libertaria-stack

107 Commits 1 Branch 0 Tags 1.9 MiB

Author	SHA1	Message	Date
Markus Maiwald	bdfb0b2775	fix(crypto): add AAD to AEAD encryption binding ciphertext to context Previously encryptPayload() used empty AAD, allowing ciphertext to be replayed across different contexts. Now includes header fields as AAD: - ephemeral_pubkey: Binds to sender identity - timestamp: Replay protection (5 min window) - service_type: Context binding (WORLD/FEED/MESSAGE/DIRECT) API changes: - encryptPayload() now requires service_type parameter - decryptPayload() now requires expected_service_type parameter - EncryptedPayload extended with timestamp and service_type fields - New error types: ServiceTypeMismatch, TimestampTooOld, TimestampInFuture Security: Ciphertext is now cryptographically bound to sender, timestamp, and service context. Replay and context confusion attacks are prevented via AAD verification during decryption. Fixes P0 security audit issue: Missing AAD in AEAD Encryption	2026-02-09 00:55:34 +01:00
Markus Maiwald	07ccd484f1	refactor: restructure repository with tiered licensing Major restructuring of libertaria-sdk -> libertaria-stack: FOLDER REORGANIZATION: - core/ - L0-L3 layers (Commonwealth LCL-1.0) - l0-transport/ - l1-identity/ - l2_session/ - l2-federation/ - l2-membrane/ - sdk/ - L4+ and bindings (Sovereign LSL-1.0) - janus-sdk/ - l4-feed/ - apps/ - Examples (Unbound LUL-1.0) - examples/ - legal/ - All license texts LICENSES ADDED: - LICENSE_COMMONWEALTH.md (LCL-1.0) - Viral reciprocity for Core - LICENSE_SOVEREIGN.md (LSL-1.0) - Business-friendly for SDK - LICENSE_UNBOUND.md (LUL-1.0) - Maximum freedom for docs/apps BUILD.ZIG UPDATED: - All paths updated to new structure - Examples imports fixed README.md REWRITTEN: - Documents new folder structure - Explains tiered licensing strategy - Clear SPDX identifiers per component NO CLA REQUIRED - contributors keep copyright	2026-02-05 20:12:32 +01:00

Author

SHA1

Message

Date

Markus Maiwald

bdfb0b2775

fix(crypto): add AAD to AEAD encryption binding ciphertext to context

Previously encryptPayload() used empty AAD, allowing ciphertext to be
replayed across different contexts. Now includes header fields as AAD:

- ephemeral_pubkey: Binds to sender identity
- timestamp: Replay protection (5 min window)
- service_type: Context binding (WORLD/FEED/MESSAGE/DIRECT)

API changes:
- encryptPayload() now requires service_type parameter
- decryptPayload() now requires expected_service_type parameter
- EncryptedPayload extended with timestamp and service_type fields
- New error types: ServiceTypeMismatch, TimestampTooOld, TimestampInFuture

Security: Ciphertext is now cryptographically bound to sender,
timestamp, and service context. Replay and context confusion attacks
are prevented via AAD verification during decryption.

Fixes P0 security audit issue: Missing AAD in AEAD Encryption

2026-02-09 00:55:34 +01:00

Markus Maiwald

07ccd484f1

refactor: restructure repository with tiered licensing

Major restructuring of libertaria-sdk -> libertaria-stack:

FOLDER REORGANIZATION:
- core/          - L0-L3 layers (Commonwealth LCL-1.0)
  - l0-transport/
  - l1-identity/
  - l2_session/
  - l2-federation/
  - l2-membrane/
- sdk/           - L4+ and bindings (Sovereign LSL-1.0)
  - janus-sdk/
  - l4-feed/
- apps/          - Examples (Unbound LUL-1.0)
  - examples/
- legal/         - All license texts

LICENSES ADDED:
- LICENSE_COMMONWEALTH.md (LCL-1.0) - Viral reciprocity for Core
- LICENSE_SOVEREIGN.md (LSL-1.0) - Business-friendly for SDK
- LICENSE_UNBOUND.md (LUL-1.0) - Maximum freedom for docs/apps

BUILD.ZIG UPDATED:
- All paths updated to new structure
- Examples imports fixed

README.md REWRITTEN:
- Documents new folder structure
- Explains tiered licensing strategy
- Clear SPDX identifiers per component

NO CLA REQUIRED - contributors keep copyright

2026-02-05 20:12:32 +01:00

Renamed from l1-identity/crypto.zig (Browse further)

2 Commits