ipcrypt_rs/lib.rs
1//! IP address encryption and obfuscation methods.
2//!
3//! This crate provides four encryption modes for IP addresses, allowing both deterministic
4//! and non-deterministic encryption, as well as prefix-preserving encryption.
5//!
6//! # Features
7//!
8//! - `ipcrypt-deterministic`: A deterministic mode in which identical inputs always produce the same output—another IP address.
9//! - `ipcrypt-pfx`: A prefix-preserving deterministic mode that maintains network structure in encrypted addresses
10//! - `ipcrypt-nd`: A non-deterministic mode that uses an 8-byte tweak
11//! - `ipcrypt-ndx`: An extended non-deterministic mode that uses a 32-byte key and 16-byte tweak
12//!
13//! # Examples
14//!
15//! ```rust
16//! use ipcrypt_rs::{Ipcrypt, IpcryptPfx, IpcryptNd, IpcryptNdx};
17//! use std::net::IpAddr;
18//! use std::str::FromStr;
19//!
20//! // Deterministic encryption
21//! let key = Ipcrypt::generate_key();
22//! let ip = IpAddr::from_str("192.168.1.1").unwrap();
23//! let cipher = Ipcrypt::new(key);
24//! let encrypted = cipher.encrypt_ipaddr(ip);
25//! let decrypted = cipher.decrypt_ipaddr(encrypted);
26//! assert_eq!(ip, decrypted);
27//!
28//! // Prefix-preserving encryption
29//! let pfx_key = IpcryptPfx::generate_key();
30//! let cipher_pfx = IpcryptPfx::new(pfx_key);
31//! let encrypted_pfx = cipher_pfx.encrypt_ipaddr(ip);
32//! let decrypted_pfx = cipher_pfx.decrypt_ipaddr(encrypted_pfx);
33//! assert_eq!(ip, decrypted_pfx);
34//!
35//! // Non-deterministic encryption with automatic tweak generation
36//! let cipher_nd = IpcryptNd::new(key);
37//! let encrypted_bytes = cipher_nd.encrypt_ipaddr(ip, None);
38//! let decrypted = cipher_nd.decrypt_ipaddr(&encrypted_bytes);
39//! assert_eq!(ip, decrypted);
40//! ```
41//!
42//! # Security Considerations
43//!
44//! - The deterministic mode is compact and facilitates integration, but allows correlation of encrypted addresses
45//! - The prefix-preserving mode (`IpcryptPfx`) maintains network structure for analytics while encrypting actual network identities
46//! - For general use cases, prefer the non-deterministic modes (`IpcryptNd` or `IpcryptNdx`)
47//! - The extended mode (`IpcryptNdx`) provides the strongest security with a larger key and tweak size
48
49pub(crate) mod aes;
50pub(crate) mod common;
51pub(crate) mod deterministic;
52pub(crate) mod nd;
53pub(crate) mod ndx;
54pub(crate) mod pfx;
55
56pub use common::{bytes_to_ip, ip_to_bytes};
57pub use deterministic::Ipcrypt;
58pub use nd::IpcryptNd;
59pub use ndx::IpcryptNdx;
60pub use pfx::IpcryptPfx;
61
62pub mod reexports {
63 pub use aes;
64 pub use rand;
65}