Skip to main content

lib_q_core/providers/
libq_provider.rs

1//! Main lib-Q cryptographic provider implementation
2//!
3//! This module provides the main LibQCryptoProvider that implements
4//! the CryptoProvider trait and delegates to specific operation providers.
5
6#[cfg(feature = "std")]
7use super::{
8    LibQAeadStubProvider,
9    LibQHashProvider,
10    LibQKemProvider,
11    LibQSignatureProvider,
12};
13use crate::api::{
14    AeadOperations,
15    CryptoProvider,
16    HashOperations,
17    KemOperations,
18    SignatureOperations,
19};
20use crate::error::Result;
21
22/// Main lib-Q cryptographic provider
23///
24/// This provider implements the CryptoProvider trait and delegates
25/// to specific operation providers for each cryptographic operation type.
26/// It serves as the main entry point for all lib-Q cryptographic operations.
27#[cfg(feature = "std")]
28#[derive(Clone)]
29pub struct LibQCryptoProvider {
30    kem_provider: LibQKemProvider,
31    signature_provider: LibQSignatureProvider,
32    hash_provider: LibQHashProvider,
33    aead_provider: LibQAeadStubProvider,
34}
35
36// WASM-compatible version
37#[cfg(not(feature = "std"))]
38#[derive(Clone)]
39pub struct LibQCryptoProvider {
40    kem_provider: WasmKemProvider,
41    signature_provider: WasmSignatureProvider,
42    hash_provider: WasmHashProvider,
43    aead_provider: WasmAeadProvider,
44}
45
46#[cfg(feature = "std")]
47impl LibQCryptoProvider {
48    /// Create a new lib-Q cryptographic provider
49    ///
50    /// # Returns
51    ///
52    /// A new instance of LibQCryptoProvider with all operation providers initialized.
53    ///
54    /// # Errors
55    ///
56    /// Returns an error if any of the operation providers fail to initialize.
57    pub fn new() -> Result<Self> {
58        Ok(Self {
59            kem_provider: LibQKemProvider::new()?,
60            signature_provider: LibQSignatureProvider::new()?,
61            hash_provider: LibQHashProvider::new()?,
62            aead_provider: LibQAeadStubProvider::new()?,
63        })
64    }
65
66    /// Get the KEM provider
67    pub fn kem_provider(&self) -> &LibQKemProvider {
68        &self.kem_provider
69    }
70
71    /// Get the signature provider
72    pub fn signature_provider(&self) -> &LibQSignatureProvider {
73        &self.signature_provider
74    }
75
76    /// Get the hash provider
77    pub fn hash_provider(&self) -> &LibQHashProvider {
78        &self.hash_provider
79    }
80
81    /// Get the stub AEAD provider (use `lib-q-aead` for real AEAD).
82    pub fn aead_provider(&self) -> &LibQAeadStubProvider {
83        &self.aead_provider
84    }
85}
86
87// WASM-compatible implementation
88#[cfg(not(feature = "std"))]
89impl LibQCryptoProvider {
90    /// Create a new lib-Q cryptographic provider (WASM version)
91    pub fn new() -> Result<Self> {
92        Ok(Self {
93            kem_provider: WasmKemProvider::new()?,
94            signature_provider: WasmSignatureProvider::new()?,
95            hash_provider: WasmHashProvider::new()?,
96            aead_provider: WasmAeadProvider::new()?,
97        })
98    }
99
100    /// Get the KEM provider
101    pub fn kem_provider(&self) -> &WasmKemProvider {
102        &self.kem_provider
103    }
104
105    /// Get the signature provider
106    pub fn signature_provider(&self) -> &WasmSignatureProvider {
107        &self.signature_provider
108    }
109
110    /// Get the hash provider
111    pub fn hash_provider(&self) -> &WasmHashProvider {
112        &self.hash_provider
113    }
114
115    /// Get the AEAD provider
116    pub fn aead_provider(&self) -> &WasmAeadProvider {
117        &self.aead_provider
118    }
119}
120
121#[cfg(feature = "std")]
122impl CryptoProvider for LibQCryptoProvider {
123    fn kem(&self) -> Option<&dyn KemOperations> {
124        Some(&self.kem_provider)
125    }
126
127    fn signature(&self) -> Option<&dyn SignatureOperations> {
128        Some(&self.signature_provider)
129    }
130
131    fn hash(&self) -> Option<&dyn HashOperations> {
132        Some(&self.hash_provider)
133    }
134
135    fn aead(&self) -> Option<&dyn AeadOperations> {
136        Some(&self.aead_provider)
137    }
138}
139
140#[cfg(not(feature = "std"))]
141impl CryptoProvider for LibQCryptoProvider {
142    fn kem(&self) -> Option<&dyn KemOperations> {
143        Some(&self.kem_provider)
144    }
145
146    fn signature(&self) -> Option<&dyn SignatureOperations> {
147        Some(&self.signature_provider)
148    }
149
150    fn hash(&self) -> Option<&dyn HashOperations> {
151        Some(&self.hash_provider)
152    }
153
