formatted crate for external use

zssp/src/ints.rs

@@ -1,12 +1,9 @@
 
-use std::{io::Read, sync::atomic::{AtomicU64, Ordering}};
+use std::{sync::atomic::{AtomicU64, Ordering}};
 
 use zerotier_crypto::random;
 use zerotier_utils::memory;
 
-use crate::constants::*;
-
-
 
 /// "Canonical header" for generating 96-bit AES-GCM nonce and for inclusion in HMACs.
 ///

zssp/src/lib.rs

@@ -1,5 +1,9 @@
 
-pub mod constants;
-pub mod zssp;
-pub mod app_layer;
-pub mod ints;
+mod constants;
+mod zssp;
+mod app_layer;
+mod ints;
+
+pub use zssp::{Error, ReceiveResult, ReceiveContext, Session};
+pub use app_layer::ApplicationLayer;
+pub use ints::{SessionId, Role};

zssp/src/zssp.rs

@@ -132,6 +132,13 @@ struct EphemeralOffer {
     alice_hk_keypair: Option<pqc_kyber::Keypair>, // Kyber1024 key pair (agreement result mixed post-Noise)
 }
 
+/// Key lifetime manager state and logic (separate to spotlight and keep clean)
+struct KeyLifetime {
+    rekey_at_or_after_counter: u64,
+    hard_expire_at_counter: u64,
+    rekey_at_or_after_timestamp: i64,
+}
+
 
 
 ////////////////////////////////////////////////////////////////
@@ -166,8 +173,6 @@ impl std::fmt::Debug for Error {
 }
 
 
-
-
 // Write src into buffer starting at the index idx. If buffer cannot fit src at that location, nothing at all is written and Error::UnexpectedBufferOverrun is returned. No other errors can be returned by this function. An idx incremented by the amount written is returned.
 fn safe_write_all(buffer: &mut [u8], idx: usize, src: &[u8]) -> Result<usize, Error> {
     let dest = &mut buffer[idx..];
@@ -181,7 +186,7 @@ fn safe_write_all(buffer: &mut [u8], idx: usize, src: &[u8]) -> Result<usize, Er
 }
 /// Write a variable length integer, which can consume up to 10 bytes. Uses safe_write_all to do so.
 #[inline(always)]
-pub fn varint_safe_write(buffer: &mut [u8], idx: usize, v: u64) -> Result<usize, Error> {
+fn varint_safe_write(buffer: &mut [u8], idx: usize, v: u64) -> Result<usize, Error> {
     let mut b = [0_u8; varint::VARINT_MAX_SIZE_BYTES];
     let i = varint::encode(&mut b, v);
     safe_write_all(buffer, idx, &b[0..i])
@@ -199,7 +204,7 @@ fn safe_read_exact<'a>(src: &mut &'a [u8], amt: usize) -> Result<&'a [u8], Error
 }
 /// Read a variable length integer, which can consume up to 10 bytes. Uses varint_safe_read to do so.
 #[inline(always)]
-pub fn varint_safe_read(src: &mut &[u8]) -> Result<u64, Error> {
+fn varint_safe_read(src: &mut &[u8]) -> Result<u64, Error> {
     let (v, amt) = varint::decode(*src).ok_or(Error::InvalidPacket)?;
     let (_, b) = src.split_at(amt);
     *src = b;
@@ -207,7 +212,6 @@ pub fn varint_safe_read(src: &mut &[u8]) -> Result<u64, Error> {
 }
 
 
-
 impl<Layer: ApplicationLayer> Session<Layer> {
     /// Create a new session and send an initial key offer message to the other end.
     ///
@@ -1374,13 +1378,6 @@ fn parse_key_offer_after_header(
 }
 
 
-/// Key lifetime manager state and logic (separate to spotlight and keep clean)
-struct KeyLifetime {
-    rekey_at_or_after_counter: u64,
-    hard_expire_at_counter: u64,
-    rekey_at_or_after_timestamp: i64,
-}
-
 impl KeyLifetime {
     fn new(current_counter: CounterValue, current_time: i64) -> Self {
         Self {