coldstar_signer/

lib.rs

//! Coldstar Secure Signer
//!
//! Memory-safe cryptographic signing with locked memory pages.
//! Merged from the original coldstar-rs crate and devsyrem's secure_signer.
//!
//! - AES-256-GCM symmetric encryption
//! - Argon2id key derivation
//! - Ed25519 signing (Solana)
//! - secp256k1 ECDSA signing (Base/EVM)
//! - mlock'd secure buffers with auto-zeroize on drop
//! - ZK proofs: ElGamal, ownership, range, equality, validity proofs

pub mod crypto;
pub mod error;
pub mod secure_buffer;
pub mod zk_proofs;

// Re-exports from crypto (coldstar-rs original API)
pub use crypto::{
    decrypt_keypair, encrypt_keypair, sign_ed25519, sign_secp256k1, EncryptedContainer,
};

// Re-exports from crypto (devsyrem full pipeline API)
pub use crypto::{
    create_encrypted_key_container, decrypt_and_sign, sign_transaction, EncryptedKeyContainer,
    SigningResult,
};

// Re-exports from error
pub use error::SignerError;

// Re-exports from secure_buffer
pub use secure_buffer::{LockingMode, SecureBuffer, SecureGuard};

// Re-exports from zk_proofs
pub use zk_proofs::{
    ConfidentialTransferProofBundle, ElGamalCiphertext, ElGamalKeypair, EqualityProof,
    OwnershipProof, PedersenCommitment, RangeProof, ValidityProof,
};

/// Library version
pub const VERSION: &str = env!("CARGO_PKG_VERSION");

/// Convenience prelude for common imports
pub mod prelude {
    pub use crate::crypto::{
        create_encrypted_key_container, decrypt_and_sign, decrypt_keypair, encrypt_keypair,
        sign_ed25519, sign_secp256k1, sign_transaction, EncryptedContainer,
        EncryptedKeyContainer, SigningResult,
    };
    pub use crate::error::SignerError;
    pub use crate::secure_buffer::{LockingMode, SecureBuffer};
    pub use crate::zk_proofs::{
        ConfidentialTransferProofBundle, ElGamalCiphertext, ElGamalKeypair, OwnershipProof,
    };
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_version() {
        assert!(!VERSION.is_empty());
    }
}