vwh-core 2.0.0

Cryptographic accountability tool for verifying digital presence.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

pub mod crypto;
pub mod error;
pub mod format;
pub mod verify;

pub use error::{Error, Result};
pub use format::{Artifact, ArtifactState, FLAG_SEALED, MAGIC};

// ArtifactId, Intent, KeyFingerprint are defined in this module and exported below

use serde::{Deserialize, Serialize};
use std::fmt;

/// Artifact ID: immutable 128-bit random identifier
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub struct ArtifactId(pub [u8; 16]);

impl ArtifactId {
    pub fn new() -> Self {
        use rand::RngCore;
        let mut id = [0u8; 16];
        rand::thread_rng().fill_bytes(&mut id);
        Self(id)
    }

    pub fn from_bytes(bytes: [u8; 16]) -> Self {
        Self(bytes)
    }

    pub fn to_hex(&self) -> String {
        hex::encode(self.0)
    }

    pub fn from_hex(s: &str) -> Result<Self> {
        let bytes = hex::decode(s).map_err(|_| Error::InvalidHex)?;
        if bytes.len() != 16 {
            return Err(Error::InvalidArtifactId);
        }
        let mut arr = [0u8; 16];
        arr.copy_from_slice(&bytes);
        Ok(Self(arr))
    }

    /// Short display (first 8 bytes)
    pub fn short_display(&self) -> String {
        hex::encode(&self.0[..8])
    }
}

impl fmt::Display for ArtifactId {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "{}", self.to_hex())
    }
}

impl Default for ArtifactId {
    fn default() -> Self {
        Self::new()
    }
}

/// Intent enum (mandatory, no default)
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[repr(u8)]
pub enum Intent {
    Lab = 0,
    OwnedInfra = 1,
    AuthRedteam = 2,
    BlueRemediation = 3,
    Research = 4,
}

impl Intent {
    pub fn from_u8(value: u8) -> Result<Self> {
        match value {
            0 => Ok(Intent::Lab),
            1 => Ok(Intent::OwnedInfra),
            2 => Ok(Intent::AuthRedteam),
            3 => Ok(Intent::BlueRemediation),
            4 => Ok(Intent::Research),
            _ => Err(Error::InvalidIntent(value)),
        }
    }

    pub fn to_u8(self) -> u8 {
        self as u8
    }

    pub fn as_str(&self) -> &'static str {
        match self {
            Intent::Lab => "LAB",
            Intent::OwnedInfra => "OWNED-INFRA",
            Intent::AuthRedteam => "AUTH-REDTEAM",
            Intent::BlueRemediation => "BLUE-REMEDIATION",
            Intent::Research => "RESEARCH",
        }
    }

    pub fn all() -> &'static [Intent] {
        &[
            Intent::Lab,
            Intent::OwnedInfra,
            Intent::AuthRedteam,
            Intent::BlueRemediation,
            Intent::Research,
        ]
    }

    pub fn from_str(s: &str) -> Result<Self> {
        match s.to_uppercase().as_str() {
            "LAB" => Ok(Intent::Lab),
            "OWNED-INFRA" | "OWNED_INFRA" => Ok(Intent::OwnedInfra),
            "AUTH-REDTEAM" | "AUTH_REDTEAM" | "AUTHREDTEAM" => Ok(Intent::AuthRedteam),
            "BLUE-REMEDIATION" | "BLUE_REMEDIATION" => Ok(Intent::BlueRemediation),
            "RESEARCH" => Ok(Intent::Research),
            _ => Err(Error::InvalidIntentString(s.to_string())),
        }
    }
}

impl fmt::Display for Intent {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "{}", self.as_str())
    }
}

/// Public key fingerprint (BLAKE3 hash of public key bytes)
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct KeyFingerprint(pub [u8; 32]);

impl KeyFingerprint {
    pub fn new(public_key_bytes: &[u8; 32]) -> Self {
        let hash = blake3::hash(public_key_bytes);
        Self(*hash.as_bytes())
    }

    pub fn to_hex(&self) -> String {
        hex::encode(self.0)
    }

    pub fn short_display(&self) -> String {
        hex::encode(&self.0[..8])
    }
}

impl fmt::Display for KeyFingerprint {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "{}", self.short_display())
    }
}

/// Revocation reason
#[derive(Debug, Clone, Copy, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub enum RevocationReason {
    Error,
    Compromised,
    Superseded,
    AccessRevoked,
    Other,
}