apple-cryptokit-rs 0.2.1

A Rust wrapper around Apple's native CryptoKit framework for App Store compliant cryptography.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

//! # Apple CryptoKit for Rust - Simple Usage Examples
//!
//! This example demonstrates the basic usage of cryptographic functions
//! provided by the apple-cryptokit-rs library.

use apple_cryptokit::{
    Result,
    // HMAC Authentication
    authentication::hmac_sha256,
    // Hashing
    hashing::{HashFunction, SHA256, sha256_hash},
    // Key Derivation
    key_derivation::hkdf_sha256_derive,
    // Symmetric Encryption
    symmetric::aes::{aes_gcm_decrypt, aes_gcm_encrypt},
    symmetric::chacha::{chacha20poly1305_encrypt, chacha20poly1305_decrypt, ChaChaKey, ChaChaPolyNonce, ChaChaPoly},
    symmetric::AuthenticatedCipher,
};

fn main() -> Result<()> {
    println!("Apple CryptoKit for Rust - Simple Usage Examples");
    println!("====================================================\n");

    // 1. Hashing Examples
    hashing_examples()?;

    // 2. Message Authentication Examples
    authentication_examples()?;

    // 3. Symmetric Encryption Examples (AES-GCM)
    symmetric_encryption_examples()?;

    // 4. ChaCha20-Poly1305 Examples
    chacha20poly1305_examples()?;

    // 5. Key Derivation Examples
    key_derivation_examples()?;

    println!("\nAll examples completed successfully!");
    Ok(())
}

/// Demonstrates various hashing algorithms
fn hashing_examples() -> Result<()> {
    println!("Hashing Examples");
    println!("------------------");

    let data = b"Hello, Apple CryptoKit!";

    // Using convenience functions
    let hash = sha256_hash(data);
    println!("Data: {}", String::from_utf8_lossy(data));
    println!("SHA256 hash (hex): {:02x?}", &hash[..8]); // Show first 8 bytes

    // Using trait interface
    let hash_trait = SHA256::hash(data);
    println!("SHA256 (trait): {:02x?}", &hash_trait[..8]);

    println!("Hash length: {} bytes\n", hash.len());

    Ok(())
}

/// Demonstrates HMAC message authentication
fn authentication_examples() -> Result<()> {
    println!("Message Authentication Examples");
    println!("----------------------------------");

    let key = b"my-secret-authentication-key";
    let message = b"Important message to authenticate";

    let mac = hmac_sha256(key, message)?;
    println!("Message: {}", String::from_utf8_lossy(message));
    println!("HMAC-SHA256: {:02x?}", &mac[..8]); // Show first 8 bytes

    // Verify HMAC by computing again
    let verify_mac = hmac_sha256(key, message)?;
    let is_valid = mac == verify_mac;
    println!(
        "HMAC verification: {}\n",
        if is_valid { "Valid" } else { "Invalid" }
    );

    Ok(())
}

/// Demonstrates symmetric encryption with AES-GCM
fn symmetric_encryption_examples() -> Result<()> {
    println!("Symmetric Encryption Examples");
    println!("---------------------------------");

    let key = b"0123456789abcdef0123456789abcdef"; // 32-byte key for AES-256
    let nonce = b"unique12byte"; // 12-byte nonce for GCM
    let plaintext = b"This is a secret message that needs encryption!";

    // Encrypt
    let ciphertext = aes_gcm_encrypt(key, nonce, plaintext)?;
    println!("Plaintext: {}", String::from_utf8_lossy(plaintext));
    println!("Ciphertext: {:02x?}...", &ciphertext[..16]); // Show first 16 bytes

    // Decrypt
    let decrypted = aes_gcm_decrypt(key, nonce, &ciphertext)?;
    println!("Decrypted: {}", String::from_utf8_lossy(&decrypted));

    let success = plaintext == decrypted.as_slice();
    println!(
        "Encryption/Decryption: {}",
        if success { "Success" } else { "Failed" }
    );
    println!(
        "Ciphertext length: {} bytes (including authentication tag)\n",
        ciphertext.len()
    );

    Ok(())
}

/// Demonstrates ChaCha20-Poly1305 authenticated encryption
fn chacha20poly1305_examples() -> Result<()> {
    println!("ChaCha20-Poly1305 Examples");
    println!("-----------------------------");

    // Using convenience functions
    let key = b"0123456789abcdef0123456789abcdef"; // 32-byte key
    let nonce = b"unique12byte"; // 12-byte nonce
    let plaintext = b"Hello, ChaCha20-Poly1305!";

    let ciphertext = chacha20poly1305_encrypt(key, nonce, plaintext)?;
    println!("Plaintext: {}", String::from_utf8_lossy(plaintext));
    println!("Ciphertext: {:02x?}...", &ciphertext[..16]);

    let decrypted = chacha20poly1305_decrypt(key, nonce, &ciphertext)?;
    println!("Decrypted: {}", String::from_utf8_lossy(&decrypted));

    let success = plaintext == decrypted.as_slice();
    println!(
        "Encryption/Decryption: {}",
        if success { "Success" } else { "Failed" }
    );

    // Using typed structs with random key generation
    let random_key = ChaChaKey::generate()?;
    let random_nonce = ChaChaPolyNonce::generate()?;
    let message = b"Secure message with generated key";

    let sealed = ChaChaPoly::seal(&random_key, &random_nonce, message)?;
    let opened = ChaChaPoly::open(&random_key, &random_nonce, &sealed)?;

    println!("Random key generation: Success");
    println!(
        "Seal/Open with generated key: {}\n",
        if message == opened.as_slice() { "Success" } else { "Failed" }
    );

    Ok(())
}

/// Demonstrates key derivation using HKDF
fn key_derivation_examples() -> Result<()> {
    println!("Key Derivation Examples");
    println!("--------------------------");

    let input_key_material = b"shared-secret-from-key-exchange";
    let salt = b"random-salt-value";
    let info = b"application-specific-context";
    let output_length = 32; // 256 bits

    let derived_key = hkdf_sha256_derive(input_key_material, salt, info, output_length)?;
    println!(
        "Input key material: {}",
        String::from_utf8_lossy(input_key_material)
    );
    println!("Salt: {}", String::from_utf8_lossy(salt));
    println!("Info: {}", String::from_utf8_lossy(info));
    println!("Derived key (32 bytes): {:02x?}...", &derived_key[..8]); // Show first 8 bytes
    println!("Full derived key length: {} bytes\n", derived_key.len());

    Ok(())
}