crypt_guard 1.4.2

CryptGuard is a post-quantum cryptography library with support for Kyber, Falcon, Dilithium in combination with AES and XChaCha20.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361

use std::path::PathBuf;

use crate::error::{CryptError, SigningErr};
use zeroize::Zeroize;
// bring exported macros into scope
use crate::{encryption, decryption, encrypt_file, decrypt_file, signature, verify, kyber_keypair};
// Macro expansions require these types in scope at the callsite
use crate::core::{
    kdf::{Signature, Falcon1024, Falcon512, Dilithium2, Dilithium3, Dilithium5, Message, Detached},
    kyber::key_controler::{KeyControKyber1024, KeyControKyber768, KeyControKyber512},
};
// Types required by macro expansions
use crate::core::kyber::{
    Kyber, Encryption, Decryption, Kyber1024, Kyber768, Kyber512, Data, AES, AesGcmSiv, AesCtr, AesXts,
    XChaCha20, XChaCha20Poly1305,
};
use crate::core::kyber::KyberFunctions;

/// Symmetric algorithms supported by the builders
#[derive(Clone, Copy, Debug)]
pub enum SymmetricAlg {
    Aes,
    AesXts,
    AesCbc,
    AesGcmSiv,
    AesCtr,
    XChaCha20,
    XChaCha20Poly1305,
}

/// Output of an encryption operation
#[derive(Clone, Debug)]
pub struct EncryptionOutput {
    pub content: Vec<u8>,
    pub cipher: Vec<u8>,
    pub nonce: Option<String>,
}

#[derive(Clone, Debug)]
enum Content {
    Data(Vec<u8>),
    File(PathBuf),
}

#[derive(Default)]
pub struct EncryptBuilder {
    key: Option<Vec<u8>>,       // Kyber public key
    key_size: Option<u16>,      // 1024 | 768 | 512
    content: Option<Content>,   // Data or File
    passphrase: Option<String>,
    algorithm: Option<SymmetricAlg>,
}

impl EncryptBuilder {
    pub fn new() -> Self { Self::default() }

    pub fn key(mut self, key: Vec<u8>) -> Self { self.key = Some(key); self }
    pub fn key_size(mut self, size: u16) -> Self { self.key_size = Some(size); self }

    pub fn data<T: Into<Vec<u8>>>(mut self, data: T) -> Self {
        self.content = Some(Content::Data(data.into()));
        self
    }

    pub fn file(mut self, path: PathBuf) -> Self {
        self.content = Some(Content::File(path));
        self
    }

    pub fn passphrase<S: Into<String>>(mut self, passphrase: S) -> Self {
        self.passphrase = Some(passphrase.into());
        self
    }

    pub fn algorithm(mut self, alg: SymmetricAlg) -> Self {
        self.algorithm = Some(alg);
        self
    }

    pub fn run(self) -> Result<EncryptionOutput, CryptError> {
        let key = self.key.ok_or_else(|| CryptError::new("missing public key"))?;
        let size = self.key_size.ok_or_else(|| CryptError::new("missing key size"))?;
        let pass = self.passphrase.ok_or_else(|| CryptError::new("missing passphrase"))?;
        let alg = self.algorithm.ok_or_else(|| CryptError::new("missing algorithm"))?;
        let content = self.content.ok_or_else(|| CryptError::new("missing content (data or file)"))?;

