mkit-git-bridge 0.3.0

Deterministic mkit↔git bridge: export translation (SPEC-GIT-BRIDGE) and importer-signed import (SPEC-GIT-IMPORT)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

//! Shallow signature verification (SPEC-GIT-BRIDGE §10).
//!
//! Shallow mode rebuilds the mkit object from a single bridge-emitted
//! git commit/tag (self-contained: the carried headers include the
//! mkit tree/parent/target hashes) and checks its Ed25519 signature
//! under the proper domain via mkit-core's strict verifier. It proves
//! the carried fields are exactly what the original signer signed; it
//! does NOT prove the surrounding git graph corresponds to those
//! BLAKE3 hashes — that is deep verification (full [`crate::reconstruct`]
//! over the closure, driven by the caller).

use crate::error::BridgeError;
use crate::gitobj::{GitObject, GitType};
use crate::reconstruct;
use mkit_core::object::Object;

/// Outcome of a shallow check.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum ShallowVerdict {
    /// Signature verifies under the object's signing domain.
    Verified,
    /// All-zero signature: the unsigned convention (SPEC-SIGNING §4a).
    /// Report as "unsigned", never as tampered.
    Unsigned,
    /// A non-zero signature that does not verify.
    Failed,
}

/// Shallow-verify a bridge-emitted git commit or tag.
pub fn shallow_verify(obj: &GitObject) -> Result<ShallowVerdict, BridgeError> {
    let rec = match obj.gtype {
        GitType::Commit => reconstruct::reconstruct_commit(&obj.body)?,
        GitType::Tag => reconstruct::reconstruct_tag(&obj.body)?,
        GitType::Blob | GitType::Tree => {
            return Err(BridgeError::NotBridgeObject(
                "shallow verification applies to commits and tags only".into(),
            ));
        }
    };
    Ok(match rec.object {
        Object::Commit(ref c) => {
            if c.signature == [0u8; 64] {
                ShallowVerdict::Unsigned
            } else if mkit_core::sign::verify_commit(c).is_ok() {
                ShallowVerdict::Verified
            } else {
                ShallowVerdict::Failed
            }
        }
        Object::Tag(ref t) => {
            if t.signature == [0u8; 64] {
                ShallowVerdict::Unsigned
            } else if mkit_core::sign::verify_tag(t).is_ok() {
                ShallowVerdict::Verified
            } else {
                ShallowVerdict::Failed
            }
        }
        _ => unreachable!("reconstruct_commit/tag return Commit/Tag"),
    })
}