├── .dockerignore ├── .github ├── codecov.yml └── workflows │ ├── bench.yml │ ├── ci.yml │ ├── rebase.yml │ ├── releng.yml │ ├── rustdoc.yml │ └── updatemain.yml ├── .gitignore ├── CONTRIBUTING.md ├── Cargo.lock ├── Cargo.toml ├── README.md ├── crates ├── benches │ ├── binary │ │ ├── .gitignore │ │ ├── Cargo.toml │ │ ├── README.md │ │ ├── bench.sh │ │ ├── bench.toml │ │ ├── benches.Dockerfile │ │ ├── benches.Dockerfile.dockerignore │ │ ├── bin │ │ │ ├── bench.rs │ │ │ ├── plot.rs │ │ │ ├── prover.rs │ │ │ ├── prover_memory.rs │ │ │ ├── verifier.rs │ │ │ └── verifier_memory.rs │ │ ├── docker.md │ │ └── src │ │ │ ├── config.rs │ │ │ ├── lib.rs │ │ │ ├── metrics.rs │ │ │ ├── prover.rs │ │ │ ├── prover_main.rs │ │ │ └── verifier_main.rs │ ├── browser │ │ ├── core │ │ │ ├── Cargo.toml │ │ │ └── src │ │ │ │ ├── lib.rs │ │ │ │ └── msg.rs │ │ ├── native │ │ │ ├── Cargo.toml │ │ │ └── src │ │ │ │ └── lib.rs │ │ └── wasm │ │ │ ├── .cargo │ │ │ └── config.toml │ │ │ ├── Cargo.toml │ │ │ ├── pkg │ │ │ ├── comlink.mjs │ │ │ ├── index.html │ │ │ ├── index.js │ │ │ └── worker.js │ │ │ ├── rust-toolchain.toml │ │ │ └── src │ │ │ └── lib.rs │ └── library │ │ ├── Cargo.toml │ │ └── src │ │ └── lib.rs ├── common │ ├── Cargo.toml │ └── src │ │ ├── commit.rs │ │ ├── commit │ │ └── hash.rs │ │ ├── config.rs │ │ ├── context.rs │ │ ├── encoding.rs │ │ ├── lib.rs │ │ ├── msg.rs │ │ ├── mux.rs │ │ ├── transcript.rs │ │ └── zk_aes.rs ├── components │ ├── cipher │ │ ├── Cargo.toml │ │ └── src │ │ │ ├── aes │ │ │ ├── error.rs │ │ │ └── mod.rs │ │ │ └── lib.rs │ ├── deap │ │ ├── Cargo.toml │ │ └── src │ │ │ ├── lib.rs │ │ │ └── map.rs │ ├── hmac-sha256 │ │ ├── Cargo.toml │ │ ├── benches │ │ │ └── prf.rs │ │ └── src │ │ │ ├── config.rs │ │ │ ├── error.rs │ │ │ ├── hmac.rs │ │ │ ├── lib.rs │ │ │ ├── prf.rs │ │ │ ├── prf │ │ │ ├── function.rs │ │ │ ├── function │ │ │ │ ├── normal.rs │ │ │ │ └── reduced.rs │ │ │ └── state.rs │ │ │ └── test_utils.rs │ └── key-exchange │ │ ├── Cargo.toml │ │ └── src │ │ ├── circuit.rs │ │ ├── error.rs │ │ ├── exchange.rs │ │ ├── lib.rs │ │ ├── mock.rs │ │ └── point_addition.rs ├── core │ ├── Cargo.toml │ ├── src │ │ ├── attestation.rs │ │ ├── attestation │ │ │ ├── builder.rs │ │ │ ├── config.rs │ │ │ ├── extension.rs │ │ │ └── proof.rs │ │ ├── connection.rs │ │ ├── connection │ │ │ ├── commit.rs │ │ │ └── proof.rs │ │ ├── fixtures.rs │ │ ├── fixtures │ │ │ ├── data │ │ │ │ ├── README.md │ │ │ │ ├── appliedzkp.org │ │ │ │ │ ├── ca.der │ │ │ │ │ ├── client_random │ │ │ │ │ ├── ee.der │ │ │ │ │ ├── inter.der │ │ │ │ │ ├── pubkey │ │ │ │ │ ├── server_random │ │ │ │ │ └── signature │ │ │ │ ├── tlsnotary.org │ │ │ │ │ ├── ca.der │ │ │ │ │ ├── client_random │ │ │ │ │ ├── ee.der │ │ │ │ │ ├── inter.der │ │ │ │ │ ├── pubkey │ │ │ │ │ ├── server_random │ │ │ │ │ └── signature │ │ │ │ └── unknown │ │ │ │ │ ├── ca.der │ │ │ │ │ ├── ee.der │ │ │ │ │ └── pubkey │ │ │ └── provider.rs │ │ ├── hash.rs │ │ ├── lib.rs │ │ ├── merkle.rs │ │ ├── presentation.rs │ │ ├── provider.rs │ │ ├── request.rs │ │ ├── request │ │ │ ├── builder.rs │ │ │ └── config.rs │ │ ├── secrets.rs │ │ ├── serialize.rs │ │ ├── signing.rs │ │ ├── transcript.rs │ │ └── transcript │ │ │ ├── commit.rs │ │ │ ├── encoding.rs │ │ │ ├── encoding │ │ │ ├── encoder.rs │ │ │ ├── proof.rs │ │ │ ├── provider.rs │ │ │ └── tree.rs │ │ │ ├── hash.rs │ │ │ └── proof.rs │ └── tests │ │ └── api.rs ├── data-fixtures │ ├── Cargo.toml │ ├── data │ │ └── http │ │ │ ├── request_get_empty │ │ │ ├── request_get_empty_header │ │ │ ├── request_get_with_header │ │ │ ├── request_post_json │ │ │ ├── response_empty │ │ │ ├── response_empty_header │ │ │ ├── response_json │ │ │ └── response_text │ └── src │ │ ├── http.rs │ │ └── lib.rs ├── examples │ ├── .gitignore │ ├── Cargo.toml │ ├── README.md │ ├── attestation │ │ ├── README.md │ │ ├── present.rs │ │ ├── prove.rs │ │ └── verify.rs │ ├── interactive │ │ ├── README.md │ │ └── interactive.rs │ └── src │ │ └── lib.rs ├── formats │ ├── Cargo.toml │ └── src │ │ ├── http │ │ ├── commit.rs │ │ └── mod.rs │ │ ├── json │ │ ├── commit.rs │ │ └── mod.rs │ │ └── lib.rs ├── mpc-tls │ ├── Cargo.toml │ ├── src │ │ ├── config.rs │ │ ├── decode.rs │ │ ├── error.rs │ │ ├── follower.rs │ │ ├── leader.rs │ │ ├── leader │ │ │ └── actor.rs │ │ ├── lib.rs │ │ ├── msg.rs │ │ ├── record_layer.rs │ │ ├── record_layer │ │ │ ├── aead.rs │ │ │ ├── aead │ │ │ │ ├── aes_gcm.rs │ │ │ │ ├── ghash.rs │ │ │ │ └── ghash │ │ │ │ │ ├── compute.rs │ │ │ │ │ └── verify.rs │ │ │ ├── aes_ctr.rs │ │ │ ├── decrypt.rs │ │ │ └── encrypt.rs │ │ └── utils.rs │ └── tests │ │ └── test.rs ├── notary │ ├── client │ │ ├── Cargo.toml │ │ └── src │ │ │ ├── client.rs │ │ │ ├── error.rs │ │ │ └── lib.rs │ ├── common │ │ ├── Cargo.toml │ │ └── src │ │ │ └── lib.rs │ ├── server │ │ ├── Cargo.toml │ │ ├── README.md │ │ ├── build.rs │ │ ├── notary-server.Dockerfile │ │ ├── notary-server.Dockerfile.dockerignore │ │ ├── openapi.yaml │ │ ├── src │ │ │ ├── auth.rs │ │ │ ├── cli.rs │ │ │ ├── config.rs │ │ │ ├── error.rs │ │ │ ├── lib.rs │ │ │ ├── main.rs │ │ │ ├── middleware.rs │ │ │ ├── server.rs │ │ │ ├── server_tracing.rs │ │ │ ├── service.rs │ │ │ ├── service │ │ │ │ ├── axum_websocket.rs │ │ │ │ ├── tcp.rs │ │ │ │ └── websocket.rs │ │ │ ├── signing.rs │ │ │ ├── tee.rs │ │ │ ├── types.rs │ │ │ └── util.rs │ │ └── tee │ │ │ ├── README.md │ │ │ ├── gramine-local.Dockerfile │ │ │ ├── notary-server-sgx.Dockerfile │ │ │ ├── notary-server.manifest.template │ │ │ └── run-gramine-local.sh │ └── tests-integration │ │ ├── Cargo.toml │ │ ├── fixture │ │ ├── .gitignore │ │ ├── auth │ │ │ └── whitelist.csv │ │ ├── config │ │ │ └── config.yaml │ │ ├── notary │ │ │ ├── notary.key │ │ │ └── notary.pub │ │ └── tls │ │ │ ├── README.md │ │ │ ├── notary.crt │ │ │ ├── notary.csr │ │ │ ├── notary.key │ │ │ ├── openssl.cnf │ │ │ ├── rootCA.crt │ │ │ ├── rootCA.key │ │ │ └── rootCA.srl │ │ └── tests │ │ └── notary.rs ├── prover │ ├── Cargo.toml │ └── src │ │ ├── config.rs │ │ ├── error.rs │ │ ├── future.rs │ │ ├── lib.rs │ │ └── state.rs ├── server-fixture │ ├── certs │ │ ├── Cargo.toml │ │ └── src │ │ │ ├── lib.rs │ │ │ └── tls │ │ │ ├── README.md │ │ │ ├── openssl.cnf │ │ │ ├── root_ca.crt │ │ │ ├── root_ca.key │ │ │ ├── root_ca.srl │ │ │ ├── root_ca_cert.der │ │ │ ├── test_server.crt │ │ │ ├── test_server.csr │ │ │ ├── test_server.key │ │ │ ├── test_server_cert.der │ │ │ └── test_server_private_key.der │ └── server │ │ ├── Cargo.toml │ │ ├── README.md │ │ └── src │ │ ├── data │ │ ├── .gitignore │ │ ├── 1kb.json │ │ ├── 4kb.html │ │ ├── 4kb.json │ │ ├── 8kb.json │ │ └── protected_data.json │ │ ├── lib.rs │ │ └── main.rs ├── tests-integration │ ├── Cargo.toml │ └── tests │ │ ├── defer_decryption.rs │ │ ├── notarize.rs │ │ └── verify.rs ├── tls │ ├── backend │ │ ├── Cargo.toml │ │ └── src │ │ │ ├── lib.rs │ │ │ └── notify.rs │ ├── client-async │ │ ├── Cargo.toml │ │ ├── src │ │ │ ├── conn.rs │ │ │ └── lib.rs │ │ └── tests │ │ │ └── test.rs │ ├── client │ │ ├── Cargo.toml │ │ ├── README.md │ │ ├── examples │ │ │ └── internal │ │ │ │ ├── bench.rs │ │ │ │ ├── bogo_shim.rs │ │ │ │ └── trytls_shim.rs │ │ ├── src │ │ │ ├── backend │ │ │ │ ├── mod.rs │ │ │ │ └── standard.rs │ │ │ ├── bs_debug.rs │ │ │ ├── builder.rs │ │ │ ├── check.rs │ │ │ ├── cipher.rs │ │ │ ├── client │ │ │ │ ├── builder.rs │ │ │ │ ├── client_conn.rs │ │ │ │ ├── common.rs │ │ │ │ ├── handy.rs │ │ │ │ ├── hs.rs │ │ │ │ ├── tls12.rs │ │ │ │ └── tls13.rs │ │ │ ├── conn.rs │ │ │ ├── crypto │ │ │ │ ├── mod.rs │ │ │ │ └── standard.rs │ │ │ ├── error.rs │ │ │ ├── hash_hs.rs │ │ │ ├── key_log.rs │ │ │ ├── key_log_file.rs │ │ │ ├── kx.rs │ │ │ ├── lib.rs │ │ │ ├── limited_cache.rs │ │ │ ├── manual │ │ │ │ ├── defaults.rs │ │ │ │ ├── features.rs │ │ │ │ ├── howto.rs │ │ │ │ ├── implvulns.rs │ │ │ │ ├── mod.rs │ │ │ │ └── tlsvulns.rs │ │ │ ├── msgs │ │ │ │ ├── mod.rs │ │ │ │ ├── persist.rs │ │ │ │ └── persist_test.rs │ │ │ ├── rand.rs │ │ │ ├── record_layer.rs │ │ │ ├── sign.rs │ │ │ ├── stream.rs │ │ │ ├── testdata │ │ │ │ ├── cert-arstechnica.0.der │ │ │ │ ├── cert-arstechnica.1.der │ │ │ │ ├── cert-arstechnica.2.der │ │ │ │ ├── cert-arstechnica.3.der │ │ │ │ ├── cert-duckduckgo.0.der │ │ │ │ ├── cert-duckduckgo.1.der │ │ │ │ ├── cert-github.0.der │ │ │ │ ├── cert-github.1.der │ │ │ │ ├── cert-google.0.der │ │ │ │ ├── cert-google.1.der │ │ │ │ ├── cert-google.2.der │ │ │ │ ├── cert-hn.0.der │ │ │ │ ├── cert-hn.1.der │ │ │ │ ├── cert-reddit.0.der │ │ │ │ ├── cert-reddit.1.der │ │ │ │ ├── cert-rustlang.0.der │ │ │ │ ├── cert-rustlang.1.der │ │ │ │ ├── cert-rustlang.2.der │ │ │ │ ├── cert-rustlang.3.der │ │ │ │ ├── cert-servo.0.der │ │ │ │ ├── cert-servo.1.der │ │ │ │ ├── cert-stackoverflow.0.der │ │ │ │ ├── cert-stackoverflow.1.der │ │ │ │ ├── cert-stackoverflow.2.der │ │ │ │ ├── cert-twitter.0.der │ │ │ │ ├── cert-twitter.1.der │ │ │ │ ├── cert-wapo.0.der │ │ │ │ ├── cert-wapo.1.der │ │ │ │ ├── cert-wikipedia.0.der │ │ │ │ ├── cert-wikipedia.1.der │ │ │ │ ├── deframer-empty-applicationdata.bin │ │ │ │ ├── deframer-invalid-contenttype.bin │ │ │ │ ├── deframer-invalid-empty.bin │ │ │ │ ├── deframer-invalid-length.bin │ │ │ │ ├── deframer-invalid-version.bin │ │ │ │ ├── deframer-test.1.bin │ │ │ │ ├── deframer-test.2.bin │ │ │ │ ├── eddsakey.der │ │ │ │ ├── nistp256key.der │ │ │ │ ├── nistp256key.pkcs8.der │ │ │ │ ├── nistp384key.der │ │ │ │ ├── nistp384key.pkcs8.der │ │ │ │ ├── prf-result.1.bin │ │ │ │ ├── prf-result.2.bin │ │ │ │ ├── rsa2048key.pkcs1.der │ │ │ │ └── rsa2048key.pkcs8.der │ │ │ ├── ticketer.rs │ │ │ ├── vecbuf.rs │ │ │ └── verifybench.rs │ │ ├── test-ca │ │ │ ├── build-a-pki.sh │ │ │ ├── ecdsa │ │ │ │ ├── ca.cert │ │ │ │ ├── ca.der │ │ │ │ ├── ca.key │ │ │ │ ├── client.cert │ │ │ │ ├── client.chain │ │ │ │ ├── client.fullchain │ │ │ │ ├── client.key │ │ │ │ ├── client.req │ │ │ │ ├── end.cert │ │ │ │ ├── end.chain │ │ │ │ ├── end.fullchain │ │ │ │ ├── end.key │ │ │ │ ├── end.req │ │ │ │ ├── inter.cert │ │ │ │ ├── inter.key │ │ │ │ ├── inter.req │ │ │ │ ├── nistp256.pem │ │ │ │ └── nistp384.pem │ │ │ ├── eddsa │ │ │ │ ├── ca.cert │ │ │ │ ├── ca.der │ │ │ │ ├── ca.key │ │ │ │ ├── client.cert │ │ │ │ ├── client.chain │ │ │ │ ├── client.fullchain │ │ │ │ ├── client.key │ │ │ │ ├── client.req │ │ │ │ ├── end.cert │ │ │ │ ├── end.chain │ │ │ │ ├── end.fullchain │ │ │ │ ├── end.key │ │ │ │ ├── end.req │ │ │ │ ├── inter.cert │ │ │ │ ├── inter.key │ │ │ │ └── inter.req │ │ │ ├── openssl.cnf │ │ │ └── rsa │ │ │ │ ├── ca.cert │ │ │ │ ├── ca.der │ │ │ │ ├── ca.key │ │ │ │ ├── client.cert │ │ │ │ ├── client.chain │ │ │ │ ├── client.fullchain │ │ │ │ ├── client.key │ │ │ │ ├── client.req │ │ │ │ ├── client.rsa │ │ │ │ ├── end.cert │ │ │ │ ├── end.chain │ │ │ │ ├── end.fullchain │ │ │ │ ├── end.key │ │ │ │ ├── end.req │ │ │ │ ├── end.rsa │ │ │ │ ├── inter.cert │ │ │ │ ├── inter.key │ │ │ │ └── inter.req │ │ └── tests │ │ │ ├── api.rs │ │ │ └── common │ │ │ └── mod.rs │ ├── core │ │ ├── Cargo.toml │ │ ├── README.md │ │ ├── src │ │ │ ├── anchors.rs │ │ │ ├── cert.rs │ │ │ ├── cipher.rs │ │ │ ├── dns.rs │ │ │ ├── error.rs │ │ │ ├── handshake.rs │ │ │ ├── ke.rs │ │ │ ├── key.rs │ │ │ ├── lib.rs │ │ │ ├── msgs │ │ │ │ ├── alert.rs │ │ │ │ ├── base.rs │ │ │ │ ├── ccs.rs │ │ │ │ ├── codec.rs │ │ │ │ ├── deframer.rs │ │ │ │ ├── enums.rs │ │ │ │ ├── enums_test.rs │ │ │ │ ├── fragmenter.rs │ │ │ │ ├── handshake-test.1.bin │ │ │ │ ├── handshake.rs │ │ │ │ ├── handshake_test.rs │ │ │ │ ├── hsjoiner.rs │ │ │ │ ├── macros.rs │ │ │ │ ├── message.rs │ │ │ │ ├── message_test.rs │ │ │ │ └── mod.rs │ │ │ ├── prf.rs │ │ │ ├── rand.rs │ │ │ ├── suites │ │ │ │ ├── mod.rs │ │ │ │ ├── tls12.rs │ │ │ │ └── tls13.rs │ │ │ ├── utils │ │ │ │ ├── bs_debug.rs │ │ │ │ └── mod.rs │ │ │ ├── verify.rs │ │ │ ├── versions.rs │ │ │ └── x509.rs │ │ └── testdata │ │ │ ├── cert-arstechnica.0.der │ │ │ ├── cert-arstechnica.1.der │ │ │ ├── cert-arstechnica.2.der │ │ │ ├── cert-arstechnica.3.der │ │ │ ├── cert-digicert.pem │ │ │ ├── cert-duckduckgo.0.der │ │ │ ├── cert-duckduckgo.1.der │ │ │ ├── cert-github.0.der │ │ │ ├── cert-github.1.der │ │ │ ├── cert-google.0.der │ │ │ ├── cert-google.1.der │ │ │ ├── cert-google.2.der │ │ │ ├── cert-hn.0.der │ │ │ ├── cert-hn.1.der │ │ │ ├── cert-reddit.0.der │ │ │ ├── cert-reddit.1.der │ │ │ ├── cert-rustlang.0.der │ │ │ ├── cert-rustlang.1.der │ │ │ ├── cert-rustlang.2.der │ │ │ ├── cert-rustlang.3.der │ │ │ ├── cert-servo.0.der │ │ │ ├── cert-servo.1.der │ │ │ ├── cert-stackoverflow.0.der │ │ │ ├── cert-stackoverflow.1.der │ │ │ ├── cert-stackoverflow.2.der │ │ │ ├── cert-twitter.0.der │ │ │ ├── cert-twitter.1.der │ │ │ ├── cert-wapo.0.der │ │ │ ├── cert-wapo.1.der │ │ │ ├── cert-wikipedia.0.der │ │ │ ├── cert-wikipedia.1.der │ │ │ ├── deframer-empty-applicationdata.bin │ │ │ ├── deframer-invalid-contenttype.bin │ │ │ ├── deframer-invalid-empty.bin │ │ │ ├── deframer-invalid-length.bin │ │ │ ├── deframer-invalid-version.bin │ │ │ ├── deframer-test.1.bin │ │ │ ├── deframer-test.2.bin │ │ │ ├── eddsakey.der │ │ │ ├── nistp256key.der │ │ │ ├── nistp256key.pkcs8.der │ │ │ ├── nistp384key.der │ │ │ ├── nistp384key.pkcs8.der │ │ │ ├── prf-result.1.bin │ │ │ ├── prf-result.2.bin │ │ │ ├── rsa2048key.pkcs1.der │ │ │ └── rsa2048key.pkcs8.der │ └── server-fixture │ │ ├── Cargo.toml │ │ └── src │ │ ├── README.md │ │ ├── lib.rs │ │ ├── openssl.cnf │ │ ├── root_ca.crt │ │ ├── root_ca.key │ │ ├── root_ca.srl │ │ ├── root_ca_cert.der │ │ ├── test_server.crt │ │ ├── test_server.csr │ │ ├── test_server.key │ │ ├── test_server_cert.der │ │ └── test_server_private_key.der ├── verifier │ ├── Cargo.toml │ └── src │ │ ├── config.rs │ │ ├── error.rs │ │ ├── lib.rs │ │ └── state.rs ├── wasm-test-runner │ ├── Cargo.toml │ ├── run.sh │ ├── src │ │ ├── chrome_driver.rs │ │ ├── lib.rs │ │ ├── main.rs │ │ ├── server_fixture.rs │ │ ├── tlsn_fixture.rs │ │ ├── wasm_server.rs │ │ └── ws.rs │ └── static │ │ ├── favicon.ico │ │ ├── index.html │ │ ├── index.js │ │ └── worker.js └── wasm │ ├── .cargo │ └── config.toml │ ├── Cargo.toml │ ├── README.md │ ├── build-docs.sh │ ├── build.sh │ ├── rust-toolchain │ └── src │ ├── io.rs │ ├── lib.rs │ ├── log.rs │ ├── prover │ ├── config.rs │ └── mod.rs │ ├── tests.rs │ ├── types.rs │ └── verifier │ ├── config.rs │ └── mod.rs ├── pre-commit-check.sh ├── rustfmt.toml ├── set_tlsn_version.rs └── tlsn-banner.png /.dockerignore: -------------------------------------------------------------------------------- 1 | /target 2 | /.git 3 | -------------------------------------------------------------------------------- /.github/codecov.yml: -------------------------------------------------------------------------------- 1 | github_checks: 2 | annotations: false 3 | comment: false 4 | -------------------------------------------------------------------------------- /.github/workflows/bench.yml: -------------------------------------------------------------------------------- 1 | name: Run Benchmarks (Native or Browser) 2 | on: 3 | # manual trigger 4 | workflow_dispatch: 5 | inputs: 6 | bench_type: 7 | description: "Specify the benchmark type (native or browser)" 8 | required: true 9 | default: "native" 10 | type: choice 11 | options: 12 | - native 13 | - browser 14 | 15 | jobs: 16 | run-benchmarks: 17 | runs-on: ubuntu-latest 18 | steps: 19 | - name: Checkout repository 20 | uses: actions/checkout@v4 21 | 22 | - name: Build Docker Image 23 | run: | 24 | docker build -t tlsn-bench . -f ./crates/benches/binary/benches.Dockerfile --build-arg BENCH_TYPE=${{ github.event.inputs.bench_type }} 25 | 26 | - name: Run Benchmarks 27 | run: | 28 | docker run --privileged -v ${{ github.workspace }}/crates/benches/binary:/benches tlsn-bench 29 | 30 | - name: Upload graphs 31 | uses: actions/upload-artifact@v4 32 | with: 33 | name: benchmark_graphs 34 | path: | 35 | ./crates/benches/binary/runtime_vs_latency.html 36 | ./crates/benches/binary/runtime_vs_bandwidth.html 37 | ./crates/benches/binary/download_size_vs_memory.html -------------------------------------------------------------------------------- /.github/workflows/rebase.yml: -------------------------------------------------------------------------------- 1 | name: Automatic Rebase 2 | on: 3 | issue_comment: 4 | types: [created] 5 | jobs: 6 | rebase: 7 | name: Rebase 8 | runs-on: ubuntu-latest 9 | if: >- 10 | github.event.issue.pull_request != '' && 11 | contains(github.event.comment.body, '/rebase') && 12 | github.event.comment.author_association == 'MEMBER' 13 | steps: 14 | - name: Checkout the latest code 15 | uses: actions/checkout@v4 16 | with: 17 | token: ${{ secrets.GITHUB_TOKEN }} 18 | fetch-depth: 0 # otherwise, you will fail to push refs to dest repo 19 | - name: Automatic Rebase 20 | uses: cirrus-actions/rebase@1.8 21 | with: 22 | autosquash: false 23 | env: 24 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 25 | -------------------------------------------------------------------------------- /.github/workflows/rustdoc.yml: -------------------------------------------------------------------------------- 1 | name: rustdoc 2 | 3 | on: 4 | push: 5 | branches: [dev] 6 | pull_request: 7 | 8 | env: 9 | CARGO_TERM_COLOR: always 10 | CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse 11 | 12 | jobs: 13 | rustdoc: 14 | runs-on: ubuntu-latest 15 | steps: 16 | - uses: actions/checkout@v4 17 | 18 | - name: Install Rust Toolchain (Stable) 19 | uses: dtolnay/rust-toolchain@stable 20 | with: 21 | toolchain: stable 22 | 23 | - name: "rustdoc" 24 | run: crates/wasm/build-docs.sh 25 | 26 | 27 | - name: Deploy 28 | uses: peaceiris/actions-gh-pages@v3 29 | if: ${{ github.ref == 'refs/heads/dev' }} 30 | with: 31 | github_token: ${{ secrets.GITHUB_TOKEN }} 32 | publish_dir: target/wasm32-unknown-unknown/doc/ 33 | # cname: rustdocs.tlsnotary.org 34 | -------------------------------------------------------------------------------- /.github/workflows/updatemain.yml: -------------------------------------------------------------------------------- 1 | name: Fast-forward main branch to published release tag 2 | 3 | on: 4 | release: 5 | types: [published] 6 | 7 | jobs: 8 | ff-main-to-release: 9 | runs-on: ubuntu-latest 10 | permissions: 11 | contents: write 12 | 13 | steps: 14 | - name: Checkout main 15 | uses: actions/checkout@v4 16 | with: 17 | ref: main 18 | 19 | - name: Fast-forward main to release tag 20 | run: | 21 | tag="${{ github.event.release.tag_name }}" 22 | git fetch origin "refs/tags/$tag:refs/tags/$tag" 23 | git merge --ff-only "refs/tags/$tag" 24 | git push origin main -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Generated by Cargo 2 | # will have compiled files and executables 3 | debug/ 4 | target/ 5 | 6 | # These are backup files generated by rustfmt 7 | **/*.rs.bk 8 | 9 | # MSVC Windows builds of rustc generate these, which store debugging information 10 | *.pdb 11 | 12 | # macOS puts these everywhere 13 | .DS_Store 14 | 15 | # neovim project specific settings 16 | .nvimrc 17 | 18 | # vscode project specific settings 19 | .vscode/ 20 | 21 | # transcript 22 | *.json 23 | 24 | # env var 25 | *.env 26 | 27 | # logs 28 | *.log 29 | 30 | # metrics 31 | *.csv 32 | 33 | # Cargo.lock 34 | Cargo.lock 35 | -------------------------------------------------------------------------------- /crates/benches/binary/.gitignore: -------------------------------------------------------------------------------- 1 | *.svg 2 | *.html 3 | -------------------------------------------------------------------------------- /crates/benches/binary/bench.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Check if we are running as root. 4 | if [ "$EUID" -ne 0 ]; then 5 | echo "This script must be run as root" 6 | exit 7 | fi 8 | 9 | # Run the benchmark binary. 10 | ../../../target/release/bench 11 | 12 | # Plot the results. 13 | ../../../target/release/plot metrics.csv 14 | -------------------------------------------------------------------------------- /crates/benches/binary/bench.toml: -------------------------------------------------------------------------------- 1 | [[benches]] 2 | name = "latency" 3 | upload = 250 4 | upload-delay = [10, 25, 50] 5 | download = 250 6 | download-delay = [10, 25, 50] 7 | upload-size = 1024 8 | download-size = 4096 9 | defer-decryption = true 10 | memory-profile = false 11 | 12 | [[benches]] 13 | name = "download_bandwidth" 14 | upload = 250 15 | upload-delay = 25 16 | download = [10, 25, 50, 100, 250] 17 | download-delay = 25 18 | upload-size = 1024 19 | download-size = 4096 20 | defer-decryption = true 21 | memory-profile = false 22 | 23 | [[benches]] 24 | name = "upload_bandwidth" 25 | upload = [10, 25, 50, 100, 250] 26 | upload-delay = 25 27 | download = 250 28 | download-delay = 25 29 | upload-size = 1024 30 | download-size = 4096 31 | defer-decryption = [false, true] 32 | memory-profile = false 33 | 34 | [[benches]] 35 | name = "download_volume" 36 | upload = 250 37 | upload-delay = 25 38 | download = 250 39 | download-delay = 25 40 | upload-size = 1024 41 | # It was observed that setting download-size > 30K causes browser errors that need to 42 | # be investigated. 43 | download-size = [1024, 4096, 16384] 44 | defer-decryption = true 45 | memory-profile = true 46 | -------------------------------------------------------------------------------- /crates/benches/binary/benches.Dockerfile.dockerignore: -------------------------------------------------------------------------------- 1 | # exclude any /target folders 2 | **/target* 3 | -------------------------------------------------------------------------------- /crates/benches/binary/bin/prover.rs: -------------------------------------------------------------------------------- 1 | //! A Prover without memory profiling. 