slient_layer 0.1.0

Compression-resistant steganography library for images and audio
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256

//! Core traits and structures for steganography operations

use crate::error::{Result, SlientError};
use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
use serde::{Deserialize, Serialize};
use std::io::{Cursor, Read, Write};

/// Main trait for steganography operations
pub trait Steganography {
    /// Embed data into a carrier
    fn embed(&self, carrier: &[u8], data: &[u8], options: &EmbedOptions) -> Result<Vec<u8>>;

    /// Extract data from a carrier
    fn extract(&self, carrier: &[u8], options: &ExtractOptions) -> Result<Vec<u8>>;

    /// Calculate the maximum capacity for data embedding in bytes
    fn capacity(&self, carrier: &[u8]) -> Result<usize>;

    /// Verify if carrier contains embedded data
    fn verify(&self, carrier: &[u8], options: &ExtractOptions) -> Result<bool>;
}

/// Options for embedding data
#[derive(Debug, Clone)]
pub struct EmbedOptions {
    /// Optional password for encryption
    pub password: Option<String>,
    
    /// Strength of embedding (higher = more robust but lower capacity)
    /// Range: 1-10, default: 5
    pub strength: u8,
    
    /// Whether to use error correction codes
    pub use_ecc: bool,
    
    /// Custom seed for pseudo-random embedding pattern
    pub seed: Option<u64>,
}

impl Default for EmbedOptions {
    fn default() -> Self {
        Self {
            password: None,
            strength: 5,
            use_ecc: true,
            seed: None,
        }
    }
}

/// Options for extracting data
#[derive(Debug, Clone)]
pub struct ExtractOptions {
    /// Optional password for decryption
    pub password: Option<String>,
    
    /// Custom seed (must match embedding seed)
    pub seed: Option<u64>,
}

impl Default for ExtractOptions {
    fn default() -> Self {
        Self {
            password: None,
            seed: None,
        }
    }
}

/// Header stored with embedded data for integrity verification
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct DataHeader {
    /// Magic number for identification
    pub magic: u32,
    
    /// Version of the steganography format
    pub version: u16,
    
    /// Length of the payload in bytes
    pub payload_len: u32,
    
    /// Checksum of the payload (SHA-256 hash)
    pub checksum: [u8; 32],
    
    /// Whether the payload is encrypted
    pub encrypted: bool,
    
    /// Strength parameter used for embedding
    pub strength: u8,
}

impl DataHeader {
    /// Magic number: "SLNT" in ASCII
    pub const MAGIC: u32 = 0x534C4E54;
    
    /// Current format version
    pub const VERSION: u16 = 1;
    
    pub fn new(payload_len: usize, checksum: [u8; 32], encrypted: bool, strength: u8) -> Self {
        Self {
            magic: Self::MAGIC,
            version: Self::VERSION,
            payload_len: payload_len as u32,
            checksum,
            encrypted,
            strength,
        }
    }
    
    pub fn validate(&self) -> bool {
        self.magic == Self::MAGIC && self.version == Self::VERSION
    }

    /// Fixed size of the binary header (4+2+4+32+1+1 bytes). Format-stable.
    pub const BYTE_SIZE: usize = 4 + 2 + 4 + 32 + 1 + 1;

    /// Serialize header to exactly BYTE_SIZE bytes (little-endian).
    pub fn to_bytes(&self) -> [u8; Self::BYTE_SIZE] {
        let mut buf = [0u8; Self::BYTE_SIZE];
        let mut cursor = Cursor::new(&mut buf[..]);
        cursor.write_u32::<LittleEndian>(self.magic).unwrap();
        cursor.write_u16::<LittleEndian>(self.version).unwrap();
        cursor.write_u32::<LittleEndian>(self.payload_len).unwrap();
        cursor.write_all(&self.checksum).unwrap();
        cursor.write_u8(if self.encrypted { 1 } else { 0 }).unwrap();
        cursor.write_u8(self.strength).unwrap();
        buf
    }