        match content {
            Content::Data(data) => match alg {
                SymmetricAlg::Aes => {
                    let (content, cipher) = match size {
                        1024 => encryption!(key.clone(), 1024, data.clone(), pass.clone(), AES)?,
                        768 => encryption!(key.clone(), 768, data.clone(), pass.clone(), AES)?,
                        512 => encryption!(key.clone(), 512, data.clone(), pass.clone(), AES)?,
                        _ => return Err(CryptError::new("invalid Kyber size")),
                    };
                    Ok(EncryptionOutput { content, cipher, nonce: None })
                }
                SymmetricAlg::AesXts => {
                    let (content, cipher) = match size {
                        1024 => encryption!(key.clone(), 1024, data.clone(), pass.clone(), AES_XTS)?,
                        768 => encryption!(key.clone(), 768, data.clone(), pass.clone(), AES_XTS)?,
                        512 => encryption!(key.clone(), 512, data.clone(), pass.clone(), AES_XTS)?,
                        _ => return Err(CryptError::new("invalid Kyber size")),
                    };
                    Ok(EncryptionOutput { content, cipher, nonce: None })
                }
                SymmetricAlg::AesCbc => {
                    let (content, cipher) = match size {
                        1024 => encryption!(key.clone(), 1024, data.clone(), pass.clone(), AES_CBC)?,
                        768 => encryption!(key.clone(), 768, data.clone(), pass.clone(), AES_CBC)?,
                        512 => encryption!(key.clone(), 512, data.clone(), pass.clone(), AES_CBC)?,
                        _ => return Err(CryptError::new("invalid Kyber size")),
                    };
                    Ok(EncryptionOutput { content, cipher, nonce: None })
                }
                SymmetricAlg::AesGcmSiv => {
                    let (content, cipher, nonce) = match size {
                        1024 => encryption!(key.clone(), 1024, data.clone(), pass.clone(), AES_GCM_SIV)?,
                        768 => encryption!(key.clone(), 768, data.clone(), pass.clone(), AES_GCM_SIV)?,
                        512 => encryption!(key.clone(), 512, data.clone(), pass.clone(), AES_GCM_SIV)?,
                        _ => return Err(CryptError::new("invalid Kyber size")),
                    };
                    Ok(EncryptionOutput { content, cipher, nonce: Some(nonce) })
                }
                SymmetricAlg::AesCtr => {
                    let (content, cipher, nonce) = match size {
                        1024 => encryption!(key.clone(), 1024, data.clone(), pass.clone(), AES_CTR)?,
                        768 => encryption!(key.clone(), 768, data.clone(), pass.clone(), AES_CTR)?,
                        512 => encryption!(key.clone(), 512, data.clone(), pass.clone(), AES_CTR)?,
                        _ => return Err(CryptError::new("invalid Kyber size")),
                    };
                    Ok(EncryptionOutput { content, cipher, nonce: Some(nonce) })
                }
                SymmetricAlg::XChaCha20 => {
                    let (content, cipher, nonce) = match size {
                        1024 => encryption!(key.clone(), 1024, data.clone(), pass.clone(), XChaCha20)?,
                        768 => encryption!(key.clone(), 768, data.clone(), pass.clone(), XChaCha20)?,
                        512 => encryption!(key.clone(), 512, data.clone(), pass.clone(), XChaCha20)?,
                        _ => return Err(CryptError::new("invalid Kyber size")),
                    };
                    Ok(EncryptionOutput { content, cipher, nonce: Some(nonce) })
                }
                SymmetricAlg::XChaCha20Poly1305 => {
                    let (content, cipher, nonce) = match size {
                        1024 => encryption!(key.clone(), 1024, data.clone(), pass.clone(), XChaCha20Poly1305)?,
                        768 => encryption!(key.clone(), 768, data.clone(), pass.clone(), XChaCha20Poly1305)?,
                        512 => encryption!(key.clone(), 512, data.clone(), pass.clone(), XChaCha20Poly1305)?,
                        _ => return Err(CryptError::new("invalid Kyber size")),
                    };
                    Ok(EncryptionOutput { content, cipher, nonce: Some(nonce) })
                }
            },
            Content::File(path) => match alg {
                SymmetricAlg::Aes => {
                    let (content, cipher) = match size {
                        1024 => encrypt_file!(key.clone(), 1024, path.clone(), pass.clone(), AES)?,
                        768 => encrypt_file!(key.clone(), 768, path.clone(), pass.clone(), AES)?,
                        512 => encrypt_file!(key.clone(), 512, path.clone(), pass.clone(), AES)?,
                        _ => return Err(CryptError::new("invalid Kyber size")),
                    };
                    Ok(EncryptionOutput { content, cipher, nonce: None })
                }
                SymmetricAlg::XChaCha20 => {
                    // Returns a nonce (as Option<String>) in macro; normalize to Option<String>
                    let (content, cipher, nonce_str) = match size {
                        1024 => encrypt_file!(key.clone(), 1024, path.clone(), pass.clone(), XChaCha20)?,
                        768 => encrypt_file!(key.clone(), 768, path.clone(), pass.clone(), XChaCha20)?,
                        512 => encrypt_file!(key.clone(), 512, path.clone(), pass.clone(), XChaCha20)?,
                        _ => return Err(CryptError::new("invalid Kyber size")),
                    };
                    let nonce = Some(nonce_str);
                    Ok(EncryptionOutput { content, cipher, nonce })
                }
                _ => Err(CryptError::new("file encryption supported only for AES and XChaCha20")),
            },
        }
    }
}

