naming

Author: 0xB19

wasm/Cargo.toml

@@ -11,7 +11,7 @@ members = [
     "auth",
     "sessions",
     "main",
-    "bordercrypt"
+    "secure-storage"
 ]
 
 [workspace.package]

wasm/bordercrypt/Cargo.toml wasm/secure-storage/Cargo.tomlwasm/bordercrypt/Cargo.toml renamed to wasm/secure-storage/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "bordercrypt"
+name = "secureStorage"
 version.workspace = true
 edition.workspace = true
 

wasm/bordercrypt/src/block.rs wasm/secure-storage/src/block.rswasm/bordercrypt/src/block.rs renamed to wasm/secure-storage/src/block.rs

@@ -8,7 +8,7 @@ use rand::RngCore;
 use zeroize::Zeroizing;
 
 use crate::constants::{AEAD_TAG_SIZE, BLOCK_SIZE, PLAINTEXT_SIZE};
-use crate::error::{BordercryptError, Result};
+use crate::error::{SecureStorageError, Result};
 use crate::pq::{PQ_MSG_SIZE, PqPublicKey, PqSecretKey, pq_decrypt, pq_encrypt, pq_rerand};
 
 const BLOCK_AEAD_SUFFIX: &str = ":block_aead";
@@ -52,19 +52,19 @@ pub fn decrypt_block(
 
     let nonce = crypto_aead::Nonce::from(
         <[u8; crypto_aead::NONCE_SIZE]>::try_from(&msg[..crypto_aead::NONCE_SIZE])
-            .map_err(|_| BordercryptError::CorruptedBlock)?,
+            .map_err(|_| SecureStorageError::CorruptedBlock)?,
     );
     let aead_ct = &msg[crypto_aead::NONCE_SIZE..];
     let key = crypto_aead::Key::from(*aead_key);
 
     let plaintext_vec = Zeroizing::new(
         crypto_aead::decrypt(&key, &nonce, aead_ct, aad.as_bytes())
-            .ok_or(BordercryptError::CorruptedBlock)?,
+            .ok_or(SecureStorageError::CorruptedBlock)?,
     );
 
     let mut plaintext = Zeroizing::new([0u8; PLAINTEXT_SIZE]);
     if plaintext_vec.len() != PLAINTEXT_SIZE {
-        return Err(BordercryptError::CorruptedBlock);
+        return Err(SecureStorageError::CorruptedBlock);
     }
     plaintext.copy_from_slice(&plaintext_vec);
     Ok(plaintext)
@@ -126,7 +126,7 @@ mod tests {
         key
     }
 
-    const AAD_ROOT: &str = "test:bordercrypt:session:v0:i0:b0";
+    const AAD_ROOT: &str = "test:secureStorage:session:v0:i0:b0";
 
     // --- encrypt / decrypt ---
 

wasm/bordercrypt/src/constants.rs wasm/secure-storage/src/constants.rswasm/bordercrypt/src/constants.rs renamed to wasm/secure-storage/src/constants.rs

@@ -10,16 +10,16 @@ use std::fmt::Write as _;
 
 use crate::types::SessionIndex;
 
-/// Root domain: `{domain}:bordercrypt`
+/// Root domain: `{domain}:secureStorage`
 #[must_use]
 pub fn root(domain: &str) -> String {
-    format!("{domain}:bordercrypt")
+    format!("{domain}:secureStorage")
 }
 
 /// Session scope: `{root}:session:v{version}:i{index}`
 #[must_use]
 pub fn session_scope(domain: &str, version: u32, index: SessionIndex) -> String {
-    format!("{domain}:bordercrypt:session:v{version}:i{}", index.as_u8())
+    format!("{domain}:secureStorage:session:v{version}:i{}", index.as_u8())
 }
 
 /// Block scope: `{session_scope}:b{block_index}`
@@ -30,15 +30,15 @@ pub fn block_scope(buf: &mut String, domain: &str, version: u32, index: SessionI
     // String::write_fmt is infallible
     let _ = write!(
         buf,
-        "{domain}:bordercrypt:session:v{version}:i{}:b{block}",
+        "{domain}:secureStorage:session:v{version}:i{}:b{block}",
         index.as_u8()
     );
 }
 
