Expand description
Ratify Protocol v1 — hybrid (Ed25519 + ML-DSA-65) crypto primitives.
Uses:
ed25519-dalek— audited Ed25519, pure Rust.fips204— pure-Rust ML-DSA-65 (FIPS 204), no_std compatible.
Every sign produces BOTH component signatures. Every verify checks BOTH; either failure fails the whole signature.
Functions§
- chain_
hash - 32-byte SHA-256 of the concatenated delegation_sign_bytes of each cert. Used as a stable chain identity inside SessionToken — a cert rotation changes chain_hash, invalidating every token issued against the old chain.
- challenge_
sign_ bytes - Canonical bytes signed to produce ProofBundle.challenge_sig.
- challenge_
sign_ bytes_ with_ session_ context - v1.1 session-bound challenge signable bytes: challenge || big-endian uint64(ts) || session_context.
- challenge_
sign_ bytes_ with_ stream - v1.1 stream-bound challenge signable bytes. Layout:
challenge || big-endian uint64(ts) || [session_context] || stream_id || big-endian int64(stream_seq). - delegation_
sign_ bytes - Canonical bytes signed to produce DelegationCert.signature.
- derive_
id hex(SHA-256(ed25519_pub || ml_dsa_65_pub)[:16]).- generate_
agent - Generate a fresh AgentIdentity.
- generate_
challenge - 32 cryptographically random bytes from OS RNG.
- generate_
human_ root - Generate a fresh HumanRoot (public + private).
- generate_
hybrid_ keypair - Fresh hybrid keypair from OS randomness. Two independent seeds.
- issue_
delegation - issue_
key_ rotation_ statement - issue_
revocation_ list - issue_
revocation_ push - issue_
session_ token - Issue a SessionToken from a previously verified bundle’s result. Callers MUST only invoke this after verify_bundle returned valid=true.
- issue_
witness_ entry - key_
rotation_ sign_ bytes - Canonical bytes signed by both old and new keys in KeyRotationStatement. Keys: new_id, new_pub_key, old_id, old_pub_key, reason, rotated_at, version.
- revocation_
push_ sign_ bytes - Canonical bytes signed to produce RevocationPush.signature. Keys: entries, issuer_id, pushed_at, seq_no.
- revocation_
sign_ bytes - Canonical bytes signed to produce RevocationList.signature. Keys: issuer_id, revoked_certs, updated_at.
- session_
token_ sign_ bytes - Canonical MAC-input bytes for a SessionToken. The MAC itself is excluded from the signable (a MAC cannot cover itself). Keys: agent_id, agent_pub_key, chain_hash, granted_scope, human_id, issued_at, session_id, valid_until, version.
- sign_
both - Produce a hybrid signature. Both components over identical
msg. - sign_
challenge - sign_
challenge_ with_ session_ context - sign_
challenge_ with_ stream - sign_
transaction_ receipt_ party - Produce a party’s hybrid signature over the receipt’s canonical signable.
- transaction_
receipt_ sign_ bytes - Canonical bytes that every party signs to bind a TransactionReceipt. Parties are sorted lex by party_id; party object keys: agent_id, agent_pub_key, party_id, role. Outer keys: created_at, parties, terms_canonical_json, terms_schema_uri, transaction_id, version.
- verify_
both - Verify both components. Returns Ok iff both verify; Err with diagnostic.
- verify_
challenge_ signature - verify_
challenge_ signature_ with_ session_ context - verify_
challenge_ signature_ with_ stream - verify_
delegation_ signature - verify_
delegation_ signature_ e - verify_
key_ rotation_ statement - verify_
revocation_ list - verify_
revocation_ push - verify_
session_ token - verify_
session_ token_ e - Check a SessionToken’s HMAC against session_secret and its validity
window against
now(unix seconds). Returns Ok on success. - verify_
witness_ entry - witness_
entry_ sign_ bytes - Canonical bytes signed to produce WitnessEntry.signature. Keys: entry_data, prev_hash, timestamp, witness_id.