#[derive(Default)]
pub struct DecryptBuilder {
    key: Option<Vec<u8>>,       // Kyber secret key
    key_size: Option<u16>,      // 1024 | 768 | 512
    content: Option<Content>,   // Data (encrypted bytes) or File (.enc path)
    passphrase: Option<String>,
    cipher: Option<Vec<u8>>,
    nonce: Option<String>,
    algorithm: Option<SymmetricAlg>,
}

impl DecryptBuilder {
    pub fn new() -> Self { Self::default() }

    pub fn key(mut self, key: Vec<u8>) -> Self { self.key = Some(key); self }
    pub fn key_size(mut self, size: u16) -> Self { self.key_size = Some(size); self }
    pub fn data<T: Into<Vec<u8>>>(mut self, data: T) -> Self { self.content = Some(Content::Data(data.into())); self }
    pub fn file(mut self, path: PathBuf) -> Self { self.content = Some(Content::File(path)); self }
    pub fn passphrase<S: Into<String>>(mut self, passphrase: S) -> Self { self.passphrase = Some(passphrase.into()); self }
    pub fn cipher<T: Into<Vec<u8>>>(mut self, cipher: T) -> Self { self.cipher = Some(cipher.into()); self }
    pub fn nonce<S: Into<String>>(mut self, nonce: S) -> Self { self.nonce = Some(nonce.into()); self }
    pub fn algorithm(mut self, alg: SymmetricAlg) -> Self { self.algorithm = Some(alg); self }

    pub fn run(self) -> Result<Vec<u8>, CryptError> {
        let key = self.key.ok_or_else(|| CryptError::new("missing secret key"))?;
        let size = self.key_size.ok_or_else(|| CryptError::new("missing key size"))?;
        let pass = self.passphrase.ok_or_else(|| CryptError::new("missing passphrase"))?;
        let alg = self.algorithm.ok_or_else(|| CryptError::new("missing algorithm"))?;
        let content = self.content.ok_or_else(|| CryptError::new("missing content (data or file)"))?;

