grafos_securestore/lib.rs
1//! Lease-scoped key and ciphertext store for grafOS.
2//!
3//! This crate provides epoch-based encryption key management and encrypted blob
4//! storage, with keys tied to fabric memory leases. When a lease expires, the
5//! key is destroyed and decryption becomes impossible — enforcing fail-closed
6//! semantics.
7//!
8//! # Architecture
9//!
10//! - [`KeyEpochManager`] manages encryption key epochs. Each epoch has a TTL
11//! and stores its key material in a
12//! [`grafos_locator::locator::MemRegionLocator`]. Key rotation creates
13//! a new active epoch and marks the previous one as [`EpochStatus::Rotating`].
14//!
15//! - [`EncryptedBlobStore`] encrypts and decrypts blobs using the active epoch
16//! key from a [`KeyEpochManager`]. Ciphertext is stored with its epoch ID,
17//! nonce, and AAD so the correct key can be resolved at decryption time.
18//!
19//! - Crypto operations are abstracted behind the [`CryptoBackend`] trait.
20//! A [`MockCryptoBackend`] (XOR-based, NOT secure) is provided for testing.
21//! Real crypto requires the `crypto-aes-gcm` feature flag.
22//!
23//! # Fail-closed semantics
24//!
25//! If a key's epoch is expired or missing, [`EncryptedBlobStore::get`] returns
26//! an error rather than attempting decryption with stale or unknown key material.
27
28#![cfg_attr(not(feature = "std"), no_std)]
29
30extern crate alloc;
31
32mod blob;
33mod crypto;
34mod epoch;
35mod error;
36mod manager;
37
38pub use blob::{BlobId, BlobInfo, EncryptedBlobStore};
39#[cfg(feature = "crypto-aes-gcm")]
40pub use crypto::AesGcmBackend;
41#[cfg(feature = "crypto-chacha20poly1305")]
42pub use crypto::ChaChaBackend;
43pub use crypto::{CryptoBackend, MockCryptoBackend};
44pub use epoch::{EpochId, EpochInfo, EpochStatus};
45pub use error::SecureStoreError;
46pub use manager::KeyEpochManager;
47
48#[cfg(test)]
49mod tests;