2 | 3 | use tlsn_benches::prover_main::prover_main; 4 | 5 | #[tokio::main] 6 | async fn main() -> anyhow::Result<()> { 7 | prover_main(false).await 8 | } 9 | -------------------------------------------------------------------------------- /crates/benches/binary/bin/prover_memory.rs: -------------------------------------------------------------------------------- 1 | //! A Prover with memory profiling. 2 | 3 | use tlsn_benches::prover_main::prover_main; 4 | 5 | #[global_allocator] 6 | static ALLOC: dhat::Alloc = dhat::Alloc; 7 | 8 | #[tokio::main] 9 | async fn main() -> anyhow::Result<()> { 10 | if cfg!(feature = "browser-bench") { 11 | // Memory profiling is not compatible with browser benches. 12 | return Ok(()); 13 | } 14 | prover_main(true).await 15 | } 16 | -------------------------------------------------------------------------------- /crates/benches/binary/bin/verifier.rs: -------------------------------------------------------------------------------- 1 | //! A Verifier without memory profiling. 2 | 3 | use tlsn_benches::verifier_main::verifier_main; 4 | 5 | #[tokio::main] 6 | async fn main() -> anyhow::Result<()> { 7 | verifier_main(false).await 8 | } 9 | -------------------------------------------------------------------------------- /crates/benches/binary/bin/verifier_memory.rs: -------------------------------------------------------------------------------- 1 | //! A Verifier with memory profiling. 2 | 3 | use tlsn_benches::verifier_main::verifier_main; 4 | 5 | #[global_allocator] 6 | static ALLOC: dhat::Alloc = dhat::Alloc; 7 | 8 | #[tokio::main] 9 | async fn main() -> anyhow::Result<()> { 10 | if cfg!(feature = "browser-bench") { 11 | // Memory profiling is not compatible with browser benches. 12 | return Ok(()); 13 | } 14 | verifier_main(true).await 15 | } 16 | -------------------------------------------------------------------------------- /crates/benches/binary/docker.md: -------------------------------------------------------------------------------- 1 | # Run the TLSN benches with Docker 2 | 3 | In the root folder of this repository, run: 4 | ``` 5 | # Change to BENCH_TYPE=browser if you want benchmarks to run in the browser. 6 | docker build -t tlsn-bench . -f ./crates/benches/binary/benches.Dockerfile --build-arg BENCH_TYPE=native 7 | ``` 8 | 9 | Next run the benches with: 10 | ``` 11 | docker run -it --privileged -v ./crates/benches/binary:/benches tlsn-bench 12 | ``` 13 | The `--privileged` parameter is required because this test bench needs permission to create networks with certain parameters -------------------------------------------------------------------------------- /crates/benches/binary/src/metrics.rs: -------------------------------------------------------------------------------- 1 | use serde::{Deserialize, Serialize}; 2 | use tlsn_benches_library::ProverKind; 3 | 4 | #[derive(Debug, Clone, Serialize, Deserialize)] 5 | pub struct Metrics { 6 | pub name: String, 7 | /// The kind of the prover, either native or browser. 8 | pub kind: ProverKind, 9 | /// Upload bandwidth in Mbps. 10 | pub upload: usize, 11 | /// Upload latency in ms. 12 | pub upload_delay: usize, 13 | /// Download bandwidth in Mbps. 14 | pub download: usize, 15 | /// Download latency in ms. 16 | pub download_delay: usize, 17 | /// Total bytes sent to the server. 18 | pub upload_size: usize, 19 | /// Total bytes received from the server. 20 | pub download_size: usize, 21 | /// Whether deferred decryption was used. 22 | pub defer_decryption: bool, 23 | /// The total runtime of the benchmark in seconds. 24 | pub runtime: u64, 25 | /// The total amount of data uploaded to the verifier in bytes. 26 | pub uploaded: u64, 27 | /// The total amount of data downloaded from the verifier in bytes. 28 | pub downloaded: u64, 29 | /// The peak heap memory usage in bytes. 30 | pub heap_max_bytes: Option, 31 | } 32 | -------------------------------------------------------------------------------- /crates/benches/binary/src/prover.rs: -------------------------------------------------------------------------------- 1 | use std::time::Instant; 2 | 3 | use tlsn_benches_library::{run_prover, AsyncIo, ProverKind, ProverTrait}; 4 | 5 | use async_trait::async_trait; 6 | 7 | pub struct NativeProver { 8 | upload_size: usize, 9 | download_size: usize, 10 | defer_decryption: bool, 11 | io: Option>, 12 | client_conn: Option>, 13 | } 14 | 15 | #[async_trait] 16 | impl ProverTrait for NativeProver { 17 | async fn setup( 18 | upload_size: usize, 19 | download_size: usize, 20 | defer_decryption: bool, 21 | io: Box, 22 | client_conn: Box, 23 | ) -> anyhow::Result 24 | where 25 | Self: Sized, 26 | { 27 | Ok(Self { 28 | upload_size, 29 | download_size, 30 | defer_decryption, 31 | io: Some(io), 32 | client_conn: Some(client_conn), 33 | }) 34 | } 35 | 36 | async fn run(&mut self) -> anyhow::Result { 37 | let io = std::mem::take(&mut self.io).unwrap(); 38 | let client_conn = std::mem::take(&mut self.client_conn).unwrap(); 39 | 40 | let start_time = Instant::now(); 41 | 42 | run_prover( 43 | self.upload_size, 44 | self.download_size, 45 | self.defer_decryption, 46 | io, 47 | client_conn, 48 | ) 49 | .await?; 50 | 51 | Ok(Instant::now().duration_since(start_time).as_secs()) 52 | } 53 | 54 | fn kind(&self) -> ProverKind { 55 | ProverKind::Native 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /crates/benches/browser/core/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | edition = "2021" 3 | name = "tlsn-benches-browser-core" 4 | publish = false 5 | version = "0.0.0" 6 | 7 | [lints] 8 | workspace = true 9 | 10 | [dependencies] 11 | tlsn-benches-library = { workspace = true } 12 | 13 | serio = { workspace = true } 14 | 15 | serde = { workspace = true } 16 | tokio-util= { workspace = true, features = ["compat", "io-util"] } 17 | -------------------------------------------------------------------------------- /crates/benches/browser/core/src/msg.rs: -------------------------------------------------------------------------------- 1 | //! Messages exchanged by the native and the wasm components of the browser 2 | //! prover. 3 | 4 | use serde::{Deserialize, Serialize}; 5 | 6 | #[derive(Serialize, Deserialize, PartialEq)] 7 | /// The config sent to the wasm component. 8 | pub struct Config { 9 | pub upload_size: usize, 10 | pub download_size: usize, 11 | pub defer_decryption: bool, 12 | } 13 | 14 | #[derive(Serialize, Deserialize, PartialEq)] 15 | /// Sent by the wasm component when proving process is finished. Contains total 16 | /// runtime in seconds. 17 | pub struct Runtime(pub u64); 18 | -------------------------------------------------------------------------------- /crates/benches/browser/native/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | edition = "2021" 3 | name = "tlsn-benches-browser-native" 4 | publish = false 5 | version = "0.0.0" 6 | 7 | [lints] 8 | workspace = true 9 | 10 | [dependencies] 11 | tlsn-benches-browser-core = { workspace = true } 12 | tlsn-benches-library = { workspace = true } 13 | 14 | serio = { workspace = true } 15 | websocket-relay = { workspace = true } 16 | 17 | anyhow = { workspace = true } 18 | async-trait = { workspace = true } 19 | chromiumoxide = { version = "0.6.0" , features = ["tokio-runtime"] } 20 | futures = { workspace = true } 21 | rust-embed = "8.5.0" 22 | tokio = { workspace = true, features = ["rt", "io-std"] } 23 | tracing = { workspace = true } 24 | warp = "0.3.7" 25 | warp-embed = "0.5.0" 26 | -------------------------------------------------------------------------------- /crates/benches/browser/wasm/.cargo/config.toml: -------------------------------------------------------------------------------- 1 | [build] 2 | target = "wasm32-unknown-unknown" 3 | 4 | [unstable] 5 | build-std = ["panic_abort", "std"] 6 | 7 | [target.wasm32-unknown-unknown] 8 | rustflags = [ 9 | "-C", 10 | "target-feature=+atomics,+bulk-memory,+mutable-globals", 11 | "-C", 12 | # 4GB 13 | "link-arg=--max-memory=4294967296", 14 | "--cfg", 15 | 'getrandom_backend="wasm_js"', 16 | ] 17 | -------------------------------------------------------------------------------- /crates/benches/browser/wasm/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | edition = "2021" 3 | name = "tlsn-benches-browser-wasm" 4 | publish = false 5 | version = "0.0.0" 6 | 7 | [lints] 8 | workspace = true 9 | 10 | [lib] 11 | crate-type = ["cdylib", "rlib"] 12 | 13 | [dependencies] 14 | tlsn-benches-browser-core = { workspace = true } 15 | tlsn-benches-library = { workspace = true } 16 | tlsn-wasm = { path = "../../../wasm" } 17 | 18 | serio = { workspace = true } 19 | 20 | anyhow = { workspace = true } 21 | rayon = { workspace = true } 22 | tracing = { workspace = true } 23 | wasm-bindgen = { version = "0.2" } 24 | wasm-bindgen-futures = { version = "0.4" } 25 | web-spawn = { workspace = true, features = ["no-bundler"] } 26 | web-time = { workspace = true } 27 | # Use the patched ws_stream_wasm to fix the issue https://github.com/najamelan/ws_stream_wasm/issues/12#issuecomment-1711902958 28 | ws_stream_wasm = { version = "0.7.4", git = "https://github.com/tlsnotary/ws_stream_wasm", rev = "2ed12aad9f0236e5321f577672f309920b2aef51", features = [ 29 | "tokio_io", 30 | ] } 31 | 32 | [package.metadata.wasm-pack.profile.release] 33 | # Note: these wasm-pack options should match those in crates/wasm/Cargo.toml 34 | opt-level = "z" 35 | wasm-opt = true 36 | -------------------------------------------------------------------------------- /crates/benches/browser/wasm/pkg/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /crates/benches/browser/wasm/pkg/index.js: -------------------------------------------------------------------------------- 1 | import * as Comlink from "./comlink.mjs"; 2 | 3 | const benchWorker = Comlink.wrap(new Worker("worker.js", { type: "module" })); 4 | 5 | window.benchWorker = benchWorker; -------------------------------------------------------------------------------- /crates/benches/browser/wasm/pkg/worker.js: -------------------------------------------------------------------------------- 1 | import * as Comlink from "./comlink.mjs"; 2 | 3 | import init_wasm, * as wasm from './tlsn_benches_browser_wasm.js'; 4 | 5 | class BenchWorker { 6 | async init() { 7 | try { 8 | await init_wasm(); 9 | // Using Error level since excessive logging may interfere with the 10 | // benchmark results. 11 | await wasm.initialize_bench({ level: "Error" }, navigator.hardwareConcurrency); 12 | } catch (e) { 13 | console.error(e); 14 | throw e; 15 | } 16 | } 17 | 18 | async run( 19 | ws_ip, 20 | ws_port, 21 | wasm_to_server_port, 22 | wasm_to_verifier_port, 23 | wasm_to_native_port 24 | ) { 25 | try { 26 | await wasm.wasm_main( 27 | ws_ip, 28 | ws_port, 29 | wasm_to_server_port, 30 | wasm_to_verifier_port, 31 | wasm_to_native_port); 32 | } catch (e) { 33 | console.error(e); 34 | throw e; 35 | } 36 | } 37 | } 38 | 39 | const worker = new BenchWorker(); 40 | 41 | Comlink.expose(worker); -------------------------------------------------------------------------------- /crates/benches/browser/wasm/rust-toolchain.toml: -------------------------------------------------------------------------------- 1 | [toolchain] 2 | channel = "nightly" 3 | components = ["rust-src"] 4 | targets = ["wasm32-unknown-unknown"] -------------------------------------------------------------------------------- /crates/benches/library/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | edition = "2021" 3 | name = "tlsn-benches-library" 4 | publish = false 5 | version = "0.0.0" 6 | 7 | [lints] 8 | workspace = true 9 | 10 | [dependencies] 11 | tlsn-common = { workspace = true } 12 | tlsn-core = { workspace = true } 13 | tlsn-prover = { workspace = true } 14 | tlsn-server-fixture-certs = { workspace = true } 15 | tlsn-tls-core = { workspace = true } 16 | 17 | anyhow = "1.0" 18 | async-trait = "0.1.81" 19 | futures = { version = "0.3", features = ["compat"] } 20 | serde = { workspace = true } 21 | tokio = {version = "1", default-features = false, features = ["rt", "macros"]} 22 | tokio-util= {version = "0.7", features = ["compat", "io"]} 23 | -------------------------------------------------------------------------------- /crates/common/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-common" 3 | description = "Common code shared between tlsn-prover and tlsn-verifier" 4 | version = "0.1.0-alpha.11" 5 | edition = "2021" 6 | 7 | [lints] 8 | workspace = true 9 | 10 | [features] 11 | default = [] 12 | 13 | [dependencies] 14 | tlsn-core = { workspace = true } 15 | tlsn-tls-core = { workspace = true } 16 | tlsn-cipher = { workspace = true } 17 | mpz-core = { workspace = true } 18 | mpz-common = { workspace = true } 19 | mpz-memory-core = { workspace = true } 20 | mpz-hash = { workspace = true } 21 | mpz-vm-core = { workspace = true } 22 | mpz-zk = { workspace = true } 23 | 24 | async-trait = { workspace = true } 25 | derive_builder = { workspace = true } 26 | futures = { workspace = true } 27 | once_cell = { workspace = true } 28 | opaque-debug = { workspace = true } 29 | rand = { workspace = true } 30 | rangeset = { workspace = true } 31 | serio = { workspace = true, features = ["codec", "bincode"] } 32 | thiserror = { workspace = true } 33 | tracing = { workspace = true } 34 | uid-mux = { workspace = true, features = ["serio"] } 35 | serde = { workspace = true, features = ["derive"] } 36 | semver = { version = "1.0", features = ["serde"] } 37 | 38 | [target.'cfg(target_arch = "wasm32")'.dependencies] 39 | wasm-bindgen = { version = "0.2" } 40 | web-spawn = { workspace = true } 41 | 42 | [dev-dependencies] 43 | rstest = { workspace = true } 44 | -------------------------------------------------------------------------------- /crates/common/src/context.rs: -------------------------------------------------------------------------------- 1 | //! Execution context. 2 | 3 | use mpz_common::context::Multithread; 4 | 5 | use crate::mux::MuxControl; 6 | 7 | /// Maximum concurrency for multi-threaded context. 8 | pub const MAX_CONCURRENCY: usize = 8; 9 | 10 | /// Builds a multi-threaded context with the given muxer. 11 | pub fn build_mt_context(mux: MuxControl) -> Multithread { 12 | let builder = Multithread::builder().mux(mux).concurrency(MAX_CONCURRENCY); 13 | 14 | #[cfg(target_arch = "wasm32")] 15 | let builder = builder.spawn_handler(|f| { 16 | let _ = web_spawn::spawn(f); 17 | Ok(()) 18 | }); 19 | 20 | builder.build().unwrap() 21 | } 22 | -------------------------------------------------------------------------------- /crates/common/src/lib.rs: -------------------------------------------------------------------------------- 1 | //! Common code shared between `tlsn-prover` and `tlsn-verifier`. 2 | 3 | #![deny(missing_docs, unreachable_pub, unused_must_use)] 4 | #![deny(clippy::all)] 5 | #![forbid(unsafe_code)] 6 | 7 | pub mod commit; 8 | pub mod config; 9 | pub mod context; 10 | pub mod encoding; 11 | pub mod msg; 12 | pub mod mux; 13 | pub mod transcript; 14 | pub mod zk_aes; 15 | 16 | /// The party's role in the TLSN protocol. 17 | /// 18 | /// A Notary is classified as a Verifier. 19 | #[derive(Debug, Clone, Copy, PartialEq, Eq)] 20 | pub enum Role { 21 | /// The prover. 22 | Prover, 23 | /// The verifier. 24 | Verifier, 25 | } 26 | -------------------------------------------------------------------------------- /crates/common/src/msg.rs: -------------------------------------------------------------------------------- 1 | //! Message types. 2 | 3 | use serde::{Deserialize, Serialize}; 4 | 5 | use tlsn_core::connection::{ServerCertData, ServerName}; 6 | 7 | /// Message sent from Prover to Verifier to prove the server identity. 8 | #[derive(Debug, Serialize, Deserialize)] 9 | pub struct ServerIdentityProof { 10 | /// Server name. 11 | pub name: ServerName, 12 | /// Server identity data. 13 | pub data: ServerCertData, 14 | } 15 | -------------------------------------------------------------------------------- /crates/components/cipher/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-cipher" 3 | authors = ["TLSNotary Team"] 4 | description = "This crate provides implementations of ciphers for two parties" 5 | keywords = ["tls", "mpc", "2pc", "aes"] 6 | categories = ["cryptography"] 7 | license = "MIT OR Apache-2.0" 8 | version = "0.1.0-alpha.11" 9 | edition = "2021" 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [lib] 15 | name = "cipher" 16 | 17 | [dependencies] 18 | mpz-circuits = { workspace = true } 19 | mpz-vm-core = { workspace = true } 20 | mpz-memory-core = { workspace = true } 21 | 22 | async-trait = { workspace = true } 23 | thiserror = { workspace = true } 24 | aes = { workspace = true } 25 | 26 | [dev-dependencies] 27 | mpz-garble = { workspace = true } 28 | mpz-common = { workspace = true } 29 | mpz-ot = { workspace = true } 30 | 31 | tokio = { version = "1", features = ["macros", "rt", "rt-multi-thread"] } 32 | rand = { workspace = true } 33 | ctr = { workspace = true } 34 | cipher = { workspace = true } 35 | -------------------------------------------------------------------------------- /crates/components/cipher/src/aes/error.rs: -------------------------------------------------------------------------------- 1 | use std::fmt::Display; 2 | 3 | /// AES error. 4 | #[derive(Debug, thiserror::Error)] 5 | pub struct AesError { 6 | kind: ErrorKind, 7 | #[source] 8 | source: Option>, 9 | } 10 | 11 | impl AesError { 12 | pub(crate) fn new(kind: ErrorKind, source: E) -> Self 13 | where 14 | E: Into>, 15 | { 16 | Self { 17 | kind, 18 | source: Some(source.into()), 19 | } 20 | } 21 | } 22 | 23 | #[derive(Debug, Clone, Copy, PartialEq)] 24 | pub(crate) enum ErrorKind { 25 | Vm, 26 | Key, 27 | Iv, 28 | } 29 | 30 | impl Display for AesError { 31 | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { 32 | match self.kind { 33 | ErrorKind::Vm => write!(f, "vm error")?, 34 | ErrorKind::Key => write!(f, "key error")?, 35 | ErrorKind::Iv => write!(f, "iv error")?, 36 | } 37 | 38 | if let Some(source) = &self.source { 39 | write!(f, " caused by: {}", source)?; 40 | } 41 | 42 | Ok(()) 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /crates/components/deap/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-deap" 3 | version = "0.1.0-alpha.11" 4 | edition = "2021" 5 | 6 | [lints] 7 | workspace = true 8 | 9 | [dependencies] 10 | mpz-core = { workspace = true } 11 | mpz-common = { workspace = true } 12 | mpz-vm-core = { workspace = true } 13 | rangeset = { workspace = true } 14 | thiserror = { workspace = true } 15 | serde = { workspace = true, features = ["derive"] } 16 | serio = { workspace = true } 17 | async-trait = { workspace = true } 18 | futures = { workspace = true } 19 | tokio = { workspace = true, features = ["sync"] } 20 | 21 | [dev-dependencies] 22 | mpz-circuits = { workspace = true } 23 | mpz-garble = { workspace = true } 24 | mpz-ot = { workspace = true } 25 | mpz-zk = { workspace = true } 26 | 27 | tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread"] } 28 | rand = { workspace = true } 29 | rand06-compat = { workspace = true } 30 | -------------------------------------------------------------------------------- /crates/components/hmac-sha256/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-hmac-sha256" 3 | authors = ["TLSNotary Team"] 4 | description = "A 2PC implementation of TLS HMAC-SHA256 PRF" 5 | keywords = ["tls", "mpc", "2pc", "hmac", "sha256"] 6 | categories = ["cryptography"] 7 | license = "MIT OR Apache-2.0" 8 | version = "0.1.0-alpha.11" 9 | edition = "2021" 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [lib] 15 | name = "hmac_sha256" 16 | 17 | [dependencies] 18 | mpz-vm-core = { workspace = true } 19 | mpz-core = { workspace = true } 20 | mpz-circuits = { workspace = true } 21 | mpz-hash = { workspace = true } 22 | 23 | thiserror = { workspace = true } 24 | tracing = { workspace = true } 25 | sha2 = { workspace = true } 26 | 27 | [dev-dependencies] 28 | mpz-ot = { workspace = true, features = ["ideal"] } 29 | mpz-garble = { workspace = true } 30 | mpz-common = { workspace = true, features = ["test-utils"] } 31 | 32 | criterion = { workspace = true, features = ["async_tokio"] } 33 | tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread"] } 34 | rand = { workspace = true } 35 | hex = { workspace = true } 36 | ring = { workspace = true } 37 | 38 | [[bench]] 39 | name = "prf" 40 | harness = false 41 | -------------------------------------------------------------------------------- /crates/components/hmac-sha256/src/config.rs: -------------------------------------------------------------------------------- 1 | //! PRF modes. 2 | 3 | /// Modes for the PRF. 4 | #[derive(Debug, Clone, Copy)] 5 | pub enum Mode { 6 | /// Computes some hashes locally. 7 | Reduced, 8 | /// Computes the whole PRF in MPC. 9 | Normal, 10 | } 11 | -------------------------------------------------------------------------------- /crates/components/hmac-sha256/src/error.rs: -------------------------------------------------------------------------------- 1 | use core::fmt; 2 | use std::error::Error; 3 | 4 | use mpz_hash::sha256::Sha256Error; 5 | 6 | /// A PRF error. 