Crate crypt_guard

Expand description

§CryptGuard Programming Library

§Introduction

CryptGuard is a comprehensive cryptographic library, offering robust encryption and decryption capabilities. It integrates traditional cryptography with post-quantum algorithms, ensuring resilience against quantum computing threats. Designed for developers, CryptGuard empowers applications to withstand future digital security challenges. Embrace CryptGuard as your trusted ally in safeguarding privacy in the digital realm.

§Key Features and Capabilities

This library supports AES-256 and XChaCha20 encryption algorithms, providing a secure means to protect data. To cater to a variety of security requirements and operational contexts, CryptGuard integrates seamlessly with Kyber512, Kyber768, and Kyber1024 for encryption, ensuring compatibility with post-quantum cryptography standards.

For developers who require digital signing capabilities, CryptGuard incorporates Falcon and Dilithium algorithms, offering robust options for creating and verifying digital signatures. This feature is particularly crucial for applications that necessitate authenticity and integrity of data, ensuring that digital communications remain secure and verifiable.

An additional layer of security is provided through the appending of a HMAC (Hash-Based Message Authentication Code) to encrypted data. This critical feature enables the authentication of encrypted information, ensuring that any tampering with the data can be reliably detected. This HMAC attachment underscores CryptGuard’s commitment to comprehensive data integrity and security, offering developers and end-users peace of mind regarding the authenticity and safety of their data.

§Examples

§Encryption:

The encryption functions encrypt_msg, encrypt_data, and encrypt_file are specifically tailored for different types of data. Using distinct functions ensures that the correct methods and optimizations are applied depending on whether you’re encrypting raw bytes, structured data, or files. Each encryption function requires a new instance of the Kyber object, tailored for the type of encryption (Message, Data, Files), to guarantee that the cryptographic parameters are initialized correctly and securely for each session.

use crypt_guard::{*, error::*};
use std::{
    path::{Path, PathBuf},
    fs,
};

let mut message = "Hey, how are you doing?";
let mut passphrase = "Test Passphrase";
 
let (mut public_key, mut secret_key) = KyberKeypair!(1024);
 
// Creating new Kyber AES message instance
let mut encryptor = Kyber::<Encryption, Kyber1024, Message, AES>::new(public_key.clone(), None).expect("");
 
// Now are multiple options available:
// Using the Macro
let (mut encrypt_message, mut cipher) = Encryption!(public_key.clone(), 1024, message.clone().as_bytes().to_owned(), passphrase.clone(), AES).expect("");
 
// Using the encrypt_ functions:
 
// Message:
let (mut encrypt_message, mut cipher) = encryptor.encrypt_msg(message.clone(), passphrase.clone()).expect("");
 
// Data:
// Creating new Kyber AES data instance
let mut encryptor = Kyber::<Encryption, Kyber1024, Data, AES>::new(public_key.clone(), None).expect("");
let (mut encrypt_message, mut cipher) = encryptor.encrypt_data(message.clone().as_bytes().to_owned(), passphrase.clone()).expect("");
 
// Last but not least the encryption function for files:
fs::write(PathBuf::from("message.txt"), message.clone().as_bytes()).expect("");
 
// Creating new Kyber AES file instance
let mut encryptor = Kyber::<Encryption, Kyber1024, Files, AES>::new(public_key.clone(), None).expect("");
 
// Encrypt file macro:
let (mut encrypt_message, mut cipher) = EncryptFile!(public_key.clone(), 1024, PathBuf::from("message.txt"), passphrase.clone(), AES).expect("");
 
// Encrypt file function:
let (mut encrypt_message, mut cipher) = encryptor.encrypt_file(PathBuf::from("message.txt"), passphrase.clone()).expect("");

let _ = fs::remove_file("crypt_tests.log");
let _ = fs::remove_file("message.txt");
let _ = fs::remove_file("log.txt");
let _ = fs::remove_file("crypt_tests.log");
let _ = fs::remove_file("message.txt.enc");
let _ = fs::remove_dir_all("./crypt_tests");
let _ = fs::remove_dir_all("./key");
let _ = fs::remove_dir_all("./log");

§Infos about XChaCha20 differences

XChaCha20, unlike AES, requires handling of a nonce (number used once) which must be generated during encryption and subsequently used during decryption. This introduces additional steps in the cryptographic process when using XChaCha20 compared to AES, which does not explicitly require nonce management by the user.

use crypt_guard::{*, error::*, KDF::*};
use std::{
    path::{Path, PathBuf},
    fs,
};

let (mut public_key, mut secret_key) = KyberKeypair!(768);

let mut message = "Hey, how are you doing?";
let mut passphrase = "Test Passphrase";
 
fs::write(PathBuf::from("message.txt"), message.clone().as_bytes()).expect("");