        match content {
            Content::Data(data) => {
                let cipher = self.cipher.ok_or_else(|| CryptError::new("missing cipher"))?;
                match alg {
                    SymmetricAlg::Aes => match size { 1024 => decryption!(key.clone(), 1024, data.clone(), pass.clone(), cipher.clone(), AES), 768 => decryption!(key.clone(), 768, data.clone(), pass.clone(), cipher.clone(), AES), 512 => decryption!(key.clone(), 512, data.clone(), pass.clone(), cipher.clone(), AES), _ => Err(CryptError::new("invalid Kyber size")), },
                    SymmetricAlg::AesXts => match size { 1024 => decryption!(key.clone(), 1024, data.clone(), pass.clone(), cipher.clone(), AES_XTS), 768 => decryption!(key.clone(), 768, data.clone(), pass.clone(), cipher.clone(), AES_XTS), 512 => decryption!(key.clone(), 512, data.clone(), pass.clone(), cipher.clone(), AES_XTS), _ => Err(CryptError::new("invalid Kyber size")), },
                    SymmetricAlg::AesCbc => match size { 1024 => decryption!(key.clone(), 1024, data.clone(), pass.clone(), cipher.clone(), AES_CBC), 768 => decryption!(key.clone(), 768, data.clone(), pass.clone(), cipher.clone(), AES_CBC), 512 => decryption!(key.clone(), 512, data.clone(), pass.clone(), cipher.clone(), AES_CBC), _ => Err(CryptError::new("invalid Kyber size")), },
                    SymmetricAlg::AesGcmSiv => {
                        let n = self.nonce.ok_or_else(|| CryptError::new("missing nonce for AES_GCM_SIV"))?;
                        match size { 1024 => decryption!(key.clone(), 1024, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), AES_GCM_SIV), 768 => decryption!(key.clone(), 768, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), AES_GCM_SIV), 512 => decryption!(key.clone(), 512, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), AES_GCM_SIV), _ => Err(CryptError::new("invalid Kyber size")), }
                    }
                    SymmetricAlg::AesCtr => {
                        let n = self.nonce.ok_or_else(|| CryptError::new("missing nonce for AES_CTR"))?;
                        match size { 1024 => decryption!(key.clone(), 1024, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), AES_CTR), 768 => decryption!(key.clone(), 768, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), AES_CTR), 512 => decryption!(key.clone(), 512, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), AES_CTR), _ => Err(CryptError::new("invalid Kyber size")), }
                    }
                    SymmetricAlg::XChaCha20 => {
                        let n = self.nonce.ok_or_else(|| CryptError::new("missing nonce for XChaCha20"))?;
                        match size { 1024 => decryption!(key.clone(), 1024, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), XChaCha20), 768 => decryption!(key.clone(), 768, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), XChaCha20), 512 => decryption!(key.clone(), 512, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), XChaCha20), _ => Err(CryptError::new("invalid Kyber size")), }
                    }
                    SymmetricAlg::XChaCha20Poly1305 => {
                        let n = self.nonce.ok_or_else(|| CryptError::new("missing nonce for XChaCha20Poly1305"))?;
                        match size { 1024 => decryption!(key.clone(), 1024, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), XChaCha20Poly1305), 768 => decryption!(key.clone(), 768, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), XChaCha20Poly1305), 512 => decryption!(key.clone(), 512, data.clone(), pass.clone(), cipher.clone(), Some(n.clone()), XChaCha20Poly1305), _ => Err(CryptError::new("invalid Kyber size")), }
                    }
                }
            }
            Content::File(path) => match alg {
                SymmetricAlg::Aes => {
                    let cipher = self.cipher.ok_or_else(|| CryptError::new("missing cipher"))?;
                    match size { 1024 => decrypt_file!(key.clone(), 1024, path.clone(), pass.clone(), cipher.clone(), AES), 768 => decrypt_file!(key.clone(), 768, path.clone(), pass.clone(), cipher.clone(), AES), 512 => decrypt_file!(key.clone(), 512, path.clone(), pass.clone(), cipher.clone(), AES), _ => Err(CryptError::new("invalid Kyber size")), }
                }
                SymmetricAlg::XChaCha20 => {
                    let cipher = self.cipher.ok_or_else(|| CryptError::new("missing cipher"))?;
                    let n = self.nonce.ok_or_else(|| CryptError::new("missing nonce for XChaCha20"))?;
                    match size { 1024 => decrypt_file!(key.clone(), 1024, path.clone(), pass.clone(), cipher.clone(), Some(n.clone()), XChaCha20), 768 => decrypt_file!(key.clone(), 768, path.clone(), pass.clone(), cipher.clone(), Some(n.clone()), XChaCha20), 512 => decrypt_file!(key.clone(), 512, path.clone(), pass.clone(), cipher.clone(), Some(n.clone()), XChaCha20), _ => Err(CryptError::new("invalid Kyber size")), }
                }
                _ => Err(CryptError::new("file decryption supported only for AES and XChaCha20")),
            },
        }
    }
}

