Expand description
Noise Protocol Clients for access-protocol
This crate provides both remote and user client implementations for connecting through a proxy using the Noise Protocol.
§Features
- PSK-based authentication using pairing codes
- Noise Protocol NNpsk2 pattern for secure 2-message handshake
- Session caching for reconnection without re-pairing
- Supports both classical (Curve25519) and post-quantum (Kyber768) cryptography
§Remote Client Usage (untrusted device)
ⓘ
use ap_client::{RemoteClient, RemoteClientNotification, RemoteClientRequest,
DefaultProxyClient, IdentityProvider, SessionStore};
use ap_proxy_client::ProxyClientConfig;
use tokio::sync::mpsc;
// Create proxy client
let proxy_client = Box::new(DefaultProxyClient::new(ProxyClientConfig {
proxy_url: "ws://localhost:8080".to_string(),
identity_keypair: Some(identity_provider.identity().to_owned()),
}));
let (notification_tx, mut notification_rx) = mpsc::channel(32);
let (request_tx, mut request_rx) = mpsc::channel(32);
// Connect — spawns event loop internally, returns handle
let client = RemoteClient::connect(
identity_provider,
session_store,
proxy_client,
notification_tx,
request_tx,
).await?;
// Pair with rendezvous code
client.pair_with_handshake("ABCDEF123".to_string(), false).await?;
let query = ap_client::CredentialQuery::Domain("example.com".to_string());
let credential = client.request_credential(&query).await?;§User Client Usage (trusted device)
ⓘ
use ap_client::{
DefaultProxyClient, IdentityProvider, UserClient, UserClientNotification,
UserClientRequest,
};
use ap_proxy_client::ProxyClientConfig;
use tokio::sync::mpsc;
// Create proxy client
let proxy_client = Box::new(DefaultProxyClient::new(ProxyClientConfig {
proxy_url: "ws://localhost:8080".to_string(),
identity_keypair: Some(identity_provider.identity().to_owned()),
}));
let (notification_tx, mut notification_rx) = mpsc::channel(32);
let (request_tx, mut request_rx) = mpsc::channel(32);
// Connect — spawns event loop internally, returns handle
let client = UserClient::connect(
identity_provider,
session_store,
proxy_client,
notification_tx,
request_tx,
None, // audit_log
).await?;
// Already listening. Just use it.
let token = client.get_psk_token(None).await?;
// Or: let code = client.get_rendezvous_token(None).await?;Re-exports§
pub use error::ClientError;pub use proxy::DefaultProxyClient;pub use proxy::ProxyClient;pub use traits::AuditConnectionType;pub use traits::AuditEvent;pub use traits::AuditLog;pub use traits::CredentialFieldSet;pub use traits::IdentityProvider;pub use traits::NoOpAuditLog;pub use traits::SessionStore;pub use types::ConnectionMode;pub use types::CredentialData;pub use types::CredentialQuery;pub use types::PskId;
Modules§
- error
- Error types Error types for the remote client
- proxy
- Proxy client trait and default implementation Proxy client trait and default implementation
- traits
- Traits for storage implementations
- types
- Protocol types and events Types for the remote client protocol
Structs§
- Credential
Request Reply - Reply for credential requests.
- Fingerprint
Verification Reply - Reply for fingerprint verification requests.
- Identity
Fingerprint - A compact SHA256 fingerprint of an
Identity. - Multi
Device Transport - Transport state for multi-device Noise protocol
- Psk
- Remote
Client - A cloneable handle for controlling the remote client.
- Remote
Client Fingerprint Reply - Reply for fingerprint verification requests.
- Rendezvous
Code - A temporary rendezvous code for peer discovery.
- User
Client - A cloneable handle for controlling the user client.
Enums§
- Remote
Client Notification - Fire-and-forget status updates emitted by the remote client.
- Remote
Client Request - Requests that require a caller response, carrying a oneshot reply channel.
- User
Client Notification - Fire-and-forget status updates emitted by the user client.
- User
Client Request - Requests that require a caller response, carrying a oneshot reply channel.