cryspen · wysiwys · Jul 17, 2025 · Jul 17, 2025 · Jul 17, 2025 · Jul 23, 2025
@@ -36,6 +36,7 @@ members = [
     "crates/primitives/digest",
     "crates/testing/kats",
     "hacl-rs",
+    "crates/primitives/signature",
 ]
 
 [workspace.package]

@@ -0,0 +1,36 @@
+[package]
+authors.workspace = true
+edition.workspace = true
+homepage.workspace = true
+license.workspace = true
+name = "libcrux-signature"
+readme.workspace = true
+repository.workspace = true
+version.workspace = true
+
+[dependencies]
+libcrux-ecdsa = { version = "0.0.3", path = "../../../ecdsa", optional = true }
+libcrux-ed25519 = { version = "0.0.3", path = "../../../ed25519", optional = true }
+libcrux-ml-dsa = { version = "0.0.3", path = "../../../libcrux-ml-dsa", optional = true }
+libcrux-traits = { version = "0.0.3", path = "../../../traits", optional = true }
+libcrux-secrets = { version = "0.0.3", path = "../../../secrets", optional = true }
+
+[features]
+default = ["ed25519", "ecdsa", "mldsa"]
+
+check-secret-independence = [
+    "libcrux-secrets/check-secret-independence",
+    "libcrux-traits/check-secret-independence",
+    "libcrux-ml-dsa/expose-secret-independence",
+    "libcrux-ed25519/check-secret-independence",
+    "libcrux-ecdsa/check-secret-independence",
+]
+
+ecdsa = ["dep:libcrux-ecdsa", "any"]
+ed25519 = ["dep:libcrux-ed25519", "any"]
+mldsa = ["dep:libcrux-ml-dsa", "any"]
+
+any = ["dep:libcrux-traits", "dep:libcrux-secrets"]
+
+[dev-dependencies]
+rand = "0.9"
@@ -0,0 +1,98 @@
+#[cfg(any(feature = "ecdsa", feature = "ed25519", feature = "mldsa"))]
+pub use libcrux_traits::signature::{
+    key_centric_owned::{KeyPair, SigningKey, VerificationKey},
+    key_centric_refs::{SigningKeyRef, VerificationKeyRef},
+    owned::Sign,
+};
+
+#[cfg(feature = "ecdsa")]
+pub mod ecdsa {
+    pub mod p256 {
+        //! ```rust
+        //! use libcrux_signature::ecdsa::p256::{P256Signer as P256, Sha2_512, Nonce};
+        //! use libcrux_signature::{Sign, KeyPair, SigningKey, VerificationKey};
+        //!
+        //! // generate a new nonce
+        //! use rand::TryRngCore;
+        //! let mut rng = rand::rngs::OsRng;
+        //! let nonce = Nonce::random(&mut rng.unwrap_mut()).unwrap();
+        //!
+        //! // generate a new signature keypair from random bytes
+        //! let KeyPair { signing_key, verification_key } =
+        //! P256::<Sha2_512>::generate_key_pair(&mut rng.unwrap_mut()).unwrap();
+        //!
+        //! // sign
+        //! let signature = signing_key.sign(b"payload", &nonce).unwrap();
+        //!
+        //! // verify