// You need to save the nonce when not using AES but XChaCha20 instead:
// Creating new Kyber XChaCha20 file encryption instance
let mut encryptor = Kyber::<Encryption, Kyber768, Files, XChaCha20>::new(public_key.clone(), None).expect("");
 
// Encrypt file
let (mut encrypt_message, mut cipher) = encryptor.encrypt_file(PathBuf::from("message.txt"), passphrase.clone()).expect("");

// Should be executed after encryption is already done, since doing it before that would trigger an error.
let mut nonce = encryptor.get_nonce().expect("").to_string(); 
 
// Creating new Kyber XChaCha20 file decryption instance (this time also adding the nonce beside the key)
let mut decryptor = Kyber::<Decryption, Kyber768, Files, XChaCha20>::new(secret_key.clone(), Some(nonce)).expect("");
 
// Decrypt message
let mut decrypt_message = decryptor.decrypt_file(PathBuf::from("message.txt.enc"), passphrase.clone(), cipher.clone()).expect("");

let _ = fs::remove_file("crypt_tests.log");
let _ = fs::remove_file("message.txt");
let _ = fs::remove_file("log.txt");
let _ = fs::remove_file("crypt_tests.log");
let _ = fs::remove_file("message.txt.enc");
let _ = fs::remove_dir_all("./crypt_tests");
let _ = fs::remove_dir_all("./key");
let _ = fs::remove_dir_all("./log");

§Using Encryption and Decryption macros

Beside the main macros encrypt, decrypt, encrypt_file, decrypt_file, I’ve added the Encryption and Decryption macros. Instead of linking the encryption/ decryption instance, we define the macro by using Encryption!(public_key, keysize [ 1024 | 768 | 512 ] contents_bytes_vec, passphrase_as_str, [ AES | XChaCha20 ]) and get the content and ciphertext returned, or additionally when using XChaCha20, we also get the nonce.

use crypt_guard::{*, error::*};
use std::{
    fs::{self, File}, 
    marker::PhantomData,
    path::{PathBuf, Path},
    io::{Read, Write},
 
};
//use crypt_guard_proc::{*, log_activity, write_log};
use tempfile::{TempDir, Builder};
use crypt_guard::KeyControler::KeyControl;
 
//#[crypt_guard_proc]
#[activate_log("log.txt")]
fn main() -> Result<(), Box<dyn std::error::Error>> {
    let _ = initialize_logger(); 
    let mut message = "Hey, how are you doing?";
    let mut passphrase = "Test Passphrase";
 
    let mut key_control = KeyControl::<KeyControKyber1024>::new();
    let _ = log_activity!("Starting with signing of the message.", "Test");
 
    // Generate key pair
    let (mut public_key, mut secret_key) = KyberKeypair!(1024);
 
    // Instantiate Kyber for encryption of a message with Kyber1024 and AES
    // Fails when not using either of these properties since it would be the wrong type of algorithm, data, keysize or process!    
    // Encrypt message
    let (mut encrypt_message, mut cipher) = Encryption!(public_key.to_owned(), 1024, message.as_bytes().to_owned(), passphrase.clone(), AES)?;
 
    key_control.set_ciphertext(cipher.clone()).unwrap();
    key_control.save(KeyTypes::Ciphertext, "./key".into()).unwrap();
 
    // Decrypt message
    let mut decrypt_message = Decryption!(secret_key.to_owned(), 1024, encrypt_message.to_owned(), passphrase.clone(), cipher.to_owned(), AES)?;
 
    let mut decrypted_text = String::from_utf8(decrypt_message).expect("Failed to convert decrypted message to string");
    write_log!();
    println!("{:?}", decrypted_text);

    let _ = fs::remove_file("crypt_tests.log");
    let _ = fs::remove_file("message.txt");
    let _ = fs::remove_file("log.txt");
    let _ = fs::remove_file("crypt_tests.log");
    let _ = fs::remove_file("message.txt.enc");
    let _ = fs::remove_dir_all("./crypt_tests");
    let _ = fs::remove_dir_all("./key");
    let _ = fs::remove_dir_all("./log");
    Ok(())
}

Re-exports§

pub use crate::KeyControl::file;
pub use crate::Utils::archive;
pub use crate::Utils::zip_manager;
pub use crate::log::*;
pub use crate::KeyControl::*;