#[derive(Default)]
pub struct KyberKeygenBuilder { size: Option<u16> }
impl KyberKeygenBuilder {
    pub fn new() -> Self { Self::default() }
    pub fn size(mut self, size: u16) -> Self { self.size = Some(size); self }
    pub fn generate(self) -> Result<(Vec<u8>, Vec<u8>), CryptError> {
        let size = self.size.ok_or_else(|| CryptError::new("missing kyber size"))?;
        let (pk, sk) = kyber_keypair!(size);
        Ok((pk, sk))
    }
}

#[derive(Clone, Copy, Debug)]
pub enum SignAlgorithm { Falcon1024, Falcon512, Dilithium2, Dilithium3, Dilithium5 }

#[derive(PartialEq, Clone, Copy, Debug)]
pub enum SignMode { Message, Detached }

#[derive(Default)]
pub struct SignBuilder {
    alg: Option<SignAlgorithm>,
    mode: Option<SignMode>,
    key: Option<Vec<u8>>,   // secret key for signing
    data: Option<Vec<u8>>,
}

impl SignBuilder {
    pub fn new() -> Self { Self::default() }
    pub fn algorithm(mut self, alg: SignAlgorithm) -> Self { self.alg = Some(alg); self }
    pub fn mode(mut self, mode: SignMode) -> Self { self.mode = Some(mode); self }
    pub fn key(mut self, key: Vec<u8>) -> Self { self.key = Some(key); self }
    pub fn data<T: Into<Vec<u8>>>(mut self, data: T) -> Self { self.data = Some(data.into()); self }

    pub fn sign(self) -> Result<Vec<u8>, SigningErr> {
        let alg = self.alg.ok_or_else(|| SigningErr::new("missing algorithm"))?;
        let mode = self.mode.ok_or_else(|| SigningErr::new("missing sign mode"))?;
        let key = self.key.ok_or_else(|| SigningErr::new("missing key"))?;
        let data = self.data.ok_or_else(|| SigningErr::new("missing data"))?;

        let res = match (alg, mode) {
            (SignAlgorithm::Falcon1024, SignMode::Message) => signature!(Falcon, key.clone(), 1024, data.clone(), Message),
            (SignAlgorithm::Falcon1024, SignMode::Detached) => signature!(Falcon, key.clone(), 1024, data.clone(), Detached),
            (SignAlgorithm::Falcon512, SignMode::Message) => signature!(Falcon, key.clone(), 512, data.clone(), Message),
            (SignAlgorithm::Falcon512, SignMode::Detached) => signature!(Falcon, key.clone(), 512, data.clone(), Detached),
            (SignAlgorithm::Dilithium5, SignMode::Message) => signature!(Dilithium, key.clone(), 5, data.clone(), Message),
            (SignAlgorithm::Dilithium5, SignMode::Detached) => signature!(Dilithium, key.clone(), 5, data.clone(), Detached),
            (SignAlgorithm::Dilithium3, SignMode::Message) => signature!(Dilithium, key.clone(), 3, data.clone(), Message),
            (SignAlgorithm::Dilithium3, SignMode::Detached) => signature!(Dilithium, key.clone(), 3, data.clone(), Detached),
            (SignAlgorithm::Dilithium2, SignMode::Message) => signature!(Dilithium, key.clone(), 2, data.clone(), Message),
            (SignAlgorithm::Dilithium2, SignMode::Detached) => signature!(Dilithium, key.clone(), 2, data.clone(), Detached),
        };
        Ok(res?)
    }
}

