diff --git a/dsa/src/generate.rs b/dsa/src/generate.rs index a0e12475..031b65a7 100644 --- a/dsa/src/generate.rs +++ b/dsa/src/generate.rs @@ -7,15 +7,15 @@ mod keypair; #[cfg(feature = "hazmat")] mod secret_number; -pub use self::components::common as common_components; +pub(crate) use self::components::common as common_components; #[cfg(feature = "hazmat")] -pub use self::secret_number::{secret_number, secret_number_rfc6979}; +pub(crate) use self::secret_number::{secret_number, secret_number_rfc6979}; #[cfg(feature = "hazmat")] -pub use self::keypair::keypair; +pub(crate) use self::keypair::keypair; #[cfg(all(feature = "hazmat", feature = "pkcs8"))] -pub use self::components::public as public_component; +pub(crate) use self::components::public as public_component; /// Calculate the upper and lower bounds for generating values like p or q #[inline] diff --git a/dsa/src/generate/components.rs b/dsa/src/generate/components.rs index a7389af1..c4a92185 100644 --- a/dsa/src/generate/components.rs +++ b/dsa/src/generate/components.rs @@ -22,7 +22,7 @@ use {crate::Components, crypto_bigint::subtle::CtOption}; /// # Returns /// /// Tuple of three `BoxedUint`s. Ordered like this `(p, q, g)` -pub fn common( +pub(crate) fn common( rng: &mut R, KeySize { l, n }: KeySize, ) -> (Odd, NonZero, NonZero) { @@ -88,7 +88,10 @@ pub fn common( /// Calculate the public component from the common components and the private component #[cfg(feature = "hazmat")] #[inline] -pub fn public(components: &Components, x: &NonZero) -> CtOption> { +pub(crate) fn public( + components: &Components, + x: &NonZero, +) -> CtOption> { let p = components.p(); let g = components.g(); diff --git a/dsa/src/generate/keypair.rs b/dsa/src/generate/keypair.rs index 783dbca9..87a4233f 100644 --- a/dsa/src/generate/keypair.rs +++ b/dsa/src/generate/keypair.rs @@ -9,7 +9,7 @@ use signature::rand_core::CryptoRng; /// Generate a new keypair #[inline] -pub fn keypair(rng: &mut R, components: Components) -> SigningKey { +pub(crate) fn keypair(rng: &mut R, components: Components) -> SigningKey { #[inline] fn find_non_zero_x( rng: &mut R, diff --git a/dsa/src/generate/secret_number.rs b/dsa/src/generate/secret_number.rs index b8516285..a9c77195 100644 --- a/dsa/src/generate/secret_number.rs +++ b/dsa/src/generate/secret_number.rs @@ -20,7 +20,7 @@ fn truncate_hash(hash: &[u8], desired_size: usize) -> &[u8] { /// /// Secret number k and its modular multiplicative inverse with q #[inline] -pub fn secret_number_rfc6979( +pub(crate) fn secret_number_rfc6979( signing_key: &SigningKey, hash: &[u8], ) -> Result<(BoxedUint, BoxedUint), signature::Error> @@ -62,7 +62,7 @@ where /// /// Secret number k and its modular multiplicative inverse with q #[inline] -pub fn secret_number( +pub(crate) fn secret_number( rng: &mut R, components: &Components, ) -> Result, signature::Error> { diff --git a/dsa/src/lib.rs b/dsa/src/lib.rs index c97355d6..396f7f01 100644 --- a/dsa/src/lib.rs +++ b/dsa/src/lib.rs @@ -1,6 +1,6 @@ #![no_std] #![forbid(unsafe_code)] -#![warn(missing_docs, rust_2018_idioms)] +#![warn(missing_docs, rust_2018_idioms, unreachable_pub)] #![doc = include_str!("../README.md")] #![doc( html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", diff --git a/ecdsa/src/lib.rs b/ecdsa/src/lib.rs index 33495a8a..11af50a7 100644 --- a/ecdsa/src/lib.rs +++ b/ecdsa/src/lib.rs @@ -20,7 +20,8 @@ missing_docs, rust_2018_idioms, unused_lifetimes, - unused_qualifications + unused_qualifications, + unreachable_pub )] //! ## `serde` support diff --git a/ed25519/src/lib.rs b/ed25519/src/lib.rs index 81373e76..ec7bdd0e 100644 --- a/ed25519/src/lib.rs +++ b/ed25519/src/lib.rs @@ -9,7 +9,8 @@ missing_docs, rust_2018_idioms, unused_lifetimes, - unused_qualifications + unused_qualifications, + unreachable_pub )] //! # Using Ed25519 generically over algorithm implementations/providers diff --git a/ed448/src/lib.rs b/ed448/src/lib.rs index c911e43e..eea1ed20 100644 --- a/ed448/src/lib.rs +++ b/ed448/src/lib.rs @@ -9,7 +9,8 @@ missing_docs, rust_2018_idioms, unused_lifetimes, - unused_qualifications + unused_qualifications, + unreachable_pub )] //! # Using Ed448 generically over algorithm implementations/providers diff --git a/lms/src/constants.rs b/lms/src/constants.rs index 6dc8d051..f8a0e9be 100644 --- a/lms/src/constants.rs +++ b/lms/src/constants.rs @@ -1,13 +1,13 @@ //! Constants as defined in RFC 8554 /// The length of the identifier `I` -pub const ID_LEN: usize = 16; +pub(crate) const ID_LEN: usize = 16; /// `D_PBLC` -pub const D_PBLC: [u8; 2] = [0x80, 0x80]; +pub(crate) const D_PBLC: [u8; 2] = [0x80, 0x80]; /// `D_MESG` -pub const D_MESG: [u8; 2] = [0x81, 0x81]; +pub(crate) const D_MESG: [u8; 2] = [0x81, 0x81]; /// `D_LEAF` -pub const D_LEAF: [u8; 2] = [0x82, 0x82]; +pub(crate) const D_LEAF: [u8; 2] = [0x82, 0x82]; /// `D_INTR` -pub const D_INTR: [u8; 2] = [0x83, 0x83]; +pub(crate) const D_INTR: [u8; 2] = [0x83, 0x83]; diff --git a/lms/src/lib.rs b/lms/src/lib.rs index 56a6f2fe..ca7314cd 100644 --- a/lms/src/lib.rs +++ b/lms/src/lib.rs @@ -1,3 +1,5 @@ +#![warn(unreachable_pub)] + //! LMS in Rust //! //! This is a strongly typed implementation of Leighton-Micali signatures. You diff --git a/lms/src/types.rs b/lms/src/types.rs index acba22b3..7bcbda55 100644 --- a/lms/src/types.rs +++ b/lms/src/types.rs @@ -10,4 +10,4 @@ pub trait Typecode { } /// The 16 byte identifier I from the LM-OTS algorithm. -pub type Identifier = [u8; ID_LEN]; +pub(crate) type Identifier = [u8; ID_LEN]; diff --git a/ml-dsa/src/algebra.rs b/ml-dsa/src/algebra.rs index b36c3999..559b68a9 100644 --- a/ml-dsa/src/algebra.rs +++ b/ml-dsa/src/algebra.rs @@ -1,5 +1,5 @@ -pub use crate::module_lattice::algebra::Field; -pub use crate::module_lattice::util::Truncate; +pub(crate) use crate::module_lattice::algebra::Field; +pub(crate) use crate::module_lattice::util::Truncate; use hybrid_array::{ ArraySize, typenum::{Shleft, U1, U13, Unsigned}, @@ -10,19 +10,19 @@ use crate::module_lattice::algebra; define_field!(BaseField, u32, u64, u128, 8_380_417); -pub type Int = ::Int; +pub(crate) type Int = ::Int; -pub type Elem = algebra::Elem; -pub type Polynomial = algebra::Polynomial; -pub type Vector = algebra::Vector; -pub type NttPolynomial = algebra::NttPolynomial; -pub type NttVector = algebra::NttVector; -pub type NttMatrix = algebra::NttMatrix; +pub(crate) type Elem = algebra::Elem; +pub(crate) type Polynomial = algebra::Polynomial; +pub(crate) type Vector = algebra::Vector; +pub(crate) type NttPolynomial = algebra::NttPolynomial; +pub(crate) type NttVector = algebra::NttVector; +pub(crate) type NttMatrix = algebra::NttMatrix; // We require modular reduction for three moduli: q, 2^d, and 2 * gamma2. All three of these are // greater than sqrt(q), which means that a number reduced mod q will always be less than M^2, // which means that barrett reduction will work. -pub trait BarrettReduce: Unsigned { +pub(crate) trait BarrettReduce: Unsigned { const SHIFT: usize; const MULTIPLIER: u64; @@ -50,7 +50,7 @@ where const MULTIPLIER: u64 = (1 << Self::SHIFT) / M::U64; } -pub trait Decompose { +pub(crate) trait Decompose { fn decompose(self) -> (Elem, Elem); } @@ -71,7 +71,7 @@ impl Decompose for Elem { } #[allow(clippy::module_name_repetitions)] // I can't think of a better name -pub trait AlgebraExt: Sized { +pub(crate) trait AlgebraExt: Sized { fn mod_plus_minus(&self) -> Self; fn infinity_norm(&self) -> Int; fn power2round(&self) -> (Self, Self); diff --git a/ml-dsa/src/crypto.rs b/ml-dsa/src/crypto.rs index 8e938e6e..e9df42d1 100644 --- a/ml-dsa/src/crypto.rs +++ b/ml-dsa/src/crypto.rs @@ -6,7 +6,7 @@ use sha3::{ use crate::module_lattice::encode::ArraySize; -pub enum ShakeState { +pub(crate) enum ShakeState { Absorbing(Shake), Squeezing(Shake::Reader), } @@ -18,11 +18,11 @@ impl Default for ShakeState { } impl ShakeState { - pub fn pre_digest(digest: Shake) -> Self { + pub(crate) fn pre_digest(digest: Shake) -> Self { Self::Absorbing(digest) } - pub fn absorb(mut self, input: &[u8]) -> Self { + pub(crate) fn absorb(mut self, input: &[u8]) -> Self { match &mut self { Self::Absorbing(sponge) => sponge.update(input), Self::Squeezing(_) => unreachable!(), @@ -31,7 +31,7 @@ impl ShakeState { self } - pub fn squeeze(&mut self, output: &mut [u8]) -> &mut Self { + pub(crate) fn squeeze(&mut self, output: &mut [u8]) -> &mut Self { match self { Self::Absorbing(sponge) => { // Clone required to satisfy borrow checker @@ -47,15 +47,15 @@ impl ShakeState { self } - pub fn squeeze_new(&mut self) -> Array { + pub(crate) fn squeeze_new(&mut self) -> Array { let mut v = Array::default(); self.squeeze(&mut v); v } } -pub type G = ShakeState; -pub type H = ShakeState; +pub(crate) type G = ShakeState; +pub(crate) type H = ShakeState; #[cfg(test)] mod test { diff --git a/ml-dsa/src/encode.rs b/ml-dsa/src/encode.rs index bd4e5e24..2487ba77 100644 --- a/ml-dsa/src/encode.rs +++ b/ml-dsa/src/encode.rs @@ -26,18 +26,18 @@ where type EncodingSize = Length>; } -pub type RangeMin = <(A, B) as RangeEncodingSize>::Min; -pub type RangeMax = <(A, B) as RangeEncodingSize>::Max; -pub type RangeEncodingBits = <(A, B) as RangeEncodingSize>::EncodingSize; -pub type RangeEncodedPolynomialSize = +pub(crate) type RangeMin = <(A, B) as RangeEncodingSize>::Min; +pub(crate) type RangeMax = <(A, B) as RangeEncodingSize>::Max; +pub(crate) type RangeEncodingBits = <(A, B) as RangeEncodingSize>::EncodingSize; +pub(crate) type RangeEncodedPolynomialSize = as EncodingSize>::EncodedPolynomialSize; -pub type RangeEncodedPolynomial = Array>; -pub type RangeEncodedVectorSize = +pub(crate) type RangeEncodedPolynomial = Array>; +pub(crate) type RangeEncodedVectorSize = as VectorEncodingSize>::EncodedVectorSize; -pub type RangeEncodedVector = Array>; +pub(crate) type RangeEncodedVector = Array>; /// `BitPack` represents range-encoding logic -pub trait BitPack { +pub(crate) trait BitPack { type PackedSize: ArraySize; fn pack(&self) -> Array; fn unpack(enc: &Array) -> Self; diff --git a/ml-dsa/src/hint.rs b/ml-dsa/src/hint.rs index 5bf404b1..220af1f1 100644 --- a/ml-dsa/src/hint.rs +++ b/ml-dsa/src/hint.rs @@ -34,7 +34,7 @@ fn use_hint(h: bool, r: Elem) -> Elem { } #[derive(Clone, PartialEq, Debug)] -pub struct Hint

