Skip to main content

Module crypto

phasm_core::stego

Module crypto 

Source
Expand description

Cryptographic primitives for payload encryption.

Implements a two-tier key derivation scheme using Argon2id:

  • Tier 1 (structural): Deterministic key derived from passphrase + fixed salt. Produces perm_seed (coefficient permutation) and hhat_seed (STC matrix generation). Both encoder and decoder derive identical keys.

  • Tier 2 (encryption): AES-256-GCM-SIV key derived from passphrase + random salt. The random salt is embedded in the payload frame, so the decoder recovers it from the extracted data.

AES-256-GCM-SIV is chosen over AES-256-GCM for its nonce-misuse resistance, which provides an extra safety margin since the nonce is randomly generated and embedded alongside the ciphertext.

Constants§

FORTRESS_EMPTY_NONCE
Fixed nonce for Fortress empty-passphrase optimization. When passphrase is empty, we use this deterministic nonce so it doesn’t need to be embedded in the frame (saving 12 bytes). NOT secret — just a constant to feed into AES-GCM-SIV.
FORTRESS_EMPTY_SALT
Fixed salt for Fortress empty-passphrase optimization. When passphrase is empty, we use this deterministic salt so it doesn’t need to be embedded in the frame (saving 16 bytes). The message is still AES-encrypted so the payload looks random for steganalysis resistance. NOT secret — just a constant to feed into AES key derivation.
NONCE_LEN
AES-GCM-SIV nonce length in bytes.
SALT_LEN
Argon2 salt length in bytes.

Functions§

decrypt
Decrypt ciphertext with AES-256-GCM-SIV.
derive_armor_structural_key
Derive the Armor structural key (Tier 1) from a passphrase.
derive_encryption_key
Derive the AES-256 encryption key (Tier 2) from passphrase + random salt.
derive_fortress_structural_key
Derive the Fortress structural key from a passphrase.
derive_h264_mvd_structural_key
Derive the H.264 Phase 3c MVD-domain structural key.
derive_per_gop_seed_from_master
H.264 Phase I.0.5: derive a per-GOP seed by mixing a master 32-byte seed with gop_idx and a domain label using SHA-256.
derive_shadow_structural_key
Derive the Shadow structural key from a passphrase.
derive_structural_key
Derive the structural key (Tier 1) from a passphrase.
derive_template_key
Derive the DFT template key from a passphrase.
encrypt
Encrypt plaintext with AES-256-GCM-SIV.
encrypt_with
Encrypt plaintext with AES-256-GCM-SIV using caller-provided salt and nonce.