Crate zerodds_security

Expand description

Crate zerodds-security. Safety classification: SAFE (the security plugins run against production trust boundaries; the SPI layer itself is trust-neutral).

DDS-Security 1.1 (formal/2018-04-01) plugin SPI: defines the abstract plugin traits + data types + generic-message topics; production implementations live in sister crates.

§Layer position

Layer 4 — Core Services (SPI crate). Pure Rust + alloc, no ZeroDDS crate deps.

§Public API (as of 1.0.0-rc.1)

Spec	Trait / module	Concrete impl
§8.3 Authentication	`AuthenticationPlugin` in `authentication`	`zerodds-security-pki` (X.509 + RSA-PSS + ECDSA + OCSP/CRL)
§8.4 Access Control	`AccessControlPlugin` in `access_control`	`zerodds-security-permissions` (Governance + Permissions XML)
§8.5 Cryptographic	`CryptographicPlugin` in `crypto`	`zerodds-security-crypto` (AES-GCM 128/256 + HMAC-SHA256 + receiver-specific MACs)
§8.6 Logging	`LoggingPlugin` in `logging`	`zerodds-security-logging`
§8.7 Data Tagging	`DataTaggingPlugin` in `data_tagging`	`zerodds-security-runtime` (built-in DataTagging)

Plus cross-cutting:

token — IdentityToken, PermissionsToken, CryptoToken, DataHolder, BinaryProperty.
generic_message — ParticipantGenericMessage, MessageIdentity + topic constants for DCPSParticipantStatelessMessage / DCPSParticipantVolatileMessageSecure.
properties — Property / PropertyList for plugin configuration.
security_topic_qos — built-in security-topic QoS profiles.
error — SecurityError.
mock (feature std) — test mock plugins, never in production.

§Architecture

The SPI is trait-based + Box<dyn Plugin>-erasable, so that different backends (rustls vs. ring vs. mbedtls) are interchangeable without crate wiring. Each plugin trait is self-contained — no cross-references — so that extensions in one plugin do not break others.

§API stability pledge

This interface is API-frozen as of 1.0.0-rc.1. Breaking changes require a v2.0 major bump. Semver patch + minor may only add new methods with a default body or non-breaking enum variants.

Re-exports§

pub use access_control::AccessControlPlugin;
pub use authentication::AuthenticationPlugin;
pub use crypto::CryptographicPlugin;
pub use data_tagging::DataTaggingPlugin;
pub use error::SecurityError;
pub use generic_message::MessageIdentity;
pub use generic_message::ParticipantGenericMessage;
pub use generic_message::TOPIC_STATELESS_MESSAGE;
pub use generic_message::TOPIC_VOLATILE_MESSAGE_SECURE;
pub use generic_message::TYPE_NAME_GENERIC_MESSAGE;
pub use logging::LogLevel;
pub use logging::LoggingPlugin;
pub use properties::Property;
pub use properties::PropertyList;
pub use token::BinaryProperty;
pub use token::CryptoToken;
pub use token::DataHolder;
pub use token::IdentityStatusToken;
pub use token::IdentityToken;
pub use token::PermissionsToken;
pub use token::WireProperty;

Modules§

access_control: Access control plugin SPI (OMG DDS-Security 1.1 §8.4).
authentication: Authentication plugin SPI (OMG DDS-Security 1.1 §8.3).
crypto: Cryptographic plugin SPI (OMG DDS-Security 1.1 §8.5).
data_tagging: Data tagging plugin SPI (OMG DDS-Security 1.1 §8.7).
error: Security error types. OMG DDS-Security 1.1 §8.1.2 SecurityException.
generic_message: DDS-Security 1.2 §7.5.5 — ParticipantGenericMessage (C3.4).
logging: Logging plugin SPI (OMG DDS-Security 1.1 §8.6).
mock: Mock plugins for tests.
properties: Property list — name/value pairs for plugin configuration.
security_topic_qos: Security builtin-topic QoS profile — DDS-Security 1.2 §7.5.3 + §7.5.4.
token: DDS-Security 1.2 token structures (DataHolder + property records).