1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
//! Romulus-N and Romulus-M authenticated encryption (Romulus v1.3).
//!
//! # Modes
//!
//! - **Romulus-N** ([`RomulusN`]): nonce-based AEAD. Unique nonces are required for security.
//! - **Romulus-M** ([`RomulusM`]): misuse-resistant AEAD (SIV-style). Reusing a nonce does not
//! allow forgery; confidentiality impact is bounded by the MRAE goal of the mode.
//!
//! # API
//!
//! The primary interface is RustCrypto [`aead::AeadInPlace`] (and [`aead::AeadCore`]) with
//! 16-byte key, 16-byte nonce, and 16-byte tag. Use [`aead::KeyInit::new`] to build a cipher
//! from a key.
//!
//! Allocating helpers ([`aead::Aead`]) are available when the `alloc` feature is enabled.
//!
//! When `alloc` is enabled, [`RomulusNAead`] and [`RomulusMAead`] implement [`lib_q_core::Aead`]
//! for integration with the lib-Q AEAD registry.
//!
//! # Targets
//!
//! The cryptographic core is `#![no_std]`, avoids OS services and RNG, and is intended to compile
//! for embedded and `wasm32-unknown-unknown` without `wasm-bindgen` in this crate.
//!
//! # Feature flags
//!
//! | Feature | Effect |
//! |---------|--------|
//! *(none)* | `no_std`, in-place AEAD only |
//! | `alloc` | `aead::Aead`, `lib_q_core::Aead` wrappers |
//! | `std` | Standard library (implies `alloc`) |
extern crate alloc;
pub use ;
pub use ;
pub use RomulusM;
pub use RomulusN;
/// Key size as a [`aead::consts`] typenum (128 bits).
pub type KeySize = U16;
/// Nonce size (128 bits).
pub type NonceSize = U16;
/// Tag size (128 bits).
pub type TagSize = U16;
/// Ciphertext expansion for in-place API (tag is detached).
pub type CiphertextOverhead = U0;