diff --git a/Cargo.lock b/Cargo.lock index 395d068d5..e024d595f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -13,9 +13,9 @@ dependencies = [ [[package]] name = "adler2" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" +checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa" [[package]] name = "aead" @@ -272,8 +272,8 @@ dependencies = [ "const-hex", "derive_more 2.0.1", "foldhash", - "hashbrown 0.15.3", - "indexmap 2.9.0", + "hashbrown 0.15.4", + "indexmap 2.10.0", "itoa", "k256", "keccak-asm", @@ -306,7 +306,7 @@ checksum = "64b728d511962dda67c1bc7ea7c03736ec275ed2cf4c35d9585298ac9ccf3b73" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -393,7 +393,7 @@ dependencies = [ "proc-macro-error2", "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -405,11 +405,11 @@ dependencies = [ "alloy-sol-macro-input", "const-hex", "heck 0.5.0", - "indexmap 2.9.0", + "indexmap 2.10.0", "proc-macro-error2", "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", "syn-solidity", "tiny-keccak", ] @@ -426,7 +426,7 @@ dependencies = [ "macro-string", "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", "syn-solidity", ] @@ -501,9 +501,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.18" +version = "0.6.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b" +checksum = "301af1932e46185686725e0fad2f8f2aa7da69dd70bf6ecc44d6b703844a3933" dependencies = [ "anstyle", "anstyle-parse", @@ -516,33 +516,33 @@ dependencies = [ [[package]] name = "anstyle" -version = "1.0.10" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9" +checksum = "862ed96ca487e809f1c8e5a8447f6ee2cf102f846893800b20cebdf541fc6bbd" [[package]] name = "anstyle-parse" -version = "0.2.6" +version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9" +checksum = "4e7644824f0aa2c7b9384579234ef10eb7efb6a0deb83f9630a49594dd9c15c2" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c" +checksum = "6c8bdeb6047d8983be085bab0ba1472e6dc604e7041dbf6fcd5e71523014fae9" dependencies = [ "windows-sys 0.59.0", ] [[package]] name = "anstyle-wincon" -version = "3.0.8" +version = "3.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6680de5231bd6ee4c6191b8a1325daa282b415391ec9d3a37bd34f2060dc73fa" +checksum = "403f75924867bb1033c59fbf0797484329750cfbe3c4325cd33127941fabc882" dependencies = [ "anstyle", "once_cell_polyfill", @@ -934,7 +934,7 @@ checksum = "e539d3fca749fcee5236ab05e93a52867dd549cc157c8cb7f99595f3cedffdb5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -1013,14 +1013,14 @@ checksum = "ffdcb70bdbc4d478427380519163274ac86e52916e10f0a8889adf0f96d3fee7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] name = "autocfg" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" [[package]] name = "aws-lc-rs" @@ -1165,7 +1165,7 @@ checksum = "604fde5e028fea851ce1d8570bbdc034bec850d157f7569d10f347d06808c05c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -1233,9 +1233,9 @@ checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "base64ct" -version = "1.7.3" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89e25b6adfb930f02d1981565a6e5d9c547ac15a96606256d3b59040e5cd4ca3" +checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba" [[package]] name = "bcs" @@ -1284,7 +1284,7 @@ dependencies = [ "regex", "rustc-hash 1.1.0", "shlex", - "syn 2.0.101", + "syn 2.0.104", "which 4.4.2", ] @@ -1307,7 +1307,7 @@ dependencies = [ "regex", "rustc-hash 1.1.0", "shlex", - "syn 2.0.101", + "syn 2.0.104", "which 4.4.2", ] @@ -1393,9 +1393,9 @@ dependencies = [ [[package]] name = "blst" -version = "0.3.14" +version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47c79a94619fade3c0b887670333513a67ac28a6a7e653eb260bf0d4103db38d" +checksum = "4fd49896f12ac9b6dcd7a5998466b9b58263a695a3dd1ecc1aaca2e12a90b080" dependencies = [ "cc", "glob", @@ -1405,9 +1405,9 @@ dependencies = [ [[package]] name = "bon" -version = "3.6.3" +version = "3.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ced38439e7a86a4761f7f7d5ded5ff009135939ecb464a24452eaa4c1696af7d" +checksum = "f61138465baf186c63e8d9b6b613b508cd832cba4ce93cf37ce5f096f91ac1a6" dependencies = [ "bon-macros", "rustversion", @@ -1415,9 +1415,9 @@ dependencies = [ [[package]] name = "bon-macros" -version = "3.6.3" +version = "3.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ce61d2d3844c6b8d31b2353d9f66cf5e632b3e9549583fe3cac2f4f6136725e" +checksum = "40d1dad34aa19bf02295382f08d9bc40651585bd497266831d40ee6296fb49ca" dependencies = [ "darling 0.20.11", "ident_case", @@ -1425,14 +1425,14 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] name = "bumpalo" -version = "3.17.0" +version = "3.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1628fb46dfa0b37568d12e5edd512553eccf6a22a78e8bde00bb4aed84d5bdbf" +checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43" [[package]] name = "byte-slice-cast" @@ -1442,9 +1442,9 @@ checksum = "7575182f7272186991736b70173b0ea045398f984bf5ebbb3804736ce1330c9d" [[package]] name = "bytemuck" -version = "1.23.0" +version = "1.23.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9134a6ef01ce4b366b50689c94f82c14bc72bc5d0386829828a2e2752ef7958c" +checksum = "5c76a5792e44e4abe34d3abf15636779261d45a7450612059293d1d2cfc63422" dependencies = [ "bytemuck_derive", ] @@ -1457,7 +1457,7 @@ checksum = "7ecc273b49b3205b83d648f0690daa588925572cc5063745bfe547fe7ec8e1a1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -1510,9 +1510,9 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" [[package]] name = "cc" -version = "1.2.25" +version = "1.2.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0fc897dc1e865cc67c0e05a836d9d3f1df3cbe442aa4a9473b18e12624a4951" +checksum = "d487aa071b5f64da6f19a3e848e3578944b726ee5a4854b82172f02aa876bfdc" dependencies = [ "jobserver", "libc", @@ -1530,9 +1530,9 @@ dependencies = [ [[package]] name = "cfg-if" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +checksum = "9555578bc9e57714c812a1f84e4fc5b4d21fcb063490c624de019f7464c91268" [[package]] name = "chromiumoxide" @@ -1700,9 +1700,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.39" +version = "4.5.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd60e63e9be68e5fb56422e397cf9baddded06dae1d2e523401542383bc72a9f" +checksum = "40b6887a1d8685cebccf115538db5c0efe625ccac9696ad45c409d96566e910f" dependencies = [ "clap_builder", "clap_derive", @@ -1710,9 +1710,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.39" +version = "4.5.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89cc6392a1f72bbeb820d71f32108f61fdaf18bc526e1d23954168a67759ef51" +checksum = "e0c66c08ce9f0c698cbce5c0279d0bb6ac936d8674174fe48f736533b964f59e" dependencies = [ "anstream", "anstyle", @@ -1722,21 +1722,21 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.32" +version = "4.5.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09176aae279615badda0765c0c0b3f6ed53f4709118af73cf4655d85d1530cd7" +checksum = "d2c7947ae4cc3d851207c1adb5b5e260ff0cca11446b1d6d1423788e442257ce" dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] name = "clap_lex" -version = "0.7.4" +version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6" +checksum = "b94f61472cee1439c0b966b47e3aca9ae07e45d070759512cd390ea2bebc6675" [[package]] name = "clmul" @@ -1759,9 +1759,9 @@ dependencies = [ [[package]] name = "colorchoice" -version = "1.0.3" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" +checksum = "b05b61dc5112cbb17e4b6cd61790d9845d13888356391624cbe7e41efeac1e75" [[package]] name = "concurrent-queue" @@ -1934,7 +1934,7 @@ dependencies = [ "anes", "cast", "ciborium", - "clap 4.5.39", + "clap 4.5.40", "criterion-plot", "futures", "is-terminal", @@ -1999,9 +1999,9 @@ checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" [[package]] name = "crunchy" -version = "0.2.3" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43da5946c66ffcc7745f48db692ffbb10a83bfe0afd96235c5c2a4fb23994929" +checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5" [[package]] name = "crypto-bigint" @@ -2098,7 +2098,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -2146,7 +2146,7 @@ dependencies = [ "proc-macro2", "quote", "strsim 0.11.1", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -2168,7 +2168,7 @@ checksum = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead" dependencies = [ "darling_core 0.20.11", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -2297,7 +2297,7 @@ checksum = "cb7330aeadfbe296029522e6c40f315320aba36fc43a5b3632f3795348f3bd22" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -2308,7 +2308,7 @@ checksum = "bda628edc44c4bb645fbe0f758797143e4e07926f7ebf4e9bdfbd3d2ce621df3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", "unicode-xid", ] @@ -2347,7 +2347,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -2383,6 +2383,12 @@ version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" +[[package]] +name = "dyn-clone" +version = "1.0.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c7a8fb8a9fbf66c1f703fe16184d10ca0ee9d23be5b4436400408ba54a95005" + [[package]] name = "ecdsa" version = "0.16.9" @@ -2447,7 +2453,7 @@ dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -2471,12 +2477,12 @@ checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" [[package]] name = "errno" -version = "0.3.12" +version = "0.3.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cea14ef9355e3beab063703aa9dab15afd25f0667c341310c1e5274bb1d0da18" +checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" dependencies = [ "libc", - "windows-sys 0.59.0", + "windows-sys 0.60.2", ] [[package]] @@ -2701,7 +2707,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -2711,7 +2717,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8f2f12607f92c69b12ed746fabf9ca4f5c482cba46679c1a75b874ed7c26adb" dependencies = [ "futures-io", - "rustls 0.23.27", + "rustls 0.23.28", "rustls-pki-types", ] @@ -2777,7 +2783,7 @@ dependencies = [ "cfg-if", "js-sys", "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi 0.11.1+wasi-snapshot-preview1", "wasm-bindgen", ] @@ -2880,9 +2886,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9421a676d1b147b16b82c9225157dc629087ef8ec4d5e2960f9437a90dac0a5" +checksum = "17da50a276f1e01e0ba6c029e47b7100754904ee8a278f886546e98575380785" dependencies = [ "atomic-waker", "bytes", @@ -2890,7 +2896,7 @@ dependencies = [ "futures-core", "futures-sink", "http 1.3.1", - "indexmap 2.9.0", + "indexmap 2.10.0", "slab", "tokio", "tokio-util", @@ -2934,9 +2940,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.15.3" +version = "0.15.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84b26c544d002229e640969970a2e74021aadf6e2f96372b9c58eff97de08eb3" +checksum = "5971ac85611da7067dbfcabef3c70ebb5606018acd9e2a3903a0da507521e0d5" dependencies = [ "foldhash", "serde", @@ -2983,9 +2989,9 @@ dependencies = [ [[package]] name = "hermit-abi" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f154ce46856750ed433c8649605bf7ed2de3bc35fd9d2a9f30cddd873c80cb08" +checksum = "fc0fef456e4baa96da950455cd02c081ca953b141298e41db3fc7e36b1da849c" [[package]] name = "hex" @@ -3141,9 +3147,9 @@ dependencies = [ [[package]] name = "hyper-util" -version = "0.1.13" +version = "0.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1c293b6b3d21eca78250dc7dbebd6b9210ec5530e038cbfe0661b5c47ab06e8" +checksum = "dc2fdfdbff08affe55bb779f33b053aa1fe5dd5b54c257343c17edfa55711bdb" dependencies = [ "base64 0.22.1", "bytes", @@ -3317,7 +3323,7 @@ checksum = "a0eb5a3343abf848c0984fe4604b2b105da9539376e24fc0a3b0007411ae4fd9" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -3339,12 +3345,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.9.0" +version = "2.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cea70ddb795996207ad57735b50c5982d8844f38ba9ee5f1aedcfb708a2aa11e" +checksum = "fe4cd85333e22411419a0bcae1297d25e58c9443848b11dc6a86fefe8c78a661" dependencies = [ "equivalent", - "hashbrown 0.15.3", + "hashbrown 0.15.4", "serde", ] @@ -3420,7 +3426,7 @@ version = "0.4.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e04d7f318608d35d4b61ddd75cbdaee86b023ebe2bd5a66ee0915f0bf93095a9" dependencies = [ - "hermit-abi 0.5.1", + "hermit-abi 0.5.2", "libc", "windows-sys 0.59.0", ] @@ -3602,9 +3608,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.172" +version = "0.2.174" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" +checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776" [[package]] name = "libgit2-sys" @@ -3627,7 +3633,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" dependencies = [ "cfg-if", - "windows-targets 0.53.0", + "windows-targets 0.53.2", ] [[package]] @@ -3638,9 +3644,9 @@ checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de" [[package]] name = "libredox" -version = "0.1.3" +version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" +checksum = "1580801010e535496706ba011c15f8532df6b42297d2e471fec38ceadd8c0638" dependencies = [ "bitflags 2.9.1", "libc", @@ -3737,7 +3743,7 @@ checksum = "1b27834086c65ec3f9387b096d66e99f221cf081c2b738042aa252bcd41204e3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -3847,9 +3853,9 @@ checksum = "b3c237bec3e33530c4b1a171c8c078ad5d525d5fae177ac9d62e8e454b3fffb7" [[package]] name = "memchr" -version = "2.7.4" +version = "2.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" +checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0" [[package]] name = "mime" @@ -3875,9 +3881,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.8.8" +version = "0.8.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3be647b768db090acb35d5ec5db2b0e1f1de11133ca123b9eacf5137868f892a" +checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316" dependencies = [ "adler2", ] @@ -3890,7 +3896,7 @@ checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c" dependencies = [ "libc", "log", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi 0.11.1+wasi-snapshot-preview1", "windows-sys 0.48.0", ] @@ -3901,7 +3907,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78bed444cc8a2160f01cbcf811ef18cac863ad68ae8ca62092e8db51d51c761c" dependencies = [ "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi 0.11.1+wasi-snapshot-preview1", "windows-sys 0.59.0", ] @@ -4363,9 +4369,8 @@ dependencies = [ "structopt", "strum", "thiserror 1.0.69", - "tlsn-common", + "tlsn", "tlsn-core", - "tlsn-verifier", "tokio", "tokio-rustls", "tokio-util", @@ -4399,9 +4404,8 @@ dependencies = [ "rustls-pemfile", "serde_json", "tls-server-fixture", - "tlsn-common", + "tlsn", "tlsn-core", - "tlsn-prover", "tlsn-tls-core", "tokio", "tokio-native-tls", @@ -4480,7 +4484,7 @@ version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "91df4bbde75afed763b708b7eee1e8e7651e02d97f6d5dd763e89367e957b23b" dependencies = [ - "hermit-abi 0.5.1", + "hermit-abi 0.5.2", "libc", ] @@ -4553,7 +4557,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -4648,7 +4652,7 @@ dependencies = [ "proc-macro-crate", "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -4725,9 +4729,9 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pest" -version = "2.8.0" +version = "2.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "198db74531d58c70a361c42201efde7e2591e976d518caf7662a47dc5720e7b6" +checksum = "1db05f56d34358a8b1066f67cbb203ee3e7ed2ba674a6263a1d5ec6db2204323" dependencies = [ "memchr", "thiserror 2.0.12", @@ -4736,9 +4740,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.8.0" +version = "2.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d725d9cfd79e87dccc9341a2ef39d1b6f6353d68c4b33c177febbe1a402c97c5" +checksum = "bb056d9e8ea77922845ec74a1c4e8fb17e7c218cc4fc11a15c5d25e189aa40bc" dependencies = [ "pest", "pest_generator", @@ -4746,24 +4750,23 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.8.0" +version = "2.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db7d01726be8ab66ab32f9df467ae8b1148906685bbe75c82d1e65d7f5b3f841" +checksum = "87e404e638f781eb3202dc82db6760c8ae8a1eeef7fb3fa8264b2ef280504966" dependencies = [ "pest", "pest_meta", "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] name = "pest_meta" -version = "2.8.0" +version = "2.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f9f832470494906d1fca5329f8ab5791cc60beb230c74815dff541cbd2b5ca0" +checksum = "edd1101f170f5903fde0914f899bb503d9ff5271d7ba76bbb70bea63690cc0d5" dependencies = [ - "once_cell", "pest", "sha2", ] @@ -4815,7 +4818,7 @@ checksum = "6e918e4ff8c4549eb882f14b3a4bc8c8bc93de829416eacf579f1207a8fbf861" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -4893,7 +4896,7 @@ checksum = "b53a684391ad002dd6a596ceb6c74fd004fdce75f4be2e3f615068abbea5fd50" dependencies = [ "cfg-if", "concurrent-queue", - "hermit-abi 0.5.1", + "hermit-abi 0.5.2", "pin-project-lite", "rustix 1.0.7", "tracing", @@ -4966,12 +4969,12 @@ dependencies = [ [[package]] name = "prettyplease" -version = "0.2.33" +version = "0.2.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9dee91521343f4c5c6a63edd65e54f31f5c92fe8978c40a4282f8372194c6a7d" +checksum = "061c1221631e079b26479d25bbf2275bfe5917ae8419cd7e34f13bfc2aa7539a" dependencies = [ "proc-macro2", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -5047,7 +5050,7 @@ dependencies = [ "proc-macro-error-attr2", "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -5061,17 +5064,17 @@ dependencies = [ [[package]] name = "proptest" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14cae93065090804185d3b75f0bf93b8eeda30c7a9b4a33d3bdb3988d6229e50" +checksum = "6fcdab19deb5195a31cf7726a210015ff1496ba1464fd42cb4f537b8b01b471f" dependencies = [ "bit-set", "bit-vec", "bitflags 2.9.1", "lazy_static", "num-traits", - "rand 0.8.5", - "rand_chacha 0.3.1", + "rand 0.9.1", + "rand_chacha 0.9.0", "rand_xorshift", "regex-syntax 0.8.5", "rusty-fork", @@ -5096,9 +5099,9 @@ dependencies = [ [[package]] name = "r-efi" -version = "5.2.0" +version = "5.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" [[package]] name = "radium" @@ -5178,11 +5181,11 @@ dependencies = [ [[package]] name = "rand_xorshift" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d25bf25ec5ae4a3f1b92f929810509a2f53d7dca2f50b794ff57e3face536c8f" +checksum = "513962919efc330f829edb2535844d1b912b0fbe2ca165d613e4e8788bb05a5a" dependencies = [ - "rand_core 0.6.4", + "rand_core 0.9.3", ] [[package]] @@ -5216,13 +5219,33 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.5.12" +version = "0.