Expand description
Cryptographic primitives for void.
Low-level crypto primitives (AEAD, envelope, KDF, KeyVault) are defined in
the void-crypto crate. This module re-exports them and adds void-core-specific
extensions:
CommitReaderwithdecrypt_metadata(),decrypt_shard(), etc.collect_ancestor_content_keys_vault()(needs ObjectStore + Commit types)
Re-exports§
pub use reader::collect_ancestor_content_keys_vault;pub use reader::decrypt_shard_data;pub use reader::CommitPlaintext;pub use reader::CommitReader;pub use reader::DecryptedShard;
Modules§
- reader
- CommitReader: encapsulates the commit->metadata->shard key derivation chain.
Structs§
- Commit
Cid - CID pointing to an envelope-encrypted commit blob (
AAD_COMMIT). - Content
Key - A 32-byte content key derived from a commit’s envelope nonce.
- Encrypted
Commit - Encrypted commit blob (
AAD_COMMIT). - Encrypted
Index - Encrypted workspace index blob (
AAD_INDEX). - Encrypted
Manifest - Encrypted tree manifest blob (
AAD_MANIFEST). - Encrypted
Metadata - Encrypted metadata bundle blob (
AAD_METADATA). - Encrypted
Repo Manifest - Encrypted repo manifest blob (
AAD_REPO_MANIFEST). - Encrypted
Shard - Encrypted content shard blob (
AAD_SHARD). - Encrypted
Staged - Encrypted staged file content blob (
AAD_STAGED). - Encrypted
Stash - Encrypted stash stack metadata blob (
AAD_STASH). - KeyRing
- Key ring holding all derived keys - zeroed on drop.
- KeyVault
- Holds repository key material and provides all key-dependent operations.
- Manifest
Cid - CID pointing to an AEAD-encrypted tree manifest (
AAD_MANIFEST). - Metadata
Cid - CID pointing to an AEAD-encrypted metadata bundle (
AAD_METADATA). - Nonce
- A fixed-size cryptographic nonce.
- Repo
Manifest Cid - CID pointing to an AEAD-encrypted repo manifest (
AAD_REPO_MANIFEST). - Repo
Secret - A 32-byte random secret used for shard path hashing (NOT an encryption key).
- Secret
Key - A 32-byte derived key that is zeroed on drop.
- Shard
Cid - CID pointing to an encrypted shard blob (
AAD_SHARD).
Enums§
- Crypto
Error - Errors that can occur in void-crypto.
- KeyPurpose
- Key purposes for derivation.
Constants§
- AAD_
COMMIT - AAD for commit objects.
- AAD_
INDEX - AAD for index objects.
- AAD_
MANIFEST - AAD for tree manifest objects.
- AAD_
METADATA - AAD for metadata bundle objects.
- AAD_
REPO_ MANIFEST - AAD for repo manifest (collaboration manifest JSON).
- AAD_
SHARD - AAD for shard objects.
- AAD_
SHARD_ KEY - AAD for shard key wrapping (content_key wraps shard_key).
- AAD_
STAGED - AAD for staged content blobs.
- AAD_
STASH - AAD for stash objects.
- MAGIC_
V1 - Magic bytes identifying envelope format version 1.
Traits§
- Encrypted
Blob - Common interface for typed encrypted blob newtypes.
Functions§
- decrypt
- Decrypts ciphertext using AES-256-GCM with Additional Authenticated Data (AAD).
- decrypt_
and_ parse - Decrypt and parse a CBOR-encoded type.
- decrypt_
envelope - Decrypts a blob with envelope format (VD01 header required).
- decrypt_
to_ vec - Decrypts ciphertext into a byte buffer.
- derive_
key - Derives a 32-byte key from the root key using HKDF-SHA256.
- derive_
key_ for_ purpose - Derive a purpose-specific key from the root key.
- derive_
scoped_ key - Derive a scoped read key from a root key.
- encrypt
- Encrypts plaintext using AES-256-GCM with Additional Authenticated Data (AAD).
- encrypt_
with_ envelope - Encrypts plaintext using a derived key and wraps it in an envelope.
- generate_
key - Generates a cryptographically secure random 32-byte key.
- generate_
key_ nonce - Generates a cryptographically secure random key nonce.
- unwrap_
shard_ key - Unwrap a shard key that was wrapped under a content key.
- wrap_
shard_ key - Wrap a shard key under a content key using AES-256-GCM.
Type Aliases§
- Crypto
Result - Result type for void-crypto operations.
- KeyNonce
- 16-byte nonce for VD01 envelope key derivation.