manawenuz/wz-phone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ed09c2e8cc0f7835b1ed61c7ab917db5e50ca6db
wz-phone/crates/wzp-crypto/src/lib.rs
Siavash Sameni 59069bfba2 feat: complete all WZP-S integration tasks (S-4/5/6/7/9) 
WZP-S-4: Room access control
- hash_room_name() in wzp-crypto: SHA-256("featherchat-group:"+name)[:16]
- CLI --room flag hashes before SNI, web bridge does the same
- RoomManager gains ACL: with_acl(), allow(), is_authorized()
- join() returns Result, rejects unauthorized fingerprints

WZP-S-5: Crypto handshake wired into all live paths
- CLI: perform_handshake() after connect, before any mode
- Relay: accept_handshake() after auth, before room join
- Web bridge: perform_handshake() after auth, before audio
- Relay generates ephemeral identity at startup

WZP-S-6: Web bridge featherChat auth
- --auth-url flag: browsers send {"type":"auth","token":"..."} as first WS msg
- Validates against featherChat, passes token to relay
- --cert/--key flags for production TLS (replaces self-signed)

WZP-S-7: wzp-proto standalone
- Cargo.toml uses explicit versions (no workspace inheritance)
- FC can use as git dependency

WZP-S-9: All 6 hardcoded assumptions resolved
- Auth, hashed rooms, mandatory handshake, real TLS certs,
  profile negotiation, token validation

CLI also gains --room and --token flags.
179 tests passing across all crates.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 09:59:05 +04:00

26 lines
981 B
Rust
Raw Blame History

//! WarzonePhone Crypto Layer
//!
//! Implements the cryptographic primitives compatible with the Warzone messenger identity model:
//! - Identity: 32-byte seed -> HKDF -> Ed25519 (signing) + X25519 (encryption)
//! - Fingerprint: SHA-256(Ed25519 pub)[:16]
//! - Per-call: Ephemeral X25519 key exchange -> ChaCha20-Poly1305 session
//! - Nonce: Derived from session_id + seq + direction (not transmitted)
//! - Rekeying: Periodic ephemeral exchange with HKDF mixing for forward secrecy
pub mod anti_replay;
pub mod handshake;
pub mod identity;
pub mod nonce;
pub mod rekey;
pub mod session;
pub use anti_replay::AntiReplayWindow;
pub use handshake::WarzoneKeyExchange;
pub use identity::{hash_room_name, Fingerprint, IdentityKeyPair, PublicIdentity, Seed};
pub use nonce::{build_nonce, Direction};
pub use rekey::RekeyManager;
pub use session::ChaChaSession;
// Re-export trait types from wzp-proto for convenience.
pub use wzp_proto::{CryptoError, CryptoSession, KeyExchange};
Reference in New Issue View Git Blame Copy Permalink