crypt_guard 1.4.2

CryptGuard is a post-quantum cryptography library with support for Kyber, Falcon, Dilithium in combination with AES and XChaCha20.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195

//use super::*;

//use crypt_guard_proc::{*, log_activity, write_log};
use crate::{
    *,
    cryptography::{*, hmac_sign::{Sign, SignType, Operation}},
    error::*, 
    core::{
        // removed unused KyberKeyFunctions per clippy
        KeyControlVariant,
    },
};



use chacha20::{
    XChaCha20, 
    cipher::{KeyIvInit, StreamCipher, generic_array::GenericArray}
};
use std::{
    result::Result, 
    fs
};
use rand::{RngCore, rngs::OsRng};
use hex;


/// Generates a 24-byte nonce using OS-level randomness.
///
/// # Returns
/// A 24-byte array filled with secure random bytes.
pub fn generate_nonce() -> [u8; 24] {
    let mut nonce = [0u8; 24];
    OsRng.fill_bytes(&mut nonce);
    nonce
}

/// The main struct for handling cryptographic operations with ChaCha20 algorithm.
/// It encapsulates the cryptographic information, shared secret, and nonce required for encryption and decryption.
impl CipherChaCha {
    /// Constructs a new `CipherChaCha` instance with specified cryptographic information and an optional nonce.
    ///
    /// # Parameters
    /// - `infos`: Cryptographic information including content, passphrase, metadata, and location for encryption or decryption.
    /// - `nonce`: Optional hexadecimal string representation of the nonce. If not provided, a nonce will be generated.
    ///
    /// # Returns
    /// A new `CipherChaCha` instance.
	pub fn new(infos: CryptographicInformation, nonce: Option<String>) -> Self {
        let nonce: [u8; 24] = match nonce {
            Some(nonce) => hex::decode(nonce).expect("An error occoured while decoding hex!").try_into().unwrap(),
            None => generate_nonce(),
        };
        // println!("infos: {:?}", infos);
		CipherChaCha { infos, sharedsecret: Vec::new(), nonce }
	}

    /// Retrieves the encrypted or decrypted data stored within the `CryptographicInformation`.
    ///
    /// # Returns
    /// A result containing the data as a vector of bytes (`Vec<u8>`) or a `CryptError`.
	pub fn get_data(&self) -> Result<Vec<u8>, CryptError> {
		let data = &self.infos.content()?;
		let data = data.to_vec();

        Ok(data)
    }
    /// Sets the shared secret for the cryptographic operation.
    ///
    /// # Parameters
    /// - `sharedsecret`: A vector of bytes (`Vec<u8>`) representing the shared secret.
    ///
    /// # Returns
    /// A reference to the `CipherChaCha` instance to allow method chaining.
	pub fn set_shared_secret(&mut self, sharedsecret: Vec<u8>) -> &Self {
		self.sharedsecret = sharedsecret;
		self
	}

    /// Retrieves the shared secret.
    ///
    /// # Returns
    /// A result containing a slice of the shared secret (`&[u8]`) or a `CryptError`.    
    pub fn sharedsecret(&self) -> Result<&[u8], CryptError> {
        Ok(&self.sharedsecret)
    }

    /// Sets the nonce for cryptographic operations.
    ///
    /// # Parameters
    /// - `nonce`: A 24-byte array representing the nonce.
    ///
    /// # Returns
    /// A slice of the set nonce (`&[u8; 24]`).
    pub fn set_nonce(&mut self, nonce: [u8; 24]) -> &[u8; 24] {
        self.nonce = nonce;
        &self.nonce
    }

    /// Retrieves the nonce.
    ///
    /// # Returns
    /// A slice of the current nonce (`&[u8; 24]`).
    pub fn nonce(&self) -> &[u8; 24] {
        &self.nonce
    }