+        //! verification_key.verify(b"payload", &signature).unwrap();
+        //! ```
+        pub use libcrux_ecdsa::signers::p256::{
+            Nonce, Sha2_256, Sha2_384, Sha2_512, Signer as P256Signer,
+        };
+    }
+}
+
+#[cfg(feature = "ed25519")]
+pub mod ed25519 {
+    //! ```rust
+    //! use libcrux_signature::ed25519::Ed25519;
+    //! use libcrux_signature::{Sign, KeyPair, SigningKey, VerificationKey};
+    //!
+    //! use rand::TryRngCore;
+    //! let mut rng = rand::rngs::OsRng;
+    //! // generate a new signature keypair from random bytes
+    //! let KeyPair { signing_key, verification_key }
+    //!     = Ed25519::generate_key_pair(&mut rng.unwrap_mut()).unwrap();
+    //!
+    //! // sign
+    //! let signature = signing_key.sign(b"payload", ()).unwrap();
+    //!
+    //! // verify
+    //! verification_key.verify(b"payload", &signature).unwrap();
+    //! ```
+    pub use libcrux_ed25519::signers::Signer as Ed25519;
+}
+
+#[cfg(feature = "mldsa")]
+pub mod mldsa {
+    //! ```rust
+    //! use libcrux_signature::mldsa::{Context, MlDsa44, impl_context};
+    //! use libcrux_signature::{Sign, KeyPair, SigningKey, VerificationKey};
+    //!
+    //! // set application context
+    //! impl_context!(AppContext, b"context");
+
+    //! use rand::TryRngCore;
+    //! let mut rng = rand::rngs::OsRng;
+    //!
+    //! // generate a new signature keypair from random bytes
+    //! let KeyPair { signing_key, verification_key }
+    //!     = MlDsa44::<AppContext>::generate_key_pair(&mut rng.unwrap_mut()).unwrap();
+    //!
+    //! // sign
+    //! let signature = signing_key.sign(b"payload", [2; 32]).unwrap();
+    //!
+    //! // verify
+    //! verification_key.verify(b"payload", &signature).unwrap();
+    //! ```
+    //!
+    //! ```rust
+    //! use libcrux_signature::mldsa::{Context, MlDsa44, impl_context};
+    //! use libcrux_signature::SigningKeyRef;
+    //!
+    //! // set application context
+    //! impl_context!(AppContext, b"context");
+    //!
+    //! // signing key from bytes
+    //! let signing_key = SigningKeyRef::<MlDsa44<AppContext>>::from_bytes(&[1; 2560]).unwrap();
+    //!
+    //! // sign with randomness
+    //! signing_key.sign(b"payload", [2; 32]).unwrap();
+    //!
+    //! ```
+    pub use libcrux_ml_dsa::signers::{
+        impl_context, Context, MlDsa44Signer as MlDsa44, MlDsa65Signer as MlDsa65,
+        MlDsa87Signer as MlDsa87,
+    };
+}
@@ -1,28 +1,34 @@
 [package]
-name = "libcrux-ecdsa"
 description = "Formally verified ECDSA signature library"
+name = "libcrux-ecdsa"
 readme = "Readme.md"
 version = "0.0.3"
 