(pub Array, P::K>) +pub(crate) struct Hint

(pub Array, P::K>) where P: SignatureParams; @@ -51,7 +51,7 @@ impl

Hint

where P: SignatureParams, { - pub fn new(z: &Vector, r: &Vector) -> Self { + pub(crate) fn new(z: &Vector, r: &Vector) -> Self { let zi = z.0.iter(); let ri = r.0.iter(); @@ -69,14 +69,14 @@ where ) } - pub fn hamming_weight(&self) -> usize { + pub(crate) fn hamming_weight(&self) -> usize { self.0 .iter() .map(|x| x.iter().filter(|x| **x).count()) .sum() } - pub fn use_hint(&self, r: &Vector) -> Vector { + pub(crate) fn use_hint(&self, r: &Vector) -> Vector { let hi = self.0.iter(); let ri = r.0.iter(); @@ -96,7 +96,7 @@ where ) } - pub fn bit_pack(&self) -> EncodedHint

{ + pub(crate) fn bit_pack(&self) -> EncodedHint

{ let mut y: EncodedHint

= Array::default(); let mut index = 0; let omega = P::Omega::USIZE; @@ -119,7 +119,7 @@ where a.iter().enumerate().all(|(i, x)| i == 0 || a[i - 1] <= *x) } - pub fn bit_unpack(y: &EncodedHint

