Crate ash_core 

ASH Core

ASH (Anti-tamper Security Hash) is a request integrity and anti-replay protection library.

This crate provides the core functionality for:

• Deterministic JSON and URL-encoded payload canonicalization
• Cryptographic proof generation and verification
• Constant-time comparison for timing-attack resistance
• Binding normalization for endpoint protection

Features

• Tamper Detection: Cryptographic proof ensures payload integrity
• Replay Prevention: One-time contexts prevent request replay
• Deterministic: Byte-identical output across all platforms
• WASM Compatible: Works in browsers and server environments

Example

use ash_core::{canonicalize_json, build_proof, AshMode};

// Canonicalize a JSON payload
let canonical = canonicalize_json(r#"{"z":1,"a":2}"#).unwrap();
assert_eq!(canonical, r#"{"a":2,"z":1}"#);

// Build a proof
let proof = build_proof(
    AshMode::Balanced,
    "POST /api/update",
    "context-id-123",
    None,
    &canonical,
).unwrap();

Security Notes

ASH verifies what is being submitted, not who is submitting it. It should be used alongside authentication systems (JWT, OAuth, etc.).

Structs

AshError

Main error type for ASH operations.

BuildProofInput

Input for building a proof.

VerifyInput

Input for verifying a proof.

Enums

AshErrorCode

Error codes for ASH protocol.

AshMode

Security mode for ASH verification.

Functions

build_proof

Build a cryptographic proof for request integrity.

canonicalize_json

Canonicalize a JSON string to deterministic form.

canonicalize_urlencoded

Canonicalize URL-encoded form data.

normalize_binding

Normalize a binding string to canonical form.

timing_safe_equal

Perform a constant-time comparison of two byte slices.

verify_proof

Verify a proof using constant-time comparison.