parley_core/

lib.rs

//! Parley core domain types.
//!
//! This crate defines the wire types and identifiers for the Parley protocol
//! as specified in `spec/v0.1.md` (with auth refactored per `spec/v0.4.md` §2).
//! Types are deliberately thin: this crate contains no business logic, no I/O,
//! no traits. It is depended on by every other crate in the workspace.

#![allow(clippy::module_name_repetitions)]

mod error;
mod ids;
pub mod keys;
mod message;
pub mod pow;
mod signing;

pub use error::CoreError;
pub use ids::{AgentPubkey, BlobId, ChannelId, MessageId, NetworkId, Nonce, Seq};
pub use keys::{
    derive_auth_mldsa, derive_identity_ed25519, AuthKeyPair, MLDSA65SigningKey, SEED_BYTES,
};
pub use message::{Channel, ChannelKind, Message, MessageType};
pub use signing::{
    body_sha256_b64url, build_header_value, canonical_query_string, canonical_string, ml_dsa_sign,
    ml_dsa_verify, parse_header_value, verify_signature, MlDsaError, ParsedSignature,
    SignatureParseError, SignatureVerifyError, EMPTY_BODY_SHA256, ML_DSA_PUBKEY_BYTES,
    ML_DSA_SIG_BYTES, SIGNATURE_HEADER, SIGNATURE_VERSION,
};

/// Maximum allowed `|now - ts|` in seconds for signature freshness.
pub const TIMESTAMP_WINDOW_SECS: i64 = 60;

/// Minimum window for which servers must remember nonces, in seconds.
/// Must be at least 2× TIMESTAMP_WINDOW_SECS so an edge-of-skew request
/// cannot be replayed by walking the clock.
pub const NONCE_RETENTION_SECS: i64 = 120;

/// Maximum size of a `text` message `content` field, in UTF-8 bytes.
pub const MAX_TEXT_CONTENT_BYTES: usize = 4096;

/// Maximum size of an MLS message `content` field (base64url-encoded
/// bytes on the wire). Generous to accommodate large group commits.
pub const MAX_MLS_CONTENT_BYTES: usize = 1024 * 1024;

/// Maximum size of an `Idempotency-Key` header value, in bytes.
pub const MAX_IDEMPOTENCY_KEY_BYTES: usize = 128;

/// Minimum window servers must retain idempotency records, in seconds.
pub const IDEMPOTENCY_RETENTION_SECS: i64 = 24 * 60 * 60;