Skip to main content

Crate uvb_mrvb

Crate uvb_mrvb 

Source
Expand description

uvb-mrvb: MRVB Assertion Signing and Verification for UVB

This crate provides cryptographic signing and verification for MRVB (Multi-Rail Verification Bus) assertions with support for:

  • Classical cryptography: Ed25519 (fast, widely supported)
  • Post-quantum cryptography: Dilithium3 (quantum-resistant, optional)
  • Hybrid mode: Ed25519 + Dilithium3 (best of both worlds, optional)

§Architecture

This implementation matches the MRVB+KMS pack design:

  • KeyPairSet for managing keypairs with rotation support
  • AssertionClaims for structured JWT-like claims
  • SignedAssertion for signed assertion tokens
  • MrvbAssertionSigner trait for signing operations
  • MrvbAssertionVerifier trait for verification operations

§Example

use uvb_mrvb::{MrvbConfig, MrvbMode, Ed25519AssertionSigner, AssertionClaims, MrvbAssertionSigner};

// Generate a new Ed25519 keypair
let config = MrvbConfig {
    mode: MrvbMode::ClassicalOnly,
    keyset_id: "default".to_string(),
};

let signer = Ed25519AssertionSigner::generate(config)?;

// Create assertion claims
let claims = AssertionClaims {
    session_id: "session_123".to_string(),
    user_id: Some("user_456".to_string()),
    rail: "email".to_string(),
    verification_level: "high".to_string(),
    issued_at: chrono::Utc::now(),
    expires_at: chrono::Utc::now() + chrono::Duration::hours(1),
    metadata: Default::default(),
};

// Sign the claims (async)
let assertion = signer.sign_assertion(&claims).await?;

// Verify the assertion
let verifier = signer.verifier();
let verified_claims = verifier.verify_assertion(&assertion)?;

assert_eq!(verified_claims.session_id, "session_123");

Structs§

AssertionClaims
Assertion claims structure for MRVB verification tokens.
ClassicalKeyPair
Classical keypair (e.g., Ed25519).
Ed25519AssertionSigner
Ed25519 assertion signer.
Ed25519AssertionVerifier
Ed25519 assertion verifier.
HybridSignature
Result of a hybrid signature operation.
KeyPairSet
Combined keyset for hybrid signing/verification.
MrvbConfig
MRVB configuration for signing operations.
PqcKeyPair
Stub for non-pqc builds
SignedAssertion
A signed MRVB assertion token.

Enums§

MrvbError
MRVB error types
MrvbMode
MRVB signing mode configuration.

Traits§

MrvbAssertionSigner
Trait for MRVB assertion signing.
MrvbAssertionVerifier
Trait for MRVB assertion verification.

Type Aliases§

MrvbResult
Result type for MRVB operations