Skip to main content

crypto_core/
lib.rs

1//! Crypto Core - Cryptographic Primitives for R-SRP Ultra
2//!
3//! Provides SHA-256/SHA-512, BLAKE3, Ed25519, and RSA-PSS implementations
4//! with HSM integration support.
5
6pub mod error;
7pub mod hash;
8pub mod hsm;
9pub mod merkle;
10pub mod signature;
11
12use serde::{Deserialize, Serialize};
13
14/// Hash algorithm selection
15#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize, Default)]
16#[serde(rename_all = "UPPERCASE")]
17pub enum HashAlgorithm {
18    /// SHA-256 (default)
19    #[default]
20    Sha256,
21    /// SHA-512
22    Sha512,
23    /// BLAKE3 (high performance)
24    Blake3,
25}
26
27/// Signature algorithm selection
28#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize, Default)]
29#[serde(rename_all = "UPPERCASE")]
30pub enum SignatureAlgorithm {
31    /// RSA-PSS 2048 (legacy; disabled in software signer path)
32    RsaPss2048,
33    /// RSA-PSS 4096 (legacy; disabled in software signer path)
34    RsaPss4096,
35    /// Ed25519
36    #[default]
37    Ed25519,
38    /// ECDSA P-256
39    EcdsaP256,
40    /// ECDSA P-384
41    EcdsaP384,
42}
43
44/// Key metadata
45#[derive(Debug, Clone, Serialize, Deserialize)]
46pub struct KeyMetadata {
47    /// Key ID
48    pub key_id: String,
49    /// Algorithm
50    pub algorithm: SignatureAlgorithm,
51    /// Created at
52    pub created_at: i64,
53    /// Key type
54    pub key_type: KeyType,
55    /// HSM slot (if applicable)
56    pub hsm_slot: Option<String>,
57}
58
59/// Key type
60#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
61#[serde(rename_all = "snake_case")]
62pub enum KeyType {
63    /// Signing key
64    Signing,
65    /// Verification key
66    Verification,
67    /// Encryption key
68    Encryption,
69    /// HSM-backed key
70    HsmBacked,
71}
72
73/// Cryptographic service error
74#[derive(Debug, thiserror::Error)]
75pub enum CryptoError {
76    #[error("Hash error: {0}")]
77    HashError(String),
78
79    #[error("Signature error: {0}")]
80    SignatureError(String),
81
82    #[error("Key error: {0}")]
83    KeyError(String),
84
85    #[error("HSM error: {0}")]
86    HsmError(String),
87
88    #[error("Verification failed")]
89    VerificationFailed,
90
91    #[error("Invalid key")]
92    InvalidKey,
93}
94
95impl serde::Serialize for CryptoError {
96    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
97    where
98        S: serde::Serializer,
99    {
100        serializer.serialize_str(&self.to_string())
101    }
102}
103
104pub type Result<T> = std::result::Result<T, CryptoError>;
105
106#[cfg(test)]
107mod tests {
108    use super::*;
109
110    #[test]
111    fn test_default_hash_algorithm() {
112        let algo: HashAlgorithm = serde_json::from_str("\"SHA256\"").unwrap();
113        assert_eq!(algo, HashAlgorithm::Sha256);
114    }
115
116    #[test]
117    fn test_default_signature_algorithm() {
118        let algo: SignatureAlgorithm = serde_json::from_str("\"ED25519\"").unwrap();
119        assert_eq!(algo, SignatureAlgorithm::Ed25519);
120    }
121}