chore: scaffold Aura workspace skeleton (Stage 0)

- 6-crate Cargo workspace, dependency tree frozen (cargo check green in ~1m) - ml-kem 0.3 (FIPS 203) replaces spec's pqcrypto-kyber for ML-KEM-768 - fix invalid target-gated workspace.dependencies: Windows deps (wintun/windows) declared untargeted, cfg-gated per-crate in aura-tunnel - version bumps vs spec: tun 0.8, rcgen 0.14, wintun 0.5 - stub lib/main per crate; real implementations land wave by wave Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-25 17:42:40 +03:00
commit f78633e04f
15 changed files with 3875 additions and 0 deletions
@@ -0,0 +1,13 @@
+/target
+**/*.rs.bk
+
+# Generated PKI material — never commit private keys/certs
+*.key
+*.crt
+*.pem
+/pki/
+/etc/aura/
+
+# Local editor/agent config
+.claude/settings.local.json
+.DS_Store
@@ -0,0 +1,87 @@
+[workspace]
+members = [
+    "crates/aura-crypto",
+    "crates/aura-pki",
+    "crates/aura-proto",
+    "crates/aura-transport",
+    "crates/aura-tunnel",
+    "crates/aura-cli",
+]
+resolver = "2"
+
+[workspace.package]
+version = "0.1.0"
+edition = "2021"
+license = "MIT"
+authors = ["Aura"]
+description = "Aura — hybrid post-quantum VPN protocol over QUIC"
+
+[workspace.dependencies]
+# Internal crates
+aura-crypto    = { path = "crates/aura-crypto" }
+aura-pki       = { path = "crates/aura-pki" }
+aura-proto     = { path = "crates/aura-proto" }
+aura-transport = { path = "crates/aura-transport" }
+aura-tunnel    = { path = "crates/aura-tunnel" }
+
+# PQ + classic crypto (ml-kem = FIPS 203 ML-KEM-768, replaces spec's pqcrypto-kyber)
+ml-kem         = { version = "0.3", features = ["zeroize"] }
+x25519-dalek   = { version = "2", features = ["static_secrets"] }
+
+# KDF / AEAD / hashing
+hkdf             = "0.12"
+hmac             = "0.12"
+sha2             = "0.10"
+chacha20poly1305 = { version = "0.10", features = ["stream"] }
+rand             = "0.8"
+rand_core        = "0.6"
+zeroize          = { version = "1.7", features = ["derive"] }
+subtle           = "2"
+
+# PKI / X.509
+rcgen            = "0.14"
+rustls           = { version = "0.23", features = ["ring"] }
+rustls-pki-types = "1"
+x509-parser      = "0.16"
+uuid             = { version = "1", features = ["v4"] }
+
+# Transport
+quinn  = "0.11"
+tokio  = { version = "1", features = ["full"] }
+bytes  = "1"
+
+# TUN (Unix: Linux + macOS)
+tun = { version = "0.8", features = ["async"] }
+
+# Windows-specific (version declared here untargeted; referenced under crate [target.'cfg(windows)'] tables)
+wintun  = "0.5"
+windows = { version = "0.57", features = [
+    "Win32_Foundation",
+    "Win32_NetworkManagement_IpHelper",
+    "Win32_NetworkManagement_Ndis",
+    "Win32_Networking_WinSock",
+] }
+
+# Serialization
+serde   = { version = "1", features = ["derive"] }
+bincode = "1"
+toml    = "0.8"
+
+# DNS / net
+hickory-resolver = "0.24"
+ipnetwork        = "0.20"
+
+# CLI / observability / errors
+clap               = { version = "4", features = ["derive"] }
+tracing            = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+anyhow             = "1"
+thiserror          = "1"
+
+# Dev / bench
+criterion = "0.5"
+hex       = "0.4"
+
+[profile.release]
+opt-level = 3
+lto       = "thin"
@@ -0,0 +1,25 @@
+[package]
+name = "aura-cli"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+description = "Aura CLI: client/server binary, PKI management, split-tunnel admin"
+
+[[bin]]
+name = "aura"
+path = "src/main.rs"
+
+[dependencies]
+aura-crypto.workspace = true
+aura-pki.workspace = true
+aura-proto.workspace = true
+aura-transport.workspace = true
+aura-tunnel.workspace = true
+clap.workspace = true
+tokio.workspace = true
+toml.workspace = true
+serde.workspace = true
+tracing.workspace = true
+tracing-subscriber.workspace = true
+anyhow.workspace = true
+uuid.workspace = true
@@ -0,0 +1,5 @@
+//! aura — client/server binary and PKI/admin CLI (skeleton; implemented in Wave 4).
