void_crypto/

lib.rs

//! void-crypto: Cryptographic primitives and key management for void.
//!
//! This crate is the **sole custodian** of repository encryption key material.
//! It provides:
//!
//! - AES-256-GCM authenticated encryption with AAD
//! - HKDF-SHA256 key derivation with purpose separation
//! - Per-commit envelope encryption (VD01 format)
//! - `KeyVault`: an opaque vault that holds the root key and provides operations
//! - `CommitReader`: a per-commit handle for decrypting metadata and shards
//! - Scoped access tokens for limited read access
//!
//! # Security Architecture
//!
//! The root key never leaves this crate. External crates interact with key material
//! only through:
//! - `KeyVault` methods (open_commit, seal_commit, derived key accessors)
//! - `CommitReader` methods (decrypt_metadata, decrypt_shard)
//! - `SecretKey` references (derived keys for index/stash/staged)
//!
//! Raw `[u8; 32]` key parameters are `pub(crate)` only — the crate boundary
//! is the enforcement mechanism.

#![warn(clippy::all)]
// void-crypto IS the crypto implementation layer — raw key access is
// expected internally.  The disallowed_methods lint protects *consumers*
// (void-core, void-cli) from bypassing the vault, not us.
#![allow(clippy::disallowed_methods)]

mod aead;
mod blob_types;
mod cid_types;
pub mod ecies;
mod envelope;
pub mod identity;
mod kdf;
mod keys;
pub mod pin;
pub mod reader;
mod scoped_keyring;
pub mod seed;
pub mod vault;

// Re-export error types
pub use error::{CryptoError, CryptoResult};
mod error;

// Re-export AEAD primitives (needed by void-core for low-level operations)
pub use aead::{
    decrypt, decrypt_and_parse, decrypt_to_vec, encrypt, unwrap_shard_key, wrap_shard_key,
    AAD_COMMIT, AAD_INDEX, AAD_MANIFEST, AAD_METADATA, AAD_REPO_MANIFEST, AAD_SHARD,
    AAD_SHARD_KEY, AAD_STAGED, AAD_STASH,
};

// Re-export envelope primitives
pub use envelope::{decrypt_envelope, encrypt_with_envelope, generate_key_nonce, MAGIC_V1};

// Re-export KDF types and functions
pub use kdf::{
    derive_key, derive_key_for_purpose, derive_scoped_key, generate_key, AeadNonce, ContentKey,
    IdentitySeed, KeyNonce, KeyPurpose, KeyRing, Nonce, NostrSecretKey, RecipientSecretKey,
    RepoSecret, SecretKey, ShareKey, SigningSecretKey,
};

// Re-export reader types
pub use reader::{
    decrypt_object, decrypt_object_parse, decrypt_object_raw, decrypt_shard_data, CommitReader,
};

// Re-export encrypted blob newtypes
pub use blob_types::{
    EncryptedBlob, EncryptedCommit, EncryptedIndex, EncryptedManifest, EncryptedMetadata,
    EncryptedRepoManifest, EncryptedShard, EncryptedStaged, EncryptedStash,
};

// Re-export CID newtypes
pub use cid_types::{CommitCid, ManifestCid, MetadataCid, RepoManifestCid, ShardCid};

// Re-export public key types and manifest key newtypes
pub use keys::{
    CommitSignature, ContributorId, NostrPubKey, ParseError, RecipientPubKey, RepoKey,
    SigningPubKey, WrappedKey,
};

// Re-export identity types
pub use identity::{
    derive_repo_owner_signing_key, ecies_unwrap_key, ecies_wrap_key, Identity, IdentityError,
    ParsedIdentity,
};

// Re-export ECIES types
pub use ecies::EciesError;

// Re-export seed types
pub use seed::{
    derive_nostr_key, derive_recipient_key, derive_repo_owner_key, derive_signing_key,
    generate_mnemonic, mnemonic_to_seed, SeedError,
};

// Re-export PIN types
pub use pin::{decrypt_identity_keys, encrypt_identity_keys, PinError};

// Re-export scoped keyring
pub use scoped_keyring::{ScopedAccessToken, ScopedKeyRing};

// Re-export vault
pub use vault::KeyVault;