cryptidtech
diff --git a/‎Cargo.toml‎
Lines changed: 15 additions & 1 deletion b/‎Cargo.toml‎
Lines changed: 15 additions & 1 deletion
diff --git a/‎crates/multicodec/src/table_gen.rs‎
Lines changed: 12 additions & 0 deletions b/‎crates/multicodec/src/table_gen.rs‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎crates/multicodec/table.csv‎
Lines changed: 12 additions & 0 deletions b/‎crates/multicodec/table.csv‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎crates/multikey/Cargo.toml‎
Lines changed: 3 additions & 2 deletions b/‎crates/multikey/Cargo.toml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎crates/multikey/README.md‎
Lines changed: 1 addition & 1 deletion b/‎crates/multikey/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎crates/multikey/src/cipher.rs‎
Lines changed: 85 additions & 11 deletions b/‎crates/multikey/src/cipher.rs‎
Lines changed: 85 additions & 11 deletions
diff --git a/‎crates/multikey/src/kdf.rs‎
Lines changed: 2 additions & 1 deletion b/‎crates/multikey/src/kdf.rs‎
Lines changed: 2 additions & 1 deletion
@@ -2,8 +2,21 @@
 resolver = "2"
 default-members = ["crates/bs"]
 members = [
-  "crates/*",
   "cli",
+  "crates/bs",
+  "crates/bsp2p",
+  "crates/content-addressable",
+  "crates/multibase",
+  "crates/multicid",
+  "crates/multicodec",
+  "crates/multihash",
+  "crates/multikey",
+  "crates/multisig",
+  "crates/multitrait",
+  "crates/multiutil",
+  "crates/provenance-log",
+  "crates/rng",
+  "crates/wacc",
 ]
 
 [workspace.package]
@@ -48,6 +61,7 @@ serde = { version = "1.0.219", default-features = false, features = ["alloc", "d
 serde_cbor = { version = "0.11.2", features = ["tags"]}
 serde_json = { version = "1.0.104"}
 serde_test = { version = "1.0.104"}
+sha3 = "0.10.8"
 test-log = { version = "0.2.17", features = ["trace", "color"] }
 thiserror = "2.0.12"
 tokio = { version = "1.44.2", features = ["fs", "io-util", "macros", "rt", "test-util"] }
 
