Module lvs

ndn_security

Module lvs 

Source
Expand description

LightVerSec (LVS) binary trust schema parser and evaluator.

This module imports pre-compiled LVS trust schemas in the TLV binary format defined by python-ndn (https://python-ndn.readthedocs.io/en/latest/src/lvs/binary-format.html) and interoperable with NDNts @ndn/lvs and ndnd’s std/security/trust_schema packages. It exists so ndn-rs users can consume trust schemas authored in the tooling the wider NDN community already uses, rather than re-expressing them in ndn-rs’s native SchemaRule vocabulary.

§Supported subset

ndn-rs v0.1.0 supports:

  • Full TLV parse of LvsModel, Node, ValueEdge, PatternEdge, Constraint, ConstraintOption, TagSymbol (every type number in the binary format spec).
  • Tree-walk evaluation of (data_name, key_name) pairs against the LVS graph, checking ValueEdge literal matches first, then PatternEdge pattern matches (per the spec’s dispatch order).
  • ConstraintOption::Value (literal) and ConstraintOption::Tag (equals a previously-bound pattern variable).
  • SignConstraint: the signing-key name is walked from the start node and must reach one of the node IDs listed on the matched data node.
  • NamedPatternCnt handling: temporary (_) vs. named edges are treated uniformly during matching, per the spec note that a checker concerned only with signature validity does not need to distinguish them.

§Not supported in v0.1.0

  • ConstraintOption::UserFnCall — user functions (e.g. $eq, $regex) are not yet dispatched. A PatternEdge whose constraints contain a UserFnCall option cannot be satisfied; if no other option on that constraint succeeds, the edge fails to match. Attempting to load a schema that contains user functions is allowed — the schema parses fine — but any rule that depends on a user function will never match a packet. This mirrors python-ndn’s documented fallback where unknown functions cause verification to fail, and is loudly marked by a LvsModel::uses_user_functions flag so callers can refuse to load such schemas when interop parity matters.
  • Sanity checks beyond the mandatory set from the spec. Unreachable nodes are not pruned; trust-anchor-reachability is not verified. This matches python-ndn’s behaviour.
  • Roundtripping back to the binary format (from_lvs_binary is import only).

§Version compatibility

Only LVS binary version 0x00011000 (the python-ndn current stable version) is accepted. Loading any other version returns LvsError::UnsupportedVersion.

§Cross-reference

The parser was written against two upstream references:

  • Binary format spec: docs/src/lvs/binary-format.rst in python-ndn.
  • Reference parser: src/ndn/app_support/light_versec/binary.py in python-ndn.

Every TLV type number in type_number matches the python-ndn TypeNumber class verbatim.

Modules§

type_number
LVS TLV type numbers (mirrors python-ndn’s TypeNumber).

Structs§

LvsConstraint
A disjunction of options; the edge matches only if every constraint’s option-set is satisfied (CNF: AND of ORs).
LvsModel
A parsed LVS trust schema.
LvsNode
LvsPatternEdge
LvsTagSymbol
LvsUserFnCall
LvsValueEdge

Enums§

LvsConstraintOption
LvsError
Errors raised while parsing or checking an LVS binary model.
LvsUserFnArg

Constants§

LVS_VERSION
LVS binary format version supported by this parser.