hanzo_crypto/
lib.rs

1//! NIST Post-Quantum Cryptography implementation for Hanzo Node
2//!
3//! Implements FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA)
4//! with support for hybrid modes and privacy tiers.
5
6pub mod attestation;
7pub mod config;
8pub mod errors;
9pub mod hybrid;
10pub mod kdf;
11pub mod kem;
12pub mod privacy_tiers;
13pub mod signature;
14pub mod wire_protocol;
15
16pub use config::PqcConfig;
17pub use errors::{PqcError, Result};
18pub use hybrid::{HybridKem, HybridMode};
19pub use kdf::{Kdf, KdfAlgorithm};
20pub use kem::{DecapsulationKey, EncapsulationKey, Kem, KemAlgorithm, KemKeyPair};
21pub use privacy_tiers::{CapabilityMatrix, PrivacyTier, RuntimeRequirements};
22pub use signature::{Signature, SignatureAlgorithm, SigningKey, VerifyingKey};
23
24// Re-export saorsa-pqc for post-quantum crypto
25pub use saorsa_pqc;
26
27/// Initialize the PQC subsystem with FIPS-compliant RNG
28pub fn init() -> Result<()> {
29    // Ensure we're using a FIPS-compliant RNG
30    #[cfg(feature = "fips-mode")]
31    {
32        verify_fips_rng()?;
33    }
34
35    Ok(())
36}
37
38#[cfg(feature = "fips-mode")]
39fn verify_fips_rng() -> Result<()> {
40    // Verify SP 800-90A compliant RNG
41    use getrandom::getrandom;
42    let mut buf = [0u8; 32];
43    getrandom(&mut buf).map_err(|e| PqcError::RngError(e.to_string()))?;
44    Ok(())
45}
hanzo_crypto/lib.rs

hanzo_crypto/
lib.rs
