Skip to content

Rust Crypto Layer For Enmeshed Applications

License

Notifications You must be signed in to change notification settings

nmshd/rust-crypto

Repository files navigation

Crypto Layer

Warning

Work in Progress

Warning

Might not compile on x86_64-pc-windows-gnu.

Crypto Layer is a comprehensive and flexible cryptographic library designed to provide a unified interface for various cryptographic operations and algorithms. It offers a wide range of functionalities, including encryption, decryption, signing, signature verification, and hashing, while supporting both symmetric and asymmetric cryptography.

Features

  • Encryption Algorithms: Supports a variety of encryption algorithms, including:

    • Asymmetric Encryption: RSA, ECC (Elliptic Curve Cryptography) with various curve types (P-256, P-384, P-521, secp256k1, Brainpool curves, Curve25519, Curve448, FRP256v1)
    • Symmetric Block Ciphers: AES (GCM, CBC)
    • Stream Ciphers: ChaCha20, XChaCha20
  • Hashing Algorithms: Supports a wide range of hashing algorithms, including:

    • SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256)
    • SHA-3 (SHA3-224, SHA3-256, SHA3-384, SHA3-512)
  • Key Management: Provides a unified interface for creating, loading, and managing cryptographic keys, supporting various key usages and algorithms.

  • Cross-Platform Support: Designed to work seamlessly across multiple platforms, including Android, Apple, Linux and Windows, with platform-specific implementations for key handling and security module integration.

  • Security Module Integration: Integrates with Hardware Security Modules (HSMs) and Trusted Platform Modules (TPMs) for secure key storage and cryptographic operations, ensuring enhanced security and compliance with industry standards.

  • Extensibility: The modular design of the Crypto Layer allows for easy extension and integration of additional cryptographic algorithms and security modules in the future.

Design

Overview

  • Providers are interfaces to native implemented secure storages like TPM, HSM, NKS and the fallback software provider.
  • Key Pair Handles are interfaces for interacting and operating with a native key pair (P256).
  • Key Handles are interfaces for interacting and operating with a native symmetric keys (AES).
  • DH Exchanges are interfaces for executing a DH key exchange.
%% https://mermaid.js.org/syntax/classDiagram.html
classDiagram
    direction LR

    Provider "1" --> "0..*" KeyHandle : manages
    Provider "1" --> "0..*" KeyPairHandle : manages
    Provider "1" --> "0..*" DHExchange : creates ephemeral
    KeyPairHandle "1" --> "1" DHExchange : creates
    DHExchange "1" --> "1" KeyHandle : results in

    class Provider {
        <<Interface>>
    }
    note for Provider "is created by factory methods"
    class KeyHandle {
        <<Interface>>  
    }
    class KeyPairHandle {
        <<Interface>>  
    }
    class DHExchange {
        <<Interface>> 
    }
Loading
graph TB
    subgraph cal[Crypto Layer]
        provider(Provider)
        androidprov[Android Provider]
        linuxprov[Linux Provider]
        windowsprov[Windows Provider]
        appleprov[Apple Provider]
        softwareprov[Software Provider]
    end

    subgraph software[Software]
        encrypteddb[Encrypted DB]
        metadatastore[Key Metadata Storage]
    end

    subgraph hardware[Hardware]
        android[Strongbox Keystore]
        apple[Apple Secure Enclave]
        linux["TPM 2.0"]
        windows[Cryptography API Next Generation]
    end

    provider --> androidprov
    provider --> appleprov
    provider --> windowsprov
    provider --> softwareprov
    provider--> linuxprov

    cal --> metadatastore

    softwareprov --> encrypteddb
    androidprov --> android
    appleprov --> apple
    windowsprov --> windows
    linuxprov --> linux
Loading

Usage

Usage Rust Crate

Add the library via cargo to your project:

cargo add https://github.com/nmshd/rust-crypto

Examples

Examples for the rust crate can be found in the example folder.

Contributing

Contributions to the Crypto Layer are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request on the project's GitHub repository.

License

The library Crypto Layer is released under the MIT License.