ga 1

integritychain · Apr 27, 2024 · 25389d9 · 25389d9
1 parent 0d57c6c
commit 25389d9
Show file tree

Hide file tree

Showing 8 changed files with 126 additions and 83 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,5 +1,6 @@
 name: test
 
+
 on: [ push, pull_request ]
 
 
@@ -11,33 +12,6 @@ env:
 
 jobs:
 
-  coverage:
-    runs-on: ubuntu-latest
-    env:
-      CARGO_TERM_COLOR: always
-    steps:
-      - uses: actions/checkout@v4
-      - name: Install Rust
-        run: rustup update stable
-      - name: Install cargo-llvm-cov
-        uses: taiki-e/install-action@cargo-llvm-cov
-      - name: Generate code coverage
-        run: cargo llvm-cov --all-features --workspace
-    # No codecov account, so stop here for now
-    #  - name: Upload coverage to Codecov
-    #    uses: codecov/codecov-action@v3
-    #      with:
-    #        files: lcov.info
-    #        fail_ci_if_error: true
-
-
-  cargo-deny:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: EmbarkStudios/cargo-deny-action@v1
-
-
   build:
     runs-on: ubuntu-latest
     strategy:
@@ -62,32 +36,58 @@ jobs:
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features "ml-dsa-44 ml-dsa-65 ml-dsa-87"
 
 
-  test:
+  cargo_audit:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        include:
-          # 32-bit Linux
-          - target: i686-unknown-linux-gnu
-            rust: 1.72 # MSRV 1.70 GA flaky
-            deps: sudo apt update && sudo apt install gcc-multilib
-          - target: i686-unknown-linux-gnu
-            rust: stable
-            deps: sudo apt update && sudo apt install gcc-multilib
-          # 64-bit Linux
-          - target: x86_64-unknown-linux-gnu
-            rust: 1.72 # MSRV 1.70 GA flaky
-          - target: x86_64-unknown-linux-gnu
-            rust: stable
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@master
+      - uses: rustsec/[email protected]
         with:
-          toolchain: ${{ matrix.rust }}
-          targets: ${{ matrix.target }}
-      - run: ${{ matrix.deps }}
-      - run: cargo check --target ${{ matrix.target }} --all-features
-      - run: cargo test --target ${{ matrix.target }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+
+  cargo_deny:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: EmbarkStudios/cargo-deny-action@v1
+
+
+  cargo_outdated:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - name: Install cargo outdated
+        run: cargo install --locked cargo-outdated
+      - name: Run cargo outdated
+        run: cargo outdated -R
+
+
+  clippy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Clippy
+        run: cargo clippy --all-targets --all-features
+
+
+  coverage:
+    runs-on: ubuntu-latest
+    env:
+      CARGO_TERM_COLOR: always
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - name: Install cargo-llvm-cov
+        uses: taiki-e/install-action@cargo-llvm-cov
+      - name: Generate code coverage
+        run: cargo llvm-cov --all-features --workspace
+    # No codecov account, so stop here for now
+    #  - name: Upload coverage to Codecov
+    #    uses: codecov/codecov-action@v3
+    #      with:
+    #        files: lcov.info
+    #        fail_ci_if_error: true
 
 
   cross:
@@ -132,9 +132,29 @@ jobs:
       - run: cargo doc --all-features
 
 
-  clippy:
+  test:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          # 32-bit Linux
+          - target: i686-unknown-linux-gnu
+            rust: 1.72 # MSRV 1.70 GA flaky
+            deps: sudo apt update && sudo apt install gcc-multilib
+          - target: i686-unknown-linux-gnu
+            rust: stable
+            deps: sudo apt update && sudo apt install gcc-multilib
+          # 64-bit Linux
+          - target: x86_64-unknown-linux-gnu
+            rust: 1.72 # MSRV 1.70 GA flaky
+          - target: x86_64-unknown-linux-gnu
+            rust: stable
     steps:
-      - uses: actions/checkout@v3
-      - name: Run Clippy
-        run: cargo clippy --all-targets --all-features
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          targets: ${{ matrix.target }}
+      - run: ${{ matrix.deps }}
+      - run: cargo check --target ${{ matrix.target }} --all-features
+      - run: cargo test --target ${{ matrix.target }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.1.2 (2024-05-XX)
+
+
 
