ipcrypt_rs/lib.rs
1//! IP address encryption and obfuscation methods.
2//!
3//! This crate provides three encryption modes for IP addresses, allowing both deterministic
4//! and non-deterministic encryption.
5//!
6//! # Features
7//!
8//! - `ipcrypt-deterministic`: A deterministic mode in which identical inputs always produce the same output—another IP address.
9//! - `ipcrypt-nd`: A non-deterministic mode that uses an 8-byte tweak
10//! - `ipcrypt-ndx`: An extended non-deterministic mode that uses a 32-byte key and 16-byte tweak
11//!
12//! # Examples
13//!
14//! ```rust
15//! use ipcrypt_rs::{Ipcrypt, IpcryptNd, IpcryptNdx};
16//! use std::net::IpAddr;
17//! use std::str::FromStr;
18//!
19//! // Deterministic encryption
20//! let key = [42u8; 16];
21//! let ip = IpAddr::from_str("192.168.1.1").unwrap();
22//! let cipher = Ipcrypt::new(key);
23//! let encrypted = cipher.encrypt_ipaddr(ip);
24//! let decrypted = cipher.decrypt_ipaddr(encrypted);
25//! assert_eq!(ip, decrypted);
26//!
27//! // Non-deterministic encryption with automatic tweak generation
28//! let cipher_nd = IpcryptNd::new(key);
29//! let encrypted_bytes = cipher_nd.encrypt_ipaddr(ip, None);
30//! let decrypted = cipher_nd.decrypt_ipaddr(&encrypted_bytes);
31//! assert_eq!(ip, decrypted);
32//! ```
33//!
34//! # Security Considerations
35//!
36//! - The deterministic mode is compact and facilitates integration, but allows correlation of encrypted addresses
37//! - For general use cases, prefer the non-deterministic modes (`IpcryptNd` or `IpcryptNdx`)
38//! - The extended mode (`IpcryptNdx`) provides the strongest security with a larger key and tweak size
39
40pub(crate) mod aes;
41pub(crate) mod common;
42pub(crate) mod deterministic;
43pub(crate) mod nd;
44pub(crate) mod ndx;
45
46pub use common::{bytes_to_ip, ip_to_bytes};
47pub use deterministic::Ipcrypt;
48pub use nd::IpcryptNd;
49pub use ndx::IpcryptNdx;
50
51pub mod reexports {
52 pub use aes;
53 pub use rand;
54}