Skip to main content

metamorphic_crypto/
lib.rs

1//! # metamorphic-crypto
2//!
3//! Zero-knowledge end-to-end encryption core for the Metamorphic platform.
4//!
5//! This library implements the cryptographic operations required by all Metamorphic
6//! clients (web/WASM, iOS/UniFFI, Android/UniFFI). It produces byte-compatible
7//! ciphertext with the existing JavaScript implementation so that data encrypted
8//! by one client can be decrypted by any other.
9//!
10//! ## Security guarantees
11//!
12//! - All secret key material is [`Zeroize`]-on-drop
13//! - No `unsafe` code
14//! - Constant-time comparisons via the underlying RustCrypto crates
15//! - Randomness sourced directly from the OS CSPRNG ([`getrandom`])
16//!
17//! ## Ciphertext formats
18//!
19//! | Format | Layout |
20//! |--------|--------|
21//! | Secretbox | `nonce (24B) \|\| ciphertext (len + 16B MAC)` |
22//! | box_seal | `ephemeral_pk (32B) \|\| box ciphertext` |
23//! | Hybrid v1 (Cat-1) | `0x01 \|\| ML-KEM-512 ct (768B) \|\| X25519 eph pk (32B) \|\| nonce (24B) \|\| secretbox ct` |
24//! | Hybrid v2 (Cat-3) | `0x02 \|\| ML-KEM-768 ct (1088B) \|\| X25519 eph pk (32B) \|\| nonce (24B) \|\| secretbox ct` |
25//! | Hybrid v3 (Cat-5) | `0x03 \|\| ML-KEM-1024 ct (1568B) \|\| X25519 eph pk (32B) \|\| nonce (24B) \|\| secretbox ct` |
26//!
27//! ## Signature format
28//!
29//! Composite ML-DSA + Ed25519 signatures (see [`sign`]); strict-AND verification.
30//!
31//! | Component  | Layout |
32//! |------------|--------|
33//! | signature  | `tag \|\| ed25519_sig (64B) \|\| ml_dsa_sig` |
34//! | public_key | `tag \|\| ed25519_pk (32B) \|\| ml_dsa_pk` |
35//! | secret_key | `tag \|\| ed25519_seed (32B) \|\| ml_dsa_seed (32B)` |
36
37#![forbid(unsafe_code)]
38#![deny(missing_docs)]
39
40pub mod b64;
41pub mod box_seal;
42pub mod error;
43pub mod hash;
44pub mod hybrid;
45pub mod kdf;
46pub mod keys;
47pub mod recovery;
48pub mod seal;
49pub mod secretbox;
50pub mod sign;
51
52#[cfg(target_arch = "wasm32")]
53pub mod wasm;
54
55pub use error::CryptoError;
56
57// Re-export the primary public API
58pub use b64::parse_salt_from_key_hash;
59pub use box_seal::{box_seal, box_seal_open};
60pub use hash::{sha3_256, sha3_512, sha3_512_with_context, sha256, sha512};
61pub use hybrid::{
62    HybridKeyPair, SecurityLevel, generate_hybrid_keypair, generate_hybrid_keypair_512,
63    generate_hybrid_keypair_1024, generate_hybrid_keypair_with_level, hybrid_open, hybrid_seal,
64    hybrid_seal_512, hybrid_seal_1024, hybrid_seal_with_level, is_hybrid_ciphertext,
65};
66pub use kdf::derive_session_key;
67pub use keys::{
68    KeyPair, decrypt_private_key, encrypt_private_key, generate_key, generate_keypair,
69    generate_salt,
70};
71pub use recovery::{
72    RecoveryKey, decrypt_private_key_with_recovery, encrypt_private_key_for_recovery,
73    generate_recovery_key, recovery_key_to_secret,
74};
75pub use seal::{seal_for_user, seal_for_user_with_level, unseal_from_user};
76pub use secretbox::{
77    decrypt_secretbox, decrypt_secretbox_to_string, encrypt_secretbox, encrypt_secretbox_string,
78};
79pub use sign::{
80    HybridSignatureKeyPair, SIGN_CONTEXT_V1, SignatureLevel, derive_public_key,
81    generate_signing_keypair, generate_signing_keypair_44, generate_signing_keypair_87,
82    generate_signing_keypair_with_level, sign, verify,
83};