Expand description
Secure handshake protocol implementation using Elliptic Curve Diffie-Hellman (ECDH)
This module implements a secure cryptographic handshake based on x25519-dalek with protection against replay attacks using timestamped nonces.
Key Change: Per-Session State
Instead of global singletons, handshake state is now managed through session-scoped
structures (ClientHandshakeState, ServerHandshakeState) that are passed through
the handshake flow. This prevents concurrent handshake state trampling and ensures
clean state per connection.
Structs§
- Client
Handshake State - Client-side handshake state - passed through the handshake flow
- Server
Handshake State - Server-side handshake state - passed through the handshake flow
Functions§
- client_
derive_ session_ key - Client derives the session key.
Must be called after
client_secure_handshake_verify. - client_
secure_ handshake_ init - Initiates secure handshake from the client side. Generates a new key pair and nonce for the client.
- client_
secure_ handshake_ verify - Client verifies server response and sends verification message. Updates client state and returns confirmation message.
- server_
secure_ handshake_ finalize - Server verifies client’s confirmation and derives session key. Returns the session key if verification succeeds.
- server_
secure_ handshake_ response - Generates server response to client handshake initialization. Validates client timestamp, generates server key pair and nonce.
- verify_
timestamp - Verify that a timestamp is recent enough Default threshold is 30 seconds with a strict 2-second future tolerance for clock skew