DoneZero

局域网安全方案：物理交互 + 密码学纵深防御
LAN Security: Physical Interaction + Cryptographic Defense-in-Depth

中文 | English

---

Overview

DoneZero is a Rust implementation of a layered defense architecture for securing local-area network (LAN) services. It anchors trust in a non-replicable physical interaction (QR code + 4-digit code + IP confirmation), then enforces that trust with cryptographic constraints that are non-extensible and non-reusable.

Core principle: Do subtraction, not addition. Trust battle-tested primitives audited by global cryptographers. Resist the urge to "add your own sauce" at the application layer.

Architecture

┌─────────────────────────────────────────────────────────┐
│  Physical Space Verification                             │
│  Rotating QR (3s) + 4-digit Code + IP Highlight         │
├─────────────────────────────────────────────────────────┤
│  TOFU Certificate Pinning                                │
│  SHA-256 fingerprint embedded in QR payload             │
├─────────────────────────────────────────────────────────┤
│  One-Time Handshake State Machine                        │
│  One code, one verification, atomic state transition    │
├─────────────────────────────────────────────────────────┤
│  Dual-Token Depth + Channel Binding                      │
│  Refresh Token bound to TLS; Access Token random expiry │
├─────────────────────────────────────────────────────────┤
│  CSPRNG (OS-level)                                       │
│  getrandom / OsRng — no app-layer entropy mixing        │
├─────────────────────────────────────────────────────────┤
│  Memory Anti-Forensics                                   │
│  mlock / VirtualLock + zeroize on Drop                  │
├─────────────────────────────────────────────────────────┤
│  Boundary Constraints + Traffic Padding (optional)       │
│  NIC binding; constant-rate padding                     │
└─────────────────────────────────────────────────────────┘

Attack Surface Coverage

Attack Type	Defense	Effect
LAN MITM / Sniffing	TLS + TOFU cert fingerprint	Blocked
QR Screenshot Replay	3s rotation + 4-digit code	Single-shot
Brute-force Code	One-code-one-verify, atomic kill	Zero expected
Token Leak / Reuse	Channel Binding + random expiry	Leak = revoke
Memory Forensics / Swap	mlock + zeroize	No trace
Concurrent Preemption	Atomic state machine	409 / 410
Timing Attack	ConstantTimeEq	No leakage
Traffic Analysis	Constant-rate padding (optional)	Flat profile

Quick Start

# Clone & build
git clone https://github.com/Ink-dark/DoneZero.git
cd DoneZero
cargo build --release

# Run
cargo run
# Server starts on detected LAN IP:8443

API Endpoints

Method	Endpoint	Description
GET	/health	Health check
POST	/api/handshake	Create handshake (QR + code)
POST	/api/verify	Verify handshake code
POST	/api/token/refresh	Refresh Access Token
GET	/api/confirm	Screen IP confirmation page

Project Structure

DoneZero/
├── src/
│   ├── main.rs           # Entry point
│   ├── lib.rs            # Module exports
│   ├── server.rs         # HTTP service (axum)
│   ├── state_machine.rs  # Handshake state machine
│   ├── tofu.rs           # TOFU certificate pinning
│   ├── physical.rs       # QR code + verification code
│   ├── token.rs          # Dual-token + channel binding
│   ├── memory.rs         # mlock + zeroize
│   ├── csprng.rs         # OS-level CSPRNG
│   ├── boundary.rs       # Network boundary constraints
│   └── error.rs          # Error types
├── docs/                 # Detailed documentation
├── Cargo.toml
└── README.md / README.zh-CN.md

Documentation

• Architecture Details
• Security Threat Model
• API Reference
• Deployment Guide

License

MIT License — see LICENSE for details.

---

Design Philosophy

1. Do subtraction, not addition.
2. The state machine is the anchor.
3. Trust boundaries are precise.
4. Defense-in-depth, not single-point.