//! Core cryptographic primitives, MLS group state machine, and hybrid //! post-quantum KEM for quicprochat. //! //! # WASM support //! //! When compiled with `--no-default-features` (disabling the `native` feature), //! the following modules are available for `wasm32-unknown-unknown`: //! //! - `identity` — Ed25519 identity keypair (generate, sign, verify) //! - `hybrid_kem` — X25519 + ML-KEM-768 hybrid key encapsulation //! - `safety_numbers` — Signal-style safety number computation //! - `sealed_sender` — sender identity + Ed25519 signature envelope //! - `app_message` — rich application message serialisation/parsing //! - `padding` — message padding to hide plaintext lengths //! - `transcript` — encrypted tamper-evident message transcript //! - `error` — `CoreError` type //! //! The following modules require the `native` feature (MLS, OPAQUE, Cap'n Proto): //! //! - `group` — MLS group state machine (openmls) //! - `keypackage` — MLS KeyPackage generation //! - `hybrid_crypto` — hybrid HPKE provider for OpenMLS //! - `keystore` — OpenMLS key store with optional disk persistence //! - `opaque_auth` — OPAQUE cipher suite configuration //! //! # Module layout //! //! | Module | Responsibility | //! |---------------|------------------------------------------------------------------| //! | `app_message` | Rich application payload (Chat, Reply, Reaction, ReadReceipt, Typing) | //! | `error` | [`CoreError`] type | //! | `identity` | [`IdentityKeypair`] — Ed25519 identity key for MLS credentials | //! | `keypackage` | [`generate_key_package`] — standalone KeyPackage generation | //! | `group` | [`GroupMember`] — MLS group lifecycle (create/join/send/recv) | //! | `hybrid_kem` | Hybrid X25519 + ML-KEM-768 key encapsulation | //! | `keystore` | [`DiskKeyStore`] — OpenMLS key store with optional persistence | mod app_message; mod error; mod hybrid_kem; mod identity; pub mod padding; pub mod pq_noise; #[cfg(feature = "native")] pub mod recovery; pub mod safety_numbers; pub mod sealed_sender; pub mod transcript; // ── Native-only modules (MLS, OPAQUE, filesystem) ─────────────────────────── #[cfg(feature = "native")] mod group; #[cfg(feature = "native")] mod hybrid_crypto; #[cfg(feature = "native")] mod keypackage; #[cfg(feature = "native")] mod keystore; #[cfg(feature = "native")] pub mod opaque_auth; // ── Public API (always available) ─────────────────────────────────────────── pub use app_message::{ serialize, serialize_chat, serialize_delete, serialize_dummy, serialize_edit, serialize_file_ref, serialize_reaction, serialize_read_receipt, serialize_reply, serialize_typing, parse, generate_message_id, AppMessage, MessageType, VERSION as APP_MESSAGE_VERSION, }; pub use error::CoreError; pub use hybrid_kem::{ hybrid_decrypt, hybrid_encrypt, HybridKemError, HybridKeypair, HybridKeypairBytes, HybridPublicKey, }; pub use identity::{verify_delivery_proof, IdentityKeypair}; #[cfg(feature = "native")] pub use recovery::{ constant_time_eq, generate_recovery_codes, recover_from_bundle, recovery_token_hash, RecoveryBundle, RecoveryPayload, RecoverySetup, MAX_BUNDLE_SIZE, RECOVERY_CODE_COUNT, }; pub use safety_numbers::compute_safety_number; pub use transcript::{ read_transcript, validate_transcript_structure, ChainVerdict, DecodedRecord, TranscriptRecord, TranscriptWriter, }; // Deprecated re-export for backward compatibility. #[allow(deprecated)] pub use transcript::verify_transcript_chain; // ── Public API (native only) ──────────────────────────────────────────────── #[cfg(feature = "native")] pub use group::{GroupMember, ReceivedMessage, ReceivedMessageWithSender}; #[cfg(feature = "native")] pub use hybrid_crypto::{HybridCrypto, HybridCryptoProvider}; #[cfg(feature = "native")] pub use keypackage::{generate_key_package, validate_keypackage_ciphersuite}; #[cfg(feature = "native")] pub use keystore::DiskKeyStore;