asupersync 0.3.1

Spec-first, cancel-correct, capability-secure async runtime for Rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

//! Symbol authentication and security infrastructure.
//!
//! This module provides authentication primitives for the RaptorQ-based
//! distributed layer. It enables verification of symbol integrity and
//! authenticity during transmission across untrusted networks.
//!
//! # Design Principles
//!
//! 1. **Determinism-compatible**: All operations are deterministic for lab runtime
//! 2. **Interface-first**: Clean traits allow swapping implementations
//! 3. **No ambient keys**: Keys must be explicitly provided (capability security)
//! 4. **Fail-safe defaults**: Invalid/missing auth fails closed
//!
//! # Authentication Contract
//!
//! `AuthenticationTag` is a domain-separated HMAC-SHA256 over the symbol's
//! object identity, block position, symbol kind, payload length, and payload
//! bytes. The construction is deterministic, capability-explicit, and suitable
//! for real integrity verification in production code.
//!
//! # Architecture
//!
//! ```text
//! ┌──────────────────────────────────────────────────────────┐
//! │                    SecurityContext                        │
//! │  ┌─────────────────────────────────────────────────────┐ │
//! │  │                      AuthKey                        │ │
//! │  │  • 256-bit key material                            │ │
//! │  │  • Deterministic derivation from seed/DetRng       │ │
//! │  └─────────────────────────────────────────────────────┘ │
//! │                          │                               │
//! │                          ▼                               │
//! │  ┌─────────────────────────────────────────────────────┐ │
//! │  │                    Authenticator                    │ │
//! │  │  • sign(symbol) → AuthenticationTag                │ │
//! │  │  • verify(symbol, tag) → Result<(), AuthError>     │ │
//! │  └─────────────────────────────────────────────────────┘ │
//! │                          │                               │
//! │                          ▼                               │
//! │  ┌─────────────────────────────────────────────────────┐ │
//! │  │               AuthenticatedSymbol                   │ │
//! │  │  • Symbol + AuthenticationTag bundle               │ │
//! │  │  • Verified on construction, unverified on receive │ │
//! │  └─────────────────────────────────────────────────────┘ │
//! └──────────────────────────────────────────────────────────┘
//! ```
//!
//! # Example
//!
//! ```ignore
//! use asupersync::security::{AuthKey, SecurityContext, AuthenticatedSymbol};
//! use asupersync::types::Symbol;
//!
//! // Create a security context with a derived key
//! let key = AuthKey::from_seed(42);
//! let ctx = SecurityContext::new(key);
//!
//! // Sign a symbol
//! let symbol = Symbol::new_for_test(1, 0, 0, &[1, 2, 3]);
//! let authenticated = ctx.sign_symbol(&symbol);
//!
//! // Verify on receive
//! let verified = ctx.verify_authenticated_symbol(&authenticated)?;
//! ```

pub mod authenticated;
pub mod context;
pub mod error;
pub mod key;
pub mod tag;

pub use authenticated::AuthenticatedSymbol;
pub use context::{AuthMode, SecurityContext};
pub use error::{AuthError, AuthErrorKind, AuthResult};
pub use key::{AUTH_KEY_SIZE, AuthKey};
pub use tag::AuthenticationTag;