Mountain/IPC/Enhanced/SecureMessageChannel/
SecurityConfig.rs

1#![allow(non_snake_case)]
2
3//! Tunables for the secure-message channel - encryption /
4//! HMAC algorithm, key-rotation cadence, nonce / tag sizes,
5//! and the maximum allowed message size (DOS guard).
6
7use ring::aead::{AES_256_GCM, NONCE_LEN};
8use serde::{Deserialize, Serialize};
9
10#[derive(Debug, Clone, Serialize, Deserialize)]
11pub struct Struct {
12	pub encryption_algorithm:String,
13
14	pub key_rotation_interval_hours:u64,
15
16	pub hmac_algorithm:String,
17
18	pub nonce_size_bytes:usize,
19
20	pub auth_tag_size_bytes:usize,
21
22	pub max_message_size_bytes:usize,
23}
24
25impl Default for Struct {
26	fn default() -> Self {
27		Self {
28			encryption_algorithm:"AES-256-GCM".to_string(),
29
30			key_rotation_interval_hours:24,
31
32			hmac_algorithm:"HMAC-SHA256".to_string(),
33
34			nonce_size_bytes:NONCE_LEN,
35
36			auth_tag_size_bytes:AES_256_GCM.tag_len(),
37
38			max_message_size_bytes:10 * 1024 * 1024,
39		}
40	}
41}

Mountain/IPC/Enhanced/SecureMessageChannel/SecurityConfig.rs

Mountain/IPC/Enhanced/SecureMessageChannel/
SecurityConfig.rs