/core/matter/tables.rs
@@ -36,6 +36,8 @@ pub(crate) fn sizage(s: &str) -> Result<Sizage> {
         "S" => Sizage { hs: 1, ss: 0, fs: 2604, ls: 0 },
         "T" => Sizage { hs: 1, ss: 0, fs: 44, ls: 0 },
         "U" => Sizage { hs: 1, ss: 0, fs: 4392, ls: 0 },
+        "V" => Sizage { hs: 1, ss: 0, fs: 44, ls: 0 },
+        "W" => Sizage { hs: 1, ss: 0, fs: 6128, ls: 0 },
         "0A" => Sizage { hs: 2, ss: 0, fs: 24, ls: 0 },
         "0B" => Sizage { hs: 2, ss: 0, fs: 88, ls: 0 },
         "0C" => Sizage { hs: 2, ss: 0, fs: 88, ls: 0 },
@@ -55,6 +57,8 @@ pub(crate) fn sizage(s: &str) -> Result<Sizage> {
         "1AAH" => Sizage { hs: 4, ss: 0, fs: 100, ls: 0 },
         "1AAI" => Sizage { hs: 4, ss: 0, fs: 48, ls: 0 },
         "1AAJ" => Sizage { hs: 4, ss: 0, fs: 48, ls: 0 },
+        "1AAK" => Sizage { hs: 4, ss: 0, fs: 3460, ls: 0 },
+        "1AAL" => Sizage { hs: 4, ss: 0, fs: 3460, ls: 0 },
         "2AAA" => Sizage { hs: 4, ss: 0, fs: 8, ls: 1 },
         "3AAA" => Sizage { hs: 4, ss: 0, fs: 8, ls: 2 },
         "4A" => Sizage { hs: 2, ss: 2, fs: u32::MAX, ls: 0 },
@@ -129,6 +133,8 @@ pub mod Codex {
     pub const CRYSTALS_Dilithium3: &str = "S"; // CRYSTALS Dilithium verficiation key.
     pub const CRYSTALS_Dilithium3_Seed: &str = "T"; // CRYSTALS Dilithium private key seed. This one is actually a seed.
     pub const CRYSTALS_Dilithium3_Sig: &str = "U"; // CRYSTALS Dilithium signature.
+    pub const CRYSTALS_Dilithium5_Seed: &str = "V"; // CRYSTALS Dilithium5 verification key, non-transferable.
+    pub const CRYSTALS_Dilithium5_Sig: &str = "W"; // CRYSTALS Dilithium5 signature.
     pub const Salt_128: &str = "0A"; // 128 bit random salt or 128 bit number (see Huge)
     pub const Ed25519_Sig: &str = "0B"; // Ed25519 signature.
     pub const ECDSA_256k1_Sig: &str = "0C"; // ECDSA secp256k1 signature.
@@ -148,6 +154,8 @@ pub mod Codex {
     pub const X25519_Cipher_Salt: &str = "1AAH"; // X25519 100 char b64 Cipher of 24 char qb64 Salt
     pub const ECDSA_256r1N: &str = "1AAI"; // ECDSA secp256r1 verification key non-transferable, basic derivation.
     pub const ECDSA_256r1: &str = "1AAJ"; // ECDSA secp256r1 verification or encryption key, basic derivation
+    pub const CRYSTALS_Dilithium5N: &str = "1AAK"; // CRYSTALS Dilithium5 verification key, non-transferable.
+    pub const CRYSTALS_Dilithium5: &str = "1AAL"; // CRYSTALS Dilithium5 verification key, non-transferable.
     pub const TBD1: &str = "2AAA"; // Testing purposes only fixed with lead size 1
     pub const TBD2: &str = "3AAA"; // Testing purposes only of fixed with lead size 2
     pub const StrB64_L0: &str = "4A"; // String Base64 Only Lead Size 0 (4095 * 3 | 4)
@@ -206,6 +214,8 @@ mod test {
     #[case("1AAH", 4, 0, 100, 0)]
     #[case("1AAI", 4, 0, 48, 0)]
     #[case("1AAJ", 4, 0, 48, 0)]
+    #[case("1AAK", 4, 0, 3460, 0)]
+    #[case("1AAL", 4, 0, 3460, 0)]
     #[case("2AAA", 4, 0, 8, 1)]
     #[case("3AAA", 4, 0, 8, 2)]
     #[case("4A", 2, 2, u32::MAX, 0)]