 authors.workspace = true
-license.workspace = true
-homepage.workspace = true
 edition.workspace = true
+homepage.workspace = true
+license.workspace = true
 repository.workspace = true
 
 [dependencies]
 libcrux-p256 = { version = "=0.0.3", path = "../p256", features = [
     "expose-hacl",
 ] }
 libcrux-sha2 = { version = "=0.0.3", path = "../sha2" }
+libcrux-secrets = { version = "=0.0.3", path = "../secrets" }
+libcrux-traits = { version = "=0.0.3", path = "../traits" }
 rand = { version = "0.9", optional = true, default-features = false }
 
 [features]
 default = ["rand", "std"]
 rand = ["dep:rand"]
 std = ["rand?/std"]
+check-secret-independence = [
+    "libcrux-secrets/check-secret-independence",
+    "libcrux-traits/check-secret-independence",
+]
 
 [dev-dependencies]
-rand_core = { version = "0.9" , features = ["os_rng"] }
+rand_core = { version = "0.9", features = ["os_rng"] }
 serde = { version = "1.0.217", features = ["derive"] }
 serde_json = "1.0.138"
@@ -0,0 +1,166 @@
+pub mod signers {
+    //! [`libcrux_traits::signature`] APIs.
+
+    use libcrux_secrets::{DeclassifyRef, U8};
+    use libcrux_traits::signature::arrayref;
+
+    const SIGNING_KEY_LEN: usize = 32;
+    const VERIFICATION_KEY_LEN: usize = 64;
+    const SIG_LEN: usize = 64;
+    const RAND_KEYGEN_LEN: usize = 32;
+
+    macro_rules! impl_signature_traits {
+        (
+            $alias:ident,
+            $name:ty,
+            $sign_fn:ident,
+            $verify_fn:ident
+        ) => {
+            #[doc = concat!(
+                "ECDSA P256 signer specialized for ",
+                stringify!($name),
+                " hash algorithm.\n\n",
+                "This type alias provides a convenient way to access ECDSA signing and verification\n",
+                "operations using the ",
+                stringify!($name),
+                " hash function. It implements all signature traits from\n",
+                "`libcrux_traits::signature` including arrayref, owned, slice, and key-centric APIs.\n\n",
+                "# Hash Algorithm\n",
+                "Uses ",
+                stringify!($name),
+                " for message hashing before signing.\n\n",
+                "# Key Sizes\n",
+                "- Signing keys: 32 bytes\n",
+                "- Verification keys: 64 bytes\n",
+                "- Signatures: 64 bytes"
+            )]
+            pub type $alias = Signer<$name>;
+
+            /// The [`arrayref`](libcrux_traits::signature::arrayref) version of the Sign trait.
+            impl arrayref::Sign<SIGNING_KEY_LEN, VERIFICATION_KEY_LEN, SIG_LEN, RAND_KEYGEN_LEN> for Signer<$name> {
+                /// Sign a payload using a provided signing key and `nonce`.
+                #[inline(always)]
+                fn sign(
+                    payload: &[u8],
+                    signing_key: &[U8; SIGNING_KEY_LEN],
+                    signature: &mut [u8; SIG_LEN],
+                    nonce: &Nonce,
+                ) -> Result<(), arrayref::SignError> {
+                    let result = libcrux_p256::$sign_fn(
+                        signature,
+                        payload.len().try_into().map_err(|_| arrayref::SignError::InvalidArgument)?,
+                        payload,
+                        signing_key.declassify_ref(),
+                        &nonce.0,
+                    );
+                    if !result {
+                        return Err(arrayref::SignError::LibraryError);
+                    }
+                    Ok(())
+                }
+
+                /// Verify a signature using a provided verification key.
+                #[inline(always)]
+                fn verify(
+                    payload: &[u8],
+                    verification_key: &[u8; VERIFICATION_KEY_LEN],
+                    signature: &[u8; SIG_LEN],
+                ) -> Result<(), arrayref::VerifyError> {
+                    let result = libcrux_p256::$verify_fn(
+                        payload.len().try_into().map_err(|_| arrayref::VerifyError::InvalidPayloadLength)?,
+                        payload,
+                        verification_key,
+                        <&[u8; 32]>::try_from(&signature[0..32]).unwrap(),
+                        <&[u8; 32]>::try_from(&signature[32..]).unwrap(),
+                    );
+                    if !result {
+                        return Err(arrayref::VerifyError::LibraryError);
+                    }
+                    Ok(())
+                }
+
+                fn keygen_derand(
+                    signing_key: &mut [U8; SIGNING_KEY_LEN],
