⚠️ VeridianOS Kernel Documentation - This is low-level kernel code. All functions are unsafe unless explicitly marked otherwise. no_std

veridian_kernel/crypto/
mod.rs

1//! Cryptographic Infrastructure
2//!
3//! Provides cryptographic primitives and services for secure operations.
4
5#![allow(dead_code)]
6
7pub mod asymmetric;
8pub mod cipher_suite;
9pub mod constant_time;
10pub mod hash;
11pub mod keystore;
12pub mod post_quantum;
13pub mod pq_params;
14pub mod random;
15pub mod symmetric;
16
17use crate::error::KernelError;
18
19/// Initialize cryptographic subsystem
20pub(crate) fn init() -> Result<(), KernelError> {
21    crate::println!("[CRYPTO] Initializing cryptographic subsystem...");
22
23    // Initialize secure random number generator
24    random::init().map_err(|_| KernelError::InvalidState {
25        expected: "initialized",
26        actual: "failed_to_init_random",
27    })?;
28
29    // Initialize key store
30    keystore::init().map_err(|_| KernelError::InvalidState {
31        expected: "initialized",
32        actual: "failed_to_init_keystore",
33    })?;
34
35    crate::println!("[CRYPTO] Cryptographic subsystem initialized");
36    Ok(())
37}
38
39/// Crypto operation result
40pub(crate) type CryptoResult<T> = Result<T, CryptoError>;
41
42/// Cryptographic errors
43#[derive(Debug, Clone, Copy, PartialEq, Eq)]
44pub(crate) enum CryptoError {
45    InvalidKeySize,
46    InvalidNonceSize,
47    InvalidTagSize,
48    EncryptionFailed,
49    DecryptionFailed,
50    SignatureFailed,
51    VerificationFailed,
52    KeyGenerationFailed,
53    InvalidKey,
54    InsufficientEntropy,
55}
56
57/// Validate crypto primitives against known test vectors (NIST FIPS 180-4).
58///
59/// Returns true if all test vectors pass, false otherwise.
60pub(crate) fn validate() -> bool {
61    // NIST FIPS 180-4 SHA-256 test vector: SHA-256("abc")
62    // Expected: ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61
63    // f20015ad
64    let expected: [u8; 32] = [
65        0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22,
66        0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00,
67        0x15, 0xad,
68    ];
69
70    let result = hash::sha256(b"abc");
71    result.as_bytes() == &expected
72}
73
74impl core::fmt::Display for CryptoError {
75    fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result {
76        match self {
77            CryptoError::InvalidKeySize => write!(f, "Invalid key size"),
78            CryptoError::InvalidNonceSize => write!(f, "Invalid nonce size"),
79            CryptoError::InvalidTagSize => write!(f, "Invalid authentication tag size"),
80            CryptoError::EncryptionFailed => write!(f, "Encryption failed"),
81            CryptoError::DecryptionFailed => write!(f, "Decryption failed"),
82            CryptoError::SignatureFailed => write!(f, "Signature generation failed"),
83            CryptoError::VerificationFailed => write!(f, "Signature verification failed"),
84            CryptoError::KeyGenerationFailed => write!(f, "Key generation failed"),
85            CryptoError::InvalidKey => write!(f, "Invalid cryptographic key"),
86            CryptoError::InsufficientEntropy => write!(f, "Insufficient entropy"),
87        }
88    }
89}