feat(01-foundation-03): implement AES-256-GCM encryption and Argon2id key derivation

- Encrypt/Decrypt using AES-256-GCM with random nonce prepended to ciphertext - ErrCiphertextTooShort sentinel error for malformed ciphertext - DeriveKey using Argon2id RFC 9106 params (time=1, mem=64MB, threads=4, keyLen=32) - NewSalt generates cryptographically random 16-byte salt
2026-04-05 00:04:33 +03:00
parent 2ef54f7196
commit 239e2c214c
2 changed files with 84 additions and 0 deletions
--- a/pkg/storage/crypto.go
+++ b/pkg/storage/crypto.go
@@ -0,0 +1,32 @@
+package storage
+
+import (
+	"crypto/rand"
+
+	"golang.org/x/crypto/argon2"
+)
+
+const (
+	argon2Time    uint32 = 1
+	argon2Memory  uint32 = 64 * 1024 // 64 MB — RFC 9106 Section 7.3
+	argon2Threads uint8  = 4
+	argon2KeyLen  uint32 = 32 // AES-256 key length
+	saltSize             = 16
+)
+
+// DeriveKey produces a 32-byte AES-256 key from a passphrase and salt using Argon2id.
+// Uses RFC 9106 Section 7.3 recommended parameters.
+// Given the same passphrase and salt, always returns the same key.
+func DeriveKey(passphrase []byte, salt []byte) []byte {
+	return argon2.IDKey(passphrase, salt, argon2Time, argon2Memory, argon2Threads, argon2KeyLen)
+}
+
+// NewSalt generates a cryptographically random 16-byte salt.
+// Store alongside the database and reuse on each key derivation.
+func NewSalt() ([]byte, error) {
+	salt := make([]byte, saltSize)
+	if _, err := rand.Read(salt); err != nil {
+		return nil, err
+	}
+	return salt, nil
+}