diff --git a/src/crypto/sign.rs b/src/crypto/sign.rs
@@ -19,6 +19,10 @@ pub(crate) fn generate(code: &str) -> Result<Vec<u8>> {
         | matter::Codex::CRYSTALS_Dilithium3N
         | matter::Codex::CRYSTALS_Dilithium3_Seed
         | matter::Codex::CRYSTALS_Dilithium3_Sig => crystals_dilithium3::generate(),
+        matter::Codex::CRYSTALS_Dilithium5
+        | matter::Codex::CRYSTALS_Dilithium5N
+        | matter::Codex::CRYSTALS_Dilithium5_Seed
+        | matter::Codex::CRYSTALS_Dilithium5_Sig => crystals_dilithium5::generate(),
         _ => err!(Error::UnexpectedCode(code.to_string())),
     }
 }
@@ -41,6 +45,10 @@ pub(crate) fn public_key(code: &str, private_key: &[u8]) -> Result<Vec<u8>> {
         | matter::Codex::CRYSTALS_Dilithium3N
         | matter::Codex::CRYSTALS_Dilithium3_Seed
         | matter::Codex::CRYSTALS_Dilithium3_Sig => crystals_dilithium3::public_key(private_key),
+        matter::Codex::CRYSTALS_Dilithium5
+        | matter::Codex::CRYSTALS_Dilithium5N
+        | matter::Codex::CRYSTALS_Dilithium5_Seed
+        | matter::Codex::CRYSTALS_Dilithium5_Sig => crystals_dilithium5::public_key(private_key),
         _ => err!(Error::UnexpectedCode(code.to_string())),
     }
 }
@@ -63,6 +71,10 @@ pub(crate) fn sign(code: &str, private_key: &[u8], ser: &[u8]) -> Result<Vec<u8>
         | matter::Codex::CRYSTALS_Dilithium3N
         | matter::Codex::CRYSTALS_Dilithium3_Seed
         | matter::Codex::CRYSTALS_Dilithium3_Sig => crystals_dilithium3::sign(private_key, ser),
+        matter::Codex::CRYSTALS_Dilithium5
+        | matter::Codex::CRYSTALS_Dilithium5N
+        | matter::Codex::CRYSTALS_Dilithium5_Seed
+        | matter::Codex::CRYSTALS_Dilithium5_Sig => crystals_dilithium5::sign(private_key, ser),
         _ => err!(Error::UnexpectedCode(code.to_string())),
     }
 }
@@ -85,6 +97,10 @@ pub(crate) fn verify(code: &str, public_key: &[u8], sig: &[u8], ser: &[u8]) -> R
         | matter::Codex::CRYSTALS_Dilithium3N
         | matter::Codex::CRYSTALS_Dilithium3_Seed
         | matter::Codex::CRYSTALS_Dilithium3_Sig => crystals_dilithium3::verify(public_key, sig, ser),
+        matter::Codex::CRYSTALS_Dilithium5
+        | matter::Codex::CRYSTALS_Dilithium5N
+        | matter::Codex::CRYSTALS_Dilithium5_Seed
+        | matter::Codex::CRYSTALS_Dilithium5_Sig => crystals_dilithium5::verify(public_key, sig, ser),
         _ => err!(Error::UnexpectedCode(code.to_string())),
     }
 }
@@ -244,6 +260,42 @@ mod crystals_dilithium3 {
     }
 }
 
+mod crystals_dilithium5 {
+    use crystals_dilithium::dilithium5::{Keypair, PublicKey};
+    use zeroize::Zeroize;
+
+    use crate::crypto::csprng;
+    use crate::error::Result;
+
+    pub(crate) fn generate() -> Result<Vec<u8>> {
+        let mut bytes = [0u8; 32];
+        csprng::fill_bytes(&mut bytes);
+
+        let result = bytes.to_vec();
+        bytes.zeroize();
+
+        Ok(result)
+    }
+
+    pub(crate) fn public_key(seed: &[u8]) -> Result<Vec<u8>> {
+        let keypair = Keypair::generate(Some(seed));
+        Ok(keypair.public.to_bytes().to_vec())
+    }
+
+    pub(crate) fn sign(seed: &[u8], ser: &[u8]) -> Result<Vec<u8>> {
+        let keypair = Keypair::generate(Some(seed));
+        let mut signature = keypair.sign(ser);
+        let result = signature.to_vec();
+        signature.zeroize();
+        Ok(result)
+    }
+
+    pub(crate) fn verify(public_key: &[u8], sig: &[u8], ser: &[u8]) -> Result<bool> {
+        let public_key = PublicKey::from_bytes(public_key);
+        Ok(public_key.verify(ser, sig))
+    }
+}
+
 #[cfg(test)]
 mod test {
     use crate::core::matter::tables as matter;
@@ -252,13 +304,13 @@ mod test {
 
     #[rstest]
     fn end_to_end(
-        #[values(matter::Codex::Ed25519, matter::Codex::ECDSA_256k1, matter::Codex::ECDSA_256r1, matter::Codex::CRYSTALS_Dilithium3)]
+        #[values(matter::Codex::Ed25519, matter::Codex::ECDSA_256k1, matter::Codex::ECDSA_256r1, matter::Codex::CRYSTALS_Dilithium3, matter::Codex::CRYSTALS_Dilithium5)]
         code: &str,
     ) {
         let ser = b"abcdefghijklmnopqrstuvwxyz";
-        let private_key = sign::generate(code).unwrap();
-        let signature = sign::sign(code, &private_key, ser).unwrap();
-        let public_key = sign::public_key(code, &private_key).unwrap();
+        let seed = sign::generate(code).unwrap();
+        let signature = sign::sign(code, &seed, ser).unwrap();
+        let public_key = sign::public_key(code, &seed).unwrap();
         assert!(sign::verify(code, &public_key, &signature, ser).unwrap());
     }