Skip to main content

Crate abir_guard

Crate abir_guard 

Source
Expand description

Abir-Guard: Quantum-Resilient Agentic Vault (v3.0.0)

A lightweight, quantum-resistant vault for AI Agent memory. Uses ML-KEM-1024 (FIPS 203), ML-DSA-65 (FIPS 204), SHAMIR, and Argon2id for post-quantum security.

§Zero-Copy Memory Policy

Core Philosophy: Never store the raw key and the plaintext data in the same memory page.

  • Sensitive data passed by reference (&[u8]), not cloned
  • Stack-allocated AES keys naturally zeroized on function return
  • Secret keys stored in Mutex — accessed via guard, not copied
  • Cache stores encrypted data only, never plaintext

§Modules

§Core (Phase 1)

  • quantum_kernel — ML-KEM-1024 Key Encapsulation + AES-256-GCM encryption
  • entropy_inject — CPU jitter-based entropy collection
  • zero_copy — Zero-copy vault with LRU-encrypted cache
  • mcp_gateway — MCP JSON-RPC server for AI agent tools

§Hardware & Security (Phase 2)

  • persistent_vault — Encrypted file-based key persistence (Argon2id)
  • kdf — Argon2id key derivation (OWASP recommended)
  • shamir — SHAMIR Secret Sharing (t, n) threshold scheme
  • ml_dsa — ML-DSA signatures (NIST FIPS 204)

§Ecosystem & Hardening (Phase 3)

  • revocation — Key revocation/blacklist (CRL-style mechanism)
  • rotation — Automatic key rotation (time/usage-based)
  • differential_privacy — Differential privacy for entropy collection

Re-exports§

pub use quantum_kernel::HybridEncryptor;
pub use quantum_kernel::KeyPair;
pub use quantum_kernel::Ciphertext;
pub use quantum_kernel::Vault;
pub use entropy_inject::EntropyCollector;
pub use zero_copy::ZeroCopyVault;
pub use mcp_gateway::McpServer;
pub use mcp_gateway::McpRequest;
pub use mcp_gateway::McpResponse;
pub use kdf::derive_key;
pub use kdf::derive_key_with_salt;
pub use shamir::split as shamir_split;
pub use shamir::reconstruct as shamir_reconstruct;
pub use shamir::Share;
pub use ml_dsa::MldsaKeypair;
pub use ml_dsa::generate_keypair as mldsa_generate_keypair;
pub use ml_dsa::sign as mldsa_sign;
pub use ml_dsa::verify as mldsa_verify;
pub use revocation::RevocationList;
pub use revocation::RevocationReason;
pub use rotation::KeyRotationManager;
pub use rotation::KeyMetadata;
pub use differential_privacy::DifferentialEntropyCollector;
pub use differential_privacy::SpectreMeltdownDefender;

Modules§

differential_privacy
Abir-Guard: Differential Privacy for Entropy Collection
entropy_inject
kdf
Abir-Guard Key Derivation
mcp_gateway
ml_dsa
Abir-Guard: ML-DSA Digital Signatures (NIST FIPS 204)
persistent_vault
Abir-Guard Persistent Vault (Rust)
quantum_kernel
Abir-Guard Quantum Kernel
revocation
Abir-Guard: Key Revocation / Blacklist (CRL-style mechanism)
rotation
Abir-Guard: Automatic Key Rotation
shamir
Abir-Guard: SHAMIR Secret Sharing
zero_copy
Abir-Guard Zero-Copy Vault

Constants§

VERSION