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "928fca9cf2aa042393a8325b9ead81d2f0df4cb12e1e24cef072922ccd99c5af" +checksum = "0d04b7d0ee6b4a0207a0a7adb104d23ecb0b47d6beae7152d0fa34b692b29fd6" dependencies = [ "bitflags 2.9.1", ] +[[package]] +name = "ref-cast" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4a0ae411dbe946a674d89546582cea4ba2bb8defac896622d6496f14c23ba5cf" +dependencies = [ + "ref-cast-impl", +] + +[[package]] +name = "ref-cast-impl" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1165225c21bff1f3bbce98f5a1f889949bc902d3575308cc7b0de30b4f6d27c7" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.104", +] + [[package]] name = "regex" version = "1.11.1" @@ -5269,9 +5292,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" [[package]] name = "reqwest" -version = "0.12.16" +version = "0.12.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2bf597b113be201cb2269b4c39b39a804d01b99ee95a4278f0ed04e45cff1c71" +checksum = "cbc931937e6ca3a06e3b6c0aa7841849b160a90351d6ab467a8b9b9959767531" dependencies = [ "base64 0.22.1", "bytes", @@ -5281,11 +5304,8 @@ dependencies = [ "http-body-util", "hyper", "hyper-util", - "ipnet", "js-sys", "log", - "mime", - "once_cell", "percent-encoding", "pin-project-lite", "serde", @@ -5468,9 +5488,9 @@ dependencies = [ [[package]] name = "rustc-demangle" -version = "0.1.24" +version = "0.1.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" +checksum = "989e6739f80c4ad5b13e0fd7fe89531180375b18520cc8c82080e4dc4035b84f" [[package]] name = "rustc-hash" @@ -5560,9 +5580,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.27" +version = "0.23.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "730944ca083c1c233a75c09f199e973ca499344a2b7ba9e755c457e86fb4a321" +checksum = "7160e3e10bf4535308537f3c4e1641468cd0e485175d6163087c0393c7d46643" dependencies = [ "aws-lc-rs", "log", @@ -5655,6 +5675,30 @@ dependencies = [ "windows-sys 0.59.0", ] +[[package]] +name = "schemars" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd191f9397d57d581cddd31014772520aa448f65ef991055d7f61582c65165f" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + +[[package]] +name = "schemars" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1375ba8ef45a6f15d83fa8748f1079428295d403d6ea991d09ab100155fbc06d" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + [[package]] name = "scopeguard" version = "1.2.0" @@ -5779,7 +5823,7 @@ checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -5790,7 +5834,7 @@ checksum = "18d26a20a969b9e3fdf2fc2d9f21eda6c40e2de84c9408bb5d3b05d499aae711" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -5817,9 +5861,9 @@ dependencies = [ [[package]] name = "serde_spanned" -version = "0.6.8" +version = "0.6.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87607cb1398ed59d48732e575a4c28a7a8ebf2454b964fe3f224f2afc07909e1" +checksum = "bf41e0cfaf7226dca15e8197172c295a782857fcb97fad1808a166870dee75a3" dependencies = [ "serde", ] @@ -5838,15 +5882,17 @@ dependencies = [ [[package]] name = "serde_with" -version = "3.12.0" +version = "3.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6b6f7f2fcb69f747921f79f3926bd1e203fce4fef62c268dd3abfb6d86029aa" +checksum = "f2c45cd61fefa9db6f254525d46e392b852e0e61d9a1fd36e5bd183450a556d5" dependencies = [ "base64 0.22.1", "chrono", "hex", "indexmap 1.9.3", - "indexmap 2.9.0", + "indexmap 2.10.0", + "schemars 0.9.0", + "schemars 1.0.3", "serde", "serde_derive", "serde_json", @@ -5856,14 +5902,14 @@ dependencies = [ [[package]] name = "serde_with_macros" -version = "3.12.0" +version = "3.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d00caa5193a3c8362ac2b73be6b9e768aa5a4b2f721d8f4b339600c3cb51f8e" +checksum = "de90945e6565ce0d9a25098082ed4ee4002e047cb59892c318d66821e14bb30f" dependencies = [ "darling 0.20.11", "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -5872,7 +5918,7 @@ version = "0.9.34+deprecated" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" dependencies = [ - "indexmap 2.9.0", + "indexmap 2.10.0", "itoa", "ryu", "serde", @@ -5960,12 +6006,13 @@ dependencies = [ [[package]] name = "shared_child" -version = "1.0.2" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e297bd52991bbe0686c086957bee142f13df85d1e79b0b21630a99d374ae9dc" +checksum = "c2778001df1384cf20b6dc5a5a90f48da35539885edaaefd887f8d744e939c0b" dependencies = [ "libc", - "windows-sys 0.59.0", + "sigchld", + "windows-sys 0.60.2", ] [[package]] @@ -5980,6 +6027,27 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" +[[package]] +name = "sigchld" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1219ef50fc0fdb04fcc243e6aa27f855553434ffafe4fa26554efb78b5b4bf89" +dependencies = [ + "libc", + "os_pipe", + "signal-hook", +] + +[[package]] +name = "signal-hook" +version = "0.3.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d881a16cf4426aa584979d30bd82cb33429027e42122b169753d6ef1085ed6e2" +dependencies = [ + "libc", + "signal-hook-registry", +] + [[package]] name = "signal-hook-registry" version = "1.4.5" @@ -6013,18 +6081,15 @@ dependencies = [ [[package]] name = "slab" -version = "0.4.9" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" -dependencies = [ - "autocfg", -] +checksum = "04dc19736151f35336d325007ac991178d504a119863a2fcb3758cdb5e52c50d" [[package]] name = "smallvec" -version = "1.15.0" +version = "1.15.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8917285742e9f3e1683f0a9c4e6b57960b7314d0b08d30d1ecd426713ee2eee9" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" dependencies = [ "serde", ] @@ -6142,7 +6207,7 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -6164,9 +6229,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.101" +version = "2.0.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ce2b7fc941b3a24138a0a7cf8e858bfc6a992e7978a068a5c760deb0ed43caf" +checksum = "17b6f705963418cdb9927482fa304bc562ece2fdd4f616084c50b7023b435a40" dependencies = [ "proc-macro2", "quote", @@ -6182,7 +6247,7 @@ dependencies = [ "paste", "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -6202,7 +6267,7 @@ checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -6268,7 +6333,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -6279,17 +6344,16 @@ checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] name = "thread_local" -version = "1.1.8" +version = "1.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" dependencies = [ "cfg-if", - "once_cell", ] [[package]] @@ -6377,6 +6441,52 @@ dependencies = [ "tracing", ] +[[package]] +name = "tlsn" +version = "0.1.0-alpha.13-pre" +dependencies = [ + "derive_builder 0.12.0", + "futures", + "ghash 0.5.1", + "http-body-util", + "hyper", + "mpz-common", + "mpz-core", + "mpz-garble", + "mpz-garble-core", + "mpz-hash", + "mpz-memory-core", + "mpz-ole", + "mpz-ot", + "mpz-vm-core", + "mpz-zk", + "once_cell", + "opaque-debug", + "rand 0.9.1", + "rangeset", + "rstest", + "rustls-pki-types", + "semver 1.0.26", + "serde", + "serio", + "thiserror 1.0.69", + "tlsn-cipher", + "tlsn-core", + "tlsn-deap", + "tlsn-mpc-tls", + "tlsn-server-fixture", + "tlsn-server-fixture-certs", + "tlsn-tls-client", + "tlsn-tls-client-async", + "tlsn-tls-core", + "tokio", + "tokio-util", + "tracing", + "tracing-subscriber", + "uid-mux", + "web-spawn", +] + [[package]] name = "tlsn-cipher" version = "0.1.0-alpha.13-pre" @@ -6396,38 +6506,6 @@ dependencies = [ "tokio", ] -[[package]] -name = "tlsn-common" -version = "0.1.0-alpha.13-pre" -dependencies = [ - "async-trait", - "derive_builder 0.12.0", - "futures", - "ghash 0.5.1", - "mpz-common", - "mpz-core", - "mpz-hash", - "mpz-memory-core", - "mpz-vm-core", - "mpz-zk", - "once_cell", - "opaque-debug", - "rand 0.9.1", - "rangeset", - "rstest", - "semver 1.0.26", - "serde", - "serio", - "thiserror 1.0.69", - "tlsn-cipher", - "tlsn-core", - "tlsn-tls-core", - "tracing", - "uid-mux", - "wasm-bindgen", - "web-spawn", -] - [[package]] name = "tlsn-core" version = "0.1.0-alpha.13-pre" @@ -6494,7 +6572,7 @@ version = "0.0.0" dependencies = [ "bincode", "chrono", - "clap 4.5.39", + "clap 4.5.40", "dotenv", "futures", "hex", @@ -6506,14 +6584,12 @@ dependencies = [ "serde_json", "spansy", "tls-server-fixture", - "tlsn-common", + "tlsn", "tlsn-core", "tlsn-formats", - "tlsn-prover", "tlsn-server-fixture", "tlsn-server-fixture-certs", "tlsn-tls-core", - "tlsn-verifier", "tokio", "tokio-util", "tracing", @@ -6559,13 +6635,11 @@ dependencies = [ "pin-project-lite", "serde_json", "serio", - "tlsn-common", + "tlsn", "tlsn-core", "tlsn-harness-core", - "tlsn-prover", "tlsn-server-fixture-certs", "tlsn-tls-core", - "tlsn-verifier", "tlsn-wasm", "tokio", "tokio-util", @@ -6583,7 +6657,7 @@ dependencies = [ "anyhow", "axum 0.8.4", "chromiumoxide", - "clap 4.5.39", + "clap 4.5.40", "csv", "duct", "futures", @@ -6685,7 +6759,7 @@ dependencies = [ "thiserror 1.0.69", "tls-server-fixture", "tlsn-cipher", - "tlsn-common", + "tlsn-core", "tlsn-hmac-sha256", "tlsn-key-exchange", "tlsn-tls-backend", @@ -6697,38 +6771,6 @@ dependencies = [ "tracing", "tracing-subscriber", "uid-mux", -] - -[[package]] -name = "tlsn-prover" -version = "0.1.0-alpha.13-pre" -dependencies = [ - "derive_builder 0.12.0", - "futures", - "mpz-common", - "mpz-core", - "mpz-garble", - "mpz-garble-core", - "mpz-memory-core", - "mpz-ole", - "mpz-ot", - "mpz-vm-core", - "mpz-zk", - "opaque-debug", - "rand 0.9.1", - "rustls-pki-types", - "serio", - "thiserror 1.0.69", - "tlsn-common", - "tlsn-core", - "tlsn-deap", - "tlsn-mpc-tls", - "tlsn-tls-client", - "tlsn-tls-client-async", - "tlsn-tls-core", - "tokio", - "tracing", - "uid-mux", "web-time 0.2.4", ] @@ -6837,36 +6879,6 @@ name = "tlsn-utils" version = "0.1.0" source = "git+https://github.com/tlsnotary/tlsn-utils?rev=6168663#6168663495281f2c1b2c1734dc276cecc4d36ef1" -[[package]] -name = "tlsn-verifier" -version = "0.1.0-alpha.13-pre" -dependencies = [ - "derive_builder 0.12.0", - "futures", - "mpz-common", - "mpz-core", - "mpz-garble", - "mpz-garble-core", - "mpz-memory-core", - "mpz-ole", - "mpz-ot", - "mpz-vm-core", - "mpz-zk", - "opaque-debug", - "rand 0.9.1", - "serio", - "thiserror 1.0.69", - "tlsn-common", - "tlsn-core", - "tlsn-deap", - "tlsn-mpc-tls", - "tlsn-tls-core", - "tokio", - "tracing", - "uid-mux", - "web-time 0.2.4", -] - [[package]] name = "tlsn-wasm" version = "0.1.0-alpha.13-pre" @@ -6886,13 +6898,11 @@ dependencies = [ "serde", "serde_json", "time", - "tlsn-common", + "tlsn", "tlsn-core", - "tlsn-prover", "tlsn-server-fixture-certs", "tlsn-tls-client-async", "tlsn-tls-core", - "tlsn-verifier", "tracing", "tracing-subscriber", "tracing-web", @@ -6929,7 +6939,7 @@ checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -6992,9 +7002,9 @@ dependencies = [ [[package]] name = "toml" -version = "0.8.22" +version = "0.8.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05ae329d1f08c4d17a59bed7ff5b5a769d062e64a62d34a3261b219e62cd5aae" +checksum = "dc1beb996b9d83529a9e75c17a1686767d148d70663143c7854d8b4a09ced362" dependencies = [ "serde", "serde_spanned", @@ -7004,20 +7014,20 @@ dependencies = [ [[package]] name = "toml_datetime" -version = "0.6.9" +version = "0.6.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3da5db5a963e24bc68be8b17b6fa82814bb22ee8660f192bb182771d498f09a3" +checksum = "22cddaf88f4fbc13c51aebbf5f8eceb5c7c5a9da2ac40a13519eb5b0a0e8f11c" dependencies = [ "serde", ] [[package]] name = "toml_edit" -version = "0.22.26" +version = "0.22.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "310068873db2c5b3e7659d2cc35d21855dbafa50d1ce336397c666e3cb08137e" +checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" dependencies = [ - "indexmap 2.9.0", + "indexmap 2.10.0", "serde", "serde_spanned", "toml_datetime", @@ -7027,9 +7037,9 @@ dependencies = [ [[package]] name = "toml_write" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfb942dfe1d8e29a7ee7fcbde5bd2b9a25fb89aa70caea2eba3bee836ff41076" +checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801" [[package]] name = "tower" @@ -7129,20 +7139,20 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.28" +version = "0.1.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d" +checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] name = "tracing-core" -version = "0.1.33" +version = "0.1.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c" +checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678" dependencies = [ "once_cell", "valuable", @@ -7231,7 +7241,7 @@ dependencies = [ "proc-macro2", "quote", "serde_derive_internals", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -7505,9 +7515,9 @@ dependencies = [ [[package]] name = "wasi" -version = "0.11.0+wasi-snapshot-preview1" +version = "0.11.1+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" [[package]] name = "wasi" @@ -7540,7 +7550,7 @@ dependencies = [ "log", "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", "wasm-bindgen-shared", ] @@ -7575,7 +7585,7 @@ checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -7649,14 +7659,14 @@ version = "0.26.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "521bc38abb08001b01866da9f51eb7c5d647a19260e00054a8c7fd5f9e57f7a9" dependencies = [ - "webpki-roots 1.0.0", + "webpki-roots 1.0.1", ] [[package]] name = "webpki-roots" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2853738d1cc4f2da3a225c18ec6c3721abb31961096e9dbf5ab35fa88b19cfdb" +checksum = "8782dd5a41a24eed3a4f40b606249b3e236ca61adf1f25ea4d45c73de122b502" dependencies = [ "rustls-pki-types", ] @@ -7752,7 +7762,7 @@ checksum = "a47fddd13af08290e67f4acabf4b459f647552718f683a7b415d290ac744a836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -7763,14 +7773,14 @@ checksum = "bd9211b69f8dcdfa817bfd14bf1c97c9188afa36f4750130fcdf3f400eca9fa8" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] name = "windows-link" -version = "0.1.1" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76840935b766e1b0a05c0066835fb9ec80071d4c09a16f6bd5f7e655e3c14c38" +checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a" [[package]] name = "windows-result" @@ -7817,6 +7827,15 @@ dependencies = [ "windows-targets 0.52.6", ] +[[package]] +name = "windows-sys" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb" +dependencies = [ + "windows-targets 0.53.2", +] + [[package]] name = "windows-targets" version = "0.48.5" @@ -7850,9 +7869,9 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.53.0" +version = "0.53.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1e4c7e8ceaaf9cb7d7507c974735728ab453b67ef8f18febdd7c11fe59dca8b" +checksum = "c66f69fcc9ce11da9966ddb31a40968cad001c5bedeb5c2b82ede4253ab48aef" dependencies = [ "windows_aarch64_gnullvm 0.53.0", "windows_aarch64_msvc 0.53.0", @@ -8004,9 +8023,9 @@ checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486" [[package]] name = "winnow" -version = "0.7.10" +version = "0.7.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c06928c8748d81b05c9be96aad92e1b6ff01833332f281e8cfca3be4b35fc9ec" +checksum = "74c7b26e3480b707944fc872477815d29a8e429d2f93a1ce000f5fa84a15cbcd" dependencies = [ "memchr", ] @@ -8142,28 +8161,28 @@ checksum = "38da3c9736e16c5d3c8c597a9aaa5d1fa565d0532ae05e27c24aa62fb32c0ab6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", "synstructure", ] [[package]] name = "zerocopy" -version = "0.8.25" +version = "0.8.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1702d9583232ddb9174e01bb7c15a2ab8fb1bc6f227aa1233858c351a3ba0cb" +checksum = "1039dd0d3c310cf05de012d8a39ff557cb0d23087fd44cad61df08fc31907a2f" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.8.25" +version = "0.8.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28a6e20d751156648aa063f3800b706ee209a32c0b4d9f24be3d980b01be55ef" +checksum = "9ecf5b4cc5364572d7f4c329661bcc82724222973f2cab6f050a4e5c22f75181" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -8183,7 +8202,7 @@ checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", "synstructure", ] @@ -8204,7 +8223,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -8237,5 +8256,5 @@ checksum = "5b96237efa0c878c64bd89c436f661be4e46b2f3eff1ebb976f7ef2321d2f58f" dependencies = [ "proc-macro2", "quote", - "syn 2.0.101", + "syn 2.0.104", ] diff --git a/Cargo.toml b/Cargo.toml index 238a1b88a..b0e1964fb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,5 @@ [workspace] members = [ - "crates/common", "crates/components/deap", "crates/components/cipher", "crates/components/hmac-sha256", @@ -13,7 +12,6 @@ members = [ "crates/notary/common", "crates/notary/server", "crates/notary/tests-integration", - "crates/prover", "crates/server-fixture/certs", "crates/server-fixture/server", "crates/tls/backend", @@ -22,11 +20,11 @@ members = [ "crates/tls/core", "crates/mpc-tls", "crates/tls/server-fixture", - "crates/verifier", "crates/wasm", "crates/harness/core", "crates/harness/executor", "crates/harness/runner", + "crates/tlsn", ] resolver = "2" @@ -50,7 +48,6 @@ notary-common = { path = "crates/notary/common" } notary-server = { path = "crates/notary/server" } tls-server-fixture = { path = "crates/tls/server-fixture" } tlsn-cipher = { path = "crates/components/cipher" } -tlsn-common = { path = "crates/common" } tlsn-core = { path = "crates/core" } tlsn-data-fixtures = { path = "crates/data-fixtures" } tlsn-deap = { path = "crates/components/deap" } @@ -58,7 +55,6 @@ tlsn-formats = { path = "crates/formats" } tlsn-hmac-sha256 = { path = "crates/components/hmac-sha256" } tlsn-key-exchange = { path = "crates/components/key-exchange" } tlsn-mpc-tls = { path = "crates/mpc-tls" } -tlsn-prover = { path = "crates/prover" } tlsn-server-fixture = { path = "crates/server-fixture/server" } tlsn-server-fixture-certs = { path = "crates/server-fixture/certs" } tlsn-tls-backend = { path = "crates/tls/backend" } @@ -70,7 +66,7 @@ tlsn-harness-core = { path = "crates/harness/core" } tlsn-harness-executor = { path = "crates/harness/executor" } tlsn-harness-runner = { path = "crates/harness/runner" } tlsn-wasm = { path = "crates/wasm" } -tlsn-verifier = { path = "crates/verifier" } +tlsn = { path = "crates/tlsn" } mpz-circuits = { git = "https://github.com/privacy-scaling-explorations/mpz", rev = "ccc0057" } mpz-memory-core = { git = "https://github.com/privacy-scaling-explorations/mpz", rev = "ccc0057" } @@ -150,6 +146,7 @@ rstest = { version = "0.17" } rustls = { version = "0.21" } rustls-pemfile = { version = "1.0" } sct = { version = "0.7" } +semver = { version = "1.0" } serde = { version = "1.0" } serde_json = { version = "1.0" } sha2 = { version = "0.10" } diff --git a/crates/common/Cargo.toml b/crates/common/Cargo.toml deleted file mode 100644 index c6aa1aaa0..000000000 --- a/crates/common/Cargo.toml +++ /dev/null @@ -1,44 +0,0 @@ -[package] -name = "tlsn-common" -description = "Common code shared between tlsn-prover and tlsn-verifier" -version = "0.1.0-alpha.13-pre" -edition = "2021" - -[lints] -workspace = true - -[features] -default = [] - -[dependencies] -tlsn-core = { workspace = true } -tlsn-tls-core = { workspace = true } -tlsn-cipher = { workspace = true } -mpz-core = { workspace = true } -mpz-common = { workspace = true } -mpz-memory-core = { workspace = true } -mpz-hash = { workspace = true } -mpz-vm-core = { workspace = true } -mpz-zk = { workspace = true } - -async-trait = { workspace = true } -derive_builder = { workspace = true } -futures = { workspace = true } -ghash = { workspace = true } -once_cell = { workspace = true } -opaque-debug = { workspace = true } -rand = { workspace = true } -rangeset = { workspace = true } -serio = { workspace = true, features = ["codec", "bincode"] } -thiserror = { workspace = true } -tracing = { workspace = true } -uid-mux = { workspace = true, features = ["serio"] } -serde = { workspace = true, features = ["derive"] } -semver = { version = "1.0", features = ["serde"] } - -[target.'cfg(target_arch = "wasm32")'.dependencies] -wasm-bindgen = { version = "0.2" } -web-spawn = { workspace = true } - -[dev-dependencies] -rstest = { workspace = true } diff --git a/crates/common/src/lib.rs b/crates/common/src/lib.rs deleted file mode 100644 index c22d02161..000000000 --- a/crates/common/src/lib.rs +++ /dev/null @@ -1,27 +0,0 @@ -//! Common code shared between `tlsn-prover` and `tlsn-verifier`. - -#![deny(missing_docs, unreachable_pub, unused_must_use)] -#![deny(clippy::all)] -#![forbid(unsafe_code)] - -pub mod commit; -pub mod config; -pub mod context; -pub mod encoding; -pub mod ghash; -pub mod msg; -pub mod mux; -pub mod tag; -pub mod transcript; -pub mod zk_aes_ctr; - -/// The party's role in the TLSN protocol. -/// -/// A Notary is classified as a Verifier. -#[derive(Debug, Clone, Copy, PartialEq, Eq)] -pub enum Role { - /// The prover. - Prover, - /// The verifier. - Verifier, -} diff --git a/crates/core/src/connection.rs b/crates/core/src/connection.rs index 1e00de971..11ee9d778 100644 --- a/crates/core/src/connection.rs +++ b/crates/core/src/connection.rs @@ -273,6 +273,15 @@ pub enum HandshakeData { impl_domain_separator!