First step in resolving #70

This adds a notion of a `VersionList` to `VER` and `VERS`, where before only a single `ProtocolVersion` in each.

Blast radius is fairly high as the single-ProtocolVersion concept shows up in a couple of places.

Follow-on PRs to:
1. enable clients to create new Requests with multiple ProtocolVersions
2. server to validate requested ProtocolVersions against its own list of supported ones

Author: int08h

Cargo.lock

@@ -57,6 +57,7 @@ resolver = "3"
 members = [
     "crates/roughenough-client",
     "crates/roughenough-common",
+    "crates/roughenough-embedded",
     "crates/roughenough-integration",
     "crates/roughenough-merkle",
     "crates/roughenough-protocol",
@@ -66,6 +67,7 @@ members = [
 default-members = [
     "crates/roughenough-client",
     "crates/roughenough-common",
+    "crates/roughenough-embedded",
     "crates/roughenough-integration",
     "crates/roughenough-merkle",
     "crates/roughenough-protocol",

Cargo.toml

@@ -4,7 +4,7 @@ use ReportingError::HttpError;
 use data_encoding::BASE64;
 use roughenough_protocol::ToFrame;
 use serde::{Deserialize, Serialize};
-use tracing::{error, info};
+use tracing::{info};
 
 use crate::CausalityViolation;
 use crate::measurement::Measurement;

crates/roughenough-client/src/reporting.rs

@@ -10,7 +10,7 @@ mod tests {
     use std::time::Duration;
 
     use aws_lc_rs::signature::{ED25519, UnparsedPublicKey};
-    use roughenough_protocol::tags::Version::RfcDraft14;
+    use roughenough_protocol::tags::ProtocolVersion::RfcDraft14;
     use roughenough_protocol::tags::{MerkleRoot, PublicKey, SupportedVersions};
     use roughenough_protocol::util::ClockSource;
     use roughenough_protocol::wire::ToWire;

crates/roughenough-keys/src/lib.rs

@@ -1,8 +1,8 @@
 use std::time::Duration;
 
 use roughenough_protocol::ToWire;
-use roughenough_protocol::tags::Version::RfcDraft14;
-use roughenough_protocol::tags::{Certificate, Delegation, PublicKey, Signature, Version};
+use roughenough_protocol::tags::ProtocolVersion::RfcDraft14;
+use roughenough_protocol::tags::{Certificate, Delegation, ProtocolVersion, PublicKey, Signature};
 use roughenough_protocol::util::ClockSource;
 
 use crate::online::onlinekey::OnlineKey;
@@ -11,11 +11,11 @@ use crate::seed::SeedBackend;
 /// The server's long-term Ed25519 identity.
 pub struct LongTermIdentity {
     seed: Box<dyn SeedBackend>,
-    version: Version,
+    version: ProtocolVersion,
 }
 
 impl LongTermIdentity {
-    pub fn new(version: Version, seed: Box<dyn SeedBackend>) -> LongTermIdentity {
+    pub fn new(version: ProtocolVersion, seed: Box<dyn SeedBackend>) -> LongTermIdentity {
         assert_eq!(seed.seed_len(), 32, "seed must be 32 bytes long");
 
         LongTermIdentity { seed, version }

crates/roughenough-keys/src/longterm/identity.rs

@@ -2,7 +2,8 @@ use aws_lc_rs::signature::{Ed25519KeyPair, KeyPair};
 use roughenough_protocol::ToWire;
 use roughenough_protocol::cursor::ParseCursor;
 use roughenough_protocol::tags::{
-    Certificate, MerkleRoot, PublicKey, Signature, SignedResponse, SupportedVersions, Version,
+    Certificate, MerkleRoot, ProtocolVersion, PublicKey, Signature, SignedResponse,
+    SupportedVersions,
 };
 use roughenough_protocol::util::ClockSource;
 
@@ -17,14 +18,14 @@ use roughenough_protocol::util::ClockSource;
 pub struct OnlineKey {
     signer: OnlineSigner,
     cert: Certificate,
-    version: Version,
+    version: ProtocolVersion,
     clock_source: ClockSource,
     template_srep: SignedResponse,
     signing_buf: Vec<u8>,
 }
 
 impl OnlineKey {
-    pub fn new(version: Version, clock_source: ClockSource) -> OnlineKey {
+    pub fn new(version: ProtocolVersion, clock_source: ClockSource) -> OnlineKey {
         let mut srep = SignedResponse::default();
         srep.set_radi(SignedResponse::DEFAULT_RADI_SECONDS);
         srep.set_vers(&SupportedVersions::from([version].as_ref()));

crates/roughenough-keys/src/online/onlinekey.rs

@@ -1,5 +1,5 @@
 use roughenough_common::encoding;
-use tracing::{debug, error, trace};
+use tracing::{debug, trace};
 
 use crate::longterm::envelope::SeedEnvelope;
 use crate::seed::Seed;

crates/roughenough-keys/src/storage.rs

@@ -2,7 +2,7 @@
 mod tests {
     use std::time::Duration;
 
