Caution
This project is currently in development and not yet ready for production use.
Expect changes to occur from time to time, and at this stage, some features may be unavailable.
Table of Contents
qryptotoken is a pure-Rust software token implementation of a PKCS#11 loadable module for the Internet Browsing pilot of
QUBIP project.
The project builds upon and diverges from the original kryoptic project with the primary distinction being the added capability to build the project as a Rust-only version.
The objective of this project is to develop a framework for integrating Post-Quantum Cryptography (PQC) functionality into the Mozilla Firefox security library called Network Security Services (NSS).
While we do not tightly couple with specific implementation choices,
at the moment we support a limited selection of algorithms
and external implementations through our Adapters.
The current supported algorithms are summarized in the following tables.
Note
Future updates to qryptotoken will expand its support for additional PQC algorithms and other external implementations.
| Algorithm | Adapter |
|---|---|
| ML-KEM-768 | libcrux |
| Algorithm | Adapter | Note |
|---|---|---|
| ML-DSA-44 | libcrux | |
| ML-DSA-65 | libcrux | |
| ML-DSA-87 | libcrux | |
| MLDSA65-Ed25519-SHA512 | libcrux | draft-ietf-lamps-pq-composite-sigs@12 (see note below) |
| SLH-DSA-SHAKE-128s | rustcrypto | |
| SLH-DSA-SHAKE-128f | rustcrypto | |
| SLH-DSA-SHAKE-192s | rustcrypto | |
| SLH-DSA-SHAKE-192f | rustcrypto | |
| SLH-DSA-SHAKE-256s | rustcrypto | |
| SLH-DSA-SHAKE-256f | rustcrypto |
qryptotoken currently supports MLDSA65-Ed25519-SHA512 as the only composite ML-DSA algorithm.
- The default implementation included at build time is based on version 12 of the draft-ietf-lamps-pq-composite-sigs.
- An earlier implementation, based on version 07 of the draft, is also available and can be enabled by building Qryptotoken with the Cargo feature
_composite_sigs_draft_07. - By default, the Cargo feature
_composite_sigs_draft_12is selected.
Users can choose between draft versions if needed, while maintaining draft-12 as the latest standard (draft) supported implementation.
| Algorithm | CKM_* (Hex) | CKM_*_KEY_PAIR_GEN (Hex) | CKK_* (Hex) | Parameter Set (Hex) | Notes |
|---|---|---|---|---|---|
| ML-KEM-768 | 0xCE534381 |
0xCE534380 |
0xCE534356 |
0xCE534352 |
NSS vendor-defined |
| ML-DSA-44 | 0xCE534546 |
0xCE534545 |
0xCE534544 |
0x00000001 |
NISEC vendor-defined |
| ML-DSA-65 | 0xCE534546 |
0xCE534545 |
0xCE534544 |
0x00000002 |
NISEC vendor-defined |
| ML-DSA-87 | 0xCE534546 |
0xCE534545 |
0xCE534544 |
0x00000003 |
NISEC vendor-defined |
| MLDSA65-Ed25519-SHA512 | 0xCE53454C |
0xCE53454B |
0xCE53454A |
None |
NISEC vendor-defined |
| SLH-DSA-SHAKE-128s | 0xCE534549 |
0xCE534548 |
0xCE534547 |
0x00000002 |
NISEC vendor-defined |
| SLH-DSA-SHAKE-128f | 0xCE534549 |
0xCE534548 |
0xCE534547 |
0x00000004 |
NISEC vendor-defined |
| SLH-DSA-SHAKE-192s | 0xCE534549 |
0xCE534548 |
0xCE534547 |
0x00000006 |
NISEC vendor-defined |
| SLH-DSA-SHAKE-192f | 0xCE534549 |
0xCE534548 |
0xCE534547 |
0x00000008 |
NISEC vendor-defined |
| SLH-DSA-SHAKE-256s | 0xCE534549 |
0xCE534548 |
0xCE534547 |
0x0000000A |
NISEC vendor-defined |
| SLH-DSA-SHAKE-256f | 0xCE534549 |
0xCE534548 |
0xCE534547 |
0x0000000C |
NISEC vendor-defined |
Currently all values are vendor-defined in the NISEC namespace constructed as follows:
#define CKM_VENDOR_DEFINED 0X80000000
#define NISEC_VENDOR_NSS 0x4E534543
#define CKM_NISEC (CKM_VENDOR_DEFINED | NISEC_VENDOR_NSS)
#define CKP_NISEC (CKP_VENDOR_DEFINED | NISEC_VENDOR_NSS)
#define CKK_NISEC (CKK_VENDOR_DEFINED | NISEC_VENDOR_NSS)The CKM_* and CKK_* values for each algorithm are calculated by applying a specific offset to the vendor-defined base.
Currently, CKP_* values comply with PKCS#11 v3.2 standard.
For reference, look at pkcs11_headers/nisec_vendor_extensions.h.
To get started, first build the qryptotoken module by following the build guide. It will walk you through installing the necessary dependencies, setting up the token environment, and initializing the module using the pkcs11-tool.
Once you've successfully built and initialized the module, you're ready to test it with Firefox.
You have two options for setting up Firefox:
- You can build Firefox from source by following a detailed setup guide, which is ideal if you want full control and debugging capabilities.
- Or you can use a preconfigured Flatpak image, which is quicker to set up and ready for testing. Setup instructions are provided in the dedicated Flatpak guide.
Pick the option that suits your needs best.
After your Firefox environment is ready, just follow the testing guide. It will show you how to load the module, and run the interoperability and login tests.
See the open issues for a list of proposed features (and known issues).
- Top Feature Requests (Add your votes using the π reaction)
- Top Bugs (Add your votes using the π reaction)
- Newest Bugs
Reach out to the maintainers at one of the following places:
- GitHub issues
- [email protected] to disclose security issues according to our security documentation.
- [email protected] to report violations of our Code of Conduct.
- Details about the GPG keys to encrypt reports are included in our security documentation.
If you want to say thank you or/and support active development:
- Add a GitHub Star to the project.
- Mention this project on your social media of choice.
- Write interesting articles about the project, and cite us.
Together, we can make Qryptotoken better!
The GitHub repository primarily serves as a mirror, and will be updated every time a new version is released. It might not always be updated with the latest commits in between releases. However, contributions are still very welcome!
Please read our contribution guidelines, and thank you for being involved!
The original setup of this repository is by NISEC.
For a full list of all authors and contributors, see the contributors page.
In this project, we aim to follow good security practices, but 100% security cannot be assured. This crate is provided "as is" without any warranty. Use at your own risk.
For more information and to report security issues, please refer to our security documentation.
This project is licensed under the GNU General Public License v3.0 (GPL-3.0-only).
qryptotoken - a kryoptic fork tailored for PQC
Copyright (C) 2023-2024 Simo Sorce, Jakub Jelen
Copyright (C) 2023-2025 Tampere University
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
See LICENSE for more information.
This work has been developed within the QUBIP project (https://www.qubip.eu), funded by the European Union under the Horizon Europe framework programme grant agreement no. 101119746.