(HandshakeData); +/// Verify data from the TLS handshake finished messages. +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct VerifyData { + /// Client finished verify data. + pub client_finished: Vec, + /// Server finished verify data. + pub server_finished: Vec, +} + /// Server certificate and handshake data. #[derive(Debug, Clone, Serialize, Deserialize)] pub struct ServerCertData { diff --git a/crates/core/src/transcript.rs b/crates/core/src/transcript.rs index 06764670a..677bf7574 100644 --- a/crates/core/src/transcript.rs +++ b/crates/core/src/transcript.rs @@ -36,6 +36,7 @@ mod commit; pub mod encoding; pub mod hash; mod proof; +mod tls; use std::{fmt, ops::Range}; @@ -51,6 +52,7 @@ pub use commit::{ pub use proof::{ TranscriptProof, TranscriptProofBuilder, TranscriptProofBuilderError, TranscriptProofError, }; +pub use tls::{Record, TlsTranscript}; /// A transcript contains the plaintext of all application data communicated /// between the Prover and the Server. diff --git a/crates/core/src/transcript/tls.rs b/crates/core/src/transcript/tls.rs new file mode 100644 index 000000000..8fdc8e6d9 --- /dev/null +++ b/crates/core/src/transcript/tls.rs @@ -0,0 +1,328 @@ +//! TLS transcript. + +use crate::{ + connection::{ + Certificate, HandshakeData, HandshakeDataV1_2, ServerEphemKey, ServerSignature, TlsVersion, + VerifyData, + }, + transcript::{Direction, Transcript}, +}; +use tls_core::msgs::{ + alert::AlertMessagePayload, + codec::{Codec, Reader}, + enums::{AlertDescription, ContentType, ProtocolVersion}, + handshake::{HandshakeMessagePayload, HandshakePayload}, +}; + +/// A transcript of TLS records sent and received by the prover. +#[derive(Debug, Clone)] +pub struct TlsTranscript { + time: u64, + version: TlsVersion, + server_cert_chain: Option>, + server_signature: Option, + handshake_data: HandshakeData, + sent: Vec, + recv: Vec, +} + +impl TlsTranscript { + /// Creates a new TLS transcript. + #[allow(clippy::too_many_arguments)] + pub fn new( + time: u64, + version: TlsVersion, + server_cert_chain: Option>, + server_signature: Option, + handshake_data: HandshakeData, + verify_data: VerifyData, + sent: Vec, + recv: Vec, + ) -> Result { + let mut sent_iter = sent.iter(); + let mut recv_iter = recv.iter(); + + // Make sure the client finished verify data message was sent first. + if let Some(record) = sent_iter.next() { + let payload = record + .plaintext + .as_ref() + .ok_or(TlsTranscriptError::validation( + "client finished message was hidden from the follower", + ))?; + + let mut reader = Reader::init(payload); + let payload = + HandshakeMessagePayload::read_version(&mut reader, ProtocolVersion::TLSv1_2) + .ok_or(TlsTranscriptError::validation( + "first record sent was not a handshake message", + ))?; + + let HandshakePayload::Finished(vd) = payload.payload else { + return Err(TlsTranscriptError::validation( + "first record sent was not a client finished message", + )); + }; + + if vd.0 != verify_data.client_finished { + return Err(TlsTranscriptError::validation( + "inconsistent client finished verify data", + )); + } + } else { + return Err(TlsTranscriptError::validation( + "client finished was not sent", + )); + } + + // Make sure the server finished verify data message was received first. + if let Some(record) = recv_iter.next() { + let payload = record + .plaintext + .as_ref() + .ok_or(TlsTranscriptError::validation( + "server finished message was hidden from the follower", + ))?; + + let mut reader = Reader::init(payload); + let payload = + HandshakeMessagePayload::read_version(&mut reader, ProtocolVersion::TLSv1_2) + .ok_or(TlsTranscriptError::validation( + "first record received was not a handshake message", + ))?; + + let HandshakePayload::Finished(vd) = payload.payload else { + return Err(TlsTranscriptError::validation( + "first record received was not a server finished message", + )); + }; + + if vd.0 != verify_data.server_finished { + return Err(TlsTranscriptError::validation( + "inconsistent server finished verify data", + )); + } + } else { + return Err(TlsTranscriptError::validation( + "server finished was not received", + )); + } + + // Verify last record sent was either application data or close notify. + if let Some(record) = sent_iter.next_back() { + match record.typ { + ContentType::ApplicationData => {} + ContentType::Alert => { + // Ensure the alert is a close notify. + let payload = + record + .plaintext + .as_ref() + .ok_or(TlsTranscriptError::validation( + "alert content was hidden from the follower", + ))?; + + let mut reader = Reader::init(payload); + let payload = AlertMessagePayload::read(&mut reader).ok_or( + TlsTranscriptError::validation("alert message was malformed"), + )?; + + let AlertDescription::CloseNotify = payload.description else { + return Err(TlsTranscriptError::validation( + "sent alert that is not close notify", + )); + }; + } + typ => { + return Err(TlsTranscriptError::validation(format!( + "sent unexpected record content type: {typ:?}" + ))) + } + } + } + + // Verify last record received was either application data or close notify. + if let Some(record) = recv_iter.next_back() { + match record.typ { + ContentType::ApplicationData => {} + ContentType::Alert => { + // Ensure the alert is a close notify. + let payload = + record + .plaintext + .as_ref() + .ok_or(TlsTranscriptError::validation( + "alert content was hidden from the follower", + ))?; + + let mut reader = Reader::init(payload); + let payload = AlertMessagePayload::read(&mut reader).ok_or( + TlsTranscriptError::validation("alert message was malformed"), + )?; + + let AlertDescription::CloseNotify = payload.description else { + return Err(TlsTranscriptError::validation( + "received alert that is not close notify", + )); + }; + } + typ => { + return Err(TlsTranscriptError::validation(format!( + "received unexpected record content type: {typ:?}" + ))) + } + } + } + + // Ensure all other records were application data. + for record in sent_iter { + if record.typ != ContentType::ApplicationData { + return Err(TlsTranscriptError::validation(format!( + "sent unexpected record content type: {:?}", + record.typ + ))); + } + } + + for record in recv_iter { + if record.typ != ContentType::ApplicationData { + return Err(TlsTranscriptError::validation(format!( + "received unexpected record content type: {:?}", + record.typ + ))); + } + } + + Ok(Self { + time, + version, + server_cert_chain, + server_signature, + handshake_data, + sent, + recv, + }) + } + + /// Returns the start time of the connection. + pub fn time(&self) -> u64 { + self.time + } + + /// Returns the TLS protocol version. + pub fn version(&self) -> &TlsVersion { + &self.version + } + + /// Returns the server certificate chain. + pub fn server_cert_chain(&self) -> Option<&[Certificate]> { + self.server_cert_chain.as_deref() + } + + /// Returns the server signature. + pub fn server_signature(&self) -> Option<&ServerSignature> { + self.server_signature.as_ref() + } + + /// Returns the server ephemeral key used in the TLS handshake. + pub fn server_ephemeral_key(&self) -> &ServerEphemKey { + match &self.handshake_data { + HandshakeData::V1_2(HandshakeDataV1_2 { + server_ephemeral_key, + .. + }) => server_ephemeral_key, + } + } + + /// Returns the handshake data. + pub fn handshake_data(&self) -> &HandshakeData { + &self.handshake_data + } + + /// Returns the sent records. + pub fn sent(&self) -> &[Record] { + &self.sent + } + + /// Returns the received records. + pub fn recv(&self) -> &[Record] { + &self.recv + } + + /// Returns the application data transcript. + pub fn to_transcript(&self) -> Result { + let mut sent = Vec::new(); + let mut recv = Vec::new(); + + for record in self + .sent + .iter() + .filter(|record| record.typ == ContentType::ApplicationData) + { + let plaintext = record + .plaintext + .as_ref() + .ok_or(ErrorRepr::Incomplete { + direction: Direction::Sent, + seq: record.seq, + })? + .clone(); + sent.extend_from_slice(&plaintext); + } + + for record in self + .recv + .iter() + .filter(|record| record.typ == ContentType::ApplicationData) + { + let plaintext = record + .plaintext + .as_ref() + .ok_or(ErrorRepr::Incomplete { + direction: Direction::Received, + seq: record.seq, + })? + .clone(); + recv.extend_from_slice(&plaintext); + } + + Ok(Transcript::new(sent, recv)) + } +} + +/// A TLS record. +#[derive(Clone)] +pub struct Record { + /// Sequence number. + pub seq: u64, + /// Content type. + pub typ: ContentType, + /// Plaintext. + pub plaintext: Option>, + /// Explicit nonce. + pub explicit_nonce: Vec, + /// Ciphertext. + pub ciphertext: Vec, + /// Tag. + pub tag: Option>, +} + +opaque_debug::implement!(Record); + +#[derive(Debug, thiserror::Error)] +#[error("TLS transcript error: {0}")] +pub struct TlsTranscriptError(#[from] ErrorRepr); + +impl TlsTranscriptError { + fn validation(msg: impl Into) -> Self { + Self(ErrorRepr::Validation(msg.into())) + } +} + +#[derive(Debug, thiserror::Error)] +enum ErrorRepr { + #[error("validation error: {0}")] + Validation(String), + #[error("incomplete transcript ({direction}): seq {seq}")] + Incomplete { direction: Direction, seq: u64 }, +} diff --git a/crates/examples/Cargo.toml b/crates/examples/Cargo.toml index 0d48abe47..737243344 100644 --- a/crates/examples/Cargo.toml +++ b/crates/examples/Cargo.toml @@ -9,10 +9,8 @@ workspace = true [dependencies] notary-client = { workspace = true } -tlsn-common = { workspace = true } tlsn-core = { workspace = true } -tlsn-prover = { workspace = true } -tlsn-verifier = { workspace = true } +tlsn = { workspace = true } tlsn-formats = { workspace = true } tlsn-tls-core = { workspace = true } tls-server-fixture = { workspace = true } diff --git a/crates/examples/attestation/prove.rs b/crates/examples/attestation/prove.rs index 010384690..520334412 100644 --- a/crates/examples/attestation/prove.rs +++ b/crates/examples/attestation/prove.rs @@ -15,11 +15,13 @@ use tracing::debug; use notary_client::{Accepted, NotarizationRequest, NotaryClient}; use tls_core::verify::WebPkiVerifier; use tls_server_fixture::{CA_CERT_DER, SERVER_DOMAIN}; -use tlsn_common::config::ProtocolConfig; +use tlsn::{ + config::ProtocolConfig, + prover::{Prover, ProverConfig, TlsConfig}, +}; use tlsn_core::{request::RequestConfig, transcript::TranscriptCommitConfig, CryptoProvider}; use tlsn_examples::ExampleType; use tlsn_formats::http::{DefaultHttpCommitter, HttpCommit, HttpTranscript}; -use tlsn_prover::{Prover, ProverConfig, TlsConfig}; use tlsn_server_fixture::DEFAULT_FIXTURE_PORT; use tlsn_server_fixture_certs::{CLIENT_CERT, CLIENT_KEY}; diff --git a/crates/examples/interactive/interactive.rs b/crates/examples/interactive/interactive.rs index 119b61d1d..535a7a794 100644 --- a/crates/examples/interactive/interactive.rs +++ b/crates/examples/interactive/interactive.rs @@ -12,14 +12,16 @@ use tracing::instrument; use tls_core::verify::WebPkiVerifier; use tls_server_fixture::CA_CERT_DER; -use tlsn_common::config::{ProtocolConfig, ProtocolConfigValidator}; +use tlsn::{ + config::{ProtocolConfig, ProtocolConfigValidator}, + prover::{Prover, ProverConfig, TlsConfig}, + verifier::{Verifier, VerifierConfig}, +}; use tlsn_core::{ transcript::PartialTranscript, CryptoProvider, ProveConfig, VerifierOutput, VerifyConfig, }; -use tlsn_prover::{Prover, ProverConfig, TlsConfig}; use tlsn_server_fixture::DEFAULT_FIXTURE_PORT; use tlsn_server_fixture_certs::{CLIENT_CERT, CLIENT_KEY, SERVER_DOMAIN}; -use tlsn_verifier::{Verifier, VerifierConfig}; const SECRET: &str = "TLSNotary's private key 🤡"; diff --git a/crates/harness/executor/Cargo.toml b/crates/harness/executor/Cargo.toml index 7c6f4bc7f..cdcfcdc6a 100644 --- a/crates/harness/executor/Cargo.toml +++ b/crates/harness/executor/Cargo.toml @@ -13,10 +13,8 @@ wasm-opt = ["-O3"] [dependencies] tlsn-harness-core = { workspace = true } -tlsn-prover = { workspace = true } -tlsn-common = { workspace = true } +tlsn = { workspace = true } tlsn-core = { workspace = true } -tlsn-verifier = { workspace = true } tlsn-tls-core = { workspace = true } tlsn-server-fixture-certs = { workspace = true } diff --git a/crates/harness/executor/src/bench/prover.rs b/crates/harness/executor/src/bench/prover.rs index 42a957d64..dfad162ee 100644 --- a/crates/harness/executor/src/bench/prover.rs +++ b/crates/harness/executor/src/bench/prover.rs @@ -5,9 +5,11 @@ use futures::{AsyncReadExt, AsyncWriteExt, TryFutureExt}; use harness_core::bench::{Bench, ProverMetrics}; use tls_core::verify::WebPkiVerifier; -use tlsn_common::config::ProtocolConfig; +use tlsn::{ + config::ProtocolConfig, + prover::{Prover, ProverConfig}, +}; use tlsn_core::{CryptoProvider, ProveConfig}; -use tlsn_prover::{Prover, ProverConfig}; use tlsn_server_fixture_certs::{CA_CERT_DER, SERVER_DOMAIN}; use crate::{ diff --git a/crates/harness/executor/src/bench/verifier.rs b/crates/harness/executor/src/bench/verifier.rs index d27be6a2c..87da21eb9 100644 --- a/crates/harness/executor/src/bench/verifier.rs +++ b/crates/harness/executor/src/bench/verifier.rs @@ -2,10 +2,12 @@ use anyhow::Result; use harness_core::bench::Bench; use tls_core::verify::WebPkiVerifier; -use tlsn_common::config::ProtocolConfigValidator; +use tlsn::{ + config::ProtocolConfigValidator, + verifier::{Verifier, VerifierConfig}, +}; use tlsn_core::{CryptoProvider, VerifyConfig}; use tlsn_server_fixture_certs::CA_CERT_DER; -use tlsn_verifier::{Verifier, VerifierConfig}; use crate::{IoProvider, bench::RECV_PADDING}; diff --git a/crates/harness/executor/test_plugins/basic.rs b/crates/harness/executor/test_plugins/basic.rs index 163070459..b1bb01d0a 100644 --- a/crates/harness/executor/test_plugins/basic.rs +++ b/crates/harness/executor/test_plugins/basic.rs @@ -1,13 +1,15 @@ use tls_core::{anchors::RootCertStore, verify::WebPkiVerifier}; -use tlsn_common::config::{ProtocolConfig, ProtocolConfigValidator}; +use tlsn::{ + config::{ProtocolConfig, ProtocolConfigValidator}, + prover::{Prover, ProverConfig}, + verifier::{Verifier, VerifierConfig}, +}; use tlsn_core::{ CryptoProvider, ProveConfig, VerifierOutput, VerifyConfig, hash::HashAlgId, transcript::{TranscriptCommitConfig, TranscriptCommitment, TranscriptCommitmentKind}, }; -use tlsn_prover::{Prover, ProverConfig}; use tlsn_server_fixture_certs::{CA_CERT_DER, SERVER_DOMAIN}; -use tlsn_verifier::{Verifier, VerifierConfig}; use http_body_util::{BodyExt as _, Empty}; use hyper::{Request, StatusCode, body::Bytes}; diff --git a/crates/mpc-tls/Cargo.toml b/crates/mpc-tls/Cargo.toml index ff74a40ff..105dce21b 100644 --- a/crates/mpc-tls/Cargo.toml +++ b/crates/mpc-tls/Cargo.toml @@ -19,11 +19,11 @@ default = [] [dependencies] tlsn-cipher = { workspace = true } -tlsn-common = { workspace = true } tlsn-hmac-sha256 = { workspace = true } tlsn-key-exchange = { workspace = true } tlsn-tls-backend = { workspace = true } tlsn-tls-core = { workspace = true, features = ["serde"] } +tlsn-core = { workspace = true } mpz-common = { workspace = true } mpz-core = { workspace = true } @@ -54,6 +54,7 @@ ctr = { workspace = true } ghash_rc = { package = "ghash", version = "0.5" } tokio = { workspace = true, features = ["sync"] } pin-project-lite = { workspace = true } +web-time = { workspace = true } [dev-dependencies] mpz-ole = { workspace = true, features = ["test-utils"] } diff --git a/crates/mpc-tls/src/follower.rs b/crates/mpc-tls/src/follower.rs index 63be0894a..d4f37d94b 100644 --- a/crates/mpc-tls/src/follower.rs +++ b/crates/mpc-tls/src/follower.rs @@ -1,7 +1,7 @@ use crate::{ - msg::Message, + msg::{Message, StartHandshake}, record_layer::{aead::MpcAesGcm, RecordLayer}, - Config, FollowerData, MpcTlsError, Role, SessionKeys, Vm, + Config, MpcTlsError, Role, SessionKeys, Vm, }; use hmac_sha256::{MpcPrf, PrfOutput}; use ke::KeyExchange; @@ -20,15 +20,16 @@ use mpz_ot::{ use mpz_share_conversion::{ShareConversionReceiver, ShareConversionSender}; use serio::stream::IoStreamExt; use std::mem; -use tls_core::msgs::{ - alert::AlertMessagePayload, - codec::{Codec, Reader}, - enums::{AlertDescription, ContentType, NamedGroup, ProtocolVersion}, - handshake::{HandshakeMessagePayload, HandshakePayload}, +use tls_core::msgs::enums::NamedGroup; +use tlsn_core::{ + connection::{HandshakeData, HandshakeDataV1_2, TlsVersion, VerifyData}, + transcript::TlsTranscript, }; -use tlsn_common::transcript::TlsTranscript; use tracing::{debug, instrument}; +// Maximum handshake time difference in seconds. +const MAX_TIME_DIFF: u64 = 5; + /// MPC-TLS follower. #[derive(Debug)] pub struct MpcTlsFollower { @@ -143,7 +144,6 @@ impl MpcTlsFollower { self.state = State::Setup { vm, - keys: keys.clone(), ke, prf, record_layer, @@ -159,12 +159,12 @@ impl MpcTlsFollower { pub async fn preprocess(&mut self) -> Result<(), MpcTlsError> { let State::Setup { vm, - keys, mut ke, prf, mut record_layer, cf_vd, sf_vd, + .. } = self.state.take() else { return Err(MpcTlsError::state("must be in setup state to preprocess")); @@ -203,7 +203,6 @@ impl MpcTlsFollower { self.state = State::Ready { vm, - keys, ke, prf, record_layer, @@ -216,20 +215,21 @@ impl MpcTlsFollower { /// Runs the follower. #[instrument(skip_all, err)] - pub async fn run(mut self) -> Result<(Context, FollowerData), MpcTlsError> { + pub async fn run(mut self) -> Result<(Context, TlsTranscript), MpcTlsError> { let State::Ready { vm, - keys, mut ke, mut prf, mut record_layer, cf_vd: mut cf_vd_fut, sf_vd: mut sf_vd_fut, + .. } = self.state.take() else { return Err(MpcTlsError::state("must be in ready state to run")); }; + let mut time = None; let mut client_random = None; let mut server_random = None; let mut server_key = None; @@ -244,7 +244,23 @@ impl MpcTlsFollower { } prf.set_client_random(random.random)?; - client_random = Some(random); + client_random = Some(random.random); + } + Message::StartHandshake(StartHandshake { time: prover_time }) => { + if time.is_some() { + return Err(MpcTlsError::hs("time already set")); + } + + let this_time = web_time::UNIX_EPOCH + .elapsed() + .expect("system time is available") + .as_secs(); + + if prover_time.abs_diff(this_time) > MAX_TIME_DIFF { + return Err(MpcTlsError::hs("handshake time difference exceeds limit")); + } + + time = Some(prover_time); } Message::SetServerRandom(random) => { if server_random.is_some() { @@ -252,7 +268,7 @@ impl MpcTlsFollower { } prf.set_server_random(random.random)?; - server_random = Some(random); + server_random = Some(random.random); } Message::SetServerKey(key) => { if server_key.is_some() { @@ -378,24 +394,41 @@ impl MpcTlsFollower { debug!