b_wing/lib.rs
1//! # B-Wing
2//!
3//! A high-assurance **hybrid post-quantum cryptography** library implementing
4//! [NIST Level 5][nist-pqc] security with redundancy across multiple classical
5//! and post-quantum algorithms.
6//!
7//! B-Wing follows a **redundancy-first** design: every operation is secured by
8//! *at least* one classical elliptic-curve primitive **and** two structurally
9//! distinct post-quantum primitives. Even if an adversary completely breaks two
10//! out of three algorithms, the combined construction remains secure.
11//!
12//! ## Modules
13//!
14//! | Module | Feature flag | Description |
15//! |--------|-------------|-------------|
16//! | [`kem`] | `kem` | **KWing** — Hybrid Key Encapsulation Mechanism |
17//! | [`signing`] | `sign` | **SWing** — Hybrid Digital Signature Scheme |
18//!
19//! ## Security Architecture
20//!
21//! ### KWing — Key Encapsulation Mechanism
22//!
23//! Combines three independent KEMs into a single shared secret via
24//! HKDF-SHA3-512:
25//!
26//! | Layer | Algorithm | Assumption |
27//! |-------|-----------|------------|
28//! | 1 | X25519 | Classical (ECDH) |
29//! | 2 | ML-KEM-1024 (Kyber) | Module-lattice (PQ) |
30//! | 3 | FrodoKEM-1344-SHAKE | Unstructured LWE (PQ) |
31//!
32//! ### SWing — Digital Signatures
33//!
34//! Combines three independent signature schemes into a single composite
35//! signature blob; **all three must pass** for verification to succeed:
36//!
37//! | Layer | Algorithm | Assumption |
38//! |-------|-----------|------------|
39//! | 1 | Ed25519 | Classical (EdDSA) |
40//! | 2 | ML-DSA-87 (Dilithium) | Module-lattice (PQ) |
41//! | 3 | SLH-DSA-SHAKE256f (Sphincs+) | Hash-based (PQ) |
42//!
43//! ## Quick Start
44//!
45//! Add B-Wing to `Cargo.toml`:
46//!
47//! ```toml
48//! [dependencies]
49//! b-wing = "0.1"
50//! ```
51//!
52//! ### Key Encapsulation (KWing)
53//!
54//! ```rust,no_run
55//! use b_wing::{KWing, KemError};
56//!
57//! # fn example() -> Result<(), KemError> {
58//! // --- Recipient side ---
59//! // Derive a long-lived key pair from a 128-byte secret seed.
60//! // In production, fill `seed` from a CSPRNG (e.g. `getrandom::fill`).
61//! let seed = [0u8; 128];
62//! let recipient = KWing::from_seed(&seed)?;
63//! let public_key = recipient.get_pub_key(); // share this with senders
64//!
65//! // --- Sender side ---
66//! // Encapsulate a fresh shared secret. The 128-byte encaps_seed MUST be
67//! // generated freshly for every encapsulation (never reuse it).
68//! let encaps_seed = [1u8; 128];
69//! let (ciphertext, shared_secret_sender) = KWing::encapsulate(&encaps_seed, public_key)?;
70//!
71//! // --- Recipient side (again) ---
72//! // Recover the same 64-byte OKM from the ciphertext.
73//! let shared_secret_recipient = recipient.decapsulate(&ciphertext)?;
74//!
75//! assert_eq!(shared_secret_sender, shared_secret_recipient);
76//! # Ok(())
77//! # }
78//! ```
79//!
80//! ### Digital Signatures (SWing)
81//!
82//! ```rust,no_run
83//! use b_wing::{SWing, SignError};
84//!
85//! # fn example() -> Result<(), SignError> {
86//! // --- Signer side ---
87//! // Derive a long-lived key pair from a 160-byte master seed.
88//! let master_seed = [0u8; 160];
89//! let signer = SWing::from_seed(&master_seed)?;
90//! let verification_key = signer.get_pub_key(); // publish / distribute this
91//!
92//! let message = b"Authenticated payload";
93//! let context = b"my-application-v1";
94//! // The random_seed MUST be generated freshly from a CSPRNG for every signature.
95//! let random_seed = [2u8; 64];
96//!
97//! let signature = signer.sign(message, context, random_seed)?;
98//!
99//! // --- Verifier side ---
100//! // Verification succeeds only when all three sub-signatures are valid.
101//! let ok = SWing::verify(verification_key, message, context, &signature)?;
102//! assert!(ok);
103//! # Ok(())
104//! # }
105//! ```
106//!
107//! ## Feature Flags
108//!
109//! * **`kem`** *(enabled by default)* — Compiles the [`kem`] module and the
110//! [`KWing`] / [`KemError`] re-exports.
111//! * **`sign`** — Compiles the [`signing`] module and the [`SWing`] /
112//! [`SignError`] re-exports.
113//!
114//! Both features can be enabled simultaneously, or selectively for
115//! binary-size-sensitive targets.
116//!
117//! ## Design Invariants
118//!
119//! * **Caller-supplied randomness.** All randomness is provided by the caller
120//! as typed seed arrays, making the API fully deterministic and suitable for
121//! `no_std`, WASM, and embedded targets.
122//! * **Heap-cached keys.** Pre-computed composite public keys are stored on the
123//! heap to amortise the cost of key derivation across many operations.
124//! * **Zeroize on drop.** All secret material is wrapped in [`zeroize::Zeroizing`]
125//! and erased from memory when it goes out of scope.
126//! * **Strict size validation.** Every public API validates buffer sizes before
127//! performing any cryptographic work, returning [`KemError::InvalidFormat`] or
128//! [`SignError::InvalidFormat`] on mismatch.
129//!
130//! [nist-pqc]: https://csrc.nist.gov/projects/post-quantum-cryptography
131
132#![doc(issue_tracker_base_url = "https://codeberg.org/hacer-bark/b-wing/issues")]
133#![forbid(unsafe_code)]
134#![warn(missing_docs)]
135#![warn(rust_2018_idioms)]
136#![warn(unused_qualifications)]
137#![cfg_attr(docsrs, feature(doc_cfg))]
138
139#[cfg(feature = "sign")]
140#[cfg_attr(docsrs, doc(cfg(feature = "sign")))]
141/// Hybrid classical/PQ digital signature scheme (SWing).
142///
143/// See the [module-level docs](signing) for a full security breakdown and
144/// usage examples.
145pub mod signing;
146
147#[cfg(feature = "sign")]
148pub use signing::{Error as SignError, SWing};
149
150#[cfg(feature = "kem")]
151#[cfg_attr(docsrs, doc(cfg(feature = "kem")))]
152/// Hybrid classical/PQ key encapsulation mechanism (KWing).
153///
154/// See the [module-level docs](kem) for a full security breakdown and
155/// usage examples.
156pub mod kem;
157
158#[cfg(feature = "kem")]
159pub use kem::{Error as KemError, KWing};