7 | #[derive(Debug, thiserror::Error)] 8 | pub struct PrfError { 9 | kind: ErrorKind, 10 | #[source] 11 | source: Option>, 12 | } 13 | 14 | impl PrfError { 15 | pub(crate) fn new(kind: ErrorKind, source: E) -> Self 16 | where 17 | E: Into>, 18 | { 19 | Self { 20 | kind, 21 | source: Some(source.into()), 22 | } 23 | } 24 | 25 | pub(crate) fn vm>>(err: E) -> Self { 26 | Self::new(ErrorKind::Vm, err) 27 | } 28 | 29 | pub(crate) fn state(msg: impl Into) -> Self { 30 | Self { 31 | kind: ErrorKind::State, 32 | source: Some(msg.into().into()), 33 | } 34 | } 35 | } 36 | 37 | impl From for PrfError { 38 | fn from(value: Sha256Error) -> Self { 39 | Self::new(ErrorKind::Hash, value) 40 | } 41 | } 42 | 43 | #[derive(Debug)] 44 | pub(crate) enum ErrorKind { 45 | Vm, 46 | State, 47 | Hash, 48 | } 49 | 50 | impl fmt::Display for PrfError { 51 | fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 52 | match self.kind { 53 | ErrorKind::Vm => write!(f, "vm error")?, 54 | ErrorKind::State => write!(f, "state error")?, 55 | ErrorKind::Hash => write!(f, "hash error")?, 56 | } 57 | 58 | if let Some(ref source) = self.source { 59 | write!(f, " caused by: {}", source)?; 60 | } 61 | 62 | Ok(()) 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /crates/components/key-exchange/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-key-exchange" 3 | authors = ["TLSNotary Team"] 4 | description = "Implementation of the 3-party key-exchange protocol" 5 | keywords = ["tls", "mpc", "2pc", "pms", "key-exchange"] 6 | categories = ["cryptography"] 7 | license = "MIT OR Apache-2.0" 8 | version = "0.1.0-alpha.11" 9 | edition = "2021" 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [lib] 15 | name = "key_exchange" 16 | 17 | [features] 18 | default = ["mock"] 19 | mock = ["mpz-share-conversion/test-utils", "mpz-common/ideal"] 20 | 21 | [dependencies] 22 | mpz-vm-core = { workspace = true } 23 | mpz-memory-core = { workspace = true } 24 | mpz-common = { workspace = true } 25 | mpz-fields = { workspace = true } 26 | mpz-share-conversion = { workspace = true } 27 | mpz-circuits = { workspace = true } 28 | mpz-core = { workspace = true } 29 | 30 | p256 = { workspace = true, features = ["ecdh", "serde"] } 31 | async-trait = { workspace = true } 32 | thiserror = { workspace = true } 33 | serio = { workspace = true } 34 | derive_builder = { workspace = true } 35 | tracing = { workspace = true } 36 | rand = { workspace = true } 37 | rand06-compat = { workspace = true } 38 | tokio = { workspace = true, features = ["sync"] } 39 | 40 | [dev-dependencies] 41 | mpz-ot = { workspace = true, features = ["ideal"] } 42 | mpz-garble = { workspace = true } 43 | 44 | rand_core = { workspace = true } 45 | tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread"] } 46 | rstest = { workspace = true } 47 | -------------------------------------------------------------------------------- /crates/core/src/attestation/extension.rs: -------------------------------------------------------------------------------- 1 | use std::error::Error; 2 | 3 | use serde::{Deserialize, Serialize}; 4 | 5 | use crate::hash::impl_domain_separator; 6 | 7 | /// An attestation extension. 8 | #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] 9 | pub struct Extension { 10 | /// Extension identifier. 11 | pub id: Vec, 12 | /// Extension data. 13 | pub value: Vec, 14 | } 15 | 16 | impl_domain_separator!(Extension); 17 | 18 | /// Invalid extension error. 19 | #[derive(Debug, thiserror::Error)] 20 | #[error("invalid extension: {reason}")] 21 | pub struct InvalidExtension { 22 | reason: Box, 23 | } 24 | 25 | impl InvalidExtension { 26 | /// Creates a new invalid extension error. 27 | pub fn new(reason: E) -> Self 28 | where 29 | E: Into>, 30 | { 31 | Self { 32 | reason: reason.into(), 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /crates/core/src/connection/commit.rs: -------------------------------------------------------------------------------- 1 | //! Types for committing details of a connection. 2 | 3 | use serde::{Deserialize, Serialize}; 4 | 5 | use crate::{ 6 | connection::ServerCertData, 7 | hash::{impl_domain_separator, Blinded, HashAlgorithm, HashAlgorithmExt, TypedHash}, 8 | }; 9 | 10 | /// Opens a [`ServerCertCommitment`]. 11 | #[derive(Clone, Serialize, Deserialize)] 12 | pub struct ServerCertOpening(Blinded); 13 | 14 | impl_domain_separator!(ServerCertOpening); 15 | 16 | opaque_debug::implement!(ServerCertOpening); 17 | 18 | impl ServerCertOpening { 19 | pub(crate) fn new(data: ServerCertData) -> Self { 20 | Self(Blinded::new(data)) 21 | } 22 | 23 | pub(crate) fn commit(&self, hasher: &dyn HashAlgorithm) -> ServerCertCommitment { 24 | ServerCertCommitment(TypedHash { 25 | alg: hasher.id(), 26 | value: hasher.hash_separated(self), 27 | }) 28 | } 29 | 30 | /// Returns the server identity data. 31 | pub fn data(&self) -> &ServerCertData { 32 | self.0.data() 33 | } 34 | } 35 | 36 | /// Commitment to a server certificate. 37 | #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] 38 | pub struct ServerCertCommitment(pub(crate) TypedHash); 39 | 40 | impl_domain_separator!(ServerCertCommitment); 41 | -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/README.md: -------------------------------------------------------------------------------- 1 | # This folder contains data to test certificate chain validation and verification of the key exchange parameters. 2 | 3 | # The certificates are: 4 | # ee.der - end-entity certificate 5 | # inter.der - intermediate certificate 6 | # ca.der - CA certificate 7 | 8 | # The key exchange paramaters and their signature were extracted from a live session as follows: 9 | 10 | # while running tcpdump in one console 11 | tcpdump 'tcp port 443' -w out.pcap 12 | # in another console connect to tlsnotary.org 13 | openssl s_client -tls1_2 -curves prime256v1 -sigalgs "RSA+SHA256" -connect tlsnotary.org:443 14 | # also connect to appliedzkp.org 15 | openssl s_client -tls1_2 -curves prime256v1 -sigalgs "ECDSA+SHA256" -connect appliedzkp.org:443 16 | # stop tcpdump and parse out the data 17 | # get tcp stream id 18 | NAME=tlsnotary.org # or appliedzkp.org 19 | STREAM_ID=$(tshark -r out.pcap -Y "tls.handshake.extensions_server_name contains $NAME" -T fields -e tcp.stream) 20 | 21 | # client_random 22 | tshark -r out.pcap -Y "tcp.stream==$STREAM_ID and tcp.dstport == 443" -T fields -e tls.handshake.random 23 | # server_random 24 | tshark -r out.pcap -Y "tcp.stream==$STREAM_ID and tcp.srcport == 443" -T fields -e tls.handshake.random 25 | # pubkey (ephemeral public key) 26 | tshark -r out.pcap -Y "tcp.stream==$STREAM_ID" -T fields -e tls.handshake.server_point 27 | # signature (over the key exchange parameters) 28 | tshark -r out.pcap -Y "tcp.stream==$STREAM_ID" -T fields -e tls.handshake.sig -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/appliedzkp.org/ca.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/core/src/fixtures/data/appliedzkp.org/ca.der -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/appliedzkp.org/client_random: -------------------------------------------------------------------------------- 1 | 21fa2efc7db6e45372d3baf14d664a638135aa5c7f21778e31f62162db11c43b -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/appliedzkp.org/ee.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/core/src/fixtures/data/appliedzkp.org/ee.der -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/appliedzkp.org/inter.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/core/src/fixtures/data/appliedzkp.org/inter.der -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/appliedzkp.org/pubkey: -------------------------------------------------------------------------------- 1 | 04d7e1f59c6f0cfba3b79f0b32a00f16cb9a8485ae286d9c97d53f9debf0e796cf3495c368155fd933fbbe82f1eedd2a9cc5b0a240c9659e2f655d7b2876a2f0a5 -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/appliedzkp.org/server_random: -------------------------------------------------------------------------------- 1 | 644246f620390fbb65ae48e86e218e408d76c4d0e306ea3c444f574e47524401 -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/appliedzkp.org/signature: -------------------------------------------------------------------------------- 1 | 3046022100968484cd1582cb1f9cd74b5adf7d23531e5647cd504dd4b6f2e5ca2bf0d36ed90221009e1c1b6127cc1e671a8351c4a3a80d3d8e34651fa0fcbf638b4d21ba6723579a -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/tlsnotary.org/ca.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/core/src/fixtures/data/tlsnotary.org/ca.der -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/tlsnotary.org/client_random: -------------------------------------------------------------------------------- 1 | a495bc634f6b11df7ff04502a2ef61235b30ce44fd3bd5496cfa70d8263f1071 -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/tlsnotary.org/ee.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/core/src/fixtures/data/tlsnotary.org/ee.der -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/tlsnotary.org/inter.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/core/src/fixtures/data/tlsnotary.org/inter.der -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/tlsnotary.org/pubkey: -------------------------------------------------------------------------------- 1 | 04e1f614ecfee5bd4f987f8c571146cb2acb432e400b2fabcbd8ec77f6ef08bd5496cd51d449ce111efd74a24d07b01c38ec794d22d3d43b2b05d907e72797534f -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/tlsnotary.org/server_random: -------------------------------------------------------------------------------- 1 | cefbe1060581a1ea0ac6483c7dcb2788e2482f06cca1741f444f574e47524401 -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/tlsnotary.org/signature: -------------------------------------------------------------------------------- 1 | 685b0c65815b1656e54513fafc93dbaed21bd9bc1d05b0425b54d1d025941d725a1294c1a869a843ca0a6b298fcde95eec07b4cabd52655240ad3203546c84b3630881efc2d8b69b6455715d8882ef7494ffb62cf6903ba32617bbf958845491f61cb304ce7cd088773b3ffb352f434bc464f7803742f50c1c26f6312f5748566b0e369e4ece7857c2005af88f652213fc2638507b580351db0295a92107946d82ed43ae8ab0a84a79a019d773c2eefb72e647f942f1ff1a48c50433330bcf0c1b359131ebb52e8f4f2eb3da41ad1d6760d595b7cc0cd392aac1037fa9afb3d5ee5ddbe65c0371a983fd6c2852f75d6ef15ea53394eb74c6b50cedb40632b7ad -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/unknown/ca.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/core/src/fixtures/data/unknown/ca.der -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/unknown/ee.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/core/src/fixtures/data/unknown/ee.der -------------------------------------------------------------------------------- /crates/core/src/fixtures/data/unknown/pubkey: -------------------------------------------------------------------------------- 1 | 14e1f634ecfee5bd4f987f8c571146cb2acb432e400b2fabcbd8ed77f6ef08bd5496cd51d449ce131efd74a24d07b01c38ec794d22d3d43b2b05b907e72797534e -------------------------------------------------------------------------------- /crates/core/src/fixtures/provider.rs: -------------------------------------------------------------------------------- 1 | use std::ops::Range; 2 | 3 | use crate::transcript::{ 4 | encoding::{new_encoder, Encoder, EncoderSecret, EncodingProvider, EncodingProviderError}, 5 | Direction, Transcript, 6 | }; 7 | 8 | /// A encoding provider fixture. 9 | pub struct FixtureEncodingProvider { 10 | encoder: Box, 11 | transcript: Transcript, 12 | } 13 | 14 | impl FixtureEncodingProvider { 15 | /// Creates a new encoding provider fixture. 16 | pub(crate) fn new(secret: &EncoderSecret, transcript: Transcript) -> Self { 17 | Self { 18 | encoder: Box::new(new_encoder(secret)), 19 | transcript, 20 | } 21 | } 22 | } 23 | 24 | impl EncodingProvider for FixtureEncodingProvider { 25 | fn provide_encoding( 26 | &self, 27 | direction: Direction, 28 | range: Range, 29 | dest: &mut Vec, 30 | ) -> Result<(), EncodingProviderError> { 31 | let transcript = match direction { 32 | Direction::Sent => &self.transcript.sent(), 33 | Direction::Received => &self.transcript.received(), 34 | }; 35 | 36 | let data = transcript.get(range.clone()).ok_or(EncodingProviderError)?; 37 | self.encoder.encode_data(direction, range, data, dest); 38 | 39 | Ok(()) 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /crates/core/src/secrets.rs: -------------------------------------------------------------------------------- 1 | use serde::{Deserialize, Serialize}; 2 | 3 | use crate::{ 4 | connection::{ServerCertOpening, ServerIdentityProof, ServerName}, 5 | transcript::{Transcript, TranscriptCommitment, TranscriptProofBuilder, TranscriptSecret}, 6 | }; 7 | 8 | /// Secret data of an [`Attestation`](crate::attestation::Attestation). 9 | #[derive(Clone, Serialize, Deserialize)] 10 | pub struct Secrets { 11 | pub(crate) server_name: ServerName, 12 | pub(crate) server_cert_opening: ServerCertOpening, 13 | pub(crate) transcript: Transcript, 14 | pub(crate) transcript_commitments: Vec, 15 | pub(crate) transcript_commitment_secrets: Vec, 16 | } 17 | 18 | opaque_debug::implement!(Secrets); 19 | 20 | impl Secrets { 21 | /// Returns the server name. 22 | pub fn server_name(&self) -> &ServerName { 23 | &self.server_name 24 | } 25 | 26 | /// Returns the transcript. 27 | pub fn transcript(&self) -> &Transcript { 28 | &self.transcript 29 | } 30 | 31 | /// Returns a server identity proof. 32 | pub fn identity_proof(&self) -> ServerIdentityProof { 33 | ServerIdentityProof::new(self.server_name.clone(), self.server_cert_opening.clone()) 34 | } 35 | 36 | /// Returns a transcript proof builder. 37 | pub fn transcript_proof_builder(&self) -> TranscriptProofBuilder<'_> { 38 | TranscriptProofBuilder::new(&self.transcript, &self.transcript_commitment_secrets) 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /crates/core/src/serialize.rs: -------------------------------------------------------------------------------- 1 | /// Canonical serialization of TLSNotary types. 2 | /// 3 | /// This trait is used to serialize types into a canonical byte representation. 4 | pub(crate) trait CanonicalSerialize { 5 | /// Serializes the type. 6 | fn serialize(&self) -> Vec; 7 | } 8 | 9 | impl CanonicalSerialize for T 10 | where 11 | T: serde::Serialize, 12 | { 13 | fn serialize(&self) -> Vec { 14 | // For now we use BCS for serialization. In future releases we will want to 15 | // consider this further, particularly with respect to EVM compatibility. 16 | bcs::to_bytes(self).unwrap() 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /crates/core/src/transcript/encoding.rs: -------------------------------------------------------------------------------- 1 | //! Transcript encoding commitments and proofs. 2 | //! 3 | //! This is an internal module that is not intended to be used directly by 4 | //! users. 5 | 6 | mod encoder; 7 | mod proof; 8 | mod provider; 9 | mod tree; 10 | 11 | pub use encoder::{new_encoder, Encoder, EncoderSecret}; 12 | pub use proof::{EncodingProof, EncodingProofError}; 13 | pub use provider::{EncodingProvider, EncodingProviderError}; 14 | pub use tree::{EncodingTree, EncodingTreeError}; 15 | 16 | use serde::{Deserialize, Serialize}; 17 | 18 | use crate::hash::{impl_domain_separator, TypedHash}; 19 | 20 | /// Transcript encoding commitment. 21 | #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)] 22 | pub struct EncodingCommitment { 23 | /// Merkle root of the encoding commitments. 24 | pub root: TypedHash, 25 | /// Seed used to generate the encodings. 26 | pub secret: EncoderSecret, 27 | } 28 | 29 | impl_domain_separator!(EncodingCommitment); 30 | -------------------------------------------------------------------------------- /crates/core/src/transcript/encoding/provider.rs: -------------------------------------------------------------------------------- 1 | use std::ops::Range; 2 | 3 | use crate::transcript::Direction; 4 | 5 | /// A provider of plaintext encodings. 6 | pub trait EncodingProvider { 7 | /// Writes the encoding of the given range into the destination buffer. 8 | fn provide_encoding( 9 | &self, 10 | direction: Direction, 11 | range: Range, 12 | dest: &mut Vec, 13 | ) -> Result<(), EncodingProviderError>; 14 | } 15 | 16 | #[derive(Debug, thiserror::Error)] 17 | #[error("failed to provide encoding")] 18 | pub struct EncodingProviderError; 19 | -------------------------------------------------------------------------------- /crates/core/src/transcript/hash.rs: -------------------------------------------------------------------------------- 1 | //! Plaintext hash commitments. 2 | 3 | use serde::{Deserialize, Serialize}; 4 | 5 | use crate::{ 6 | hash::{impl_domain_separator, Blinder, HashAlgId, HashAlgorithm, TypedHash}, 7 | transcript::{Direction, Idx}, 8 | }; 9 | 10 | /// Hashes plaintext with a blinder. 11 | /// 12 | /// By convention, plaintext is hashed as `H(msg | blinder)`. 13 | pub fn hash_plaintext(hasher: &dyn HashAlgorithm, msg: &[u8], blinder: &Blinder) -> TypedHash { 14 | TypedHash { 15 | alg: hasher.id(), 16 | value: hasher.hash_prefixed(msg, blinder.as_bytes()), 17 | } 18 | } 19 | 20 | /// Hash of plaintext in the transcript. 21 | #[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)] 22 | pub struct PlaintextHash { 23 | /// Direction of the plaintext. 24 | pub direction: Direction, 25 | /// Index of plaintext. 26 | pub idx: Idx, 27 | /// The hash of the data. 28 | pub hash: TypedHash, 29 | } 30 | 31 | impl_domain_separator!(PlaintextHash); 32 | 33 | /// Secret component of [`PlaintextHash`]. 34 | #[derive(Clone, Serialize, Deserialize)] 35 | pub struct PlaintextHashSecret { 36 | /// Direction of the plaintext. 37 | pub direction: Direction, 38 | /// Index of plaintext. 39 | pub idx: Idx, 40 | /// The algorithm of the hash. 41 | pub alg: HashAlgId, 42 | /// Blinder for the hash. 43 | pub blinder: Blinder, 44 | } 45 | 46 | opaque_debug::implement!(PlaintextHashSecret); 47 | -------------------------------------------------------------------------------- /crates/data-fixtures/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-data-fixtures" 3 | version = "0.0.0" 4 | edition = "2021" 5 | publish = false 6 | 7 | [lints] 8 | workspace = true 9 | -------------------------------------------------------------------------------- /crates/data-fixtures/data/http/request_get_empty: -------------------------------------------------------------------------------- 1 | GET / HTTP/1.1 2 | 3 | -------------------------------------------------------------------------------- /crates/data-fixtures/data/http/request_get_empty_header: -------------------------------------------------------------------------------- 1 | GET / HTTP/1.1 2 | Host: localhost 3 | Empty-Header: 4 | 5 | -------------------------------------------------------------------------------- /crates/data-fixtures/data/http/request_get_with_header: -------------------------------------------------------------------------------- 1 | GET / HTTP/1.1 2 | Host: localhost 3 | 4 | -------------------------------------------------------------------------------- /crates/data-fixtures/data/http/request_post_json: -------------------------------------------------------------------------------- 1 | POST /hello HTTP/1.1 2 | Host: localhost 3 | Content-Length: 44 4 | Content-Type: application/json 5 | 6 | {"foo": "bar", "bazz": 123, "buzz": [1,"5"]} -------------------------------------------------------------------------------- /crates/data-fixtures/data/http/response_empty: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Content-Length: 0 3 | 4 | -------------------------------------------------------------------------------- /crates/data-fixtures/data/http/response_empty_header: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Cookie: very-secret-cookie 3 | Content-Length: 0 4 | Empty-Header: 5 | 6 | -------------------------------------------------------------------------------- /crates/data-fixtures/data/http/response_json: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Cookie: very-secret-cookie 3 | Content-Length: 44 4 | Content-Type: application/json 5 | 6 | {"foo": "bar", "bazz": 123, "buzz": [1,"5"]} 7 | -------------------------------------------------------------------------------- /crates/data-fixtures/data/http/response_text: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Cookie: very-secret-cookie 3 | Content-Length: 14 4 | Content-Type: text/plain 5 | 6 | Hello World!!! -------------------------------------------------------------------------------- /crates/data-fixtures/src/http.rs: -------------------------------------------------------------------------------- 1 | //! HTTP data fixtures 2 | 3 | /// HTTP requests 4 | pub mod request { 5 | use crate::define_fixture; 6 | 7 | define_fixture!( 8 | GET_EMPTY, 9 | "A GET request without a body or headers.", 10 | "../data/http/request_get_empty" 11 | ); 12 | define_fixture!( 13 | GET_EMPTY_HEADER, 14 | "A GET request with an empty header.", 15 | "../data/http/request_get_empty_header" 16 | ); 17 | define_fixture!( 18 | GET_WITH_HEADER, 19 | "A GET request with a header.", 20 | "../data/http/request_get_with_header" 21 | ); 22 | define_fixture!( 23 | POST_JSON, 24 | "A POST request with a JSON body.", 25 | "../data/http/request_post_json" 26 | ); 27 | } 28 | 29 | /// HTTP responses 30 | pub mod response { 31 | use crate::define_fixture; 32 | 33 | define_fixture!( 34 | OK_EMPTY, 35 | "An OK response without a body.", 36 | "../data/http/response_empty" 37 | ); 38 | define_fixture!( 39 | OK_EMPTY_HEADER, 40 | "An OK response with an empty header.", 41 | "../data/http/response_empty" 42 | ); 43 | define_fixture!( 44 | OK_TEXT, 45 | "An OK response with a text body.", 46 | "../data/http/response_text" 47 | ); 48 | define_fixture!