Skip to main content

bsv/auth/
types.rs

1//! Core types for the auth module.
2//!
3//! Defines AuthMessage, MessageType, PeerSession, protocol constants,
4//! and the RequestedCertificateSet type alias.
5
6use std::collections::HashMap;
7
8// ---------------------------------------------------------------------------
9// Protocol Constants
10// ---------------------------------------------------------------------------
11
12/// Auth protocol version.
13pub const AUTH_VERSION: &str = "0.1";
14
15/// Protocol ID used for signing auth messages.
16pub const AUTH_PROTOCOL_ID: &str = "auth message signature";
17
18/// Protocol ID used for signing certificates.
19pub const CERTIFICATE_SIGNATURE_PROTOCOL: &str = "certificate signature";
20
21/// Protocol ID used for encrypting certificate fields.
22pub const CERTIFICATE_FIELD_ENCRYPTION_PROTOCOL: &str = "certificate field encryption";
23
24/// Protocol ID used for HMAC-based nonce operations.
25pub const SERVER_HMAC_PROTOCOL: &str = "server hmac";
26
27/// Security level used for nonce HMAC operations.
28pub const NONCE_SECURITY_LEVEL: u8 = 2;
29
30// ---------------------------------------------------------------------------
31// MessageType
32// ---------------------------------------------------------------------------
33
34/// The type of an authentication protocol message.
35#[derive(Clone, Debug, PartialEq)]
36#[cfg_attr(feature = "network", derive(serde::Serialize, serde::Deserialize))]
37pub enum MessageType {
38    /// Initial authentication request from client to server.
39    #[cfg_attr(feature = "network", serde(rename = "initialRequest"))]
40    InitialRequest,
41    /// Response to an initial authentication request.
42    #[cfg_attr(feature = "network", serde(rename = "initialResponse"))]
43    InitialResponse,
44    /// Request for certificates from the peer.
45    #[cfg_attr(feature = "network", serde(rename = "certificateRequest"))]
46    CertificateRequest,
47    /// Response containing requested certificates.
48    #[cfg_attr(feature = "network", serde(rename = "certificateResponse"))]
49    CertificateResponse,
50    /// General authenticated message after handshake is complete.
51    #[cfg_attr(feature = "network", serde(rename = "general"))]
52    General,
53}
54
55// ---------------------------------------------------------------------------
56// RequestedCertificateSet
57// ---------------------------------------------------------------------------
58
59/// Maps certificate type (base64) to a list of field names to request.
60pub type RequestedCertificateSet = HashMap<String, Vec<String>>;
61
62// ---------------------------------------------------------------------------
63// AuthMessage
64// ---------------------------------------------------------------------------
65
66/// A message in the BRC-31 Authrite authentication protocol.
67///
68/// All fields match the TS SDK AuthMessage format for wire compatibility.
69#[derive(Clone, Debug)]
70#[cfg_attr(feature = "network", derive(serde::Serialize, serde::Deserialize))]
71#[cfg_attr(feature = "network", serde(rename_all = "camelCase"))]
72pub struct AuthMessage {
73    /// Protocol version string.
74    pub version: String,
75
76    /// The type of this message.
77    pub message_type: MessageType,
78
79    /// Compressed hex public key of the sender.
80    pub identity_key: String,
81
82    /// Base64-encoded nonce created by the sender.
83    #[cfg_attr(feature = "network", serde(skip_serializing_if = "Option::is_none"))]
84    pub nonce: Option<String>,
85
86    /// The other party's nonce (echoed back in responses).
87    #[cfg_attr(feature = "network", serde(skip_serializing_if = "Option::is_none"))]
88    pub your_nonce: Option<String>,
89
90    /// For general messages, references the session's initial nonce.
91    #[cfg_attr(feature = "network", serde(skip_serializing_if = "Option::is_none"))]
92    pub initial_nonce: Option<String>,
93
94    /// Certificates to share with the peer.
95    #[cfg_attr(feature = "network", serde(skip_serializing_if = "Option::is_none"))]
96    pub certificates: Option<Vec<crate::wallet::interfaces::Certificate>>,
97
98    /// Certificate types and fields being requested from the peer.
99    #[cfg_attr(feature = "network", serde(skip_serializing_if = "Option::is_none"))]
100    pub requested_certificates: Option<RequestedCertificateSet>,
101
102    /// General message payload bytes.
103    #[cfg_attr(feature = "network", serde(skip_serializing_if = "Option::is_none"))]
104    pub payload: Option<Vec<u8>>,
105
106    /// ECDSA signature over the message.
107    #[cfg_attr(feature = "network", serde(skip_serializing_if = "Option::is_none"))]
108    pub signature: Option<Vec<u8>>,
109}
110
111// ---------------------------------------------------------------------------
112// PeerSession
113// ---------------------------------------------------------------------------
114
115/// Tracks the state of an authenticated session with a peer.
116#[derive(Clone, Debug)]
117pub struct PeerSession {
118    /// The nonce that identifies this session.
119    pub session_nonce: String,
120    /// The peer's compressed hex identity key.
121    pub peer_identity_key: String,
122    /// The peer's nonce for this session.
123    pub peer_nonce: String,
124    /// Whether the handshake has completed successfully.
125    pub is_authenticated: bool,
126}