Skip to main content

Module crypto

Module crypto 

Source

Re-exports§

pub use guarded_key::GuardedKey;
pub use crate::simd::image::nearest_neighbor_downsample_rgba;

Modules§

guarded_key
Memory-hardened key storage: 128 indistinguishable arrays with decoy writes.

Structs§

EncryptionParams
Parameters for AES-256-GCM file encryption (hex-encoded key + nonce).
GuardedSigner
A NostrSigner backed by the MY_SECRET_KEY vault.

Functions§

attachment_identity_basis
Identity basis for a RECEIVED attachment: the sender’s ox (plaintext hash) when provided — it’s what enables honest cross-message dedup — else a digest of nonce+url. Never the raw nonce: senders can and do reuse nonces, which cross-bound DIFFERENT files to one identity (the “new image renders as an old one” class). The upload URL is unique per ciphertext, so the digest is collision-resistant even against nonce reuse. Nothing honest ever writes a file under the digest name, so existence of one is never proof of download — reuse decisions stay with the content-verified download path.
bounded_image_limits
Shared decode limits for decode_image_bounded and call sites that need their own ImageReader (fixed-format decodes).
decode_image_bounded
Decode an image with allocation limits. A tiny file declaring 60000×60000 would otherwise allocate ~14 GB before a single pixel decodes — every decode of bytes we didn’t author must go through this.
decrypt_and_save_attachment
Decrypt a DM file attachment and save to the download directory.
decrypt_blob_with_key
ChaCha20-Poly1305 decrypt nonce(12) || ct || tag(16) with an explicit key.
decrypt_data
Decrypt data with AES-256-GCM using a 16-byte nonce (0xChat-compatible). Input format: ciphertext || 16-byte auth tag.
decrypt_with_key
Decrypt a hex-encoded ciphertext with a key.
encrypt_blob_with_key
ChaCha20-Poly1305 encrypt raw bytes with an explicit key → nonce(12) || ct || tag(16).
encrypt_data
Encrypt data with AES-256-GCM using a 16-byte nonce (0xChat-compatible).
encrypt_with_key
Encrypt a string with the global ENCRYPTION_KEY (ChaCha20-Poly1305).
extension_from_mime
Convert a MIME type to a file extension. Falls back to using the MIME subtype when unknown.
format_bytes
Format bytes into human-readable format (KB, MB, GB).
generate_encryption_params
Generate random AES-256-GCM encryption parameters.
generate_image_metadata
Generate image metadata (thumbhash + dimensions) from raw file bytes.
generate_thumbhash_from_rgba
Generate a thumbhash from RGBA8 pixel data.
hash_pass
Derive a 32-byte key from a password using Argon2id. Parameters: 150MB memory, 10 iterations (matches src-tauri).
is_encryption_enabled
Check if encryption is enabled in the database.
is_image_mime
Returns true if the provided MIME type is an image/*.
looks_encrypted
Check if a string looks like encrypted content (hex-encoded ChaCha20 output). Minimum (empty message): 12 + 0 + 16 = 28 bytes = 56 hex chars.
maybe_decrypt
Conditionally decrypt content. Handles crash recovery — if decryption fails on non-encrypted-looking content, returns it as-is.
maybe_decrypt_blob
Decrypt a secret key BLOB. Tolerant of the half-migrated DB: a 32-byte value is a raw (not-yet-wrapped / encryption-off) key, and anything that fails to authenticate is returned as-is, so a mixed store always reads back correctly.
maybe_decrypt_inner
Decrypt a hex-encoded ChaCha20-Poly1305 ciphertext using ENCRYPTION_KEY vault. If password is Some, derives a key from it instead.
maybe_decrypt_text
Decrypt a text field. A value that doesn’t look encrypted (or can’t be decrypted) is returned as-is — pre-migration rows and encryption-off rows.
maybe_encrypt
Conditionally encrypt content based on encryption_enabled setting.
maybe_encrypt_blob
Encrypt a secret key BLOB for at-rest storage. Off → unchanged. Enabled but the vault is empty → Err (never silently persists a secret in plaintext).
maybe_encrypt_inner
Encrypt a string using ENCRYPTION_KEY vault (ChaCha20-Poly1305). If password is Some, derives a key from it instead.
maybe_encrypt_text
Encrypt a text field for at-rest storage. Off → unchanged. Enabled but the vault is empty → Err.
mime_from_extension
Get MIME type from file extension.
mime_from_extension_safe
Convert a file extension to a MIME type, with an optional restriction to image/* types.
mime_from_magic_bytes
Detect MIME type from file magic bytes. Supports PNG, JPEG, GIF, WebP, TIFF, ICO, and SVG. Returns “application/octet-stream” for unrecognized formats.
resolve_unique_filename
Resolve a unique filename in dir, appending -1, -2, etc. on collision.
sanitize_filename
Sanitize a filename for safe filesystem use. Strips path traversal, dangerous characters, and truncates to 64-char stem.
sha256_hex
Calculate SHA-256 hash of data, returned as hex string.