chore: scaffold Aura workspace skeleton (Stage 0)

- 6-crate Cargo workspace, dependency tree frozen (cargo check green in ~1m) - ml-kem 0.3 (FIPS 203) replaces spec's pqcrypto-kyber for ML-KEM-768 - fix invalid target-gated workspace.dependencies: Windows deps (wintun/windows) declared untargeted, cfg-gated per-crate in aura-tunnel - version bumps vs spec: tun 0.8, rcgen 0.14, wintun 0.5 - stub lib/main per crate; real implementations land wave by wave Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-25 17:42:40 +03:00
commit f78633e04f
15 changed files with 3875 additions and 0 deletions
@@ -0,0 +1,13 @@
 /target
 **/*.rs.bk
 # Generated PKI material — never commit private keys/certs
 *.key
 *.crt
 *.pem
 /pki/
 /etc/aura/
 # Local editor/agent config
 .claude/settings.local.json
 .DS_Store
@@ -0,0 +1,87 @@
 [workspace]
 members = [
    "crates/aura-crypto",
    "crates/aura-pki",
    "crates/aura-proto",
    "crates/aura-transport",
    "crates/aura-tunnel",
    "crates/aura-cli",
 ]
 resolver = "2"
 [workspace.package]
 version = "0.1.0"
 edition = "2021"
 license = "MIT"
 authors = ["Aura"]
 description = "Aura — hybrid post-quantum VPN protocol over QUIC"
 [workspace.dependencies]
 # Internal crates
 aura-crypto    = { path = "crates/aura-crypto" }
 aura-pki       = { path = "crates/aura-pki" }
 aura-proto     = { path = "crates/aura-proto" }
 aura-transport = { path = "crates/aura-transport" }
 aura-tunnel    = { path = "crates/aura-tunnel" }
 # PQ + classic crypto (ml-kem = FIPS 203 ML-KEM-768, replaces spec's pqcrypto-kyber)
 ml-kem         = { version = "0.3", features = ["zeroize"] }
 x25519-dalek   = { version = "2", features = ["static_secrets"] }
 # KDF / AEAD / hashing
 hkdf             = "0.12"
 hmac             = "0.12"
 sha2             = "0.10"
 chacha20poly1305 = { version = "0.10", features = ["stream"] }
 rand             = "0.8"
 rand_core        = "0.6"
 zeroize          = { version = "1.7", features = ["derive"] }
 subtle           = "2"
 # PKI / X.509
 rcgen            = "0.14"
 rustls           = { version = "0.23", features = ["ring"] }
 rustls-pki-types = "1"
 x509-parser      = "0.16"
 uuid             = { version = "1", features = ["v4"] }
 # Transport
 quinn  = "0.11"
 tokio  = { version = "1", features = ["full"] }
 bytes  = "1"
 # TUN (Unix: Linux + macOS)
 tun = { version = "0.8", features = ["async"] }
 # Windows-specific (version declared here untargeted; referenced under crate [target.'cfg(windows)'] tables)
 wintun  = "0.5"
 windows = { version = "0.57", features = [
    "Win32_Foundation",
    "Win32_NetworkManagement_IpHelper",
    "Win32_NetworkManagement_Ndis",
    "Win32_Networking_WinSock",
 ] }
 # Serialization
 serde   = { version = "1", features = ["derive"] }
 bincode = "1"
 toml    = "0.8"
 # DNS / net
 hickory-resolver = "0.24"
 ipnetwork        = "0.20"
 # CLI / observability / errors
 clap               = { version = "4", features = ["derive"] }
 tracing            = "0.1"
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
 anyhow             = "1"
 thiserror          = "1"
 # Dev / bench
 criterion = "0.5"
 hex       = "0.4"
 [profile.release]
 opt-level = 3
 lto       = "thin"
@@ -0,0 +1,25 @@
 [package]
 name = "aura-cli"
 version.workspace = true
 edition.workspace = true
 license.workspace = true
 description = "Aura CLI: client/server binary, PKI management, split-tunnel admin"
 [[bin]]
 name = "aura"
 path = "src/main.rs"
 [dependencies]
 aura-crypto.workspace = true
 aura-pki.workspace = true
 aura-proto.workspace = true
 aura-transport.workspace = true
 aura-tunnel.workspace = true
 clap.workspace = true
 tokio.workspace = true
 toml.workspace = true
 serde.workspace = true
 tracing.workspace = true
 tracing-subscriber.workspace = true
 anyhow.workspace = true
 uuid.workspace = true
@@ -0,0 +1,5 @@
 //! aura — client/server binary and PKI/admin CLI (skeleton; implemented in Wave 4).
