Skip to main content

Crate pqrascv_core

Crate pqrascv_core 

Source
Expand description

§pqrascv-core

Post-Quantum Remote Attestation & Supply-Chain Verification (PQ-RASCV) prover core — a no_std + alloc Rust library.

§Overview

This crate implements the prover side of the PQ-RASCV challenge-response protocol (IETF RATS-inspired):

Verifier ──── Challenge { nonce } ────► Prover
         ◄─── AttestationQuote (CBOR) ──

The verifier sends a 32-byte random nonce. The prover:

  1. Collects platform measurements via a measurement::RoT backend.
  2. Attaches in-toto / SLSA provenance via provenance::InTotoAttestation.
  3. Assembles and ML-DSA-65 signs a quote::AttestationQuote.
  4. Returns the CBOR-encoded quote to the verifier.

§Feature flags

FlagDefaultPurpose
stdyesLink against std, enable std::error::Error impls
allocyesHeap allocation (required for quote assembly)
hardware-tpmnoTPM 2.0 measurement backend
dicenoDICE RoT measurement backend

§Quick start

use pqrascv_core::{
    crypto::{generate_ml_dsa_keypair, MlDsaBackend},
    measurement::SoftwareRoT,
    provenance::SlsaPredicateBuilder,
    quote::generate_quote,
};

let (sk, vk) = generate_ml_dsa_keypair().unwrap();

let rot = SoftwareRoT::new(b"my-firmware", None, 1);
let provenance = SlsaPredicateBuilder::new("https://ci.example.com")
    .add_subject("fw.bin", &[0xabu8; 32])
    .with_slsa_level(2)
    .build()
    .unwrap();

let nonce = [0x42u8; 32]; // from verifier's Challenge
let quote = generate_quote(&rot, &MlDsaBackend, sk.as_bytes(), &vk, &nonce, provenance, 0).unwrap();
let cbor = quote.to_cbor().unwrap();

Re-exports§

pub use config::PolicyConfig;
pub use error::PqRascvError;
pub use quote::generate_quote;
pub use quote::AttestationQuote;
pub use quote::Challenge;

Modules§

backends
Optional hardware-specific Root-of-Trust backends.
config
Policy configuration for the PQ-RASCV attestation engine.
crypto
Post-quantum cryptography abstraction layer.
error
Error types for pqrascv-core.
measurement
Measurement layer — hardware-agnostic Root-of-Trust abstraction.
provenance
Provenance layer — in-toto attestations and SLSA v1 predicates.
quote
Quote assembly — AttestationQuote and the generate_quote entry point.