( 49 | OK_JSON, 50 | "An OK response with a JSON body.", 51 | "../data/http/response_json" 52 | ); 53 | } 54 | -------------------------------------------------------------------------------- /crates/data-fixtures/src/lib.rs: -------------------------------------------------------------------------------- 1 | pub mod http; 2 | 3 | macro_rules! define_fixture { 4 | ($name:ident, $doc:tt, $path:tt) => { 5 | #[doc = $doc] 6 | /// 7 | /// ```text 8 | #[doc = include_str!($path)] 9 | /// ``` 10 | pub const $name: &[u8] = include_bytes!($path); 11 | }; 12 | } 13 | 14 | pub(crate) use define_fixture; 15 | -------------------------------------------------------------------------------- /crates/examples/.gitignore: -------------------------------------------------------------------------------- 1 | // Ignore files from examples. 2 | *.tlsn -------------------------------------------------------------------------------- /crates/examples/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | edition = "2021" 3 | name = "tlsn-examples" 4 | publish = false 5 | version = "0.0.0" 6 | 7 | [lints] 8 | workspace = true 9 | 10 | [dependencies] 11 | notary-client = { workspace = true } 12 | tlsn-common = { workspace = true } 13 | tlsn-core = { workspace = true } 14 | tlsn-prover = { workspace = true } 15 | tlsn-verifier = { workspace = true } 16 | tlsn-formats = { workspace = true } 17 | tlsn-tls-core = { workspace = true } 18 | tls-server-fixture = { workspace = true } 19 | tlsn-server-fixture = { workspace = true } 20 | tlsn-server-fixture-certs = { workspace = true } 21 | spansy = { workspace = true } 22 | 23 | bincode = { workspace = true } 24 | chrono = { workspace = true } 25 | clap = { version = "4.5", features = ["derive"] } 26 | dotenv = { version = "0.15.0" } 27 | futures = { workspace = true } 28 | http-body-util = { workspace = true } 29 | hex = { workspace = true } 30 | hyper = { workspace = true, features = ["client", "http1"] } 31 | hyper-util = { workspace = true, features = ["full"] } 32 | k256 = { workspace = true, features = ["ecdsa"] } 33 | serde_json = { workspace = true } 34 | tokio = { workspace = true, features = [ 35 | "rt", 36 | "rt-multi-thread", 37 | "macros", 38 | "net", 39 | "io-std", 40 | "fs", 41 | ] } 42 | tokio-util = { workspace = true } 43 | tracing = { workspace = true } 44 | tracing-subscriber = { workspace = true } 45 | 46 | [[example]] 47 | name = "attestation_prove" 48 | path = "attestation/prove.rs" 49 | 50 | [[example]] 51 | name = "attestation_present" 52 | path = "attestation/present.rs" 53 | 54 | [[example]] 55 | name = "attestation_verify" 56 | path = "attestation/verify.rs" 57 | 58 | [[example]] 59 | name = "interactive" 60 | path = "interactive/interactive.rs" 61 | -------------------------------------------------------------------------------- /crates/examples/README.md: -------------------------------------------------------------------------------- 1 | # Examples 2 | 3 | This folder contains examples demonstrating how to use the TLSNotary protocol. 4 | 5 | * [Interactive](./interactive/README.md): Interactive Prover and Verifier session without a trusted notary. 6 | * [Attestation](./attestation/README.md): Performing a simple notarization with a trusted notary. 7 | 8 | Refer to for a quick start guide to using TLSNotary with these examples. -------------------------------------------------------------------------------- /crates/examples/interactive/README.md: -------------------------------------------------------------------------------- 1 | ## Simple Interactive Verifier: Verifying Data from an API in Rust 2 | 3 | This example demonstrates how to use TLSNotary in a simple interactive session between a Prover and a Verifier. It involves the Verifier first verifying the MPC-TLS session and then confirming the correctness of the data. 4 | 5 | This example fetches data from a local test server. To start this server, run: 6 | ```shell 7 | PORT=4000 cargo run --bin tlsn-server-fixture 8 | ``` 9 | Next, run the interactive example with: 10 | ```shell 11 | SERVER_PORT=4000 cargo run --release --example interactive 12 | ``` 13 | To view more detailed debug information, use the following command: 14 | ``` 15 | RUST_LOG=debug,yamux=info,uid_mux=info SERVER_PORT=4000 cargo run --release --example interactive 16 | ``` 17 | 18 | > ℹ️ Note: In this example, the Prover and Verifier run on the same machine. In real-world scenarios, the Prover and Verifier would typically operate on separate machines. -------------------------------------------------------------------------------- /crates/examples/src/lib.rs: -------------------------------------------------------------------------------- 1 | use std::fmt; 2 | 3 | // Maximum number of bytes that can be sent from prover to server. 4 | pub const MAX_SENT_DATA: usize = 1 << 12; 5 | // Maximum number of bytes that can be received by prover from server. 6 | pub const MAX_RECV_DATA: usize = 1 << 14; 7 | 8 | #[derive(clap::ValueEnum, Clone, Default, Debug)] 9 | pub enum ExampleType { 10 | #[default] 11 | Json, 12 | Html, 13 | Authenticated, 14 | } 15 | 16 | impl fmt::Display for ExampleType { 17 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 18 | write!(f, "{:?}", self) 19 | } 20 | } 21 | 22 | pub fn get_file_path(example_type: &ExampleType, content_type: &str) -> String { 23 | let example_type = example_type.to_string().to_ascii_lowercase(); 24 | format!("example-{}.{}.tlsn", example_type, content_type) 25 | } 26 | -------------------------------------------------------------------------------- /crates/formats/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-formats" 3 | version = "0.1.0-alpha.11" 4 | edition = "2021" 5 | 6 | [lints] 7 | workspace = true 8 | 9 | [dependencies] 10 | tlsn-core = { workspace = true } 11 | 12 | bytes = { workspace = true } 13 | spansy = { workspace = true, features = ["serde"] } 14 | thiserror = { workspace = true } 15 | 16 | [dev-dependencies] 17 | tlsn-core = { workspace = true, features = ["fixtures"] } 18 | tlsn-data-fixtures = { workspace = true } 19 | rstest = { workspace = true } 20 | -------------------------------------------------------------------------------- /crates/formats/src/http/mod.rs: -------------------------------------------------------------------------------- 1 | //! Tooling for working with HTTP data. 2 | 3 | mod commit; 4 | 5 | use bytes::Bytes; 6 | pub use commit::{DefaultHttpCommitter, HttpCommit, HttpCommitError}; 7 | 8 | #[doc(hidden)] 9 | pub use spansy::http; 10 | 11 | pub use http::{ 12 | parse_request, parse_response, Body, BodyContent, Header, HeaderName, HeaderValue, Method, 13 | Reason, Request, RequestLine, Requests, Response, Responses, Status, Target, 14 | }; 15 | use tlsn_core::transcript::Transcript; 16 | 17 | /// The kind of HTTP message. 18 | #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] 19 | pub enum MessageKind { 20 | /// An HTTP request. 21 | Request, 22 | /// An HTTP response. 23 | Response, 24 | } 25 | 26 | /// An HTTP transcript. 27 | #[derive(Debug)] 28 | pub struct HttpTranscript { 29 | /// The requests sent to the server. 30 | pub requests: Vec, 31 | /// The responses received from the server. 32 | pub responses: Vec, 33 | } 34 | 35 | impl HttpTranscript { 36 | /// Parses the HTTP transcript from the provided transcripts. 37 | pub fn parse(transcript: &Transcript) -> Result { 38 | let requests = Requests::new(Bytes::copy_from_slice(transcript.sent())) 39 | .collect::, _>>()?; 40 | let responses = Responses::new(Bytes::copy_from_slice(transcript.received())) 41 | .collect::, _>>()?; 42 | 43 | Ok(Self { 44 | requests, 45 | responses, 46 | }) 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /crates/formats/src/json/mod.rs: -------------------------------------------------------------------------------- 1 | //! Tooling for working with JSON data. 2 | 3 | mod commit; 4 | 5 | use spansy::json; 6 | 7 | pub use commit::{DefaultJsonCommitter, JsonCommit, JsonCommitError}; 8 | pub use json::{ 9 | Array, Bool, JsonKey, JsonValue, JsonVisit, KeyValue, Null, Number, Object, String, 10 | }; 11 | -------------------------------------------------------------------------------- /crates/formats/src/lib.rs: -------------------------------------------------------------------------------- 1 | //! Tools for selective disclosure of various formats. 2 | //! 3 | //! # Warning 4 | //! 5 | //! This library is not yet ready for production use, and should *NOT* be 6 | //! considered secure. 7 | //! 8 | //! At present, this library does not verify that redacted data does not contain 9 | //! control characters which can be used by a malicious prover to cheat. 10 | 11 | #![deny(missing_docs, unreachable_pub, unused_must_use)] 12 | #![deny(clippy::all)] 13 | #![forbid(unsafe_code)] 14 | 15 | pub mod http; 16 | pub mod json; 17 | 18 | #[doc(hidden)] 19 | pub use spansy; 20 | pub use spansy::ParseError; 21 | -------------------------------------------------------------------------------- /crates/mpc-tls/src/utils.rs: -------------------------------------------------------------------------------- 1 | use crate::MpcTlsError; 2 | 3 | /// Split an opaque message into its constituent parts. 4 | /// 5 | /// Returns the explicit nonce, ciphertext, and tag, respectively. 6 | #[allow(clippy::type_complexity)] 7 | pub(crate) fn opaque_into_parts( 8 | mut msg: Vec, 9 | ) -> Result<(Vec, Vec, Vec), MpcTlsError> { 10 | let tag = msg.split_off(msg.len() - 16); 11 | let ciphertext = msg.split_off(8); 12 | let explicit_nonce = msg; 13 | 14 | if explicit_nonce.len() != 8 { 15 | return Err(MpcTlsError::other("explicit nonce length is not 8")); 16 | } 17 | 18 | Ok((explicit_nonce, ciphertext, tag)) 19 | } 20 | -------------------------------------------------------------------------------- /crates/notary/client/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "notary-client" 3 | version = "0.1.0-alpha.11" 4 | edition = "2021" 5 | 6 | [lints] 7 | workspace = true 8 | 9 | [dependencies] 10 | notary-common = { workspace = true } 11 | 12 | derive_builder = { workspace = true } 13 | futures = { workspace = true } 14 | http-body-util = { workspace = true } 15 | hyper = { workspace = true, features = ["client", "http1"] } 16 | hyper-util = { workspace = true, features = ["full"] } 17 | serde_json = { workspace = true } 18 | thiserror = { workspace = true } 19 | tokio = { workspace = true, features = [ 20 | "rt", 21 | "rt-multi-thread", 22 | "macros", 23 | "net", 24 | "io-std", 25 | "fs", 26 | ] } 27 | tokio-rustls = { workspace = true } 28 | tracing = { workspace = true } 29 | webpki-roots = { workspace = true } 30 | -------------------------------------------------------------------------------- /crates/notary/client/src/error.rs: -------------------------------------------------------------------------------- 1 | //! Notary client errors. 2 | //! 3 | //! This module handles errors that might occur during connection setup and 4 | //! notarization requests. 5 | 6 | use derive_builder::UninitializedFieldError; 7 | use std::{error::Error, fmt}; 8 | 9 | #[derive(Debug)] 10 | #[allow(missing_docs)] 11 | pub(crate) enum ErrorKind { 12 | Internal, 13 | Builder, 14 | Connection, 15 | TlsSetup, 16 | Http, 17 | Configuration, 18 | } 19 | 20 | #[derive(Debug, thiserror::Error)] 21 | #[allow(missing_docs)] 22 | pub struct ClientError { 23 | kind: ErrorKind, 24 | #[source] 25 | source: Option>, 26 | } 27 | 28 | impl ClientError { 29 | pub(crate) fn new(kind: ErrorKind, source: Option>) -> Self { 30 | Self { kind, source } 31 | } 32 | } 33 | 34 | impl fmt::Display for ClientError { 35 | fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 36 | write!( 37 | f, 38 | "client error: {:?}, source: {:?}", 39 | self.kind, self.source 40 | ) 41 | } 42 | } 43 | 44 | impl From for ClientError { 45 | fn from(ufe: UninitializedFieldError) -> Self { 46 | ClientError::new(ErrorKind::Builder, Some(Box::new(ufe))) 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /crates/notary/client/src/lib.rs: -------------------------------------------------------------------------------- 1 | //! Notary client library. 2 | //! 3 | //! A notary client's purpose is to establish a connection to the notary server 4 | //! via TCP or TLS, and to configure and request notarization. 5 | //! Note that the actual notarization is not performed by the notary client but 6 | //! by the prover of the TLSNotary protocol. 7 | #![deny(missing_docs, unreachable_pub, unused_must_use)] 8 | #![deny(clippy::all)] 9 | #![forbid(unsafe_code)] 10 | 11 | mod client; 12 | mod error; 13 | 14 | pub use client::{Accepted, NotarizationRequest, NotaryClient, NotaryConnection}; 15 | pub use error::ClientError; 16 | -------------------------------------------------------------------------------- /crates/notary/common/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "notary-common" 3 | version = "0.1.0-alpha.11" 4 | description = "Common code shared between notary-server and notary-client" 5 | edition = "2021" 6 | 7 | [lints] 8 | workspace = true 9 | 10 | [dependencies] 11 | serde = { workspace = true, features = ["derive"] } 12 | -------------------------------------------------------------------------------- /crates/notary/common/src/lib.rs: -------------------------------------------------------------------------------- 1 | use serde::{Deserialize, Serialize}; 2 | 3 | /// Custom HTTP header used for specifying a whitelisted API key. 4 | pub const X_API_KEY_HEADER: &str = "X-API-Key"; 5 | 6 | /// Types of client that the prover is using. 7 | #[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)] 8 | pub enum ClientType { 9 | /// Client that has access to the transport layer. 10 | Tcp, 11 | /// Client that cannot directly access the transport layer, e.g. browser 12 | /// extension. 13 | Websocket, 14 | } 15 | 16 | /// Request object of the /session API. 17 | #[derive(Debug, Clone, Copy, Serialize, Deserialize)] 18 | #[serde(rename_all = "camelCase")] 19 | pub struct NotarizationSessionRequest { 20 | pub client_type: ClientType, 21 | /// Maximum data that can be sent by the prover. 22 | pub max_sent_data: Option, 23 | /// Maximum data that can be received by the prover. 24 | pub max_recv_data: Option, 25 | } 26 | 27 | /// Response object of the /session API. 28 | #[derive(Debug, Clone, Serialize, Deserialize)] 29 | #[serde(rename_all = "camelCase")] 30 | pub struct NotarizationSessionResponse { 31 | /// Unique session id that is generated by the notary and shared to the 32 | /// prover. 33 | pub session_id: String, 34 | } 35 | -------------------------------------------------------------------------------- /crates/notary/server/notary-server.Dockerfile: -------------------------------------------------------------------------------- 1 | # !!! To use this file, please run docker run at the root level of this repository 2 | FROM rust:latest AS builder 3 | RUN apt-get update && apt-get install -y clang libclang-dev 4 | WORKDIR /usr/src/tlsn 5 | COPY . . 6 | RUN cargo install --path crates/notary/server 7 | 8 | FROM ubuntu:latest 9 | WORKDIR /root/.notary 10 | RUN apt-get update && apt-get -y upgrade && apt-get install -y --no-install-recommends \ 11 | pkg-config \ 12 | libssl-dev \ 13 | && apt-get clean \ 14 | && rm -rf /var/lib/apt/lists/* 15 | COPY --from=builder /usr/local/cargo/bin/notary-server /usr/local/bin/notary-server 16 | # Label to link this image with the repository in Github Container Registry (https://docs.github.com/en/packages/learn-github-packages/connecting-a-repository-to-a-package#connecting-a-repository-to-a-container-image-using-the-command-line) 17 | LABEL org.opencontainers.image.source=https://github.com/tlsnotary/tlsn 18 | LABEL org.opencontainers.image.description="An implementation of the notary server in Rust." 19 | ENTRYPOINT [ "notary-server" ] 20 | -------------------------------------------------------------------------------- /crates/notary/server/notary-server.Dockerfile.dockerignore: -------------------------------------------------------------------------------- 1 | # exclude Rust build artifacts 2 | ./target 3 | ./crates/wasm/pkg/ 4 | ./crates/wasm-test-runner/static/generated/ 5 | -------------------------------------------------------------------------------- /crates/notary/server/src/cli.rs: -------------------------------------------------------------------------------- 1 | use structopt::StructOpt; 2 | 3 | // Fields loaded from the command line when launching this server. 4 | #[derive(Clone, Debug, StructOpt)] 5 | #[structopt(name = "Notary Server")] 6 | pub struct CliFields { 7 | /// Configuration file location (optional). 8 | #[structopt(long)] 9 | pub config: Option, 10 | } 11 | -------------------------------------------------------------------------------- /crates/notary/server/src/lib.rs: -------------------------------------------------------------------------------- 1 | mod auth; 2 | mod cli; 3 | mod config; 4 | mod error; 5 | mod middleware; 6 | mod server; 7 | mod server_tracing; 8 | mod service; 9 | mod signing; 10 | #[cfg(feature = "tee_quote")] 11 | mod tee; 12 | mod types; 13 | mod util; 14 | 15 | pub use cli::CliFields; 16 | pub use config::{ 17 | AuthorizationProperties, LogProperties, NotarizationProperties, NotaryServerProperties, 18 | TLSProperties, 19 | }; 20 | pub use error::NotaryServerError; 21 | pub use server::{read_pem_file, run_server}; 22 | pub use server_tracing::init_tracing; 23 | pub use util::parse_config_file; 24 | -------------------------------------------------------------------------------- /crates/notary/server/src/main.rs: -------------------------------------------------------------------------------- 1 | use eyre::{eyre, Result}; 2 | use notary_server::{ 3 | init_tracing, run_server, CliFields, NotaryServerError, NotaryServerProperties, 4 | }; 5 | use structopt::StructOpt; 6 | use tracing::debug; 7 | 8 | #[tokio::main] 9 | async fn main() -> Result<(), NotaryServerError> { 10 | // Load command line arguments 11 | let cli_fields: CliFields = CliFields::from_args(); 12 | 13 | let config = NotaryServerProperties::new(&cli_fields) 14 | .map_err(|err| eyre!("Failed to load config: {}", err))?; 15 | 16 | // Set up tracing for logging 17 | init_tracing(&config).map_err(|err| eyre!("Failed to set up tracing: {err}"))?; 18 | 19 | // debug!("Server config loaded: \n{}", config); 20 | 21 | debug!( 22 | "Server config loaded: \n{}", 23 | serde_yaml::to_string(&config).map_err(|err| eyre!("Failed to print config: {err}"))? 24 | ); 25 | 26 | // Run the server 27 | run_server(&config).await?; 28 | 29 | Ok(()) 30 | } 31 | -------------------------------------------------------------------------------- /crates/notary/server/src/server_tracing.rs: -------------------------------------------------------------------------------- 1 | use eyre::Result; 2 | use std::str::FromStr; 3 | use tracing::{Level, Subscriber}; 4 | use tracing_subscriber::{ 5 | fmt, layer::SubscriberExt, registry::LookupSpan, util::SubscriberInitExt, EnvFilter, Layer, 6 | Registry, 7 | }; 8 | 9 | use crate::config::{LogFormat, NotaryServerProperties}; 10 | 11 | fn format_layer(format: LogFormat) -> Box + Send + Sync> 12 | where 13 | S: Subscriber + for<'a> LookupSpan<'a>, 14 | { 15 | let f = fmt::layer().with_thread_ids(true).with_thread_names(true); 16 | match format { 17 | LogFormat::Compact => f.compact().boxed(), 18 | LogFormat::Json => f.json().boxed(), 19 | } 20 | } 21 | 22 | pub fn init_tracing(config: &NotaryServerProperties) -> Result<()> { 23 | // Retrieve log filtering logic from config 24 | let directives = match &config.log.filter { 25 | // Use custom filter that is provided by user 26 | Some(filter) => filter.clone(), 27 | // Use the default filter when only verbosity level is provided 28 | None => { 29 | let level = Level::from_str(&config.log.level)?; 30 | format!("notary_server={level},tlsn_verifier={level},mpc_tls={level}") 31 | } 32 | }; 33 | let filter_layer = EnvFilter::builder().parse(directives)?; 34 | 35 | Registry::default() 36 | .with(filter_layer) 37 | .with(format_layer(config.log.format)) 38 | .try_init()?; 39 | 40 | Ok(()) 41 | } 42 | -------------------------------------------------------------------------------- /crates/notary/server/src/service/websocket.rs: -------------------------------------------------------------------------------- 1 | use tokio::time::Instant; 2 | use tracing::{debug, error, info}; 3 | use ws_stream_tungstenite::WsStream; 4 | 5 | use crate::{ 6 | service::{axum_websocket::WebSocket, notary_service}, 7 | types::NotaryGlobals, 8 | }; 9 | 10 | /// Perform notarization using the established websocket connection 11 | pub async fn websocket_notarize( 12 | socket: WebSocket, 13 | notary_globals: NotaryGlobals, 14 | session_id: String, 15 | ) { 16 | let start = Instant::now(); 17 | debug!(?session_id, "Upgraded to websocket connection"); 18 | // Wrap the websocket in WsStream so that we have AsyncRead and AsyncWrite 19 | // implemented 20 | let stream = WsStream::new(socket.into_inner()); 21 | match notary_service(stream, notary_globals, &session_id).await { 22 | Ok(_) => { 23 | info!( 24 | ?session_id, 25 | elapsed_time_millis = start.elapsed().as_millis(), 26 | "Successful notarization using websocket!" 27 | ); 28 | } 29 | Err(err) => { 30 | error!( 31 | ?session_id, 32 | elapsed_time_millis = start.elapsed().as_millis(), 33 | "Failed notarization using websocket: {err}" 34 | ); 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /crates/notary/server/tee/gramine-local.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/amd64 gramineproject/gramine:latest 2 | 3 | RUN apt update && \ 4 | apt install -y jq openssl zip && \ 5 | apt clean && \ 6 | rm -rf /var/lib/apt/lists/* -------------------------------------------------------------------------------- /crates/notary/server/tee/notary-server-sgx.