void_crypto/
lib.rs

1//! void-crypto: Cryptographic primitives and key management for void.
2//!
3//! This crate is the **sole custodian** of repository encryption key material.
4//! It provides:
5//!
6//! - AES-256-GCM authenticated encryption with AAD
7//! - HKDF-SHA256 key derivation with purpose separation
8//! - Per-commit envelope encryption (VD01 format)
9//! - `KeyVault`: an opaque vault that holds the root key and provides operations
10//! - `CommitReader`: a per-commit handle for decrypting metadata and shards
11//! - Scoped access tokens for limited read access
12//!
13//! # Security Architecture
14//!
15//! The root key never leaves this crate. External crates interact with key material
16//! only through:
17//! - `KeyVault` methods (open_commit, seal_commit, derived key accessors)
18//! - `CommitReader` methods (decrypt_metadata, decrypt_shard)
19//! - `SecretKey` references (derived keys for index/stash/staged)
20//!
21//! Raw `[u8; 32]` key parameters are `pub(crate)` only — the crate boundary
22//! is the enforcement mechanism.
23
24#![warn(clippy::all)]
25// void-crypto IS the crypto implementation layer — raw key access is
26// expected internally.  The disallowed_methods lint protects *consumers*
27// (void-core, void-cli) from bypassing the vault, not us.
28#![allow(clippy::disallowed_methods)]
29
30mod aead;
31mod blob_types;
32mod cid_types;
33pub mod ecies;
34mod envelope;
35pub mod identity;
36mod kdf;
37mod keys;
38pub mod machine_token;
39pub mod pin;
40pub mod reader;
41mod scoped_keyring;
42pub mod seed;
43pub mod vault;
44
45// Re-export error types
46pub use error::{CryptoError, CryptoResult};
47mod error;
48
49// Re-export AEAD primitives (needed by void-core for low-level operations)
50pub use aead::{
51    decrypt, decrypt_and_parse, decrypt_to_vec, encrypt, unwrap_shard_key, wrap_shard_key,
52    AAD_COMMIT, AAD_INDEX, AAD_MANIFEST, AAD_METADATA, AAD_REPO_MANIFEST, AAD_SHARD,
53    AAD_SHARD_KEY, AAD_STAGED, AAD_STASH,
54};
55
56// Re-export envelope primitives
57pub use envelope::{decrypt_envelope, encrypt_with_envelope, generate_key_nonce, MAGIC_V1};
58
59// Re-export KDF types and functions
60pub use kdf::{
61    derive_key, derive_key_for_purpose, derive_scoped_key, generate_key, AeadNonce, ContentKey,
62    IdentitySeed, KeyNonce, KeyPurpose, KeyRing, Nonce, NostrSecretKey, RecipientSecretKey,
63    RepoSecret, SecretKey, ShareKey, SigningSecretKey,
64};
65
66// Re-export reader types
67pub use reader::{
68    decrypt_object, decrypt_object_parse, decrypt_object_raw, decrypt_shard_data, CommitReader,
69};
70
71// Re-export encrypted blob newtypes
72pub use blob_types::{
73    EncryptedBlob, EncryptedCommit, EncryptedIndex, EncryptedManifest, EncryptedMetadata,
74    EncryptedRepoManifest, EncryptedShard, EncryptedStaged, EncryptedStash,
75};
76
77// Re-export CID newtypes
78pub use cid_types::{CommitCid, ManifestCid, MetadataCid, RepoManifestCid, ShardCid};
79
80// Re-export public key types and manifest key newtypes
81pub use keys::{
82    CommitSignature, ContributorId, NostrPubKey, ParseError, RecipientPubKey, RepoKey,
83    SigningPubKey, WrappedKey,
84};
85
86// Re-export identity types
87pub use identity::{
88    derive_repo_owner_signing_key, ecies_unwrap_key, ecies_wrap_key, Identity, IdentityError,
89    ParsedIdentity,
90};
91
92// Re-export ECIES types
93pub use ecies::EciesError;
94
95// Re-export seed types
96pub use seed::{
97    derive_nostr_key, derive_recipient_key, derive_repo_owner_key, derive_signing_key,
98    generate_mnemonic, mnemonic_to_seed, SeedError,
99};
100
101// Re-export PIN types
102pub use pin::{decrypt_identity_keys, encrypt_identity_keys, PinError};
103
104// Re-export scoped keyring
105pub use scoped_keyring::{ScopedAccessToken, ScopedKeyRing};
106
107// Re-export vault
108pub use vault::KeyVault;
void_crypto/lib.rs

void_crypto/
lib.rs
