init: cryptographic append-only ledger

2025-12-26 23:21:39 +00:00
commit 833c408a30
23 changed files with 3477 additions and 0 deletions
--- a/crates/ledger-core/tests/attestation_vectors.rs
+++ b/crates/ledger-core/tests/attestation_vectors.rs
@@ -0,0 +1,147 @@
+use ed25519_dalek::{Signer, SigningKey};
+
+use ledger_core::attestation::{
+    checkpoint_attestation_signing_message_v0, checkpoint_attestation_signing_message_v1,
+};
+use ledger_core::{
+    CHECKPOINT_ATTESTATION_V0_FORMAT, CHECKPOINT_ATTESTATION_V1_FORMAT, CheckpointAttestationV0,
+    CheckpointAttestationV1, verify_checkpoint_attestation_v0, verify_checkpoint_attestation_v1,
+};
+
+fn hex(bytes: &[u8]) -> String {
+    bytes.iter().map(|b| format!("{:02x}", b)).collect()
+}
+
+#[test]
+fn checkpoint_attestation_v0_vectors() {
+    let signing_key = SigningKey::from_bytes(&[0x44u8; 32]);
+    let witness_pubkey = signing_key.verifying_key().to_bytes();
+
+    let genesis = [0x11u8; 32];
+    let entry_count = 7u64;
+    let merkle_root = [0x22u8; 32];
+    let head_hash = [0x33u8; 32];
+    let ts_seen_ms = 123_456_789u64;
+
+    let msg = checkpoint_attestation_signing_message_v0(
+        &genesis,
+        entry_count,
+        &merkle_root,
+        &head_hash,
+        ts_seen_ms,
+    );
+    let sig = signing_key.sign(&msg).to_bytes();
+
+    let att = CheckpointAttestationV0 {
+        format: CHECKPOINT_ATTESTATION_V0_FORMAT.to_string(),
+        ledger_genesis_hash_hex: genesis,
+        checkpoint_entry_count: entry_count,
+        checkpoint_merkle_root_hex: merkle_root,
+        checkpoint_head_hash_hex: head_hash,
+        ts_seen_ms,
+        witness_pubkey_hex: witness_pubkey,
+        witness_sig_hex: sig,
+    };
+
+    verify_checkpoint_attestation_v0(&att).expect("attestation verifies");
+
+    assert_eq!(
+        hex(&witness_pubkey),
+        "d759793bbc13a2819a827c76adb6fba8a49aee007f49f2d0992d99b825ad2c48"
+    );
+    assert_eq!(
+        hex(&msg),
+        "4349565f4c45444745525f434845434b504f494e545f4154544553545f5630111111111111111111111111111111111111111111111111111111111111111107000000000000002222222222222222222222222222222222222222222222222222222222222222333333333333333333333333333333333333333333333333333333333333333315cd5b0700000000"
+    );
+    assert_eq!(
+        hex(&sig),
+        "ebc1627f5f82d848375ca819cad7a95bfd1da7c4eb4ef09478a10129aee5af2ad1096530965efc163742b4b6de11663e9c260f0015053bb6b04e6e00d306b40d"
+    );
+}
+
+#[test]
+fn checkpoint_attestation_v1_vectors() {
+    let signing_key = SigningKey::from_bytes(&[0x44u8; 32]);
+    let witness_pubkey = signing_key.verifying_key().to_bytes();
+
+    let genesis = [0x11u8; 32];
+    let entry_count = 7u64;
+    let merkle_root = [0x22u8; 32];
+    let head_hash = [0x33u8; 32];
+    let checkpoint_ts_ms = 111_222_333u64;
+    let ts_seen_ms = 123_456_789u64;
+
+    let msg = checkpoint_attestation_signing_message_v1(
+        &genesis,
+        entry_count,
+        &merkle_root,
+        &head_hash,
+        checkpoint_ts_ms,
+        ts_seen_ms,
+    );
+    let sig = signing_key.sign(&msg).to_bytes();
+
+    let att = CheckpointAttestationV1 {
+        format: CHECKPOINT_ATTESTATION_V1_FORMAT.to_string(),
+        ledger_genesis_hash_hex: genesis,
+        checkpoint_entry_count: entry_count,
+        checkpoint_merkle_root_hex: merkle_root,
+        checkpoint_head_hash_hex: head_hash,
+        checkpoint_ts_ms,
+        ts_seen_ms,
+        witness_pubkey_hex: witness_pubkey,
+        witness_sig_hex: sig,
+    };
+
+    verify_checkpoint_attestation_v1(&att).expect("attestation verifies");
+
+    assert_eq!(
+        hex(&witness_pubkey),
+        "d759793bbc13a2819a827c76adb6fba8a49aee007f49f2d0992d99b825ad2c48"
+    );
+    assert_eq!(
+        hex(&msg),
+        "4349565f4c45444745525f434845434b504f494e545f4154544553545f563111111111111111111111111111111111111111111111111111111111111111110700000000000000222222222222222222222222222222222222222222222222222222222222222233333333333333333333333333333333333333333333333333333333333333333d1ea1060000000015cd5b0700000000"
+    );
+    assert_eq!(
+        hex(&sig),
+        "c682053071a6bcf666eb9561dbdb48a9b6e886e4f2e86a540793fbf8b38b165031e61dbbd8788ee75ec56148148a396ea310e6f765d492f060c68d4c68875e09"
+    );
+}
+
+#[test]
+fn checkpoint_attestation_v1_rejects_seen_before_checkpoint() {
+    let signing_key = SigningKey::from_bytes(&[0x44u8; 32]);
+    let witness_pubkey = signing_key.verifying_key().to_bytes();
+
+    let genesis = [0x11u8; 32];
+    let entry_count = 7u64;
+    let merkle_root = [0x22u8; 32];
+    let head_hash = [0x33u8; 32];
+    let checkpoint_ts_ms = 200u64;
+    let ts_seen_ms = 100u64;
+
+    let msg = checkpoint_attestation_signing_message_v1(
+        &genesis,
+        entry_count,
+        &merkle_root,
+        &head_hash,
+        checkpoint_ts_ms,
+        ts_seen_ms,
+    );
+    let sig = signing_key.sign(&msg).to_bytes();
+
+    let att = CheckpointAttestationV1 {
+        format: CHECKPOINT_ATTESTATION_V1_FORMAT.to_string(),
+        ledger_genesis_hash_hex: genesis,
+        checkpoint_entry_count: entry_count,
+        checkpoint_merkle_root_hex: merkle_root,
+        checkpoint_head_hash_hex: head_hash,
+        checkpoint_ts_ms,
+        ts_seen_ms,
+        witness_pubkey_hex: witness_pubkey,
+        witness_sig_hex: sig,
+    };
+
+    assert!(verify_checkpoint_attestation_v1(&att).is_err());
+}