("committing"); - let transcript = record_layer.commit(&mut self.ctx, vm).await?; + let (sent_records, recv_records) = record_layer.commit(&mut self.ctx, vm).await?; debug!("committed"); + let time = time.ok_or(MpcTlsError::hs("time was not set"))?; let server_key = server_key.ok_or(MpcTlsError::hs("server key not set"))?; + let client_random = client_random.ok_or(MpcTlsError::hs("client random not set"))?; + let server_random = server_random.ok_or(MpcTlsError::hs("client random not set"))?; let cf_vd = cf_vd.ok_or(MpcTlsError::hs("client finished VD not computed"))?; let sf_vd = sf_vd.ok_or(MpcTlsError::hs("server finished VD not computed"))?; - validate_transcript(cf_vd, sf_vd, &transcript)?; + let handshake_data = HandshakeData::V1_2(HandshakeDataV1_2 { + client_random, + server_random, + server_ephemeral_key: server_key + .try_into() + .expect("only supported key scheme should have been accepted"), + }); - Ok(( - self.ctx, - FollowerData { - server_key, - transcript, - keys, + let transcript = TlsTranscript::new( + time, + TlsVersion::V1_2, + None, + None, + handshake_data, + VerifyData { + client_finished: cf_vd.to_vec(), + server_finished: sf_vd.to_vec(), }, - )) + sent_records, + recv_records, + ) + .map_err(MpcTlsError::other)?; + + Ok((self.ctx, transcript)) } } @@ -408,7 +441,6 @@ enum State { }, Setup { vm: Vm, - keys: SessionKeys, ke: Box, prf: MpcPrf, record_layer: RecordLayer, @@ -417,7 +449,6 @@ enum State { }, Ready { vm: Vm, - keys: SessionKeys, ke: Box, prf: MpcPrf, record_layer: RecordLayer, @@ -443,145 +474,3 @@ impl std::fmt::Debug for State { } } } - -fn validate_transcript( - cf_vd: [u8; 12], - sf_vd: [u8; 12], - transcript: &TlsTranscript, -) -> Result<(), MpcTlsError> { - let mut sent = transcript.sent.iter(); - let mut recv = transcript.recv.iter(); - - // Make sure the client finished verify data message was consistent. - if let Some(record) = sent.next() { - let payload = record.plaintext.as_ref().ok_or(MpcTlsError::record_layer( - "client finished message was hidden from the follower", - ))?; - - let mut reader = Reader::init(payload); - let payload = HandshakeMessagePayload::read_version(&mut reader, ProtocolVersion::TLSv1_2) - .ok_or(MpcTlsError::record_layer( - "first record sent was not a handshake message", - ))?; - - let HandshakePayload::Finished(actual_cf_vd) = payload.payload else { - return Err(MpcTlsError::record_layer( - "first record sent was not a client finished message", - )); - }; - - if cf_vd != actual_cf_vd.0.as_slice() { - return Err(MpcTlsError::record_layer(format!( - "client finished verify data does not match output from PRF: {cf_vd:?} != {actual_cf_vd:?}" - ))); - } - } else { - return Err(MpcTlsError::record_layer("client finished was not sent")); - } - - // Make sure the server finished verify data message was consistent. - if let Some(record) = recv.next() { - let payload = record.plaintext.as_ref().ok_or(MpcTlsError::record_layer( - "server finished message was hidden from the follower", - ))?; - - let mut reader = Reader::init(payload); - let payload = HandshakeMessagePayload::read_version(&mut reader, ProtocolVersion::TLSv1_2) - .ok_or(MpcTlsError::record_layer( - "first record received was not a handshake message", - ))?; - - let HandshakePayload::Finished(actual_sf_vd) = payload.payload else { - return Err(MpcTlsError::record_layer( - "first record received was not a server finished message", - )); - }; - - if sf_vd != actual_sf_vd.0.as_slice() { - return Err(MpcTlsError::record_layer(format!( - "server finished verify data does not match output from PRF: {sf_vd:?} != {actual_sf_vd:?}" - ))); - } - } else { - return Err(MpcTlsError::record_layer( - "server finished was not received", - )); - } - - // Verify last record sent was either application data or close notify. - if let Some(record) = sent.next_back() { - match record.typ { - ContentType::ApplicationData => {} - ContentType::Alert => { - // Ensure the alert is a close notify. - let payload = record.plaintext.as_ref().ok_or(MpcTlsError::record_layer( - "alert content was hidden from the follower", - ))?; - - let mut reader = Reader::init(payload); - let payload = AlertMessagePayload::read(&mut reader) - .ok_or(MpcTlsError::record_layer("alert message was malformed"))?; - - let AlertDescription::CloseNotify = payload.description else { - return Err(MpcTlsError::record_layer( - "sent alert that is not close notify", - )); - }; - } - typ => { - return Err(MpcTlsError::record_layer(format!( - "sent unexpected record content type: {typ:?}" - ))) - } - } - } - - // Verify last record received was either application data or close notify. - if let Some(record) = recv.next_back() { - match record.typ { - ContentType::ApplicationData => {} - ContentType::Alert => { - // Ensure the alert is a close notify. - let payload = record.plaintext.as_ref().ok_or(MpcTlsError::record_layer( - "alert content was hidden from the follower", - ))?; - - let mut reader = Reader::init(payload); - let payload = AlertMessagePayload::read(&mut reader) - .ok_or(MpcTlsError::record_layer("alert message was malformed"))?; - - let AlertDescription::CloseNotify = payload.description else { - return Err(MpcTlsError::record_layer( - "received alert that is not close notify", - )); - }; - } - typ => { - return Err(MpcTlsError::record_layer(format!( - "received unexpected record content type: {typ:?}" - ))) - } - } - } - - // Ensure all other records were application data. - for record in sent { - if record.typ != ContentType::ApplicationData { - return Err(MpcTlsError::record_layer(format!( - "sent unexpected record content type: {:?}", - record.typ - ))); - } - } - - for record in recv { - if record.typ != ContentType::ApplicationData { - return Err(MpcTlsError::record_layer(format!( - "received unexpected record content type: {:?}", - record.typ - ))); - } - } - - Ok(()) -} diff --git a/crates/mpc-tls/src/leader.rs b/crates/mpc-tls/src/leader.rs index d27cdbc07..3d522f19b 100644 --- a/crates/mpc-tls/src/leader.rs +++ b/crates/mpc-tls/src/leader.rs @@ -4,11 +4,11 @@ use crate::{ error::MpcTlsError, msg::{ ClientFinishedVd, Decrypt, Encrypt, Message, ServerFinishedVd, SetClientRandom, - SetServerKey, SetServerRandom, + SetServerKey, SetServerRandom, StartHandshake, }, record_layer::{aead::MpcAesGcm, DecryptMode, EncryptMode, RecordLayer}, utils::opaque_into_parts, - Config, LeaderOutput, Role, SessionKeys, Vm, + Config, Role, SessionKeys, Vm, }; use async_trait::async_trait; use hmac_sha256::{MpcPrf, PrfOutput}; @@ -42,6 +42,12 @@ use tls_core::{ }, suites::SupportedCipherSuite, }; +use tlsn_core::{ + connection::{ + Certificate, HandshakeData, HandshakeDataV1_2, ServerSignature, TlsVersion, VerifyData, + }, + transcript::TlsTranscript, +}; use tracing::{debug, instrument, trace, warn}; /// Controller for MPC-TLS leader. @@ -175,12 +181,11 @@ impl MpcTlsLeader { self.state = State::Setup { ctx, vm, - keys: keys.clone(), ke, prf, record_layer, - cf_vd, - sf_vd, + cf_vd_fut: cf_vd, + sf_vd_fut: sf_vd, client_random, }; @@ -193,13 +198,13 @@ impl MpcTlsLeader { let State::Setup { mut ctx, vm, - keys, mut ke, mut prf, mut record_layer, - cf_vd, - sf_vd, + cf_vd_fut, + sf_vd_fut, client_random, + .. } = self.state.take() else { return Err(MpcTlsError::state("must be in setup state to preprocess")); @@ -250,12 +255,12 @@ impl MpcTlsLeader { self.state = State::Handshake { ctx, vm, - keys, ke, prf, record_layer, - cf_vd, - sf_vd, + cf_vd_fut, + sf_vd_fut, + time: None, protocol_version: None, cipher_suite: None, client_random, @@ -274,10 +279,11 @@ impl MpcTlsLeader { let State::Active { mut ctx, vm, - keys, mut record_layer, + cf_vd, + sf_vd, + time, protocol_version, - cipher_suite, client_random, server_random, server_cert_details, @@ -297,7 +303,7 @@ impl MpcTlsLeader { debug!("committing to transcript"); - let transcript = record_layer.commit(&mut ctx, vm.clone()).await?; + let (sent_records, recv_records) = record_layer.commit(&mut ctx, vm.clone()).await?; debug!("committed to transcript"); @@ -306,21 +312,59 @@ impl MpcTlsLeader { self.notifier.set(); } + let cf_vd = cf_vd.ok_or(MpcTlsError::state("client finished verify data not set"))?; + let sf_vd = sf_vd.ok_or(MpcTlsError::state("server finished verify data not set"))?; + + let version = match protocol_version { + ProtocolVersion::TLSv1_2 => TlsVersion::V1_2, + version => { + panic!("only TLS 1.2 should have been accepted: {version:?}") + } + }; + + let server_cert_chain = server_cert_details + .cert_chain() + .iter() + .map(|cert| Certificate(cert.0.clone())) + .collect(); + + let server_signature = ServerSignature { + scheme: server_kx_details + .kx_sig() + .scheme + .try_into() + .expect("only supported signature scheme should have been accepted"), + sig: server_kx_details.kx_sig().sig.0.clone(), + }; + + let handshake_data = HandshakeData::V1_2(HandshakeDataV1_2 { + client_random: client_random.0, + server_random: server_random.0, + server_ephemeral_key: server_key + .try_into() + .expect("only supported key scheme should have been accepted"), + }); + + let transcript = TlsTranscript::new( + time, + version, + Some(server_cert_chain), + Some(server_signature), + handshake_data, + VerifyData { + client_finished: cf_vd.to_vec(), + server_finished: sf_vd.to_vec(), + }, + sent_records, + recv_records, + ) + .map_err(MpcTlsError::other)?; + self.state = State::Closed { ctx, vm, record_layer, - data: LeaderOutput { - protocol_version, - cipher_suite, - server_key, - server_cert_details, - server_kx_details, - client_random, - server_random, - transcript, - keys, - }, + transcript, }; Ok(()) @@ -419,6 +463,7 @@ impl Backend for MpcTlsLeader { ctx, prf, server_random, + time, .. } = &mut self.state else { @@ -427,6 +472,18 @@ impl Backend for MpcTlsLeader { ); }; + let now = web_time::UNIX_EPOCH + .elapsed() + .expect("system time is available") + .as_secs(); + + *time = Some(now); + + ctx.io_mut() + .send(Message::StartHandshake(StartHandshake { time: now })) + .await + .map_err(MpcTlsError::from)?; + ctx.io_mut() .send(Message::SetServerRandom(SetServerRandom { random: random.0, @@ -520,6 +577,7 @@ impl Backend for MpcTlsLeader { ctx, vm, prf, + sf_vd_fut, sf_vd, .. } = &mut self.state @@ -552,12 +610,14 @@ impl Backend for MpcTlsLeader { vm.execute_all(ctx).await.map_err(MpcTlsError::hs)?; } - let sf_vd = sf_vd + let vd = sf_vd_fut .try_recv() .map_err(MpcTlsError::hs)? .ok_or_else(|| MpcTlsError::hs("sf_vd is not decoded"))?; - Ok(sf_vd.to_vec()) + *sf_vd = Some(vd); + + Ok(vd.to_vec()) } #[instrument(level = "debug", skip_all, err)] @@ -566,6 +626,7 @@ impl Backend for MpcTlsLeader { ctx, vm, prf, + cf_vd_fut, cf_vd, .. } = &mut self.state @@ -598,12 +659,14 @@ impl Backend for MpcTlsLeader { vm.execute_all(ctx).await.map_err(MpcTlsError::hs)?; } - let cf_vd = cf_vd + let vd = cf_vd_fut .try_recv() .map_err(MpcTlsError::hs)? .ok_or_else(|| MpcTlsError::hs("cf_vd is not decoded"))?; - Ok(cf_vd.to_vec()) + *cf_vd = Some(vd); + + Ok(vd.to_vec()) } #[instrument(level = "debug", skip_all, err)] @@ -611,19 +674,19 @@ impl Backend for MpcTlsLeader { let State::Handshake { mut ctx, vm, - keys, mut ke, mut prf, mut record_layer, - cf_vd, - sf_vd, + cf_vd_fut, + sf_vd_fut, + time, protocol_version, - cipher_suite, client_random, server_random, server_cert_details, server_key, server_kx_details, + .. } = self.state.take() else { return Err( @@ -633,10 +696,9 @@ impl Backend for MpcTlsLeader { debug!("preparing encryption"); + let time = time.ok_or_else(|| MpcTlsError::hs("time is not set"))?; let protocol_version = protocol_version.ok_or_else(|| MpcTlsError::hs("protocol version is not set"))?; - let cipher_suite = - cipher_suite.ok_or_else(|| MpcTlsError::hs("cipher suite is not set"))?; let server_random = server_random.ok_or_else(|| MpcTlsError::hs("server random is not set"))?; let server_cert_details = @@ -676,14 +738,15 @@ impl Backend for MpcTlsLeader { self.state = State::Active { ctx, vm, - keys, _ke: ke, prf, record_layer, - cf_vd, - sf_vd, + cf_vd_fut, + sf_vd_fut, + cf_vd: None, + sf_vd: None, + time, protocol_version, - cipher_suite, client_random, server_random, server_cert_details, @@ -983,23 +1046,22 @@ enum State { Setup { ctx: Context, vm: Vm, - keys: SessionKeys, ke: Box, prf: MpcPrf, record_layer: RecordLayer, - cf_vd: DecodeFutureTyped, - sf_vd: DecodeFutureTyped, + cf_vd_fut: DecodeFutureTyped, + sf_vd_fut: DecodeFutureTyped, client_random: Random, }, Handshake { ctx: Context, vm: Vm, - keys: SessionKeys, ke: Box, prf: MpcPrf, record_layer: RecordLayer, - cf_vd: DecodeFutureTyped, - sf_vd: DecodeFutureTyped, + cf_vd_fut: DecodeFutureTyped, + sf_vd_fut: DecodeFutureTyped, + time: Option, protocol_version: Option, cipher_suite: Option, client_random: Random, @@ -1011,14 +1073,15 @@ enum State { Active { ctx: Context, vm: Vm, - keys: SessionKeys, _ke: Box, prf: MpcPrf, record_layer: RecordLayer, - cf_vd: DecodeFutureTyped, - sf_vd: DecodeFutureTyped, + cf_vd_fut: DecodeFutureTyped, + sf_vd_fut: DecodeFutureTyped, + cf_vd: Option<[u8; 12]>, + sf_vd: Option<[u8; 12]>, + time: u64, protocol_version: ProtocolVersion, - cipher_suite: CipherSuite, client_random: Random, server_random: Random, server_cert_details: ServerCertDetails, @@ -1029,7 +1092,7 @@ enum State { ctx: Context, vm: Vm, record_layer: RecordLayer, - data: LeaderOutput, + transcript: TlsTranscript, }, Error, } diff --git a/crates/mpc-tls/src/leader/actor.rs b/crates/mpc-tls/src/leader/actor.rs index 363e8d4e9..4697036f4 100644 --- a/crates/mpc-tls/src/leader/actor.rs +++ b/crates/mpc-tls/src/leader/actor.rs @@ -1,5 +1,5 @@ use crate::{ - leader::{LeaderOutput, MpcTlsLeader, State}, + leader::{MpcTlsLeader, State}, MpcTlsError, }; use async_trait::async_trait; @@ -18,6 +18,7 @@ use tls_core::{ }, suites::SupportedCipherSuite, }; +use tlsn_core::transcript::TlsTranscript; use tracing::{debug, Instrument}; #[derive(Clone)] @@ -69,7 +70,7 @@ impl MpcTlsLeader { mut self, ) -> ( MpcTlsLeaderCtrl, - impl Future>, + impl Future>, ) { let (mut mailbox, address) = mailbox(100); @@ -82,17 +83,20 @@ impl MpcTlsLeader { } impl Actor for MpcTlsLeader { - type Stop = (Context, LeaderOutput); + type Stop = (Context, TlsTranscript); type Error = MpcTlsError; async fn stopped(&mut self) -> Result { debug!