#[derive(Default)]
pub struct VerifyBuilder {
    alg: Option<SignAlgorithm>,
    mode: Option<SignMode>,
    key: Option<Vec<u8>>,           // public key for verification
    signed_message: Option<Vec<u8>>, // for Message mode
    data: Option<Vec<u8>>,          // for Detached mode
    signature: Option<Vec<u8>>,     // for Detached mode
}

impl VerifyBuilder {
    pub fn new() -> Self { Self::default() }
    pub fn algorithm(mut self, alg: SignAlgorithm) -> Self { self.alg = Some(alg); self }
    pub fn mode(mut self, mode: SignMode) -> Self { self.mode = Some(mode); self }
    pub fn key(mut self, key: Vec<u8>) -> Self { self.key = Some(key); self }
    pub fn signed_message<T: Into<Vec<u8>>>(mut self, msg: T) -> Self { self.signed_message = Some(msg.into()); self }
    pub fn data<T: Into<Vec<u8>>>(mut self, data: T) -> Self { self.data = Some(data.into()); self }
    pub fn signature<T: Into<Vec<u8>>>(mut self, sig: T) -> Self { self.signature = Some(sig.into()); self }

    pub fn open(self) -> Result<Vec<u8>, SigningErr> {
        let alg = self.alg.ok_or_else(|| SigningErr::new("missing algorithm"))?;
        let mode = self.mode.ok_or_else(|| SigningErr::new("missing sign mode"))?;
        if mode != SignMode::Message {
            return Err(SigningErr::new("open() requires Message mode"));
        }
        let key = self.key.ok_or_else(|| SigningErr::new("missing key"))?;
        let msg = self.signed_message.ok_or_else(|| SigningErr::new("missing signed message"))?;
        let res = match alg {
            SignAlgorithm::Falcon1024 => verify!(Falcon, key.clone(), 1024, msg.clone(), Message),
            SignAlgorithm::Falcon512 => verify!(Falcon, key.clone(), 512, msg.clone(), Message),
            SignAlgorithm::Dilithium5 => verify!(Dilithium, key.clone(), 5, msg.clone(), Message),
            SignAlgorithm::Dilithium3 => verify!(Dilithium, key.clone(), 3, msg.clone(), Message),
            SignAlgorithm::Dilithium2 => verify!(Dilithium, key.clone(), 2, msg.clone(), Message),
        };
        Ok(res?)
    }

    pub fn verify(self) -> Result<bool, SigningErr> {
        let alg = self.alg.ok_or_else(|| SigningErr::new("missing algorithm"))?;
        let mode = self.mode.ok_or_else(|| SigningErr::new("missing sign mode"))?;
        if mode != SignMode::Detached {
            return Err(SigningErr::new("verify() requires Detached mode"));
        }
        let key = self.key.ok_or_else(|| SigningErr::new("missing key"))?;
        let data = self.data.ok_or_else(|| SigningErr::new("missing data"))?;
        let signature = self.signature.ok_or_else(|| SigningErr::new("missing signature"))?;
        let res = match alg {
            SignAlgorithm::Falcon1024 => verify!(Falcon, key.clone(), 1024, signature.clone(), data.clone(), Detached),
            SignAlgorithm::Falcon512 => verify!(Falcon, key.clone(), 512, signature.clone(), data.clone(), Detached),
            SignAlgorithm::Dilithium5 => verify!(Dilithium, key.clone(), 5, signature.clone(), data.clone(), Detached),
            SignAlgorithm::Dilithium3 => verify!(Dilithium, key.clone(), 3, signature.clone(), data.clone(), Detached),
            SignAlgorithm::Dilithium2 => verify!(Dilithium, key.clone(), 2, signature.clone(), data.clone(), Detached),
        };
        Ok(res?)
    }
}