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gramineproject/gramine:latest 2 | WORKDIR /work 3 | 4 | # Copies `notary-server-sgx.zip` from the CI build or created locally via `run-gramine-local.sh`. 5 | COPY ./notary-server-sgx /work 6 | RUN chmod +x /work/notary-server 7 | 8 | LABEL org.opencontainers.image.source=https://github.com/tlsnotary/tlsn 9 | LABEL org.opencontainers.image.description="TLSNotary notary server in SGX/Gramine." 10 | 11 | ENTRYPOINT ["gramine-sgx", "notary-server"] 12 | -------------------------------------------------------------------------------- /crates/notary/server/tee/notary-server.manifest.template: -------------------------------------------------------------------------------- 1 | libos.entrypoint = "{{ self_exe }}" 2 | loader.log_level = "{{ log_level }}" 3 | 4 | loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}" 5 | 6 | # See https://gramine.readthedocs.io/en/stable/performance.html#glibc-malloc-tuning 7 | loader.env.MALLOC_ARENA_MAX = "1" 8 | 9 | # encrypted type not used 10 | fs.mounts = [ 11 | { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" }, 12 | { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" }, 13 | { type = "tmpfs", path = "/ephemeral" }, 14 | { type = "encrypted", path = "/vault", uri = "file:vault", key_name = "_sgx_mrenclave" }, 15 | 16 | ] 17 | 18 | # hashed @ buildtime. at runtime => these files are +ro 19 | # and can be accessed if hash matches manifest 20 | # !!!! hashed !!!! 21 | # https://gramine.readthedocs.io/en/stable/manifest-syntax.html#trusted-files 22 | sgx.trusted_files = [ 23 | "file:{{ self_exe }}", 24 | "file:{{ gramine.runtimedir() }}/", 25 | "file:{{ arch_libdir }}/", 26 | ] 27 | 28 | sgx.edmm_enable = false 29 | sgx.remote_attestation = "dcap" 30 | sgx.max_threads = 64 31 | sgx.enclave_size = "2G" 32 | sys.disallow_subprocesses = true 33 | 34 | 35 | #### tlsn rev 36 | sgx.isvprodid = 7 37 | #### F 38 | sgx.isvsvn = 1 39 | -------------------------------------------------------------------------------- /crates/notary/server/tee/run-gramine-local.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | echo "[*] Generating SGX signing key..." 6 | gramine-sgx-gen-private-key 7 | 8 | if [ ! -f notary-server ]; then 9 | echo "[!] notary-server binary not found. Please copy it from ci, or build it first." 10 | echo "Note that notary-server must be built for linux/amd64 with tee_quote feature enabled" 11 | exit 1 12 | fi 13 | 14 | chmod +x notary-server 15 | 16 | echo "[*] Creating Gramine manifest..." 17 | gramine-manifest \ 18 | -Dlog_level=debug \ 19 | -Darch_libdir=/lib/x86_64-linux-gnu \ 20 | -Dself_exe=notary-server \ 21 | notary-server.manifest.template \ 22 | notary-server.manifest 23 | 24 | echo "[*] Signing manifest..." 25 | gramine-sgx-sign \ 26 | --manifest notary-server.manifest \ 27 | --output notary-server.manifest.sgx 28 | 29 | echo "[*] Viewing SIGSTRUCT..." 30 | gramine-sgx-sigstruct-view --verbose --output-format=json notary-server.sig >notary-server-sigstruct.json 31 | 32 | cat notary-server-sigstruct.json | jq . 33 | 34 | mr_enclave=$(jq -r ".mr_enclave" notary-server-sigstruct.json) 35 | mr_signer=$(jq -r ".mr_signer" notary-server-sigstruct.json) 36 | 37 | echo "==============================" 38 | echo "MRENCLAVE: $mr_enclave" 39 | echo "MRSIGNER: $mr_signer" 40 | echo "==============================" 41 | 42 | zip -r notary-server-sgx.zip \ 43 | notary-server \ 44 | notary-server-sigstruct.json \ 45 | notary-server.sig \ 46 | notary-server.manifest \ 47 | notary-server.manifest.sgx \ 48 | README.md 49 | -------------------------------------------------------------------------------- /crates/notary/tests-integration/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "notary-tests-integration" 3 | version = "0.0.0" 4 | edition = "2021" 5 | publish = false 6 | 7 | [lints] 8 | workspace = true 9 | 10 | [dev-dependencies] 11 | notary-client = { workspace = true } 12 | notary-common = { workspace = true } 13 | notary-server = { workspace = true } 14 | tls-server-fixture = { workspace = true } 15 | tlsn-common = { workspace = true } 16 | tlsn-prover = { workspace = true } 17 | tlsn-tls-core = { workspace = true } 18 | tlsn-core = { workspace = true } 19 | 20 | async-tungstenite = { workspace = true, features = ["tokio-native-tls"] } 21 | futures = { workspace = true } 22 | http = { workspace = true } 23 | http-body-util = { workspace = true } 24 | hyper = { workspace = true, features = ["client", "http1", "server"] } 25 | hyper-tls = { version = "0.6", features = [ 26 | "vendored", 27 | ] } # specify vendored feature to use statically linked copy of OpenSSL 28 | hyper-util = { workspace = true, features = ["full"] } 29 | rstest = { workspace = true } 30 | rustls = { workspace = true } 31 | rustls-pemfile = { workspace = true } 32 | serde_json = { workspace = true } 33 | tokio = { workspace = true, features = ["full"] } 34 | tokio-native-tls = { version = "0.3.1", features = ["vendored"] } 35 | tokio-util = { workspace = true, features = ["compat"] } 36 | tracing = { workspace = true } 37 | tracing-subscriber = { workspace = true, features = ["env-filter"] } 38 | uuid = { workspace = true, features = ["v4", "fast-rng"] } 39 | ws_stream_tungstenite = { workspace = true, features = ["tokio_io"] } 40 | -------------------------------------------------------------------------------- /crates/notary/tests-integration/fixture/.gitignore: -------------------------------------------------------------------------------- 1 | !* -------------------------------------------------------------------------------- /crates/notary/tests-integration/fixture/auth/whitelist.csv: -------------------------------------------------------------------------------- 1 | "Name","ApiKey","CreatedAt" 2 | "Jonas Nielsen","test_api_key_0","2023-09-18T07:38:53Z" 3 | "Eren Jaeger","test_api_key_1","2023-10-18T07:38:53Z" 4 | -------------------------------------------------------------------------------- /crates/notary/tests-integration/fixture/notary/notary.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgbGCmm+WHxwlKKKRWddfO 3 | 02TmpM787BJQuoVrHeCI5v6hRANCAAR7SPGcE5toiPteODpNcsIzUYb9WFjnrnQ6 4 | tL+OBxsG5+j9AN8W8v+KvMi/UlKaEaJVywIcLCiWENdZyB7u/Yix 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /crates/notary/tests-integration/fixture/notary/notary.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MDYwEAYHKoZIzj0CAQYFK4EEAAoDIgADe0jxnBObaIj7Xjg6TXLCM1GG/VhY5650 3 | OrS/jgcbBuc= 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /crates/notary/tests-integration/fixture/tls/README.md: -------------------------------------------------------------------------------- 1 | # Create a private key for the root CA 2 | openssl genpkey -algorithm RSA -out rootCA.key -pkeyopt rsa_keygen_bits:2048 3 | 4 | # Create a self-signed root CA certificate (100 years validity) 5 | openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 36525 -out rootCA.crt -subj "/C=US/ST=State/L=City/O=tlsnotary/OU=IT/CN=tlsnotary.org" 6 | 7 | # Create a private key for the end entity certificate 8 | openssl genpkey -algorithm RSA -out notary.key -pkeyopt rsa_keygen_bits:2048 9 | 10 | # Create a certificate signing request (CSR) for the end entity certificate 11 | openssl req -new -key notary.key -out notary.csr -subj "/C=US/ST=State/L=City/O=tlsnotary/OU=IT/CN=tlsnotaryserver.io" 12 | 13 | # Sign the CSR with the root CA to create the end entity certificate (100 years validity) 14 | openssl x509 -req -in notary.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out notary.crt -days 36525 -sha256 -extfile openssl.cnf -extensions v3_req 15 | -------------------------------------------------------------------------------- /crates/notary/tests-integration/fixture/tls/notary.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDzTCCArWgAwIBAgIJALo+PtyTmxENMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV 3 | BAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0eTESMBAGA1UECgwJ 4 | dGxzbm90YXJ5MQswCQYDVQQLDAJJVDEWMBQGA1UEAwwNdGxzbm90YXJ5Lm9yZzAg 5 | Fw0yNDA4MDIxMTE1MzZaGA8yMTI0MDgwMzExMTUzNlowajELMAkGA1UEBhMCVVMx 6 | DjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MRIwEAYDVQQKDAl0bHNub3Rh 7 | cnkxCzAJBgNVBAsMAklUMRswGQYDVQQDDBJ0bHNub3RhcnlzZXJ2ZXIuaW8wggEi 8 | MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEzkZE9X7Utn3by4sFG8KcDrdV 9 | 3szzPP9eA8U4cVmrWQAS0lsrEeHDv0KGKMFKOi3FDgyF1I8OWMIvnWj4LQ1zKYny 10 | fufOkAv4UcYY0E9/VonqPKY0Xo9lbbl5Xu/E55gfJhAPZzoV73uXjvlhSVdhaypZ 11 | ibSZm9t5izTiK1pcKDuvubB5zhmldt1+f0wbBxhLWVlf8T8GaPVZ37NCJGeeUf6Z 12 | GL6Fq4jBYfvjzUQl6P72Zk0FCpIq2W/z2yBfWnNRRPjQuzIxk7cB6ssVpQF52cXZ 13 | OF5YJhc7C/hr4rfWLshGQxkmwNktBSHrQUBm3LQHaT9ccPy0xgdIAD9Avf0BAgMB 14 | AAGjeTB3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdEQQWMBSCEnRsc25v 15 | dGFyeXNlcnZlci5pbzAdBgNVHQ4EFgQULo1DGRbjA/+zX9AvRk6YcO2AYHowHwYD 16 | VR0jBBgwFoAUKmfDzMNGdJr5blSUarmhRIiI88IwDQYJKoZIhvcNAQELBQADggEB 17 | AFgTVLHCfaswU8pTwgRK1xWTGlMDQmZU//Lbatel6HTH0zMF4wj/hVkGikHWpJLt 18 | 1UipGRPUgyjFtDoPag8jrSDeK1ahtjNzkGEuz5wXM0zYqIv1xkXPatEbCV4LLI3Q 19 | Yxf2YI7Nh599+2I/oZ+8YKUMn6EI58PgiSjyG7vzRoQKGAoE82FpBFyEUpcUXQDa 20 | MIr/D8Xcv+RPpdHxi4cyHJAy+irzs9ghF7WdmFEOATYNF8EsP/doiskXWl68t2Hn 21 | sDflDIbOH1xId3zJIwE/5IG3NrNqhVm2va06TNWURo3v8h+7bnD8Rxq107ObflKj 22 | i1MwBiwdf7/w5Dw9o3K21ic= 23 | -----END CERTIFICATE----- 24 | -------------------------------------------------------------------------------- /crates/notary/tests-integration/fixture/tls/notary.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICrzCCAZcCAQAwajELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYD 3 | VQQHDARDaXR5MRIwEAYDVQQKDAl0bHNub3RhcnkxCzAJBgNVBAsMAklUMRswGQYD 4 | VQQDDBJ0bHNub3RhcnlzZXJ2ZXIuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw 5 | ggEKAoIBAQDEzkZE9X7Utn3by4sFG8KcDrdV3szzPP9eA8U4cVmrWQAS0lsrEeHD 6 | v0KGKMFKOi3FDgyF1I8OWMIvnWj4LQ1zKYnyfufOkAv4UcYY0E9/VonqPKY0Xo9l 7 | bbl5Xu/E55gfJhAPZzoV73uXjvlhSVdhaypZibSZm9t5izTiK1pcKDuvubB5zhml 8 | dt1+f0wbBxhLWVlf8T8GaPVZ37NCJGeeUf6ZGL6Fq4jBYfvjzUQl6P72Zk0FCpIq 9 | 2W/z2yBfWnNRRPjQuzIxk7cB6ssVpQF52cXZOF5YJhc7C/hr4rfWLshGQxkmwNkt 10 | BSHrQUBm3LQHaT9ccPy0xgdIAD9Avf0BAgMBAAGgADANBgkqhkiG9w0BAQsFAAOC 11 | AQEAups2oJRV5x/BZcZvRseWpGToqr5pO3ESXUEEbCpeHDKLIav4aWfYUkY4UGGN 12 | 2m1XYN7nEytwygJmMRWS8kjJzacII9j+dCysqCmm71T2L4BszCCVYGwTAigZuZ1R 13 | WmULhso1tXXUF7ggEdTUpxMa5VijkbpZ5iQfBbslpSo0mjgM2bL4hO3Y8dl7a1Bn 14 | 0LNasWzWaizp6SkMU2BDNVF+i5blR4p8Bk0GQpPzGqwZf2tKcqmvutPqEm4rcOOC 15 | U5j/U6uZpCYc8VQOklOUkDUSAZzCSJxeGHykddtMFte5+HkqBZoMCQwHeZl1g0qZ 16 | /NLvHB8YO7U2XRJTfxloHhj3WQ== 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /crates/notary/tests-integration/fixture/tls/openssl.cnf: -------------------------------------------------------------------------------- 1 | [ v3_req ] 2 | basicConstraints = CA:FALSE 3 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 4 | subjectAltName = @alt_names 5 | 6 | [ alt_names ] 7 | DNS.1 = tlsnotaryserver.io -------------------------------------------------------------------------------- /crates/notary/tests-integration/fixture/tls/rootCA.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDrTCCApWgAwIBAgIUUmpF/+i9EcDpciV0s1Okh4Wx/QswDQYJKoZIhvcNAQEL 3 | BQAwZTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5 4 | MRIwEAYDVQQKDAl0bHNub3RhcnkxCzAJBgNVBAsMAklUMRYwFAYDVQQDDA10bHNu 5 | b3Rhcnkub3JnMCAXDTI0MDgwMjExMDU1MloYDzIxMjQwODAzMTEwNTUyWjBlMQsw 6 | CQYDVQQGEwJVUzEOMAwGA1UECAwFU3RhdGUxDTALBgNVBAcMBENpdHkxEjAQBgNV 7 | BAoMCXRsc25vdGFyeTELMAkGA1UECwwCSVQxFjAUBgNVBAMMDXRsc25vdGFyeS5v 8 | cmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDNGFXBMov4HBr4F/W 9 | +9mzM4t+ww4jURyF/7O1puyhz0gueAu5/kzh6d5r+P2xwP0tpqtITvwfo2tHCNTg 10 | dKBNPO7NnRnW8QtommHhafHUfj+4cR7G1xxSZD34mwuBnYW3cmxCbi0l5dClWfHA 11 | G7GRHv5aPBBYbeF2ACYBesaCJLa5OMkab/N7DwPTWuSjoQqrMeodaQ1Q5Ro09cbt 12 | WlL+ywRVq1gKZvgs3RogwDt6NUEZ8Hkz/BZzbo2HlX1+XUpMP7ucHGUQIt7F2Z+6 13 | iYkMJfP+BflBR+qOzoMbgHo1SD5uIv1/iXi3UoddpCnzsretkcNs2pnpiPWoEhdA 14 | fNuxAgMBAAGjUzBRMB0GA1UdDgQWBBQqZ8PMw0Z0mvluVJRquaFEiIjzwjAfBgNV 15 | HSMEGDAWgBQqZ8PMw0Z0mvluVJRquaFEiIjzwjAPBgNVHRMBAf8EBTADAQH/MA0G 16 | CSqGSIb3DQEBCwUAA4IBAQA7HR1mmHe5jT52EhSjwePvzvW7Tx6VGSUrhzkhnRVv 17 | IbYjX0jWPSSXvc2NG3LyxyDLLOTkM0xWQLGEQ9LYYuH9Sy1ZUK4Mv7qWO23LaM2s 18 | dYjWDKM9N23XhtgkbzFX6+X1Q93wU5KIibVMkPSzmaxDbhoiKYozznmSjOBt2HR2 19 | UbpjNPjzN7BL+Gv+8hBhS0UeE2zgN0XcZmyiZQlfL7XTVoszjNd6HeKyCHX1Tk4a 20 | /vYn3B1cFK8u4gRyjPKr8QH/uju4T+0gp8GtB1eQ9erdBkehPgb8x1QwdXWKPp4m 21 | woJDTdgJhMu3w0InHtQztCtiTPphjrN/as2rw9hyYU4C 22 | -----END CERTIFICATE----- 23 | -------------------------------------------------------------------------------- /crates/notary/tests-integration/fixture/tls/rootCA.srl: -------------------------------------------------------------------------------- 1 | BA3E3EDC939B110D 2 | -------------------------------------------------------------------------------- /crates/prover/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-prover" 3 | authors = ["TLSNotary Team"] 4 | description = "Contains the prover library" 5 | keywords = ["tls", "mpc", "2pc", "prover"] 6 | categories = ["cryptography"] 7 | license = "MIT OR Apache-2.0" 8 | version = "0.1.0-alpha.11" 9 | edition = "2021" 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [features] 15 | default = ["rayon"] 16 | rayon = ["mpz-common/rayon"] 17 | force-st = ["mpz-common/force-st"] 18 | 19 | [dependencies] 20 | tlsn-common = { workspace = true } 21 | tlsn-core = { workspace = true } 22 | tlsn-deap = { workspace = true } 23 | tlsn-tls-client = { workspace = true } 24 | tlsn-tls-client-async = { workspace = true } 25 | tlsn-tls-core = { workspace = true } 26 | tlsn-mpc-tls = { workspace = true } 27 | 28 | serio = { workspace = true, features = ["compat"] } 29 | uid-mux = { workspace = true, features = ["serio"] } 30 | 31 | mpz-common = { workspace = true } 32 | mpz-core = { workspace = true } 33 | mpz-garble = { workspace = true } 34 | mpz-garble-core = { workspace = true } 35 | mpz-memory-core = { workspace = true } 36 | mpz-ole = { workspace = true } 37 | mpz-ot = { workspace = true } 38 | mpz-vm-core = { workspace = true } 39 | mpz-zk = { workspace = true } 40 | 41 | derive_builder = { workspace = true } 42 | futures = { workspace = true } 43 | opaque-debug = { workspace = true } 44 | rand = { workspace = true } 45 | thiserror = { workspace = true } 46 | tracing = { workspace = true } 47 | web-time = { workspace = true } 48 | tokio = { workspace = true, features = ["sync"] } 49 | -------------------------------------------------------------------------------- /crates/prover/src/future.rs: -------------------------------------------------------------------------------- 1 | //! This module collects futures which are used by the [Prover]. 2 | 3 | use super::{state, Prover, ProverControl, ProverError}; 4 | use futures::Future; 5 | use std::pin::Pin; 6 | 7 | /// Prover future which must be polled for the TLS connection to make progress. 8 | pub struct ProverFuture { 9 | #[allow(clippy::type_complexity)] 10 | pub(crate) fut: Pin< 11 | Box, ProverError>> + Send + 'static>, 12 | >, 13 | pub(crate) ctrl: ProverControl, 14 | } 15 | 16 | impl ProverFuture { 17 | /// Returns a controller for the prover for advanced functionality. 18 | pub fn control(&self) -> ProverControl { 19 | self.ctrl.clone() 20 | } 21 | } 22 | 23 | impl Future for ProverFuture { 24 | type Output = Result, ProverError>; 25 | 26 | fn poll( 27 | mut self: Pin<&mut Self>, 28 | cx: &mut std::task::Context<'_>, 29 | ) -> std::task::Poll { 30 | self.fut.as_mut().poll(cx) 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /crates/server-fixture/certs/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-server-fixture-certs" 3 | publish = false 4 | version = "0.0.0" 5 | edition = "2021" 6 | 7 | [lints] 8 | workspace = true 9 | -------------------------------------------------------------------------------- /crates/server-fixture/certs/src/lib.rs: -------------------------------------------------------------------------------- 1 | /// A certificate authority certificate fixture. 2 | pub static CA_CERT_DER: &[u8] = include_bytes!("tls/root_ca_cert.der"); 3 | /// A server certificate (domain=test-server.io) fixture. 4 | pub static SERVER_CERT_DER: &[u8] = include_bytes!("tls/test_server_cert.der"); 5 | /// A server private key fixture. 6 | pub static SERVER_KEY_DER: &[u8] = include_bytes!("tls/test_server_private_key.der"); 7 | /// The domain name bound to the server certificate. 8 | pub static SERVER_DOMAIN: &str = "test-server.io"; 9 | -------------------------------------------------------------------------------- /crates/server-fixture/certs/src/tls/README.md: -------------------------------------------------------------------------------- 1 | # Create a private key for the root CA 2 | openssl genpkey -algorithm RSA -out root_ca.key -pkeyopt rsa_keygen_bits:2048 3 | 4 | # Create a self-signed root CA certificate (100 years validity) 5 | openssl req -x509 -new -nodes -key root_ca.key -sha256 -days 36525 -out root_ca.crt -subj "/C=US/ST=State/L=City/O=tlsnotary/OU=IT/CN=tlsnotary.org" 6 | 7 | # Create a private key for the end entity certificate 8 | openssl genpkey -algorithm RSA -out test_server.key -pkeyopt rsa_keygen_bits:2048 9 | 10 | # Create a certificate signing request (CSR) for the end entity certificate 11 | openssl req -new -key test_server.key -out test_server.csr -subj "/C=US/ST=State/L=City/O=tlsnotary/OU=IT/CN=test-server.io" 12 | 13 | # Sign the CSR with the root CA to create the end entity certificate (100 years validity) 14 | openssl x509 -req -in test_server.csr -CA root_ca.crt -CAkey root_ca.key -CAcreateserial -out test_server.crt -days 36525 -sha256 -extfile openssl.cnf -extensions v3_req 15 | 16 | # Convert the root CA certificate to DER format 17 | openssl x509 -in root_ca.crt -outform der -out root_ca_cert.der 18 | 19 | # Convert the end entity certificate to DER format 20 | openssl x509 -in test_server.crt -outform der -out test_server_cert.der 21 | 22 | # Convert the end entity certificate private key to DER format 23 | openssl pkcs8 -topk8 -inform PEM -outform DER -in test_server.key -out test_server_private_key.der -nocrypt -------------------------------------------------------------------------------- /crates/server-fixture/certs/src/tls/openssl.cnf: -------------------------------------------------------------------------------- 1 | [ v3_req ] 2 | basicConstraints = CA:FALSE 3 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 4 | subjectAltName = @alt_names 5 | 6 | [ alt_names ] 7 | DNS.1 = test-server.io -------------------------------------------------------------------------------- /crates/server-fixture/certs/src/tls/root_ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDrTCCApWgAwIBAgIUNBABQqSkJXdF8qtOLwP4EylSOPcwDQYJKoZIhvcNAQEL 3 | BQAwZTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5 4 | MRIwEAYDVQQKDAl0bHNub3RhcnkxCzAJBgNVBAsMAklUMRYwFAYDVQQDDA10bHNu 5 | b3Rhcnkub3JnMCAXDTI0MDgwMjEwMTQ1M1oYDzIxMjQwODAzMTAxNDUzWjBlMQsw 6 | CQYDVQQGEwJVUzEOMAwGA1UECAwFU3RhdGUxDTALBgNVBAcMBENpdHkxEjAQBgNV 7 | BAoMCXRsc25vdGFyeTELMAkGA1UECwwCSVQxFjAUBgNVBAMMDXRsc25vdGFyeS5v 8 | cmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVvgedJ3zVE7ICYoaD 9 | CwybhEN/6g1baoyDRVD8fpZfhdkh0uMMKBFqRa1qO9wF3Fthq6DJRaHsmZeE42Jm 10 | aDvlRtaKDfB0MMcSeNqmP8ia7+8TFgMBY/YP7dW3d9QADFHLqyMcS6O2iaSMjBzg 11 | 4nx33TdAhQOIPHOSZbMZJGO18jn55GEeogIz6UiV8gqjQtbel/cn8jXi2rOgub+p 12 | CZziixQ6ikppdW6a8p37B5W4/WNHDIRgRP890q0GyrEJWtj9TwyMmeC6/0mxXjZC 13 | caLWV0072j3Dd+66XvkeL04mSe4Bp0YUs8jcTPsfOAo3FAvPgyQ6UqQfZBqOnU93 14 | xmYzAgMBAAGjUzBRMB0GA1UdDgQWBBTJgXIkPw2ZVkTscFx/CKZZrhymzTAfBgNV 15 | HSMEGDAWgBTJgXIkPw2ZVkTscFx/CKZZrhymzTAPBgNVHRMBAf8EBTADAQH/MA0G 16 | CSqGSIb3DQEBCwUAA4IBAQBP/IbIt7TheTcdhCtT5uAo4bp9Hjo5loaj0jtUkmwP 17 | 0RM2uA1IPu+stA+Zb8zfYZ9cIeTlYpFKZpVGmZfQYb26vYsPb40fUWAO+pYt5CGE 18 | Kf+nwDokwT4sZUocm8sOhiLb4LWbE+e5ZmfthwUfloR2qJD9GEi4XmNt/QEbUDCK 19 | AFch+dCRNzf0W7XJKkUsB2UQqBjHfcVbor1KrhEPgWfzfHBac6hipyekr82FVTY0 20 | tUIKJvvsDuCm9vUE8EpXHpT+krw9H6jSxhcovw9K4Ix4VSbY/c3g9jO4eneMama+ 21 | IrjLekT8wUU4YHSaPcUm3VTBGrVDe6ZCGGaM3iDUJvr8 22 | -----END CERTIFICATE----- 23 | -------------------------------------------------------------------------------- /crates/server-fixture/certs/src/tls/root_ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCVvgedJ3zVE7IC 3 | YoaDCwybhEN/6g1baoyDRVD8fpZfhdkh0uMMKBFqRa1qO9wF3Fthq6DJRaHsmZeE 4 | 42JmaDvlRtaKDfB0MMcSeNqmP8ia7+8TFgMBY/YP7dW3d9QADFHLqyMcS6O2iaSM 5 | jBzg4nx33TdAhQOIPHOSZbMZJGO18jn55GEeogIz6UiV8gqjQtbel/cn8jXi2rOg 6 | ub+pCZziixQ6ikppdW6a8p37B5W4/WNHDIRgRP890q0GyrEJWtj9TwyMmeC6/0mx 7 | XjZCcaLWV0072j3Dd+66XvkeL04mSe4Bp0YUs8jcTPsfOAo3FAvPgyQ6UqQfZBqO 8 | nU93xmYzAgMBAAECggEAB+ybV4rgQCBqMlZyGtuJ/8Ld6uuBEx442wuJ2nV9J1yc 9 | cyicq6cv1hQONh8pKMWSr8EBjGqFw/u+znaqsuj/iRsYvbaOISqhpk3Eow6guD5L 10 | 7xJ3oepfJP786S12B8ifHYGWz+ewKA1HAB8RZNSSKf+ywv8nAt3Rbzpi4h47CUT4 11 | Z06gLJYZNimLVPIWLzrHa+/ZOyHq/XRWsr6GTFgXfT6nudfCxzdlIdajrBvaSLBG 12 | KbOs52tffEUHn+V1AoH6kmNp0EPSCbnR2b1KIv7loj6vi52UBpipjNFwa8PNzWfL 13 | Cuu9N6fl7qRv9VYCnC2gJz6rTARaNJWf57UP2avygQKBgQDJC89y4lgai8qJLv3w 14 | go+kFiWnZE0C8U69sOmNeACYhunQFKX2cG7EkTuPOnZj8XJcLYVHMSJLrEJcqyX/ 15 | wDv1at+KqDMQsf0j7NHCSpkoG93wlffCB87VPndy7ajRN4d17tbQOJP6zmOQo1YP 16 | 7MTeVtDF3JF9IxfTb+Pxmp5nswKBgQC+rDzBN8Drr1jp6FfzZrDcr/gvlSftXupF 17 | jTSkSxywQjophp02Hdi2t32Xq+wEuaMaJUOtywK/NVs5hJeGC584rWQjLObh7oUD 18 | td+2V802kzsERSeDiDwtBYgjePtkeO7MXadGLwJSaZxocjcjgGj2qWPs9ihUASuB 19 | TEtkO0jHgQKBgQCUFGXc2YhJLTOlrX4O+ytvkXx0ebUbeL8lirvLnlrZ/W0T/VFs 20 | Xc3IbKxwx3/SB1HTQRgMosz+7ccHWGwpnt7K2cgC6faK0n6ASnsJX0bFuxjSjrMp 21 | L/URLexvM0uHph3ZKG0CetnL/t5o91V5b0xl843cXqSuhf2Tl7NODjOkbwKBgAIn 22 | 5mP04myHxgSXCO+KmLNWFgNLt3DaouF4cEDvTHq9tPSlPf/PpJSkTHo7imafRrXT 23 | +AjuA7DvxIFI+4GbfghhBYHUTyP802owU0A3i+1zCrbIpWK6VpvXtStZgdYn++M5 24 | p9uGSotuAEO6Dt+K4yTu019phRk2DizfFPckKHWBAoGAehmqjR+5T7SpDiZwXFyN 25 | CA4qKVoYPexmNjbECYkpLbEkPxOc145H0Y4oHOBH46jIiHumSV3N2bvywYQ2IlyV 26 | BSGqGFAeFhpRAtMKCFMG7bNPTbskKcpUyGD2csoiYxXsFuFZX4Db9i0tpjt57C/a 27 | 9ij7zNzrAj5Iby8EMykK+aM= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /crates/server-fixture/certs/src/tls/root_ca.srl: -------------------------------------------------------------------------------- 1 | 1B924A233FDF6D40DDA57D7E4C0C37DE64BE996A 2 | -------------------------------------------------------------------------------- /crates/server-fixture/certs/src/tls/root_ca_cert.