) -> Option { + pub(crate) fn bit_unpack(y: &EncodedHint

) -> Option { let (indices, cuts) = P::split_hint(y); let cuts: Array = cuts.iter().map(|x| usize::from(*x)).collect(); diff --git a/ml-dsa/src/lib.rs b/ml-dsa/src/lib.rs index 8a4c529c..b10294bd 100644 --- a/ml-dsa/src/lib.rs +++ b/ml-dsa/src/lib.rs @@ -13,6 +13,7 @@ #![allow(clippy::many_single_char_names)] // Allow notation matching the spec #![allow(clippy::clone_on_copy)] // Be explicit about moving data #![deny(missing_docs)] // Require all public interfaces to be documented +#![warn(unreachable_pub)] // Prevent unexpected interface changes //! # Quickstart //! diff --git a/ml-dsa/src/module_lattice/algebra.rs b/ml-dsa/src/module_lattice/algebra.rs index b5d2e8d3..47737114 100644 --- a/ml-dsa/src/module_lattice/algebra.rs +++ b/ml-dsa/src/module_lattice/algebra.rs @@ -78,7 +78,7 @@ macro_rules! define_field { pub struct Elem(pub F::Int); impl Elem { - pub const fn new(x: F::Int) -> Self { + pub(crate) const fn new(x: F::Int) -> Self { Self(x) } } @@ -135,7 +135,7 @@ impl Mul> for Elem { pub struct Polynomial(pub Array, U256>); impl Polynomial { - pub const fn new(x: Array, U256>) -> Self { + pub(crate) const fn new(x: Array, U256>) -> Self { Self(x) } } @@ -200,7 +200,7 @@ impl Neg for &Polynomial { pub struct Vector(pub Array, K>); impl Vector { - pub const fn new(x: Array, K>) -> Self { + pub(crate) const fn new(x: Array, K>) -> Self { Self(x) } } @@ -265,10 +265,10 @@ impl Neg for &Vector { /// We do not define multiplication of NTT polynomials here. We also do not define the /// mappings between normal polynomials and NTT polynomials (i.e., between `R_q` and `T_q`). #[derive(Clone, Default, Debug, PartialEq)] -pub struct NttPolynomial(pub Array, U256>); +pub(crate) struct NttPolynomial(pub Array, U256>); impl NttPolynomial { - pub const fn new(x: Array, U256>) -> Self { + pub(crate) const fn new(x: Array, U256>) -> Self { Self(x) } } @@ -332,10 +332,10 @@ impl Neg for &NttPolynomial { /// can be multiplied by NTT polynomials, and "multiplied" with each other to produce a dot /// product. #[derive(Clone, Default, Debug, PartialEq)] -pub struct NttVector(pub Array, K>); +pub(crate) struct NttVector(pub Array, K>); impl NttVector { - pub const fn new(x: Array, K>) -> Self { + pub(crate) const fn new(x: Array, K>) -> Self { Self(x) } } @@ -409,10 +409,10 @@ where /// is the only defined operation, and is only defined when multiplication of NTT polynomials /// is defined. #[derive(Clone, Default, Debug, PartialEq)] -pub struct NttMatrix(pub Array, K>); +pub(crate) struct NttMatrix(pub Array, K>); impl NttMatrix { - pub const fn new(x: Array, K>) -> Self { + pub(crate) const fn new(x: Array, K>) -> Self { Self(x) } } diff --git a/ml-dsa/src/module_lattice/encode.rs b/ml-dsa/src/module_lattice/encode.rs index 74763270..c9fb0641 100644 --- a/ml-dsa/src/module_lattice/encode.rs +++ b/ml-dsa/src/module_lattice/encode.rs @@ -23,8 +23,8 @@ pub trait EncodingSize: ArraySize { type EncodingUnit = Quot, Gcf>; -pub type EncodedPolynomialSize = ::EncodedPolynomialSize; -pub type EncodedPolynomial = Array>; +pub(crate) type EncodedPolynomialSize = ::EncodedPolynomialSize; +pub(crate) type EncodedPolynomial = Array>; impl EncodingSize for D where @@ -53,8 +53,8 @@ where fn unflatten(vec: &EncodedVector) -> Array<&EncodedPolynomial, K>; } -pub type EncodedVectorSize = >::EncodedVectorSize; -pub type EncodedVector = Array>; +pub(crate) type EncodedVectorSize = >::EncodedVectorSize; +pub(crate) type EncodedVector = Array>; impl VectorEncodingSize for D where @@ -129,7 +129,7 @@ fn byte_decode(bytes: &EncodedPolynomial) -> Decod vals } -pub trait Encode { +pub(crate) trait Encode { type EncodedSize: ArraySize; fn encode(&self) -> Array; fn decode(enc: &Array) -> Self; diff --git a/ml-dsa/src/module_lattice/mod.rs b/ml-dsa/src/module_lattice/mod.rs index 1fc58536..ab3c3f21 100644 --- a/ml-dsa/src/module_lattice/mod.rs +++ b/ml-dsa/src/module_lattice/mod.rs @@ -19,11 +19,11 @@ /// Linear algebra with degree-256 polynomials over a prime-order field, vectors of such /// polynomials, and NTT polynomials / vectors -pub mod algebra; +pub(crate) mod algebra; /// Packing of polynomials into coefficients with a specified number of bits. -pub mod encode; +pub(crate) mod encode; /// Utility functions such as truncating integers, flattening arrays of arrays, and unflattening /// arrays into arrays of arrays. -pub mod util; +pub(crate) mod util; diff --git a/ml-dsa/src/module_lattice/util.rs b/ml-dsa/src/module_lattice/util.rs index b2ced9f2..c74c5ce9 100644 --- a/ml-dsa/src/module_lattice/util.rs +++ b/ml-dsa/src/module_lattice/util.rs @@ -7,6 +7,7 @@ use hybrid_array::{ }; /// Safely truncate an unsigned integer value to shorter representation +#[expect(unreachable_pub)] pub trait Truncate { fn truncate(x: T) -> Self; } @@ -31,7 +32,7 @@ define_truncate!(usize, u8); define_truncate!(usize, u16); /// Defines a sequence of sequences that can be merged into a bigger overall seequence -pub trait Flatten { +pub(crate) trait Flatten { type OutputSize: ArraySize; fn flatten(self) -> Array; @@ -54,7 +55,7 @@ where } /// Defines a sequence that can be split into a sequence of smaller sequences of uniform size -pub trait Unflatten +pub(crate) trait Unflatten where M: ArraySize, { diff --git a/ml-dsa/src/ntt.rs b/ml-dsa/src/ntt.rs index b11809b6..a0b07149 100644 --- a/ml-dsa/src/ntt.rs +++ b/ml-dsa/src/ntt.rs @@ -45,7 +45,7 @@ const ZETA_POW_BITREV: [Elem; 256] = { pow_bitrev }; -pub trait Ntt { +pub(crate) trait Ntt { type Output; fn ntt(&self) -> Self::Output; } @@ -84,7 +84,7 @@ impl Ntt for Vector { } #[allow(clippy::module_name_repetitions)] -pub trait NttInverse { +pub(crate) trait NttInverse { type Output; fn ntt_inverse(&self) -> Self::Output; } diff --git a/ml-dsa/src/param.rs b/ml-dsa/src/param.rs index 2c24f5bc..8a3dd690 100644 --- a/ml-dsa/src/param.rs +++ b/ml-dsa/src/param.rs @@ -31,20 +31,21 @@ use crate::encode::{ use crate::util::{B32, B64}; /// Some useful compile-time constants -pub type SpecQ = Sum, Shleft>, U1>; -pub type SpecD = U13; -pub type QMinus1 = Diff; -pub type BitlenQMinusD = Diff, SpecD>; -pub type Pow2DMinus1 = Shleft>; -pub type Pow2DMinus1Minus1 = Diff; +pub(crate) type SpecQ = Sum, Shleft>, U1>; +pub(crate) type SpecD = U13; +pub(crate) type QMinus1 = Diff; +pub(crate) type BitlenQMinusD = Diff, SpecD>; +pub(crate) type Pow2DMinus1 = Shleft>; +pub(crate) type Pow2DMinus1Minus1 = Diff; /// An integer that describes a bit length to be used in sampling +#[expect(unreachable_pub)] pub trait SamplingSize: ArraySize + Len { const ETA: Eta; } #[derive(Copy, Clone)] -pub enum Eta { +pub(crate) enum Eta { Two, Four, } @@ -58,6 +59,7 @@ impl SamplingSize for U4 { } /// An integer that describes a mask sampling size +#[expect(unreachable_pub)] pub trait MaskSamplingSize: Unsigned { type SampleSize: ArraySize; @@ -150,11 +152,11 @@ pub trait SigningKeyParams: ParameterSet { ); } -pub type EncodedS1

= Array::S1Size>; -pub type EncodedS2

= Array::S2Size>; -pub type EncodedT0

= Array::T0Size>; +pub(crate) type EncodedS1

= Array::S1Size>; +pub(crate) type EncodedS2

= Array::S2Size>; +pub(crate) type EncodedT0

= Array::T0Size>; -pub type SigningKeySize

=

::SigningKeySize; +pub(crate) type SigningKeySize

=

::SigningKeySize; /// A signing key encoded as a byte array pub type EncodedSigningKey

= Array>; @@ -284,9 +286,9 @@ pub trait VerifyingKeyParams: ParameterSet { fn split_vk(enc: &EncodedVerifyingKey) -> (&B32, &EncodedT1); } -pub type VerifyingKeySize

=

::VerifyingKeySize; +pub(crate) type VerifyingKeySize

=

::VerifyingKeySize; -pub type EncodedT1

= Array::T1Size>; +pub(crate) type EncodedT1

= Array::T1Size>; /// A verifying key encoded as a byte array pub type EncodedVerifyingKey