@@ -174,6 +174,8 @@ build_codec_enum! {
 	0x120b => (Mlkem512Pub, "mlkem-512-pub"),
 	0x120c => (Mlkem768Pub, "mlkem-768-pub"),
 	0x120d => (Mlkem1024Pub, "mlkem-1024-pub"),
+	0x120e => (Fndsa512Pub, "fndsa-512-pub"),
+	0x120f => (Fndsa1024Pub, "fndsa-1024-pub"),
 	0x1239 => (Multisig, "multisig"),
 	0x123a => (Multikey, "multikey"),
 	0x123b => (Nonce, "nonce"),
@@ -193,6 +195,11 @@ build_codec_enum! {
 	0x130e => (Bls12381G1PrivShare, "bls12_381-g1-priv-share"),
 	0x130f => (Bls12381G2PrivShare, "bls12_381-g2-priv-share"),
 	0x1310 => (Sm2Priv, "sm2-priv"),
+	0x1311 => (Fndsa512Priv, "fndsa-512-priv"),
+	0x1312 => (Fndsa1024Priv, "fndsa-1024-priv"),
+	0x1313 => (Mlkem512Priv, "mlkem-512-priv"),
+	0x1314 => (Mlkem768Priv, "mlkem-768-priv"),
+	0x1315 => (Mlkem1024Priv, "mlkem-1024-priv"),
 	0x1a14 => (LamportSha3512Pub, "lamport-sha3-512-pub"),
 	0x1a15 => (LamportSha3384Pub, "lamport-sha3-384-pub"),
 	0x1a16 => (LamportSha3256Pub, "lamport-sha3-256-pub"),
@@ -553,6 +560,8 @@ build_codec_enum! {
 	0xd0ea => (Bls12381G1Sig, "bls12_381-g1-sig"),
 	0xd0eb => (Bls12381G2Sig, "bls12_381-g2-sig"),
 	0xd0ed => (Eddsa, "eddsa"),
+	0xd0ee => (Fndsa512Sig, "fndsa-512-sig"),
+	0xd0ef => (Fndsa1024Sig, "fndsa-1024-sig"),
 	0xd191 => (Eip191, "eip-191"),
 	0xeb51 => (JwkJcsPub, "jwk_jcs-pub"),
 	0xf101 => (FilCommitmentUnsealed, "fil-commitment-unsealed"),
@@ -590,4 +599,7 @@ build_codec_enum! {
 	0xd0130a => (Es521Msig, "es521-msig"),
 	0xd0130b => (Rs256Msig, "rs256-msig"),
 	0xd02000 => (Scion, "scion"),
+	0xe00000 => (Mlkem512Cap, "mlkem-512-cap"),
+	0xe00001 => (Mlkem768Cap, "mlkem-768-cap"),
+	0xe00002 => (Mlkem1024Cap, "mlkem-1024-cap"),
 }
@@ -174,6 +174,8 @@ provenance-log-script,          serialization,  0x120a,         draft,      Veri
 mlkem-512-pub,                  key,            0x120b,         draft,      ML-KEM 512 public key; as specified by FIPS 203
 mlkem-768-pub,                  key,            0x120c,         draft,      ML-KEM 768 public key; as specified by FIPS 203
 mlkem-1024-pub,                 key,            0x120d,         draft,      ML-KEM 1024 public key; as specified by FIPS 203
+fndsa-512-pub,                  key,            0x120e,         draft,      FALCON-512 DSA public key; as specified by FIPS 206
+fndsa-1024-pub,                 key,            0x120f,         draft,      FALCON-1024 DSA public key; as specified by FIPS 206
 multisig,                       multiformat,    0x1239,         draft,      Digital signature multiformat
 multikey,                       multiformat,    0x123a,         draft,      Encryption key multiformat
 nonce,                          nonce,          0x123b,         draft,      Nonce random value
@@ -193,6 +195,11 @@ bls12_381-g2-pub-share,         key,            0x130d,         draft,      BLS1
 bls12_381-g1-priv-share,        key,            0x130e,         draft,      BLS12-381 G1 private key share
 bls12_381-g2-priv-share,        key,            0x130f,         draft,      BLS12-381 G2 private key share
 sm2-priv,                       key,            0x1310,         draft,      SM2 private key
+fndsa-512-priv,                 key,            0x1311,         draft,      FALCON-512 DSA private key; as specified by FIPS 206
+fndsa-1024-priv,                key,            0x1312,         draft,      FALCON-1024 DSA private key; as specified by FIPS 206
+mlkem-512-priv,                 key,            0x1313,         draft,      ML-KEM 512 private key; as specified by FIPS 203
+mlkem-768-priv,                 key,            0x1314,         draft,      ML-KEM 768 private key; as specified by FIPS 203
+mlkem-1024-priv,                key,            0x1315,         draft,      ML-KEM 1024 private key; as specified by FIPS 203
 lamport-sha3-512-pub,           key,            0x1a14,         draft,      Lamport public key based on SHA3-512
 lamport-sha3-384-pub,           key,            0x1a15,         draft,      Lamport public key based on SHA3-384
 lamport-sha3-256-pub,           key,            0x1a16,         draft,      Lamport public key based on SHA3-256
@@ -553,6 +560,8 @@ es256k,                         varsig,         0xd0e7,         draft,      ES25
 bls12_381-g1-sig,               varsig,         0xd0ea,         draft,      G1 signature for BLS12-381
 bls12_381-g2-sig,               varsig,         0xd0eb,         draft,      G2 signature for BLS12-381
 eddsa,                          varsig,         0xd0ed,         draft,      Edwards-Curve Digital Signature Algorithm
+fndsa-512-sig,                  varsig,         0xd0ee,         draft,      FNDSA-512 Signature Algorithm
+fndsa-1024-sig,                 varsig,         0xd0ef,         draft,      FNDSA-1024 Signature Algorithm
 eip-191,                        varsig,         0xd191,         draft,      EIP-191 Ethereum Signed Data Standard
 jwk_jcs-pub,                    key,            0xeb51,         draft,      JSON object containing only the required members of a JWK (RFC 7518 and RFC 7517) representing the public key. Serialisation based on JCS (RFC 8785)
 fil-commitment-unsealed,        filecoin,       0xf101,         permanent,  Filecoin piece or sector data commitment merkle node/root (CommP & CommD)
@@ -590,3 +599,6 @@ es384-msig,                     multisig,       0xd01309,       draft,      ECDS
 es521-msig,                     multisig,       0xd0130a,       draft,      ECDSA P-521 Signature as Multisig
 rs256-msig,                     multisig,       0xd0130b,       draft,      RS256 Signature as Multisig
 scion,                          multiaddr,      0xd02000,       draft,      SCION Internet architecture
+mlkem-512-cap,                  capsule,        0xe00000,       draft,      MLKEM-512 capsule
+mlkem-768-cap,                  capsule,        0xe00001,       draft,      MLKEM-768 capsule
+mlkem-1024-cap,                 capsule,        0xe00002,       draft,      MLKEM-1024 capsule
@@ -14,23 +14,24 @@ wasm = ["getrandom/wasm_js"] # needed for CI testing on wasm32-unknown-unknown
 [dependencies]
 bcrypt-pbkdf = "0.10"
 blsful = "2.5"
-chacha20 = "0.9"
+chacha20poly1305 = "0.10.1"
 ed25519-dalek = { version = "2.1.1", features = ["rand_core"] }
 elliptic-curve.workspace = true
 hex.workspace = true
 k256 = "0.13"
+ml-kem = { version = "0.2.1", features = ["deterministic"]}
 multibase.workspace = true
 multicodec.workspace = true
 multihash.workspace = true
 multisig.workspace = true
 multitrait.workspace = true
 multiutil.workspace = true
-poly1305 = "0.8"
 rand.workspace = true
 rand_core_6.workspace = true
 rng.workspace = true
 sec1 = "0.7"
 serde = { workspace = true, optional = true }
+sha3.workspace = true
 ssh-encoding = { version = "0.2" }
 test-log.workspace = true
 thiserror.workspace = true
 
