Skip to main content

Module crypt

git_simple_encrypt

Module crypt 

Source
Expand description

The core of this program. Encrypt/decrypt, compress/decompress files.

GITSE Binary Header Layout (64 Bytes) 00 04 05 06 07 17 27 3F +———–+—+—+—+———–+—————––+—————+ | MAGIC | V | F | A | SALT | FILE_ID | RESERVED | | “GITSE” | | | | (16 bytes)| (16 bytes) | (24 bytes) | +———–+—+—+—+———–+—————––+—————+ 5 bytes 1 1 1 16 bytes 16 bytes 24 bytes | | | Version —+ | +— Encryption Algo (1 = XChaCha20-Poly1305 Stream) | Flags ––––+ (Bit 0: Compression)

Streaming Format: Files are processed in 64KB chunks. Each chunk is individually encrypted using XChaCha20-Poly1305.

§Nonce Derivation (Content-Based with File ID)

Per-chunk nonces are derived from the file’s random File_ID and the chunk’s own plaintext content using keyed Blake3:

  1. A random 16-byte File_ID is generated once per file and stored in the header. This ensures that even if two different files have identical plaintext at chunk 0, they produce different nonces and ciphertexts.
  2. The Argon2-derived master key is split via blake3::derive_key into Key_ENC (for XChaCha20-Poly1305 encryption) and Key_MAC (for nonce generation).
  3. For each chunk i: Nonce_i = Blake3_keyed(Key_MAC, File_ID || M_i || chunk_idx_le)[0..24]
  4. The 24-byte nonce is stored in plaintext at the head of each encrypted chunk.

Different plaintext always produces a different nonce (within the same file). The File_ID ensures cross-file uniqueness. The chunk index prevents reordering attacks on identical 64 KB blocks.

§Authenticated Additional Data (AAD)

Each chunk’s AAD binds the ciphertext to the full file header so that any tampering with header fields (version, compression flag, salt, file_id, reserved) is detected via Poly1305 authentication failure:

AAD = HEADER (64B) || chunk_idx (8B LE) || is_last_chunk (1B)   // 73 bytes

Each encrypted chunk layout: [NONCE (24B)] [CIPHERTEXT] [TAG (16B)]

Structs§

FileHeader
Fixed-size file header stored at the beginning of every encrypted file.

Constants§

FILE_ID_LEN
HEADER_LEN
MAGIC
NONCE_LEN
SALT_LEN
VERSION
Current encryption format version.

Functions§

decrypt_file
Decrypt a single file using streaming chunked decryption.
decrypt_file_with_cache
Decrypt a single file using streaming chunked decryption, with a thread-safe cache for derived keys and an optional cache sender for deterministic re-encryption.
decrypt_repo
Decrypt given files in the repo. If no paths are given, decrypt all files in the repo’s crypt list.
encrypt_file
Encrypt a single file using streaming chunked encryption.
encrypt_repo
Encrypt given files in the repo. If no paths are given, encrypt all files in the repo’s crypt list.
is_encrypted_version
Returns true if the given version byte is supported for decryption.