-    use roughenough_protocol::tags::Version;
+    use roughenough_protocol::tags::ProtocolVersion;
     use roughenough_protocol::util::ClockSource;
 
     use crate::longterm::LongTermIdentity;
@@ -31,7 +31,7 @@ mod tests {
         let validity_duration = Duration::from_secs(3600); // 1 hour
 
         let backend = Box::new(MemoryBackend::from_random());
-        let mut identity = LongTermIdentity::new(Version::RfcDraft14, backend);
+        let mut identity = LongTermIdentity::new(ProtocolVersion::RfcDraft14, backend);
 
         // When: An online key is created
         let online_key = identity.make_online_key(&clock, validity_duration);
@@ -48,7 +48,7 @@ mod tests {
         let validity_duration = Duration::from_secs(3600);
 
         let backend = Box::new(MemoryBackend::from_random());
-        let mut identity = LongTermIdentity::new(Version::RfcDraft14, backend);
+        let mut identity = LongTermIdentity::new(ProtocolVersion::RfcDraft14, backend);
         let online_key = identity.make_online_key(&clock, validity_duration);
 
         // Initially, key should not be expired
@@ -78,7 +78,7 @@ mod tests {
         let rotation_interval = 50u64; // Rotate every 50 seconds
 
         let backend = Box::new(MemoryBackend::from_random());
-        let mut identity = LongTermIdentity::new(Version::RfcDraft14, backend);
+        let mut identity = LongTermIdentity::new(ProtocolVersion::RfcDraft14, backend);
 
         let mut keys = Vec::new();
         let mut current_time = start_time;
@@ -123,7 +123,7 @@ mod tests {
         let validity_duration = Duration::from_secs(3600);
 
         let backend = Box::new(MemoryBackend::from_random());
-        let mut identity = LongTermIdentity::new(Version::RfcDraft14, backend);
+        let mut identity = LongTermIdentity::new(ProtocolVersion::RfcDraft14, backend);
         let mut online_key = identity.make_online_key(&clock, validity_duration);
 
         // Advance to 1 second before expiration
@@ -148,7 +148,7 @@ mod tests {
         let rotation_interval = 1800u64; // 30 minute rotation
 
         let backend = Box::new(MemoryBackend::from_random());
-        let mut identity = LongTermIdentity::new(Version::RfcDraft14, backend);
+        let mut identity = LongTermIdentity::new(ProtocolVersion::RfcDraft14, backend);
 
         // Create first key
         let first_key = identity.make_online_key(&clock, validity_duration);
@@ -186,15 +186,15 @@ mod tests {
         let validity_duration = Duration::from_secs(3600);
 
         let backend = Box::new(MemoryBackend::from_random());
-        let mut identity = LongTermIdentity::new(Version::RfcDraft14, backend);
+        let mut identity = LongTermIdentity::new(ProtocolVersion::RfcDraft14, backend);
         let mut online_key = identity.make_online_key(&clock, validity_duration);
 
         // Create SREP and verify it has correct properties
         let merkle_root = roughenough_protocol::tags::MerkleRoot::from([0x77; 32]);
         let (srep, _) = online_key.make_srep(&merkle_root);
 
         assert_eq!(srep.midp(), start_time);
-        assert_eq!(*srep.ver(), Version::RfcDraft14);
+        assert_eq!(*srep.ver(), ProtocolVersion::RfcDraft14);
         assert_eq!(srep.root(), &merkle_root);
     }
 }

crates/roughenough-keys/src/tests/lifecycle_tests.rs

@@ -4,11 +4,13 @@
 pub mod cursor;
 pub mod error;
 pub mod header;
+pub mod protocol_ver;
 pub mod request;
 pub mod response;
 pub mod tag;
 pub mod tags;
 pub mod util;
+pub mod version_list;
 pub mod wire;
 
 // Re-export commonly used types