Module bundle 

Authenticated join bundle: wraps the raw cred bytes sent to a joiner with an HMAC-SHA256 MAC so a MitM cannot substitute their own CA even if they intercept the token.

MAC key derivation: HMAC-SHA256(cluster_secret XOR token_hash) over the bundle bytes. This binds the bundle to both the cluster secret and the specific token, so a replayed bundle from a different session or a bundle signed under a different secret is rejected.

The joiner calls [verify_bundle] before installing any cert material.

Structs

AuthenticatedJoinBundle

Authenticated wrapper around the raw join bundle bytes.

Enums

BundleError

Error from bundle operations.

Functions

derive_mac_key

Derive the MAC key as cluster_secret XOR token_hash.

open_bundle

Verify the MAC on sealed and return the inner bundle bytes.

seal_bundle

Wrap bundle_bytes in an AuthenticatedJoinBundle.