= Array>; @@ -349,14 +351,14 @@ pub trait SignatureParams: ParameterSet { ) -> (&EncodedCTilde, &EncodedZ, &EncodedHint); } -pub type SignatureSize

=

::SignatureSize; +pub(crate) type SignatureSize

=

::SignatureSize; -pub type EncodedCTilde

= Array::Lambda>; -pub type EncodedW1

= Array::W1Size>; -pub type EncodedZ

= Array::ZSize>; -pub type EncodedHintIndices

= Array::Omega>; -pub type EncodedHintCuts

= Array::K>; -pub type EncodedHint

= Array::HintSize>; +pub(crate) type EncodedCTilde

= Array::Lambda>; +pub(crate) type EncodedW1

= Array::W1Size>; +pub(crate) type EncodedZ

= Array::ZSize>; +pub(crate) type EncodedHintIndices

= Array::Omega>; +pub(crate) type EncodedHintCuts

= Array::K>; +pub(crate) type EncodedHint

= Array::HintSize>; /// A signature encoded as a byte array pub type EncodedSignature

= Array>; diff --git a/ml-dsa/src/sampling.rs b/ml-dsa/src/sampling.rs index 96671bfc..c0e38755 100644 --- a/ml-dsa/src/sampling.rs +++ b/ml-dsa/src/sampling.rs @@ -63,7 +63,7 @@ fn coeffs_from_byte(z: u8, eta: Eta) -> (Option, Option) { } // Algorithm 29 SampleInBall -pub fn sample_in_ball(rho: &[u8], tau: usize) -> Polynomial { +pub(crate) fn sample_in_ball(rho: &[u8], tau: usize) -> Polynomial { const ONE: Elem = Elem::new(1); const MINUS_ONE: Elem = Elem::new(BaseField::Q - 1); @@ -141,7 +141,7 @@ fn rej_bounded_poly(rho: &[u8], eta: Eta, r: u16) -> Polynomial { } // Algorithm 32 ExpandA -pub fn expand_a(rho: &[u8]) -> NttMatrix { +pub(crate) fn expand_a(rho: &[u8]) -> NttMatrix { NttMatrix::new(Array::from_fn(|r| { NttVector::new(Array::from_fn(|s| { rej_ntt_poly(rho, Truncate::truncate(r), Truncate::truncate(s)) @@ -156,7 +156,7 @@ pub fn expand_a(rho: &[u8]) -> NttMatrix { // // let s1 = Vector::::expand_s(rho, 0); // let s2 = Vector::::expand_s(rho, L::USIZE); -pub fn expand_s(rho: &[u8], eta: Eta, base: usize) -> Vector { +pub(crate) fn expand_s(rho: &[u8], eta: Eta, base: usize) -> Vector { Vector::new(Array::from_fn(|r| { let r = Truncate::truncate(r + base); rej_bounded_poly(rho, eta, r) @@ -164,7 +164,7 @@ pub fn expand_s(rho: &[u8], eta: Eta, base: usize) -> Vector { } // Algorithm 34 ExpandMask -pub fn expand_mask(rho: &[u8], mu: u16) -> Vector +pub(crate) fn expand_mask(rho: &[u8], mu: u16) -> Vector where K: ArraySize, Gamma1: MaskSamplingSize, diff --git a/ml-dsa/src/util.rs b/ml-dsa/src/util.rs index 37d9dc73..48ea9c43 100644 --- a/ml-dsa/src/util.rs +++ b/ml-dsa/src/util.rs @@ -7,4 +7,4 @@ use hybrid_array::{ pub type B32 = Array; /// A 64-byte array, defined here for brevity because it is used several times -pub type B64 = Array; +pub(crate) type B64 = Array; diff --git a/ml-dsa/tests/key-gen.rs b/ml-dsa/tests/key-gen.rs index 464c05da..5a3fda48 100644 --- a/ml-dsa/tests/key-gen.rs +++ b/ml-dsa/tests/key-gen.rs @@ -48,24 +48,24 @@ mod acvp { use serde::{Deserialize, Serialize}; #[derive(Deserialize, Serialize)] - pub struct TestVectorFile { + pub(crate) struct TestVectorFile { #[serde(rename = "testGroups")] - pub test_groups: Vec, + pub(crate) test_groups: Vec, } #[derive(Deserialize, Serialize)] - pub struct TestGroup { + pub(crate) struct TestGroup { #[serde(rename = "tgId")] - pub id: usize, + pub(crate) id: usize, #[serde(rename = "parameterSet")] - pub parameter_set: ParameterSet, + pub(crate) parameter_set: ParameterSet, - pub tests: Vec, + pub(crate) tests: Vec, } #[derive(Deserialize, Serialize)] - pub enum ParameterSet { + pub(crate) enum ParameterSet { #[serde(rename = "ML-DSA-44")] MlDsa44, @@ -77,17 +77,17 @@ mod acvp { } #[derive(Deserialize, Serialize)] - pub struct TestCase { + pub(crate) struct TestCase { #[serde(rename = "tcId")] - pub id: usize, + pub(crate) id: usize, #[serde(with = "hex::serde")] - pub seed: Vec, + pub(crate) seed: Vec, #[serde(with = "hex::serde")] - pub pk: Vec, + pub(crate) pk: Vec, #[serde(with = "hex::serde")] - pub sk: Vec, + pub(crate) sk: Vec, } } diff --git a/ml-dsa/tests/sig-gen.rs b/ml-dsa/tests/sig-gen.rs index 07c52c68..dcf18713 100644 --- a/ml-dsa/tests/sig-gen.rs +++ b/ml-dsa/tests/sig-gen.rs @@ -45,26 +45,26 @@ mod acvp { use serde::{Deserialize, Serialize}; #[derive(Deserialize, Serialize)] - pub struct TestVectorFile { + pub(crate) struct TestVectorFile { #[serde(rename = "testGroups")] - pub test_groups: Vec, + pub(crate) test_groups: Vec, } #[derive(Deserialize, Serialize)] - pub struct TestGroup { + pub(crate) struct TestGroup { #[serde(rename = "tgId")] - pub id: usize, + pub(crate) id: usize, #[serde(rename = "parameterSet")] - pub parameter_set: ParameterSet, + pub(crate) parameter_set: ParameterSet, - pub deterministic: bool, + pub(crate) deterministic: bool, - pub tests: Vec, + pub(crate) tests: Vec, } #[derive(Deserialize, Serialize)] - pub enum ParameterSet { + pub(crate) enum ParameterSet { #[serde(rename = "ML-DSA-44")] MlDsa44, @@ -76,20 +76,20 @@ mod acvp { } #[derive(Deserialize, Serialize)] - pub struct TestCase { + pub(crate) struct TestCase { #[serde(rename = "tcId")] - pub id: usize, + pub(crate) id: usize, #[serde(with = "hex::serde")] - pub sk: Vec, + pub(crate) sk: Vec, #[serde(with = "hex::serde")] - pub message: Vec, + pub(crate) message: Vec, #[serde(with = "hex::serde")] - pub signature: Vec, + pub(crate) signature: Vec, #[serde(default, with = "hex::serde")] - pub rnd: Vec, + pub(crate) rnd: Vec, } } diff --git a/ml-dsa/tests/sig-ver.rs b/ml-dsa/tests/sig-ver.rs index 2c783e78..9bae8404 100644 --- a/ml-dsa/tests/sig-ver.rs +++ b/ml-dsa/tests/sig-ver.rs @@ -44,27 +44,27 @@ mod acvp { use serde::{Deserialize, Serialize}; #[derive(Deserialize, Serialize)] - pub struct TestVectorFile { + pub(crate) struct TestVectorFile { #[serde(rename = "testGroups")] - pub test_groups: Vec, + pub(crate) test_groups: Vec, } #[derive(Deserialize, Serialize)] - pub struct TestGroup { + pub(crate) struct TestGroup { #[serde(rename = "tgId")] - pub id: usize, + pub(crate) id: usize, #[serde(rename = "parameterSet")] - pub parameter_set: ParameterSet, + pub(crate) parameter_set: ParameterSet, #[serde(with = "hex::serde")] - pub pk: Vec, + pub(crate) pk: Vec, - pub tests: Vec, + pub(crate) tests: Vec, } #[derive(Deserialize, Serialize)] - pub enum ParameterSet { + pub(crate) enum ParameterSet { #[serde(rename = "ML-DSA-44")] MlDsa44, @@ -76,19 +76,19 @@ mod acvp { } #[derive(Deserialize, Serialize)] - pub struct TestCase { + pub(crate) struct TestCase { #[serde(rename = "tcId")] - pub id: usize, + pub(crate) id: usize, #[serde(rename = "testPassed")] - pub test_passed: bool, + pub(crate) test_passed: bool, - pub reason: String, + pub(crate) reason: String, #[serde(with = "hex::serde")] - pub message: Vec, + pub(crate) message: Vec, #[serde(with = "hex::serde")] - pub signature: Vec, + pub(crate) signature: Vec, } } diff --git a/rfc6979/src/lib.rs b/rfc6979/src/lib.rs index 8e13e579..34c8eaf5 100644 --- a/rfc6979/src/lib.rs +++ b/rfc6979/src/lib.rs @@ -1,7 +1,7 @@ #![no_std] #![doc = include_str!("../README.md")] #![forbid(unsafe_code, clippy::unwrap_used)] -#![warn(missing_docs, rust_2018_idioms)] +#![warn(missing_docs, rust_2018_idioms, unreachable_pub)] #![doc( html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg" diff --git a/slh-dsa/src/address.rs b/slh-dsa/src/address.rs index 84773712..2ecc89c6 100644 --- a/slh-dsa/src/address.rs +++ b/slh-dsa/src/address.rs @@ -24,7 +24,7 @@ use zerocopy::{ }; /// `Address` represents a hash address as defined by FIPS-205 section 4.2 -pub trait Address: AsRef<[u8]> { +pub(crate) trait Address: AsRef<[u8]> { const TYPE_CONST: u32; #[allow(clippy::doc_markdown)] // False positive @@ -43,77 +43,77 @@ pub trait Address: AsRef<[u8]> { #[derive(Clone, IntoBytes, Immutable)] #[repr(C)] -pub struct WotsHash { - pub layer_adrs: U32, - pub tree_adrs_high: U32, - pub tree_adrs_low: U64, +pub(crate) struct WotsHash { + pub(crate) layer_adrs: U32, + pub(crate) tree_adrs_high: U32, + pub(crate) tree_adrs_low: U64, type_const: U32, // 0 - pub key_pair_adrs: U32, - pub chain_adrs: U32, - pub hash_adrs: U32, + pub(crate) key_pair_adrs: U32, + pub(crate) chain_adrs: U32, + pub(crate) hash_adrs: U32, } #[derive(Clone, IntoBytes, Immutable)] #[repr(C)] -pub struct WotsPk { - pub layer_adrs: U32, - pub tree_adrs_high: U32, - pub tree_adrs_low: U64, +pub(crate) struct WotsPk { + pub(crate) layer_adrs: U32, + pub(crate) tree_adrs_high: U32, + pub(crate) tree_adrs_low: U64, type_const: U32, // 1 - pub key_pair_adrs: U32, + pub(crate) key_pair_adrs: U32, padding: U64, // 0 } #[derive(Clone, IntoBytes, Immutable)] #[repr(C)] -pub struct HashTree { - pub layer_adrs: U32, - pub tree_adrs_high: U32, - pub tree_adrs_low: U64, +pub(crate) struct HashTree { + pub(crate) layer_adrs: U32, + pub(crate) tree_adrs_high: U32, + pub(crate) tree_adrs_low: U64, type_const: U32, // 2 padding: U32, // 0 - pub tree_height: U32, - pub tree_index: U32, + pub(crate) tree_height: U32, + pub(crate) tree_index: U32, } #[derive(Clone, IntoBytes, Immutable)] #[repr(C)] -pub struct ForsTree { +pub(crate) struct ForsTree { layer_adrs: U32, // 0 - pub tree_adrs_high: U32, - pub tree_adrs_low: U64, + pub(crate) tree_adrs_high: U32, + pub(crate) tree_adrs_low: U64, type_const: U32, // 3 - pub key_pair_adrs: U32, - pub tree_height: U32, - pub tree_index: U32, + pub(crate) key_pair_adrs: U32, + pub(crate) tree_height: U32, + pub(crate) tree_index: U32, } #[derive(Clone, IntoBytes, Immutable)] #[repr(C)] -pub struct ForsRoots { +pub(crate) struct ForsRoots { layer_adrs: U32, // 0 - pub tree_adrs_high: U32, - pub tree_adrs_low: U64, + pub(crate) tree_adrs_high: U32, + pub(crate) tree_adrs_low: U64, type_const: U32, // 4 - pub key_pair_adrs: U32, + pub(crate) key_pair_adrs: U32, padding: U64, // 0 } #[derive(Clone, IntoBytes, Immutable)] #[repr(C)] -pub struct WotsPrf { - pub layer_adrs: U32, - pub tree_adrs_high: U32, - pub tree_adrs_low: U64, +pub(crate) struct WotsPrf { + pub(crate) layer_adrs: U32, + pub(crate) tree_adrs_high: U32, + pub(crate) tree_adrs_low: U64, type_const: U32, // 5 - pub key_pair_adrs: U32, - pub chain_adrs: U32, + pub(crate) key_pair_adrs: U32, + pub(crate) chain_adrs: U32, hash_adrs: U32, // 0 } #[derive(Clone, IntoBytes, Immutable)] #[repr(C)] -pub struct ForsPrf { +pub(crate) struct ForsPrf { layer_adrs: U32, // 0 pub tree_adrs_high: U32, pub tree_adrs_low: U64, @@ -187,7 +187,7 @@ impl AsRef<[u8]> for ForsPrf { } impl WotsHash { - pub fn prf_adrs(&self) -> WotsPrf { + pub(crate) fn prf_adrs(&self) -> WotsPrf { WotsPrf { layer_adrs: self.layer_adrs, tree_adrs_low: self.tree_adrs_low, @@ -199,7 +199,7 @@ impl WotsHash { } } - pub fn pk_adrs(&self) -> WotsPk { + pub(crate) fn pk_adrs(&self) -> WotsPk { WotsPk { layer_adrs: self.layer_adrs, tree_adrs_low: self.tree_adrs_low, @@ -210,7 +210,7 @@ impl WotsHash { } } - pub fn tree_adrs(&self) -> HashTree { + pub(crate) fn tree_adrs(&self) -> HashTree { HashTree { layer_adrs: self.layer_adrs, tree_adrs_low: self.tree_adrs_low, @@ -224,7 +224,7 @@ impl WotsHash { } impl ForsTree { - pub fn new(tree_adrs_low: u64, key_pair_adrs: u32) -> ForsTree { + pub(crate) fn new(tree_adrs_low: u64, key_pair_adrs: u32) -> ForsTree { ForsTree { layer_adrs: 0.into(), tree_adrs_low: tree_adrs_low.into(), @@ -235,7 +235,7 @@ impl ForsTree { tree_index: 0.into(), } } - pub fn prf_adrs(&self) -> ForsPrf { + pub(crate) fn prf_adrs(&self) -> ForsPrf { ForsPrf { layer_adrs: 0.into(), tree_adrs_low: self.tree_adrs_low, @@ -247,7 +247,7 @@ impl ForsTree { } } - pub fn fors_roots(&self) -> ForsRoots { + pub(crate) fn fors_roots(&self) -> ForsRoots { ForsRoots { layer_adrs: 0.into(), tree_adrs_low: self.tree_adrs_low, diff --git a/slh-dsa/src/fors.rs b/slh-dsa/src/fors.rs index e01ac0ff..f56a0cb1 100644 --- a/slh-dsa/src/fors.rs +++ b/slh-dsa/src/fors.rs @@ -9,7 +9,7 @@ use crate::hypertree::HypertreeParams; use crate::util::base_2b; #[derive(Clone, Debug, PartialEq, Eq)] -pub struct ForsMTSig { +pub(crate) struct ForsMTSig { sk: Array, auth: Array, P::A>, } @@ -65,7 +65,7 @@ impl TryFrom<&[u8]> for ForsMTSig

