Skip to main content

peat_mesh/security/
mod.rs

1//! # Security Primitives for Mesh Networks
2//!
3//! Generic cryptographic security primitives for mesh networking:
4//!
5//! - [`DeviceId`] - Unique device identifier derived from Ed25519 public key
6//! - [`DeviceKeypair`] - Ed25519 keypair for signing and identity
7//! - [`SecurityError`] - Error types for security operations
8//! - [`EncryptionKeypair`] / [`EncryptionManager`] - X25519/ChaCha20 encryption
9//! - [`FormationKey`] - HMAC-SHA256 PSK formation authentication
10//! - [`CallsignGenerator`] - NATO phonetic callsign generation
11//! - [`MeshCertificate`] / [`CertificateBundle`] - Peer certificate validation
12//! - [`EnrollmentService`] - Mesh enrollment protocol
13//! - [`MeshGenesis`] / [`MeshCredentials`] - Mesh creation and key derivation
14//!
15//! These primitives have no domain-specific dependencies and can be used
16//! by any mesh networking application.
17
18pub mod callsign;
19pub mod certificate;
20pub mod device_id;
21pub mod encryption;
22pub mod enrollment;
23pub mod error;
24pub mod formation_key;
25pub mod genesis;
26pub mod keypair;
27
28pub use callsign::{
29    CallsignError, CallsignGenerator, MAX_CALLSIGN_LENGTH, NATO_ALPHABET, TOTAL_CALLSIGNS,
30};
31pub use certificate::{CertificateBundle, MeshCertificate, MeshTier};
32pub use device_id::DeviceId;
33pub use encryption::{
34    EncryptedCellMessage, EncryptedData, EncryptedDocument, EncryptionKeypair, EncryptionManager,
35    GroupKey, SecureChannel, SymmetricKey, NONCE_SIZE, SYMMETRIC_KEY_SIZE, X25519_PUBLIC_KEY_SIZE,
36};
37pub use enrollment::{
38    EnrollmentRequest, EnrollmentResponse, EnrollmentService, EnrollmentStatus,
39    StaticEnrollmentService,
40};
41pub use error::SecurityError;
42pub use formation_key::{
43    FormationAuthResult, FormationChallenge, FormationChallengeResponse, FormationKey,
44    FORMATION_CHALLENGE_SIZE, FORMATION_RESPONSE_SIZE,
45};
46pub use genesis::{MembershipPolicy, MeshCredentials, MeshGenesis};
47pub use keypair::DeviceKeypair;
48
49/// Default challenge timeout in seconds
50pub const DEFAULT_CHALLENGE_TIMEOUT_SECS: u64 = 30;
51
52/// Size of challenge nonce in bytes
53pub const CHALLENGE_NONCE_SIZE: usize = 32;
54
55/// Size of Ed25519 public key in bytes
56pub const PUBLIC_KEY_SIZE: usize = 32;
57
58/// Size of Ed25519 signature in bytes
59pub const SIGNATURE_SIZE: usize = 64;
60
61#[cfg(test)]
62mod tests {
63    use super::*;
64
65    #[test]
66    fn test_module_exports() {
67        // Verify all public types are accessible
68        let _: fn() -> DeviceKeypair = DeviceKeypair::generate;
69        let _: fn() -> EncryptionKeypair = EncryptionKeypair::generate;
70        let _: fn() -> CallsignGenerator = CallsignGenerator::new;
71    }
72}