sentinel_crypto/
crypto_config.rs

1use std::sync::OnceLock;
2
3use tracing::{debug, trace};
4
5use crate::error::CryptoError;
6
7// Algorithm configuration enums
8/// Hash algorithm options for global configuration
9#[derive(Clone, Debug, Default, Eq, PartialEq)]
10pub enum HashAlgorithmChoice {
11    /// Blake3 is chosen for its speed and security
12    #[default]
13    Blake3,
14}
15
16/// Signature algorithm options for global configuration
17#[derive(Clone, Debug, Default, Eq, PartialEq)]
18pub enum SignatureAlgorithmChoice {
19    /// Ed25519 is chosen for its security and performance
20    #[default]
21    Ed25519,
22}
23
24/// Encryption algorithm options for global configuration
25#[derive(Clone, Debug, Default, Eq, PartialEq)]
26pub enum EncryptionAlgorithmChoice {
27    /// XChaCha20Poly1305 is chosen for its security and nonce misuse resistance, strongest option
28    #[default]
29    XChaCha20Poly1305,
30    /// Aes256GcmSiv provides strong security with nonce misuse resistance
31    Aes256GcmSiv,
32    /// Ascon128 is a lightweight authenticated encryption algorithm with good security properties,
33    /// suggested for constrained environments
34    Ascon128,
35}
36
37/// Key derivation algorithm options for global configuration
38#[derive(Clone, Debug, Default, Eq, PartialEq)]
39pub enum KeyDerivationAlgorithmChoice {
40    /// Argon2id is chosen for its strong security properties against various attacks
41    #[default]
42    Argon2id,
43    /// PBKDF2 is a widely supported key derivation function suitable for constrained environments
44    Pbkdf2,
45}
46
47/// Global cryptographic configuration.
48/// This allows runtime selection of algorithms for all default operations.
49/// Defaults to the most secure algorithms available.
50#[derive(Clone, Debug, Eq, PartialEq)]
51pub struct CryptoConfig {
52    pub hash_algorithm:           HashAlgorithmChoice,
53    pub signature_algorithm:      SignatureAlgorithmChoice,
54    pub encryption_algorithm:     EncryptionAlgorithmChoice,
55    pub key_derivation_algorithm: KeyDerivationAlgorithmChoice,
56}
57
58impl Default for CryptoConfig {
59    fn default() -> Self {
60        Self {
61            hash_algorithm:           HashAlgorithmChoice::Blake3,
62            signature_algorithm:      SignatureAlgorithmChoice::Ed25519,
63            encryption_algorithm:     EncryptionAlgorithmChoice::XChaCha20Poly1305,
64            key_derivation_algorithm: KeyDerivationAlgorithmChoice::Argon2id,
65        }
66    }
67}
68
69// Global configuration storage
70static GLOBAL_CONFIG: OnceLock<CryptoConfig> = OnceLock::new();
71
72/// Sets the global cryptographic configuration.
73/// This affects all default cryptographic operations.
74/// Must be called before any cryptographic operations for the configuration to take effect.
75/// Returns an error if the config has already been set.
76pub fn set_global_crypto_config(config: CryptoConfig) -> Result<(), CryptoError> {
77    trace!("Setting global crypto config: {:?}", config);
78    GLOBAL_CONFIG.set(config).map_err(|_| {
79        debug!("Global crypto config already set, cannot change");
80        CryptoError::ConfigAlreadySet
81    })?;
82    debug!("Global crypto config set successfully");
83    Ok(())
84}
85
86/// Gets the current global cryptographic configuration.
87/// Returns the default configuration if none has been set.
88pub fn get_global_crypto_config() -> &'static CryptoConfig {
89    trace!("Retrieving global crypto config");
90    let config = GLOBAL_CONFIG.get_or_init(CryptoConfig::default);
91    debug!("Global crypto config retrieved: {:?}", config);
92    config
93}