{ } #[derive(Clone, Debug, PartialEq, Eq)] -pub struct ForsSignature(Array, P::K>); +pub(crate) struct ForsSignature(Array, P::K>); impl TryFrom<&[u8]> for ForsSignature

{ // TODO - real error type @@ -90,9 +90,9 @@ impl Default for ForsSignature

{ } impl ForsSignature

{ - pub const SIZE: usize = P::K::USIZE * (P::A::USIZE + 1) * P::N::USIZE; + pub(crate) const SIZE: usize = P::K::USIZE * (P::A::USIZE + 1) * P::N::USIZE; - pub fn write_to(&self, slice: &mut [u8]) { + pub(crate) fn write_to(&self, slice: &mut [u8]) { debug_assert!( slice.len() == Self::SIZE, "Writing FORS sig to slice of incorrect length" @@ -105,7 +105,7 @@ impl ForsSignature

{ } #[cfg(feature = "alloc")] - pub fn to_vec(&self) -> alloc::vec::Vec { + pub(crate) fn to_vec(&self) -> alloc::vec::Vec { let mut v = alloc::vec![0u8; Self::SIZE]; self.write_to(&mut v); v diff --git a/slh-dsa/src/hypertree.rs b/slh-dsa/src/hypertree.rs index ca01971b..47b0dfbe 100644 --- a/slh-dsa/src/hypertree.rs +++ b/slh-dsa/src/hypertree.rs @@ -9,12 +9,12 @@ use crate::{ }; #[derive(Clone, Debug, PartialEq, Eq)] -pub struct HypertreeSig(Array, P::D>); +pub(crate) struct HypertreeSig(Array, P::D>); impl HypertreeSig

{ - pub const SIZE: usize = XmssSig::

::SIZE * P::D::USIZE; + pub(crate) const SIZE: usize = XmssSig::

