pqrascv-hardware 1.0.0-rc.5

Hardware-rooted trust and distributed verifier consensus for PQ-RASCV
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

use crate::policy::{HardwarePolicyContext, HardwarePolicyError, HardwarePolicyRule};

#[allow(clippy::too_many_lines, clippy::collapsible_match)]
pub fn evaluate_domain_rule(
    rule: &HardwarePolicyRule,
    ctx: &HardwarePolicyContext<'_>,
) -> Result<bool, HardwarePolicyError> {
    match rule {
        // ── Phase 2.9 Federated Trust Rules ──────────────────────────
        HardwarePolicyRule::RequireVerifierFederation => {
            if ctx.federation.is_none() {
                return Err(HardwarePolicyError::VerifierFederationMissing);
            }
        }
        HardwarePolicyRule::RequireConsensusQuorum { min_votes } => {
            let eval = ctx
                .consensus_evaluation
                .ok_or(HardwarePolicyError::VerifierFederationMissing)?;
            if eval.participating < *min_votes {
                return Err(HardwarePolicyError::ConsensusQuorumFailed {
                    decision: eval.final_decision.clone(),
                });
            }
            if !eval.final_decision.is_trusted() {
                return Err(HardwarePolicyError::ConsensusQuorumFailed {
                    decision: eval.final_decision.clone(),
                });
            }
        }
        HardwarePolicyRule::RequireTransparencyConsensus => {
            let report = ctx
                .timeline_reconciliation
                .ok_or(HardwarePolicyError::TransparencyConsensusFailed)?;
            if report.conflicts_detected {
                return Err(HardwarePolicyError::TransparencyConsensusFailed);
            }
        }
        HardwarePolicyRule::RequireFederatedPolicyApproval => {
            let epoch = ctx
                .federated_epoch
                .ok_or(HardwarePolicyError::FederatedPolicyApprovalMissing)?;
            if !epoch.quorum_reached {
                return Err(HardwarePolicyError::FederatedEpochQuorumNotReached {
                    epoch_id: epoch.epoch_id,
                });
            }
        }
        HardwarePolicyRule::RequireTimelineConsistency => {
            let report = ctx
                .timeline_reconciliation
                .ok_or(HardwarePolicyError::TimelineConflictDetected)?;
            if report.conflicts_detected || report.missing_events {
                return Err(HardwarePolicyError::TimelineConflictDetected);
            }
        }
        HardwarePolicyRule::RequireRetentionCompliance => {
            if ctx.compacted_timeline.is_none() && ctx.runtime_stream.is_some() {
                // Very simplistic heuristic mapping for the policy engine context
                return Err(HardwarePolicyError::RetentionComplianceViolated);
            }
        }
        // ── Phase 3.3 Byzantine Federation Convergence ─────────────────
        HardwarePolicyRule::RequireVerifierRevocationChecks => {
            if ctx.revocation_list.is_none() {
                return Err(HardwarePolicyError::VerifierRevoked("Unknown".into()));
            }
        }
        _ => return Ok(false),
    }
    Ok(true)
}