("leader actor stopped"); - let State::Closed { ctx, data, .. } = self.state.take() else { + let State::Closed { + ctx, transcript, .. + } = self.state.take() + else { return Err(MpcTlsError::state("leader actor stopped in invalid state")); }; - Ok((ctx, data)) + Ok((ctx, transcript)) } } diff --git a/crates/mpc-tls/src/lib.rs b/crates/mpc-tls/src/lib.rs index 4d75e0c79..131ee84da 100644 --- a/crates/mpc-tls/src/lib.rs +++ b/crates/mpc-tls/src/lib.rs @@ -25,16 +25,7 @@ use mpz_memory_core::{ Array, }; use mpz_vm_core::Vm as VmTrait; -use tls_core::{ - cert::ServerCertDetails, - ke::ServerKxDetails, - key::PublicKey, - msgs::{ - enums::{CipherSuite, ProtocolVersion}, - handshake::Random, - }, -}; -use tlsn_common::transcript::TlsTranscript; + use tokio::sync::Mutex; pub(crate) type BoxFut = Pin + Send + Sync + 'static>>; @@ -61,38 +52,3 @@ pub struct SessionKeys { /// Server write MAC key. pub server_write_mac_key: Array, } - -/// MPC-TLS Leader output. -#[derive(Debug)] -pub struct LeaderOutput { - /// TLS protocol version. - pub protocol_version: ProtocolVersion, - /// TLS cipher suite. - pub cipher_suite: CipherSuite, - /// Server ephemeral public key. - pub server_key: PublicKey, - /// Server certificate chain and related details. - pub server_cert_details: ServerCertDetails, - /// Key exchange details. - pub server_kx_details: ServerKxDetails, - /// Client random. - pub client_random: Random, - /// Server random. - pub server_random: Random, - /// TLS transcript. - pub transcript: TlsTranscript, - /// TLS session keys. - pub keys: SessionKeys, -} - -/// MPC-TLS Follower output. -#[derive(Debug)] -pub struct FollowerData { - /// Server ephemeral public key. - pub server_key: PublicKey, - /// TLS transcript in which the received records are unauthenticated - /// from the follower's perspective. - pub transcript: TlsTranscript, - /// TLS session keys. - pub keys: SessionKeys, -} diff --git a/crates/mpc-tls/src/msg.rs b/crates/mpc-tls/src/msg.rs index a150f0eb3..00d982c8e 100644 --- a/crates/mpc-tls/src/msg.rs +++ b/crates/mpc-tls/src/msg.rs @@ -10,6 +10,7 @@ use crate::record_layer::{DecryptMode, EncryptMode}; #[derive(Debug, Clone, Serialize, Deserialize)] pub(crate) enum Message { SetClientRandom(SetClientRandom), + StartHandshake(StartHandshake), SetServerRandom(SetServerRandom), SetServerKey(SetServerKey), ClientFinishedVd(ClientFinishedVd), @@ -26,6 +27,11 @@ pub(crate) struct SetClientRandom { pub(crate) random: [u8; 32], } +#[derive(Debug, Clone, Serialize, Deserialize)] +pub(crate) struct StartHandshake { + pub(crate) time: u64, +} + #[derive(Debug, Clone, Serialize, Deserialize)] pub(crate) struct SetServerRandom { pub(crate) random: [u8; 32], diff --git a/crates/mpc-tls/src/record_layer.rs b/crates/mpc-tls/src/record_layer.rs index e350c578a..bd200f4ca 100644 --- a/crates/mpc-tls/src/record_layer.rs +++ b/crates/mpc-tls/src/record_layer.rs @@ -21,7 +21,7 @@ use tls_core::{ cipher::make_tls12_aad, msgs::enums::{ContentType, ProtocolVersion}, }; -use tlsn_common::transcript::{Record, TlsTranscript}; +use tlsn_core::transcript::Record; use tokio::sync::Mutex; use tracing::{debug, instrument}; @@ -489,11 +489,9 @@ impl RecordLayer { seq: op.seq, typ: op.typ, plaintext: op.plaintext, - plaintext_ref: pending.plaintext_ref, explicit_nonce: op.explicit_nonce, ciphertext, tag, - version: op.version, }); } @@ -509,11 +507,9 @@ impl RecordLayer { seq: op.seq, typ: op.typ, plaintext, - plaintext_ref: None, explicit_nonce: op.explicit_nonce, ciphertext: op.ciphertext, tag: Some(op.tag), - version: op.version, }); } @@ -526,7 +522,7 @@ impl RecordLayer { &mut self, ctx: &mut Context, vm: Vm, - ) -> Result { + ) -> Result<(Vec, Vec), MpcTlsError> { let State::Online { sent_records, mut recv_records, @@ -584,20 +580,15 @@ impl RecordLayer { seq: op.seq, typ: op.typ, plaintext, - plaintext_ref: None, explicit_nonce: op.explicit_nonce, ciphertext: op.ciphertext, tag: Some(op.tag), - version: op.version, }); } self.state = State::Complete {}; - Ok(TlsTranscript { - sent: sent_records, - recv: recv_records, - }) + Ok((sent_records, recv_records)) } fn next_write( diff --git a/crates/mpc-tls/src/record_layer/aead/ghash.rs b/crates/mpc-tls/src/record_layer/aead/ghash.rs index c08585378..3664e338e 100644 --- a/crates/mpc-tls/src/record_layer/aead/ghash.rs +++ b/crates/mpc-tls/src/record_layer/aead/ghash.rs @@ -274,6 +274,29 @@ impl Add for TagShare { } } +/// Builds padded data for GHASH. +fn build_ghash_data(mut aad: Vec, mut ciphertext: Vec) -> Vec { + let associated_data_bitlen = (aad.len() as u64) * 8; + let text_bitlen = (ciphertext.len() as u64) * 8; + + let len_block = ((associated_data_bitlen as u128) << 64) + (text_bitlen as u128); + + // Pad data to be a multiple of 16 bytes. + let aad_padded_block_count = (aad.len() / 16) + (aad.len() % 16 != 0) as usize; + aad.resize(aad_padded_block_count * 16, 0); + + let ciphertext_padded_block_count = + (ciphertext.len() / 16) + (ciphertext.len() % 16 != 0) as usize; + ciphertext.resize(ciphertext_padded_block_count * 16, 0); + + let mut data: Vec = Vec::with_capacity(aad.len() + ciphertext.len() + 16); + data.extend(aad); + data.extend(ciphertext); + data.extend_from_slice(&len_block.to_be_bytes()); + + data +} + #[derive(Debug, thiserror::Error)] #[error(transparent)] pub(crate) struct GhashError(#[from] ErrorRepr); diff --git a/crates/mpc-tls/src/record_layer/aead/ghash/compute.rs b/crates/mpc-tls/src/record_layer/aead/ghash/compute.rs index 129fcea2f..c3eb1b418 100644 --- a/crates/mpc-tls/src/record_layer/aead/ghash/compute.rs +++ b/crates/mpc-tls/src/record_layer/aead/ghash/compute.rs @@ -4,12 +4,11 @@ use async_trait::async_trait; use futures::{stream::FuturesOrdered, StreamExt as _}; use mpz_common::{Context, Task}; use serio::{stream::IoStreamExt, SinkExt}; -use tlsn_common::ghash::build_ghash_data; use crate::{ decode::OneTimePadShared, record_layer::aead::{ - ghash::{Ghash, TagShare}, + ghash::{build_ghash_data, Ghash, TagShare}, AeadError, }, Role, diff --git a/crates/mpc-tls/src/record_layer/aead/ghash/verify.rs b/crates/mpc-tls/src/record_layer/aead/ghash/verify.rs index b68a5592f..954a4ab0f 100644 --- a/crates/mpc-tls/src/record_layer/aead/ghash/verify.rs +++ b/crates/mpc-tls/src/record_layer/aead/ghash/verify.rs @@ -4,12 +4,11 @@ use async_trait::async_trait; use futures::{stream::FuturesOrdered, StreamExt}; use mpz_common::{Context, Task}; use serio::{stream::IoStreamExt, SinkExt}; -use tlsn_common::ghash::build_ghash_data; use crate::{ decode::OneTimePadShared, record_layer::aead::{ - ghash::{Ghash, TagShare}, + ghash::{build_ghash_data, Ghash, TagShare}, AeadError, }, Role, diff --git a/crates/mpc-tls/src/record_layer/encrypt.rs b/crates/mpc-tls/src/record_layer/encrypt.rs index 63bebd255..28d2c7eff 100644 --- a/crates/mpc-tls/src/record_layer/encrypt.rs +++ b/crates/mpc-tls/src/record_layer/encrypt.rs @@ -1,9 +1,6 @@ use futures::TryFutureExt as _; use mpz_core::bitvec::BitVec; -use mpz_memory_core::{ - binary::{Binary, U8}, - DecodeFutureTyped, Vector, -}; +use mpz_memory_core::{binary::Binary, DecodeFutureTyped}; use mpz_vm_core::{prelude::*, Vm}; use serde::{Deserialize, Serialize}; use tls_core::msgs::enums::{ContentType, ProtocolVersion}; @@ -21,14 +18,7 @@ fn private( vm: &mut dyn Vm, encrypter: &mut MpcAesGcm, op: &EncryptOp, -) -> Result< - ( - Vector, - EncryptOutput, - BoxFut, AeadError>>, - ), - MpcTlsError, -> { +) -> Result<(EncryptOutput, BoxFut, AeadError>>), MpcTlsError> { let (plaintext, ciphertext) = encrypter .apply_keystream(vm, op.explicit_nonce.clone(), op.len) .map_err(MpcTlsError::record_layer)?; @@ -46,7 +36,6 @@ fn private( ); Ok(( - plaintext, EncryptOutput::Private(EncryptPrivate { ciphertext: vm.decode(ciphertext).map_err(MpcTlsError::record_layer)?, }), @@ -107,21 +96,15 @@ pub(crate) fn encrypt( for op in ops { match op.mode { EncryptMode::Private => { - let (plaintext_ref, output, ciphertext_fut) = private(vm, encrypter, op)?; + let (output, ciphertext_fut) = private(vm, encrypter, op)?; - outputs.push(PendingEncrypt { - plaintext_ref: Some(plaintext_ref), - output, - }); + outputs.push(PendingEncrypt { output }); ciphertext_futs.push(ciphertext_fut); } EncryptMode::Public => { let (output, ciphertext_fut) = public(vm, encrypter, op)?; - outputs.push(PendingEncrypt { - plaintext_ref: None, - output, - }); + outputs.push(PendingEncrypt { output }); ciphertext_futs.push(ciphertext_fut); } } @@ -213,7 +196,6 @@ impl EncryptOutput { } pub(crate) struct PendingEncrypt { - pub(crate) plaintext_ref: Option>, pub(crate) output: EncryptOutput, } diff --git a/crates/notary/server/Cargo.toml b/crates/notary/server/Cargo.toml index 3304a7d32..fce4fd25a 100644 --- a/crates/notary/server/Cargo.toml +++ b/crates/notary/server/Cargo.toml @@ -12,8 +12,7 @@ tee_quote = ["dep:mc-sgx-dcap-types", "dep:hex"] [dependencies] notary-common = { workspace = true } tlsn-core = { workspace = true } -tlsn-common = { workspace = true } -tlsn-verifier = { workspace = true } +tlsn = { workspace = true } async-tungstenite = { workspace = true, features = ["tokio-native-tls"] } axum = { workspace = true, features = ["ws"] } diff --git a/crates/notary/server/src/error.rs b/crates/notary/server/src/error.rs index 4b5ec6691..4acce8a99 100644 --- a/crates/notary/server/src/error.rs +++ b/crates/notary/server/src/error.rs @@ -2,9 +2,10 @@ use axum::http::StatusCode; use axum_core::response::{IntoResponse as AxumCoreIntoResponse, Response}; use eyre::Report; use std::error::Error; -use tlsn_common::config::ProtocolConfigValidatorBuilderError; - -use tlsn_verifier::{VerifierConfigBuilderError, VerifierError}; +use tlsn::{ + config::ProtocolConfigValidatorBuilderError, + verifier::{VerifierConfigBuilderError, VerifierError}, +}; #[derive(Debug, thiserror::Error)] pub enum NotaryServerError { diff --git a/crates/notary/server/src/service.rs b/crates/notary/server/src/service.rs index e7b33f51b..9209565d2 100644 --- a/crates/notary/server/src/service.rs +++ b/crates/notary/server/src/service.rs @@ -12,9 +12,11 @@ use axum_macros::debug_handler; use eyre::eyre; use notary_common::{NotarizationSessionRequest, NotarizationSessionResponse}; use std::time::Duration; -use tlsn_common::config::ProtocolConfigValidator; +use tlsn::{ + config::ProtocolConfigValidator, + verifier::{Verifier, VerifierConfig}, +}; use tlsn_core::attestation::AttestationConfig; -use tlsn_verifier::{Verifier, VerifierConfig}; use tokio::{ io::{AsyncRead, AsyncWrite}, time::timeout, diff --git a/crates/notary/tests-integration/Cargo.toml b/crates/notary/tests-integration/Cargo.toml index 5f081e15f..c1e19fa50 100644 --- a/crates/notary/tests-integration/Cargo.toml +++ b/crates/notary/tests-integration/Cargo.toml @@ -12,8 +12,7 @@ notary-client = { workspace = true } notary-common = { workspace = true } notary-server = { workspace = true } tls-server-fixture = { workspace = true } -tlsn-common = { workspace = true } -tlsn-prover = { workspace = true } +tlsn = { workspace = true } tlsn-tls-core = { workspace = true } tlsn-core = { workspace = true } diff --git a/crates/notary/tests-integration/tests/notary.rs b/crates/notary/tests-integration/tests/notary.rs index bf909dff2..960f9befb 100644 --- a/crates/notary/tests-integration/tests/notary.rs +++ b/crates/notary/tests-integration/tests/notary.rs @@ -17,9 +17,11 @@ use rustls::{Certificate, RootCertStore}; use std::{string::String, time::Duration}; use tls_core::verify::WebPkiVerifier; use tls_server_fixture::{bind_test_server_hyper, CA_CERT_DER, SERVER_DOMAIN}; -use tlsn_common::config::ProtocolConfig; +use tlsn::{ + config::ProtocolConfig, + prover::{Prover, ProverConfig}, +}; use tlsn_core::{request::RequestConfig, transcript::TranscriptCommitConfig, CryptoProvider}; -use tlsn_prover::{Prover, ProverConfig}; use tokio::{ io::{AsyncRead, AsyncWrite, AsyncWriteExt}, time::sleep, diff --git a/crates/tls/client/tests/api.rs b/crates/tls/client/tests/api.rs index 52d13f13d..8a0630ff9 100644 --- a/crates/tls/client/tests/api.rs +++ b/crates/tls/client/tests/api.rs @@ -119,9 +119,7 @@ async fn version_test( let client_config = make_client_config_with_versions(KeyType::Rsa, client_versions); let server_config = make_server_config_with_versions(KeyType::Rsa, server_versions); - println!( - "version {client_versions:?} {server_versions:?} -> {result:?}" - ); + println!("version {client_versions:?} {server_versions:?} -> {result:?}"); let (mut client, mut server) = make_pair_for_configs(client_config, server_config).await; diff --git a/crates/prover/Cargo.toml b/crates/tlsn/Cargo.toml similarity index 62% rename from crates/prover/Cargo.toml rename to crates/tlsn/Cargo.toml index cf8f4a78d..30e2e640a 100644 --- a/crates/prover/Cargo.toml +++ b/crates/tlsn/Cargo.toml @@ -1,12 +1,11 @@ [package] -name = "tlsn-prover" +name = "tlsn" authors = ["TLSNotary Team"] -description = "Contains the prover library" keywords = ["tls", "mpc", "2pc", "prover"] categories = ["cryptography"] license = "MIT OR Apache-2.0" version = "0.1.0-alpha.13-pre" -edition = "2021" +edition = "2024" [lints] workspace = true @@ -17,21 +16,23 @@ rayon = ["mpz-common/rayon"] force-st = ["mpz-common/force-st"] [dependencies] -tlsn-common = { workspace = true } tlsn-core = { workspace = true } tlsn-deap = { workspace = true } tlsn-tls-client = { workspace = true } tlsn-tls-client-async = { workspace = true } tlsn-tls-core = { workspace = true } tlsn-mpc-tls = { workspace = true } +tlsn-cipher = { workspace = true } serio = { workspace = true, features = ["compat"] } uid-mux = { workspace = true, features = ["serio"] } +web-spawn = { workspace = true } mpz-common = { workspace = true } mpz-core = { workspace = true } mpz-garble = { workspace = true } mpz-garble-core = { workspace = true } +mpz-hash = { workspace = true } mpz-memory-core = { workspace = true } mpz-ole = { workspace = true } mpz-ot = { workspace = true } @@ -45,5 +46,19 @@ rand = { workspace = true } rustls-pki-types = "1.12.0" thiserror = { workspace = true } tracing = { workspace = true } -web-time = { workspace = true } tokio = { workspace = true, features = ["sync"] } +serde = { workspace = true, features = ["derive"] } +ghash = { workspace = true } +semver = { workspace = true, features = ["serde"] } +once_cell = { workspace = true } +rangeset = { workspace = true } + +[dev-dependencies] +rstest = { workspace = true } +tlsn-server-fixture = { workspace = true } +tlsn-server-fixture-certs = { workspace = true } +tokio = { workspace = true, features = ["full"] } +tokio-util = { workspace = true, features = ["compat"] } +hyper = { workspace = true, features = ["client"] } +http-body-util = { workspace = true } +tracing-subscriber = { workspace = true, features = ["env-filter"] } diff --git a/crates/common/src/commit.rs b/crates/tlsn/src/commit.rs similarity index 78% rename from crates/common/src/commit.rs rename to crates/tlsn/src/commit.rs index 0c0a7fa40..fb6b1fad4 100644 --- a/crates/common/src/commit.rs +++ b/crates/tlsn/src/commit.rs @@ -1,38 +1,37 @@ //! Plaintext commitment and proof of encryption. -pub mod hash; +pub(crate) mod hash; +pub(crate) mod transcript; use mpz_core::bitvec::BitVec; -use mpz_memory_core::{binary::Binary, DecodeFutureTyped}; -use mpz_vm_core::{prelude::*, Vm}; +use mpz_memory_core::{ + DecodeFutureTyped, Vector, + binary::{Binary, U8}, +}; +use mpz_vm_core::{Vm, prelude::*}; +use tlsn_core::transcript::Record; use crate::{ - transcript::Record, - zk_aes_ctr::{ZkAesCtr, ZkAesCtrError}, Role, + zk_aes_ctr::{ZkAesCtr, ZkAesCtrError}, }; /// Commits the plaintext of the provided records, returning a proof of /// encryption. /// /// Writes the plaintext VM reference to the provided records. -pub fn commit_records<'record>( +pub(crate) fn commit_records<'record>( vm: &mut dyn Vm, aes: &mut ZkAesCtr, - records: impl IntoIterator, -) -> Result { + records: impl IntoIterator, +) -> Result<(Vec>, RecordProof), RecordProofError> { + let mut plaintexts = Vec::new(); let mut ciphertexts = Vec::new(); for record in records { - if record.plaintext_ref.is_some() { - return Err(ErrorRepr::PlaintextRefAlreadySet.into()); - } - let (plaintext_ref, ciphertext_ref) = aes .encrypt(vm, record.explicit_nonce.clone(), record.ciphertext.len()) .map_err(ErrorRepr::Aes)?; - record.plaintext_ref = Some(plaintext_ref); - if let Role::Prover = aes.role() { let Some(plaintext) = record.plaintext.clone() else { return Err(ErrorRepr::MissingPlaintext.into()); @@ -44,23 +43,25 @@ pub fn commit_records<'record>( vm.commit(plaintext_ref).map_err(RecordProofError::vm)?; let ciphertext = vm.decode(ciphertext_ref).map_err(RecordProofError::vm)?; + + plaintexts.push(plaintext_ref); ciphertexts.push((ciphertext, record.ciphertext.clone())); } - Ok(RecordProof { ciphertexts }) + Ok((plaintexts, RecordProof { ciphertexts })) } /// Proof of encryption. #[derive(Debug)] #[must_use] #[allow(clippy::type_complexity)] -pub struct RecordProof { +pub(crate) struct RecordProof { ciphertexts: Vec<(DecodeFutureTyped>, Vec)>, } impl RecordProof { /// Verifies the proof. - pub fn verify(self) -> Result<(), RecordProofError> { + pub(crate) fn verify(self) -> Result<(), RecordProofError> { let Self { ciphertexts } = self; for (mut ciphertext, expected) in ciphertexts { @@ -81,7 +82,7 @@ impl RecordProof { /// Error for [`RecordProof`]. #[derive(Debug, thiserror::Error)] #[error(transparent)] -pub struct RecordProofError(#[from] ErrorRepr); +pub(crate) struct RecordProofError(#[from] ErrorRepr); impl RecordProofError { fn vm(err: E) -> Self @@ -101,8 +102,6 @@ enum ErrorRepr { Aes(ZkAesCtrError), #[error("plaintext is missing")] MissingPlaintext, - #[error("plaintext reference is already set")] - PlaintextRefAlreadySet, #[error("ciphertext was not decoded")] NotDecoded, #[error("ciphertext does not match expected")] diff --git a/crates/common/src/commit/hash.rs b/crates/tlsn/src/commit/hash.rs similarity index 94% rename from crates/common/src/commit/hash.rs rename to crates/tlsn/src/commit/hash.rs index 25720c88b..fdfce6c2d 100644 --- a/crates/common/src/commit/hash.rs +++ b/crates/tlsn/src/commit/hash.rs @@ -5,23 +5,24 @@ use std::collections::HashMap; use mpz_core::bitvec::BitVec; use mpz_hash::sha256::Sha256; use mpz_memory_core::{ - binary::{Binary, U8}, DecodeFutureTyped, MemoryExt, Vector, + binary::{Binary, U8}, }; -use mpz_vm_core::{prelude::*, Vm, VmError}; +use mpz_vm_core::{Vm, VmError, prelude::*}; use tlsn_core::{ hash::{Blinder, Hash, HashAlgId, TypedHash}, transcript::{ - hash::{PlaintextHash, PlaintextHashSecret}, Direction, Idx, + hash::{PlaintextHash, PlaintextHashSecret}, }, }; -use crate::{transcript::TranscriptRefs, Role}; +use crate::{Role, commit::transcript::TranscriptRefs}; /// Future which will resolve to the committed hash values. #[derive(Debug)] -pub struct HashCommitFuture { + +pub(crate) struct HashCommitFuture { #[allow(clippy::type_complexity)] futs: Vec<( Direction, @@ -34,7 +35,7 @@ pub struct HashCommitFuture { impl HashCommitFuture { /// Tries to receive the value, returning an error if the value is not /// ready. - pub fn try_recv(self) -> Result, HashCommitError> { + pub(crate) fn try_recv(self) -> Result, HashCommitError> { let mut output = Vec::new(); for (direction, idx, alg, mut fut) in self.futs { let hash = fut @@ -56,7 +57,7 @@ impl HashCommitFuture { } /// Prove plaintext hash commitments. -pub fn prove_hash( +pub(crate) fn prove_hash( vm: &mut dyn Vm, refs: &TranscriptRefs, idxs: impl IntoIterator, @@ -86,7 +87,7 @@ pub fn prove_hash( } /// Verify plaintext hash commitments. -pub fn verify_hash( +pub(crate) fn verify_hash( vm: &mut dyn Vm, refs: &TranscriptRefs, idxs: impl IntoIterator, @@ -152,7 +153,7 @@ fn hash_commit_inner( /// Error type for hash commitments. #[derive(Debug, thiserror::Error)] #[error(transparent)] -pub struct HashCommitError(#[from] ErrorRepr); +pub(crate) struct HashCommitError(#[from] ErrorRepr); impl HashCommitError { fn decode() -> Self { diff --git a/crates/common/src/transcript.rs b/crates/tlsn/src/commit/transcript.rs similarity index 61% rename from crates/common/src/transcript.rs rename to crates/tlsn/src/commit/transcript.rs index 77ff89dac..e4d0b77f2 100644 --- a/crates/common/src/transcript.rs +++ b/crates/tlsn/src/commit/transcript.rs @@ -1,135 +1,36 @@ -//! TLS transcript. - use mpz_memory_core::{ - binary::{Binary, U8}, MemoryExt, Vector, + binary::{Binary, U8}, }; use mpz_vm_core::{Vm, VmError}; use rangeset::Intersection; -use tls_core::msgs::enums::{ContentType, ProtocolVersion}; -use tlsn_core::transcript::{Direction, Idx, PartialTranscript, Transcript}; - -/// A transcript of TLS records sent and received by the prover. -#[derive(Debug, Default, Clone)] -pub struct TlsTranscript { - /// Sent records. - pub sent: Vec, - /// Received records. - pub recv: Vec, -} - -impl TlsTranscript { - /// Returns the application data transcript. - pub fn to_transcript(&self) -> Result { - let mut sent = Vec::new(); - let mut recv = Vec::new(); - - for record in self - .sent - .iter() - .filter(|record| record.typ == ContentType::ApplicationData) - { - let plaintext = record - .plaintext - .as_ref() - .ok_or(ErrorRepr::IncompleteTranscript {})? - .clone(); - sent.extend_from_slice(&plaintext); - } - - for record in self - .recv - .iter() - .filter(|record| record.typ == ContentType::ApplicationData) - { - let plaintext = record - .plaintext - .as_ref() - .ok_or(ErrorRepr::IncompleteTranscript {})? - .clone(); - recv.extend_from_slice(&plaintext); - } - - Ok(Transcript::new(sent, recv)) - } - - /// Returns the application data transcript references. - pub fn to_transcript_refs(&self) -> Result { - let mut sent = Vec::new(); - let mut recv = Vec::new(); - - for record in self - .sent - .iter() - .filter(|record| record.typ == ContentType::ApplicationData) - { - let plaintext_ref = record - .plaintext_ref - .as_ref() - .ok_or(ErrorRepr::IncompleteTranscript {})?; - sent.push(*plaintext_ref); - } - - for record in self - .recv - .iter() - .filter(|record| record.typ == ContentType::ApplicationData) - { - let plaintext_ref = record - .plaintext_ref - .as_ref() - .ok_or(ErrorRepr::IncompleteTranscript {})?; - recv.push(*plaintext_ref); - } - - Ok(TranscriptRefs { sent, recv }) - } -} - -/// A TLS record. -#[derive(Clone)] -pub struct Record { - /// Sequence number. - pub seq: u64, - /// Content type. - pub typ: ContentType, - /// Plaintext. - pub plaintext: Option>, - /// VM reference to the plaintext. - pub plaintext_ref: Option>, - /// Explicit nonce. - pub explicit_nonce: Vec, - /// Ciphertext. - pub ciphertext: Vec, - /// Tag. - pub tag: Option>, - /// Version. - pub version: ProtocolVersion, -} - -opaque_debug::implement!