Skip to main content

auths_crypto/
lib.rs

1//! Cryptographic primitives for Auths.
2//!
3//! Layer 0: a curve-agnostic provider abstraction (sign / verify / keygen /
4//! AEAD / KDF), key parsing, and `did:key` encoding, isolated from concrete
5//! backends to keep everything above dependency-light. The default curve is
6//! **P-256** (the iOS Secure Enclave only supports P-256); Ed25519 is a
7//! fully-supported peer. Keys, seeds, and signatures carry their curve tag
8//! in-band — never dispatch on byte length. See `README.md` for the full
9//! curve policy and build profiles.
10//!
11//! - [`provider`] — Pluggable [`CryptoProvider`] trait (curve-agnostic
12//!   `sign_typed` / `verify_typed` / `generate_typed_keypair`), [`CurveType`],
13//!   and `default_provider`
14//! - [`key_ops`] — [`TypedSignerKey`], the curve-tagged signer that replaces
15//!   `(SecureSeed, CurveType)` pairs
16//! - [`did_key`] — DID:key ↔ raw key, auto-detecting the curve from the
17//!   multicodec ([`DidKeyError`], [`did_key_decode`], [`did_key_to_p256`])
18
19#[cfg(all(feature = "fips", not(target_arch = "wasm32")))]
20pub mod aws_lc_provider;
21#[cfg(all(feature = "cnsa", not(target_arch = "wasm32")))]
22pub mod cnsa_provider;
23pub mod did_key;
24pub mod error;
25pub mod hash256;
26pub mod key_material;
27pub mod key_ops;
28pub mod pkcs8;
29pub mod provider;
30#[cfg(all(feature = "native", not(target_arch = "wasm32")))]
31pub mod ring_provider;
32pub mod secret;
33pub mod ssh;
34#[cfg(feature = "wasm")]
35pub mod webcrypto_provider;
36
37#[cfg(all(feature = "fips", not(target_arch = "wasm32")))]
38pub use aws_lc_provider::AwsLcProvider;
39#[cfg(all(feature = "cnsa", not(target_arch = "wasm32")))]
40pub use cnsa_provider::CnsaProvider;
41pub use did_key::{
42    DecodedDidKey, DidKeyError, did_key_decode, did_key_to_p256, ed25519_pubkey_to_did_keri,
43};
44pub use error::AuthsErrorInfo;
45pub use hash256::Hash256;
46pub use key_material::{build_ed25519_pkcs8_v2, parse_ed25519_key_material, parse_ed25519_seed};
47pub use key_ops::{ParsedKey, TypedSeed, TypedSignerKey, normalize_verkey, parse_key_material};
48#[cfg(all(feature = "native", not(target_arch = "wasm32")))]
49pub use key_ops::{public_key as typed_public_key, sign as typed_sign};
50pub use pkcs8::Pkcs8Der;
51#[cfg(all(feature = "native", not(target_arch = "wasm32")))]
52pub use provider::default_provider;
53pub use provider::{
54    CryptoError, CryptoProvider, CurveType, ED25519_PUBLIC_KEY_LEN, ED25519_SIGNATURE_LEN,
55    P256_PUBLIC_KEY_LEN, P256_SIGNATURE_LEN, SecureSeed, SeedDecodeError, decode_seed_hex,
56};
57#[cfg(all(feature = "native", not(target_arch = "wasm32")))]
58pub use ring_provider::RingCryptoProvider;
59pub use secret::Secret;
60pub use ssh::{SshKeyError, openssh_pub_to_raw};
61#[cfg(all(any(test, feature = "test-utils"), not(target_arch = "wasm32")))]
62#[allow(clippy::unwrap_used, clippy::expect_used)]
63pub mod testing;
64
65#[cfg(feature = "wasm")]
66pub use webcrypto_provider::WebCryptoProvider;