 /// Salt for password KDF: `{root}:password_kdf`
 #[must_use]
 pub fn password_kdf_salt(domain: &str) -> String {
-    format!("{domain}:bordercrypt:password_kdf")
+    format!("{domain}:secureStorage:password_kdf")
 }
 
 /// Salt for root KDF: `{domain}:kdf:salt`
@@ -51,7 +51,7 @@ pub fn root_kdf_salt(domain: &str) -> String {
 #[must_use]
 pub fn sk_wrap_aad(domain: &str, version: u32, index: SessionIndex) -> String {
     format!(
-        "{domain}:bordercrypt:session:v{version}:i{}:pq_sk_wrap",
+        "{domain}:secureStorage:session:v{version}:i{}:pq_sk_wrap",
         index.as_u8()
     )
 }
@@ -69,7 +69,7 @@ pub fn block_kdf_salt(
     buf.clear();
     let _ = write!(
         buf,
-        "{domain}:bordercrypt:session:v{version}:i{}:b{block}:kdf:salt",
+        "{domain}:secureStorage:session:v{version}:i{}:b{block}:kdf:salt",
         index.as_u8()
     );
 }
@@ -87,7 +87,7 @@ pub fn block_aead_key_label(
     buf.clear();
     let _ = write!(
         buf,
-        "{domain}:bordercrypt:session:v{version}:i{}:b{block}:kdf:block_aead_key",
+        "{domain}:secureStorage:session:v{version}:i{}:b{block}:kdf:block_aead_key",
         index.as_u8()
     );
 }
@@ -105,21 +105,21 @@ pub fn block_aead_aad(
     buf.clear();
     let _ = write!(
         buf,
-        "{domain}:bordercrypt:session:v{version}:i{}:b{block}:block_aead",
+        "{domain}:secureStorage:session:v{version}:i{}:b{block}:block_aead",
         index.as_u8()
     );
 }
 
 /// Label for sk_wrap_key derivation: `{root}:kdf:sk_wrap_key`
 #[must_use]
 pub fn sk_wrap_key_label(domain: &str) -> String {
-    format!("{domain}:bordercrypt:kdf:sk_wrap_key")
+    format!("{domain}:secureStorage:kdf:sk_wrap_key")
 }
 
 /// Label for root_aead_key derivation: `{root}:kdf:root_aead_key`
 #[must_use]
 pub fn root_aead_key_label(domain: &str) -> String {
-    format!("{domain}:bordercrypt:kdf:root_aead_key")
+    format!("{domain}:secureStorage:kdf:root_aead_key")
 }
 
 #[cfg(test)]
@@ -128,15 +128,15 @@ mod tests {
 
     #[test]
     fn test_root_format() {
-        assert_eq!(root("app:ns"), "app:ns:bordercrypt");
+        assert_eq!(root("app:ns"), "app:ns:secureStorage");
     }
 
     #[test]
     fn test_session_scope_format() {
         let idx = SessionIndex::new(2).unwrap();
         assert_eq!(
             session_scope("app:ns", 1, idx),
-            "app:ns:bordercrypt:session:v1:i2"
+            "app:ns:secureStorage:session:v1:i2"
         );
     }
 
@@ -145,14 +145,14 @@ mod tests {
         let idx = SessionIndex::new(0).unwrap();
         let mut buf = String::new();
         block_scope(&mut buf, "app:ns", 0, idx, 42);
-        assert_eq!(buf, "app:ns:bordercrypt:session:v0:i0:b42");
+        assert_eq!(buf, "app:ns:secureStorage:session:v0:i0:b42");
     }
 
     #[test]
     fn test_password_kdf_salt() {
         assert_eq!(
             password_kdf_salt("app:ns"),
-            "app:ns:bordercrypt:password_kdf"
+            "app:ns:secureStorage:password_kdf"
         );
     }
 
