pub trait KelContinuityChecker {
// Required method
fn verify_rotation_continuity(
&self,
did: &str,
pinned_tip_said: &str,
presented_pk: &[u8],
) -> Result<Option<RotationProof>, TrustError>;
}Expand description
Trait for verifying rotation continuity from a pinned state to a presented key.
Implemented by auths-id (which owns KEL types). The trust module in
auths-core calls this trait without importing auths-id.
§Implementation Requirements
The implementation must:
- Locate the event with SAID ==
pinned_tip_saidin the KEL. - Replay forward from that event (not from inception), verifying:
- Hash chain linkage (each event’s
pmatches predecessor’sd). - Sequence ordering (strict monotonic increment).
- Pre-rotation commitment satisfaction for rotation events.
- Event signatures.
- Hash chain linkage (each event’s
- Confirm the resulting key state’s current key matches
presented_pk.
§Return Values
Ok(Some(proof))if continuity is verified.Ok(None)if the pinned tip is not found or the chain doesn’t lead to the presented key.Erron internal errors (corrupt KEL, deserialization failure).
Required Methods§
Sourcefn verify_rotation_continuity(
&self,
did: &str,
pinned_tip_said: &str,
presented_pk: &[u8],
) -> Result<Option<RotationProof>, TrustError>
fn verify_rotation_continuity( &self, did: &str, pinned_tip_said: &str, presented_pk: &[u8], ) -> Result<Option<RotationProof>, TrustError>
Verify that there is a valid, unbroken event chain from pinned_tip_said
to a state whose current key matches presented_pk.
§Arguments
did- The DID being verified (e.g., “did:keri:EXq5…”)pinned_tip_said- The SAID of the event at which we last pinned this identitypresented_pk- The raw public key bytes presented for verification
§Returns
Ok(Some(proof))- Rotation verified, contains new state to update pinOk(None)- Cannot verify continuity (tip not found, chain broken, key mismatch)Err(...)- Internal error (corrupt data, I/O failure)