latticearc 0.5.0

Production-ready post-quantum cryptography. Hybrid ML-KEM+X25519 by default, all 4 NIST standards (FIPS 203–206), post-quantum TLS, and FIPS 140-3 backend — one crate, zero unsafe.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

//! Basic AES-256-GCM Encryption Example
//!
//! Demonstrates encrypt→decrypt through the unified API.
//!
//! Run with: `cargo run --package latticearc --example basic_encryption --release`

#![allow(clippy::unwrap_used)]
#![allow(clippy::expect_used)]
#![allow(clippy::print_stdout)]
#![allow(clippy::indexing_slicing)]

fn main() {
    println!("=== LatticeArc: Basic AES-256-GCM Encryption ===\n");

    let key = [0x42u8; 32]; // 256-bit key

    // --- Encrypt and decrypt ---
    let plaintext = b"Confidential: quarterly earnings exceed projections.";
    println!(
        "Plaintext ({} bytes): {:?}",
        plaintext.len(),
        std::str::from_utf8(plaintext).unwrap()
    );

    let ciphertext =
        latticearc::encrypt_aes_gcm(plaintext, &key, latticearc::SecurityMode::Unverified)
            .expect("encryption failed");
    println!(
        "Ciphertext ({} bytes): {:02x?}...",
        ciphertext.len(),
        &ciphertext[..16.min(ciphertext.len())]
    );

    let decrypted =
        latticearc::decrypt_aes_gcm(&ciphertext, &key, latticearc::SecurityMode::Unverified)
            .expect("decryption failed");
    assert_eq!(decrypted.as_slice(), plaintext);
    println!("Decrypted: {:?}", std::str::from_utf8(&decrypted).unwrap());
    println!("  Roundtrip OK!\n");

    // --- Tamper detection ---
    println!("--- Tamper Detection ---");
    let mut tampered = ciphertext.clone();
    if tampered.len() > 12 {
        tampered[12] ^= 0xFF;
    }
    let result = latticearc::decrypt_aes_gcm(&tampered, &key, latticearc::SecurityMode::Unverified);
    assert!(result.is_err());
    println!("  Tampered ciphertext correctly rejected: {:?}", result.err().unwrap());

    // --- Wrong key detection ---
    println!("\n--- Wrong Key Detection ---");
    let wrong_key = [0x99u8; 32];
    let result =
        latticearc::decrypt_aes_gcm(&ciphertext, &wrong_key, latticearc::SecurityMode::Unverified);
    assert!(result.is_err());
    println!("  Wrong key correctly rejected: {:?}", result.err().unwrap());

    println!("\nAll basic encryption tests passed!");
}