refactor(core): alpha.7 rewrite (#574)

* refactor(core): alpha.7 rewrite * allow empty idx * fix empty assumption * further encapsulate rangeset * added presentation, finishing touches * remove unwrap * update index naming * add secp256r1 support * add attestation to presentation output, and serde derives * handle k256 in KeyAlgId Display * unnecessary newline * refactor(core): integrate rewrite changes (#584) * refactor(core): alpha.7 rewrite * allow empty idx * fix empty assumption * further encapsulate rangeset * added presentation, finishing touches * remove unwrap * refactor(core): integrate rewrite changes * remove obsolete tests * add secp256r1 support * update index naming * add secp256r1 support * add attestation to presentation output, and serde derives * handle k256 in KeyAlgId Display * unnecessary newline * fix variable name * restore changes from dev to tlsn-prover * use CryptoProvider in config * clippy * more clippy
tlsnotary · Sep 19, 2024 · 53ff873 · 53ff873
1 parent a4a0de0
commit 53ff873
Show file tree

Hide file tree

Showing 145 changed files with 7,560 additions and 4,999 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -10,6 +10,7 @@ members = [
     "crates/components/stream-cipher",
     "crates/components/universal-hash",
     "crates/core",
+    "crates/data-fixtures",
     "crates/examples",
     "crates/formats",
     "crates/notary/client",
@@ -25,9 +26,9 @@ members = [
     "crates/tls/core",
     "crates/tls/mpc",
     "crates/tls/server-fixture",
-    "crates/wasm-test-runner",
     "crates/verifier",
     "crates/wasm",
+    "crates/wasm-test-runner",
 ]
 resolver = "2"
 
@@ -43,6 +44,7 @@ tlsn-aead = { path = "crates/components/aead" }
 tlsn-block-cipher = { path = "crates/components/block-cipher" }
 tlsn-common = { path = "crates/common" }
 tlsn-core = { path = "crates/core" }
+tlsn-data-fixtures = { path = "crates/data-fixtures" }
 tlsn-formats = { path = "crates/formats" }
 tlsn-hmac-sha256 = { path = "crates/components/hmac-sha256" }
 tlsn-hmac-sha256-circuits = { path = "crates/components/hmac-sha256-circuits" }
@@ -57,8 +59,8 @@ tlsn-tls-client-async = { path = "crates/tls/client-async" }
 tlsn-tls-core = { path = "crates/tls/core" }
 tlsn-tls-mpc = { path = "crates/tls/mpc" }
 tlsn-universal-hash = { path = "crates/components/universal-hash" }
-tlsn-utils = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "45370cc" }
-tlsn-utils-aio = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "45370cc" }
+tlsn-utils = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "e7b2db6" }
+tlsn-utils-aio = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "e7b2db6" }
 tlsn-verifier = { path = "crates/verifier" }
 
 mpz-circuits = { git = "https://github.com/privacy-scaling-explorations/mpz", rev = "b8ae7ac" }
@@ -71,7 +73,7 @@ mpz-ot = { git = "https://github.com/privacy-scaling-explorations/mpz", rev = "b
 mpz-share-conversion = { git = "https://github.com/privacy-scaling-explorations/mpz", rev = "b8ae7ac" }
 
 serio = { version = "0.1" }
-spansy = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "45370cc" }
+spansy = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "e7b2db6" }
 uid-mux = { version = "0.1", features = ["serio"] }
 
