proven 0.9.0

Safe, formally verified library for math, crypto, parsing, validation, and ML - Rust bindings
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186

// SPDX-License-Identifier: AGPL-3.0-or-later
// SPDX-FileCopyrightText: 2025 Hyperpolymath
//! Safe network address operations.

use crate::core::{Error, Result};
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};

/// Safe network operations.
pub struct SafeNetwork;

/// IPv4 address classification.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum Ipv4Class {
    /// Loopback (127.0.0.0/8)
    Loopback,
    /// Private (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
    Private,
    /// Link-local (169.254.0.0/16)
    LinkLocal,
    /// Multicast (224.0.0.0/4)
    Multicast,
    /// Broadcast (255.255.255.255)
    Broadcast,
    /// Public routable address
    Public,
}

/// CIDR notation representation.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct Cidr {
    /// Network address
    pub address: IpAddr,
    /// Prefix length
    pub prefix_len: u8,
}

impl SafeNetwork {
    /// Parse an IPv4 address.
    pub fn parse_ipv4(s: &str) -> Result<Ipv4Addr> {
        s.parse::<Ipv4Addr>()
            .map_err(|e| Error::ParseError(e.to_string()))
    }

    /// Parse an IPv6 address.
    pub fn parse_ipv6(s: &str) -> Result<Ipv6Addr> {
        s.parse::<Ipv6Addr>()
            .map_err(|e| Error::ParseError(e.to_string()))
    }

    /// Parse any IP address.
    pub fn parse_ip(s: &str) -> Result<IpAddr> {
        s.parse::<IpAddr>()
            .map_err(|e| Error::ParseError(e.to_string()))
    }

    /// Classify an IPv4 address.
    pub fn classify_ipv4(addr: &Ipv4Addr) -> Ipv4Class {
        if addr.is_loopback() {
            Ipv4Class::Loopback
        } else if addr.is_private() {
            Ipv4Class::Private
        } else if addr.is_link_local() {
            Ipv4Class::LinkLocal
        } else if addr.is_multicast() {
            Ipv4Class::Multicast
        } else if addr.is_broadcast() {
            Ipv4Class::Broadcast
        } else {
            Ipv4Class::Public
        }
    }

    /// Parse CIDR notation.
    pub fn parse_cidr(s: &str) -> Result<Cidr> {
        let parts: Vec<&str> = s.split('/').collect();
        if parts.len() != 2 {
            return Err(Error::ParseError("Invalid CIDR notation".into()));
        }

        let address = Self::parse_ip(parts[0])?;
        let prefix_len = parts[1]
            .parse::<u8>()
            .map_err(|_| Error::ParseError("Invalid prefix length".into()))?;

        let max_prefix = match address {
            IpAddr::V4(_) => 32,
            IpAddr::V6(_) => 128,
        };

        if prefix_len > max_prefix {
            return Err(Error::ValidationError(format!(
                "Prefix length {} exceeds maximum {}",
                prefix_len, max_prefix
            )));
        }

        Ok(Cidr {
            address,
            prefix_len,
        })
    }

    /// Check if an IP is within a CIDR range.
    pub fn is_in_cidr(ip: &IpAddr, cidr: &Cidr) -> bool {
        match (ip, &cidr.address) {
            (IpAddr::V4(ip), IpAddr::V4(net)) => {
                let ip_bits = u32::from_be_bytes(ip.octets());
                let net_bits = u32::from_be_bytes(net.octets());
                let mask = if cidr.prefix_len == 0 {
                    0
                } else {
                    !0u32 << (32 - cidr.prefix_len)
                };
                (ip_bits & mask) == (net_bits & mask)
            }
            (IpAddr::V6(ip), IpAddr::V6(net)) => {
                let ip_bits = u128::from_be_bytes(ip.octets());
                let net_bits = u128::from_be_bytes(net.octets());
                let mask = if cidr.prefix_len == 0 {
                    0
                } else {
                    !0u128 << (128 - cidr.prefix_len)
                };
                (ip_bits & mask) == (net_bits & mask)
            }
            _ => false, // IPv4/IPv6 mismatch
        }
    }

    /// Validate a port number.
    pub fn validate_port(port: u16) -> bool {
        true // All u16 values are valid ports
    }

    /// Check if port is well-known (0-1023).
    pub fn is_well_known_port(port: u16) -> bool {
        port <= 1023
    }

    /// Check if port is registered (1024-49151).
    pub fn is_registered_port(port: u16) -> bool {
        (1024..=49151).contains(&port)
    }

    /// Check if port is dynamic/private (49152-65535).
    pub fn is_dynamic_port(port: u16) -> bool {
        port >= 49152
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_parse_ipv4() {
        let addr = SafeNetwork::parse_ipv4("192.168.1.1").unwrap();
        assert_eq!(addr.octets(), [192, 168, 1, 1]);
    }

    #[test]
    fn test_classify_ipv4() {
        assert_eq!(
            SafeNetwork::classify_ipv4(&Ipv4Addr::new(127, 0, 0, 1)),
            Ipv4Class::Loopback
        );
        assert_eq!(
            SafeNetwork::classify_ipv4(&Ipv4Addr::new(192, 168, 1, 1)),
            Ipv4Class::Private
        );
        assert_eq!(
            SafeNetwork::classify_ipv4(&Ipv4Addr::new(8, 8, 8, 8)),
            Ipv4Class::Public
        );
    }

    #[test]
    fn test_cidr() {
        let cidr = SafeNetwork::parse_cidr("192.168.0.0/24").unwrap();
        let ip1 = IpAddr::V4(Ipv4Addr::new(192, 168, 0, 100));
        let ip2 = IpAddr::V4(Ipv4Addr::new(192, 168, 1, 1));

        assert!(SafeNetwork::is_in_cidr(&ip1, &cidr));
        assert!(!SafeNetwork::is_in_cidr(&ip2, &cidr));
    }
}