roughtime 0.1.0

A no_std-capable Roughtime secure time-sync client with pluggable crypto backends
Documentation
//! The crypto backend abstraction.
//!
//! Exactly one backend feature (`rustcrypto`, `aws-lc-rs`, `aws-lc-rs-fips`) must be enabled;
//! this module re-exports that backend's implementation of [`verify_ed25519`] and [`sha512`]
//! under a single, backend-agnostic name so the rest of the crate never has to `cfg` on the
//! active backend.
//!
//! `pub(crate)` here is intentional despite `clippy::redundant_pub_crate`'s suggestion to
//! widen it to `pub`: this module is private, so `pub(crate)` and `pub` are equivalent in
//! externally-visible effect, but `pub(crate)` is what satisfies `unreachable_pub` (denied at
//! the crate level). This is a known conflict between the two lints; picking `pub(crate)`.
#![allow(clippy::redundant_pub_crate)]

#[cfg(not(any(feature = "rustcrypto", feature = "aws-lc-rs", feature = "aws-lc-rs-fips")))]
compile_error!(
    "roughtime: exactly one crypto backend feature must be enabled: \
     `rustcrypto`, `aws-lc-rs`, or `aws-lc-rs-fips`"
);

// Note: `aws-lc-rs` and `aws-lc-rs-fips` are deliberately *not* checked as mutually exclusive
// here: Cargo's `"aws-lc-rs/fips"` dependency-feature syntax in the `aws-lc-rs-fips` feature
// definition below also activates the identically-named `aws-lc-rs` feature as a side effect of
// how Cargo resolves `pkg/feat` when `pkg` collides with a feature name — both being on
// simultaneously is harmless (both gate the same `mod aws_lc;`).
#[cfg(any(
    all(feature = "rustcrypto", feature = "aws-lc-rs"),
    all(feature = "rustcrypto", feature = "aws-lc-rs-fips"),
))]
compile_error!(
    "roughtime: only one crypto backend feature may be enabled at a time \
     (`rustcrypto` is mutually exclusive with `aws-lc-rs`/`aws-lc-rs-fips`)"
);

#[cfg(feature = "rustcrypto")]
mod rustcrypto;
#[cfg(any(feature = "aws-lc-rs", feature = "aws-lc-rs-fips"))]
mod aws_lc;

#[cfg(feature = "rustcrypto")]
pub(crate) use rustcrypto::{sha512, verify_ed25519};
#[cfg(all(feature = "rustcrypto", feature = "std"))]
pub(crate) use rustcrypto::fill_random;

#[cfg(any(feature = "aws-lc-rs", feature = "aws-lc-rs-fips"))]
pub(crate) use aws_lc::{sha512, verify_ed25519};
#[cfg(all(any(feature = "aws-lc-rs", feature = "aws-lc-rs-fips"), feature = "std"))]
pub(crate) use aws_lc::fill_random;

/// Errors from cryptographic operations.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
#[non_exhaustive]
pub(crate) enum CryptoError {
    /// Signature verification failed.
    InvalidSignature,
    /// Public key bytes were the wrong length or otherwise malformed.
    #[cfg(feature = "rustcrypto")]
    InvalidKey,
    /// A cryptographically secure random-number source was unavailable.
    #[cfg(feature = "std")]
    RandomUnavailable,
}