1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
//
// SPDX-License-Identifier: Apache-2.0
//! Algorithm dispatch and structural validation.
//!
//! This crate is the runtime seam between an [`Algorithm`](crypto_core::Algorithm)
//! selector and the concrete primitive that implements it. Given an
//! algorithm value it routes keygen, sign/verify, key agreement, KEM
//! encapsulate/decapsulate, AEAD, and hashing to the matching primitive
//! adapter, and it binds public keys to their multicodec/multikey
//! encodings.
//!
//! Two safety properties are enforced here rather than left to callers:
//! [`verify`] fails closed — an invalid signature is an
//! [`AlgorithmError::SignatureInvalid`], never `Ok(false)` — and every
//! secret returned (generated private keys, shared secrets, decapsulated
//! secrets) is carried in a zeroizing wrapper. Length and key-shape checks are
//! performed by the selected primitive's typed constructors and are exercised
//! by dispatch-level negative tests so algorithm routing cannot silently
//! truncate, pad, or reinterpret caller bytes.
//!
//! Constant-time behavior for authentication comparisons is inherited from the
//! wrapped primitive crates. Dispatch does not reimplement tag, MAC, or
//! signature comparison logic; it routes to the primitive verifier and maps
//! the verifier's typed failure into this crate's fail-closed result.
// Core modules
/// Error type returned by dispatch operations.
/// Adapter traits implemented by each algorithm primitive.
// Algorithm adapters
/// Per-algorithm adapters wiring selectors to concrete primitives.
/// Hashing dispatch.
/// Message authentication code dispatch.
// Dispatch entry points
/// Keypair generation with multikey-encoded public keys.
/// Multicodec/multikey encoding of public keys.
/// Runtime dispatch entry points for sign/verify, key agreement, KEM, and AEAD.
/// Structural validation of verification-method multikeys.
// Re-export error type
pub use AlgorithmError;
pub use ;
// Re-export public dispatch API
pub use hash_digest;
pub use ;
pub use ;
pub use ;
pub use public_key_to_multikey;
pub use validate_verification_method_multikey;