Christian Nennemann
1768f85258
Add RevocationLog with domain-separated leaf hashes (0x02 prefix) for tracking revoked identity keys alongside the KT MerkleLog. Includes: - RevocationLog with O(1) lookup, serialization, and double-revoke guard - MerkleLog.append_raw() for pre-computed hashes - MerkleLog.audit_log(start, end) for paginated log retrieval - RevokeKey (510), CheckRevocation (511), AuditKeyTransparency (520) RPCs - Server domain logic + v2 handlers + FileBackedStore/SqlStore persistence - 4 new revocation tests + all 21 KT tests + 65 server tests passing
17 lines
421 B
Rust
17 lines
421 B
Rust
use thiserror::Error;
|
|
|
|
#[derive(Debug, Error)]
|
|
pub enum KtError {
|
|
#[error("leaf index {index} is out of range for tree size {tree_size}")]
|
|
IndexOutOfRange { index: u64, tree_size: u64 },
|
|
|
|
#[error("inclusion proof verification failed: root mismatch")]
|
|
RootMismatch,
|
|
|
|
#[error("serialisation error: {0}")]
|
|
Serialisation(String),
|
|
|
|
#[error("identity key is already revoked")]
|
|
AlreadyRevoked,
|
|
}
|