kimberlite-crypto 0.6.2

Cryptographic primitives for Kimberlite
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

//! Proof Certificates from Coq Verification
//!
//! This module defines proof certificates that are embedded in verified
//! cryptographic implementations. Each certificate documents that the
//! implementation satisfies formal specifications proven in Coq.
//!
//! Certificates are extracted from Coq `ProofCertificate` records and
//! embedded as compile-time constants in Rust code.

use std::fmt;

/// Proof certificate documenting a formally verified theorem
///
/// This is extracted from the Coq `ProofCertificate` record type defined
/// in `specs/coq/Common.v`. Each verified function includes its certificate,
/// enabling:
/// - Audit trail of which theorems apply to the implementation
/// - Runtime verification that code matches specifications
/// - Compliance documentation generation
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub struct ProofCertificate {
    /// Unique theorem identifier
    ///
    /// IDs are allocated in ranges:
    /// - 100-199: SHA-256 theorems
    /// - 200-299: BLAKE3 theorems
    /// - 300-399: AES-GCM theorems
    /// - 400-499: Ed25519 theorems
    /// - 500-599: Key hierarchy theorems
    pub theorem_id: u32,

    /// Proof system identifier
    ///
    /// - 1: Coq 8.18
    /// - 2: TLAPS (TLA+ Proof System)
    /// - 3: Ivy
    /// - 4: Alloy
    pub proof_system_id: u32,

    /// Verification date (YYYYMMDD format)
    ///
    /// Example: 20260205 = February 5, 2026
    pub verified_at: u32,

    /// Number of computational assumptions (axioms)
    ///
    /// Lower is better. Zero assumptions means fully proven.
    pub assumption_count: u32,
}

impl ProofCertificate {
    /// Create a new proof certificate
    pub const fn new(
        theorem_id: u32,
        proof_system_id: u32,
        verified_at: u32,
        assumption_count: u32,
    ) -> Self {
        Self {
            theorem_id,
            proof_system_id,
            verified_at,
            assumption_count,
        }
    }

    /// Get the proof system name
    pub fn proof_system_name(&self) -> &'static str {
        match self.proof_system_id {
            1 => "Coq 8.18",
            2 => "TLAPS",
            3 => "Ivy",
            4 => "Alloy",
            _ => "Unknown",
        }
    }

    /// Get the verification year
    pub fn verification_year(&self) -> u32 {
        self.verified_at / 10000
    }

    /// Check if the proof is complete (no assumptions)
    pub fn is_complete(&self) -> bool {
        self.assumption_count == 0
    }
}

impl fmt::Display for ProofCertificate {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(
            f,
            "ProofCertificate {{ theorem_id: {}, proof_system: {}, verified: {}, assumptions: {} }}",
            self.theorem_id,
            self.proof_system_name(),
            self.verified_at,
            self.assumption_count
        )
    }
}

/// Trait for types that carry proof certificates
pub trait Verified {
    /// Get the proof certificate for this implementation
    fn proof_certificate() -> ProofCertificate;

    /// Get the theorem name
    fn theorem_name() -> &'static str;

    /// Get a human-readable description of what was proven
    fn theorem_description() -> &'static str;
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_proof_certificate_display() {
        let cert = ProofCertificate::new(100, 1, 20_260_205, 1);
        let display = format!("{cert}");
        assert!(display.contains("theorem_id: 100"));
        assert!(display.contains("Coq 8.18"));
        assert!(display.contains("20260205"));
        assert!(display.contains("assumptions: 1"));
    }

    #[test]
    fn test_proof_system_name() {
        let cert = ProofCertificate::new(100, 1, 20_260_205, 0);
        assert_eq!(cert.proof_system_name(), "Coq 8.18");
    }

    #[test]
    fn test_verification_year() {
        let cert = ProofCertificate::new(100, 1, 20_260_205, 0);
        assert_eq!(cert.verification_year(), 2026);
    }

    #[test]
    fn test_is_complete() {
        let complete = ProofCertificate::new(100, 1, 20_260_205, 0);
        assert!(complete.is_complete());

        let partial = ProofCertificate::new(100, 1, 20_260_205, 2);
        assert!(!partial.is_complete());
    }
}