This document outlines the core structure and logic of the quantum-tunneler project, including module responsibilities and high-level data flow.
For the latest updates and source code, visit our GitHub repository.
- Implements post-quantum algorithms (Kyber, Falcon)
- Provides interfaces for key exchange and digital signatures
- Uses
no_std-friendly data structures viaheapless
- Handles IKEv2 key negotiation (Phase 1 and 2)
- Establishes initial session agreements using post-quantum primitives
- Interfaces directly with the
cryptomodule
- Encapsulates data with IPSec (ESP and AH protocols)
- Manages Security Associations (SAs) and Security Policies
- Provides replay protection and packet encryption/integrity
- Shared utilities: logging, type aliases, error definitions
- CLI executes a command such as
connect - CLI invokes IKEv2 negotiation through the
ikemodule ikehandles key exchange usingcryptomodule- Once SAs are established,
ipsecstarts encrypting traffic - Packets are securely transmitted over the tunnel
The CLI serves as an interface to test and manage tunnels using the core library:
init: Initialize default configsconnect: Simulate secure connectionstatus: Show session statebenchmark: Measure performance and timing
- Real transport integration (UDP/TCP)
- NAT traversal support
- WireGuard compatibility layer
- Server mode with mTLS/PSK
- Secure PACS and VPN applications for healthcare