(Record); +use tlsn_core::transcript::{Direction, Idx, PartialTranscript}; /// References to the application plaintext in the transcript. #[derive(Debug, Default, Clone)] -pub struct TranscriptRefs { +pub(crate) struct TranscriptRefs { sent: Vec>, recv: Vec>, } impl TranscriptRefs { + pub(crate) fn new(sent: Vec>, recv: Vec>) -> Self { + Self { sent, recv } + } + /// Returns the sent plaintext references. - pub fn sent(&self) -> &[Vector] { + pub(crate) fn sent(&self) -> &[Vector] { &self.sent } /// Returns the received plaintext references. - pub fn recv(&self) -> &[Vector] { + pub(crate) fn recv(&self) -> &[Vector] { &self.recv } /// Returns VM references for the given direction and index, otherwise /// `None` if the index is out of bounds. - pub fn get(&self, direction: Direction, idx: &Idx) -> Option>> { + pub(crate) fn get(&self, direction: Direction, idx: &Idx) -> Option>> { if idx.is_empty() { return Some(Vec::new()); } @@ -171,20 +72,8 @@ impl TranscriptRefs { } } -/// Error for [`TlsTranscript`]. -#[derive(Debug, thiserror::Error)] -#[error(transparent)] -pub struct TlsTranscriptError(#[from] ErrorRepr); - -#[derive(Debug, thiserror::Error)] -#[error("TLS transcript error")] -enum ErrorRepr { - #[error("not all application plaintext was committed to in the TLS transcript")] - IncompleteTranscript {}, -} - /// Decodes the transcript. -pub fn decode_transcript( +pub(crate) fn decode_transcript( vm: &mut dyn Vm, sent: &Idx, recv: &Idx, @@ -204,7 +93,7 @@ pub fn decode_transcript( } /// Verifies a partial transcript. -pub fn verify_transcript( +pub(crate) fn verify_transcript( vm: &mut dyn Vm, transcript: &PartialTranscript, refs: &TranscriptRefs, @@ -244,12 +133,12 @@ pub fn verify_transcript( /// Error for [`verify_transcript`]. #[derive(Debug, thiserror::Error)] #[error("inconsistent transcript")] -pub struct InconsistentTranscript {} +pub(crate) struct InconsistentTranscript {} #[cfg(test)] mod tests { use super::TranscriptRefs; - use mpz_memory_core::{binary::U8, FromRaw, Slice, Vector}; + use mpz_memory_core::{FromRaw, Slice, Vector, binary::U8}; use rangeset::RangeSet; use std::ops::Range; use tlsn_core::transcript::{Direction, Idx}; diff --git a/crates/common/src/config.rs b/crates/tlsn/src/config.rs similarity index 100% rename from crates/common/src/config.rs rename to crates/tlsn/src/config.rs diff --git a/crates/common/src/context.rs b/crates/tlsn/src/context.rs similarity index 80% rename from crates/common/src/context.rs rename to crates/tlsn/src/context.rs index 131b5b6c6..3716d3239 100644 --- a/crates/common/src/context.rs +++ b/crates/tlsn/src/context.rs @@ -5,10 +5,10 @@ use mpz_common::context::Multithread; use crate::mux::MuxControl; /// Maximum concurrency for multi-threaded context. -pub const MAX_CONCURRENCY: usize = 8; +pub(crate) const MAX_CONCURRENCY: usize = 8; /// Builds a multi-threaded context with the given muxer. -pub fn build_mt_context(mux: MuxControl) -> Multithread { +pub(crate) fn build_mt_context(mux: MuxControl) -> Multithread { let builder = Multithread::builder().mux(mux).concurrency(MAX_CONCURRENCY); #[cfg(target_arch = "wasm32")] diff --git a/crates/common/src/encoding.rs b/crates/tlsn/src/encoding.rs similarity index 94% rename from crates/common/src/encoding.rs rename to crates/tlsn/src/encoding.rs index 276609e37..7ab71655d 100644 --- a/crates/common/src/encoding.rs +++ b/crates/tlsn/src/encoding.rs @@ -4,25 +4,25 @@ use std::ops::Range; use mpz_common::Context; use mpz_memory_core::{ + Vector, binary::U8, correlated::{Delta, Key, Mac}, - Vector, }; use rand::Rng; use serde::{Deserialize, Serialize}; -use serio::{stream::IoStreamExt, SinkExt}; +use serio::{SinkExt, stream::IoStreamExt}; use tlsn_core::{ hash::HashAlgorithm, transcript::{ - encoding::{ - new_encoder, Encoder, EncoderSecret, EncodingCommitment, EncodingProvider, - EncodingProviderError, EncodingTree, EncodingTreeError, - }, Direction, Idx, + encoding::{ + Encoder, EncoderSecret, EncodingCommitment, EncodingProvider, EncodingProviderError, + EncodingTree, EncodingTreeError, new_encoder, + }, }, }; -use crate::transcript::TranscriptRefs; +use crate::commit::transcript::TranscriptRefs; /// Bytes of encoding, per byte. const ENCODING_SIZE: usize = 128; @@ -36,7 +36,7 @@ struct Encodings { /// Transfers the encodings using the provided seed and keys. /// /// The keys must be consistent with the global delta used in the encodings. -pub async fn transfer<'a>( +pub(crate) async fn transfer<'a>( ctx: &mut Context, refs: &TranscriptRefs, delta: &Delta, @@ -107,7 +107,7 @@ pub async fn transfer<'a>( /// Receives the encodings using the provided MACs. /// /// The MACs must be consistent with the global delta used in the encodings. -pub async fn receive<'a>( +pub(crate) async fn receive<'a>( ctx: &mut Context, hasher: &(dyn HashAlgorithm + Send + Sync), refs: &TranscriptRefs, diff --git a/crates/common/src/ghash.rs b/crates/tlsn/src/ghash.rs similarity index 87% rename from crates/common/src/ghash.rs rename to crates/tlsn/src/ghash.rs index 849aa05f2..965097506 100644 --- a/crates/common/src/ghash.rs +++ b/crates/tlsn/src/ghash.rs @@ -3,12 +3,12 @@ // This module belongs in tls/core. It was moved out here temporarily. use ghash::{ - universal_hash::{KeyInit, UniversalHash as UniversalHashReference}, GHash, + universal_hash::{KeyInit, UniversalHash as UniversalHashReference}, }; /// Computes a GHASH tag. -pub fn ghash(aad: &[u8], ciphertext: &[u8], key: &[u8; 16]) -> [u8; 16] { +pub(crate) fn ghash(aad: &[u8], ciphertext: &[u8], key: &[u8; 16]) -> [u8; 16] { let mut ghash = GHash::new(key.into()); ghash.update_padded(&build_ghash_data(aad.to_vec(), ciphertext.to_owned())); let out = ghash.finalize(); @@ -16,7 +16,7 @@ pub fn ghash(aad: &[u8], ciphertext: &[u8], key: &[u8; 16]) -> [u8; 16] { } /// Builds padded data for GHASH. -pub fn build_ghash_data(mut aad: Vec, mut ciphertext: Vec) -> Vec { +pub(crate) fn build_ghash_data(mut aad: Vec, mut ciphertext: Vec) -> Vec { let associated_data_bitlen = (aad.len() as u64) * 8; let text_bitlen = (ciphertext.len() as u64) * 8; diff --git a/crates/tlsn/src/lib.rs b/crates/tlsn/src/lib.rs new file mode 100644 index 000000000..3524f083b --- /dev/null +++ b/crates/tlsn/src/lib.rs @@ -0,0 +1,30 @@ +//! TLSNotary library. + +#![deny(missing_docs, unreachable_pub, unused_must_use)] +#![deny(clippy::all)] +#![forbid(unsafe_code)] + +pub(crate) mod commit; +pub mod config; +pub(crate) mod context; +pub(crate) mod encoding; +pub(crate) mod ghash; +pub(crate) mod msg; +pub(crate) mod mux; +pub mod prover; +pub(crate) mod tag; +pub mod verifier; +pub(crate) mod zk_aes_ctr; + +pub use tlsn_core::{attestation, connection, hash, presentation, transcript}; + +/// The party's role in the TLSN protocol. +/// +/// A Notary is classified as a Verifier. +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub(crate) enum Role { + /// The prover. + Prover, + /// The verifier. + Verifier, +} diff --git a/crates/common/src/msg.rs b/crates/tlsn/src/msg.rs similarity index 89% rename from crates/common/src/msg.rs rename to crates/tlsn/src/msg.rs index 912b0b4f0..3dce3c32f 100644 --- a/crates/common/src/msg.rs +++ b/crates/tlsn/src/msg.rs @@ -6,7 +6,7 @@ use tlsn_core::connection::{ServerCertData, ServerName}; /// Message sent from Prover to Verifier to prove the server identity. #[derive(Debug, Serialize, Deserialize)] -pub struct ServerIdentityProof { +pub(crate) struct ServerIdentityProof { /// Server name. pub name: ServerName, /// Server identity data. diff --git a/crates/common/src/mux.rs b/crates/tlsn/src/mux.rs similarity index 87% rename from crates/common/src/mux.rs rename to crates/tlsn/src/mux.rs index 8541190fa..1df078a4e 100644 --- a/crates/common/src/mux.rs +++ b/crates/tlsn/src/mux.rs @@ -3,8 +3,8 @@ use std::future::IntoFuture; use futures::{ - future::{FusedFuture, FutureExt}, AsyncRead, AsyncWrite, Future, + future::{FusedFuture, FutureExt}, }; use tracing::error; use uid_mux::yamux; @@ -12,23 +12,23 @@ use uid_mux::yamux; use crate::Role; /// Multiplexer supporting unique deterministic stream IDs. -pub type Mux = yamux::Yamux; +pub(crate) type Mux = yamux::Yamux; /// Multiplexer controller providing streams. -pub type MuxControl = yamux::YamuxCtrl; +pub(crate) type MuxControl = yamux::YamuxCtrl; /// Multiplexer future which must be polled for the muxer to make progress. -pub struct MuxFuture( +pub(crate) struct MuxFuture( Box> + Send + Unpin>, ); impl MuxFuture { /// Returns true if the muxer is complete. - pub fn is_complete(&self) -> bool { + pub(crate) fn is_complete(&self) -> bool { self.0.is_terminated() } /// Awaits a future, polling the muxer future concurrently. - pub async fn poll_with(&mut self, fut: F) -> R + pub(crate) async fn poll_with(&mut self, fut: F) -> R where F: Future, { @@ -67,7 +67,7 @@ impl Future for MuxFuture { /// /// * `socket` - The socket to attach the multiplexer to. /// * `role` - The role of the party using the multiplexer. -pub fn attach_mux( +pub(crate) fn attach_mux( socket: T, role: Role, ) -> (MuxFuture, MuxControl) { diff --git a/crates/prover/src/lib.rs b/crates/tlsn/src/prover.rs similarity index 79% rename from crates/prover/src/lib.rs rename to crates/tlsn/src/prover.rs index 68335c337..b07f5128a 100644 --- a/crates/prover/src/lib.rs +++ b/crates/tlsn/src/prover.rs @@ -1,8 +1,4 @@ -//! TLSNotary prover library. - -#![deny(missing_docs, unreachable_pub, unused_must_use)] -#![deny(clippy::all)] -#![forbid(unsafe_code)] +//! Prover. mod config; mod error; @@ -19,38 +15,39 @@ use mpz_core::Block; use mpz_garble_core::Delta; use mpz_vm_core::prelude::*; -use futures::{AsyncRead, AsyncWrite, TryFutureExt}; -use mpc_tls::{LeaderCtrl, MpcTlsLeader, SessionKeys}; -use rand::Rng; -use serio::{stream::IoStreamExt, SinkExt}; -use std::sync::Arc; -use tls_client::{ClientConnection, ServerName as TlsServerName}; -use tls_client_async::{bind_client, TlsConnection}; -use tls_core::msgs::enums::ContentType; -use tlsn_common::{ - commit::{commit_records, hash::prove_hash}, +use crate::{ + Role, + commit::{ + commit_records, + hash::prove_hash, + transcript::{TranscriptRefs, decode_transcript}, + }, context::build_mt_context, encoding, mux::attach_mux, tag::verify_tags, - transcript::{decode_transcript, Record, TlsTranscript}, zk_aes_ctr::ZkAesCtr, - Role, }; + +use futures::{AsyncRead, AsyncWrite, TryFutureExt}; +use mpc_tls::{LeaderCtrl, MpcTlsLeader, SessionKeys}; +use rand::Rng; +use serio::{SinkExt, stream::IoStreamExt}; +use std::sync::Arc; +use tls_client::{ClientConnection, ServerName as TlsServerName}; +use tls_client_async::{TlsConnection, bind_client}; +use tls_core::msgs::enums::ContentType; use tlsn_core::{ - attestation::Attestation, - connection::{ - ConnectionInfo, HandshakeData, HandshakeDataV1_2, ServerCertData, ServerSignature, - TranscriptLength, - }, - request::{Request, RequestConfig}, - transcript::{Direction, Transcript, TranscriptCommitment, TranscriptSecret}, ProvePayload, Secrets, + attestation::Attestation, + connection::ServerCertData, + request::{Request, RequestConfig}, + transcript::{Direction, TlsTranscript, Transcript, TranscriptCommitment, TranscriptSecret}, }; use tlsn_deap::Deap; use tokio::sync::Mutex; -use tracing::{debug, info, info_span, instrument, Instrument, Span}; +use tracing::{Instrument, Span, debug, info, info_span, instrument}; pub(crate) type RCOTSender = mpz_ot::rcot::shared::SharedRCOTSender< mpz_ot::kos::Sender, @@ -114,16 +111,26 @@ impl Prover { // Allocate resources for MPC-TLS in the VM. let mut keys = mpc_tls.alloc()?; - translate_keys(&mut keys, &vm.try_lock().expect("VM is not locked"))?; + let vm_lock = vm.try_lock().expect("VM is not locked"); + translate_keys(&mut keys, &vm_lock)?; // Allocate for committing to plaintext. - let mut zk_aes_ctr = ZkAesCtr::new(Role::Prover); - zk_aes_ctr.set_key(keys.server_write_key, keys.server_write_iv); - zk_aes_ctr.alloc( - &mut (*vm.try_lock().expect("VM is not locked").zk()), + let mut zk_aes_ctr_sent = ZkAesCtr::new(Role::Prover); + zk_aes_ctr_sent.set_key(keys.client_write_key, keys.client_write_iv); + zk_aes_ctr_sent.alloc( + &mut *vm_lock.zk(), + self.config.protocol_config().max_sent_data(), + )?; + + let mut zk_aes_ctr_recv = ZkAesCtr::new(Role::Prover); + zk_aes_ctr_recv.set_key(keys.server_write_key, keys.server_write_iv); + zk_aes_ctr_recv.alloc( + &mut *vm_lock.zk(), self.config.protocol_config().max_recv_data(), )?; + drop(vm_lock); + debug!("setting up mpc-tls"); mux_fut.poll_with(mpc_tls.preprocess()).await?; @@ -137,7 +144,8 @@ impl Prover { mux_ctrl, mux_fut, mpc_tls, - zk_aes_ctr, + zk_aes_ctr_sent, + zk_aes_ctr_recv, keys, vm, }, @@ -163,7 +171,8 @@ impl Prover { mux_ctrl, mut mux_fut, mpc_tls, - mut zk_aes_ctr, + mut zk_aes_ctr_sent, + mut zk_aes_ctr_recv, keys, vm, .. @@ -197,11 +206,6 @@ impl Prover { let (conn, conn_fut) = bind_client(socket, client); - let start_time = web_time::UNIX_EPOCH - .elapsed() - .expect("system time is available") - .as_secs(); - let fut = Box::pin({ let span = self.span.clone(); let mpc_ctrl = mpc_ctrl.clone(); @@ -218,7 +222,7 @@ impl Prover { info!("starting MPC-TLS"); - let (_, (mut ctx, mut data, ..)) = futures::try_join!( + let (_, (mut ctx, tls_transcript)) = futures::try_join!( conn_fut, mpc_fut.in_current_span().map_err(ProverError::from) )?; @@ -228,8 +232,6 @@ impl Prover { { let mut vm = vm.try_lock().expect("VM should not be locked"); - translate_transcript(&mut data.transcript, &vm)?; - debug!