github/tlsn
1
1
Fork 0
mirror of https://github.com/tlsnotary/tlsn.git synced 2026-01-09 14:48:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: make defer-decryption default

Browse Source 
* feat: add `defer` option to inner configs

- `TranscriptConfig`
- `MpcTlsLeaderConfig`
- `MpcTlsFollowerConfig`

* adapt common `ProtocolConfig` to `deferred` feature

* Adapt prover and verifier configs.

* Adapt benches.

* Adapt examples.

* Adapt `crates/tests-integration`.

* Adapt notary integration test and wasm crates.

* Fix test.

* add clarifying comments

* Add feedback.

* Improve default handling for `max_deferred_size`.

* Use default handling instead of validation.

* Add feedback.

* fix: bugfix for `notarize.rs`

* Remove defaults for `ProtocolConfigValidator`

* Set `ProtocolConfigValidator` where needed.

* Only preprocess online part for transcript.

---------

Co-authored-by: Ubuntu <ubuntu@ip-10-35-1-161.eu-central-1.compute.internal>
This commit is contained in:
th4s
2024-09-11 21:49:58 +02:00
committed by GitHub
parent 32df1380a7
commit 9bbb2fb66c
21 changed files with 326 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crates/examples/discord/discord_dm.rs
View File

@@ -21,10 +21,6 @@ const SERVER_DOMAIN: &str = "discord.com";
const NOTARY_HOST: &str = "127.0.0.1";
const NOTARY_PORT: u16 = 7047;
// P/S: If the following limits are increased, please ensure max-transcript-size of
// the notary server's config (../../notary/server) is increased too, where
// max-transcript-size = MAX_SENT_DATA + MAX_RECV_DATA
//
// Maximum number of bytes that can be sent from prover to server
const MAX_SENT_DATA: usize = 1 << 12;
// Maximum number of bytes that can be received by prover from server

32
crates/examples/interactive/interactive.rs
View File

@@ -1,6 +1,7 @@
use http_body_util::Empty;
use hyper::{body::Bytes, Request, StatusCode, Uri};
use hyper_util::rt::TokioIo;
use tlsn_common::config::{ProtocolConfig, ProtocolConfigValidator};
use tlsn_core::{proof::SessionInfo, Direction, RedactedTranscript};
use tlsn_prover::tls::{state::Prove, Prover, ProverConfig};
use tlsn_verifier::tls::{Verifier, VerifierConfig};
@@ -11,6 +12,11 @@ use tracing::instrument;
const SECRET: &str = "TLSNotary's private key 🤡";
const SERVER_DOMAIN: &str = "example.com";
// Maximum number of bytes that can be sent from prover to server
const MAX_SENT_DATA: usize = 1 << 12;
// Maximum number of bytes that can be received by prover from server
const MAX_RECV_DATA: usize = 1 << 14;
#[tokio::main]
async fn main() {
tracing_subscriber::fmt::init();
@@ -53,6 +59,13 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
ProverConfig::builder()
.id(id)
.server_dns(server_domain)
.protocol_config(
ProtocolConfig::builder()
.max_sent_data(MAX_SENT_DATA)
.max_recv_data(MAX_RECV_DATA)
.build()
.unwrap(),
)
.build()
.unwrap(),
)
@@ -69,9 +82,6 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
let (mpc_tls_connection, prover_fut) =
prover.connect(tls_client_socket.compat()).await.unwrap();
// Grab a controller for the Prover so we can enable deferred decryption.
let ctrl = prover_fut.control();
// Wrap the connection in a TokioIo compatibility layer to use it with hyper.
let mpc_tls_connection = TokioIo::new(mpc_tls_connection.compat());
@@ -87,10 +97,6 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
// Spawn the connection to run in the background.
tokio::spawn(connection);
// Enable deferred decryption. This speeds up the proving time, but doesn't
// let us see the decrypted data until after the connection is closed.
ctrl.defer_decryption().await.unwrap();
// MPC-TLS: Send Request and wait for Response.
let request = Request::builder()
.uri(uri.clone())
@@ -120,7 +126,17 @@ async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
id: &str,
) -> (RedactedTranscript, RedactedTranscript, SessionInfo) {
// Setup Verifier.
let verifier_config = VerifierConfig::builder().id(id).build().unwrap();
let config_validator = ProtocolConfigValidator::builder()
.max_sent_data(MAX_SENT_DATA)
.max_recv_data(MAX_RECV_DATA)
.build()
.unwrap();
let verifier_config = VerifierConfig::builder()
.id(id)
.protocol_config_validator(config_validator)
.build()
.unwrap();
let verifier = Verifier::new(verifier_config);
// Verify MPC-TLS and wait for (redacted) data.