154    fn aead(&self) -> Option<&dyn AeadOperations> {
155        Some(&self.aead_provider)
156    }
157}
158
159// WASM-specific provider implementations
160#[cfg(not(feature = "std"))]
161use alloc::format;
162
163#[cfg(not(feature = "std"))]
164use crate::security::SecurityValidator;
165#[cfg(not(feature = "std"))]
166use crate::traits::{
167    AeadKey,
168    KemKeypair,
169    KemPublicKey,
170    KemSecretKey,
171    Nonce,
172    SigKeypair,
173    SigPublicKey,
174    SigSecretKey,
175};
176
177#[cfg(not(feature = "std"))]
178#[derive(Clone)]
179pub struct WasmKemProvider {
180    security_validator: SecurityValidator,
181}
182
183#[cfg(not(feature = "std"))]
184impl WasmKemProvider {
185    pub fn new() -> Result<Self> {
186        Ok(Self {
187            security_validator: SecurityValidator::new()?,
188        })
189    }
190}
191
192#[cfg(not(feature = "std"))]
193impl KemOperations for WasmKemProvider {
194    fn generate_keypair(
195        &self,
196        algorithm: crate::api::Algorithm,
197        randomness: Option<&[u8]>,
198    ) -> Result<KemKeypair> {
199        // Validate algorithm category
200        self.security_validator
201            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Kem)?;
202
203        // Validate randomness if provided
204        if let Some(rng) = randomness {
205            self.security_validator.validate_randomness(rng)?;
206        }
207
208        // Return proper error indicating WASM implementation needed
209        Err(crate::error::Error::NotImplemented {
210            feature: format!(
211                "WASM KEM operations for {} - implementations are provided by the main lib-q crate",
212                algorithm
213            ),
214        })
215    }
216
217    fn encapsulate(
218        &self,
219        algorithm: crate::api::Algorithm,
220        public_key: &KemPublicKey,
221        randomness: Option<&[u8]>,
222    ) -> Result<(alloc::vec::Vec<u8>, alloc::vec::Vec<u8>)> {
223        // Validate algorithm category
224        self.security_validator
225            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Kem)?;
226
227        // Validate public key
228        self.security_validator
229            .validate_public_key(algorithm, public_key.as_bytes())?;
230
231        // Validate randomness if provided
232        if let Some(rng) = randomness {
233            self.security_validator.validate_randomness(rng)?;
234        }
235
236        // Return proper error indicating WASM implementation needed
237        Err(crate::error::Error::NotImplemented {
238            feature: format!(
239                "WASM KEM operations for {} - implementations are provided by the main lib-q crate",
240                algorithm
241            ),
242        })
243    }
244
245    fn decapsulate(
246        &self,
247        algorithm: crate::api::Algorithm,
248        secret_key: &KemSecretKey,
249        ciphertext: &[u8],
250    ) -> Result<alloc::vec::Vec<u8>> {
251        // Validate algorithm category
252        self.security_validator
253            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Kem)?;
254
255        // Validate secret key
256        self.security_validator
257            .validate_secret_key(algorithm, secret_key.as_bytes())?;
258
259        // Validate ciphertext
260        self.security_validator
261            .validate_ciphertext(algorithm, ciphertext)?;
262
263        // Return proper error indicating WASM implementation needed
264        Err(crate::error::Error::NotImplemented {
265            feature: format!(
266                "WASM KEM operations for {} - implementations are provided by the main lib-q crate",
267                algorithm
268            ),
269        })
270    }
271
272    fn derive_public_key(
273        &self,
274        algorithm: crate::api::Algorithm,
275        secret_key: &KemSecretKey,
276    ) -> Result<KemPublicKey> {
277        // Validate algorithm category
278        self.security_validator
279            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Kem)?;
280
281        // Validate secret key
282        self.security_validator
283            .validate_secret_key(algorithm, secret_key.as_bytes())?;
284
285        // Return proper error indicating WASM implementation needed
286        Err(crate::error::Error::NotImplemented {
287            feature: format!(
288                "WASM KEM operations for {} - implementations are provided by the main lib-q crate",
289                algorithm
290            ),
291        })
292    }
293}
294
295#[cfg(not(feature = "std"))]