+                    verification_key: &mut [u8; VERIFICATION_KEY_LEN],
+                    randomness: &[U8; RAND_KEYGEN_LEN],
+                ) -> Result<(), arrayref::KeyGenError> {
+                    use libcrux_traits::ecdh::arrayref::*;
+
+                    libcrux_p256::P256::secret_to_public(verification_key, &randomness).map_err(|err| match err {
+                            libcrux_traits::ecdh::arrayref::SecretToPublicError::InvalidSecret => arrayref::KeyGenError::InvalidRandomness,
+                            libcrux_traits::ecdh::arrayref::SecretToPublicError::Unknown => arrayref::KeyGenError::LibraryError,
+
+            })?;
+                    *signing_key = *randomness;
+            Ok(())
+
+                }
+            }
+
+            libcrux_traits::impl_signature_slice_trait!(
+                Signer<$name> => SIGNING_KEY_LEN, VERIFICATION_KEY_LEN, SIG_LEN, RAND_KEYGEN_LEN, &Nonce, nonce);
+
+            // key centric APIs
+            libcrux_traits::signature::key_centric_owned::impl_sign_types!(
+                Signer<$name>,
+                SIGNING_KEY_LEN,
+                VERIFICATION_KEY_LEN,
+                SIG_LEN,
+                RAND_KEYGEN_LEN,
+                &'a Nonce
+            );
+        };
+    }
+
+    /// [`libcrux_traits::signature`] APIs for p256.
+    pub mod p256 {
+        use super::*;
+
+        pub use crate::p256::Nonce;
+
+        /// Generic ECDSA P256 signer parameterized by hash algorithm.
+        ///
+        /// This struct provides the foundation for ECDSA signing and verification operations
+        /// using the P256 elliptic curve. It is parameterized by a hash algorithm type `Hash`
+        /// to support different hash functions while maintaining type safety.
+        ///
+        /// # Type Parameter
+        /// - `Hash`: The hash algorithm type (e.g., `Sha2_256`, `Sha2_384`, `Sha2_512`)
+        ///
+        /// # Usage
+        /// This struct is typically not used directly. Instead, use the specialized type aliases:
+        /// - [`Sha2_256Signer`] for SHA-256 hashing
+        /// - [`Sha2_384Signer`] for SHA-384 hashing
+        /// - [`Sha2_512Signer`] for SHA-512 hashing
+        ///
+        /// # Security
+        /// - Requires a cryptographically secure nonce for each signing operation
+        /// - The same nonce must never be reused with the same key and different messages
+        /// - Verification is deterministic and does not require additional randomness
+        pub struct Signer<Hash> {
+            _marker: core::marker::PhantomData<Hash>,
+        }
+        pub use libcrux_sha2::{Sha256 as Sha2_256, Sha384 as Sha2_384, Sha512 as Sha2_512};
+
+        impl_signature_traits!(
+            Sha2_256Signer,
+            Sha2_256,
+            ecdsa_sign_p256_sha2,
+            ecdsa_verif_p256_sha2
+        );
+
+        impl_signature_traits!(
+            Sha2_384Signer,
+            Sha2_384,
+            ecdsa_sign_p256_sha384,
+            ecdsa_verif_p256_sha384
+        );
+
+        impl_signature_traits!(
+            Sha2_512Signer,
+            Sha2_512,
+            ecdsa_sign_p256_sha512,
+            ecdsa_verif_p256_sha512
+        );
+    }
+}
@@ -28,3 +28,9 @@ pub type DigestAlgorithm = libcrux_sha2::Algorithm;
 /// The number of iteration for rejection sampling.
 #[cfg(feature = "rand")]
 pub(crate) const RAND_LIMIT: usize = 100;
+
+mod impl_signature_trait;
+pub use impl_signature_trait::*;
+
+pub use libcrux_traits::signature::key_centric_owned::{KeyPair, SigningKey, VerificationKey};
+pub use libcrux_traits::signature::key_centric_refs::{SigningKeyRef, VerificationKeyRef};
@@ -18,7 +18,7 @@ pub struct Signature {
 }
 
 /// An ECDSA P-256 nonce
-pub struct Nonce([u8; 32]);
+pub struct Nonce(pub(super) [u8; 32]);
 
 /// An ECDSA P-256 private key
 pub struct PrivateKey([u8; 32]);

@@ -16,6 +16,9 @@ libcrux-sha2 = { version = "=0.0.3", path = "../sha2", features = [
     "expose-hacl",
 ] }
 libcrux-macros = { version = "=0.0.3", path = "../macros" }
+libcrux-traits = { version = "=0.0.3", path = "../traits" }
+libcrux-secrets = { version = "=0.0.3", path = "../secrets" }
+
 rand_core = { version = "0.9", optional = true }
 tls_codec = { version = "0.4.2", features = ["derive"], optional = true }
 
@@ -26,3 +29,7 @@ wycheproof = "0.6.0"
 [features]
 rand = ["dep:rand_core"]
 codec = ["tls_codec/std"]
+check-secret-independence = [
+    "libcrux-traits/check-secret-independence",
+    "libcrux-secrets/check-secret-independence",
+]