Skip to main content

Module packet

Module packet 

Source
Expand description

Packet-mode (TF-0011) sign/verify, embedded edition.

Design constraints:

  • #![no_std], no_alloc by default.
  • Strings carried inline via heapless::String<N> so the type has a fully-stack-allocated representation. Capacities are sized for the identifiers actually used by TrustForge (TF-0001 §4): actor URIs are bounded by the actor-id schema, packet IDs are short ULIDs.
  • Signing-bytes derivation: SHA-256 over the SSZ-style concatenation of the field values in a fixed canonical order, with the signature field cleared. This is internally consistent — any sender and receiver that uses this crate agrees byte-for-byte. See the crate root for why we do not piggy-back on the std canonical-JSON path.

Structs§

Packet
A no_std packet header. Mirrors the field set of the std Packet struct in tf-types::packet minus features (fragmentation, route constraints) that K1 does not implement. K1 carries the data fields that the receiver MUST verify against the signature.

Enums§

SignError
Errors from sign_packet.
VerifyError
Errors from verify_packet.

Constants§

PAYLOAD_CAP
Maximum payload size carried inline in a single packet, in bytes. Constrained channels (LoRa SF12) deliver tens of bytes; SF7 a few hundred. 1024 covers the practical envelope before fragmentation.
SIGNATURE_CAP
Maximum signature size (ed25519 = 64).
STRING_CAP
Maximum length, in bytes, of any single string field (signer / source / destination / packet_id / encoding / compression / priority / created_at / expires_at). 256 is generous for actor URIs and ISO timestamps.

Functions§

packet_signing_bytes
Compute the 32-byte signing digest of a packet. The signature field is cleared before hashing.
sign_packet
Sign a packet payload and produce a complete Packet.
verify_packet
Verify a packet against a known public_key. Mirrors the validation order of tf-types::packet::verify_packet.