@@ -18,7 +18,7 @@ cryptography it supports ChaCha-256 keys.
 This implementation supports encrypting/decrypting keys using ChaCha20-Poly1305
 AEAD with keys derived with Bcrypt KDF from a preimage.
 
-When using BLS12-381 keys, this implementations supports threshold key
+When using BLS12-381 keys, this implementation supports threshold key
 splitting and combining as well as threshold signing and verifying.
 
 This crate also supports converting to/from SSH format keys using the
 
@@ -1,8 +1,23 @@
 // SPDX-License-Idnetifier: Apache-2.0
-use crate::{mk::Attributes, AttrId, Error, Multikey};
+use crate::{
+    error::CipherError,
+    mk::Attributes,
+    views::{chacha20, mlkem},
+    AttrId, Error, Multikey,
+};
 use multicodec::Codec;
+use multiutil::Varuint;
+use tracing::info;
 use zeroize::Zeroizing;
 
+/// the list of cipher codecs
+pub const CIPHER_CODECS: [Codec; 4] = [
+    Codec::Chacha20Poly1305,
+    Codec::Mlkem512Priv,
+    Codec::Mlkem768Priv,
+    Codec::Mlkem1024Priv,
+];
+
 /// Builder for creating a Multikey intended for encryption/decryption of other
 /// Multikeys
 #[derive(Clone, Debug, Default)]
@@ -31,6 +46,7 @@ impl Builder {
         }
         // try to look up the key_length in the multikey attributes
         if let Some(v) = mk.attributes.get(&AttrId::CipherKeyLen) {
+            info!("setting key length: {}", v.len());
             self.key_length = Some(v.clone());
         }
         // try to look up the nonce in the multikey attributes
@@ -41,23 +57,53 @@ impl Builder {
     }
 
     /// add in the nonce for the cipher
-    pub fn with_nonce(mut self, nonce: &impl AsRef<[u8]>) -> Self {
-        let n: Vec<u8> = nonce.as_ref().into();
-        self.nonce = Some(n.into());
-        self
+    pub fn with_nonce(mut self, nonce: &impl AsRef<[u8]>) -> Result<Self, Error> {
+        let n: Zeroizing<Vec<u8>> = Zeroizing::new(nonce.as_ref().to_vec());
+        match self.codec {
+            Codec::Chacha20Poly1305 => {
+                if n.len() != chacha20::nonce_length(self.codec)? {
+                    info!(
+                        "nonce length: {}, expected: {}",
+                        n.len(),
+                        chacha20::nonce_length(self.codec)?
+                    );
+                    return Err(CipherError::InvalidNonceLen.into());
+                }
+            }
+            Codec::Mlkem512Priv | Codec::Mlkem768Priv | Codec::Mlkem1024Priv => {
+                if n.len() != mlkem::nonce_length(self.codec)? {
+                    info!(
+                        "nonce length: {}, expected: {}",
+                        n.len(),
+                        chacha20::nonce_length(self.codec)?
+                    );
+                    return Err(CipherError::InvalidNonceLen.into());
+                }
+            }
+            _ => return Err(CipherError::UnsupportedCodec(self.codec).into()),
+        }
+
+        self.nonce = Some(n);
+        Ok(self)
     }
 