("finalizing mpc"); // Finalize DEAP. @@ -251,20 +253,31 @@ impl Prover { // The prover drops the proof output. let _ = verify_tags( &mut vm, - (data.keys.server_write_key, data.keys.server_write_iv), - data.keys.server_write_mac_key, - data.transcript.recv.clone(), + (keys.server_write_key, keys.server_write_iv), + keys.server_write_mac_key, + *tls_transcript.version(), + tls_transcript.recv().to_vec(), ) .map_err(ProverError::zk)?; // Prove received plaintext. Prover drops the proof output, as // they trust themselves. - _ = commit_records( + let (sent_refs, _) = commit_records( &mut vm, - &mut zk_aes_ctr, - data.transcript - .recv - .iter_mut() + &mut zk_aes_ctr_sent, + tls_transcript + .sent() + .iter() + .filter(|record| record.typ == ContentType::ApplicationData), + ) + .map_err(ProverError::zk)?; + + let (recv_refs, _) = commit_records( + &mut vm, + &mut zk_aes_ctr_recv, + tls_transcript + .recv() + .iter() .filter(|record| record.typ == ContentType::ApplicationData), ) .map_err(ProverError::zk)?; @@ -273,51 +286,10 @@ impl Prover { .poll_with(vm.execute_all(&mut ctx).map_err(ProverError::zk)) .await?; - let transcript = data - .transcript + let transcript = tls_transcript .to_transcript() .expect("transcript is complete"); - let transcript_refs = data - .transcript - .to_transcript_refs() - .expect("transcript is complete"); - - let connection_info = ConnectionInfo { - time: start_time, - version: data - .protocol_version - .try_into() - .expect("only supported version should have been accepted"), - transcript_length: TranscriptLength { - sent: transcript.sent().len() as u32, - received: transcript.received().len() as u32, - }, - }; - - let server_cert_data = - ServerCertData { - certs: data - .server_cert_details - .cert_chain() - .iter() - .cloned() - .map(|c| c.into()) - .collect(), - sig: ServerSignature { - scheme: data.server_kx_details.kx_sig().scheme.try_into().expect( - "only supported signature scheme should have been accepted", - ), - sig: data.server_kx_details.kx_sig().sig.0.clone(), - }, - handshake: HandshakeData::V1_2(HandshakeDataV1_2 { - client_random: data.client_random.0, - server_random: data.server_random.0, - server_ephemeral_key: data - .server_key - .try_into() - .expect("only supported key scheme should have been accepted"), - }), - }; + let transcript_refs = TranscriptRefs::new(sent_refs, recv_refs); Ok(Prover { config: self.config, @@ -326,10 +298,8 @@ impl Prover { mux_ctrl, mux_fut, ctx, - _keys: keys, vm, - connection_info, - server_cert_data, + tls_transcript, transcript, transcript_refs, }, @@ -349,9 +319,9 @@ impl Prover { } impl Prover { - /// Returns the connection information. - pub fn connection_info(&self) -> &ConnectionInfo { - &self.state.connection_info + /// Returns the TLS transcript. + pub fn tls_transcript(&self) -> &TlsTranscript { + &self.state.tls_transcript } /// Returns the transcript. @@ -370,7 +340,7 @@ impl Prover { mux_fut, ctx, vm, - server_cert_data, + tls_transcript, transcript_refs, .. } = &mut self.state; @@ -381,9 +351,22 @@ impl Prover { }; let payload = ProvePayload { - server_identity: config - .server_identity() - .then(|| (self.config.server_name().clone(), server_cert_data.clone())), + server_identity: config.server_identity().then(|| { + ( + self.config.server_name().clone(), + ServerCertData { + certs: tls_transcript + .server_cert_chain() + .expect("server cert chain is present") + .to_vec(), + sig: tls_transcript + .server_signature() + .expect("server signature is present") + .clone(), + handshake: tls_transcript.handshake_data().clone(), + }, + ) + }), transcript: config.transcript().cloned(), transcript_commit: config.transcript_commit().map(|config| config.to_request()), }; @@ -514,7 +497,7 @@ impl Prover { let state::Committed { mux_fut, ctx, - server_cert_data, + tls_transcript, transcript, .. } = &mut self.state; @@ -523,7 +506,17 @@ impl Prover { builder .server_name(self.config.server_name().clone()) - .server_cert_data(server_cert_data.clone()) + .server_cert_data(ServerCertData { + certs: tls_transcript + .server_cert_chain() + .expect("server cert chain is present") + .to_vec(), + sig: tls_transcript + .server_signature() + .expect("server signature is present") + .clone(), + handshake: tls_transcript.handshake_data().clone(), + }) .transcript(transcript.clone()) .transcript_commitments(transcript_secrets, transcript_commitments); @@ -661,18 +654,3 @@ fn translate_keys(keys: &mut SessionKeys, vm: &Deap) -> Result Ok(()) } - -/// Translates VM references to the ZK address space. -fn translate_transcript( - transcript: &mut TlsTranscript, - vm: &Deap, -) -> Result<(), ProverError> { - for Record { plaintext_ref, .. } in transcript.sent.iter_mut().chain(transcript.recv.iter_mut()) - { - if let Some(plaintext_ref) = plaintext_ref.as_mut() { - *plaintext_ref = vm.translate(*plaintext_ref).map_err(ProverError::mpc)?; - } - } - - Ok(()) -} diff --git a/crates/prover/src/config.rs b/crates/tlsn/src/prover/config.rs similarity index 96% rename from crates/prover/src/config.rs rename to crates/tlsn/src/prover/config.rs index e108ec16f..56400eb20 100644 --- a/crates/prover/src/config.rs +++ b/crates/tlsn/src/prover/config.rs @@ -1,11 +1,11 @@ use std::sync::Arc; +use crate::config::{NetworkSetting, ProtocolConfig}; use derive_builder::UninitializedFieldError; use mpc_tls::Config; -use rustls_pki_types::{pem::PemObject, CertificateDer, PrivatePkcs1KeyDer, PrivatePkcs8KeyDer}; +use rustls_pki_types::{CertificateDer, PrivatePkcs1KeyDer, PrivatePkcs8KeyDer, pem::PemObject}; use tls_core::key; -use tlsn_common::config::{NetworkSetting, ProtocolConfig}; -use tlsn_core::{connection::ServerName, CryptoProvider}; +use tlsn_core::{CryptoProvider, connection::ServerName}; /// Configuration for the prover. #[derive(Debug, Clone, derive_builder::Builder)] diff --git a/crates/prover/src/error.rs b/crates/tlsn/src/prover/error.rs similarity index 97% rename from crates/prover/src/error.rs rename to crates/tlsn/src/prover/error.rs index 6d911a6e5..8f258c05a 100644 --- a/crates/prover/src/error.rs +++ b/crates/tlsn/src/prover/error.rs @@ -1,6 +1,8 @@ -use mpc_tls::MpcTlsError; use std::{error::Error, fmt}; -use tlsn_common::{encoding::EncodingError, zk_aes_ctr::ZkAesCtrError}; + +use mpc_tls::MpcTlsError; + +use crate::{encoding::EncodingError, zk_aes_ctr::ZkAesCtrError}; /// Error for [`Prover`](crate::Prover). #[derive(Debug, thiserror::Error)] diff --git a/crates/prover/src/future.rs b/crates/tlsn/src/prover/future.rs similarity index 93% rename from crates/prover/src/future.rs rename to crates/tlsn/src/prover/future.rs index 11e6a3111..0c6937a5d 100644 --- a/crates/prover/src/future.rs +++ b/crates/tlsn/src/prover/future.rs @@ -1,6 +1,6 @@ //! This module collects futures which are used by the [Prover]. -use super::{state, Prover, ProverControl, ProverError}; +use super::{Prover, ProverControl, ProverError, state}; use futures::Future; use std::pin::Pin; diff --git a/crates/prover/src/state.rs b/crates/tlsn/src/prover/state.rs similarity index 78% rename from crates/prover/src/state.rs rename to crates/tlsn/src/prover/state.rs index ca31da6be..0c4512a86 100644 --- a/crates/prover/src/state.rs +++ b/crates/tlsn/src/prover/state.rs @@ -2,22 +2,18 @@ use std::sync::Arc; -use mpz_common::Context; - use mpc_tls::{MpcTlsLeader, SessionKeys}; -use tlsn_common::{ - mux::{MuxControl, MuxFuture}, - transcript::TranscriptRefs, - zk_aes_ctr::ZkAesCtr, -}; -use tlsn_core::{ - connection::{ConnectionInfo, ServerCertData}, - transcript::Transcript, -}; +use mpz_common::Context; +use tlsn_core::transcript::{TlsTranscript, Transcript}; use tlsn_deap::Deap; use tokio::sync::Mutex; -use crate::{Mpc, Zk}; +use crate::{ + commit::transcript::TranscriptRefs, + mux::{MuxControl, MuxFuture}, + prover::{Mpc, Zk}, + zk_aes_ctr::ZkAesCtr, +}; /// Entry state pub struct Initialized; @@ -29,7 +25,8 @@ pub struct Setup { pub(crate) mux_ctrl: MuxControl, pub(crate) mux_fut: MuxFuture, pub(crate) mpc_tls: MpcTlsLeader, - pub(crate) zk_aes_ctr: ZkAesCtr, + pub(crate) zk_aes_ctr_sent: ZkAesCtr, + pub(crate) zk_aes_ctr_recv: ZkAesCtr, pub(crate) keys: SessionKeys, pub(crate) vm: Arc>>, } @@ -41,10 +38,8 @@ pub struct Committed { pub(crate) mux_ctrl: MuxControl, pub(crate) mux_fut: MuxFuture, pub(crate) ctx: Context, - pub(crate) _keys: SessionKeys, pub(crate) vm: Zk, - pub(crate) connection_info: ConnectionInfo, - pub(crate) server_cert_data: ServerCertData, + pub(crate) tls_transcript: TlsTranscript, pub(crate) transcript: Transcript, pub(crate) transcript_refs: TranscriptRefs, } diff --git a/crates/common/src/tag.rs b/crates/tlsn/src/tag.rs similarity index 84% rename from crates/common/src/tag.rs rename to crates/tlsn/src/tag.rs index e5a851c3a..a705b9a47 100644 --- a/crates/common/src/tag.rs +++ b/crates/tlsn/src/tag.rs @@ -1,14 +1,17 @@ //! TLS record tag verification. -use crate::{ghash::ghash, transcript::Record}; -use cipher::{aes::Aes128, Cipher}; +use crate::ghash::ghash; + +use cipher::{Cipher, aes::Aes128}; use mpz_core::bitvec::BitVec; use mpz_memory_core::{ - binary::{Binary, U8}, DecodeFutureTyped, + binary::{Binary, U8}, }; -use mpz_vm_core::{prelude::*, Vm}; +use mpz_vm_core::{Vm, prelude::*}; +use tls_client::ProtocolVersion; use tls_core::cipher::make_tls12_aad; +use tlsn_core::{connection::TlsVersion, transcript::Record}; /// Proves the verification of tags of the given `records`, /// returning a proof. @@ -18,11 +21,13 @@ use tls_core::cipher::make_tls12_aad; /// * `vm` - Virtual machine. /// * `key_iv` - Cipher key and IV. /// * `mac_key` - MAC key. +/// * `tls_version` - TLS protocol version. /// * `records` - Records for which the verification is to be proven. -pub fn verify_tags( +pub(crate) fn verify_tags( vm: &mut dyn Vm, key_iv: (Array, Array), mac_key: Array, + tls_version: TlsVersion, records: Vec, ) -> Result { let mut aes = Aes128::default(); @@ -62,6 +67,7 @@ pub fn verify_tags( let mac_key = vm.decode(mac_key).map_err(TagProofError::vm)?; Ok(TagProof { + tls_version, j0s, records, mac_key, @@ -71,7 +77,8 @@ pub fn verify_tags( /// Proof of tag verification. #[derive(Debug)] #[must_use] -pub struct TagProof { +pub(crate) struct TagProof { + tls_version: TlsVersion, /// The j0 block for each record. j0s: Vec>, records: Vec, @@ -81,8 +88,9 @@ pub struct TagProof { impl TagProof { /// Verifies the proof. - pub fn verify(self) -> Result<(), TagProofError> { + pub(crate) fn verify(self) -> Result<(), TagProofError> { let Self { + tls_version, j0s, mut mac_key, records, @@ -93,13 +101,18 @@ impl TagProof { .map_err(TagProofError::vm)? .ok_or_else(|| ErrorRepr::NotDecoded)?; + let vers = match tls_version { + TlsVersion::V1_2 => ProtocolVersion::TLSv1_2, + TlsVersion::V1_3 => ProtocolVersion::TLSv1_3, + }; + for (mut j0, rec) in j0s.into_iter().zip(records) { let j0 = j0 .try_recv() .map_err(TagProofError::vm)? .ok_or_else(|| ErrorRepr::NotDecoded)?; - let aad = make_tls12_aad(rec.seq, rec.typ, rec.version, rec.ciphertext.len()); + let aad = make_tls12_aad(rec.seq, rec.typ, vers, rec.ciphertext.len()); let ghash_tag = ghash(aad.as_ref(), &rec.ciphertext, &mac_key); @@ -130,7 +143,7 @@ impl TagProof { /// Error for [`J0Proof`]. #[derive(Debug, thiserror::Error)] #[error(transparent)] -pub struct TagProofError(#[from] ErrorRepr); +pub(crate) struct TagProofError(#[from] ErrorRepr); impl TagProofError { fn vm(err: E) -> Self diff --git a/crates/verifier/src/lib.rs b/crates/tlsn/src/verifier.rs similarity index 78% rename from crates/verifier/src/lib.rs rename to crates/tlsn/src/verifier.rs index fe3e37195..9cc479188 100644 --- a/crates/verifier/src/lib.rs +++ b/crates/tlsn/src/verifier.rs @@ -1,8 +1,4 @@ -//! TLSNotary verifier library. - -#![deny(missing_docs, unreachable_pub, unused_must_use)] -#![deny(clippy::all)] -#![forbid(unsafe_code)] +//! Verifier. pub(crate) mod config; mod error; @@ -14,37 +10,39 @@ pub use config::{VerifierConfig, VerifierConfigBuilder, VerifierConfigBuilderErr pub use error::VerifierError; pub use tlsn_core::{VerifierOutput, VerifyConfig, VerifyConfigBuilder, VerifyConfigBuilderError}; -use futures::{AsyncRead, AsyncWrite, TryFutureExt}; -use mpc_tls::{FollowerData, MpcTlsFollower, SessionKeys}; -use mpz_common::Context; -use mpz_core::Block; -use mpz_garble_core::Delta; -use mpz_vm_core::prelude::*; -use serio::{stream::IoStreamExt, SinkExt}; -use tls_core::msgs::enums::ContentType; -use tlsn_common::{ - commit::{commit_records, hash::verify_hash}, +use crate::{ + Role, + commit::{ + commit_records, + hash::verify_hash, + transcript::{TranscriptRefs, decode_transcript, verify_transcript}, + }, config::ProtocolConfig, context::build_mt_context, encoding, mux::attach_mux, tag::verify_tags, - transcript::{decode_transcript, verify_transcript, Record, TlsTranscript}, zk_aes_ctr::ZkAesCtr, - Role, }; +use futures::{AsyncRead, AsyncWrite, TryFutureExt}; +use mpc_tls::{MpcTlsFollower, SessionKeys}; +use mpz_common::Context; +use mpz_core::Block; +use mpz_garble_core::Delta; +use mpz_vm_core::prelude::*; +use serio::{SinkExt, stream::IoStreamExt}; +use tls_core::msgs::enums::ContentType; use tlsn_core::{ - attestation::{Attestation, AttestationConfig}, - connection::{ConnectionInfo, ServerName, TlsVersion, TranscriptLength}, - request::Request, - transcript::TranscriptCommitment, ProvePayload, + attestation::{Attestation, AttestationConfig}, + connection::{ConnectionInfo, ServerName, TranscriptLength}, + request::Request, + transcript::{TlsTranscript, TranscriptCommitment}, }; use tlsn_deap::Deap; use tokio::sync::Mutex; -use web_time::{SystemTime, UNIX_EPOCH}; -use tracing::{debug, info, info_span, instrument, Span}; +use tracing::{Span, debug, info, info_span, instrument}; pub(crate) type RCOTSender = mpz_ot::rcot::shared::SharedRCOTSender< mpz_ot::ferret::Sender>, @@ -117,17 +115,21 @@ impl Verifier { let delta = Delta::random(&mut rand::rng()); let (vm, mut mpc_tls) = build_mpc_tls(&self.config, &protocol_config, delta, ctx); - // Allocate resources for MPC-TLS in VM. + // Allocate resources for MPC-TLS in the VM. let mut keys = mpc_tls.alloc()?; - translate_keys(&mut keys, &vm.try_lock().expect("VM is not locked"))?; + let vm_lock = vm.try_lock().expect("VM is not locked"); + translate_keys(&mut keys, &vm_lock)?; // Allocate for committing to plaintext. - let mut zk_aes_ctr = ZkAesCtr::new(Role::Verifier); - zk_aes_ctr.set_key(keys.server_write_key, keys.server_write_iv); - zk_aes_ctr.alloc( - &mut (*vm.try_lock().expect("VM is not locked").zk()), - protocol_config.max_recv_data(), - )?; + let mut zk_aes_ctr_sent = ZkAesCtr::new(Role::Verifier); + zk_aes_ctr_sent.set_key(keys.client_write_key, keys.client_write_iv); + zk_aes_ctr_sent.alloc(&mut *vm_lock.zk(), protocol_config.max_sent_data())?; + + let mut zk_aes_ctr_recv = ZkAesCtr::new(Role::Verifier); + zk_aes_ctr_recv.set_key(keys.server_write_key, keys.server_write_iv); + zk_aes_ctr_recv.alloc(&mut *vm_lock.zk(), protocol_config.max_recv_data())?; + + drop(vm_lock); debug!("setting up mpc-tls"); @@ -143,8 +145,9 @@ impl Verifier { mux_fut, delta, mpc_tls, - zk_aes_ctr, - _keys: keys, + zk_aes_ctr_sent, + zk_aes_ctr_recv, + keys, vm, }, }) @@ -211,35 +214,21 @@ impl Verifier { mut mux_fut, delta, mpc_tls, - mut zk_aes_ctr, + mut zk_aes_ctr_sent, + mut zk_aes_ctr_recv, vm, - .. + keys, } = self.state; - let start_time = SystemTime::now() - .duration_since(UNIX_EPOCH) - .expect("system time should be available") - .as_secs(); - info!("starting MPC-TLS"); - let ( - mut ctx, - FollowerData { - server_key, - mut transcript, - keys, - .. - }, - ) = mux_fut.poll_with(mpc_tls.run()).await?; + let (mut ctx, tls_transcript) = mux_fut.poll_with(mpc_tls.run()).await?; info!("finished MPC-TLS"); { let mut vm = vm.try_lock().expect("VM should not be locked"); - translate_transcript(&mut transcript, &vm)?; - debug!("finalizing mpc"); mux_fut @@ -262,17 +251,28 @@ impl Verifier { &mut vm, (keys.server_write_key, keys.server_write_iv), keys.server_write_mac_key, - transcript.recv.clone(), + *tls_transcript.version(), + tls_transcript.recv().to_vec(), ) .map_err(VerifierError::zk)?; // Prepare for the prover to prove received plaintext. - let proof = commit_records( + let (sent_refs, sent_proof) = commit_records( &mut vm, - &mut zk_aes_ctr, - transcript - .recv - .iter_mut() + &mut zk_aes_ctr_sent, + tls_transcript + .sent() + .iter() + .filter(|record| record.typ == ContentType::ApplicationData), + ) + .map_err(VerifierError::zk)?; + + let (recv_refs, recv_proof) = commit_records( + &mut vm, + &mut zk_aes_ctr_recv, + tls_transcript + .recv() + .iter() .filter(|record| record.typ == ContentType::ApplicationData), ) .map_err(VerifierError::zk)?; @@ -287,30 +287,10 @@ impl Verifier { tag_proof.verify().map_err(VerifierError::zk)?; // Verify the plaintext proofs. - proof.verify().map_err(VerifierError::zk)?; + sent_proof.verify().map_err(VerifierError::zk)?; + recv_proof.verify().map_err(VerifierError::zk)?; - let sent = transcript - .sent - .iter() - .filter(|record| record.typ == ContentType::ApplicationData) - .map(|record| record.ciphertext.len()) - .sum::() as u32; - let received = transcript - .recv - .iter() - .filter(|record| record.typ == ContentType::ApplicationData) - .map(|record| record.ciphertext.len()) - .sum::() as u32; - - let transcript_refs = transcript - .to_transcript_refs() - .expect("transcript should be complete"); - - let connection_info = ConnectionInfo { - time: start_time, - version: TlsVersion::V1_2, - transcript_length: TranscriptLength { sent, received }, - }; + let transcript_refs = TranscriptRefs::new(sent_refs, recv_refs); Ok(Verifier { config: self.config, @@ -321,10 +301,7 @@ impl Verifier { delta, ctx, vm, - server_ephemeral_key: server_key - .try_into() - .expect("only supported key type should have been accepted"), - connection_info, + tls_transcript, transcript_refs, }, }) @@ -332,9 +309,9 @@ impl Verifier { } impl Verifier { - /// Returns the connection information. - pub fn connection_info(&self) -> &ConnectionInfo { - &self.state.connection_info + /// Returns the TLS transcript. + pub fn tls_transcript(&self) -> &TlsTranscript { + &self.state.tls_transcript } /// Verifies information from the prover. @@ -352,8 +329,7 @@ impl Verifier { ctx, delta, vm, - connection_info, - server_ephemeral_key, + tls_transcript, transcript_refs, .. } = &mut self.state; @@ -370,8 +346,8 @@ impl Verifier { cert_data .verify_with_provider( self.config.crypto_provider(), - connection_info.time, - server_ephemeral_key, + tls_transcript.time(), + tls_transcript.server_ephemeral_key(), &name, ) .map_err(VerifierError::verify)?; @@ -382,10 +358,33 @@ impl Verifier { }; if let Some(partial_transcript) = &transcript { + let sent_len = tls_transcript + .sent() + .iter() + .filter_map(|record| { + if let ContentType::ApplicationData = record.typ { + Some(record.ciphertext.len()) + } else { + None + } + }) + .sum::(); + + let recv_len = tls_transcript + .recv() + .iter() + .filter_map(|record| { + if let ContentType::ApplicationData = record.typ { + Some(record.ciphertext.len()) + } else { + None + } + }) + .sum::(); + // Check ranges. - if partial_transcript.len_sent() != connection_info.transcript_length.sent as usize - || partial_transcript.len_received() - != connection_info.transcript_length.received as usize + if partial_transcript.len_sent() != sent_len + || partial_transcript.len_received() != recv_len { return Err(VerifierError::verify( "prover sent transcript with incorrect length", @@ -480,11 +479,34 @@ impl Verifier { let state::Committed { mux_fut, ctx, - server_ephemeral_key, - connection_info, + tls_transcript, .. } = &mut self.state; + let sent_len = tls_transcript + .sent() + .iter() + .filter_map(|record| { + if let ContentType::ApplicationData = record.typ { + Some(record.ciphertext.len()) + } else { + None + } + }) + .sum::(); + + let recv_len = tls_transcript + .recv() + .iter() + .filter_map(|record| { + if let ContentType::ApplicationData = record.typ { + Some(record.ciphertext.len()) + } else { + None + } + }) + .sum::(); + let request: Request = mux_fut .poll_with(ctx.io_mut().expect_next().map_err(VerifierError::from)) .await?; @@ -494,8 +516,15 @@ impl Verifier { .map_err(VerifierError::attestation)?; builder - .connection_info(connection_info.clone()) - .server_ephemeral_key(server_ephemeral_key.clone()) + .connection_info(ConnectionInfo { + time: tls_transcript.time(), + version: (*tls_transcript.version()), + transcript_length: TranscriptLength { + sent: sent_len as u32, + received: recv_len as u32, + }, + }) + .server_ephemeral_key(tls_transcript.server_ephemeral_key().clone()) .transcript_commitments(transcript_commitments); let attestation = builder @@ -602,18 +631,3 @@ fn translate_keys( Ok(()) } - -/// Translates VM references to the ZK address space. -fn translate_transcript( - transcript: &mut