firecloud_crypto/lib.rs
1//! FireCloud Crypto - Encryption and key management
2//!
3//! Implements the key hierarchy:
4//! - Master Key (derived from password via Argon2id)
5//! - Key Encryption Key (KEK) - encrypts per-file DEKs
6//! - Data Encryption Key (DEK) - per-file symmetric key
7
8mod cipher;
9mod error;
10mod kek;
11mod keys;
12
13pub use cipher::{decrypt, encrypt};
14pub use error::{CryptoError, CryptoResult};
15pub use kek::{
16 generate_salt, hash_password, verify_password, Kek, KEK_SIZE, NONCE_SIZE as KEK_NONCE_SIZE,
17 SALT_SIZE,
18};
19pub use keys::{generate_dek, DerivedKeys, EncryptedDek, KeyPair, MasterKey};
20
21/// Nonce size for XChaCha20-Poly1305 (24 bytes)
22pub const NONCE_SIZE: usize = 24;
23
24/// Key size (256 bits)
25pub const KEY_SIZE: usize = 32;
26
27/// Authentication tag size for Poly1305
28pub const TAG_SIZE: usize = 16;