feat: add E2E encryption module to meshservice

X25519 key agreement + HKDF-SHA256 + ChaCha20-Poly1305 AEAD for opt-in payload encryption. Each message uses a fresh ephemeral key for forward secrecy. 11 new tests cover roundtrip, wrong-key rejection, tampering, wire format integration, and edge cases.
2026-04-03 10:48:16 +02:00
parent fb6b80c81c
commit 4dadd01c6b
4 changed files with 399 additions and 1 deletions
--- a/crates/meshservice/Cargo.toml
+++ b/crates/meshservice/Cargo.toml
@@ -18,7 +18,9 @@ ciborium = "0.2"
 ed25519-dalek = { version = "2.1", features = ["serde"] }
 sha2 = "0.10"
 rand = "0.8"
-x25519-dalek = "2.0"
+x25519-dalek = { version = "2.0", features = ["static_secrets"] }
+chacha20poly1305 = "0.10"
+hkdf = "0.12"

 # Async
 tokio = { version = "1.36", features = ["sync", "time"] }