+
+fn main() {
+    println!("aura: skeleton binary (implemented in Wave 4)");
+}
@@ -0,0 +1,23 @@
+[package]
+name = "aura-crypto"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+description = "Aura cryptographic core: hybrid X25519 + ML-KEM-768 KEM, HKDF, ChaCha20-Poly1305"
+
+[dependencies]
+ml-kem.workspace = true
+x25519-dalek.workspace = true
+hkdf.workspace = true
+hmac.workspace = true
+sha2.workspace = true
+chacha20poly1305.workspace = true
+rand.workspace = true
+rand_core.workspace = true
+zeroize.workspace = true
+subtle.workspace = true
+thiserror.workspace = true
+
+[dev-dependencies]
+hex.workspace = true
+criterion.workspace = true
@@ -0,0 +1 @@
+//! aura-crypto — cryptographic core (skeleton; implemented in Wave 1).
@@ -0,0 +1,15 @@
+[package]
+name = "aura-pki"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+description = "Aura PKI: CA, X.509 issuance and mutual-auth verification"
+
+[dependencies]
+rcgen.workspace = true
+rustls.workspace = true
+rustls-pki-types.workspace = true
+x509-parser.workspace = true
+uuid.workspace = true
+thiserror.workspace = true
+anyhow.workspace = true
@@ -0,0 +1 @@
+//! aura-pki — PKI: CA, certificate issuance and verification (skeleton; implemented in Wave 1).
@@ -0,0 +1,22 @@
+[package]
+name = "aura-proto"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+description = "Aura protocol: wire format, hybrid PKI handshake state machine, session"
+
+[dependencies]
+aura-crypto.workspace = true
+aura-pki.workspace = true
+bytes.workspace = true
+serde.workspace = true
+bincode.workspace = true
+zeroize.workspace = true
+hmac.workspace = true
+sha2.workspace = true
+rand.workspace = true
+rustls-pki-types.workspace = true
+thiserror.workspace = true
+
+[dev-dependencies]
+tokio.workspace = true
@@ -0,0 +1 @@
+//! aura-proto — protocol wire format and handshake (skeleton; implemented in Wave 2).
@@ -0,0 +1,19 @@
+[package]
+name = "aura-transport"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+description = "Aura transport: QUIC (quinn) endpoint, HTTPS/H3 mimicry, padding"
+
+[dependencies]
+aura-proto.workspace = true
+aura-crypto.workspace = true
+quinn.workspace = true
+tokio.workspace = true
+bytes.workspace = true
+rustls.workspace = true
+rustls-pki-types.workspace = true
+rand.workspace = true
+tracing.workspace = true
+thiserror.workspace = true
+anyhow.workspace = true
@@ -0,0 +1 @@
+//! aura-transport — QUIC transport and traffic mimicry (skeleton; implemented in Wave 3).
@@ -0,0 +1,25 @@
+[package]
+name = "aura-tunnel"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+description = "Aura tunnel: cross-platform TUN, split-tunnel routing, DNS"
+
+[dependencies]
+aura-transport.workspace = true
+aura-proto.workspace = true
+aura-crypto.workspace = true
+tokio.workspace = true
+bytes.workspace = true
+ipnetwork.workspace = true
+hickory-resolver.workspace = true
+tracing.workspace = true
+thiserror.workspace = true
+anyhow.workspace = true
+
+[target.'cfg(not(windows))'.dependencies]
+tun.workspace = true
+
+[target.'cfg(windows)'.dependencies]
+wintun.workspace = true
+windows.workspace = true
@@ -0,0 +1 @@
+//! aura-tunnel — TUN interface and split tunneling (skeleton; implemented in Wave 3).
				`@@ -0,0 +1 @@`
				`//! aura-crypto — cryptographic core (skeleton; implemented in Wave 1).`
				`@@ -0,0 +1 @@`
				`//! aura-pki — PKI: CA, certificate issuance and verification (skeleton; implemented in Wave 1).`
				`@@ -0,0 +1 @@`
				`//! aura-proto — protocol wire format and handshake (skeleton; implemented in Wave 2).`
				`@@ -0,0 +1 @@`
				`//! aura-transport — QUIC transport and traffic mimicry (skeleton; implemented in Wave 3).`
				`@@ -0,0 +1 @@`
				`//! aura-tunnel — TUN interface and split tunneling (skeleton; implemented in Wave 3).`