TlsTranscript, - vm: &Deap, -) -> Result<(), VerifierError> { - for Record { plaintext_ref, .. } in transcript.sent.iter_mut().chain(transcript.recv.iter_mut()) - { - if let Some(plaintext_ref) = plaintext_ref.as_mut() { - *plaintext_ref = vm.translate(*plaintext_ref).map_err(VerifierError::mpc)?; - } - } - - Ok(()) -} diff --git a/crates/verifier/src/config.rs b/crates/tlsn/src/verifier/config.rs similarity index 95% rename from crates/verifier/src/config.rs rename to crates/tlsn/src/verifier/config.rs index 8602a2c39..7ff24116f 100644 --- a/crates/verifier/src/config.rs +++ b/crates/tlsn/src/verifier/config.rs @@ -3,8 +3,8 @@ use std::{ sync::Arc, }; +use crate::config::{NetworkSetting, ProtocolConfig, ProtocolConfigValidator}; use mpc_tls::Config; -use tlsn_common::config::{NetworkSetting, ProtocolConfig, ProtocolConfigValidator}; use tlsn_core::CryptoProvider; /// Configuration for the [`Verifier`](crate::tls::Verifier). diff --git a/crates/verifier/src/error.rs b/crates/tlsn/src/verifier/error.rs similarity index 93% rename from crates/verifier/src/error.rs rename to crates/tlsn/src/verifier/error.rs index f9e692123..cffdfa2b0 100644 --- a/crates/verifier/src/error.rs +++ b/crates/tlsn/src/verifier/error.rs @@ -1,6 +1,6 @@ +use crate::{encoding::EncodingError, zk_aes_ctr::ZkAesCtrError}; use mpc_tls::MpcTlsError; use std::{error::Error, fmt}; -use tlsn_common::{encoding::EncodingError, zk_aes_ctr::ZkAesCtrError}; /// Error for [`Verifier`](crate::Verifier). #[derive(Debug, thiserror::Error)] @@ -88,8 +88,8 @@ impl From for VerifierError { } } -impl From for VerifierError { - fn from(e: tlsn_common::config::ProtocolConfigError) -> Self { +impl From for VerifierError { + fn from(e: crate::config::ProtocolConfigError) -> Self { Self::new(ErrorKind::Config, e) } } diff --git a/crates/verifier/src/state.rs b/crates/tlsn/src/verifier/state.rs similarity index 80% rename from crates/verifier/src/state.rs rename to crates/tlsn/src/verifier/state.rs index a39e8e0e8..efaade9a6 100644 --- a/crates/verifier/src/state.rs +++ b/crates/tlsn/src/verifier/state.rs @@ -2,19 +2,20 @@ use std::sync::Arc; -use crate::{Mpc, Zk}; +use crate::{ + commit::transcript::TranscriptRefs, + mux::{MuxControl, MuxFuture}, + zk_aes_ctr::ZkAesCtr, +}; use mpc_tls::{MpcTlsFollower, SessionKeys}; use mpz_common::Context; use mpz_memory_core::correlated::Delta; -use tlsn_common::{ - mux::{MuxControl, MuxFuture}, - transcript::TranscriptRefs, - zk_aes_ctr::ZkAesCtr, -}; -use tlsn_core::connection::{ConnectionInfo, ServerEphemKey}; +use tlsn_core::transcript::TlsTranscript; use tlsn_deap::Deap; use tokio::sync::Mutex; +use crate::verifier::{Mpc, Zk}; + /// TLS Verifier state. pub trait VerifierState: sealed::Sealed {} @@ -29,8 +30,9 @@ pub struct Setup { pub(crate) mux_fut: MuxFuture, pub(crate) delta: Delta, pub(crate) mpc_tls: MpcTlsFollower, - pub(crate) zk_aes_ctr: ZkAesCtr, - pub(crate) _keys: SessionKeys, + pub(crate) zk_aes_ctr_sent: ZkAesCtr, + pub(crate) zk_aes_ctr_recv: ZkAesCtr, + pub(crate) keys: SessionKeys, pub(crate) vm: Arc>>, } @@ -41,8 +43,7 @@ pub struct Committed { pub(crate) delta: Delta, pub(crate) ctx: Context, pub(crate) vm: Zk, - pub(crate) server_ephemeral_key: ServerEphemKey, - pub(crate) connection_info: ConnectionInfo, + pub(crate) tls_transcript: TlsTranscript, pub(crate) transcript_refs: TranscriptRefs, } diff --git a/crates/common/src/zk_aes_ctr.rs b/crates/tlsn/src/zk_aes_ctr.rs similarity index 93% rename from crates/common/src/zk_aes_ctr.rs rename to crates/tlsn/src/zk_aes_ctr.rs index 6c7a403a8..6b5921da0 100644 --- a/crates/common/src/zk_aes_ctr.rs +++ b/crates/tlsn/src/zk_aes_ctr.rs @@ -1,14 +1,14 @@ //! Zero-knowledge AES-CTR encryption. use cipher::{ - aes::{Aes128, AesError}, Cipher, CipherError, Keystream, + aes::{Aes128, AesError}, }; use mpz_memory_core::{ - binary::{Binary, U8}, Array, Vector, + binary::{Binary, U8}, }; -use mpz_vm_core::{prelude::*, Vm}; +use mpz_vm_core::{Vm, prelude::*}; use crate::Role; @@ -20,7 +20,7 @@ const START_CTR: u32 = 2; /// ZK AES-CTR encryption. #[derive(Debug)] -pub struct ZkAesCtr { +pub(crate) struct ZkAesCtr { role: Role, aes: Aes128, state: State, @@ -28,7 +28,7 @@ pub struct ZkAesCtr { impl ZkAesCtr { /// Creates a new ZK AES-CTR instance. - pub fn new(role: Role) -> Self { + pub(crate) fn new(role: Role) -> Self { Self { role, aes: Aes128::default(), @@ -37,12 +37,16 @@ impl ZkAesCtr { } /// Returns the role. - pub fn role(&self) -> &Role { + pub(crate) fn role(&self) -> &Role { &self.role } /// Allocates `len` bytes for encryption. - pub fn alloc(&mut self, vm: &mut dyn Vm, len: usize) -> Result<(), ZkAesCtrError> { + pub(crate) fn alloc( + &mut self, + vm: &mut dyn Vm, + len: usize, + ) -> Result<(), ZkAesCtrError> { let State::Init = self.state.take() else { Err(ErrorRepr::State { reason: "must be in init state to allocate", @@ -66,7 +70,7 @@ impl ZkAesCtr { } /// Sets the key and IV for the cipher. - pub fn set_key(&mut self, key: Array, iv: Array) { + pub(crate) fn set_key(&mut self, key: Array, iv: Array) { self.aes.set_key(key); self.aes.set_iv(iv); } @@ -85,7 +89,7 @@ impl ZkAesCtr { /// # Returns /// /// A VM reference to the plaintext and the ciphertext. - pub fn encrypt( + pub(crate) fn encrypt( &mut self, vm: &mut dyn Vm, explicit_nonce: Vec, diff --git a/crates/tlsn/tests/test.rs b/crates/tlsn/tests/test.rs new file mode 100644 index 000000000..2c2c51f2b --- /dev/null +++ b/crates/tlsn/tests/test.rs @@ -0,0 +1,146 @@ +use futures::{AsyncReadExt, AsyncWriteExt}; +use tls_core::verify::WebPkiVerifier; +use tlsn::{ + config::{ProtocolConfig, ProtocolConfigValidator}, + prover::{Prover, ProverConfig}, + verifier::{Verifier, VerifierConfig}, +}; +use tlsn_core::{ + CryptoProvider, attestation::AttestationConfig, request::RequestConfig, + signing::SignatureAlgId, transcript::TranscriptCommitConfig, +}; +use tlsn_server_fixture::bind; +use tlsn_server_fixture_certs::{CA_CERT_DER, SERVER_DOMAIN}; + +use tokio::io::{AsyncRead, AsyncWrite}; +use tokio_util::compat::TokioAsyncReadCompatExt; +use tracing::instrument; + +// Maximum number of bytes that can be sent from prover to server +const MAX_SENT_DATA: usize = 1 << 12; +// Maximum number of application records sent from prover to server +const MAX_SENT_RECORDS: usize = 4; +// Maximum number of bytes that can be received by prover from server +const MAX_RECV_DATA: usize = 1 << 14; +// Maximum number of application records received by prover from server +const MAX_RECV_RECORDS: usize = 6; + +#[tokio::test(flavor = "multi_thread", worker_threads = 2)] +#[ignore] +async fn test() { + tracing_subscriber::fmt::init(); + + let (socket_0, socket_1) = tokio::io::duplex(2 << 23); + + tokio::join!(prover(socket_0), verifier(socket_1)); +} + +#[instrument(skip(verifier_socket))] +#[allow(deprecated)] +async fn prover(verifier_socket: T) { + let (client_socket, server_socket) = tokio::io::duplex(2 << 16); + + let server_task = tokio::spawn(bind(server_socket.compat())); + + let mut root_store = tls_core::anchors::RootCertStore::empty(); + root_store + .add(&tls_core::key::Certificate(CA_CERT_DER.to_vec())) + .unwrap(); + + let provider = CryptoProvider { + cert: WebPkiVerifier::new(root_store, None), + ..Default::default() + }; + + let prover = Prover::new( + ProverConfig::builder() + .server_name(SERVER_DOMAIN) + .protocol_config( + ProtocolConfig::builder() + .max_sent_data(MAX_SENT_DATA) + .max_sent_records(MAX_SENT_RECORDS) + .max_recv_data(MAX_RECV_DATA) + .max_recv_records_online(MAX_RECV_RECORDS) + .build() + .unwrap(), + ) + .crypto_provider(provider) + .build() + .unwrap(), + ) + .setup(verifier_socket.compat()) + .await + .unwrap(); + + let (mut tls_connection, prover_fut) = prover.connect(client_socket.compat()).await.unwrap(); + let prover_task = tokio::spawn(prover_fut); + + tls_connection + .write_all(b"GET / HTTP/1.1\r\nConnection: close\r\n\r\n") + .await + .unwrap(); + tls_connection.close().await.unwrap(); + + let mut response = vec![0u8; 1024]; + tls_connection.read_to_end(&mut response).await.unwrap(); + + let _ = server_task.await.unwrap(); + + let mut prover = prover_task.await.unwrap().unwrap(); + let sent_tx_len = prover.transcript().sent().len(); + let recv_tx_len = prover.transcript().received().len(); + + let mut builder = TranscriptCommitConfig::builder(prover.transcript()); + + // Commit to everything + builder.commit_sent(&(0..sent_tx_len)).unwrap(); + builder.commit_recv(&(0..recv_tx_len)).unwrap(); + + let transcript_commit = builder.build().unwrap(); + + let mut builder = RequestConfig::builder(); + + builder.transcript_commit(transcript_commit); + + let config = builder.build().unwrap(); + + prover.notarize(&config).await.unwrap(); + prover.close().await.unwrap(); +} + +#[instrument(skip(socket))] +#[allow(deprecated)] +async fn verifier(socket: T) { + let mut root_store = tls_core::anchors::RootCertStore::empty(); + root_store + .add(&tls_core::key::Certificate(CA_CERT_DER.to_vec())) + .unwrap(); + + let mut provider = CryptoProvider { + cert: WebPkiVerifier::new(root_store, None), + ..Default::default() + }; + + provider.signer.set_secp256k1(&[1u8; 32]).unwrap(); + + let config_validator = ProtocolConfigValidator::builder() + .max_sent_data(MAX_SENT_DATA) + .max_recv_data(MAX_RECV_DATA) + .build() + .unwrap(); + + let verifier = Verifier::new( + VerifierConfig::builder() + .protocol_config_validator(config_validator) + .crypto_provider(provider) + .build() + .unwrap(), + ); + + let config = AttestationConfig::builder() + .supported_signature_algs(vec![SignatureAlgId::SECP256K1]) + .build() + .unwrap(); + + _ = verifier.notarize(socket.compat(), &config).await.unwrap(); +} diff --git a/crates/verifier/Cargo.toml b/crates/verifier/Cargo.toml deleted file mode 100644 index a99e46005..000000000 --- a/crates/verifier/Cargo.toml +++ /dev/null @@ -1,46 +0,0 @@ -[package] -name = "tlsn-verifier" -authors = ["TLSNotary Team"] -description = "A library for the TLSNotary verifier" -keywords = ["tls", "mpc", "2pc"] -categories = ["cryptography"] -license = "MIT OR Apache-2.0" -version = "0.1.0-alpha.13-pre" -edition = "2021" - -[lints] -workspace = true - -[features] -default = ["rayon"] -rayon = ["mpz-common/rayon"] -force-st = ["mpz-common/force-st"] - -[dependencies] -tlsn-common = { workspace = true } -tlsn-core = { workspace = true } -tlsn-deap = { workspace = true } -tlsn-mpc-tls = { workspace = true } -tlsn-tls-core = { workspace = true } - -serio = { workspace = true, features = ["compat"] } -uid-mux = { workspace = true, features = ["serio"] } - -mpz-core = { workspace = true } -mpz-common = { workspace = true } -mpz-garble = { workspace = true } -mpz-garble-core = { workspace = true } -mpz-memory-core = { workspace = true } -mpz-ole = { workspace = true } -mpz-ot = { workspace = true } -mpz-vm-core = { workspace = true } -mpz-zk = { workspace = true } - -derive_builder = { workspace = true } -futures = { workspace = true } -opaque-debug = { workspace = true } -rand = { workspace = true } -thiserror = { workspace = true } -tokio = { workspace = true, features = ["sync"] } -tracing = { workspace = true } -web-time = { workspace = true } diff --git a/crates/wasm/Cargo.toml b/crates/wasm/Cargo.toml index 123383446..36f384887 100644 --- a/crates/wasm/Cargo.toml +++ b/crates/wasm/Cargo.toml @@ -23,13 +23,11 @@ test = [] no-bundler = ["web-spawn/no-bundler"] [dependencies] -tlsn-common = { path = "../common" } -tlsn-core = { path = "../core" } -tlsn-prover = { path = "../prover" } +tlsn-core = { workspace = true } +tlsn = { workspace = true } tlsn-server-fixture-certs = { workspace = true } -tlsn-tls-client-async = { path = "../tls/client-async" } -tlsn-tls-core = { path = "../tls/core" } -tlsn-verifier = { path = "../verifier" } +tlsn-tls-client-async = { workspace = true } +tlsn-tls-core = { workspace = true } bincode = { workspace = true } console_error_panic_hook = { version = "0.1" } diff --git a/crates/wasm/build-docs.sh b/crates/wasm/build-docs.sh index 57dd4c59d..e54a2b6b0 100755 --- a/crates/wasm/build-docs.sh +++ b/crates/wasm/build-docs.sh @@ -4,7 +4,7 @@ set -euo pipefail cd "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # List the packages you want to document -PACKAGES=("tlsn-core" "tlsn-prover" "tlsn-verifier" "tlsn-wasm") +PACKAGES=("tlsn-core" "tlsn" "tlsn-wasm") # Find all features, except for the "test" features FEATURES=$( @@ -31,5 +31,5 @@ cargo +nightly doc \ --features "$FEATURES" # https://dev.to/deciduously/prepare-your-rust-api-docs-for-github-pages-2n5i -echo "Add index file -> tlsn_prover" -echo "" >../../target/wasm32-unknown-unknown/doc/index.html +echo "Add index file -> tlsn" +echo "" >../../target/wasm32-unknown-unknown/doc/index.html diff --git a/crates/wasm/src/prover/config.rs b/crates/wasm/src/prover/config.rs index 31ff0cb77..6ac9d9887 100644 --- a/crates/wasm/src/prover/config.rs +++ b/crates/wasm/src/prover/config.rs @@ -1,7 +1,8 @@ use crate::types::NetworkSetting; use serde::Deserialize; -use tlsn_common::config::ProtocolConfig; +use tlsn::config::ProtocolConfig; use tsify_next::Tsify; + #[derive(Debug, Tsify, Deserialize)] #[tsify(from_wasm_abi)] pub struct ProverConfig { @@ -16,7 +17,7 @@ pub struct ProverConfig { pub client_auth: Option<(Vec>, Vec)>, } -impl From for tlsn_prover::ProverConfig { +impl From for tlsn::prover::ProverConfig { fn from(value: ProverConfig) -> Self { let mut builder = ProtocolConfig::builder(); @@ -42,7 +43,7 @@ impl From for tlsn_prover::ProverConfig { builder.network(value.network.into()); let protocol_config = builder.build().unwrap(); - let mut builder = tlsn_prover::TlsConfig::builder(); + let mut builder = tlsn::prover::TlsConfig::builder(); if let Some(cert_key) = value.client_auth { // Try to parse as PEM-encoded. if builder.client_auth_pem(cert_key.clone()).is_err() { @@ -52,7 +53,7 @@ impl From for tlsn_prover::ProverConfig { } let tls_config = builder.build().unwrap(); - let mut builder = tlsn_prover::ProverConfig::builder(); + let mut builder = tlsn::prover::ProverConfig::builder(); builder .server_name(value.server_name.as_ref()) .protocol_config(protocol_config) diff --git a/crates/wasm/src/prover/mod.rs b/crates/wasm/src/prover/mod.rs index d1c0a8b0a..e403a052c 100644 --- a/crates/wasm/src/prover/mod.rs +++ b/crates/wasm/src/prover/mod.rs @@ -7,8 +7,8 @@ use futures::TryFutureExt; use http_body_util::{BodyExt, Full}; use hyper::body::Bytes; use tls_client_async::TlsConnection; +use tlsn::prover::{state, ProveConfig, Prover}; use tlsn_core::{request::RequestConfig, transcript::TranscriptCommitConfigBuilder}; -use tlsn_prover::{state, ProveConfig, Prover}; use tracing::info; use wasm_bindgen::{prelude::*, JsError}; use wasm_bindgen_futures::spawn_local; diff --git a/crates/wasm/src/tests.rs b/crates/wasm/src/tests.rs index a2e1d3b6a..24466cde4 100644 --- a/crates/wasm/src/tests.rs +++ b/crates/wasm/src/tests.rs @@ -3,11 +3,12 @@ use std::collections::HashMap; use tls_core::verify::WebPkiVerifier; -use tlsn_common::config::{ProtocolConfig, ProtocolConfigValidator}; +use tlsn::{ + prover::{Prover, ProverConfig}, + verifier::{Verifier, VerifierConfig}, +}; use tlsn_core::CryptoProvider; -use tlsn_prover::{Prover, ProverConfig}; use tlsn_server_fixture_certs::{CA_CERT_DER, SERVER_DOMAIN}; -use tlsn_verifier::{Verifier, VerifierConfig}; use wasm_bindgen::prelude::*; use crate::{ diff --git a/crates/wasm/src/types.rs b/crates/wasm/src/types.rs index b2ecb3499..1210a0442 100644 --- a/crates/wasm/src/types.rs +++ b/crates/wasm/src/types.rs @@ -335,7 +335,7 @@ pub enum NetworkSetting { Latency, } -impl From for tlsn_common::config::NetworkSetting { +impl From for tlsn::config::NetworkSetting { fn from(value: NetworkSetting) -> Self { match value { NetworkSetting::Bandwidth => Self::Bandwidth, diff --git a/crates/wasm/src/verifier/config.rs b/crates/wasm/src/verifier/config.rs index 519b37b05..12053b605 100644 --- a/crates/wasm/src/verifier/config.rs +++ b/crates/wasm/src/verifier/config.rs @@ -1,5 +1,5 @@ use serde::Deserialize; -use tlsn_common::config::ProtocolConfigValidator; +use tlsn::config::ProtocolConfigValidator; use tsify_next::Tsify; #[derive(Debug, Tsify, Deserialize)] @@ -11,7 +11,7 @@ pub struct VerifierConfig { pub max_recv_records_online: Option, } -impl From for tlsn_verifier::VerifierConfig { +impl From for tlsn::verifier::VerifierConfig { fn from(value: VerifierConfig) -> Self { let mut builder = ProtocolConfigValidator::builder(); @@ -28,7 +28,7 @@ impl From for tlsn_verifier::VerifierConfig { let validator = builder.build().unwrap(); - tlsn_verifier::VerifierConfig::builder() + tlsn::verifier::VerifierConfig::builder() .protocol_config_validator(validator) .build() .unwrap() diff --git a/crates/wasm/src/verifier/mod.rs b/crates/wasm/src/verifier/mod.rs index 3698a94f1..46a0595c4 100644 --- a/crates/wasm/src/verifier/mod.rs +++ b/crates/wasm/src/verifier/mod.rs @@ -3,9 +3,13 @@ mod config; pub use config::VerifierConfig; use enum_try_as_inner::EnumTryAsInner; -use tlsn_verifier::{ - state::{self, Initialized}, - Verifier, VerifyConfig, +use tls_core::msgs::enums::ContentType; +use tlsn::{ + connection::{ConnectionInfo, TranscriptLength}, + verifier::{ + state::{self, Initialized}, + Verifier, VerifyConfig, + }, }; use tracing::info; use wasm_bindgen::prelude::*; @@ -71,7 +75,30 @@ impl JsVerifier { let mut verifier = verifier.setup(prover_conn.into_io()).await?.run().await?; - let connection_info = verifier.connection_info().clone(); + let sent = verifier + .tls_transcript() + .sent() + .iter() + .filter(|record| record.typ == ContentType::ApplicationData) + .map(|record| record.ciphertext.len()) + .sum::(); + + let received = verifier + .tls_transcript() + .recv() + .iter() + .filter(|record| record.typ == ContentType::ApplicationData) + .map(|record| record.ciphertext.len()) + .sum::(); + + let connection_info = ConnectionInfo { + time: verifier.tls_transcript().time(), + version: *verifier.tls_transcript().version(), + transcript_length: TranscriptLength { + sent: sent as u32, + received: received as u32, + }, + }; let output = verifier.verify(&VerifyConfig::default()).await?; verifier.close().await?; @@ -86,8 +113,8 @@ impl JsVerifier { } } -impl From> for JsVerifier { - fn from(value: tlsn_verifier::Verifier) -> Self { +impl From> for JsVerifier { + fn from(value: tlsn::verifier::Verifier) -> Self { Self { state: State::Initialized(value), }