metamorphic_crypto/lib.rs
1//! # metamorphic-crypto
2//!
3//! Zero-knowledge end-to-end encryption core for the Metamorphic platform.
4//!
5//! This library implements the cryptographic operations required by all Metamorphic
6//! clients (web/WASM, iOS/UniFFI, Android/UniFFI). It produces byte-compatible
7//! ciphertext with the existing JavaScript implementation so that data encrypted
8//! by one client can be decrypted by any other.
9//!
10//! ## Security guarantees
11//!
12//! - All secret key material is [`Zeroize`]-on-drop
13//! - No `unsafe` code
14//! - Constant-time comparisons via the underlying RustCrypto crates
15//! - Randomness sourced directly from the OS CSPRNG ([`getrandom`])
16//!
17//! ## Ciphertext formats
18//!
19//! | Format | Layout |
20//! |--------|--------|
21//! | Secretbox | `nonce (24B) \|\| ciphertext (len + 16B MAC)` |
22//! | box_seal | `ephemeral_pk (32B) \|\| box ciphertext` |
23//! | Hybrid v2 (Cat-3) | `0x02 \|\| ML-KEM-768 ct (1088B) \|\| X25519 eph pk (32B) \|\| nonce (24B) \|\| secretbox ct` |
24//! | Hybrid v3 (Cat-5) | `0x03 \|\| ML-KEM-1024 ct (1568B) \|\| X25519 eph pk (32B) \|\| nonce (24B) \|\| secretbox ct` |
25//!
26//! ## Signature format
27//!
28//! Composite ML-DSA + Ed25519 signatures (see [`sign`]); strict-AND verification.
29//!
30//! | Component | Layout |
31//! |------------|--------|
32//! | signature | `tag \|\| ed25519_sig (64B) \|\| ml_dsa_sig` |
33//! | public_key | `tag \|\| ed25519_pk (32B) \|\| ml_dsa_pk` |
34//! | secret_key | `tag \|\| ed25519_seed (32B) \|\| ml_dsa_seed (32B)` |
35
36#![forbid(unsafe_code)]
37#![deny(missing_docs)]
38
39pub mod b64;
40pub mod box_seal;
41pub mod error;
42pub mod hash;
43pub mod hybrid;
44pub mod kdf;
45pub mod keys;
46pub mod recovery;
47pub mod seal;
48pub mod secretbox;
49pub mod sign;
50
51#[cfg(target_arch = "wasm32")]
52pub mod wasm;
53
54pub use error::CryptoError;
55
56// Re-export the primary public API
57pub use b64::parse_salt_from_key_hash;
58pub use box_seal::{box_seal, box_seal_open};
59pub use hash::{sha3_256, sha3_512, sha3_512_with_context, sha256, sha512};
60pub use hybrid::{
61 HybridKeyPair, SecurityLevel, generate_hybrid_keypair, generate_hybrid_keypair_1024,
62 generate_hybrid_keypair_with_level, hybrid_open, hybrid_seal, hybrid_seal_1024,
63 hybrid_seal_with_level, is_hybrid_ciphertext,
64};
65pub use kdf::derive_session_key;
66pub use keys::{
67 KeyPair, decrypt_private_key, encrypt_private_key, generate_key, generate_keypair,
68 generate_salt,
69};
70pub use recovery::{
71 RecoveryKey, decrypt_private_key_with_recovery, encrypt_private_key_for_recovery,
72 generate_recovery_key, recovery_key_to_secret,
73};
74pub use seal::{seal_for_user, seal_for_user_with_level, unseal_from_user};
75pub use secretbox::{
76 decrypt_secretbox, decrypt_secretbox_to_string, encrypt_secretbox, encrypt_secretbox_string,
77};
78pub use sign::{
79 HybridSignatureKeyPair, SIGN_CONTEXT_V1, SignatureLevel, derive_public_key,
80 generate_signing_keypair, generate_signing_keypair_44, generate_signing_keypair_87,
81 generate_signing_keypair_with_level, sign, verify,
82};