hardbound 0.0.1

Hardbound — public trait surface for the enterprise hardware-bound trust tier of Web4. Implementations of these traits anchor identity, vault, witness chain, and policy in TPM 2.0 / YubiKey / Secure Enclave hardware. The reference closed-source implementation is at metalinxx.io; this crate is the contract any compatible implementation must satisfy.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

//! Hardware-attested signatures over witness chain entries.

use crate::Result;

/// One attested signature over a payload, signed by a
/// [`TrustedKeyProvider`][crate::TrustedKeyProvider] inside its
/// hardware anchor.
///
/// In the Hestia chain, each entry's `signer_lct` field today is a
/// software placeholder. With Hardbound, the daemon co-locates an
/// `Attestation` per chain entry; verifiers reconstruct the same
/// payload, then validate the signature against the public key
/// embedded in the anchor's [`TrustedKeyProvider::public_key`][crate::TrustedKeyProvider::public_key].
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct Attestation {
    /// Anchor that produced this signature.
    /// See [`TrustedKeyProvider::anchor_id`][crate::TrustedKeyProvider::anchor_id].
    pub anchor_id: String,

    /// Optional platform quote / firmware measurement bundle.
    /// For TPM: a `TPM2B_ATTEST` quote over the requested PCRs. For
    /// YubiKey: empty (the device itself is the attestation surface).
    pub quote: Vec<u8>,

    /// The signature bytes from [`TrustedKeyProvider::sign`][crate::TrustedKeyProvider::sign].
    pub signature: Vec<u8>,

    /// Unix epoch milliseconds at which the anchor produced this
    /// attestation. Verifiers cross-check this with the chain entry
    /// timestamp.
    pub timestamp_ms: i64,
}

/// Produces [`Attestation`]s over arbitrary payloads.
///
/// The split between this and [`TrustedKeyProvider`][crate::TrustedKeyProvider]
/// is deliberate: `TrustedKeyProvider` is a bare signer; an
/// `AttestationSigner` adds the platform-attestation envelope around
/// it (PCR quote for TPM, factory cert chain for YubiKey).
pub trait AttestationSigner: Send + Sync {
    /// Produce an attestation over `payload`. `nonce` is supplied by
    /// the caller to defeat replay; implementations MUST incorporate
    /// it into the signed bytes.
    fn sign_attestation(&self, payload: &[u8], nonce: &[u8]) -> Result<Attestation>;
}