@@ -166,7 +166,7 @@ mod tests {
         let idx = SessionIndex::new(1).unwrap();
         assert_eq!(
             sk_wrap_aad("app:ns", 0, idx),
-            "app:ns:bordercrypt:session:v0:i1:pq_sk_wrap"
+            "app:ns:secureStorage:session:v0:i1:pq_sk_wrap"
         );
     }
 
@@ -175,7 +175,7 @@ mod tests {
         let idx = SessionIndex::new(0).unwrap();
         let mut buf = String::new();
         block_kdf_salt(&mut buf, "app:ns", 0, idx, 5);
-        assert_eq!(buf, "app:ns:bordercrypt:session:v0:i0:b5:kdf:salt");
+        assert_eq!(buf, "app:ns:secureStorage:session:v0:i0:b5:kdf:salt");
     }
 
     #[test]
@@ -185,7 +185,7 @@ mod tests {
         block_aead_key_label(&mut buf, "app:ns", 0, idx, 5);
         assert_eq!(
             buf,
-            "app:ns:bordercrypt:session:v0:i0:b5:kdf:block_aead_key"
+            "app:ns:secureStorage:session:v0:i0:b5:kdf:block_aead_key"
         );
     }
 
@@ -194,22 +194,22 @@ mod tests {
         let idx = SessionIndex::new(0).unwrap();
         let mut buf = String::new();
         block_aead_aad(&mut buf, "app:ns", 0, idx, 5);
-        assert_eq!(buf, "app:ns:bordercrypt:session:v0:i0:b5:block_aead");
+        assert_eq!(buf, "app:ns:secureStorage:session:v0:i0:b5:block_aead");
     }
 
     #[test]
     fn test_sk_wrap_key_label() {
         assert_eq!(
             sk_wrap_key_label("app:ns"),
-            "app:ns:bordercrypt:kdf:sk_wrap_key"
+            "app:ns:secureStorage:kdf:sk_wrap_key"
         );
     }
 
     #[test]
     fn test_root_aead_key_label() {
         assert_eq!(
             root_aead_key_label("app:ns"),
-            "app:ns:bordercrypt:kdf:root_aead_key"
+            "app:ns:secureStorage:kdf:root_aead_key"
         );
     }
 

wasm/bordercrypt/src/domain.rs wasm/secure-storage/src/domain.rswasm/bordercrypt/src/domain.rs renamed to wasm/secure-storage/src/domain.rs

@@ -1,10 +1,10 @@
-/// Unified error type for all bordercrypt operations.
+/// Unified error type for all secureStorage operations.
 ///
 /// Error messages are deliberately generic to avoid leaking information
 /// to an adversary (e.g. no distinction between "bad nonce" and "bad tag").
 #[derive(Debug, thiserror::Error)]
 #[non_exhaustive]
-pub enum BordercryptError {
+pub enum SecureStorageError {
     #[error("invalid password")]
     InvalidPassword,
 
@@ -31,4 +31,4 @@ pub enum BordercryptError {
 }
 
 /// Convenience alias used throughout the crate.
-pub type Result<T> = core::result::Result<T, BordercryptError>;
+pub type Result<T> = core::result::Result<T, SecureStorageError>;

wasm/bordercrypt/src/error.rs wasm/secure-storage/src/error.rswasm/bordercrypt/src/error.rs renamed to wasm/secure-storage/src/error.rs

@@ -1,4 +1,4 @@
-//! Key derivation for bordercrypt.
+//! Key derivation for secureStorage.
 
 use zeroize::Zeroizing;
 
@@ -135,6 +135,6 @@ mod tests {
     #[test]
     fn returns_block_scope() {
         let (_key, scope) = derive_block_aead_key("app", 0, idx(2), &ROOT_KEY, 5);
-        assert_eq!(scope, "app:bordercrypt:session:v0:i2:b5");
+        assert_eq!(scope, "app:secureStorage:session:v0:i2:b5");
     }
 }

wasm/bordercrypt/src/kdf.rs wasm/secure-storage/src/kdf.rswasm/bordercrypt/src/kdf.rs renamed to wasm/secure-storage/src/kdf.rs