 fn main() {
    println!("aura: skeleton binary (implemented in Wave 4)");
 }
@@ -0,0 +1,23 @@
 [package]
 name = "aura-crypto"
 version.workspace = true
 edition.workspace = true
 license.workspace = true
 description = "Aura cryptographic core: hybrid X25519 + ML-KEM-768 KEM, HKDF, ChaCha20-Poly1305"
 [dependencies]
 ml-kem.workspace = true
 x25519-dalek.workspace = true
 hkdf.workspace = true
 hmac.workspace = true
 sha2.workspace = true
 chacha20poly1305.workspace = true
 rand.workspace = true
 rand_core.workspace = true
 zeroize.workspace = true
 subtle.workspace = true
 thiserror.workspace = true
 [dev-dependencies]
 hex.workspace = true
 criterion.workspace = true
@@ -0,0 +1 @@
 //! aura-crypto — cryptographic core (skeleton; implemented in Wave 1).
@@ -0,0 +1,15 @@
 [package]
 name = "aura-pki"
 version.workspace = true
 edition.workspace = true
 license.workspace = true
 description = "Aura PKI: CA, X.509 issuance and mutual-auth verification"
 [dependencies]
 rcgen.workspace = true
 rustls.workspace = true
 rustls-pki-types.workspace = true
 x509-parser.workspace = true
 uuid.workspace = true
 thiserror.workspace = true
 anyhow.workspace = true
@@ -0,0 +1 @@
 //! aura-pki — PKI: CA, certificate issuance and verification (skeleton; implemented in Wave 1).
@@ -0,0 +1,22 @@
 [package]
 name = "aura-proto"
 version.workspace = true
 edition.workspace = true
 license.workspace = true
 description = "Aura protocol: wire format, hybrid PKI handshake state machine, session"
 [dependencies]
 aura-crypto.workspace = true
 aura-pki.workspace = true
 bytes.workspace = true
 serde.workspace = true
 bincode.workspace = true
 zeroize.workspace = true
 hmac.workspace = true
 sha2.workspace = true
 rand.workspace = true
 rustls-pki-types.workspace = true
 thiserror.workspace = true
 [dev-dependencies]
 tokio.workspace = true
@@ -0,0 +1 @@
 //! aura-proto — protocol wire format and handshake (skeleton; implemented in Wave 2).
@@ -0,0 +1,19 @@
 [package]
 name = "aura-transport"
 version.workspace = true
 edition.workspace = true
 license.workspace = true
 description = "Aura transport: QUIC (quinn) endpoint, HTTPS/H3 mimicry, padding"
 [dependencies]
 aura-proto.workspace = true
 aura-crypto.workspace = true
 quinn.workspace = true
 tokio.workspace = true
 bytes.workspace = true
 rustls.workspace = true
 rustls-pki-types.workspace = true
 rand.workspace = true
 tracing.workspace = true
 thiserror.workspace = true
 anyhow.workspace = true
@@ -0,0 +1 @@
 //! aura-transport — QUIC transport and traffic mimicry (skeleton; implemented in Wave 3).
@@ -0,0 +1,25 @@
 [package]
 name = "aura-tunnel"
 version.workspace = true
 edition.workspace = true
 license.workspace = true
 description = "Aura tunnel: cross-platform TUN, split-tunnel routing, DNS"
 [dependencies]
 aura-transport.workspace = true
 aura-proto.workspace = true
 aura-crypto.workspace = true
 tokio.workspace = true
 bytes.workspace = true
 ipnetwork.workspace = true
 hickory-resolver.workspace = true
 tracing.workspace = true
 thiserror.workspace = true
 anyhow.workspace = true
 [target.'cfg(not(windows))'.dependencies]
 tun.workspace = true
 [target.'cfg(windows)'.dependencies]
 wintun.workspace = true
 windows.workspace = true
@@ -0,0 +1 @@
 //! aura-tunnel — TUN interface and split tunneling (skeleton; implemented in Wave 3).
		`@@ -0,0 +1 @@`
							`//! aura-crypto — cryptographic core (skeleton; implemented in Wave 1).`
		`@@ -0,0 +1 @@`
							`//! aura-pki — PKI: CA, certificate issuance and verification (skeleton; implemented in Wave 1).`
		`@@ -0,0 +1 @@`
							`//! aura-proto — protocol wire format and handshake (skeleton; implemented in Wave 2).`
		`@@ -0,0 +1 @@`
							`//! aura-transport — QUIC transport and traffic mimicry (skeleton; implemented in Wave 3).`
		`@@ -0,0 +1 @@`
							`//! aura-tunnel — TUN interface and split tunneling (skeleton; implemented in Wave 3).`