 aes = { version = "0.8" }
@@ -80,7 +82,9 @@ anyhow = { version = "1.0" }
 async-trait = { version = "0.1" }
 async-tungstenite = { version = "0.25" }
 axum = { version = "0.7" }
+bcs = { version = "0.1" }
 bincode = { version = "1.3" }
+blake3 = { version = "1.5" }
 bytes = { version = "1.4" }
 chrono = { version = "0.4" }
 cipher = { version = "0.4" }
@@ -101,17 +105,19 @@ http = { version = "1.1" }
 http-body-util = { version = "0.1" }
 hyper = { version = "1.1" }
 hyper-util = { version = "0.1" }
+k256 = { version = "0.13" }
 log = { version = "0.4" }
 once_cell = { version = "1.19" }
 opaque-debug = { version = "0.3" }
 p256 = { version = "0.13" }
+pkcs8 = { version = "0.10" }
 pin-project-lite = { version = "0.2" }
 rand = { version = "0.8" }
 rand_chacha = { version = "0.3" }
 rand_core = { version = "0.6" }
 regex = { version = "1.10" }
 ring = { version = "0.17" }
-rs_merkle = { version = "1.4" }
+rs_merkle = { git = "https://github.com/tlsnotary/rs-merkle.git", rev = "7fb354c" }
 rstest = { version = "0.17" }
 rustls = { version = "0.21" }
 rustls-pemfile = { version = "1.0" }
@@ -131,3 +137,4 @@ web-time = { version = "0.2" }
 webpki = { version = "0.22" }
 webpki-roots = { version = "0.26" }
 ws_stream_tungstenite = { version = "0.13" }
+zeroize = { version = "1.8" }
diff --git a/crates/benches/bin/prover.rs b/crates/benches/bin/prover.rs
@@ -9,14 +9,14 @@ use std::{
 
 use anyhow::Context;
 use futures::{AsyncReadExt, AsyncWriteExt};
+use tls_core::verify::WebPkiVerifier;
 use tlsn_benches::{
     config::{BenchInstance, Config},
     metrics::Metrics,
     set_interface, PROVER_INTERFACE,
 };
-
 use tlsn_common::config::ProtocolConfig;
-use tlsn_core::Direction;
+use tlsn_core::{transcript::Idx, CryptoProvider};
 use tlsn_server_fixture::bind;
 use tlsn_server_fixture_certs::{CA_CERT_DER, SERVER_DOMAIN};
 use tokio::io::{AsyncRead, AsyncWrite};
@@ -25,7 +25,7 @@ use tokio_util::{
     io::{InspectReader, InspectWriter},
 };
 
-use tlsn_prover::tls::{Prover, ProverConfig};
+use tlsn_prover::{Prover, ProverConfig};
 use tracing_subscriber::{fmt::format::FmtSpan, EnvFilter};
 
 #[tokio::main]
@@ -117,6 +117,11 @@ async fn run_instance<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>
 
     let start_time = Instant::now();
 
+    let provider = CryptoProvider {
+        cert: WebPkiVerifier::new(root_store(), None),
+        ..Default::default()
+    };
+
     let protocol_config = if defer_decryption {
         ProtocolConfig::builder()
             .max_sent_data(upload_size + 256)
@@ -134,11 +139,10 @@ async fn run_instance<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>
 
     let prover = Prover::new(
         ProverConfig::builder()
-            .id("test")
-            .server_dns(SERVER_DOMAIN)
-            .root_cert_store(root_store())
+            .server_name(SERVER_DOMAIN)
             .protocol_config(protocol_config)
             .defer_decryption_from_start(defer_decryption)
+            .crypto_provider(provider)
             .build()
             .context("invalid prover config")?,
     )
@@ -163,12 +167,10 @@ async fn run_instance<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>
 
     let mut prover = prover_task.await??.start_prove();
 
-    prover.reveal(0..prover.sent_transcript().data().len(), Direction::Sent)?;
-    prover.reveal(
-        0..prover.recv_transcript().data().len(),
-        Direction::Received,
-    )?;
-    prover.prove().await?;
+    let (sent_len, recv_len) = prover.transcript().len();
+    prover
+        .prove_transcript(Idx::new(0..sent_len), Idx::new(0..recv_len))
+        .await?;
     prover.finalize().await?;
 
     Ok(Metrics {

diff --git a/crates/benches/bin/verifier.rs b/crates/benches/bin/verifier.rs
@@ -9,8 +9,9 @@ use tlsn_benches::{
     set_interface, VERIFIER_INTERFACE,
 };
 use tlsn_common::config::ProtocolConfigValidator;
+use tlsn_core::CryptoProvider;
 use tlsn_server_fixture_certs::CA_CERT_DER;
-use tlsn_verifier::tls::{Verifier, VerifierConfig};
+use tlsn_verifier::{Verifier, VerifierConfig};
 
