corevpn_crypto/
lib.rs

1//! CoreVPN Cryptographic Primitives
2//!
3//! This crate provides the cryptographic foundation for CoreVPN, using only
4//! audited, pure-Rust implementations. No OpenSSL dependency.
5//!
6//! # Security Principles
7//! - All key material implements `Zeroize` for secure memory clearing
8//! - Constant-time comparisons for all authentication operations
9//! - No custom cryptography - only well-audited implementations
10//! - Perfect Forward Secrecy through ephemeral key exchange
11
12#![forbid(unsafe_code)]
13#![warn(missing_docs, rust_2018_idioms)]
14
15pub mod error;
16pub mod keys;
17pub mod cipher;
18pub mod kdf;
19pub mod cert;
20pub mod hmac_auth;
21
22pub use error::{CryptoError, Result};
23pub use keys::{
24    StaticSecret, PublicKey, SharedSecret,
25    SigningKey, VerifyingKey, Signature,
26    KeyPair,
27};
28pub use cipher::{Cipher, CipherSuite, DataChannelKey, PacketCipher};
29pub use kdf::{derive_keys, KeyMaterial};
30pub use cert::{CertificateAuthority, Certificate, CertificateRequest};
31pub use hmac_auth::HmacAuth;
32
33/// Securely generate random bytes
34pub fn random_bytes<const N: usize>() -> [u8; N] {
35    let mut buf = [0u8; N];
36    rand::RngCore::fill_bytes(&mut rand::rngs::OsRng, &mut buf);
37    buf
38}
39
40/// Generate a cryptographically secure session ID
41pub fn generate_session_id() -> [u8; 8] {
42    random_bytes()
43}
44
45/// Generate a cryptographically secure packet ID
46pub fn generate_packet_id() -> u32 {
47    u32::from_be_bytes(random_bytes())
48}
corevpn_crypto/lib.rs

corevpn_crypto/
lib.rs