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/server-fixture/certs/src/tls/root_ca_cert.der -------------------------------------------------------------------------------- /crates/server-fixture/certs/src/tls/test_server.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIID0DCCArigAwIBAgIUG5JKIz/fbUDdpX1+TAw33mS+mWowDQYJKoZIhvcNAQEL 3 | BQAwZTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5 4 | MRIwEAYDVQQKDAl0bHNub3RhcnkxCzAJBgNVBAsMAklUMRYwFAYDVQQDDA10bHNu 5 | b3Rhcnkub3JnMCAXDTI0MDgwMjEwMTU1N1oYDzIxMjQwODAzMTAxNTU3WjBmMQsw 6 | CQYDVQQGEwJVUzEOMAwGA1UECAwFU3RhdGUxDTALBgNVBAcMBENpdHkxEjAQBgNV 7 | BAoMCXRsc25vdGFyeTELMAkGA1UECwwCSVQxFzAVBgNVBAMMDnRlc3Qtc2VydmVy 8 | LmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeBDxxxAASDtcXx4 9 | 07dK7YfLw2+cRz5rDdv/HHPHJLGJTvCXfZCTfV3y3KzTuLeOWHhGyG1bH075Jg/1 10 | TZ+nTdr/T/78mV4GXilf6hvmnwX3Pr7KLfXDEizRDKbnQqTgThs9hgHJ5pm8Jkid 11 | 5dWJEnvT5ChaBzwITpAe7qD05dVln7wkayKkT28IuV1iOglXjoBsozsL2qvj2wmL 12 | pYQqn17Ir98CY9AUjJ/D4tAGRbxGmhQ3+kLakO2wR+TA0E51opjlWeP4qc8i1OWp 13 | MH3fz5GddrC0BYVF0yute2VgjOXlM0PB2V4aMrqeB52hppix9XZOXymLeVQHddXQ 14 | YbtPPQIDAQABo3UwczAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAZBgNVHREEEjAQ 15 | gg50ZXN0LXNlcnZlci5pbzAdBgNVHQ4EFgQUXLxbOoGpjtxTs0zuIRtl74jPNokw 16 | HwYDVR0jBBgwFoAUyYFyJD8NmVZE7HBcfwimWa4cps0wDQYJKoZIhvcNAQELBQAD 17 | ggEBADnqTNfq6bhNYeSrT0KjpkJL+lI8g1gIUHUP9/wIMOJAaIkKj/hjoqSkrUfm 18 | DoE9zK+7Wy27nyS6q8YEpbjWqRBUmdL6iQ0/fzgl/jaPyqfwrj0S2Xjj8mWBC2jj 19 | //omjVrdq2RtYoL175sHEq3df9bprOPzb7mVPDP1kb7akkiqHRvvID+A1rd+hbHo 20 | H1cjc8RvtTxfnwAwXui8GFgdGjlt59qi+RxxGFCzdQNUhVTxQUeX4Xp6I99EMWWK 21 | 1UcKR7wmU+LuW4NNZXCWHUdsDlJaGgYuNZM90IpV4XeEr3MKFom7+G2M1cpuRi86 22 | /c1GLXO07No9K57VJ+W3qL/uw8c= 23 | -----END CERTIFICATE----- 24 | -------------------------------------------------------------------------------- /crates/server-fixture/certs/src/tls/test_server.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICqzCCAZMCAQAwZjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYD 3 | VQQHDARDaXR5MRIwEAYDVQQKDAl0bHNub3RhcnkxCzAJBgNVBAsMAklUMRcwFQYD 4 | VQQDDA50ZXN0LXNlcnZlci5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC 5 | ggEBAKHgQ8ccQAEg7XF8eNO3Su2Hy8NvnEc+aw3b/xxzxySxiU7wl32Qk31d8tys 6 | 07i3jlh4RshtWx9O+SYP9U2fp03a/0/+/JleBl4pX+ob5p8F9z6+yi31wxIs0Qym 7 | 50Kk4E4bPYYByeaZvCZIneXViRJ70+QoWgc8CE6QHu6g9OXVZZ+8JGsipE9vCLld 8 | YjoJV46AbKM7C9qr49sJi6WEKp9eyK/fAmPQFIyfw+LQBkW8RpoUN/pC2pDtsEfk 9 | wNBOdaKY5Vnj+KnPItTlqTB938+RnXawtAWFRdMrrXtlYIzl5TNDwdleGjK6nged 10 | oaaYsfV2Tl8pi3lUB3XV0GG7Tz0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCA 11 | aNz5mVndHInJJloJIuFvHbQLeuglEfn1Iyjjk3ILLm29RqcVlJ1LsnZZXG4rv8JH 12 | YWHpvsLLrR/nIkT+wxFCfYVHp8szpyLVW/mTLWb6xAB/d6i1SEmYSN0LNkmNvWFS 13 | kDq9A3v5sa9SZ1/btgfIVa6QzZWHuqYqad3KWJcpn+PckqiG+Bihx69TGsIMJHgN 14 | 9P//ra2lWyL391KGycNrKTbydpFjRT6vwC2QZJWG47liRS/PYfm6wtdoJa7Mw9vl 15 | ciBvDhTFF7FYl0uV1NlzIoVyChMmRv2JR66efcTfWqfP44E4dhBKHIpBxc8+4GtI 16 | ol18bSfvVKBlIyoZPdRP 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /crates/server-fixture/certs/src/tls/test_server_cert.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/server-fixture/certs/src/tls/test_server_cert.der -------------------------------------------------------------------------------- /crates/server-fixture/certs/src/tls/test_server_private_key.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/server-fixture/certs/src/tls/test_server_private_key.der -------------------------------------------------------------------------------- /crates/server-fixture/server/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-server-fixture" 3 | publish = false 4 | version = "0.0.0" 5 | edition = "2021" 6 | 7 | [lints] 8 | workspace = true 9 | 10 | [dependencies] 11 | axum = { workspace = true } 12 | anyhow = { workspace = true } 13 | futures = { workspace = true } 14 | futures-rustls = { workspace = true } 15 | hyper = { workspace = true } 16 | hyper-util = { workspace = true, features = ["full"] } 17 | tokio = { workspace = true, features = ["macros", "rt-multi-thread"] } 18 | tokio-util = { workspace = true, features = ["compat", "io"] } 19 | tower-service = { version = "0.3" } 20 | serde_json = { workspace = true } 21 | tlsn-server-fixture-certs = { workspace = true } 22 | 23 | [[bin]] 24 | name = "tlsn-server-fixture" 25 | path = "src/main.rs" 26 | 27 | [dev-dependencies] 28 | axum-test = { version = "16.2.0" } 29 | http-body-util = { workspace = true } 30 | tower = { version = "0.5.1" } 31 | -------------------------------------------------------------------------------- /crates/server-fixture/server/README.md: -------------------------------------------------------------------------------- 1 | # tlsn-server-fixture 2 | 3 | Inspired by `httpbin.org`. 4 | 5 | # Quickstart 6 | 7 | ```bash 8 | cargo run --release 9 | ``` 10 | 11 | ## Setting the port 12 | 13 | Set the enviroment variable `PORT` to configured the port the server runs on. 14 | 15 | ```bash 16 | PORT=3001 cargo run --release 17 | ``` 18 | 19 | ## Testing 20 | 21 | You can test the server works using curl: 22 | 23 | ```bash 24 | curl https://0.0.0.0:3000/formats/html --insecure 25 | ``` 26 | 27 | Notice the `--insecure` flag, which will ignore that the server presents a self-signed cert. 28 | 29 | # Formats 30 | 31 | ## JSON 32 | 33 | The `/json` endpoint provides JSON data fixtures. You can pass the `size` query parameter to select between the 3 available payload sizes which are 1Kb, 4Kb, 8Kb. 34 | 35 | ```bash 36 | curl https://0.0.0.0:3000/formats/json?size=4 --insecure 37 | ``` -------------------------------------------------------------------------------- /crates/server-fixture/server/src/data/.gitignore: -------------------------------------------------------------------------------- 1 | !/* 2 | -------------------------------------------------------------------------------- /crates/server-fixture/server/src/data/1kb.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": 1234567890, 3 | "information": { 4 | "name": "John Doe", 5 | "address": { 6 | "street": "123 Elm Street", 7 | "city": "Anytown", 8 | "state": "XY", 9 | "postalCode": "12345" 10 | }, 11 | "favoriteColors": ["blue", "red", "green", "yellow"], 12 | "description": "John is a software engineer. He enjoys hiking, playing video games, and reading books. His favorite book is 'Moby Dick'.", 13 | "education": { 14 | "degree": "Bachelor's in Computer Science", 15 | "school": "Anytown University" 16 | }, 17 | "family": { 18 | "siblings": [ 19 | { 20 | "name": "Jane Doe", 21 | "relation": "Sister", 22 | "age": 24 23 | }, 24 | { 25 | "name": "Jack Doe", 26 | "relation": "Brother", 27 | "age": 20 28 | } 29 | ], 30 | "parents": { 31 | "father": { 32 | "name": "James Doe", 33 | "age": 55 34 | }, 35 | "mother": { 36 | "name": "Jenny Doe", 37 | "age": 53 38 | } 39 | } 40 | } 41 | }, 42 | "meta": { 43 | "createdAt": "2022-01-15T14:52:55Z", 44 | "lastUpdatedAt": "2023-01-12T16:42:10Z", 45 | "version": 1.2 46 | } 47 | } -------------------------------------------------------------------------------- /crates/server-fixture/server/src/data/protected_data.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": 1234567890, 3 | "information": { 4 | "name": "John Doe", 5 | "address": { 6 | "street": "123 Elm Street", 7 | "city": "Anytown", 8 | "state": "XY", 9 | "postalCode": "12345" 10 | }, 11 | "favoriteColors": [ 12 | "blue", 13 | "red", 14 | "green", 15 | "yellow" 16 | ], 17 | "description": "John is a software engineer. He enjoys hiking, playing video games, and reading books. His favorite book is 'Moby Dick'.", 18 | "education": { 19 | "degree": "Bachelor's in Computer Science", 20 | "school": "Anytown University" 21 | } 22 | }, 23 | "meta": { 24 | "createdAt": "2022-01-15T14:52:55Z", 25 | "lastUpdatedAt": "2023-01-12T16:42:10Z", 26 | "version": 1.2 27 | } 28 | } -------------------------------------------------------------------------------- /crates/server-fixture/server/src/main.rs: -------------------------------------------------------------------------------- 1 | use std::{env, io}; 2 | 3 | use tlsn_server_fixture::{bind, DEFAULT_FIXTURE_PORT}; 4 | use tokio::net::TcpListener; 5 | use tokio_util::compat::TokioAsyncWriteCompatExt; 6 | 7 | #[tokio::main] 8 | async fn main() -> io::Result<()> { 9 | let port = env::var("PORT").unwrap_or_else(|_| DEFAULT_FIXTURE_PORT.to_string()); 10 | let listener = TcpListener::bind(&format!("0.0.0.0:{port}")).await?; 11 | 12 | loop { 13 | let (socket, _) = listener.accept().await?; 14 | tokio::spawn(bind(socket.compat_write())); 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /crates/tests-integration/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tests-integration" 3 | version = "0.0.0" 4 | edition = "2021" 5 | publish = false 6 | 7 | [lints] 8 | workspace = true 9 | 10 | [dev-dependencies] 11 | tlsn-core = { workspace = true } 12 | tlsn-common = { workspace = true } 13 | tlsn-prover = { workspace = true } 14 | tlsn-server-fixture = { workspace = true } 15 | tlsn-server-fixture-certs = { workspace = true } 16 | tlsn-tls-core = { workspace = true } 17 | tlsn-verifier = { workspace = true } 18 | 19 | futures = { workspace = true } 20 | http-body-util = { workspace = true } 21 | hyper = { workspace = true, features = ["client", "http1"] } 22 | hyper-util = { workspace = true, features = ["full"] } 23 | tokio = { workspace = true, features = ["rt", "rt-multi-thread", "macros"] } 24 | tokio-util = { workspace = true } 25 | tracing = { workspace = true } 26 | tracing-subscriber = { workspace = true } 27 | -------------------------------------------------------------------------------- /crates/tls/backend/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-tls-backend" 3 | authors = ["TLSNotary Team"] 4 | description = "A TLS backend trait for TLSNotary" 5 | keywords = ["tls", "mpc", "2pc"] 6 | categories = ["cryptography"] 7 | license = "MIT OR Apache-2.0" 8 | version = "0.1.0-alpha.11" 9 | edition = "2021" 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [lib] 15 | name = "tls_backend" 16 | 17 | [dependencies] 18 | tlsn-tls-core = { workspace = true } 19 | 20 | async-trait = { workspace = true } 21 | thiserror = { workspace = true } 22 | futures = { workspace = true } 23 | -------------------------------------------------------------------------------- /crates/tls/client-async/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-tls-client-async" 3 | authors = ["TLSNotary Team"] 4 | description = "An async TLS client for TLSNotary" 5 | keywords = ["tls", "mpc", "2pc", "client", "async"] 6 | categories = ["cryptography"] 7 | license = "MIT OR Apache-2.0" 8 | version = "0.1.0-alpha.11" 9 | edition = "2021" 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [lib] 15 | name = "tls_client_async" 16 | 17 | [features] 18 | default = ["tracing"] 19 | tracing = ["dep:tracing"] 20 | 21 | [dependencies] 22 | tlsn-tls-client = { workspace = true } 23 | 24 | bytes = { workspace = true } 25 | futures = { workspace = true } 26 | thiserror = { workspace = true } 27 | tokio-util = { workspace = true, features = ["io", "compat"] } 28 | tracing = { workspace = true, optional = true } 29 | 30 | [dev-dependencies] 31 | tls-server-fixture = { workspace = true } 32 | 33 | http-body-util = { workspace = true } 34 | hyper = { workspace = true, features = ["client", "http1"] } 35 | hyper-util = { workspace = true, features = ["full"] } 36 | rstest = { workspace = true } 37 | tokio = { workspace = true, features = ["rt", "rt-multi-thread", "macros"] } 38 | -------------------------------------------------------------------------------- /crates/tls/client/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-tls-client" 3 | authors = ["TLSNotary Team"] 4 | description = "A TLS client for TLSNotary" 5 | keywords = ["tls", "mpc", "2pc", "client", "sync"] 6 | categories = ["cryptography"] 7 | license = "Apache-2.0 OR ISC OR MIT" 8 | version = "0.1.0-alpha.11" 9 | edition = "2021" 10 | autobenches = false 11 | 12 | [lints] 13 | workspace = true 14 | 15 | [lib] 16 | name = "tls_client" 17 | 18 | [dependencies] 19 | tlsn-tls-backend = { workspace = true } 20 | tlsn-tls-core = { workspace = true } 21 | 22 | async-trait = { workspace = true } 23 | log = { workspace = true, optional = true } 24 | ring = { workspace = true } 25 | sct = { workspace = true } 26 | webpki = { workspace = true, features = ["alloc", "std"] } 27 | aes-gcm = { workspace = true } 28 | p256 = { workspace = true, features = ["ecdh"] } 29 | rand = { workspace = true } 30 | rand06-compat = { workspace = true } 31 | hmac = { workspace = true } 32 | sha2 = { workspace = true, features = ["compress"] } 33 | digest = { workspace = true } 34 | futures = { workspace = true } 35 | web-time = { workspace = true } 36 | 37 | [features] 38 | default = ["logging", "tls12"] 39 | logging = ["log"] 40 | tls12 = [] 41 | 42 | [dev-dependencies] 43 | env_logger = { workspace = true } 44 | webpki-roots = { workspace = true } 45 | rustls-pemfile = { workspace = true } 46 | rustls = { version = "0.20", features = ["tls12"] } 47 | tokio = { workspace = true, features = ["rt", "macros"] } 48 | 49 | [[example]] 50 | name = "bench" 51 | path = "examples/internal/bench.rs" 52 | 53 | [package.metadata.docs.rs] 54 | all-features = true 55 | rustdoc-args = ["--cfg", "docsrs"] 56 | 57 | [target.'cfg(target_arch = "wasm32")'.dependencies] 58 | ring = { version = "0.17", features = ["wasm32_unknown_unknown_js"] } 59 | -------------------------------------------------------------------------------- /crates/tls/client/README.md: -------------------------------------------------------------------------------- 1 | # TLS Client 2 | 3 | This crate is a derivative of [rustls](https://github.com/rustls/rustls) with 4 | significant modifications to facilitate the TLSNotary protocol. 5 | 6 | This crate is licensed under the same terms as rustls. -------------------------------------------------------------------------------- /crates/tls/client/src/backend/mod.rs: -------------------------------------------------------------------------------- 1 | mod standard; 2 | 3 | pub use standard::RustCryptoBackend; 4 | pub use tls_backend::{Backend, BackendError, DecryptMode, EncryptMode}; 5 | -------------------------------------------------------------------------------- /crates/tls/client/src/manual/defaults.rs: -------------------------------------------------------------------------------- 1 | /*! 2 | 3 | ## Rationale for defaults 4 | 5 | ### Why is AES-256 preferred over AES-128? 6 | 7 | This is a trade-off between: 8 | 9 | 1. classical security level: searching a 2^128 key space is as implausible as 2^256. 10 | 2. post-quantum security level: the difference is more meaningful, and AES-256 seems like the conservative choice. 11 | 3. performance: AES-256 is around 40% slower than AES-128, though hardware acceleration typically narrows this gap. 12 | 13 | The choice is frankly quite marginal. 14 | 15 | ### Why is AES-GCM preferred over chacha20-poly1305? 16 | 17 | Hardware support for accelerating AES-GCM is widespread, and hardware-accelerated AES-GCM 18 | is quicker than un-accelerated chacha20-poly1305. 19 | 20 | However, if you know your application will run on a platform without that, you should 21 | _definitely_ change the default order to prefer chacha20-poly1305: both the performance and 22 | the implementation security will be improved. We think this is an uncommon case. 23 | 24 | ### Why is x25519 preferred for key exchange over nistp256? 25 | 26 | Both provide roughly the same classical security level, but x25519 has better performance and 27 | it's _much_ more likely that both peers will have good quality implementations. 28 | 29 | */ 30 | -------------------------------------------------------------------------------- /crates/tls/client/src/manual/features.rs: -------------------------------------------------------------------------------- 1 | /*! 2 | 3 | ## Current features 4 | 5 | * TLS1.2 and TLS1.3. 6 | * ECDSA, Ed25519 or RSA server authentication by clients. 7 | * ECDSA, Ed25519 or RSA server authentication by servers. 8 | * Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves. 9 | * AES128-GCM and AES256-GCM bulk encryption, with safe nonces. 10 | * ChaCha20-Poly1305 bulk encryption ([RFC7905](https://tools.ietf.org/html/rfc7905)). 11 | * ALPN support. 12 | * SNI support. 13 | * Tunable MTU to make TLS messages match size of underlying transport. 14 | * Optional use of vectored IO to minimise system calls. 15 | * TLS1.2 session resumption. 16 | * TLS1.2 resumption via tickets (RFC5077). 17 | * TLS1.3 resumption via tickets or session storage. 18 | * TLS1.3 0-RTT data for clients. 19 | * Client authentication by clients. 20 | * Client authentication by servers. 21 | * Extended master secret support (RFC7627). 22 | * Exporters (RFC5705). 23 | * OCSP stapling by servers. 24 | * SCT stapling by servers. 25 | * SCT verification by clients. 26 | 27 | ## Possible future features 28 | 29 | * PSK support. 30 | * OCSP verification by clients. 31 | * Certificate pinning. 32 | 33 | ## Non-features 34 | 35 | For reasons explained in the other sections of this manual, rustls does not 36 | and will not support: 37 | 38 | * SSL1, SSL2, SSL3, TLS1 or TLS1.1. 39 | * RC4. 40 | * DES or triple DES. 41 | * EXPORT ciphersuites. 42 | * MAC-then-encrypt ciphersuites. 43 | * Ciphersuites without forward secrecy. 44 | * Renegotiation. 45 | * Kerberos. 46 | * Compression. 47 | * Discrete-log Diffie-Hellman. 48 | * Automatic protocol version downgrade. 49 | 50 | */ 51 | -------------------------------------------------------------------------------- /crates/tls/client/src/manual/mod.rs: -------------------------------------------------------------------------------- 1 | /*! 2 | 3 | This documentation primarily aims to explain design decisions taken in rustls. 4 | 5 | It does this from a few aspects: how rustls attempts to avoid construction errors 6 | that occurred in other TLS libraries, how rustls attempts to avoid past TLS 7 | protocol vulnerabilities, and assorted advice for achieving common tasks with rustls. 8 | */ 9 | #![allow(non_snake_case)] 10 | 11 | /// This section discusses vulnerabilities in other TLS implementations, theorising their 12 | /// root cause and how we aim to avoid them in rustls. 13 | #[path = "implvulns.rs"] 14 | pub mod _01_impl_vulnerabilities; 15 | 16 | /// This section discusses vulnerabilities and design errors in the TLS protocol. 17 | #[path = "tlsvulns.rs"] 18 | pub mod _02_tls_vulnerabilities; 19 | 20 | /// This section collects together goal-oriented documentation. 21 | #[path = "howto.rs"] 22 | pub mod _03_howto; 23 | 24 | /// This section documents rustls itself: what protocol features are and are not implemented. 25 | #[path = "features.rs"] 26 | pub mod _04_features; 27 | 28 | /// This section provides rationale for the defaults in rustls. 29 | #[path = "defaults.rs"] 30 | pub mod _05_defaults; 31 | -------------------------------------------------------------------------------- /crates/tls/client/src/msgs/mod.rs: -------------------------------------------------------------------------------- 1 | pub(crate) mod persist; 2 | 3 | #[cfg(test)] 4 | mod persist_test; 5 | -------------------------------------------------------------------------------- /crates/tls/client/src/rand.rs: -------------------------------------------------------------------------------- 1 | /// The single place where we generate random material 2 | /// for our own use. These functions never fail, 3 | /// they panic on error. 4 | use ring::rand::{SecureRandom, SystemRandom}; 5 | use tls_core::msgs::codec; 6 | 7 | /// Fill the whole slice with random material. 8 | pub(crate) fn fill_random(bytes: &mut [u8]) -> Result<(), GetRandomFailed> { 9 | SystemRandom::new().fill(bytes).map_err(|_| GetRandomFailed) 10 | } 11 | 12 | /// Make a Vec of the given size 13 | /// containing random material. 14 | pub(crate) fn random_vec(len: usize) -> Result, GetRandomFailed> { 15 | let mut v = vec![0; len]; 16 | fill_random(&mut v)?; 17 | Ok(v) 18 | } 19 | 20 | /// Return a uniformly random u32. 21 | pub(crate) fn random_u32() -> Result { 22 | let mut buf = [0u8; 4]; 23 | fill_random(&mut buf)?; 24 | codec::decode_u32(&buf).ok_or(GetRandomFailed) 25 | } 26 | 27 | #[derive(Debug)] 28 | pub struct GetRandomFailed; 29 | -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-arstechnica.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-arstechnica.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-arstechnica.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-arstechnica.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-arstechnica.2.