 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
@@ -64,6 +65,11 @@ async fn run_instance<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>
 
     set_interface(VERIFIER_INTERFACE, download, 1, download_delay)?;
 
+    let provider = CryptoProvider {
+        cert: cert_verifier(),
+        ..Default::default()
+    };
+
     let config_validator = ProtocolConfigValidator::builder()
         .max_sent_data(upload_size + 256)
         .max_recv_data(download_size + 256)
@@ -72,9 +78,8 @@ async fn run_instance<S: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>
 
     let verifier = Verifier::new(
         VerifierConfig::builder()
-            .id("test")
-            .cert_verifier(cert_verifier())
             .protocol_config_validator(config_validator)
+            .crypto_provider(provider)
             .build()?,
     );
 

diff --git a/crates/common/Cargo.toml b/crates/common/Cargo.toml
@@ -8,19 +8,20 @@ edition = "2021"
 default = []
 
 [dependencies]
+tlsn-core = { workspace = true }
 mpz-common = { workspace = true }
 mpz-garble = { workspace = true }
 mpz-ot = { workspace = true }
 
 derive_builder = { workspace = true }
 futures = { workspace = true }
 once_cell = { workspace = true }
-serde = { workspace = true }
 serio = { workspace = true, features = ["codec", "bincode"] }
 thiserror = { workspace = true }
 tracing = { workspace = true }
 uid-mux = { workspace = true, features = ["serio"] }
-
+serde = { workspace = true, features = ["derive"] }
+tlsn-utils = { workspace = true }
 semver = { version = "1.0", features = ["serde"] }
 
 [dev-dependencies]

diff --git a/crates/common/src/lib.rs b/crates/common/src/lib.rs
@@ -5,6 +5,7 @@
 #![forbid(unsafe_code)]
 
 pub mod config;
+pub mod msg;
 pub mod mux;
 
 use serio::codec::Codec;

diff --git a/crates/common/src/msg.rs b/crates/common/src/msg.rs
@@ -0,0 +1,14 @@
+//! Message types.
+
+use serde::{Deserialize, Serialize};
+
+use tlsn_core::connection::{ServerCertData, ServerName};
+
+/// Message sent from Prover to Verifier to prove the server identity.
+#[derive(Debug, Serialize, Deserialize)]
+pub struct ServerIdentityProof {
+    /// Server name.
+    pub name: ServerName,
+    /// Server identity data.
+    pub data: ServerCertData,
+}
diff --git a/crates/core/Cargo.toml b/crates/core/Cargo.toml
@@ -16,28 +16,35 @@ fixtures = ["dep:hex"]
 tlsn-tls-core = { workspace = true, features = ["serde"] }
 tlsn-utils = { workspace = true }
 
-mpz-circuits = { workspace = true }
 mpz-core = { workspace = true }
 mpz-garble-core = { workspace = true }
+mpz-circuits = { workspace = true }
 
-bimap = { version = "0.6.3", features = ["serde"] }
-bytes = { workspace = true, features = ["serde"] }
+bcs = { workspace = true }
+bimap = { version = "0.6", features = ["serde"] }
+blake3 = { workspace = true }
+derive_builder = { workspace = true }
 hex = { workspace = true, optional = true }
+k256 = { workspace = true }
 opaque-debug = { workspace = true }
 p256 = { workspace = true, features = ["serde"] }
-rs_merkle = { workspace = true }
+rand = { workspace = true }
+rs_merkle = { workspace = true, features = ["serde"] }
 rstest = { workspace = true, optional = true }
 serde = { workspace = true }
+sha2 = { workspace = true }
 thiserror = { workspace = true }
+tiny-keccak = { version = "2.0", features = ["keccak"] }
 web-time = { workspace = true }
 webpki-roots = { workspace = true }
 
 [dev-dependencies]
-bincode = { workspace = true }
+rstest = { workspace = true }
 hex = { workspace = true }
-rand_chacha = { workspace = true }
 rand_core = { workspace = true }
-rstest = { workspace = true }
+rand_chacha = { workspace = true }
+bincode = { workspace = true }
+tlsn-data-fixtures = { workspace = true }
 
 [[test]]
 name = "api"