zerodds-security-keyexchange 1.0.0-rc.1

Ephemeral Diffie-Hellman Key-Agreement (X25519 + P-256-ECDH) fuer DDS-Security 1.1 Authentication-Handshake (Spec §8.3.2).
Documentation

zerodds-security-keyexchange

License: Apache-2.0 docs.rs

Ephemeral-Diffie-Hellman Key-Agreement fuer den DDS-Security Authentication-Handshake nach OMG DDS-Security 1.1 §8.3.2. Wrapper um ring::agreement + ring::hkdf. Safety classification: SAFE.

Spec-Mapping

Spec Abschnitt
OMG DDS-Security 1.1 §8.3.2 (Authentication-Handshake), §8.3.2.11 (Key-Establishment)

Was ist drin

  • KeyExchange + Suite::X25519 / Suite::P256Ecdh — Ephemeral-DH-Roundtrip mit derive_shared_secret() → 32-byte HKDF-SHA256-Output.

Schichten-Position

Layer 4. Konsumiert von zerodds-security-pki im Authentication-Handshake-State-Machine.

Quickstart

use zerodds_security_keyexchange::KeyExchange;

let alice = KeyExchange::new().expect("alice");
let bob = KeyExchange::new().expect("bob");

let a_pub = alice.public_key().to_vec();
let b_pub = bob.public_key().to_vec();

let s1 = alice.derive_shared_secret(&b_pub).expect("alice derive");
let s2 = bob.derive_shared_secret(&a_pub).expect("bob derive");
assert_eq!(s1, s2);

Suite-Coverage

Suite Use-Case
X25519 (Default) Modern, 32-byte Public-Key
P256Ecdh Klassische ECDH-Alternative

Nicht-Ziele

RSA-OAEP-Key-Transport (Spec §8.3.2.11 alternative Form) ist nicht in RC1 — alle relevanten Vendoren (Cyclone DDS, FastDDS, RTI Connext) sprechen ECDH/X25519.

Stabilitaet

1.0.0-rc.1. Public-API + Wire-Format (Public-Key-Encoding) RC1-stabil.

Tests

cargo test -p zerodds-security-keyexchange

11 Unit-Tests + 1 Doc-Test grün.

Lizenz

Apache-2.0.

Siehe auch