     /// add a random nonce for cipher
     pub fn with_random_nonce(
         mut self,
-        len: usize,
         rng: &mut impl rand_core_6::CryptoRngCore,
-    ) -> Self {
+    ) -> Result<Self, Error> {
+        let len = match self.codec {
+            Codec::Chacha20Poly1305 => chacha20::nonce_length(self.codec)?,
+            Codec::Mlkem512Priv | Codec::Mlkem768Priv | Codec::Mlkem1024Priv => {
+                mlkem::nonce_length(self.codec)?
+            }
+            _ => return Err(CipherError::UnsupportedCodec(self.codec).into()),
+        };
         // heap allocate a buffer to receive the random nonce
         let mut buf: Zeroizing<Vec<u8>> = vec![0; len].into();
         rng.fill_bytes(buf.as_mut_slice());
         self.nonce = Some(buf);
-        self
+        Ok(self)
     }
 
     /// build a key using key bytes
@@ -69,6 +115,16 @@ impl Builder {
         let mut attributes = Attributes::new();
         if let Some(key_length) = self.key_length {
             attributes.insert(AttrId::CipherKeyLen, key_length);
+        } else {
+            let len = match codec {
+                Codec::Chacha20Poly1305 => chacha20::key_length(codec)?,
+                Codec::Mlkem512Priv | Codec::Mlkem768Priv | Codec::Mlkem1024Priv => {
+                    mlkem::key_length(codec)?
+                }
+                _ => return Err(CipherError::UnsupportedCodec(self.codec).into()),
+            };
+            let key_length: Vec<u8> = Varuint(len).into();
+            attributes.insert(AttrId::CipherKeyLen, key_length.into());
         }
         if let Some(nonce) = self.nonce {
             attributes.insert(AttrId::CipherNonce, nonce);
@@ -85,14 +141,30 @@ impl Builder {
 mod tests {
     use rng::StdRng;
     use test_log::test;
-    use tracing::{span, Level};
+    use tracing::{info, span, Level};
 
     use super::*;
     use crate::{kdf, mk, Views};
 
+    #[test]
+    fn test_keygen() {
+        let _s = span!(Level::INFO, "test_keygen").entered();
+        for codec in CIPHER_CODECS {
+            let mut rng = StdRng::from_os_rng();
+            let ciphermk = Builder::new(codec)
+                .with_random_nonce(&mut rng)
+                .unwrap()
+                .try_build()
+                .unwrap();
+
+            let nonce = ciphermk.cipher_attr_view().unwrap().nonce_bytes().unwrap();
+            info!("codec: {codec}, nonce: {}", hex::encode(nonce));
+        }
+    }
+
     #[test]
     fn test_chacha20() {
-        let _ = span!(Level::INFO, "test_chacha20").entered();
+        let _s = span!(Level::INFO, "test_chacha20").entered();
         let salt = hex::decode("8bb78be51ac7cc98f44e38947ff8a128764ec039b89687a790dfa8444ba97682")
             .unwrap();
         // create a kdf multikey
@@ -103,10 +175,12 @@ mod tests {
             .unwrap();
 
         // ChaCha needs 12 bytes of nonce iaw RFC8439
-        let nonce = hex::decode("00b61a43d4d1e8d700b61a43").unwrap();
+        let nonce = hex::decode("c6691d95f44e18f4cff311e3781eb2fc744de398585a94a3").unwrap();
+
         // create a cipher multikey
         let ciphermk = Builder::new(Codec::Chacha20Poly1305)
             .with_nonce(&nonce)
+            .unwrap()
             .try_build()
             .unwrap();
 
 
@@ -104,9 +104,10 @@ mod tests {
             .try_build()
             .unwrap();
 
-        let nonce = hex::decode("714e5abf0f7beae8").unwrap();
+        let nonce = hex::decode("c6691d95f44e18f4cff311e3781eb2fc744de398585a94a3").unwrap();
         let ciphermk = cipher::Builder::new(Codec::Chacha20Poly1305)
             .with_nonce(&nonce)
+            .unwrap()
             .try_build()
             .unwrap();