pqrascv-hardware 1.0.0-rc.5

Hardware-rooted trust and distributed verifier consensus for PQ-RASCV
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

//! Verifier Transparency Accountability Log
//!
//! All verifier actions that affect attestation outcomes MUST be recorded as
//! [`VerifierTransparencyEvent`]s in an append-only
//! [`VerifierTransparencyLog`]. No event may be removed or mutated after
//! appending.
//!
//! # Relationship to [`TransparencyEvent`]
//!
//! [`crate::transparency_log::TransparencyEvent`] records attestation-level
//! events. This module records **verifier-level** events — actions taken by
//! the verifier itself (accepting/rejecting attestations, participating in
//! quorum, executing governance).

use alloc::string::String;
use alloc::vec::Vec;

use crate::digest::TypedDigest;

// ── VerifierEventType ─────────────────────────────────────────────────────

/// The type of event recorded in a verifier's transparency log.
#[derive(Debug, Clone, Copy, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
pub enum VerifierEventType {
    /// The verifier accepted an attestation as trustworthy.
    AttestationVerified,
    /// The verifier rejected an attestation.
    AttestationRejected,
    /// The verifier detected a policy violation.
    PolicyViolation,
    /// The verifier participated in a quorum vote.
    QuorumParticipation,
    /// The verifier executed or recorded a governance action.
    GovernanceActionExecuted,
}

// ── VerifierTransparencyEvent ─────────────────────────────────────────────

/// A single, immutable transparency event from a verifier.
///
/// The `event_hash` is a [`TypedDigest`] over the event content, produced
/// by the caller and stored here for auditability.
#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
pub struct VerifierTransparencyEvent {
    /// The verifier that produced this event.
    pub verifier_id: String,
    /// Typed digest of the event content (SHA3-256 recommended).
    pub event_hash: TypedDigest,
    /// Unix seconds when the event occurred.
    pub timestamp: u64,
    /// Classification of the event.
    pub event_type: VerifierEventType,
}

// ── VerifierTransparencyLog ───────────────────────────────────────────────

/// An append-only log of verifier transparency events.
///
/// Events are pushed in order and may never be removed or reordered.
/// The log is keyed to a single `verifier_id`.
#[derive(Debug, Default, serde::Serialize, serde::Deserialize)]
pub struct VerifierTransparencyLog {
    /// The verifier this log belongs to.
    pub verifier_id: String,
    events: Vec<VerifierTransparencyEvent>,
}

impl VerifierTransparencyLog {
    /// Creates an empty log for the given verifier.
    #[must_use]
    pub fn new(verifier_id: String) -> Self {
        Self {
            verifier_id,
            events: Vec::new(),
        }
    }

    /// Appends an event to the log.
    ///
    /// Returns an error if the event's `verifier_id` does not match this log's
    /// `verifier_id`, preventing cross-verifier event injection.
    pub fn append(&mut self, event: VerifierTransparencyEvent) -> Result<(), TransparencyLogError> {
        if event.verifier_id != self.verifier_id {
            return Err(TransparencyLogError::VerifierIdMismatch {
                expected: self.verifier_id.clone(),
                got: event.verifier_id,
            });
        }
        self.events.push(event);
        Ok(())
    }

    /// Returns the number of events in the log.
    #[must_use]
    pub fn event_count(&self) -> usize {
        self.events.len()
    }

    /// Returns a read-only slice of all events.
    #[must_use]
    pub fn events(&self) -> &[VerifierTransparencyEvent] {
        &self.events
    }

    /// Returns the latest event, if any.
    #[must_use]
    pub fn latest(&self) -> Option<&VerifierTransparencyEvent> {
        self.events.last()
    }
}

// ── TransparencyLogError ──────────────────────────────────────────────────

/// Errors from transparency log operations.
#[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
pub enum TransparencyLogError {
    /// The event's `verifier_id` does not match the log's `verifier_id`.
    VerifierIdMismatch { expected: String, got: String },
}

impl core::fmt::Display for TransparencyLogError {
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        match self {
            Self::VerifierIdMismatch { expected, got } => write!(
                f,
                "verifier ID mismatch in transparency log: expected {expected}, got {got}"
            ),
        }
    }
}

// ── Tests ─────────────────────────────────────────────────────────────────

#[cfg(test)]
mod tests {
    use super::*;
    use crate::digest::DigestAlgorithm;

    fn make_event(
        verifier_id: &str,
        ts: u64,
        event_type: VerifierEventType,
    ) -> VerifierTransparencyEvent {
        VerifierTransparencyEvent {
            verifier_id: verifier_id.into(),
            event_hash: TypedDigest {
                algorithm: DigestAlgorithm::Sha3_256,
                value: [0u8; 32],
            },
            timestamp: ts,
            event_type,
        }
    }

    #[test]
    fn append_and_count() {
        let mut log = VerifierTransparencyLog::new("v1".into());
        assert_eq!(log.event_count(), 0);

        log.append(make_event(
            "v1",
            100,
            VerifierEventType::AttestationVerified,
        ))
        .unwrap();
        log.append(make_event(
            "v1",
            200,
            VerifierEventType::QuorumParticipation,
        ))
        .unwrap();
        assert_eq!(log.event_count(), 2);
    }

    #[test]
    fn rejects_wrong_verifier_id() {
        let mut log = VerifierTransparencyLog::new("v1".into());
        let err = log
            .append(make_event("v2", 100, VerifierEventType::PolicyViolation))
            .unwrap_err();
        assert!(matches!(
            err,
            TransparencyLogError::VerifierIdMismatch { .. }
        ));
    }

    #[test]
    fn latest_returns_last_appended() {
        let mut log = VerifierTransparencyLog::new("v1".into());
        log.append(make_event("v1", 10, VerifierEventType::AttestationVerified))
            .unwrap();
        log.append(make_event("v1", 20, VerifierEventType::AttestationRejected))
            .unwrap();
        assert_eq!(log.latest().unwrap().timestamp, 20);
        assert_eq!(
            log.latest().unwrap().event_type,
            VerifierEventType::AttestationRejected
        );
    }
}