Crate zerodds_security_rtps

Expand description

Crate zerodds-security-rtps. Safety classification: SAFE (a pure wire-format adapter; the actual crypto delegates to a [CryptographicPlugin]).

Secure submessage wrapper (OMG DDS-Security 1.1 §7.3.6) + RTPS header AAD codec (§9.5).

§Layer position

Layer 4 — Core Services. Consumes zerodds-security (SPI) + zerodds-rtps (RTPS submessage layout). Used by the DCPS runtime via Box<dyn CryptographicPlugin> and the inbound/outbound datapath.

§Public API (as of 1.0.0-rc.1)

Takes one or more plain RTPS submessages (as opaque bytes) and wraps them into:

SEC_PREFIX  | SEC_BODY (ciphertext)  | SEC_POSTFIX

On the receiver side decode_secured_submessage does the step in reverse: extract SEC_BODY, send it through the crypto plugin, return the plaintext.

Submessage IDs + flags per spec §7.3.6.
encode_secured_submessage + decode_secured_submessage with a &mut dyn CryptographicPlugin callback — so AES-GCM, HMAC, or future backends are interchangeable.
SRTPS wrap (§9.5 RTPS message protection): SRTPS_PREFIX + SRTPS_POSTFIX codec.
Receiver-specific MAC list in the POSTFIX (MAX_RECEIVER_MACS): one 16-byte MAC per remote reader; single-receiver paths leave the list empty (spec §7.3.6.3 allows that).
Little-endian submessage header (0x01 flag).

§Non-goals

Big-endian submessage header — the spec allows both; all vendors use LE by default. Re-add additively in major-2.0.

Re-exports§

pub use header_aad::build_rtps_header_aad;
pub use header_aad::build_submessage_aad;

Modules§

header_aad: RTPS header AAD for SRTPS wrapping — DDS-Security 1.2 §7.4.6.6 + §8.1.

Enums§

SecurityRtpsError: Error on encode/decode.

Constants§

MAX_RECEIVER_MACS: DoS cap for the MAC list in the SEC_POSTFIX. Each MAC is 20 bytes; 256 MACs = 5 KiB — enough for heterogeneous deployments with hundreds of readers per writer, but far below the RAM-attack threshold.
PRE_SHARED_KEY_FLAG: PreSharedKeyFlag im SRTPS_PREFIX-Submessage-Header — Spec DDS-Security 1.2 §10.9.1.
RTPS_HEADER_LEN: RTPS header size (spec §8.3.3.1).
SEC_BODY: SEC_BODY submessage ID (spec §7.3.6.4).
SEC_POSTFIX: SEC_POSTFIX submessage ID (spec §7.3.6.3).
SEC_PREFIX: SEC_PREFIX submessage ID (spec §7.3.6.2).
SRTPS_POSTFIX: SRTPS_POSTFIX submessage ID (spec §7.3.6.6).
SRTPS_PREFIX: SRTPS_PREFIX submessage ID (spec §7.3.6.5).

Functions§

decode_secured_rtps_message: Unwraps a whole RTPS message. Expects the same format as encode_secured_rtps_message. Returns the reconstructed plaintext message ([header | body]).
decode_secured_submessage: Decodes a secure-submessage sequence and returns the plaintext.
decode_secured_submessage_multi: Decodes a secure-submessage sequence WITH a multi-MAC SEC_POSTFIX and returns the plaintext.
encode_secured_rtps_message: Protects a whole RTPS message. The first 20 bytes (header) stay plaintext; everything after it (the submessage stream) is encrypted + authenticated. Output:
encode_secured_rtps_message_psk: Like encode_secured_rtps_message, but additionally sets the PreSharedKeyFlag in the SRTPS_PREFIX (spec §10.9.1) — for the PSK crypto path.
encode_secured_submessage: Encodes a plain submessage blob as a secured submessage sequence (SEC_PREFIX + SEC_BODY + SEC_POSTFIX).
encode_secured_submessage_multi: Encodes a plain submessage blob as a secured sequence WITH receiver-specific MACs in the SEC_POSTFIX (spec §7.3.6.3).
srtps_psk_flag: Reads the PreSharedKeyFlag bit from the SRTPS_PREFIX of a secured RTPS message. Returns None if the wire is not a valid SRTPS wrapping.