Skip to main content

zerodds_security_rtps/
lib.rs

1// SPDX-License-Identifier: Apache-2.0
2// Copyright 2026 ZeroDDS Contributors
3
4//! Crate `zerodds-security-rtps`. Safety classification: **SAFE** (a pure wire-format adapter; the actual crypto delegates to a [`CryptographicPlugin`]).
5//!
6//! Secure submessage wrapper (OMG DDS-Security 1.1 §7.3.6) +
7//! RTPS header AAD codec (§9.5).
8//!
9//! ## Layer position
10//!
11//! Layer 4 — Core Services. Consumes `zerodds-security` (SPI) +
12//! `zerodds-rtps` (RTPS submessage layout). Used by the DCPS runtime via
13//! `Box<dyn CryptographicPlugin>` and the inbound/outbound datapath.
14//!
15//! ## Public API (as of 1.0.0-rc.1)
16//!
17//! Takes one or more plain RTPS submessages (as opaque bytes)
18//! and wraps them into:
19//!
20//! ```text
21//! SEC_PREFIX  | SEC_BODY (ciphertext)  | SEC_POSTFIX
22//! ```
23//!
24//! On the receiver side `decode_secured_submessage` does the step
25//! in reverse: extract SEC_BODY, send it through the crypto plugin,
26//! return the plaintext.
27//!
28//! - Submessage IDs + flags per spec §7.3.6.
29//! - `encode_secured_submessage` + `decode_secured_submessage` with a
30//!   `&mut dyn CryptographicPlugin` callback — so AES-GCM, HMAC,
31//!   or future backends are interchangeable.
32//! - SRTPS wrap (§9.5 RTPS message protection): `SRTPS_PREFIX` + `SRTPS_POSTFIX` codec.
33//! - Receiver-specific MAC list in the POSTFIX (`MAX_RECEIVER_MACS`): one
34//!   16-byte MAC per remote reader; single-receiver paths leave the
35//!   list empty (spec §7.3.6.3 allows that).
36//! - Little-endian submessage header (`0x01` flag).
37//!
38//! ## Non-goals
39//!
40//! - Big-endian submessage header — the spec allows both; all vendors
41//!   use LE by default. Re-add additively in major-2.0.
42
43#![cfg_attr(not(feature = "std"), no_std)]
44#![forbid(unsafe_code)]
45#![warn(missing_docs)]
46
47extern crate alloc;
48
49mod codec;
50pub mod header_aad;
51mod srtps;
52
53pub use codec::{
54    MAX_RECEIVER_MACS, SEC_BODY, SEC_POSTFIX, SEC_PREFIX, SRTPS_POSTFIX, SRTPS_PREFIX,
55    SecurityRtpsError, decode_secured_submessage, decode_secured_submessage_multi,
56    encode_secured_submessage, encode_secured_submessage_multi,
57};
58pub use header_aad::{build_rtps_header_aad, build_submessage_aad};
59pub use srtps::{
60    PRE_SHARED_KEY_FLAG, RTPS_HEADER_LEN, decode_secured_rtps_message, encode_secured_rtps_message,
61    encode_secured_rtps_message_psk, srtps_psk_flag,
62};