296#[derive(Clone)]
297pub struct WasmSignatureProvider {
298    security_validator: SecurityValidator,
299}
300
301#[cfg(not(feature = "std"))]
302impl WasmSignatureProvider {
303    pub fn new() -> Result<Self> {
304        Ok(Self {
305            security_validator: SecurityValidator::new()?,
306        })
307    }
308}
309
310#[cfg(not(feature = "std"))]
311impl SignatureOperations for WasmSignatureProvider {
312    fn generate_keypair(
313        &self,
314        algorithm: crate::api::Algorithm,
315        randomness: Option<&[u8]>,
316    ) -> Result<SigKeypair> {
317        // Validate algorithm category
318        self.security_validator
319            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Signature)?;
320
321        // Validate randomness if provided
322        if let Some(rng) = randomness {
323            self.security_validator.validate_randomness(rng)?;
324        }
325
326        // Return proper error indicating WASM implementation needed
327        Err(crate::error::Error::NotImplemented {
328            feature: format!(
329                "WASM Signature operations for {} - implementations are provided by the main lib-q crate",
330                algorithm
331            ),
332        })
333    }
334
335    fn sign(
336        &self,
337        algorithm: crate::api::Algorithm,
338        secret_key: &SigSecretKey,
339        message: &[u8],
340        randomness: Option<&[u8]>,
341    ) -> Result<alloc::vec::Vec<u8>> {
342        // Validate algorithm category
343        self.security_validator
344            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Signature)?;
345
346        // Validate secret key
347        self.security_validator
348            .validate_secret_key(algorithm, secret_key.as_bytes())?;
349
350        // Validate message
351        self.security_validator
352            .validate_signature_message(message)?;
353
354        // Validate randomness if provided
355        if let Some(rng) = randomness {
356            self.security_validator.validate_randomness(rng)?;
357        }
358
359        // Return proper error indicating WASM implementation needed
360        Err(crate::error::Error::NotImplemented {
361            feature: format!(
362                "WASM Signature operations for {} - implementations are provided by the main lib-q crate",
363                algorithm
364            ),
365        })
366    }
367
368    fn verify(
369        &self,
370        algorithm: crate::api::Algorithm,
371        public_key: &SigPublicKey,
372        message: &[u8],
373        signature: &[u8],
374    ) -> Result<bool> {
375        // Validate algorithm category
376        self.security_validator
377            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Signature)?;
378
379        // Validate public key
380        self.security_validator
381            .validate_public_key(algorithm, public_key.as_bytes())?;
382
383        // Validate message
384        self.security_validator
385            .validate_signature_message(message)?;
386
387        // Validate signature
388        self.security_validator
389            .validate_signature(algorithm, signature)?;
390
391        // Return proper error indicating WASM implementation needed
392        Err(crate::error::Error::NotImplemented {
393            feature: format!(
394                "WASM Signature operations for {} - implementations are provided by the main lib-q crate",
395                algorithm
396            ),
397        })
398    }
399}
400
401#[cfg(not(feature = "std"))]
402#[derive(Clone)]
403pub struct WasmHashProvider {
404    security_validator: SecurityValidator,
405}
406
407#[cfg(not(feature = "std"))]
408impl WasmHashProvider {
409    pub fn new() -> Result<Self> {
410        Ok(Self {
411            security_validator: SecurityValidator::new()?,
412        })
413    }
414}
415
416#[cfg(not(feature = "std"))]
417impl HashOperations for WasmHashProvider {
418    fn hash(&self, algorithm: crate::api::Algorithm, data: &[u8]) -> Result<alloc::vec::Vec<u8>> {
419        // Validate algorithm category
420        self.security_validator
421            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Hash)?;
422
423        // Validate data
424        self.security_validator.validate_hash_input(data)?;
425
426        // Return proper error indicating WASM implementation needed
427        Err(crate::error::Error::NotImplemented {
428            feature: format!(
429                "WASM Hash operations for {} - implementations are provided by the main lib-q crate",
430                algorithm
