# CTTPS (Crypto Transfer Protocol Secure)
CTTPS is a high-performance secure transport protocol designed to establish an encrypted tunnel over a standard TCP connection using an ephemeral X25519 handshake and subsequent symmetric AES-256-GCM encryption.
## Features
- **Perfect Forward Secrecy (PFS)**: Uses ephemeral X25519 keys for every session.
- **Authenticated Encryption**: AES-256-GCM ensures both confidentiality and integrity.
- **High Performance**: Built on top of `ring` and `tokio`.
- **Simple Packet Structure**: Nonce (12 bytes) + Payload + Tag (16 bytes).
## Usage
### Server
```rust
use cttps::CttpsStream;
use tokio::net::TcpListener;
#[tokio::main]
async fn main() -> anyhow::Result<()> {
let listener = TcpListener::bind("127.0.0.1:8080").await?;
println!("Listening on 127.0.0.1:8080");
while let Ok((stream, _)) = listener.accept().await {
tokio::spawn(async move {
let mut cttps_stream = CttpsStream::accept(stream).await.unwrap();
// Use cttps_stream like a normal AsyncRead/AsyncWrite
});
}
Ok(())
}
```
### Client
```rust
use cttps::CttpsStream;
use tokio::net::TcpStream;
#[tokio::main]
async fn main() -> anyhow::Result<()> {
let stream = TcpStream::connect("127.0.0.1:8080").await?;
let mut cttps_stream = CttpsStream::connect(stream).await?;
// Use cttps_stream
Ok(())
}
```
## Security Specification
1. **Handshake**: Ephemeral X25519 (RFC 7748).
2. **Key Derivation**: HKDF-SHA256 with **Transcript Hashing** to prevent MITM/tampering.
3. **Encryption**: AES-256-GCM.
4. **Nonce**: 12 bytes, unique per packet.
5. **Auth Tag**: 16 bytes.
6. **Forward Secrecy**: Perfect Forward Secrecy (PFS) ensured via ephemeral keys.
## License
MIT OR Apache-2.0