anubis-age 1.4.0

Post-quantum secure encryption library with hybrid X25519+ML-KEM-1024 mode (internal dependency for anubis-rage)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

//! AEAD (Authenticated Encryption with Associated Data) abstraction.
//!
//! This module provides a unified interface for AEAD ciphers, supporting both
//! ChaCha20-Poly1305 (default) and AES-256-GCM-SIV (FIPS mode).

use std::io;

/// AEAD cipher abstraction
pub trait Aead {
    /// Encrypt plaintext with the given key and nonce
    fn encrypt(&self, key: &[u8; 32], nonce: &[u8], plaintext: &[u8]) -> io::Result<Vec<u8>>;

    /// Decrypt ciphertext with the given key and nonce
    fn decrypt(&self, key: &[u8; 32], nonce: &[u8], ciphertext: &[u8]) -> io::Result<Vec<u8>>;

    /// Get the nonce size for this cipher
    fn nonce_size(&self) -> usize;

    /// Get the tag size for this cipher
    fn tag_size(&self) -> usize;
}

/// ChaCha20-Poly1305 AEAD cipher (RFC 7539) - Default
pub struct ChaCha20Poly1305Aead;

impl Aead for ChaCha20Poly1305Aead {
    fn encrypt(&self, key: &[u8; 32], nonce: &[u8], plaintext: &[u8]) -> io::Result<Vec<u8>> {
        use chacha20poly1305::{
            aead::{Aead as AeadTrait, KeyInit, Payload},
            ChaCha20Poly1305, Nonce,
        };

        let cipher = ChaCha20Poly1305::new(key.into());
        let nonce = Nonce::from_slice(nonce);

        cipher
            .encrypt(
                nonce,
                Payload {
                    msg: plaintext,
                    aad: b"",
                },
            )
            .map_err(|_| io::Error::new(io::ErrorKind::InvalidData, "encryption failed"))
    }

    fn decrypt(&self, key: &[u8; 32], nonce: &[u8], ciphertext: &[u8]) -> io::Result<Vec<u8>> {
        use chacha20poly1305::{
            aead::{Aead as AeadTrait, KeyInit, Payload},
            ChaCha20Poly1305, Nonce,
        };

        let cipher = ChaCha20Poly1305::new(key.into());
        let nonce = Nonce::from_slice(nonce);

        cipher
            .decrypt(
                nonce,
                Payload {
                    msg: ciphertext,
                    aad: b"",
                },
            )
            .map_err(|_| io::Error::new(io::ErrorKind::InvalidData, "decryption failed"))
    }

    fn nonce_size(&self) -> usize {
        12 // ChaCha20-Poly1305 uses 96-bit nonces
    }

    fn tag_size(&self) -> usize {
        16 // Poly1305 produces 128-bit tags
    }
}

/// AES-256-GCM-SIV AEAD cipher (RFC 8452) - Default (FIPS 140-3 compliant)
pub struct Aes256GcmSivAead;

impl Aead for Aes256GcmSivAead {
    fn encrypt(&self, key: &[u8; 32], nonce: &[u8], plaintext: &[u8]) -> io::Result<Vec<u8>> {
        use aes_gcm_siv::{
            aead::{Aead as AeadTrait, KeyInit, Payload},
            Aes256GcmSiv, Nonce,
        };

        let cipher = Aes256GcmSiv::new(key.into());
        let nonce = Nonce::from_slice(nonce);

        cipher
            .encrypt(
                nonce,
                Payload {
                    msg: plaintext,
                    aad: b"",
                },
            )
            .map_err(|_| io::Error::new(io::ErrorKind::InvalidData, "encryption failed"))
    }

    fn decrypt(&self, key: &[u8; 32], nonce: &[u8], ciphertext: &[u8]) -> io::Result<Vec<u8>> {
        use aes_gcm_siv::{
            aead::{Aead as AeadTrait, KeyInit, Payload},
            Aes256GcmSiv, Nonce,
        };

        let cipher = Aes256GcmSiv::new(key.into());
        let nonce = Nonce::from_slice(nonce);

        cipher
            .decrypt(
                nonce,
                Payload {
                    msg: ciphertext,
                    aad: b"",
                },
            )
            .map_err(|_| io::Error::new(io::ErrorKind::InvalidData, "decryption failed"))
    }

    fn nonce_size(&self) -> usize {
        12 // AES-GCM-SIV uses 96-bit nonces
    }

    fn tag_size(&self) -> usize {
        16 // GCM-SIV produces 128-bit tags
    }
}

/// Get the default AEAD cipher (AES-256-GCM-SIV for FIPS 140-3 compliance)
pub fn default_aead() -> Box<dyn Aead> {
    Box::new(Aes256GcmSivAead)
}

/// Get the AEAD cipher name
pub fn aead_name() -> &'static str {
    "AES-256-GCM-SIV"
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_chacha20poly1305_round_trip() {
        let aead = ChaCha20Poly1305Aead;
        let key = [0u8; 32];
        let nonce = [0u8; 12];
        let plaintext = b"Hello, post-quantum world!";

        let ciphertext = aead.encrypt(&key, &nonce, plaintext).unwrap();
        assert_ne!(ciphertext.as_slice(), plaintext);
        assert_eq!(ciphertext.len(), plaintext.len() + aead.tag_size());

        let decrypted = aead.decrypt(&key, &nonce, &ciphertext).unwrap();
        assert_eq!(decrypted.as_slice(), plaintext);
    }

    #[test]
    fn test_aes256gcmsiv_round_trip() {
        let aead = Aes256GcmSivAead;
        let key = [0u8; 32];
        let nonce = [0u8; 12];
        let plaintext = b"FIPS 140-3 compliant encryption!";

        let ciphertext = aead.encrypt(&key, &nonce, plaintext).unwrap();
        assert_ne!(ciphertext.as_slice(), plaintext);
        assert_eq!(ciphertext.len(), plaintext.len() + aead.tag_size());

        let decrypted = aead.decrypt(&key, &nonce, &ciphertext).unwrap();
        assert_eq!(decrypted.as_slice(), plaintext);
    }

    #[test]
    fn test_default_aead() {
        let aead = default_aead();
        assert_eq!(aead.nonce_size(), 12);
        assert_eq!(aead.tag_size(), 16);
    }

    #[test]
    fn test_aead_name() {
        assert_eq!(aead_name(), "AES-256-GCM-SIV");
    }
}