431            ),
432        })
433    }
434}
435
436#[cfg(not(feature = "std"))]
437#[derive(Clone)]
438pub struct WasmAeadProvider {
439    security_validator: SecurityValidator,
440}
441
442#[cfg(not(feature = "std"))]
443impl WasmAeadProvider {
444    pub fn new() -> Result<Self> {
445        Ok(Self {
446            security_validator: SecurityValidator::new()?,
447        })
448    }
449}
450
451#[cfg(not(feature = "std"))]
452impl AeadOperations for WasmAeadProvider {
453    fn encrypt(
454        &self,
455        algorithm: crate::api::Algorithm,
456        key: &AeadKey,
457        nonce: &Nonce,
458        plaintext: &[u8],
459        associated_data: Option<&[u8]>,
460    ) -> Result<alloc::vec::Vec<u8>> {
461        // Validate algorithm category
462        self.security_validator
463            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Aead)?;
464
465        // Validate key
466        self.security_validator
467            .validate_key_material(key.as_bytes())?;
468
469        // Validate nonce
470        self.security_validator.validate_nonce(nonce.as_bytes())?;
471
472        // Validate plaintext
473        self.security_validator.validate_aead_message(plaintext)?;
474
475        // Validate associated data if present
476        if let Some(ad) = associated_data {
477            self.security_validator.validate_aead_message(ad)?;
478        }
479
480        // Return proper error indicating WASM implementation needed
481        Err(crate::error::Error::NotImplemented {
482            feature: format!(
483                "WASM AEAD operations for {} - implementations are provided by the main lib-q crate",
484                algorithm
485            ),
486        })
487    }
488
489    fn decrypt(
490        &self,
491        algorithm: crate::api::Algorithm,
492        key: &AeadKey,
493        nonce: &Nonce,
494        ciphertext: &[u8],
495        associated_data: Option<&[u8]>,
496    ) -> Result<alloc::vec::Vec<u8>> {
497        // Validate algorithm category
498        self.security_validator
499            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Aead)?;
500
501        // Validate key
502        self.security_validator
503            .validate_key_material(key.as_bytes())?;
504
505        // Validate nonce
506        self.security_validator.validate_nonce(nonce.as_bytes())?;
507
508        // Validate ciphertext
509        self.security_validator
510            .validate_ciphertext(algorithm, ciphertext)?;
511
512        // Validate associated data if present
513        if let Some(ad) = associated_data {
514            self.security_validator.validate_aead_message(ad)?;
515        }
516
517        // Return proper error indicating WASM implementation needed
518        Err(crate::error::Error::NotImplemented {
519            feature: format!(
520                "WASM AEAD operations for {} - implementations are provided by the main lib-q crate",
521                algorithm
522            ),
523        })
524    }
525}
526
527#[cfg(test)]
528mod tests {
529    #![allow(clippy::panic)]
530
531    use super::*;
532
533    #[test]
534    fn test_libq_provider_creation() {
535        let provider = LibQCryptoProvider::new();
536        assert!(
537            provider.is_ok(),
538            "LibQCryptoProvider should be created successfully"
539        );
540    }
541
542    #[test]
543    fn test_libq_provider_default() {
544        let provider = match LibQCryptoProvider::new() {
545            Ok(p) => p,
546            Err(e) => panic!("LibQCryptoProvider::new() failed: {e}"),
547        };
548        assert!(provider.kem().is_some(), "KEM provider should be available");
549        assert!(
550            provider.signature().is_some(),
551            "Signature provider should be available"
552        );
553        assert!(
554            provider.hash().is_some(),
555            "Hash provider should be available"
556        );
557        assert!(
558            provider.aead().is_some(),
559            "AEAD provider should be available"
560        );
561    }
562
563    #[test]
564    fn test_libq_provider_operations() {
565        let provider = match LibQCryptoProvider::new() {
566            Ok(p) => p,
567            Err(e) => panic!("LibQCryptoProvider::new() failed: {e}"),
568        };
569
570        // Test that all operation providers are accessible
571        assert!(provider.kem().is_some());
572        assert!(provider.signature().is_some());
573        assert!(provider.hash().is_some());
574        assert!(provider.aead().is_some());
575    }
576}