Pull out libcrux::kem into a standalone crate (#304)

* Make ML-KEM-768 constants public

So they can be used by hybrid KEMs in the `libcrux-kem` crate.

* Change `libcrux::ecdh` submodule and item visibility to public

So they can be used in the `libcrux-kem` crate

* Change visibility of `libcrux-ml-kem::MlKemKeyPair` fields to `pub`

So they can be accessed in the `libcrux-kem` crate.

* Extract `libcrux::kem` module to its own crate

* Update KEM crate documentation

* Format

* Provide `.len()` on ML-KEM structs and use that instead of constants

* Use `.into_parts()` on `MlKemKeyPair` instead of direct access

* Add CI run for `libcrux-kem`

* Fix ML-KEM tests

* CI: Use Rust stable and exclude Win32 (linker issue)

* Revert CI change to now install Rust nightly again

* Pull out `ecdh` module into its own crate

* Make `libcrux-kem` use `libcrux-ecdh` instead of `libcrux`

* Make `libcrux` use standalone `libcrux-ecdh` crate

* Copied CI workflow for ECDH crate

* Merge imports

* Move P256 ECDSA signature API back to libcrux

* Move ECDH tests to the `libcrux-ecdh` crate

* Update Cargo.lock

* Make `libcrux` depend on `libcrux-kem`

* Make spec libcrux interop tests use standalone crate

* Update benchmarks to use `libcrux-ml-kem` (resp. `libcrux-kem`)

* Remove dead code

* Remove Signing Errors from `libcrux-ecdh`

* Better name for `libcrux` wrapper around `libcrux-ecdh` Error

* Reduce doc comment for `libcrux::kem` module

* Preserve Kyber implementation notes

.github/workflows/ecdh.yml

@@ -0,0 +1,120 @@
+name: KEM
+
+on:
+  push:
+    branches: ["main", "dev"]
+  pull_request:
+    branches: ["main", "dev", "*"]
+  workflow_dispatch:
+  merge_group:
+
+env:
+  CARGO_TERM_COLOR: always
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        bits: [32, 64]
+        os:
+          - macos-13 # Intel mac
+          - macos-latest # macos-14 m1
+          - ubuntu-latest
+          - windows-latest
+        exclude:
+          - bits: 32
+            os: "macos-latest"
+          - bits: 32
+            os: "macos-13"
+          - bits: 32 # FIXME: Linking isn't working here yet for hacl #42
+            os: "windows-latest"
+
+    runs-on: ${{ matrix.os }}
+    defaults:
+      run:
+        shell: bash
+        working-directory: libcrux-ecdh
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV
+        if: ${{ matrix.bits == 64 }}
+
+      - name: 🛠️ Setup Rust Nightly
+        run: rustup toolchain install nightly
+
+      - name: 🛠️ Setup Ubuntu x86
+        if: ${{ matrix.bits == 32 &&  matrix.os == 'ubuntu-latest' }}
+        run: |
+          rustup target add i686-unknown-linux-gnu
+          sudo apt-get update
+          sudo apt-get install -y gcc-multilib g++-multilib
+
+      - name: 🛠️ Setup Ubuntu x64
+        if: ${{ matrix.bits == 64 &&  matrix.os == 'ubuntu-latest' }}
+        run: |
+          rustup target add aarch64-unknown-linux-gnu
+
+      # Set up 32 bit systems
+
+      - name: 🛠️ Config Windows x86
+        run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV
+        if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }}
+
+      - name: 🛠️ Config Linux x86
+        run: |
+          echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV
+        if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }}
+
+      # Build ...
+
+      - name: 🔨 Build
+        run: |
+          rustc --print=cfg
+          cargo build --verbose $RUST_TARGET_FLAG
+
+      - name: 🔨 Build Release
+        run: cargo build --verbose --release $RUST_TARGET_FLAG
+
+      - name: 🏃🏻 Asan MacOS
+        if: ${{ matrix.os == 'macos-latest' }}
+        run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target aarch64-apple-darwin
+
+      # - name: ⬆ Upload build
+      #   uses: ./.github/actions/upload_artifacts
+      #   with:
+      #     name: build_${{ matrix.os }}_${{ matrix.bits }}
+
+      # We get false positives here.
+      # TODO: Figure out what is going on here
+      # - name: 🏃🏻 Asan Linux
+      #   if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }}
+      #   run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target x86_64-unknown-linux-gnu
+
+      # Test ...
+
+      - name: 🏃🏻‍♀️ Test
+        run: |
+          cargo clean
+          cargo test --verbose $RUST_TARGET_FLAG
+
+      - name: 🏃🏻‍♀️ Test Release
+        run: |
+          cargo clean
+          cargo test --verbose --release $RUST_TARGET_FLAG
+
+      - name: 🏃🏻‍♀️ Test Portable
+        run: |
+          cargo clean
+          LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo test --verbose $RUST_TARGET_FLAG
+
+      - name: 🏃🏻‍♀️ Test Portable Release
+        run: |
+          cargo clean
+          LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo test --verbose --release $RUST_TARGET_FLAG