::SIZE * P::D::USIZE; - pub fn write_to(&self, buf: &mut [u8]) { + pub(crate) fn write_to(&self, buf: &mut [u8]) { debug_assert!( buf.len() == Self::SIZE, "HT serialize length mismatch: {}, {}", @@ -28,7 +28,7 @@ impl HypertreeSig

{ } #[cfg(feature = "alloc")] - pub fn to_vec(&self) -> alloc::vec::Vec { + pub(crate) fn to_vec(&self) -> alloc::vec::Vec { let mut buf = alloc::vec![0u8; Self::SIZE]; self.write_to(&mut buf); buf @@ -50,7 +50,7 @@ impl TryFrom<&[u8]> for HypertreeSig

{ } } -pub trait HypertreeParams: XmssParams + Sized { +pub(crate) trait HypertreeParams: XmssParams + Sized { type D: ArraySize + Debug + Eq; type H: ArraySize; // HPrime * D diff --git a/slh-dsa/src/lib.rs b/slh-dsa/src/lib.rs index 26b2ffb8..3dfc8119 100644 --- a/slh-dsa/src/lib.rs +++ b/slh-dsa/src/lib.rs @@ -6,6 +6,7 @@ #![allow(clippy::similar_names)] // TODO: Consider resolving these #![allow(clippy::clone_on_copy)] // Be explicit about moving data #![deny(missing_docs)] // Require all public interfaces to be documented +#![warn(unreachable_pub)] // Prevent unexpected interface changes //! # Usage //! This crate implements the Stateless Hash-based Digital Signature Algorithm (SLH-DSA) based on the finalized diff --git a/slh-dsa/src/util.rs b/slh-dsa/src/util.rs index 4956223c..9bab7b78 100644 --- a/slh-dsa/src/util.rs +++ b/slh-dsa/src/util.rs @@ -2,7 +2,7 @@ use crate::fors::ForsParams; use hybrid_array::{Array, ArraySize, typenum::Unsigned}; // Algorithm 3 -pub fn base_2b(x: &[u8]) -> Array { +pub(crate) fn base_2b(x: &[u8]) -> Array { debug_assert!(x.len() >= (OutLen::USIZE * B::USIZE).div_ceil(8)); debug_assert!(B::USIZE <= 16); @@ -24,7 +24,9 @@ pub fn base_2b(x: &[u8]) -> Array { } /// Separates the digest into the FORS message, the Xmss tree index, and the Xmss leaf index. -pub fn split_digest(digest: &Array) -> (&Array, u64, u32) { +pub(crate) fn split_digest( + digest: &Array, +) -> (&Array, u64, u32) { #[allow(deprecated)] let m = Array::from_slice(&digest[..P::MD::USIZE]); let idx_tree_size = (P::H::USIZE - P::HPrime::USIZE).div_ceil(8); @@ -48,7 +50,7 @@ pub fn split_digest(digest: &Array) -> (&Array(x); - let mut b = BigUint::from_bytes_be(&x[..((OutLen::USIZE * B::USIZE + 7) / 8)]); + let mut b = BigUint::from_bytes_be(&x[..(OutLen::USIZE * B::USIZE + 7) / 8]); if (B::USIZE * OutLen::USIZE) % 8 != 0 { // Clear lower bits of b diff --git a/slh-dsa/src/wots.rs b/slh-dsa/src/wots.rs index 7889cd84..ce01a415 100644 --- a/slh-dsa/src/wots.rs +++ b/slh-dsa/src/wots.rs @@ -15,12 +15,12 @@ const W: u32 = 16; const CK_LEN: usize = 3; // Length of a checksum in chunks #[derive(Clone, Debug, Eq, PartialEq)] -pub struct WotsSig(Array, P::WotsSigLen>); +pub(crate) struct WotsSig(Array, P::WotsSigLen>); impl WotsSig

{ - pub const SIZE: usize = P::N::USIZE * P::WotsSigLen::USIZE; + pub(crate) const SIZE: usize = P::N::USIZE * P::WotsSigLen::USIZE; - pub fn write_to(&self, buf: &mut [u8]) { + pub(crate) fn write_to(&self, buf: &mut [u8]) { debug_assert!(buf.len() == Self::SIZE, "WOTS+ serialize length mismatch"); buf.chunks_exact_mut(P::N::USIZE) @@ -30,7 +30,7 @@ impl WotsSig

{ #[cfg(feature = "alloc")] #[cfg(test)] - pub fn to_vec(&self) -> alloc::vec::Vec { + pub(crate) fn to_vec(&self) -> alloc::vec::Vec { let mut vec = alloc::vec![0u8; Self::SIZE]; self.write_to(&mut vec); vec diff --git a/slh-dsa/src/xmss.rs b/slh-dsa/src/xmss.rs index 8d6d2383..62b0bbe8 100644 --- a/slh-dsa/src/xmss.rs +++ b/slh-dsa/src/xmss.rs @@ -7,15 +7,15 @@ use crate::{address, wots::WotsParams}; use core::fmt::Debug; #[derive(Clone, Debug, PartialEq, Eq)] -pub struct XmssSig { +pub(crate) struct XmssSig { pub(crate) sig: WotsSig

, pub(crate) auth: Array, P::HPrime>, } impl XmssSig

{ - pub const SIZE: usize = WotsSig::

::SIZE + P::HPrime::USIZE * P::N::USIZE; + pub(crate) const SIZE: usize = WotsSig::

::SIZE + P::HPrime::USIZE * P::N::USIZE; - pub fn write_to(&self, buf: &mut [u8]) { + pub(crate) fn write_to(&self, buf: &mut [u8]) { debug_assert!(buf.len() == Self::SIZE, "Xmss serialize length mismatch"); let (wots, auth) = buf.split_at_mut(WotsSig::

::SIZE); @@ -27,7 +27,7 @@ impl XmssSig

{ #[cfg(feature = "alloc")] #[cfg(test)] - pub fn to_vec(&self) -> alloc::vec::Vec { + pub(crate) fn to_vec(&self) -> alloc::vec::Vec { let mut buf = alloc::vec![0u8; Self::SIZE]; self.write_to(&mut buf); buf