    /// Performs encryption or decryption based on the process type defined in `CryptographicInformation`.
    ///
    /// # Returns
    /// A result containing a tuple of encrypted data (`Vec<u8>`) and the nonce vector (`Vec<u8>`) used, or a `CryptError`.
    /// This method reads the file if `ContentType` is File and performs cryptographic operations accordingly.
    fn cryptography(&mut self) -> Result<(Vec<u8>, Vec<u8>), CryptError> {
        let passphrase = self.infos.passphrase()?.to_vec();
        let file_contained = self.infos.contains_file()?;
    
        if file_contained && self.infos.metadata.content_type == ContentType::File {
            let content = fs::read(self.infos.location()?).unwrap();
            self.infos.set_data(&content)?;
        }
        
        match self.infos.metadata.process()? {
            Process::Encryption => {
                let (encrypted_data, nonce_vec) = self.process_data()?;
                let mut hmac = Sign::new(encrypted_data, passphrase, Operation::Sign, SignType::Sha512);
                let data = hmac.hmac();
                if self.infos.safe()? {
                    self.infos.set_data(&data)?;
                    self.infos.safe_file()?;
                }
                Ok((data, nonce_vec))
            }
            Process::Decryption => {
                let mut verifier = Sign::new(self.infos.content()?.to_vec(), passphrase, Operation::Verify, SignType::Sha512);
                let data = verifier.hmac();
                self.infos.set_data(&data)?;
                let (decrypted, nonce_vec) = self.process_data()?;
                if self.infos.safe()? {
                    self.infos.set_data(&decrypted)?;
                    self.infos.safe_file()?;
                }
                Ok((decrypted, nonce_vec))
            }
        }
    }

    /// Helper function to perform the encryption or decryption process based on the current settings.
    ///
    /// # Returns
    /// A result containing a tuple of processed data (`Vec<u8>`) and nonce vector (`Vec<u8>`), or a `CryptError`.
    fn process_data(&self) -> Result<(Vec<u8>, Vec<u8>), CryptError> { 
        let data = &self.infos.content()?;
        let sharedsecret = self.sharedsecret()?;
        let nonce = self.nonce();
        let mut encrypted_data = data.to_vec();
        let mut cipher = XChaCha20::new(GenericArray::from_slice(sharedsecret), GenericArray::from_slice(nonce));
        cipher.apply_keystream(&mut encrypted_data);
        Ok((encrypted_data, nonce.to_vec()))
    }
}

impl CryptographicFunctions for CipherChaCha {
    /// Encrypts the provided data using the public key.
    ///
    /// # Parameters
    /// - `public_key`: The public key used for encryption.
    ///
    /// # Returns
    /// A result containing a tuple of the encrypted data (`Vec<u8>`) and the key used, or a `CryptError`.
    /// Additionally, prints a message to stdout with the nonce for user reference.
    fn encrypt(&mut self, public_key: Vec<u8>) -> Result<(Vec<u8>, Vec<u8>), CryptError> {
        let key = KeyControlVariant::new(self.infos.metadata.key_type()?);
        let (sharedsecret, ciphertext) = key.encap(&public_key)?;
        let _ = self.set_shared_secret(sharedsecret);
        let (encrypted_data, nonce) = self.cryptography()?;
        println!("Please write down this nonce: {}", hex::encode(nonce));
        Ok((encrypted_data, ciphertext))
    }

    /// Decrypts the provided data using the secret key and ciphertext.
    ///
    /// # Parameters
    /// - `secret_key`: The secret key used for decryption.
    /// - `ciphertext`: The ciphertext to decrypt.
    ///
    /// # Returns
    /// A result containing the decrypted data (`Vec<u8>`), or a `CryptError`.
    fn decrypt(&mut self, secret_key: Vec<u8>, ciphertext: Vec<u8>) -> Result<Vec<u8>, CryptError>{
        let key = KeyControlVariant::new(self.infos.metadata.key_type()?);
        let sharedsecret = key.decap(&secret_key, &ciphertext)?;
        let _ = self.set_shared_secret(sharedsecret);
        let (decrypted_data, _nonce) = self.cryptography()?;
        Ok(decrypted_data)
    }
}