Skip to main content

soliton/
lib.rs

1#![forbid(unsafe_code)]
2#![deny(missing_docs)]
3#![deny(clippy::cast_possible_truncation)]
4//! # soliton
5//!
6//! Core cryptographic library for the LO protocol.
7//!
8//! Provides all cryptographic operations specified in Soliton Specification:
9//! - Soliton composite key (X-Wing + Ed25519 + ML-DSA-65) generation and management
10//! - Hybrid signatures (Ed25519 + ML-DSA-65)
11//! - KEM-based authentication
12//! - LO-KEX key agreement (session initiation and reception)
13//! - LO-Ratchet (KEM ratchet + symmetric chain) message encryption
14//! - Storage encryption (XChaCha20-Poly1305 + zstd)
15//!
16//! ## Backend
17//!
18//! Pure Rust on all targets (native and WASM):
19//! - **RustCrypto**: ML-KEM-768, ML-DSA-65, XChaCha20-Poly1305, SHA3-256, HMAC, HKDF
20//! - **curve25519-dalek / ed25519-dalek**: X25519, Ed25519
21//! - **getrandom**: CSPRNG
22
23// Prevent `test-utils` from being enabled in release builds.
24// The feature gates test-only helpers (zeroed key constructors, state inspection)
25// that must never be available outside of test/development contexts.
26#[cfg(all(feature = "test-utils", not(debug_assertions)))]
27compile_error!(
28    "The `test-utils` feature must not be enabled in release builds. \
29     It exposes internal state constructors that bypass security invariants."
30);
31
32/// Library version, matching the crate version from Cargo.toml.
33pub const VERSION: &str = env!("CARGO_PKG_VERSION");
34
35/// Protocol constants (key sizes, HKDF labels, version strings).
36pub mod constants;
37/// Error types for all soliton operations.
38pub mod error;
39
40/// KEM-based authentication challenge/response (§4).
41pub mod auth;
42/// E2EE voice call key derivation (§6.12).
43pub mod call;
44/// LO composite identity key and hybrid signature operations (§2, §3).
45pub mod identity;
46/// LO-KEX session key agreement (§5).
47pub mod kex;
48/// Low-level cryptographic primitives (AEAD, KEM, signatures, hashing, RNG).
49pub mod primitives;
50/// LO-Ratchet and message encryption (§6, §7).
51pub mod ratchet;
52/// Server-side storage encryption with key rotation (§11).
53pub mod storage;
54/// Streaming/chunked AEAD for large payloads (§15).
55pub mod streaming;
56/// Verification phrase generation for out-of-band identity verification (§9).
57pub mod verification;