Skip to main content

crypto_core/
algorithm.rs

1// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
2//
3// SPDX-License-Identifier: Apache-2.0
4
5/// Asymmetric algorithm identifiers used for signatures and key agreement.
6#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
7pub enum Algorithm {
8    /// Ed25519 EdDSA signature algorithm.
9    Ed25519,
10    /// X25519 Diffie-Hellman key agreement.
11    X25519,
12    /// NIST P-256 (secp256r1) ECDSA signature and ECDH key agreement.
13    P256,
14    /// NIST P-384 (secp384r1) ECDSA signature and ECDH key agreement.
15    P384,
16    /// NIST P-521 (secp521r1) ECDSA signature and ECDH key agreement.
17    P521,
18    /// secp256k1 ECDSA signature algorithm.
19    Secp256k1,
20    /// ML-DSA-44 post-quantum signature algorithm.
21    MlDsa44,
22    /// ML-DSA-65 post-quantum signature algorithm.
23    MlDsa65,
24    /// ML-DSA-87 post-quantum signature algorithm.
25    MlDsa87,
26    /// ML-KEM-512 post-quantum key encapsulation.
27    MlKem512,
28    /// ML-KEM-768 post-quantum key encapsulation.
29    MlKem768,
30    /// ML-KEM-1024 post-quantum key encapsulation.
31    MlKem1024,
32    /// X-Wing hybrid KEM over X25519 and ML-KEM-768.
33    XWing768,
34    /// X-Wing hybrid KEM over X25519 and ML-KEM-1024.
35    XWing1024,
36}
37
38impl Algorithm {
39    /// Canonical protocol identifier string.
40    /// MUST match multicodec `alg` strings exactly.
41    pub fn as_str(self) -> &'static str {
42        match self {
43            Algorithm::Ed25519 => "Ed25519",
44            Algorithm::X25519 => "X25519",
45            Algorithm::P256 => "P-256",
46            Algorithm::P384 => "P-384",
47            Algorithm::P521 => "P-521",
48            Algorithm::Secp256k1 => "secp256k1",
49            Algorithm::MlDsa44 => "ML-DSA-44",
50            Algorithm::MlDsa65 => "ML-DSA-65",
51            Algorithm::MlDsa87 => "ML-DSA-87",
52            Algorithm::MlKem512 => "ML-KEM-512",
53            Algorithm::MlKem768 => "ML-KEM-768",
54            Algorithm::MlKem1024 => "ML-KEM-1024",
55            Algorithm::XWing768 => "X-Wing-768",
56            Algorithm::XWing1024 => "X-Wing-1024",
57        }
58    }
59
60    /// True if this algorithm produces digital signatures
61    pub fn is_signature(self) -> bool {
62        matches!(
63            self,
64            Algorithm::Ed25519
65                | Algorithm::P256
66                | Algorithm::P384
67                | Algorithm::P521
68                | Algorithm::Secp256k1
69                | Algorithm::MlDsa44
70                | Algorithm::MlDsa65
71                | Algorithm::MlDsa87
72        )
73    }
74
75    /// True if this algorithm is for key agreement / encapsulation
76    pub fn is_key_agreement(self) -> bool {
77        matches!(
78            self,
79            Algorithm::X25519
80                | Algorithm::P256
81                | Algorithm::P384
82                | Algorithm::P521
83                | Algorithm::MlKem512
84                | Algorithm::MlKem768
85                | Algorithm::MlKem1024
86                | Algorithm::XWing768
87                | Algorithm::XWing1024
88        )
89    }
90}
91
92impl core::fmt::Display for Algorithm {
93    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
94        write!(f, "{}", self.as_str())
95    }
96}
97
98/// Authenticated encryption (AEAD) algorithm identifiers.
99#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
100pub enum AeadAlgorithm {
101    /// AES-128 in Galois/Counter Mode.
102    Aes128Gcm,
103    /// AES-192 in Galois/Counter Mode.
104    Aes192Gcm,
105    /// AES-256 in Galois/Counter Mode.
106    Aes256Gcm,
107    /// AES-256 in GCM-SIV (nonce-misuse-resistant) mode.
108    Aes256GcmSiv,
109    /// ChaCha20-Poly1305 with a 96-bit RFC 8439 nonce.
110    ChaCha20Poly1305,
111    /// XChaCha20-Poly1305 with a 192-bit extended nonce.
112    XChaCha20Poly1305,
113}
114
115impl AeadAlgorithm {
116    /// Canonical protocol identifier string.
117    pub fn as_str(self) -> &'static str {
118        match self {
119            AeadAlgorithm::Aes128Gcm => "AES-128-GCM",
120            AeadAlgorithm::Aes192Gcm => "AES-192-GCM",
121            AeadAlgorithm::Aes256Gcm => "AES-256-GCM",
122            AeadAlgorithm::Aes256GcmSiv => "AES-256-GCM-SIV",
123            AeadAlgorithm::ChaCha20Poly1305 => "ChaCha20-Poly1305",
124            AeadAlgorithm::XChaCha20Poly1305 => "XChaCha20-Poly1305",
125        }
126    }
127}
128
129impl core::fmt::Display for AeadAlgorithm {
130    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
131        write!(f, "{}", self.as_str())
132    }
133}
134
135/// Hash algorithm identifiers.
136#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
137pub enum HashAlgorithm {
138    /// SHA-2 with a 256-bit digest.
139    Sha2_256,
140    /// SHA-2 with a 384-bit digest.
141    Sha2_384,
142    /// SHA-2 with a 512-bit digest.
143    Sha2_512,
144    /// SHA-3 with a 224-bit digest.
145    Sha3_224,
146    /// SHA-3 with a 256-bit digest.
147    Sha3_256,
148    /// SHA-3 with a 384-bit digest.
149    Sha3_384,
150    /// SHA-3 with a 512-bit digest.
151    Sha3_512,
152}
153
154impl HashAlgorithm {
155    /// Canonical protocol identifier string.
156    pub fn as_str(self) -> &'static str {
157        match self {
158            HashAlgorithm::Sha2_256 => "SHA2-256",
159            HashAlgorithm::Sha2_384 => "SHA2-384",
160            HashAlgorithm::Sha2_512 => "SHA2-512",
161            HashAlgorithm::Sha3_224 => "SHA3-224",
162            HashAlgorithm::Sha3_256 => "SHA3-256",
163            HashAlgorithm::Sha3_384 => "SHA3-384",
164            HashAlgorithm::Sha3_512 => "SHA3-512",
165        }
166    }
167}
168
169impl core::fmt::Display for HashAlgorithm {
170    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
171        write!(f, "{}", self.as_str())
172    }
173}
174
175/// Message authentication code algorithm identifiers.
176#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
177pub enum MacAlgorithm {
178    /// HMAC using SHA-256.
179    HmacSha256,
180    /// HMAC using SHA-512.
181    HmacSha512,
182}
183
184impl MacAlgorithm {
185    /// Canonical protocol identifier string.
186    pub fn as_str(self) -> &'static str {
187        match self {
188            MacAlgorithm::HmacSha256 => "HMAC-SHA-256",
189            MacAlgorithm::HmacSha512 => "HMAC-SHA-512",
190        }
191    }
192}
193
194impl core::fmt::Display for MacAlgorithm {
195    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
196        write!(f, "{}", self.as_str())
197    }
198}