Expand description
Packet-mode (TF-0011) sign/verify, embedded edition.
Design constraints:
#![no_std], no_alloc by default.- Strings carried inline via
heapless::String<N>so the type has a fully-stack-allocated representation. Capacities are sized for the identifiers actually used by TrustForge (TF-0001 §4): actor URIs are bounded by theactor-idschema, packet IDs are short ULIDs. - Signing-bytes derivation: SHA-256 over the SSZ-style concatenation of the field values in a fixed canonical order, with the signature field cleared. This is internally consistent — any sender and receiver that uses this crate agrees byte-for-byte. See the crate root for why we do not piggy-back on the std canonical-JSON path.
Structs§
- Packet
- A no_std packet header. Mirrors the field set of the std
Packetstruct intf-types::packetminus features (fragmentation, route constraints) that K1 does not implement. K1 carries the data fields that the receiver MUST verify against the signature.
Enums§
- Sign
Error - Errors from
sign_packet. - Verify
Error - Errors from
verify_packet.
Constants§
- PAYLOAD_
CAP - Maximum payload size carried inline in a single packet, in bytes. Constrained channels (LoRa SF12) deliver tens of bytes; SF7 a few hundred. 1024 covers the practical envelope before fragmentation.
- SIGNATURE_
CAP - Maximum signature size (ed25519 = 64).
- STRING_
CAP - Maximum length, in bytes, of any single string field (signer / source / destination / packet_id / encoding / compression / priority / created_at / expires_at). 256 is generous for actor URIs and ISO timestamps.
Functions§
- packet_
signing_ bytes - Compute the 32-byte signing digest of a packet. The
signaturefield is cleared before hashing. - sign_
packet - Sign a packet payload and produce a complete
Packet. - verify_
packet - Verify a packet against a known
public_key. Mirrors the validation order oftf-types::packet::verify_packet.