Skip to main content

pqrascv_core/
lib.rs

1//! # pqrascv-core
2//!
3//! **Post-Quantum Remote Attestation & Supply-Chain Verification (PQ-RASCV)**
4//! prover core — a `no_std + alloc` Rust library.
5//!
6//! ## Overview
7//!
8//! This crate implements the prover side of the PQ-RASCV challenge-response
9//! protocol (IETF RATS-inspired):
10//!
11//! ```text
12//! Verifier ──── Challenge { nonce } ────► Prover
13//!          ◄─── AttestationQuote (CBOR) ──
14//! ```
15//!
16//! The verifier sends a 32-byte random nonce.  The prover:
17//!
18//! 1. Collects platform measurements via a [`measurement::RoT`] backend.
19//! 2. Attaches in-toto / SLSA provenance via [`provenance::InTotoAttestation`].
20//! 3. Assembles and ML-DSA-65 signs a [`quote::AttestationQuote`].
21//! 4. Returns the CBOR-encoded quote to the verifier.
22//!
23//! ## Feature flags
24//!
25//! | Flag | Default | Purpose |
26//! |------|---------|---------|
27//! | `std` | **yes** | Link against std, enable `std::error::Error` impls |
28//! | `alloc` | **yes** | Heap allocation (required for quote assembly) |
29//! | `hardware-tpm` | no | TPM 2.0 measurement backend |
30//! | `dice` | no | DICE RoT measurement backend |
31//!
32//! ## Quick start
33//!
34//! ```rust,no_run
35//! use pqrascv_core::{
36//!     crypto::{generate_ml_dsa_keypair, MlDsaBackend},
37//!     measurement::SoftwareRoT,
38//!     provenance::SlsaPredicateBuilder,
39//!     quote::generate_quote,
40//! };
41//!
42//! let (sk, vk) = generate_ml_dsa_keypair().unwrap();
43//!
44//! let rot = SoftwareRoT::new(b"my-firmware", None, 1);
45//! let provenance = SlsaPredicateBuilder::new("https://ci.example.com")
46//!     .add_subject("fw.bin", &[0xabu8; 32])
47//!     .with_slsa_level(2)
48//!     .build()
49//!     .unwrap();
50//!
51//! let nonce = [0x42u8; 32]; // from verifier's Challenge
52//! let quote = generate_quote(&rot, &MlDsaBackend, sk.as_bytes(), &vk, &nonce, provenance, 0).unwrap();
53//! let cbor = quote.to_cbor().unwrap();
54//! ```
55
56#![cfg_attr(not(feature = "std"), no_std)]
57#![deny(clippy::all, clippy::pedantic)]
58#![allow(clippy::module_name_repetitions)]
59// Allow missing_errors_doc and missing_panics_doc at module level — every
60// public item in this crate does document errors via `# Errors` sections.
61#![allow(clippy::missing_errors_doc)]
62
63#[cfg(feature = "alloc")]
64extern crate alloc;
65
66pub mod backends;
67pub mod config;
68pub mod crypto;
69pub mod error;
70pub mod measurement;
71pub mod provenance;
72pub mod quote;
73
74// ── Convenience re-exports ───────────────────────────────────────────────────
75
76pub use config::PolicyConfig;
77pub use error::PqRascvError;
78
79#[cfg(feature = "alloc")]
80pub use quote::{generate_quote, AttestationQuote, Challenge};