@@ -5,7 +5,7 @@
 //! [version: u32 BE] [pq_pk: PK_SIZE bytes] [sk_nonce: 16 bytes] [sk_ct: remaining]
 //! ```
 
-use crate::error::{BordercryptError, Result};
+use crate::error::{SecureStorageError, Result};
 use crate::pq::PqPublicKey;
 use crate::storage::KeypairStorage;
 use crate::types::SessionIndex;
@@ -61,15 +61,15 @@ impl KeypairFile {
     /// Deserialize from binary format.
     pub fn deserialize(data: &[u8]) -> Result<Self> {
         if data.len() < MIN_SIZE {
-            return Err(BordercryptError::CorruptedBlock);
+            return Err(SecureStorageError::CorruptedBlock);
         }
 
         let mut offset = 0;
 
         let version = u32::from_be_bytes(
             data[offset..offset + 4]
                 .try_into()
-                .map_err(|_| BordercryptError::CorruptedBlock)?,
+                .map_err(|_| SecureStorageError::CorruptedBlock)?,
         );
         offset += 4;
 
@@ -80,7 +80,7 @@ impl KeypairFile {
         let sk_nonce: [u8; crypto_aead::NONCE_SIZE] = data
             [offset..offset + crypto_aead::NONCE_SIZE]
             .try_into()
-            .map_err(|_| BordercryptError::CorruptedBlock)?;
+            .map_err(|_| SecureStorageError::CorruptedBlock)?;
         offset += crypto_aead::NONCE_SIZE;
 
         let sk_ct = data[offset..].to_vec();

wasm/bordercrypt/src/keypair.rs wasm/secure-storage/src/keypair.rswasm/bordercrypt/src/keypair.rs renamed to wasm/secure-storage/src/keypair.rs

@@ -1,4 +1,4 @@
-//! Bordercrypt v2 on-device encrypted storage.
+//! SecureStorage v2 on-device encrypted storage.
 //!
 //! Spec: <https://github.com/massalabs/gossip/discussions/380>
 
@@ -24,7 +24,7 @@ pub use domain::{
     block_aead_aad, block_aead_key_label, block_kdf_salt, block_scope, password_kdf_salt, root,
     root_aead_key_label, root_kdf_salt, session_scope, sk_wrap_aad, sk_wrap_key_label,
 };
-pub use error::{BordercryptError, Result};
+pub use error::{SecureStorageError, Result};
 pub use kdf::{SessionKeys, derive_block_aead_key, derive_session_keys};
 pub use keypair::{KeypairFile, read_session_keypair, read_session_version_and_pk};
 pub use lifecycle::{allocate_session, cover_traffic_tick, provision_storage};

wasm/bordercrypt/src/lib.rs wasm/secure-storage/src/lib.rswasm/bordercrypt/src/lib.rs renamed to wasm/secure-storage/src/lib.rs

@@ -8,7 +8,7 @@ use crate::BLOCK_SIZE;
 use crate::block::{create_cover_block, rerandomize_block};
 use crate::constants::{LENGTH_HDR_SIZE, PLAINTEXT_SIZE, SESSION_COUNT};
 use crate::domain;
-use crate::error::{BordercryptError, Result};
+use crate::error::{SecureStorageError, Result};
 use crate::kdf::derive_session_keys;
 use crate::keypair::{KeypairFile, read_session_version_and_pk};
 use crate::pq::{PqPublicKey, PqSecretKey, pq_keygen};
@@ -142,7 +142,7 @@ pub fn cover_traffic_tick<S: BlockStorage + KeypairStorage>(
         let ct_arr: &[u8; BLOCK_SIZE] = new_ct
             .as_slice()
             .try_into()
-            .map_err(|_| BordercryptError::CorruptedBlock)?;
+            .map_err(|_| SecureStorageError::CorruptedBlock)?;
         storage.write_block(cur_session, block_index, ct_arr)?;
         storage.fsync(cur_session)?;
     }