firecloud-crypto 0.1.0

Encryption and key management for FireCloud distributed storage
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

//! FireCloud Crypto - Encryption and key management
//!
//! Implements the key hierarchy:
//! - Master Key (derived from password via Argon2id)
//! - Key Encryption Key (KEK) - encrypts per-file DEKs
//! - Data Encryption Key (DEK) - per-file symmetric key

mod cipher;
mod error;
mod kek;
mod keys;

pub use cipher::{decrypt, encrypt};
pub use error::{CryptoError, CryptoResult};
pub use kek::{
    generate_salt, hash_password, verify_password, Kek, KEK_SIZE, NONCE_SIZE as KEK_NONCE_SIZE,
    SALT_SIZE,
};
pub use keys::{generate_dek, DerivedKeys, EncryptedDek, KeyPair, MasterKey};

/// Nonce size for XChaCha20-Poly1305 (24 bytes)
pub const NONCE_SIZE: usize = 24;

/// Key size (256 bits)
pub const KEY_SIZE: usize = 32;

/// Authentication tag size for Poly1305
pub const TAG_SIZE: usize = 16;