Alan-Jowett / sonde / 23808547256 / 1
82%
main: 82%

DEFAULT BRANCH: main
Ran
Files 77
Run time 2s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 85.128%. Remained the same
23808547256.1

push

github

web-flow 
feat(protocol): replace HMAC-SHA256 with AES-256-GCM frame codec (#495) (#608)

* feat(protocol): add AES-256-GCM frame codec behind feature flag (#495)

Add AeadProvider trait and AES-256-GCM frame encode/decode functions
alongside the existing HMAC-SHA256 codec. The new API is gated behind
the `aes-gcm-codec` Cargo feature flag.

Existing HMAC API is unchanged — all consumers continue to work.
Migration will happen per-crate in subsequent PRs.

New API:
- AeadProvider trait (seal/open)
- encode_frame_aead: header + AES-256-GCM(payload) + 16B tag
- decode_frame_aead: byte splitting (no crypto)
- open_frame: AEAD decrypt + authenticate
- GCM nonce: SHA-256(psk)[0..3] || msg_type || frame_nonce[8]
- 223 bytes payload capacity (was 207 with HMAC)

Implements: #495 (Phase 5, protocol layer — additive)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address review findings: enforce AES-256 key size, zero-copy decode, fix docs

- Change AeadProvider trait key parameter from &[u8] to &[u8; 32] to
  enforce AES-256 key-size requirement at compile time
- Change psk parameter in encode_frame_aead, open_frame, and
  build_gcm_nonce from &[u8] to &[u8; 32] for consistency
- Make DecodedFrameAead borrow ciphertext+tag from the raw frame via
  lifetime parameter, eliminating a heap allocation per received frame
- Clarify build_gcm_nonce doc comment: use 'first 3 bytes of SHA-256(psk)'
  instead of ambiguous range notation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(protocol): post-seal length check, stub doc, remove sonde.sln, CI step

- Validate ciphertext length after seal() (not just predicted size)
- Clarify test stub uses non-constant-time tag comparison
- Remove unrelated sonde.sln from PR
- Add CI step for aes-gcm-codec feature tests
- Fix clippy: remove double-ref on borrowed ciphertext_and_tag

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Alan Jow... (continued)

23509 of 27616 relevant lines covered (85.13%)

153.44 hits per line

Source Files on job 23808547256.1