Available on crate feature
crypto only.Expand description
NOMAD Protocol - Security Layer
Implements the cryptographic primitives for NOMAD:
- Noise_IK handshake
- XChaCha20-Poly1305 AEAD
- Nonce construction
- Anti-replay protection
- Rekeying
Structs§
- Crypto
Session - A complete crypto session for secure communication.
- Handshake
Result - Result of a completed handshake
- Initiator
Handshake - Handshake state machine for the initiator (client).
- OldKey
Retention - Manages old keys during the transition period after a rekey.
- Rekey
State - Tracks the current key epoch and when rekeying is needed.
- Replay
Window - Anti-replay sliding window.
- Responder
Handshake - Handshake state machine for the responder (server).
- Session
Id - Session ID - 48-bit random identifier for session demultiplexing.
- Session
Key - A session key for AEAD operations.
- Session
Keys - Session keys derived from the Noise handshake.
- Static
Keypair - A static X25519 keypair for long-term identity.
Enums§
- Direction
- Direction of communication for nonce construction.
- Role
- Role in the handshake (affects which key is used for send/receive)
Constants§
- AAD_
SIZE - Size of AAD for data frames (type + flags + session_id + nonce_counter)
- SESSION_
KEY_ SIZE - Size of the session key (32 bytes for XChaCha20)
Functions§
- construct_
aad - Construct AAD (Additional Authenticated Data) for a data frame.
- construct_
nonce - Construct a 24-byte XChaCha20-Poly1305 nonce.
- decrypt
- Decrypt ciphertext using XChaCha20-Poly1305.
- decrypt_
in_ place - Decrypt ciphertext in-place, removing the tag.
- derive_
rekey_ auth_ key - Derive the rekey authentication key from static DH secret.
- derive_
rekey_ keys - Derive new session keys after a rekey with PCS protection.
- encrypt
- Encrypt plaintext using XChaCha20-Poly1305.
- encrypt_
in_ place - Encrypt plaintext in-place, appending the tag.
- parse_
nonce - Parse a nonce back into its components.