Skip to main content

Crate product_os_security

Crate product_os_security 

Source
Expand description

Product OS Security

A comprehensive cryptographic library providing authentication, encryption, hashing, JWT management, and certificate operations for the Product OS ecosystem.

§Features

This crate is designed to work in both std and no_std environments, with features that can be selectively enabled:

§Authentication & Verification

  • auth_verify - Request authentication and verification
  • jwt_auth_verify - JWT token generation and verification
  • jwt_encrypt_decrypt - Encrypted JWT tokens

§Cryptographic Operations

  • hash - Blake2b hashing with salt support
  • hasher - Custom hasher for Rust collections
  • mac - Message Authentication Codes
  • password_hash - Argon2 password hashing

§Encryption

  • symmetric_encrypt_decrypt - XChaCha20-Poly1305 AEAD
  • public_private_encrypt_decrypt - RSA encryption (placeholder)
  • public_private_sign_verify - Ed25519 signatures

§Key Exchange

  • diffie_hellman_key_store - X25519 key exchange
  • diffie_hellman_client_server_key_store - Client-server key exchange

§Other Features

  • time_otp - Time-based One-Time Passwords (TOTP)
  • certificates - X.509 certificate management (OpenSSL)
  • certificates_custom - Custom certificate builder
  • string_safe - URI encoding/decoding
  • generator - Random value generation

§Examples

§Basic Hashing

use product_os_security::create_hash;

let data = b"Hello, World!";
let hash = create_hash(data, None);

§Password Hashing

use product_os_security::{password_hash, password_verify};

let password = b"user-password";
let hash = password_hash(password).unwrap();
assert!(password_verify(&hash, password));

§JWT Authentication

use product_os_security::JWTGenerator;

let mut generator = JWTGenerator::new(
    None, None,
    "issuer".to_string(),
    3600,
    "audience".to_string(),
    32,
);

let secret = b"jwt-secret-key";
let (token, jti) = generator.jwt_auth(
    "user123".to_string(),
    None, None, None, None,
    secret, None,
).unwrap();

§Security Considerations

  • Always use cryptographically secure random number generators
  • Protect secret keys and never commit them to version control
  • Use appropriate key lengths (minimum 32 bytes for symmetric keys)
  • Validate all inputs before cryptographic operations
  • Keep dependencies updated for security patches

§no_std Support

This crate supports no_std environments with alloc. Some features require std:

  • public_private_sign_verify - Requires std
  • public_private_encrypt_decrypt - Requires std
  • certificates - Requires std
  • jwt_encrypt_decrypt_std - Uses std for RNG
  • diffie_hellman_client_server_key_store - Requires std

Re-exports§

pub use config::Security;
pub use config::CSPConfig;

Modules§

config
Security configuration types (Security, CSPConfig) Security configuration types