 ## 0.1.1 (2024-03-08)
 

diff --git a/Cargo.toml b/Cargo.toml
@@ -5,11 +5,15 @@ edition = "2021"
 license = "MIT OR Apache-2.0"
 description = "FIPS 204 (draft): Module-Lattice-Based Digital Signature"
 authors = ["Eric Schorn <[email protected]>"]
+documentation = "https://docs.rs/fips204"
+categories = ["cryptography", "no-std"]
 repository = "https://github.com/integritychain/fips204"
+keywords = ["FIPS204", "lattice", "signature"]
+# MSRV set at 1.70 for debian testing, e.g. https://packages.debian.org/search?keywords=rustc
+# This requires several marginally outdated dependencies, see below
 rust-version = "1.70"
 
 
-
 [features]
 default = ["default-rng", "ml-dsa-44", "ml-dsa-65", "ml-dsa-87"]
 default-rng = ["rand_core/getrandom"]
@@ -39,13 +43,12 @@ harness = false
 
 [profile.dev]
 debug = true
-lto = true
-opt-level = 3
-codegen-units = 1
+#lto = true
+#opt-level = 3
+#codegen-units = 1
 
 
 [profile.release]
-debug = true
 lto = true
 opt-level = "s"
 codegen-units = 1
@@ -58,3 +61,4 @@ incremental = false
 lto = true
 opt-level = 3
 overflow-checks = false
+codegen-units = 1
diff --git a/README.md b/README.md
@@ -7,14 +7,16 @@
 ![Rust Version][rustc-image]
 
 [FIPS 204] (Initial Public Draft) Module-Lattice-Based Digital Signature Standard written in pure Rust for server, 
-desktop, browser and embedded applications.
+desktop, browser and embedded applications. The source repository includes examples demonstrating benchmarking,
+an embedded target, constant-time statistical measurements, fuzzing, WASM execution, C FFI and Python bindings.
 
-This crate implements the FIPS 204 **draft** standard in pure Rust with minimal and mainstream dependencies. All 
-three security parameter sets are fully functional. The implementation does not require the standard library, e.g. 
-`#[no_std]`, has no heap allocations, e.g. no `alloc` needed, and exposes the `RNG` so it is suitable for the full 
-range of applications down to the bare-metal. The API is stabilized and the code is heavily biased towards safety 
-and correctness; further performance optimizations will be implemented as the standard matures. This crate will 
-quickly follow any changes to FIPS 204 as they become available.
+This crate implements the FIPS 204 **draft** standard in pure Rust with minimal and mainstream dependencies, **and
+without any unsafe code**. All three security parameter sets are fully functional and tested. The implementation 
+operates in constant-time (TKTK EXCEPTIONS HERE), does not require the standard library, e.g. `#[no_std]`, has no 
+heap allocations, e.g. no `alloc` needed, and exposes the `RNG` so it is suitable for the full range of applications 
+down to the bare-metal. The API is stabilized and the code is heavily biased towards safety and correctness; further 
+performance optimizations will be implemented as the standard matures. This crate will quickly follow any changes 
+to FIPS 204 as they become available.
 
 See <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.ipd.pdf> for a full description of the target functionality.
 
@@ -52,13 +54,13 @@ The Rust [Documentation][docs-link] lives under each **Module** corresponding to
 ## Notes
 
 * This crate is fully functional and corresponds to the first initial public draft of FIPS 204.    
-* Constant-time assurances target the source-code level only, and are a work in progress.
+* Constant-time assurances target the source-code level only on MSRV, with confirmation via
+  manual review/inspection, the embedded target, and the `dudect` dynamic tests.
 * Note that FIPS 204 places specific requirements on randomness per section 3.5.1, hence the exposed `RNG`.
 * Requires Rust **1.70** or higher. The minimum supported Rust version may be changed in the future, but 
-it will be done with a minor version bump.
+  it will be done with a minor version bump (when the major version is larger than 0)..
 * All on-by-default features of this library are covered by SemVer.
-* This software is experimental and still under active development -- USE AT YOUR OWN RISK!
-* Code repository contains extensive examples related to benchmarking, fuzzing, CT checks, embedded HW, and WASM use.
+* The FIPS 204 draft standard and this software is experimental -- USE AT YOUR OWN RISK!
 
 ## License