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-arstechnica.2.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-arstechnica.3.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-arstechnica.3.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-duckduckgo.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-duckduckgo.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-duckduckgo.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-duckduckgo.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-github.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-github.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-github.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-github.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-google.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-google.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-google.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-google.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-google.2.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-google.2.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-hn.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-hn.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-hn.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-hn.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-reddit.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-reddit.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-reddit.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-reddit.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-rustlang.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-rustlang.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-rustlang.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-rustlang.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-rustlang.2.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-rustlang.2.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-rustlang.3.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-rustlang.3.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-servo.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-servo.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-servo.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-servo.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-stackoverflow.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-stackoverflow.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-stackoverflow.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-stackoverflow.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-stackoverflow.2.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-stackoverflow.2.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-twitter.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-twitter.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-twitter.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-twitter.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-wapo.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-wapo.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-wapo.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-wapo.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-wikipedia.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-wikipedia.0.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/cert-wikipedia.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/cert-wikipedia.1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/deframer-empty-applicationdata.bin: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/deframer-invalid-contenttype.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/deframer-invalid-contenttype.bin -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/deframer-invalid-empty.bin: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/deframer-invalid-length.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/deframer-invalid-length.bin -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/deframer-invalid-version.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/deframer-invalid-version.bin -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/deframer-test.1.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/deframer-test.1.bin -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/deframer-test.2.bin: -------------------------------------------------------------------------------- 1 | n -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/eddsakey.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/eddsakey.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/nistp256key.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/nistp256key.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/nistp256key.pkcs8.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/nistp256key.pkcs8.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/nistp384key.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/nistp384key.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/nistp384key.pkcs8.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/nistp384key.pkcs8.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/prf-result.1.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/prf-result.1.bin -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/prf-result.2.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/prf-result.2.bin -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/rsa2048key.pkcs1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/rsa2048key.pkcs1.der -------------------------------------------------------------------------------- /crates/tls/client/src/testdata/rsa2048key.pkcs8.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/src/testdata/rsa2048key.pkcs8.der -------------------------------------------------------------------------------- /crates/tls/client/src/ticketer.rs: -------------------------------------------------------------------------------- 1 | /// The timebase for expiring and rolling tickets and ticketing 2 | /// keys. This is UNIX wall time in seconds. 3 | /// 4 | /// This is guaranteed to be on or after the UNIX epoch. 5 | #[derive(Clone, Copy, Debug)] 6 | pub struct TimeBase(web_time::Duration); 7 | 8 | impl TimeBase { 9 | #[inline] 10 | pub fn now() -> Result { 11 | Ok(Self( 12 | web_time::SystemTime::now().duration_since(web_time::UNIX_EPOCH)?, 13 | )) 14 | } 15 | 16 | #[inline] 17 | pub fn as_secs(&self) -> u64 { 18 | self.0.as_secs() 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/ca.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBzDCCAVKgAwIBAgIUYt6sOyqi/Tx6JmHHxcgp//zDEtMwCgYIKoZIzj0EAwIw 3 | HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwIBcNMjQxMjAyMTAzMzUyWhgP 4 | MjEyNDEyMDMxMDMzNTJaMBwxGjAYBgNVBAMMEXBvbnl0b3duIEVDRFNBIENBMHYw 5 | EAYHKoZIzj0CAQYFK4EEACIDYgAEWamBdmrmTZU7mkQi7zUA/u57fUtPMiBDFzEH 6 | Id7a0TAlcTdIqwRp1qijQLRGU6KyoZvS5M638wtbCWSBIqz6hIUbQbbEPh415Juw 7 | iBkMPNBIBahBjftoX1e1+evjC1Nno1MwUTAdBgNVHQ4EFgQUV96z77YjktcY5ASn 8 | t+znXPqumw4wHwYDVR0jBBgwFoAUV96z77YjktcY5ASnt+znXPqumw4wDwYDVR0T 9 | AQH/BAUwAwEB/zAKBggqhkjOPQQDAgNoADBlAjBCMqlKaRhF5rt3tFZiDsaH9Vu5 10 | PuWt53deGwDmfbkf9Ys0O9QEPk90xnti6sb+sagCMQDKGr0bfbGZlWCzWg2wuwVe 11 | c3i7BbaOPaNWTbFsfX2dVSwGO40AWpVKd3zz4n4pEic= 12 | -----END CERTIFICATE----- 13 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/ca.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/test-ca/ecdsa/ca.der -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDChf6AfT6xQboQ+SpK+ 3 | gg+RC6GZEMArxsiKZz22Dqjlby39V8TTuMfsmjgpVZzrxB+hZANiAARZqYF2auZN 4 | lTuaRCLvNQD+7nt9S08yIEMXMQch3trRMCVxN0irBGnWqKNAtEZTorKhm9Lkzrfz 5 | C1sJZIEirPqEhRtBtsQ+HjXkm7CIGQw80EgFqEGN+2hfV7X56+MLU2c= 6 | -----END PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/client.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB9DCCAZmgAwIBAgICAxUwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv 3 | d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwIBcNMjQxMjAyMTAzMzUzWhgP 4 | MjEyNDEyMDMxMDMzNTNaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIGNsaWVudDB2MBAG 5 | ByqGSM49AgEGBSuBBAAiA2IABIvljRQlPUodII07K7B/R5KRafWg2Gg8mH0LiIQR 6 | pNg1d+ltS1f0f90aWmOWRpA2siFm5m4KpZReFBTkCSyqQkZJKH+GA9+BDDdakyaY 7 | Vymq4gHiVWooC6fSSyN1Dao1z6OBmzCBmDAMBgNVHRMBAf8EAjAAMAsGA1UdDwQE 8 | AwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUAI3hcRImY/ka 9 | FLPCvM2jRBM1Y7IwRAYDVR0jBD0wO4AUpqdxOi8T5z2Eyut9yck24S5DeV6hIKQe 10 | MBwxGjAYBgNVBAMMEXBvbnl0b3duIEVDRFNBIENBggF7MAoGCCqGSM49BAMCA0kA 11 | MEYCIQDaowzTGkUrLQRLs8p8/mJijxsX9YvW25CKNkjos9FrAAIhAL+vS52Gp0K2 12 | b75ZKFGw8MRinQn0pAzlPSec+xkcpteh 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/client.chain: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB2TCCAWCgAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 3 | biBFQ0RTQSBDQTAgFw0yNDEyMDIxMDMzNTNaGA8yMTI0MTIwMzEwMzM1M1owLjEs 4 | MCoGA1UEAwwjcG9ueXRvd24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwWTAT 5 | BgcqhkjOPQIBBggqhkjOPQMBBwNCAASYxEw0vc5i84jGjb74DLDTzpJZB7MNtSfX 6 | qGpsERCQdiK6hFVNvQFWQaU0SqZo3msyemDEI9VTS3nZrOKlvWJ2o38wfTAdBgNV 7 | HQ4EFgQUpqdxOi8T5z2Eyut9yck24S5DeV4wIAYDVR0lAQH/BBYwFAYIKwYBBQUH 8 | AwEGCCsGAQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQY 9 | MBaAFFfes++2I5LXGOQEp7fs51z6rpsOMAoGCCqGSM49BAMCA2cAMGQCMFKfavm6 10 | C1oTaQ/Ceu+p44cd8AeWXFsAMt6rk2sjvA8WLVRXdNDunfSI28+bldXd8wIwaHd6 11 | AYWnQzyEyiP4rpnjHvmRDksihIl/SxF8qsAZP+Y7m+AfURQ05OYKaqI/+NdL 12 | -----END CERTIFICATE----- 13 | -----BEGIN CERTIFICATE----- 14 | MIIBzDCCAVKgAwIBAgIUYt6sOyqi/Tx6JmHHxcgp//zDEtMwCgYIKoZIzj0EAwIw 15 | HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwIBcNMjQxMjAyMTAzMzUyWhgP 16 | MjEyNDEyMDMxMDMzNTJaMBwxGjAYBgNVBAMMEXBvbnl0b3duIEVDRFNBIENBMHYw 17 | EAYHKoZIzj0CAQYFK4EEACIDYgAEWamBdmrmTZU7mkQi7zUA/u57fUtPMiBDFzEH 18 | Id7a0TAlcTdIqwRp1qijQLRGU6KyoZvS5M638wtbCWSBIqz6hIUbQbbEPh415Juw 19 | iBkMPNBIBahBjftoX1e1+evjC1Nno1MwUTAdBgNVHQ4EFgQUV96z77YjktcY5ASn 20 | t+znXPqumw4wHwYDVR0jBBgwFoAUV96z77YjktcY5ASnt+znXPqumw4wDwYDVR0T 21 | AQH/BAUwAwEB/zAKBggqhkjOPQQDAgNoADBlAjBCMqlKaRhF5rt3tFZiDsaH9Vu5 22 | PuWt53deGwDmfbkf9Ys0O9QEPk90xnti6sb+sagCMQDKGr0bfbGZlWCzWg2wuwVe 23 | c3i7BbaOPaNWTbFsfX2dVSwGO40AWpVKd3zz4n4pEic= 24 | -----END CERTIFICATE----- 25 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDz965kwhZ3HOJ1s9b4 3 | S4yi5iJlXQj+sqaVV6159hxPDaoSLId5ISYdxEZO7It9z72hZANiAASL5Y0UJT1K 4 | HSCNOyuwf0eSkWn1oNhoPJh9C4iEEaTYNXfpbUtX9H/dGlpjlkaQNrIhZuZuCqWU 5 | XhQU5AksqkJGSSh/hgPfgQw3WpMmmFcpquIB4lVqKAun0ksjdQ2qNc8= 6 | -----END PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/client.req: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIBEzCBmQIBADAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcqhkjO 3 | PQIBBgUrgQQAIgNiAASL5Y0UJT1KHSCNOyuwf0eSkWn1oNhoPJh9C4iEEaTYNXfp 4 | bUtX9H/dGlpjlkaQNrIhZuZuCqWUXhQU5AksqkJGSSh/hgPfgQw3WpMmmFcpquIB 5 | 4lVqKAun0ksjdQ2qNc+gADAKBggqhkjOPQQDAgNpADBmAjEAkMl7VRySM2QPd/yX 6 | MdL8k+DmRkb9cq/mXdC7NZSOWsgr5WAdZk/CD0w2oqSWL+oyAjEA9r8Hn6oaufCw 7 | y0v1vVpXUlH3go0ZQ6iAY3QPT90buyF8XUq5b5avzit9VUunYSCz 8 | -----END CERTIFICATE REQUEST----- 9 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/end.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB+TCCAaCgAwIBAgICAcgwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv 3 | d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwIBcNMjQxMjAyMTAzMzUzWhgP 4 | MjEyNDEyMDMxMDMzNTNaMBkxFzAVBgNVBAMMDnRlc3RzZXJ2ZXIuY29tMFkwEwYH 5 | KoZIzj0CAQYIKoZIzj0DAQcDQgAE3lT81KMlTskqUClt5/lajf8s0LBuO7pGxnef 6 | ZbtEMuaBTuWmNv6jVCgfBfCmIRvven4h3i7q3sAaHolTn5xJw6OBwDCBvTAMBgNV 7 | HRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQU6cD1FCbZQswkfvAHN76Y 8 | yVztePgwRAYDVR0jBD0wO4AUpqdxOi8T5z2Eyut9yck24S5DeV6hIKQeMBwxGjAY 9 | BgNVBAMMEXBvbnl0b3duIEVDRFNBIENBggF7MDsGA1UdEQQ0MDKCDnRlc3RzZXJ2 10 | ZXIuY29tghVzZWNvbmQudGVzdHNlcnZlci5jb22CCWxvY2FsaG9zdDAKBggqhkjO 11 | PQQDAgNHADBEAiBHO8EUcNRqVqW3NfZB5Upu9YHXazOTy2hYeA5/dbaaXAIgMYXZ 12 | MGMJ1p/BaXepJX4eaMxdFkYavBCPx0ZDuWV9j2g= 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/end.chain: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB2TCCAWCgAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 3 | biBFQ0RTQSBDQTAgFw0yNDEyMDIxMDMzNTNaGA8yMTI0MTIwMzEwMzM1M1owLjEs 4 | MCoGA1UEAwwjcG9ueXRvd24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwWTAT 5 | BgcqhkjOPQIBBggqhkjOPQMBBwNCAASYxEw0vc5i84jGjb74DLDTzpJZB7MNtSfX 6 | qGpsERCQdiK6hFVNvQFWQaU0SqZo3msyemDEI9VTS3nZrOKlvWJ2o38wfTAdBgNV 7 | HQ4EFgQUpqdxOi8T5z2Eyut9yck24S5DeV4wIAYDVR0lAQH/BBYwFAYIKwYBBQUH 8 | AwEGCCsGAQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQY 9 | MBaAFFfes++2I5LXGOQEp7fs51z6rpsOMAoGCCqGSM49BAMCA2cAMGQCMFKfavm6 10 | C1oTaQ/Ceu+p44cd8AeWXFsAMt6rk2sjvA8WLVRXdNDunfSI28+bldXd8wIwaHd6 11 | AYWnQzyEyiP4rpnjHvmRDksihIl/SxF8qsAZP+Y7m+AfURQ05OYKaqI/+NdL 12 | -----END CERTIFICATE----- 13 | -----BEGIN CERTIFICATE----- 14 | MIIBzDCCAVKgAwIBAgIUYt6sOyqi/Tx6JmHHxcgp//zDEtMwCgYIKoZIzj0EAwIw 15 | HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwIBcNMjQxMjAyMTAzMzUyWhgP 16 | MjEyNDEyMDMxMDMzNTJaMBwxGjAYBgNVBAMMEXBvbnl0b3duIEVDRFNBIENBMHYw 17 | EAYHKoZIzj0CAQYFK4EEACIDYgAEWamBdmrmTZU7mkQi7zUA/u57fUtPMiBDFzEH 18 | Id7a0TAlcTdIqwRp1qijQLRGU6KyoZvS5M638wtbCWSBIqz6hIUbQbbEPh415Juw 19 | iBkMPNBIBahBjftoX1e1+evjC1Nno1MwUTAdBgNVHQ4EFgQUV96z77YjktcY5ASn 20 | t+znXPqumw4wHwYDVR0jBBgwFoAUV96z77YjktcY5ASnt+znXPqumw4wDwYDVR0T 21 | AQH/BAUwAwEB/zAKBggqhkjOPQQDAgNoADBlAjBCMqlKaRhF5rt3tFZiDsaH9Vu5 22 | PuWt53deGwDmfbkf9Ys0O9QEPk90xnti6sb+sagCMQDKGr0bfbGZlWCzWg2wuwVe 23 | c3i7BbaOPaNWTbFsfX2dVSwGO40AWpVKd3zz4n4pEic= 24 | -----END CERTIFICATE----- 25 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/end.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgk/LRgR8qaMUvJA3D 3 | 4YHvLnHT58xrhJSnnohuins/wiOhRANCAATeVPzUoyVOySpQKW3n+VqN/yzQsG47 4 | ukbGd59lu0Qy5oFO5aY2/qNUKB8F8KYhG+96fiHeLurewBoeiVOfnEnD 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/end.req: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIHUMHsCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wWTATBgcqhkjOPQIB 3 | BggqhkjOPQMBBwNCAATeVPzUoyVOySpQKW3n+VqN/yzQsG47ukbGd59lu0Qy5oFO 4 | 5aY2/qNUKB8F8KYhG+96fiHeLurewBoeiVOfnEnDoAAwCgYIKoZIzj0EAwIDSQAw 5 | RgIhAON4OGdn+3KXVFP/oGNEdlubqi5Jhf4xX7ELai6dVe3nAiEAr/QW2DzmElx2 6 | trpr0REDHGn+uQjqcD5U9onXFA9zw7E= 7 | -----END CERTIFICATE REQUEST----- 8 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/inter.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB2TCCAWCgAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 3 | biBFQ0RTQSBDQTAgFw0yNDEyMDIxMDMzNTNaGA8yMTI0MTIwMzEwMzM1M1owLjEs 4 | MCoGA1UEAwwjcG9ueXRvd24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwWTAT 5 | BgcqhkjOPQIBBggqhkjOPQMBBwNCAASYxEw0vc5i84jGjb74DLDTzpJZB7MNtSfX 6 | qGpsERCQdiK6hFVNvQFWQaU0SqZo3msyemDEI9VTS3nZrOKlvWJ2o38wfTAdBgNV 7 | HQ4EFgQUpqdxOi8T5z2Eyut9yck24S5DeV4wIAYDVR0lAQH/BBYwFAYIKwYBBQUH 8 | AwEGCCsGAQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQY 9 | MBaAFFfes++2I5LXGOQEp7fs51z6rpsOMAoGCCqGSM49BAMCA2cAMGQCMFKfavm6 10 | C1oTaQ/Ceu+p44cd8AeWXFsAMt6rk2sjvA8WLVRXdNDunfSI28+bldXd8wIwaHd6 11 | AYWnQzyEyiP4rpnjHvmRDksihIl/SxF8qsAZP+Y7m+AfURQ05OYKaqI/+NdL 12 | -----END CERTIFICATE----- 13 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/inter.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXRLff45ueFvWUk0t 3 | 4597HUDzb8VQ1r986fPnnEYLLgqhRANCAASYxEw0vc5i84jGjb74DLDTzpJZB7MN 4 | tSfXqGpsERCQdiK6hFVNvQFWQaU0SqZo3msyemDEI9VTS3nZrOKlvWJ2 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/inter.req: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIHoMIGQAgEAMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50 3 | ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmMRMNL3OYvOIxo2+ 4 | +Ayw086SWQezDbUn16hqbBEQkHYiuoRVTb0BVkGlNEqmaN5rMnpgxCPVU0t52azi 5 | pb1idqAAMAoGCCqGSM49BAMCA0cAMEQCIHuqJY3i7VaZnFBDZb1r+Axnkb50m5fP 6 | 0oVjHxSaDiuyAiAopvrq3V3KPxVrnugw0scNMN+5tXUhPQJMfW7Jp6Z+xg== 7 | -----END CERTIFICATE REQUEST----- 8 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/nistp256.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BggqhkjOPQMBBw== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/ecdsa/nistp384.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PARAMETERS----- 2 | BgUrgQQAIg== 3 | -----END EC PARAMETERS----- 4 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/ca.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBTzCCAQGgAwIBAgIUBGDLJiQZa9GGYE3M+PCsihBf9SMwBQYDK2VwMBwxGjAY 3 | BgNVBAMMEXBvbnl0b3duIEVkRFNBIENBMCAXDTI0MTIwMjEwMzM1MloYDzIxMjQx 4 | MjAzMTAzMzUyWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytl 5 | cAMhAJsJp+xQp2sWt02f+2rUHemu/bxtY9rcPdQC37oQDafko1MwUTAdBgNVHQ4E 6 | FgQU+KWNKlqZmvWiOywG7qsVsucgAUMwHwYDVR0jBBgwFoAU+KWNKlqZmvWiOywG 7 | 7qsVsucgAUMwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQBkCR52vXfYVlJLEVBy 8 | jIbwAGNIy4VHvVUowkKiqeIUnKFzbsHWa97orHYDg9vGIu95joN7A8z07P+dTXtC 9 | qmoA 10 | -----END CERTIFICATE----- 11 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/ca.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/test-ca/eddsa/ca.der -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MC4CAQAwBQYDK2VwBCIEIFJU5507vU5DJ4vPvGn+LSEKttdcpxnkZ82BhcaCS6+O 3 | -----END PRIVATE KEY----- 4 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/client.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBljCCAUigAwIBAgICAxUwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk 3 | RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTI0MTIwMjEwMzM1M1oYDzIxMjQx 4 | MjAzMTAzMzUzWjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwKjAFBgMrZXAD 5 | IQBWDZiZ22XBqX/oaR5/9uEDxSLcjK/7UMM8B/JmSkKlT6OBmzCBmDAMBgNVHRMB 6 | Af8EAjAAMAsGA1UdDwQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjAdBgNV 7 | HQ4EFgQUCYEuULJzOlY2W4LRrcJztbYWwt4wRAYDVR0jBD0wO4AUw173UaUhQJ2u 8 | SvlsDCbA+HoQkVyhIKQeMBwxGjAYBgNVBAMMEXBvbnl0b3duIEVkRFNBIENBggF7 9 | MAUGAytlcANBAFCq4yMco7Ym7arxBtjwr5voCuMvm4+ntHS7bKXvv5PbicMbLduc 10 | 5cnwOVcu5nCGR428yC1pJycSrUg0HmVZugs= 11 | -----END CERTIFICATE----- 12 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/client.chain: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBejCCASygAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE 3 | U0EgQ0EwIBcNMjQxMjAyMTAzMzUzWhgPMjEyNDEyMDMxMDMzNTNaMC4xLDAqBgNV 4 | BAMMI3Bvbnl0b3duIEVkRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCowBQYDK2Vw 5 | AyEAQ6qnSrP3epS0sJt48GdNZrw3gi5mHO4fRjuGmGlRezGjfzB9MB0GA1UdDgQW 6 | BBTDXvdRpSFAna5K+WwMJsD4ehCRXDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYI 7 | KwYBBQUHAwIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4wHwYDVR0jBBgwFoAU 8 | +KWNKlqZmvWiOywG7qsVsucgAUMwBQYDK2VwA0EAvv3+xnGGe/rm6ArdpRbRtS7/ 9 | x0RlN6U6+ZA087/nM8UOKxvgt44auJYvNzWpWwz6QqAiexEA+wljSFpJCpfiAg== 10 | -----END CERTIFICATE----- 11 | -----BEGIN CERTIFICATE----- 12 | MIIBTzCCAQGgAwIBAgIUBGDLJiQZa9GGYE3M+PCsihBf9SMwBQYDK2VwMBwxGjAY 13 | BgNVBAMMEXBvbnl0b3duIEVkRFNBIENBMCAXDTI0MTIwMjEwMzM1MloYDzIxMjQx 14 | MjAzMTAzMzUyWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytl 15 | cAMhAJsJp+xQp2sWt02f+2rUHemu/bxtY9rcPdQC37oQDafko1MwUTAdBgNVHQ4E 16 | FgQU+KWNKlqZmvWiOywG7qsVsucgAUMwHwYDVR0jBBgwFoAU+KWNKlqZmvWiOywG 17 | 7qsVsucgAUMwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQBkCR52vXfYVlJLEVBy 18 | jIbwAGNIy4VHvVUowkKiqeIUnKFzbsHWa97orHYDg9vGIu95joN7A8z07P+dTXtC 19 | qmoA 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MC4CAQAwBQYDK2VwBCIEIBs62PAI/xUAzC2p4sNjphoD85F1gouH9olX8g5lGOMb 3 | -----END PRIVATE KEY----- 4 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/client.req: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIGZME0CAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA 3 | Vg2Ymdtlwal/6Gkef/bhA8Ui3Iyv+1DDPAfyZkpCpU+gADAFBgMrZXADQQBKcSzB 4 | ZEMsidNsDBKE5Acy3RHq5eBhm4D3cNrOYh2NbwPDQhrcv+NV06wcCndsZ9upekU0 5 | 5ujLa9GtSReLld8O 6 | -----END CERTIFICATE REQUEST----- 7 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/end.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBujCCAWygAwIBAgICAcgwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk 3 | RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTI0MTIwMjEwMzM1M1oYDzIxMjQx 4 | MjAzMTAzMzUzWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTAqMAUGAytlcAMh 5 | ADErSeQx90dlJI9NJOcWwV2CUgooTPLJcgXJ8iXuXKWYo4HAMIG9MAwGA1UdEwEB 6 | /wQCMAAwCwYDVR0PBAQDAgbAMB0GA1UdDgQWBBRzLDGBQ1k3yKPllupDJJCv134t 7 | VjBEBgNVHSMEPTA7gBTDXvdRpSFAna5K+WwMJsD4ehCRXKEgpB4wHDEaMBgGA1UE 8 | AwwRcG9ueXRvd24gRWREU0EgQ0GCAXswOwYDVR0RBDQwMoIOdGVzdHNlcnZlci5j 9 | b22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0MAUGAytlcANBAKdE 10 | R8jAHwJfQ4jxMKufEe0MowOAZKWsrQXoA6rUdyL23ZdMe80VxWSMjHxjIQqymMy7 11 | eOTS8kqENhW0MD651AU= 12 | -----END CERTIFICATE----- 13 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/end.chain: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBejCCASygAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE 3 | U0EgQ0EwIBcNMjQxMjAyMTAzMzUzWhgPMjEyNDEyMDMxMDMzNTNaMC4xLDAqBgNV 4 | BAMMI3Bvbnl0b3duIEVkRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCowBQYDK2Vw 5 | AyEAQ6qnSrP3epS0sJt48GdNZrw3gi5mHO4fRjuGmGlRezGjfzB9MB0GA1UdDgQW 6 | BBTDXvdRpSFAna5K+WwMJsD4ehCRXDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYI 7 | KwYBBQUHAwIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4wHwYDVR0jBBgwFoAU 8 | +KWNKlqZmvWiOywG7qsVsucgAUMwBQYDK2VwA0EAvv3+xnGGe/rm6ArdpRbRtS7/ 9 | x0RlN6U6+ZA087/nM8UOKxvgt44auJYvNzWpWwz6QqAiexEA+wljSFpJCpfiAg== 10 | -----END CERTIFICATE----- 11 | -----BEGIN CERTIFICATE----- 12 | MIIBTzCCAQGgAwIBAgIUBGDLJiQZa9GGYE3M+PCsihBf9SMwBQYDK2VwMBwxGjAY 13 | BgNVBAMMEXBvbnl0b3duIEVkRFNBIENBMCAXDTI0MTIwMjEwMzM1MloYDzIxMjQx 14 | MjAzMTAzMzUyWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytl 15 | cAMhAJsJp+xQp2sWt02f+2rUHemu/bxtY9rcPdQC37oQDafko1MwUTAdBgNVHQ4E 16 | FgQU+KWNKlqZmvWiOywG7qsVsucgAUMwHwYDVR0jBBgwFoAU+KWNKlqZmvWiOywG 17 | 7qsVsucgAUMwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQBkCR52vXfYVlJLEVBy 18 | jIbwAGNIy4VHvVUowkKiqeIUnKFzbsHWa97orHYDg9vGIu95joN7A8z07P+dTXtC 19 | qmoA 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/end.