ndn_security/
lib.rs

1//! # ndn-security -- Packet signing, verification, and trust management
2//!
3//! Provides cryptographic primitives and trust-policy enforcement for NDN
4//! packets. Signers produce signatures; verifiers check them; the validator
5//! chains verification with a [`TrustSchema`] to decide whether data is
6//! trustworthy. Only validated data is wrapped in [`SafeData`], giving the
7//! compiler a way to enforce that unverified packets are never forwarded.
8//!
9//! ## Key types
10//!
11//! - [`Signer`] / [`Verifier`] -- signing and verification traits
12//! - [`Ed25519Signer`], [`Ed25519Verifier`], [`HmacSha256Signer`] -- concrete impls
13//! - [`Validator`] -- chains verification + trust schema lookup
14//! - [`TrustSchema`] -- name-pattern rules for trust decisions
15//! - [`SafeData`] -- newtype proving a Data packet has been validated
16//! - [`CertCache`], [`KeyStore`] -- certificate and key storage
17//! - [`SecurityManager`] -- high-level facade combining the above
18
19#![allow(missing_docs)]
20
21pub mod cert_cache;
22pub mod cert_fetcher;
23pub mod did;
24pub mod error;
25pub mod file_tpm;
26pub mod key_store;
27pub mod keychain;
28pub mod lvs;
29pub mod manager;
30pub mod pib;
31pub mod profile;
32pub mod safe_bag;
33pub mod safe_data;
34pub mod sign_ext;
35pub mod signer;
36#[cfg(feature = "sqlite-pib")]
37pub mod sqlite_pib;
38pub mod trust_schema;
39pub mod validator;
40pub mod verifier;
41#[cfg(feature = "yubikey-piv")]
42pub mod yubikey;
43pub mod zone;
44
45pub use cert_cache::{CertCache, Certificate};
46pub use cert_fetcher::{CertFetcher, FetchFn};
47pub use error::TrustError;
48pub use key_store::{KeyAlgorithm, KeyStore, MemKeyStore};
49pub use keychain::KeyChain;
50pub use lvs::{LvsError, LvsModel};
51pub use manager::SecurityManager;
52pub use pib::{FilePib, PibError};
53pub use profile::SecurityProfile;
54pub use safe_data::SafeData;
55pub use sign_ext::SignWith;
56pub use signer::{
57    Blake3KeyedSigner, Blake3Signer, Ed25519Signer, HmacSha256Signer,
58    SIGNATURE_TYPE_DIGEST_BLAKE3_KEYED, SIGNATURE_TYPE_DIGEST_BLAKE3_PLAIN, Signer,
59};
60pub use trust_schema::{NamePattern, PatternComponent, PatternParseError, SchemaRule, TrustSchema};
61pub use validator::{ValidationResult, Validator};
62pub use verifier::{
63    Blake3DigestVerifier, Blake3KeyedVerifier, Ed25519Verifier, Verifier, VerifyOutcome,
64    ed25519_verify_batch,
65};
66#[cfg(feature = "yubikey-piv")]
67pub use yubikey::{YubikeyKeyStore, YubikeySlot};
68pub use zone::{ZoneKey, verify_zone_root, zone_root_from_pubkey, zone_root_to_did};
69
70// DID convenience re-exports (use `ndn_security::did::...` for the full API)
71pub use did::{
72    DereferencedResource, DidController, DidDocument, DidDocumentMetadata, DidError,
73    DidResolutionResult, DidResolver, DidUrl, KeyDidResolver, NdnDidResolver, Service,
74    ServiceEndpoint, UniversalResolver, VerificationMethod, VerificationRef,
75    build_zone_did_document, build_zone_succession_document, cert_to_did_document, deref_did_url,
76    did_to_name, name_to_did,
77};