.github/workflows/kem.yml

@@ -0,0 +1,120 @@
+name: KEM
+
+on:
+  push:
+    branches: ["main", "dev"]
+  pull_request:
+    branches: ["main", "dev", "*"]
+  workflow_dispatch:
+  merge_group:
+
+env:
+  CARGO_TERM_COLOR: always
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        bits: [32, 64]
+        os:
+          - macos-13 # Intel mac
+          - macos-latest # macos-14 m1
+          - ubuntu-latest
+          - windows-latest
+        exclude:
+          - bits: 32
+            os: "macos-latest"
+          - bits: 32
+            os: "macos-13"
+          - bits: 32 # FIXME: Linking isn't working here yet for hacl #42
+            os: "windows-latest"
+
+    runs-on: ${{ matrix.os }}
+    defaults:
+      run:
+        shell: bash
+        working-directory: libcrux-kem
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV
+        if: ${{ matrix.bits == 64 }}
+
+      - name: 🛠️ Setup Rust Nightly
+        run: rustup toolchain install nightly
+
+      - name: 🛠️ Setup Ubuntu x86
+        if: ${{ matrix.bits == 32 &&  matrix.os == 'ubuntu-latest' }}
+        run: |
+          rustup target add i686-unknown-linux-gnu
+          sudo apt-get update
+          sudo apt-get install -y gcc-multilib g++-multilib
+
+      - name: 🛠️ Setup Ubuntu x64
+        if: ${{ matrix.bits == 64 &&  matrix.os == 'ubuntu-latest' }}
+        run: |
+          rustup target add aarch64-unknown-linux-gnu
+
+      # Set up 32 bit systems
+
+      - name: 🛠️ Config Windows x86
+        run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV
+        if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }}
+
+      - name: 🛠️ Config Linux x86
+        run: |
+          echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV
+        if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }}
+
+      # Build ...
+
+      - name: 🔨 Build
+        run: |
+          rustc --print=cfg
+          cargo build --verbose $RUST_TARGET_FLAG
+
+      - name: 🔨 Build Release
+        run: cargo build --verbose --release $RUST_TARGET_FLAG
+
+      - name: 🏃🏻 Asan MacOS
+        if: ${{ matrix.os == 'macos-latest' }}
+        run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target aarch64-apple-darwin
+
+      # - name: ⬆ Upload build
+      #   uses: ./.github/actions/upload_artifacts
+      #   with:
+      #     name: build_${{ matrix.os }}_${{ matrix.bits }}
+
+      # We get false positives here.
+      # TODO: Figure out what is going on here
+      # - name: 🏃🏻 Asan Linux
+      #   if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }}
+      #   run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target x86_64-unknown-linux-gnu
+
+      # Test ...
+
+      - name: 🏃🏻‍♀️ Test
+        run: |
+          cargo clean
+          cargo test --verbose $RUST_TARGET_FLAG
+
+      - name: 🏃🏻‍♀️ Test Release
+        run: |
+          cargo clean
+          cargo test --verbose --release $RUST_TARGET_FLAG
+
+      - name: 🏃🏻‍♀️ Test Portable
+        run: |
+          cargo clean
+          LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo test --verbose $RUST_TARGET_FLAG
+
+      - name: 🏃🏻‍♀️ Test Portable Release
+        run: |
+          cargo clean
+          LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo test --verbose --release $RUST_TARGET_FLAG

Cargo.toml

@@ -11,8 +11,10 @@ members = [
     "libcrux-sha3",
     "libcrux-ml-dsa",
     "libcrux-intrinsics",
+    "libcrux-kem",
     "libcrux-hmac",
     "libcrux-hkdf",
+    "libcrux-ecdh",
 ]
 
 [workspace.package]
@@ -48,6 +50,9 @@ libcrux-hacl = { version = "=0.0.2-pre.2", path = "sys/hacl" }
 libcrux-platform = { version = "=0.0.2-pre.2", path = "sys/platform" }
 libcrux-hkdf = { version = "=0.0.2-pre.2", path = "libcrux-hkdf" }
 libcrux-hmac = { version = "=0.0.2-pre.2", path = "libcrux-hmac" }
+libcrux-ecdh = { version = "=0.0.2-pre.2", path = "libcrux-ecdh" }
+libcrux-ml-kem = { version = "=0.0.2-pre.2", path = "libcrux-ml-kem" }
+libcrux-kem = { version = "=0.0.2-pre.2", path = "libcrux-kem" }
 rand = { version = "0.8" }
 log = { version = "0.4", optional = true }
 # WASM API

benchmarks/Cargo.toml

@@ -13,6 +13,8 @@ publish = false
 
 [dev-dependencies]
 libcrux = { path = "../", features = ["rand", "tests"] }
+libcrux-kem = { path = "../libcrux-kem", features = ["tests"] }
+libcrux-ml-kem = { path = "../libcrux-ml-kem", features = ["tests"] }
 rand = { version = "0.8" }
 rand_core = { version = "0.6" }
 # Benchmarking "RustCrypto"