Skip to main content

cryptography/public_key/
mod.rs

1//! Public-key building blocks.
2//!
3//! This module starts with the arithmetic foundation needed by the public-key
4//! schemes here: a simple limb-based bigint representation, a reusable
5//! Montgomery toolkit, plus primality and modular-arithmetic helpers. The goal
6//! is fidelity to the published arithmetic in pure idiomatic Rust, not a
7//! replacement for industrial multiprecision libraries or a wrapper around
8//! external C code.
9//!
10//! The public-key APIs are layered, but not every scheme exposes every layer
11//! with the same shape:
12//! - arithmetic maps such as `encrypt_raw`, `encrypt_with_nonce`,
13//!   `encrypt_point_with_nonce`, or `sign_digest_with_nonce`
14//! - typed wrappers such as `encrypt`, `decrypt`, `sign_message`, and
15//!   `verify_message`, which operate on the scheme's natural plaintext,
16//!   ciphertext, or signature representation
17//! - byte wrappers such as `encrypt_bytes`, `decrypt_bytes`,
18//!   `verify_message_bytes`, standard wire encodings, and crate-defined key
19//!   blobs
20//!
21//! The important design rule is that the math stays visible. The exact method
22//! set depends on what the underlying construction naturally supports:
23//! signature schemes do not grow encryption wrappers, key-agreement schemes do
24//! not pretend to be byte-to-byte encryption APIs, and schemes such as `ECIES`
25//! intentionally present a direct byte-oriented wrapper because the primitive
26//! is already hybrid encryption.
27//!
28//! The arithmetic primitives remain directly accessible, and the wrapper layer
29//! adds:
30//! - `rsa_pkcs1` for OAEP encryption and PSS signatures
31//! - `rsa_io` for standard RSA key serialization (`PKCS #1`, `PKCS #8`,
32//!   `SPKI`) plus an optional flat XML export for symmetry with the other
33//!   schemes
34//! - internal `io` helpers for the crate-defined non-RSA key formats: a DER
35//!   `SEQUENCE` of positive `INTEGER`s, custom PEM armor, and the shared flat
36//!   XML form
37//!
38//! Public-key naming is normalized crate-wide:
39//! - prefer `*_with_nonce` for deterministic/external-randomness entry points
40//! - prefer `to_wire_bytes` / `from_wire_bytes` for standard compact encodings
41//!   that omit curve or algorithm parameters
42//! - prefer `to_key_blob` / `from_key_blob` for crate-defined self-describing
43//!   binary formats
44//!
45//! This follows the crate-wide design rule: keep the implementation in Rust,
46//! avoid intrinsics and FFI, and add dependencies only where they materially
47//! improve interoperability or maintenance.
48
49pub mod bigint;
50pub mod cocks;
51pub mod dh;
52pub mod dsa;
53pub mod ec;
54pub mod ec_edwards;
55pub mod ec_elgamal;
56pub mod ecdh;
57pub mod ecdsa;
58pub mod ecies;
59pub mod ed25519;
60pub mod eddsa;
61pub mod edwards_dh;
62pub mod edwards_elgamal;
63pub mod elgamal;
64mod gf2m;
65mod io;
66pub mod ml_dsa;
67pub mod ml_kem;
68pub(crate) mod ntru_ees401ep1;
69pub(crate) mod ntru_ees443ep1;
70pub(crate) mod ntru_ees449ep1;
71pub(crate) mod ntru_ees541ep1;
72pub(crate) mod ntru_ees677ep1;
73pub(crate) mod ntru_ees1087ep1;
74pub(crate) mod ntru_ees1087ep2;
75pub(crate) mod ntru_ees1171ep1;
76pub(crate) mod ntru_ees1499ep1;
77pub(crate) mod ntru_ees_core;
78pub(crate) mod ntru_hps509;
79pub(crate) mod ntru_hps677;
80pub(crate) mod ntru_hps821;
81pub(crate) mod ntru_hrss701;
82mod ntru_poly_mul;
83mod ntru_pqc_shared;
84pub mod paillier;
85pub mod primes;
86pub mod rabin;
87pub mod rsa;
88pub mod rsa_io;
89pub mod rsa_pkcs1;
90pub mod schmidt_samoa;
91pub mod x25519;
92pub mod x448;