Lib.rs

无标准库
#data #obfuscation #encryption #memory #run-time #decryption #encrypting

无 std encrust

通过加密数据以隐藏它直到需要时,在内存中混淆数据

作者:Emil Taylor Bye

2 个版本

0.1.1 2023 年 9 月 20 日
0.1.0 2023 年 9 月 20 日

#215 in 无标准库

MIT 许可证

26KB
356

encrust

通过在不需要时加密数据来隐藏运行时的数据。

Encrust 直接加密底层数据,并在需要时才暴露底层数据。当解密的数据超出作用域时,它会被加密,直到下一次需要。

示例用法

use encrust::{Encrustable, Encrusted};
use zeroize::Zeroize;

// Data types used with encrust must implement Zeroize to make sure data
// does not linger in memory after use.
#[derive(Encrustable, Zeroize)]
struct SecretData (String, u64, Vec<u8>);

// This must be mut, otherwise it is not possible to call decrust.
let mut top_secret = Encrusted::new_with_random(
    SecretData ("A string".to_string(), 1337, vec![1,2,3,4,5,6]),
    rand::thread_rng(),
);

{
    // Decrypt the data in top_secret to be able to read the data.
    let mut decrypted = top_secret.decrust();
    assert_eq!("A string", decrypted.0);
    // It is possible to modify decrypted values as DerefMut is implemented.
    decrypted.1 += 1;
    assert_eq!(1338, decrypted.1);
    assert_eq!(&[1,2,3,4,5,6], decrypted.2.as_slice());
}
// decrypted is now out of scope and the data in top_secret is now encrypted.

宏定义

Encrust 包含一些宏,用于在可执行文件中嵌入加密值。加密发生在编译时,明文值不包括在二进制文件中。

use encrust::{encrust, encrust_vec, encrust_file_bytes, encrust_file_string};

// When encrusting numbers, the data type must be specified.
let mut encrypted_int = encrust!(1u32);
assert_eq!(*encrypted_int.decrust(), 1u32);
let mut encrypted_string = encrust!("Strings can also be encrusted.");
assert_eq!("Strings can also be encrusted.", encrypted_string.decrust().as_str());
let mut encrypted_array = encrust!([1u8,2u8,3u8]);
assert_eq!(&[1u8,2u8,3u8], encrypted_array.decrust().as_slice());
let mut encrypted_vec = encrust_vec![3i32,2i32,1i32];
assert_eq!(vec![3i32,2i32,1i32].as_slice(), encrypted_vec.decrust().as_slice());

// Read Cargo.toml for this crate into a String.
let mut cargo_toml = encrust_file_string!("Cargo.toml");
// Read Cargo.toml for this crate into a byte array.
let mut cargo_toml_bytes = encrust_file_string!("Cargo.toml");
assert_eq!(cargo_toml.decrust().as_bytes(), cargo_toml_bytes.decrust().as_bytes());

限制

Encrust 目前仅提供对某些实际包含数据的简单数据结构的加密,大多数容器类型尚未支持。此外,目前某些内容尚未加密。对于向量(和字符串),实际存储的数据被加密,但数据的指针、长度和容量字段未被加密。

许可证:MIT

依赖

~0.7–1.6MB
~33K SLoC