20
crates/examples/src/lib.rs
View File

@@ -1,7 +1,13 @@
use elliptic_curve::pkcs8::DecodePrivateKey;
use futures::{AsyncRead, AsyncWrite};
use tlsn_common::config::ProtocolConfigValidator;
use tlsn_verifier::tls::{Verifier, VerifierConfig};
// Maximum number of bytes that can be sent from prover to server
const MAX_SENT_DATA: usize = 1 << 12;
// Maximum number of bytes that can be received by prover from server
const MAX_RECV_DATA: usize = 1 << 14;
/// Runs a simple Notary with the provided connection to the Prover.
pub async fn run_notary<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(conn: T) {
// Load the notary signing key
@@ -11,9 +17,19 @@ pub async fn run_notary<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(conn
.unwrap();
let signing_key = p256::ecdsa::SigningKey::from_pkcs8_pem(signing_key_str).unwrap();
// Setup default config. Normally a different ID would be generated
// Setup the config. Normally a different ID would be generated
// for each notarization.
let config = VerifierConfig::builder().id("example").build().unwrap();
let config_validator = ProtocolConfigValidator::builder()
.max_sent_data(MAX_SENT_DATA)
.max_recv_data(MAX_RECV_DATA)
.build()
.unwrap();
let config = VerifierConfig::builder()
.id("example")
.protocol_config_validator(config_validator)
.build()
.unwrap();
Verifier::new(config)
.notarize::<_, p256::ecdsa::Signature>(conn, &signing_key)

26
crates/examples/twitter/twitter_dm.rs
View File

@@ -7,6 +7,7 @@ use hyper::{body::Bytes, Request, StatusCode};
use hyper_util::rt::TokioIo;
use notary_client::{Accepted, NotarizationRequest, NotaryClient};
use std::{env, str};
use tlsn_common::config::ProtocolConfig;
use tlsn_core::{commitment::CommitmentKind, proof::TlsProof};
use tlsn_prover::tls::{Prover, ProverConfig};
use tokio::io::AsyncWriteExt as _;
@@ -22,6 +23,11 @@ const USER_AGENT: &str = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KH
const NOTARY_HOST: &str = "127.0.0.1";
const NOTARY_PORT: u16 = 7047;
// Maximum number of bytes that can be sent from prover to server
const MAX_SENT_DATA: usize = 1 << 12;
// Maximum number of bytes that can be received by prover from server
const MAX_RECV_DATA: usize = 1 << 14;
#[tokio::main]
async fn main() {
tracing_subscriber::fmt::init();
@@ -44,7 +50,11 @@ async fn main() {
.unwrap();
// Send requests for configuration and notarization to the notary server.
let notarization_request = NotarizationRequest::builder().build().unwrap();
let notarization_request = NotarizationRequest::builder()
.max_sent_data(MAX_SENT_DATA)
.max_recv_data(MAX_RECV_DATA)
.build()
.unwrap();
let Accepted {
io: notary_connection,
@@ -59,6 +69,13 @@ async fn main() {
let prover_config = ProverConfig::builder()
.id(session_id)
.server_dns(SERVER_DOMAIN)
.protocol_config(
ProtocolConfig::builder()
.max_sent_data(MAX_SENT_DATA)
.max_recv_data(MAX_RECV_DATA)
.build()
.unwrap(),
)
.build()
.unwrap();
@@ -77,9 +94,6 @@ async fn main() {
let (tls_connection, prover_fut) = prover.connect(client_socket.compat()).await.unwrap();
let tls_connection = TokioIo::new(tls_connection.compat());
// Grab a control handle to the Prover
let prover_ctrl = prover_fut.control();
// Spawn the Prover to be run concurrently
let prover_task = tokio::spawn(prover_fut);
@@ -115,10 +129,6 @@ async fn main() {
debug!("Sending request");
// Because we don't need to decrypt the response right away, we can defer decryption
// until after the connection is closed. This will speed up the proving process!
prover_ctrl.defer_decryption().await.unwrap();
let response = request_sender.send_request(request).await.unwrap();
debug!("Sent request");