pub struct ProofAuditor { /* private fields */ }Expand description
Proof verification engine with pluggable backends
The auditor performs cryptographic verification of IntegrityProof objects
with multi-layer security:
- Signature Verification: Ed25519 cryptographic signatures (KeyStore)
- TTL Enforcement: Time-based proof expiry
- Replay Attack Prevention: Persistent nonce tracking (NonceStore)
§Architecture (v1.4.0)
┌─────────────────┐
│ ProofAuditor │
└────────┬────────┘
│
├─── KeyStore ───────> SoftwareKeyStore (Ed25519)
│ HsmKeyStore (PKCS#11)
│
└─── NonceStore ─────> MemoryNonceStore (testing)
RocksDbNonceStore (production)
RedisNonceStore (distributed)§Example (Production Setup)
use _hope_core::auditor::ProofAuditor;
use _hope_core::crypto::SoftwareKeyStore;
use _hope_core::nonce_store::RocksDbNonceStore;
// Production setup: persistent nonce store
let key_store = SoftwareKeyStore::generate()?;
let nonce_store = RocksDbNonceStore::new("./hope_nonces.db")?;
let mut auditor = ProofAuditor::new(
Box::new(key_store),
Box::new(nonce_store),
);
// Verify proofs - nonces persist across restarts!
// auditor.verify_proof(&proof)?;Implementations§
Source§impl ProofAuditor
impl ProofAuditor
Sourcepub fn new(
key_store: Box<dyn KeyStore>,
nonce_store: Box<dyn NonceStore>,
) -> Self
pub fn new( key_store: Box<dyn KeyStore>, nonce_store: Box<dyn NonceStore>, ) -> Self
Create a new proof auditor with custom backends
§Arguments
key_store- Cryptographic key storage (SoftwareKeyStore, HsmKeyStore, etc.)nonce_store- Nonce tracking storage (MemoryNonceStore, RocksDbNonceStore, etc.)
§Example
use _hope_core::auditor::ProofAuditor;
use _hope_core::crypto::SoftwareKeyStore;
use _hope_core::nonce_store::MemoryNonceStore;
let key_store = SoftwareKeyStore::generate().unwrap();
let nonce_store = MemoryNonceStore::new();
let auditor = ProofAuditor::new(
Box::new(key_store),
Box::new(nonce_store),
);Sourcepub fn verify_proof(&mut self, proof: &IntegrityProof) -> Result<()>
pub fn verify_proof(&mut self, proof: &IntegrityProof) -> Result<()>
Verify a cryptographic proof
This performs comprehensive multi-layer verification:
- Signature Verification: Validates Ed25519 signature
- TTL Check: Ensures proof hasn’t expired
- Nonce Check: Prevents replay attacks (atomic check-and-insert)
§Arguments
proof- TheIntegrityProofto verify
§Returns
Ok(())if proof is valid and not replayedErr(InvalidSignature)if signature verification failsErr(ProofExpired)if proof TTL has expiredErr(NonceReused)if nonce was already used (replay attack)
§Security Guarantees
- Constant-time: Ed25519 verification prevents timing attacks
- Atomic nonce check: Race-condition free (even in distributed setup)
- Persistent protection: With RocksDB/Redis, survives restarts
§Example
use _hope_core::auditor::ProofAuditor;
use _hope_core::crypto::{KeyStore, SoftwareKeyStore}; // KeyStore trait needed for .sign()
use _hope_core::nonce_store::MemoryNonceStore;
use _hope_core::proof::{Action, IntegrityProof};
let key_store = SoftwareKeyStore::generate().unwrap();
let nonce_store = MemoryNonceStore::new();
let mut auditor = ProofAuditor::new(
Box::new(key_store.clone()),
Box::new(nonce_store),
);
// Create and sign a proof
let action = Action::delete("test.txt");
let mut proof = IntegrityProof::new(&action, "capsule123".into(), 3600);
proof.signature = key_store.sign(&proof.signing_data()).unwrap();
// Verify proof
assert!(auditor.verify_proof(&proof).is_ok());
// Replay attack: blocked!
assert!(auditor.verify_proof(&proof).is_err());Sourcepub fn verify_signature(&self, proof: &IntegrityProof) -> Result<()>
pub fn verify_signature(&self, proof: &IntegrityProof) -> Result<()>
Verify signature only (without nonce/TTL checks)
Use this for read-only verification without state changes. Does NOT mark nonce as used.
§Example
use _hope_core::auditor::ProofAuditor;
use _hope_core::crypto::{KeyStore, SoftwareKeyStore}; // KeyStore trait needed for .sign()
use _hope_core::nonce_store::MemoryNonceStore;
use _hope_core::proof::{Action, IntegrityProof};
let key_store = SoftwareKeyStore::generate().unwrap();
let nonce_store = MemoryNonceStore::new();
let auditor = ProofAuditor::new(
Box::new(key_store.clone()),
Box::new(nonce_store),
);
let action = Action::delete("test.txt");
let mut proof = IntegrityProof::new(&action, "capsule123".into(), 3600);
proof.signature = key_store.sign(&proof.signing_data()).unwrap();
// Verify signature multiple times (no nonce consumption)
assert!(auditor.verify_signature(&proof).is_ok());
assert!(auditor.verify_signature(&proof).is_ok());Sourcepub fn is_nonce_used(&self, nonce: &[u8; 32]) -> bool
pub fn is_nonce_used(&self, nonce: &[u8; 32]) -> bool
Check if a nonce has been used
Read-only operation - does not modify state.
Sourcepub fn used_nonce_count(&self) -> usize
pub fn used_nonce_count(&self) -> usize
Get count of used nonces
Useful for monitoring and debugging.
Sourcepub fn clear_nonces(&mut self) -> Result<()>
pub fn clear_nonces(&mut self) -> Result<()>
Clear all nonces (DANGEROUS - use only for testing!)
§Security Warning
This allows replay attacks! Only use for:
- Unit tests
- Development reset
- Maintenance with full system shutdown
Sourcepub fn cleanup_expired_nonces(&mut self) -> Result<usize>
pub fn cleanup_expired_nonces(&mut self) -> Result<usize>
Cleanup expired nonces (optional maintenance)
Most backends handle this automatically (e.g., Redis TTL), but RocksDB may benefit from periodic cleanup.
§Returns
Number of nonces removed
Sourcepub fn key_store_info(&self) -> String
pub fn key_store_info(&self) -> String
Get key store identifier (for logging/debugging)
Auto Trait Implementations§
impl Freeze for ProofAuditor
impl !RefUnwindSafe for ProofAuditor
impl Send for ProofAuditor
impl Sync for ProofAuditor
impl Unpin for ProofAuditor
impl !UnwindSafe for ProofAuditor
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more