The initial lib.rs re-exported the whole policy limit surface even
though nothing outside the library used most of it. Every unused
export is semver surface for free: tightening MAX_ARGON_PASSES or
removing architecture_argon_cap_mib later would be a breaking change
for constants nobody asked for.
Drop the re-exports with zero uses in main.rs and the tests:
- policy: DEFAULT_ARGON_DECRYPT_CAP_MIB, MIN_ARGON_MEMORY_MIB,
MAX_ARGON_PASSES, MAX_ARGON_PARALLELISM, MAX_CHUNK_SIZE,
MIN_PASSPHRASE_BYTES, architecture_argon_cap_mib
- secrets: MAX_PASSPHRASE_LEN
All of them stay pub inside their (private) modules because the
validation functions use them internally; they can be re-exported
deliberately if a downstream user ever needs to introspect the limits.
ArgonDecryptCap stays exported because it is the return type of the
exported resolve_argon_decrypt_cap. The header format exports
(Header, AlgId, flags, lengths) are kept as the blessed container
format API.
Breaking change for any out-of-tree user of the just-introduced lib
API, but the library has not shipped in a release yet.
Test plan: cargo clippy (default/--tests) clean; cargo test passes
all suites.
The crypto engine was only reachable through the fcry binary; embedding
it in another Rust project meant shelling out to the CLI. Restructure
the crate so the binary sits on top of a proper library API.
- Add src/lib.rs exposing encrypt/decrypt/decrypt_range/derive_key, the
header and policy types, and the secret-handling primitives.
- Replace the positional-argument wrapper ladder
(encrypt_with_output_options, decrypt_with_argon_cap, ...) with
options structs: EncryptOptions, DecryptOptions, DecryptRangeOptions
and HeaderReadOptions. OutSinkOptions becomes the public
OutputOptions and no longer carries the input path; the input is now
an explicit parameter to OutSink::open_with_options so the
same-file-aliasing guard's inputs are visible at each call site.
- File parameters take Option<PathBuf>/&Path instead of AsRef<str>, so
non-UTF-8 paths work.
- FcryError implements Display and std::error::Error so it composes
with anyhow/thiserror-style error handling in downstream crates.
- Move read_key_file and normalize_passphrase from main.rs into
secrets.rs so library users get the same strict 32-byte key-file
parsing and NFC passphrase normalization. The world-readable
key-file warning stays in the CLI wrapper (read_key_file_cli).
- Drop now-unneeded #[allow(dead_code)] markers; ReadInfoChunk::Normal
loses its unused byte-count payload.
- Add rustfmt.toml (StdExternalCrate grouping, crate-granularity
imports) and reformat imports accordingly.
- Add tests/library_api.rs covering a file round-trip and a range
decrypt through the public API with a raw key.
User-visible change: CLI behavior is unchanged except error output,
which is now human-readable Display text ("Error: wrong key or
passphrase") instead of the Rust Debug representation.
Test plan: cargo clippy (default, --tests, --benches) is clean;
cargo +nightly fmt produces no diff; cargo test passes 43 tests
including the new library_api integration tests.
ddidderr