Modules§

KDF: Functions for usage of falcon and dilithium
KeyControl: File and Key related functionalitys, enums structs and modules
KeyControler: Kyber key functionalitys
Utils
cipher_aes: The cipher_aes module implements the AES (Advanced Encryption Standard) algorithm for secure data encryption and decryption, providing a robust symmetric key cryptography solution.
cipher_aes_ctr: The cipher_aes_ctr module implements the AES (Advanced Encryption Standard) algorithm for secure data encryption with the CTR block mode and decryption, providing a robust symmetric key cryptography solution.
cipher_aes_gcm_siv: The cipher_aes_ctr module implements the AEAD (Authenticated Encryption with Associated Data Algorithms: high-level encryption ciphers) AES-GCM-SIV for secure data encryption with the GCM-SIV block mode.
cipher_aes_xts: The cipher_aes_xts module implements the AES (Advanced Encryption Standard) algorithm for secure data encryption with the XTS block mode and decryption, providing a robust symmetric key cryptography solution.
cipher_xchacha: The cipher_xchacha module offers encryption and decryption functionalities using the XChaCha20 algorithm, extending ChaCha for higher nonce sizes and additional security.
cipher_xchacha_poly: The cipher_xchacha_poly module offers encryption and decryption functionalities using the XChaCha20Poly1305 algorithm, extending ChaCha for higher nonce sizes and additional security.
cryptography: Cryptographic related functionalitys, enums structs and modules
error: Error types
kyber: Functions for usage of kyber for key generation
log: Logging related functionalitys

Macros§

ArchiveUtil: Macro for archiving and extracting directories or files.
ConcatCipher
DecryptFile: Macro for encryption of a file, taking a Kyber decryption instance, a PathBuf as well as a passphrase and ciphertext as arguments
DecryptOpen: Macro for decrypting and opening data, a 1024 falcon public key is required
Decryption
DilithiumKeypair: Macro for dilithium keypair generation
EncryptFile: Macro for encryption of a file, taking a Kyber decryption instance, a PathBuf as well as a passphrase and ciphertext as arguments
EncryptSign: Function activating the log, it takes one arg: &str which represents the location of the logfile Macro for signing and encrypting data, a 1024 falcon secret key is required for signing
Encryption
FalconKeypair: Macro for falcon keypair generation
KyberKeypair: Macro for kyber keypair generation
Signature
SplitCipher
Verify
archive: Macro to archive a directory or file.
extract: Macro to extract a .tar.xz archive.
log_activity
write_log

Structs§

AES: AES: Kyber<ProcessStatus, KeySize, ContentStatus, AlgorithmParam: (used here)>
AES_CTR: AES-CTR: Kyber<ProcessStatus, KeySize, ContentStatus, AlgorithmParam: (used here)>
AES_GCM_SIV: AES-CBC: Kyber<ProcessStatus, KeySize, ContentStatus, AlgorithmParam: (used here)>
AES_XTS: AES-XTS: Kyber<ProcessStatus, KeySize, ContentStatus, AlgorithmParam: (used here)>
Data: Data: Kyber<ProcessStatus, KeySize, ContentStatus: (used here), AlgorithmParam>
Decryption: Decryption: Kyber<ProcessStatus: (used here), KeySize, ContentStatus, AlgorithmParam>
Encryption: Encryption: Kyber<ProcessStatus: (used here), KeySize, ContentStatus, AlgorithmParam>
Files: Files: Kyber<ProcessStatus, KeySize, ContentStatus: (used here), AlgorithmParam>
KeyControKyber512: Implementation for Kyber 512 variant.
KeyControKyber768: Implementation for Kyber 768 variant.
KeyControKyber1024: Implementation for Kyber 1024 variant.
KeyControl: A structure to manage cryptographic keys and operations for the Kyber algorithm. It encapsulates the public key, secret key, ciphertext, and shared secret.
Kyber: Represents a generic Kyber structure with templated parameters for process status, Kyber size, content status, and algorithm parameter.
Kyber512: Kyber512: Kyber<ProcessStatus, KeySize: (used here), ContentStatus, AlgorithmParam>
Kyber768: Kyber768: Kyber<ProcessStatus, KeySize: (used here), ContentStatus, AlgorithmParam>
Kyber1024: Kyber1024: Kyber<ProcessStatus, KeySize: (used here), ContentStatus, AlgorithmParam>
KyberData: Represents the data structure for Kyber algorithm, including key and nonce.
Message: Message: Kyber<ProcessStatus, KeySize, ContentStatus: (used here), AlgorithmParam>
XChaCha20: XChaCha20: Kyber<ProcessStatus, KeySize, ContentStatus, AlgorithmParam: (used here)>
XChaCha20Poly1305: XChaCha20Poly1305: Kyber<ProcessStatus, KeySize, ContentStatus, AlgorithmParam: (used here)>

Enums§

KeyControlVariant
KyberVariant: Enum representing Kyber variants.

Traits§

CryptographicFunctions: Defines the functionalities for cryptographic operations, providing abstract methods for encryption and decryption that need to be implemented by specific cryptographic algorithms.
KyberFunctions: Trait for Kyber cryptographic functions.
KyberKeyFunctions: Trait for implementing key management functions. This trait provides an interface for key pair generation, encapsulation/decapsulation of secrets, and key manipulation (such as setting and getting key values).
KyberSizeVariant: Trait to specify Kyber size variants.

Attribute Macros§

activate_log

Crate crypt_guardCopy item path