latticearc 0.8.3

Production-ready post-quantum cryptography. Hybrid ML-KEM+X25519 by default, all 4 NIST standards (FIPS 203–206), and FIPS 140-3 backend — one crate, zero unsafe.
Documentation
//! # LatticeArc Types
//!
//! Pure-Rust domain types, traits, configuration, and policy engine for the
//! LatticeArc post-quantum cryptography platform.
//!
//! This module contains all types that have **zero FFI dependencies**, enabling:
//! - Formal verification with Kani (which cannot compile C FFI)
//! - Lightweight dependency for crates that only need types (no aws-lc-sys)
//! - Clean separation of type definitions from cryptographic implementations
//!
//! ## What's Here
//!
//! - **types**: `SecurityLevel`, `UseCase`, `CryptoScheme`, etc.
//! - **traits**: `ZeroTrustAuthenticable`, `ProofOfPossession`, `ContinuousVerifiable`,
//!   `SchemeSelector`, `VerificationStatus`, `DataCharacteristics`, `PatternType`.
//! - **config**: `CoreConfig`, `EncryptionConfig`, `SignatureConfig`, etc.
//! - **key_lifecycle**: `KeyStateMachine`, `KeyLifecycleRecord` (with Kani proofs)
//! - **zero_trust**: `TrustLevel` enum
//! - **error**: `TypeError` for pure-Rust error conditions
//!
//! ## What's NOT Here (lives in `unified_api`)
//!
//! - `CryptoConfig<'a>` (references `VerifiedSession` which uses Ed25519 FFI)
//! - `CoreError` (has `#[from]` variants for FFI error types)
//! - Zero-trust sessions, challenges, proofs (Ed25519 FFI)
//! - Actual cryptographic operations (encrypt, decrypt, sign, verify)
//! - `CryptoPolicyEngine` and `EncryptionScheme` (depend on hybrid/primitives)

/// Configuration types for cryptographic operations.
pub mod config;
/// Domain separation constants for HKDF key derivation.
pub mod domains;
/// Error types for pure-Rust operations.
pub mod error;
/// Key lifecycle management per NIST SP 800-57.
pub mod key_lifecycle;
/// Primitive secret-byte containers (`SecretBytes<N>`, `SecretVec`). See
/// `docs/SECRET_TYPE_INVARIANTS.md` for the normative spec.
pub mod secrets;
/// Core traits for cryptographic operations.
pub mod traits;
/// Fundamental cryptographic types.
#[expect(
    clippy::module_inception,
    reason = "the inner `types` submodule is the canonical home of the fundamental crypto type set; the parent module is the public re-export namespace, so the inner/outer same-name pairing is intentional"
)]
pub mod types;
/// Pure-Rust zero-trust types.
pub mod zero_trust;

// Re-export commonly used items at crate root
pub use config::{
    CoreConfig, EncryptionConfig, ProofComplexity, SignatureConfig, UseCaseConfig, ZeroTrustConfig,
};
pub use error::{Result, TypeError};
pub use key_lifecycle::{
    CustodianRole, KeyCustodian, KeyLifecycleRecord, KeyLifecycleState, KeyStateMachine,
    StateTransition,
};
pub use secrets::{SecretBytes, SecretVec};
pub use traits::{
    ContinuousVerifiable, DataCharacteristics, HardwareCapabilities, HardwareInfo, HardwareType,
    PatternType, ProofOfPossession, SchemeSelector, VerificationStatus, ZeroTrustAuthenticable,
};
pub use types::{
    AlgorithmSelection, ComplianceMode, CryptoContext, CryptoPayload, CryptoScheme, EncryptedData,
    EncryptedMetadata, HashOutput, KeyPair, PerformancePreference, PrivateKey, PublicKey,
    SecurityLevel, SignedData, SignedMetadata, SymmetricKey, UseCase, fips_available,
};
pub use zero_trust::TrustLevel;