tenuo 0.1.0-beta.22

Agent Capability Flow Control - Rust core library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

//! Domain separation constants for cryptographic signatures.
//!
//! These context prefixes prevent cross-protocol signature reuse attacks.
//! Each operation type has a unique prefix that is prepended to the
//! signable payload before signing/verification.
//!
//! ## Security Rationale
//!
//! Without domain separation, a signature for one context could be replayed
//! in another. For example, a PoP signature could potentially be reused as
//! an approval signature if both used the same format.
//!
//! By prefixing each signature type with a unique context string, we ensure
//! signatures are only valid for their intended purpose.

/// Domain separation context for Proof-of-Possession signatures.
///
/// Used when an agent proves it controls the private key bound to a warrant.
pub const POP_CONTEXT: &[u8] = b"tenuo-pop-v1";

/// Domain separation context for Approval signatures.
///
/// Used in human-in-the-loop and multi-sig workflows when an approver
/// signs off on a specific request.
pub const APPROVAL_CONTEXT: &[u8] = b"tenuo-approval-v1";

/// Domain separation context for key registration proofs.
///
/// Used when registering a new key with a notary to prove ownership.
pub const REGISTRATION_PROOF_CONTEXT: &[u8] = b"tenuo-key-registration-v1";

/// Domain separation context for key rotation proofs.
///
/// Used when rotating keys to prove control of both old and new keys.
pub const ROTATION_PROOF_CONTEXT: &[u8] = b"tenuo-key-rotation-v1";

/// Domain separation context for warrant signatures.
///
/// Used when signing warrant payloads during issuance.
pub const WARRANT_CONTEXT: &[u8] = b"tenuo-warrant-v1";

/// Sub-context for approval-context attestations (holder signs binding metadata).
///
/// Full preimage is: [`WARRANT_CONTEXT`] || this constant || version byte ||
/// length-prefixed fields (see [`crate::approval::build_approval_context_preimage`]).
pub const APPROVAL_CONTEXT_ATTESTATION: &[u8] = b"tenuo-approval-context-v1";

/// Domain separation context for revocation request signatures.
///
/// Used when a requestor signs a revocation request to prove they
/// authorize the revocation of a specific warrant.
pub const REVOCATION_REQUEST_CONTEXT: &[u8] = b"tenuo-revocation-request-v1";

/// Domain separation context for Signed Revocation List (SRL) signatures.
///
/// Used when the control plane signs a revocation list to prevent
/// tampering in transit.
pub const SRL_CONTEXT: &[u8] = b"tenuo-srl-v1";