Expand description
A no_std-capable client for the Roughtime secure time synchronization protocol.
Roughtime lets a client obtain the current time from a set of untrusted servers while being able to cryptographically prove, after the fact, that any server which lied about the time can be caught (via Ed25519 signatures over a Merkle tree of recent requests). This crate implements the client side only: building requests, parsing and verifying responses, and (optionally) querying real servers over the network.
§Feature flags
Exactly one crypto backend feature must be enabled:
rustcrypto— pure-Rust [ed25519-dalek] + [sha2],no_std-capable.aws-lc-rs— [aws-lc-rs], the default.aws-lc-rs-fips—aws-lc-rsbuilt in FIPS mode.
Layered on top:
std(default) — enables the networking clients and the Linuxos-clockbackend.tokio-client(default) — an async, concurrent multi-server query client.blocking-client— a synchronousstd::net::UdpSocket-based client.os-clock— an opt-in LinuxSystemClockimplementation that can set the OS wall clock forward to the verified time floor.dnscrypt(default) — resolves well-known Roughtime server hostnames viadnscrypt, an authenticated, encrypted DNS transport, instead of the OS’s plaintext, unauthenticated resolver. This closes the one remaining plaintext, unauthenticated hop in an otherwise end-to-end-verified time-sync flow, and means callers no longer have to resolve/pin server IPs by hand. Seeresolve::resolve_servers/resolve::resolve_servers_asyncandclient::TokioClient::query_well_known/[client::BlockingClient::query_well_known].build-time-floor— opt-in, not indefault. Ratchets the anti-rollback floor forward to the build day using the build machine’s wall clock. Leave this disabled for reproducible builds (e.g. attested boot images); seefloorfor details.
A no_std consumer (e.g. a kernel or bootloader) should build with
--no-default-features --features rustcrypto to get the wire-format, request-building,
and response-verification primitives with no networking or OS dependency — supplying its
own I/O and randomness.
§Requirement: a global allocator
This crate always uses alloc (for Vec-backed message parsing), even in no_std builds.
no_std consumers must provide a global allocator.
§Security posture
This is a client-only crate: it never holds Ed25519 private key material, only verifies
server-supplied public keys and signatures. The one client-generated secret-like value is
the 64-byte nonce, which is zeroized on drop (see request::Nonce). Raw response bytes
and extracted public keys are intentionally not zeroized — they are bulk public-protocol
data, and scrubbing them would cost real performance for no confidentiality benefit.
Re-exports§
pub use error::Error;pub use request::Nonce;pub use request::build_request;pub use servers::ROUGHTIME_SERVERS;pub use servers::RoughtimeServer;pub use verify::VerifiedTime;pub use verify::verify_response;pub use resolve::resolve_servers;pub use resolve::resolve_servers_async;
Modules§
- client
- Shared networking-client types: configuration and multi-server consensus logic.
- clock
- The
SystemClockabstraction over reading/setting a system wall clock. - date
- A minimal, dependency-free RFC 1123-ish HTTP date parser.
- error
- The crate’s structured error type.
- floor
- The anti-rollback time floor.
- request
- Building Roughtime request messages.
- resolve
- Secure Roughtime-server hostname resolution via
dnscrypt. - servers
- The set of well-known public Roughtime servers.
- tags
- Roughtime wire-format tag constants.
- verify
- Verification of Roughtime responses: signature checks, Merkle inclusion proof, and the anti-rollback floor.
- wire
- Parsing of the Roughtime wire format: a flat tag-length-value message encoding.