Expand description
§SESAME
Secure ESAM Authentication and Message Encryption: the proposed SCTE 130-9 security layer for the ESAM interface. A portable, framework-agnostic core implementing the three additive tiers of ANSI/SCTE 130-9 (SESAME) draft v0.5, bidirectionally (verify inbound requests, sign/encrypt outbound responses), all carried in HTTP headers with no ESAM XML schema change.
| Tier | Capability | Mechanism |
|---|---|---|
| 0 | Unauthenticated baseline | no SESAME headers (backward compatible) |
| 1 | Authentication + integrity | HMAC-SHA256 over a canonical string |
| 2 | Channel-scoped authorization | signed X-SESAME-Scope, policy lookup |
| 3 | Payload encryption | AES-256-GCM (96-bit IV, 128-bit tag) |
§Provenance
This crate is the canonical home of the SESAME protocol, extracted
byte-for-byte from the rust-pois reference implementation (originally MIT,
© POIS Contributors). The deployed rust-pois server is intended to depend
on this crate so the protocol lives in exactly one place. Byte-level
conformance is pinned by the golden vectors in test-vectors/, which are
generated from rust-pois and reproduced by tests/conformance.rs.
§Design
- No I/O, no HTTP framework.
verify_request/sign_responsetake the request parts, the parsedSesameHeaders, the body, andnow. - Host owns the resources via injected traits: the key directory
(
KeyProvider) and the replay memory (ReplayCache). The reference in-memory replay cache ships; distributed stores are the host’s concern. - RNG is feature-gated. Verification is RNG-free. Signing responses needs
a fresh nonce/IV, so
sign_responseand the IV/nonce helpers sit behind the default-onrngfeature; disable it for verify-only/embedded hosts.
§Wire format
See SESAME.md
for the byte-exact specification (canonical strings, headers, encodings).
Re-exports§
pub use crate::message::SesameError;pub use crate::message::SesameHeaders;
Modules§
- axum_
adapter - Optional HTTP adapter (feature
axum). - canonical
- keys
- message
- replay
- tier1_
hmac - tier2_
authz - tier3_
aead - vectors
- Deserialization shapes for the golden conformance vectors (feature
serde).
Structs§
- Request
Context - Context needed to verify a request.
- Response
Params - Parameters for signing an outbound response.
- Sesame
Config - Deployment-wide SESAME configuration.
- Signed
Response - A signed (and optionally encrypted) outbound response ready to send.
- Verified
Request - Outcome of verifying an inbound request.
Enums§
- Tier
- A SESAME security tier. Tiers are additive (Tier N implies Tier 1..N).
Functions§
- sign_
response - Sign (and optionally encrypt) an outbound ESAM response. This is the primary SESAME protection: it authenticates the POIS’s conditioning decision so a forged/tampered response (spoofed blackout/avail/redirect) is detectable.
- verify_
request - Verify an inbound ESAM request against the SESAME protocol.