Crate tcrypt

Crate tcrypt 

Source
Expand description

§TCrypt

tcrypt is a secure cryptographic library providing tools for encryption, key exchange, and secure channel communication. It implements modern cryptographic primitives using the X25519 key exchange protocol and AES-GCM for symmetric encryption.

§Features

  • Classical cryptography:

    • Diffie-Hellman key exchange using X25519
    • AES-256-GCM symmetric encryption with authenticated encryption
    • Secure channel implementation
    • Client/Server key exchange protocols

  • Quantum-resistant cryptography (requires quantum feature):

    • CRYSTALS-Kyber key encapsulation mechanism (KEM)
    • Hybrid classical/quantum key exchange
    • Quantum-resistant secure channels

§Feature Flags

  • quantum: Enables quantum-resistant cryptography features using CRYSTALS-Kyber
  • default: Classical cryptography features only

§Security Considerations

  • All cryptographic operations use constant-time implementations where possible
  • Proper entropy is ensured for key generation using OS-provided RNG
  • Side-channel protections are in place for sensitive operations
  • Memory containing sensitive data is securely zeroed when dropped

§Performance

  • Classical operations are highly optimized using hardware acceleration when available
  • Quantum-resistant operations may be computationally intensive
  • Hybrid mode combines both classical and quantum security with reasonable performance

§Examples

§Basic Key Exchange and Encryption

use tcrypt::key_management::wrappers::{ClientKeyExchange, ServerKeyExchange};
use tcrypt::key_exchange::protocol::SecureChannel;

// Initialize client and server
let mut client = ClientKeyExchange::new();
let mut server = ServerKeyExchange::new();

// Perform key exchange
let client_public = client.initiate_exchange();
let (server_public, server_secret) = server.respond_to_exchange(client_public).unwrap();
let client_secret = client.complete_exchange(server_public).unwrap();

// Create secure channels
let client_channel = SecureChannel::new(&client_secret).unwrap();
let server_channel = SecureChannel::new(&server_secret).unwrap();

// Use channels for secure communication
let message = b"Secret message";
let encrypted = client_channel.encrypt(message).unwrap();
let decrypted = server_channel.decrypt(&encrypted).unwrap();

assert_eq!(&decrypted, message);

§Quantum-Resistant Key Exchange

use tcrypt::quantum::wrappers::{QuantumClientExchange, QuantumServerExchange};

// Initialize quantum-resistant key exchange
let mut client = QuantumClientExchange::new();
let mut server = QuantumServerExchange::new();

// Exchange keys using CRYSTALS-Kyber
let client_public = client.public_key();
let server_public = server.public_key();

let (client_secret, ciphertext) = client.complete_exchange(server_public).unwrap();
let server_secret = server.respond_to_exchange(&ciphertext).unwrap();

assert_eq!(client_secret, server_secret);

§Examples

§Basic Key Exchange

Modules§

key_exchange
Key exchange module implementing Diffie-Hellman using X25519
key_management
Key management module providing high-level key exchange protocols
password
Password-based encryption module
prelude
Prelude module providing commonly used types and traits
quantum
Quantum-resistant cryptographic implementations
symetric
Symmetric encryption module implementing AES-GCM

Macros§

pcrypt
Convenience macro for encrypting data with a password
pdecrypt
Convenience macro for decrypting data with a password

Enums§

EncryptionError
Errors that can occur during encryption operations

Traits§

Encryptor
Trait for implementing encryption and decryption operations