    /// Deserialize header from exactly BYTE_SIZE bytes.
    pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
        if bytes.len() < Self::BYTE_SIZE {
            return Err(SlientError::InvalidData(
                "Header buffer too short".to_string(),
            ));
        }
        let mut cursor = Cursor::new(bytes);
        let magic = cursor.read_u32::<LittleEndian>().map_err(|e| SlientError::Decoding(e.to_string()))?;
        let version = cursor.read_u16::<LittleEndian>().map_err(|e| SlientError::Decoding(e.to_string()))?;
        let payload_len = cursor.read_u32::<LittleEndian>().map_err(|e| SlientError::Decoding(e.to_string()))?;
        let mut checksum = [0u8; 32];
        cursor.read_exact(&mut checksum).map_err(|e| SlientError::Decoding(e.to_string()))?;
        let encrypted = cursor.read_u8().map_err(|e| SlientError::Decoding(e.to_string()))? != 0;
        let strength = cursor.read_u8().map_err(|e| SlientError::Decoding(e.to_string()))?;
        Ok(Self { magic, version, payload_len, checksum, encrypted, strength })
    }
}

/// Calculate SHA-256 checksum of data
pub fn calculate_checksum(data: &[u8]) -> [u8; 32] {
    use sha2::{Sha256, Digest};
    let mut hasher = Sha256::new();
    hasher.update(data);
    hasher.finalize().into()
}

/// Encrypt data using AES-GCM
pub fn encrypt_data(data: &[u8], password: &str) -> Result<Vec<u8>> {
    use aes_gcm::{
        aead::{Aead, KeyInit, OsRng},
        Aes256Gcm, Nonce,
    };
    use sha2::{Sha256, Digest};

    let mut hasher = Sha256::new();
    hasher.update(password.as_bytes());
    let key_bytes = hasher.finalize();

    let cipher = Aes256Gcm::new_from_slice(&key_bytes)
        .map_err(|e| crate::error::SlientError::Encryption(e.to_string()))?;

    let mut nonce_bytes = [0u8; 12];
    use aes_gcm::aead::rand_core::RngCore;
    OsRng.fill_bytes(&mut nonce_bytes);
    let nonce = Nonce::from_slice(&nonce_bytes);

    let ciphertext = cipher
        .encrypt(nonce, data)
        .map_err(|e| crate::error::SlientError::Encryption(e.to_string()))?;

    let mut result = nonce_bytes.to_vec();
    result.extend_from_slice(&ciphertext);
    Ok(result)
}

/// Decrypt data using AES-GCM
pub fn decrypt_data(encrypted: &[u8], password: &str) -> Result<Vec<u8>> {
    use aes_gcm::{
        aead::{Aead, KeyInit},
        Aes256Gcm, Nonce,
    };
    use sha2::{Sha256, Digest};

    if encrypted.len() < 12 {
        return Err(crate::error::SlientError::InvalidData(
            "Encrypted data too short".to_string(),
        ));
    }

    let mut hasher = Sha256::new();
    hasher.update(password.as_bytes());
    let key_bytes = hasher.finalize();

    let cipher = Aes256Gcm::new_from_slice(&key_bytes)
        .map_err(|e| crate::error::SlientError::Decryption(e.to_string()))?;

    let nonce = Nonce::from_slice(&encrypted[..12]);
    let ciphertext = &encrypted[12..];

    cipher
        .decrypt(nonce, ciphertext)
        .map_err(|e| crate::error::SlientError::Decryption(e.to_string()))
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_data_header_validation() {
        let checksum = [0u8; 32];
        let header = DataHeader::new(100, checksum, true, 5);
        assert!(header.validate());
    }

    #[test]
    fn test_checksum() {
        let data = b"Hello, World!";
        let checksum1 = calculate_checksum(data);
        let checksum2 = calculate_checksum(data);
        assert_eq!(checksum1, checksum2);
    }

    #[test]
    fn test_encryption_decryption() {
        let data = b"Secret message";
        let password = "test_password";

        let encrypted = encrypt_data(data, password).unwrap();
        assert_ne!(encrypted, data);

        let decrypted = decrypt_data(&encrypted, password).unwrap();
        assert_eq!(decrypted, data);
    }

    #[test]
    fn test_wrong_password() {
        let data = b"Secret message";
        let password = "test_password";
        let wrong_password = "wrong_password";

        let encrypted = encrypt_data(data, password).unwrap();
        let result = decrypt_data(&encrypted, wrong_password);
        assert!(result.is_err());
    }
}