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MC4CAQAwBQYDK2VwBCIEIKy/wR03PbajHpPGu3OR2W2cFTmqDntWQn3tQgRP94Cx 3 | -----END PRIVATE KEY----- 4 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/end.req: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIGYMEwCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQAx 3 | K0nkMfdHZSSPTSTnFsFdglIKKEzyyXIFyfIl7lylmKAAMAUGAytlcANBAHrvEhI3 4 | 1HgQ0qI/EKY0wsnzq5jUW91LO/LFKRuUgyi1uXaXvJ0k3UUhyO/ApBGfGiBZgqIp 5 | 2FPbQtlRHh7vSQY= 6 | -----END CERTIFICATE REQUEST----- 7 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/inter.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBejCCASygAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE 3 | U0EgQ0EwIBcNMjQxMjAyMTAzMzUzWhgPMjEyNDEyMDMxMDMzNTNaMC4xLDAqBgNV 4 | BAMMI3Bvbnl0b3duIEVkRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCowBQYDK2Vw 5 | AyEAQ6qnSrP3epS0sJt48GdNZrw3gi5mHO4fRjuGmGlRezGjfzB9MB0GA1UdDgQW 6 | BBTDXvdRpSFAna5K+WwMJsD4ehCRXDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYI 7 | KwYBBQUHAwIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4wHwYDVR0jBBgwFoAU 8 | +KWNKlqZmvWiOywG7qsVsucgAUMwBQYDK2VwA0EAvv3+xnGGe/rm6ArdpRbRtS7/ 9 | x0RlN6U6+ZA087/nM8UOKxvgt44auJYvNzWpWwz6QqAiexEA+wljSFpJCpfiAg== 10 | -----END CERTIFICATE----- 11 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/inter.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MC4CAQAwBQYDK2VwBCIEIFHpe4qaM+BknryeRC0HX5CCQa7Lner0+wTLw8+wn5dl 3 | -----END PRIVATE KEY----- 4 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/eddsa/inter.req: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIGtMGECAQAwLjEsMCoGA1UEAwwjcG9ueXRvd24gRWREU0EgbGV2ZWwgMiBpbnRl 3 | cm1lZGlhdGUwKjAFBgMrZXADIQBDqqdKs/d6lLSwm3jwZ01mvDeCLmYc7h9GO4aY 4 | aVF7MaAAMAUGAytlcANBAHwTt7I0d6KWakWVqg40FyEwmtGgg5js7BVqfDDL0fv7 5 | 9qGFe7JnCvxGCvQZA6m49wwz9tl/rF/dHMIKqazH3wA= 6 | -----END CERTIFICATE REQUEST----- 7 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/openssl.cnf: -------------------------------------------------------------------------------- 1 | 2 | [ v3_end ] 3 | basicConstraints = critical,CA:false 4 | keyUsage = nonRepudiation, digitalSignature 5 | subjectKeyIdentifier = hash 6 | authorityKeyIdentifier = keyid:always,issuer:always 7 | subjectAltName = @alt_names 8 | 9 | [ v3_client ] 10 | basicConstraints = critical,CA:false 11 | keyUsage = nonRepudiation, digitalSignature 12 | extendedKeyUsage = critical, clientAuth 13 | subjectKeyIdentifier = hash 14 | authorityKeyIdentifier = keyid:always,issuer:always 15 | 16 | [ v3_inter ] 17 | subjectKeyIdentifier = hash 18 | extendedKeyUsage = critical, serverAuth, clientAuth 19 | basicConstraints = CA:true 20 | keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign 21 | 22 | [ alt_names ] 23 | DNS.1 = testserver.com 24 | DNS.2 = second.testserver.com 25 | DNS.3 = localhost 26 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/rsa/ca.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/client/test-ca/rsa/ca.der -------------------------------------------------------------------------------- /crates/tls/client/test-ca/rsa/client.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIID3jCCAkagAwIBAgICAxUwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u 3 | eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTI0MTIwMjEwMzM1M1oY 4 | DzIxMjQxMjAzMTAzMzUzWjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwggEi 5 | MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEF2wpyb7V+eYHoeotGGS3iYI9 6 | pRpCMDvu4l80BlH3bQHAlYT2qbm6G3NeahAcEJYHynju/Hs7l5PhLKgyejJ2DfdO 7 | oGjNc2y1sgP6Pojqa52rhwDDHcejw5uaQHPRLEbAvmXfVniu6mHkfDjludF8Jncc 8 | FXwNtLkqtxAcPp4sf2tTxDbYiuwKPSPho/BcgDF4PlHpyhWy/XiylK5DIk1BQwLJ 9 | kyt72HjQ5h7p7NcPewsiCDHYgug+YBomodrjBq62hfgbf9NgDyCvoi2p5ggw4K7p 10 | 9KjlTQbCCFCIVcXr6+4hSunxTeab4Zwnm/GoodJYxjFxzKlUcUeaZJUio9A1AgMB 11 | AAGjgZkwgZYwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwFgYDVR0lAQH/BAww 12 | CgYIKwYBBQUHAwIwHQYDVR0OBBYEFAyOd2pxSP3AXZowXH6AKsdO6nDkMEIGA1Ud 13 | IwQ7MDmAFOJ+lWZECB86j2Go5hcz7w70/vz/oR6kHDAaMRgwFgYDVQQDDA9wb255 14 | dG93biBSU0EgQ0GCAXswDQYJKoZIhvcNAQELBQADggGBAIMFMiNSz0v4BhX0mC9n 15 | gs/6qrBBYOTQJipDGUAlZvW0Qbwa0myfQVYPoCT1hbLFtqHU+WV+71tMfQxlDsTm 16 | zRt+SFO1/jkVmUofo4Vxn78rcNYDEQZQEeCUy3R6EhXSljmvi3CUtEe27+3YHgtS 17 | 0j9BpNqLVKP48qQq+32BKOF3JWuEx4cfq0kzcnjeppo1zNKyjq4StZPSrmENXR2o 18 | /fnB4pvh4X1DpRpdWfRT9UbvZt0ixDBRWRHGGDgOlNT3Hu6REilbu2zQlRSfcgj0 19 | qgBgCcwmI0ScvdtNXnRc/VS8Y6Y8iqM3fK9qwIhTdEUl1+SWh1PnhUAYZ1ouOMrE 20 | 8VqV4FspLgl5SNj3iHtGKLufIYoO/EQ9EBM3WlmAigareVJkoiDFyPmQPNyPPoB9 21 | moCHUkKiT2rO9gs5czs0+OSnCGfHiKfWDXzctpABiik0I/QFlL6osJH5ponM5x+X 22 | rBGTyBkS19T1P4vVV91cVFfbJJjeMyUrLUmfGRvYUo4LOg== 23 | -----END CERTIFICATE----- 24 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/rsa/client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEF2wpyb7V+eYH 3 | oeotGGS3iYI9pRpCMDvu4l80BlH3bQHAlYT2qbm6G3NeahAcEJYHynju/Hs7l5Ph 4 | LKgyejJ2DfdOoGjNc2y1sgP6Pojqa52rhwDDHcejw5uaQHPRLEbAvmXfVniu6mHk 5 | fDjludF8JnccFXwNtLkqtxAcPp4sf2tTxDbYiuwKPSPho/BcgDF4PlHpyhWy/Xiy 6 | lK5DIk1BQwLJkyt72HjQ5h7p7NcPewsiCDHYgug+YBomodrjBq62hfgbf9NgDyCv 7 | oi2p5ggw4K7p9KjlTQbCCFCIVcXr6+4hSunxTeab4Zwnm/GoodJYxjFxzKlUcUea 8 | ZJUio9A1AgMBAAECggEADRkqGXR8xzBFJEy1fBj9XqEpzlJWpFsydazbV89K7wXH 9 | Wy+MTSmzL/JLd4q1fsUWMHkJhkqJNMbVkvH3s5TOsBdou0YjGgN+xyLtTxbu8Fxg 10 | kNJDbm/GeR2aKZM/6UCq4o8VS6DWuOBhH5uzSpe/SCq4RBZPTgm8tf9lF8M7BOp0 11 | COx/Q8NRUtaXxY6zV56XS7QdFhKcvfUDCGEPhSgLITp+sE4HIFbqcmz55zClJYOw 12 | yeExcND9vQuEq++VjJsjxgk6IajtpcPkz8lidgDTK//9uAJdNpjFynmKUvJslhNg 13 | 5QGnaTlAIxw/J3tou0C+mVo1TnRfiSFII9HwjretYQKBgQDoN2kmiAISWBg0/4uj 14 | zJN2ufIzoGyslDbA+gRoqWmS9whxQ2YBGdv2s6UKTfZjyZ0CRLZ3zP90GinU4gr6 15 | Ck71JfOXa/DR7j8VMcwW/0uGxGBOWe3Gfpe3HfdhmCYQaHLGsJnZxXzFJq73ONzs 16 | mXsrFtjZJ7zJ+p/cRS2kBgWvWQKBgQDYLNXHpj/sJYINz0G1M2VbOwIiuFYDoGEa 17 | FCK6T6eYoRxq9Z1DbdrlQSyh+zs4kg4WGxffZI0b9Buo7Y7ll3lEWADfflrnFrDX 18 | j8wX/R6jNxnXcx010ENVQoYd6DWBmCNFKfB88tbrISk7tNa/5hI2xycaTVsEoXwL 19 | ThNYYrhIPQKBgQCTS2J1QFwgCqUAKQAIHCGFc5j/ykhkh3bbnTrisGL5B5zhSyEO 20 | nbp6l6SeDqm0zhO7dp5PC0cV++qA0AiqZZODyFjkuWD9qCN3bCjKhZEAoNt9l2lN 21 | OMs/KdDapMmwKrBy+137Vls4KrtcsULhCNGpmUpfI+eKLmDsNS0oF3HPsQKBgBSg 22 | KoGTFjRE2+TPapiMX9ZVif2gEuzjp4AifbHDGd2RObHm32toluMa1dRasSrTnK51 23 | RVDWOjR5lQ4IJIM5caOYtfSdDLVRz+uxV6rORtcR0dBhtl7FETeYUk2WM0y7JFpc 24 | BwsU7HagwltlBLxoikJZvBxhVxbZBYnamDPtr2GNAoGAU5FRQ650pLs6JYwPjgb3 25 | TiEuMGPBJihU0iGo13ka99wPP+vlbN6jXCcKbHnjCzk4fgOgGu0sRMUp1wwjYOCE 26 | tw1c5sDOlgS8MuGzixrB/6JrRVCrt8uYzcPJnkgyYNDIrGN0g5bm10pk7U9VR2T2 27 | pgNo8n2L8XN253L4aJFPoGg= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/rsa/client.req: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICXzCCAUcCAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjANBgkq 3 | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBdsKcm+1fnmB6HqLRhkt4mCPaUaQjA7 4 | 7uJfNAZR920BwJWE9qm5uhtzXmoQHBCWB8p47vx7O5eT4SyoMnoydg33TqBozXNs 5 | tbID+j6I6mudq4cAwx3Ho8ObmkBz0SxGwL5l31Z4ruph5Hw45bnRfCZ3HBV8DbS5 6 | KrcQHD6eLH9rU8Q22IrsCj0j4aPwXIAxeD5R6coVsv14spSuQyJNQUMCyZMre9h4 7 | 0OYe6ezXD3sLIggx2ILoPmAaJqHa4wautoX4G3/TYA8gr6ItqeYIMOCu6fSo5U0G 8 | wghQiFXF6+vuIUrp8U3mm+GcJ5vxqKHSWMYxccypVHFHmmSVIqPQNQIDAQABoAAw 9 | DQYJKoZIhvcNAQELBQADggEBAGFew71+yQAWFFMoMxhP6GrtANeZtSI+mWzZbPiE 10 | w6Gvnn1TfTgXN5wDVXDxRE8nIMRRTdeQSx8yWM39iplFmvDK6Uk3T3h6qO0C+Wi6 11 | +hp8em5Va9m1gz26fCsgA9AZlCxIvP/Z8AVWDteqTeMERbe0aVVH5FkDhE7E8RZ1 12 | 943Q+5vH41+Ffje4dfRTjbPOYsTL+AF6a7w5S94xQNXLO4yHwkMVBIJkaEhxRkui 13 | a38MmDyxpAQl3i8kxlaa3TFuSq29tXPkDcmk+jyqBJlwsf/oRvnnMONKGJ/2SyRr 14 | +PW7kJsahrhrMvKbIwVQt9uT5gQX4iVuuZuzC64dnK/csfo= 15 | -----END CERTIFICATE REQUEST----- 16 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/rsa/client.rsa: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEF2wpyb7V+eYH 3 | oeotGGS3iYI9pRpCMDvu4l80BlH3bQHAlYT2qbm6G3NeahAcEJYHynju/Hs7l5Ph 4 | LKgyejJ2DfdOoGjNc2y1sgP6Pojqa52rhwDDHcejw5uaQHPRLEbAvmXfVniu6mHk 5 | fDjludF8JnccFXwNtLkqtxAcPp4sf2tTxDbYiuwKPSPho/BcgDF4PlHpyhWy/Xiy 6 | lK5DIk1BQwLJkyt72HjQ5h7p7NcPewsiCDHYgug+YBomodrjBq62hfgbf9NgDyCv 7 | oi2p5ggw4K7p9KjlTQbCCFCIVcXr6+4hSunxTeab4Zwnm/GoodJYxjFxzKlUcUea 8 | ZJUio9A1AgMBAAECggEADRkqGXR8xzBFJEy1fBj9XqEpzlJWpFsydazbV89K7wXH 9 | Wy+MTSmzL/JLd4q1fsUWMHkJhkqJNMbVkvH3s5TOsBdou0YjGgN+xyLtTxbu8Fxg 10 | kNJDbm/GeR2aKZM/6UCq4o8VS6DWuOBhH5uzSpe/SCq4RBZPTgm8tf9lF8M7BOp0 11 | COx/Q8NRUtaXxY6zV56XS7QdFhKcvfUDCGEPhSgLITp+sE4HIFbqcmz55zClJYOw 12 | yeExcND9vQuEq++VjJsjxgk6IajtpcPkz8lidgDTK//9uAJdNpjFynmKUvJslhNg 13 | 5QGnaTlAIxw/J3tou0C+mVo1TnRfiSFII9HwjretYQKBgQDoN2kmiAISWBg0/4uj 14 | zJN2ufIzoGyslDbA+gRoqWmS9whxQ2YBGdv2s6UKTfZjyZ0CRLZ3zP90GinU4gr6 15 | Ck71JfOXa/DR7j8VMcwW/0uGxGBOWe3Gfpe3HfdhmCYQaHLGsJnZxXzFJq73ONzs 16 | mXsrFtjZJ7zJ+p/cRS2kBgWvWQKBgQDYLNXHpj/sJYINz0G1M2VbOwIiuFYDoGEa 17 | FCK6T6eYoRxq9Z1DbdrlQSyh+zs4kg4WGxffZI0b9Buo7Y7ll3lEWADfflrnFrDX 18 | j8wX/R6jNxnXcx010ENVQoYd6DWBmCNFKfB88tbrISk7tNa/5hI2xycaTVsEoXwL 19 | ThNYYrhIPQKBgQCTS2J1QFwgCqUAKQAIHCGFc5j/ykhkh3bbnTrisGL5B5zhSyEO 20 | nbp6l6SeDqm0zhO7dp5PC0cV++qA0AiqZZODyFjkuWD9qCN3bCjKhZEAoNt9l2lN 21 | OMs/KdDapMmwKrBy+137Vls4KrtcsULhCNGpmUpfI+eKLmDsNS0oF3HPsQKBgBSg 22 | KoGTFjRE2+TPapiMX9ZVif2gEuzjp4AifbHDGd2RObHm32toluMa1dRasSrTnK51 23 | RVDWOjR5lQ4IJIM5caOYtfSdDLVRz+uxV6rORtcR0dBhtl7FETeYUk2WM0y7JFpc 24 | BwsU7HagwltlBLxoikJZvBxhVxbZBYnamDPtr2GNAoGAU5FRQ650pLs6JYwPjgb3 25 | TiEuMGPBJihU0iGo13ka99wPP+vlbN6jXCcKbHnjCzk4fgOgGu0sRMUp1wwjYOCE 26 | tw1c5sDOlgS8MuGzixrB/6JrRVCrt8uYzcPJnkgyYNDIrGN0g5bm10pk7U9VR2T2 27 | pgNo8n2L8XN253L4aJFPoGg= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/rsa/end.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEAjCCAmqgAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u 3 | eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTI0MTIwMjEwMzM1MloY 4 | DzIxMjQxMjAzMTAzMzUyWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTCCASIw 5 | DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALhVuLw4nZEurRVSjl3uEj0RJItz 6 | P9s5j3qrQ8XoSsT4CgEKbxVYiNS8uwwvKB/U3hqX3HWxdPn5RtKZu7xSp/YInVZu 7 | v/PhOYdY1h6aGYlqzQEOc9xNCGy7gcNa6lo1OV5F09JUliFjic/7cxGRxvklV8Qb 8 | 0zl+pnpg9DJ5bHH8A3+6vmQenPTO1ZfV4BxcmFUiPfiAXprY7wZkNhWrr/LUM8Bq 9 | MqSR4Zk6EQLsbnG7B1/ShBn8J6nAaUL9fv/wVq3n2vWaIlVDNFN72YPPiptGR4ah 10 | xLko/ydr5QgkBDWN+82R8l0B3WieieveRsNeCqpY8xEtfhQ48xvtm4aqmxkCAwEA 11 | AaOBvjCBuzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUBdFc 12 | 3JFjwUmfQ5k7QPRTA1wg9KIwQgYDVR0jBDswOYAU4n6VZkQIHzqPYajmFzPvDvT+ 13 | /P+hHqQcMBoxGDAWBgNVBAMMD3Bvbnl0b3duIFJTQSBDQYIBezA7BgNVHREENDAy 14 | gg50ZXN0c2VydmVyLmNvbYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhv 15 | c3QwDQYJKoZIhvcNAQELBQADggGBAJ6lQPvGVOjLWC69yMgLGqjNuDhgGBEpMGZt 16 | G9vyQ3n7y7NNetxh7lU2QuIwGY2spBN6bkDo49xgWogatI9fSVwn6ugZ2+wjBX8T 17 | O4WtMmvF9uRl7V/oXWtVYa1Mm1DyVkgaW+seRtz2uZjSoV2741MqXaNfrZJoqQcC 18 | A2/p+L9SV+imy3RzIKZOflRgNPUfsKfxwcgq/RVrLBwcZZPLxuHSpnHErRrSNUf4 19 | cKCUoAbKMGjS3PqYEfpz6niYxM9Va4OWhEg8VmJajLgqfKX5LvciZ02JdI5Hcick 20 | eEJDnHX0KklloW2NIFCo8b3Do7GmF1LmK6mHnkk3v0OeMEA8hYp9xRyfWVeWdMaM 21 | 8hhK5DbJEPgt//35HVBXa27uEeI9tzE+zywnuGsJXR9fUpxdFCgyoOfwxCxrsCqO 22 | PJL3LwfsmKfGWEmomPLCTsAa9/P5MapmipR7R92dvyR8Yv666l4pmCAsIgmC9uwN 23 | yP19VqUJtR9pUHbQfLt6AHz3+YONrg== 24 | -----END CERTIFICATE----- 25 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/rsa/end.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4Vbi8OJ2RLq0V 3 | Uo5d7hI9ESSLcz/bOY96q0PF6ErE+AoBCm8VWIjUvLsMLygf1N4al9x1sXT5+UbS 4 | mbu8Uqf2CJ1Wbr/z4TmHWNYemhmJas0BDnPcTQhsu4HDWupaNTleRdPSVJYhY4nP 5 | +3MRkcb5JVfEG9M5fqZ6YPQyeWxx/AN/ur5kHpz0ztWX1eAcXJhVIj34gF6a2O8G 6 | ZDYVq6/y1DPAajKkkeGZOhEC7G5xuwdf0oQZ/CepwGlC/X7/8Fat59r1miJVQzRT 7 | e9mDz4qbRkeGocS5KP8na+UIJAQ1jfvNkfJdAd1ononr3kbDXgqqWPMRLX4UOPMb 8 | 7ZuGqpsZAgMBAAECggEAPoDiiP/xfZ8EFWzO1U66ZHaBm79ScbVMz11vN5YSdENe 9 | sQemrug8TVZJXlJHGrQFM6M2n7myXmiF+TcjjzG/vg8huoMHF1zRMvGOeQXrjsrm 10 | BGuwIY0FREk4MNOND1VoxGyM7I698UhdHGa4l8aEX0qoPdjpgF9Pd8OUSeEeQm+L 11 | iLlTSQlRlfhDbdQ3JM4lOpP1Co/45wvJgEj4/dGe06rmjmRyFA6apk8KwpKTOflV 12 | P85dCJNza5jB1NOZ8r8ocJex1P7ifYT9A6ysEdrBfs2TETfZIIfh7QjVqOFZsEcH 13 | U6mQ6P1jjrpVrYSsEzHY7ayzfxHpqWKg+U3J6tmOeQKBgQDvH1DxTRnSOocGuAXr 14 | FNJqIJeoY5hpP187RaiioQ5H2rN3oqCy4tbw1HIhwGVAe5Tgm71+UEjTbYixzR3v 15 | hYKiq4eLh40GMyh7e03xymVyTKw13A3JYTHZStphlc82WeELJclOrsezvb8RqpNQ 16 | kNTrIVnfzM10Q+Zqq255tlkJEwKBgQDFWHRae9ARlaX1GNFlwOgXkkdD4AFsjkVq 17 | 5hk4RrYwwoN1qt+6OiFwN3qThKNcLIR8sWC/BUEA4vsU0wIocDV+jw7tYsDUYZv4 18 | ujUki17b2sQqPbm3vT0XwBrfDs8SdAJgtxJ6ClyUHKt8fwN4+axZq9B/Wfh8s0+3 19 | ybMYxk1cowKBgQCPK3nkMBygsag8zpvEh9//6OnEyXTstyPGsktoq/OH9Br2K2n6 20 | ETVOVnTLXo2BET0vSjAn29vusytgAYbF7XMtAHSUhyFZr/GyFT6y4VLiH6QQT2P1 21 | yfr1tgqQ2QiK6z+B1Cr2sFEjfh1Tb4TqfPzulzZfeBkfXrQr896egx5F/wKBgGg4 22 | jcJXjwwqXynwwG2fkjMYoqBbBgWBoXGSMZGB7qgTof+bjWo5Vv1/nzGXI/sC27lK 23 | qBBZwvmn5fgadBJNKEM9ZCHEPJgtMIUMOhKhtCgiAeVZEeLSgxgu8UIJ/Rv+vl67 24 | cHuZS0lBVuN55KiYGwiEb6lCJ7QbsqcaU4Zq++JHAoGACASfk6PCPvFryAT0k4IN 25 | A1rGKOESDYeibT8P390XJvEl5+avr5/PHxIhHpQRHzs7Ic+Zn31mayTX2x7ToY/Z 26 | VFKbmW2vJ+qxD79F5cztQQGF8DCEkBK41wHaseqHnC0IOBfAxiKJisF3sajq0NLH 27 | 2DMuKj+cDvSpZPnt0sI0mQM= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/rsa/end.req: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0GCSqG 3 | SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4Vbi8OJ2RLq0VUo5d7hI9ESSLcz/bOY96 4 | q0PF6ErE+AoBCm8VWIjUvLsMLygf1N4al9x1sXT5+UbSmbu8Uqf2CJ1Wbr/z4TmH 5 | WNYemhmJas0BDnPcTQhsu4HDWupaNTleRdPSVJYhY4nP+3MRkcb5JVfEG9M5fqZ6 6 | YPQyeWxx/AN/ur5kHpz0ztWX1eAcXJhVIj34gF6a2O8GZDYVq6/y1DPAajKkkeGZ 7 | OhEC7G5xuwdf0oQZ/CepwGlC/X7/8Fat59r1miJVQzRTe9mDz4qbRkeGocS5KP8n 8 | a+UIJAQ1jfvNkfJdAd1ononr3kbDXgqqWPMRLX4UOPMb7ZuGqpsZAgMBAAGgADAN 9 | BgkqhkiG9w0BAQsFAAOCAQEAlHryg1qRX6NSI8J8RjIdc7g9av+ZJmrTJ+9V7FT4 10 | gUJCqQpy8uR2n0oXTMAw8I22/TwVnb+irqMn3LKoaLASNQRRqa3Cu1192+S7WzOV 11 | 64zVCJZYhzcOr7YJhSxcwggpXMoImY1HXOoJ8iwjBf2Zgz9IierkTd9VFy3/559R 12 | KUAIRmY2XKqmAm1gSVUnav3OXw5PtReCTZCPlAfIGyZeYgy5phSHOZ5O/7faMWAE 13 | FTo24Ya3EQkuKdvFZcMToO3DxTjsCTdpMNqHKRvtQPRTBPF6SX3USxZ4tHHtxuKw 14 | SY944U+kUDpoHQZaCNzOKiGReQy24EKap8nnABD1SOnlnw== 15 | -----END CERTIFICATE REQUEST----- 16 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/rsa/end.rsa: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4Vbi8OJ2RLq0V 3 | Uo5d7hI9ESSLcz/bOY96q0PF6ErE+AoBCm8VWIjUvLsMLygf1N4al9x1sXT5+UbS 4 | mbu8Uqf2CJ1Wbr/z4TmHWNYemhmJas0BDnPcTQhsu4HDWupaNTleRdPSVJYhY4nP 5 | +3MRkcb5JVfEG9M5fqZ6YPQyeWxx/AN/ur5kHpz0ztWX1eAcXJhVIj34gF6a2O8G 6 | ZDYVq6/y1DPAajKkkeGZOhEC7G5xuwdf0oQZ/CepwGlC/X7/8Fat59r1miJVQzRT 7 | e9mDz4qbRkeGocS5KP8na+UIJAQ1jfvNkfJdAd1ononr3kbDXgqqWPMRLX4UOPMb 8 | 7ZuGqpsZAgMBAAECggEAPoDiiP/xfZ8EFWzO1U66ZHaBm79ScbVMz11vN5YSdENe 9 | sQemrug8TVZJXlJHGrQFM6M2n7myXmiF+TcjjzG/vg8huoMHF1zRMvGOeQXrjsrm 10 | BGuwIY0FREk4MNOND1VoxGyM7I698UhdHGa4l8aEX0qoPdjpgF9Pd8OUSeEeQm+L 11 | iLlTSQlRlfhDbdQ3JM4lOpP1Co/45wvJgEj4/dGe06rmjmRyFA6apk8KwpKTOflV 12 | P85dCJNza5jB1NOZ8r8ocJex1P7ifYT9A6ysEdrBfs2TETfZIIfh7QjVqOFZsEcH 13 | U6mQ6P1jjrpVrYSsEzHY7ayzfxHpqWKg+U3J6tmOeQKBgQDvH1DxTRnSOocGuAXr 14 | FNJqIJeoY5hpP187RaiioQ5H2rN3oqCy4tbw1HIhwGVAe5Tgm71+UEjTbYixzR3v 15 | hYKiq4eLh40GMyh7e03xymVyTKw13A3JYTHZStphlc82WeELJclOrsezvb8RqpNQ 16 | kNTrIVnfzM10Q+Zqq255tlkJEwKBgQDFWHRae9ARlaX1GNFlwOgXkkdD4AFsjkVq 17 | 5hk4RrYwwoN1qt+6OiFwN3qThKNcLIR8sWC/BUEA4vsU0wIocDV+jw7tYsDUYZv4 18 | ujUki17b2sQqPbm3vT0XwBrfDs8SdAJgtxJ6ClyUHKt8fwN4+axZq9B/Wfh8s0+3 19 | ybMYxk1cowKBgQCPK3nkMBygsag8zpvEh9//6OnEyXTstyPGsktoq/OH9Br2K2n6 20 | ETVOVnTLXo2BET0vSjAn29vusytgAYbF7XMtAHSUhyFZr/GyFT6y4VLiH6QQT2P1 21 | yfr1tgqQ2QiK6z+B1Cr2sFEjfh1Tb4TqfPzulzZfeBkfXrQr896egx5F/wKBgGg4 22 | jcJXjwwqXynwwG2fkjMYoqBbBgWBoXGSMZGB7qgTof+bjWo5Vv1/nzGXI/sC27lK 23 | qBBZwvmn5fgadBJNKEM9ZCHEPJgtMIUMOhKhtCgiAeVZEeLSgxgu8UIJ/Rv+vl67 24 | cHuZS0lBVuN55KiYGwiEb6lCJ7QbsqcaU4Zq++JHAoGACASfk6PCPvFryAT0k4IN 25 | A1rGKOESDYeibT8P390XJvEl5+avr5/PHxIhHpQRHzs7Ic+Zn31mayTX2x7ToY/Z 26 | VFKbmW2vJ+qxD79F5cztQQGF8DCEkBK41wHaseqHnC0IOBfAxiKJisF3sajq0NLH 27 | 2DMuKj+cDvSpZPnt0sI0mQM= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /crates/tls/client/test-ca/rsa/inter.req: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIDcTCCAdkCAQAwLDEqMCgGA1UEAwwhcG9ueXRvd24gUlNBIGxldmVsIDIgaW50 3 | ZXJtZWRpYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAu4k+0j4L 4 | 69L9pUngxHp1CXi0BLx8Jkw1m6rkheZuA29cCw9RBDf2vx+uRrjdP3MM86b0ZPOM 5 | ZSrH7V9Pfd1THNtl6GXtPPp2Ybz5hD0dIm5DgHquUPiZebvbQd0+YmxZq1RLp4tC 6 | 6zKZVF9LD7EK94QweB8LES0aDtzAVLbnp2FBeEL3f2YRq5MkZL62SYW7As4GOuxn 7 | NDVrd9nmS2r+M33Mk/laTs/G9jMTRRe13FMZDs/AXkPo4hDVhwwxLyqJ1tx81v2G 8 | P7TgiFpkf8Qkvi883jwJzsbmj9QogUgl20A1Towfozq6oKB9H9TesaguvFa8xab+ 9 | F0UZLIsUCFgnZKfK9I6EqAaeAxnldDBCDPEQY8RPynrIlPSJxjTPW+quLNRCJOYw 10 | izaWgXpKc+4skUr+VHm+lAiPBblbaaqs1Qivl96tPqUpK8pbc7xCze8Giwyul2k4 11 | voS0of1MA3JOBcMFE0amjbrjNch6+KbM/GCstQoigpG01B3YtutbaIJrAgMBAAGg 12 | ADANBgkqhkiG9w0BAQsFAAOCAYEAByDIGv17Sj01CiDF5ZAqnj+joFiqwY62bDEk 13 | 50JYww0+UOUFIrPmam0Zk04FnJxNZpA9FudVkfGFIGHEvjCCSZdwF/AR5XKbC5LM 14 | Xo7H6TRxhyRfW7kanmMU3AEpTyZRU0uJZvt/JeZdmshQOUqZVFkVWN0r8YI/ztDy 15 | wlO0slV1miD4+hIaV6RyYt6EU/V2y/ukFQTriskFWlQLSPRld1NSlGn4+m3wKY/a 16 | LQbMc2bXBSRGnpkH42eHV5l91pBPd2lGCtGNH6DKVDvhJME0FsrmrzgKgovcA0Bl 17 | PxNyXpIDOcBuxN6/Ps7nsBcCOfPFpp/ZXy2bCfhlD2O33TvHl0KFR4m7zIQVBzRz 18 | vS+IBJ/q4SebHpIUL3rs3/o/9BnnoTYfStbO2WC1ekAXSwbcznDXLswJBB6RUz4A 19 | Ycfxw9volQiu5x8jyoqI7MtoaRRo8Inrs83oopJBtVAcqaFjIPasGMu6xYdqi44n 20 | GjMDLR1OBGEz0D+9yC2qHVPcMd8n 21 | -----END CERTIFICATE REQUEST----- 22 | -------------------------------------------------------------------------------- /crates/tls/core/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-tls-core" 3 | authors = ["TLSNotary Team"] 4 | description = "Cryptographic operations for the TLSNotary TLS client" 5 | keywords = ["tls", "mpc", "2pc"] 6 | categories = ["cryptography"] 7 | license = "Apache-2.0 OR ISC OR MIT" 8 | version = "0.1.0-alpha.11" 9 | edition = "2021" 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [lib] 15 | name = "tls_core" 16 | 17 | [features] 18 | default = ["logging", "tls12", "prf"] 19 | serde = ["dep:serde"] 20 | tls12 = [] 21 | handshake = [] 22 | ghash = [] 23 | logging = ["tracing"] 24 | prf = ["dep:hmac", "dep:sha2"] 25 | 26 | [dependencies] 27 | futures = { workspace = true } 28 | hmac = { workspace = true, optional = true } 29 | rand = { workspace = true } 30 | ring = { workspace = true } 31 | rustls-pemfile = { workspace = true } 32 | sct = { workspace = true } 33 | serde = { workspace = true, optional = true, features = ["derive"] } 34 | sha2 = { workspace = true, optional = true } 35 | thiserror = { workspace = true } 36 | tracing = { workspace = true, optional = true } 37 | web-time = { workspace = true } 38 | webpki = { workspace = true, features = ["alloc", "std"] } 39 | -------------------------------------------------------------------------------- /crates/tls/core/README.md: -------------------------------------------------------------------------------- 1 | # TLS Core Types 2 | 3 | This crate is a derivative of [rustls](https://github.com/rustls/rustls). 4 | 5 | This crate is licensed under the same terms as rustls. -------------------------------------------------------------------------------- /crates/tls/core/src/cert.rs: -------------------------------------------------------------------------------- 1 | use crate::{ 2 | key::Certificate, 3 | msgs::handshake::{CertificatePayload, SCTList}, 4 | }; 5 | 6 | #[derive(Debug, Clone)] 7 | #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))] 8 | pub struct ServerCertDetails { 9 | cert_chain: CertificatePayload, 10 | ocsp_response: Vec, 11 | scts: Option, 12 | } 13 | 14 | impl ServerCertDetails { 15 | pub fn new( 16 | cert_chain: CertificatePayload, 17 | ocsp_response: Vec, 18 | scts: Option, 19 | ) -> Self { 20 | Self { 21 | cert_chain, 22 | ocsp_response, 23 | scts, 24 | } 25 | } 26 | 27 | pub fn cert_chain(&self) -> &[Certificate] { 28 | &self.cert_chain 29 | } 30 | 31 | pub fn ocsp_response(&self) -> &[u8] { 32 | &self.ocsp_response 33 | } 34 | 35 | pub fn scts(&self) -> Option<&SCTList> { 36 | self.scts.as_ref() 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /crates/tls/core/src/cipher.rs: -------------------------------------------------------------------------------- 1 | use crate::msgs::enums::{ContentType, ProtocolVersion}; 2 | 3 | pub fn make_tls12_aad(seq: u64, typ: ContentType, vers: ProtocolVersion, len: usize) -> [u8; 13] { 4 | let mut aad = [0u8; 13]; 5 | aad[..8].copy_from_slice(&seq.to_be_bytes()); 6 | aad[8] = typ.get_u8(); 7 | aad[9..11].copy_from_slice(&vers.get_u16().to_be_bytes()); 8 | aad[11..13].copy_from_slice(&(len as u16).to_be_bytes()); 9 | aad 10 | } 11 | -------------------------------------------------------------------------------- /crates/tls/core/src/ke.rs: -------------------------------------------------------------------------------- 1 | use crate::msgs::handshake::DigitallySignedStruct; 2 | 3 | #[derive(Debug, Clone)] 4 | #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))] 5 | pub struct ServerKxDetails { 6 | pub kx_params: Vec, 7 | pub kx_sig: DigitallySignedStruct, 8 | } 9 | 10 | impl ServerKxDetails { 11 | /// Creates a new `ServerKxDetails` instance. 12 | pub fn new(params: Vec, sig: DigitallySignedStruct) -> Self { 13 | Self { 14 | kx_params: params, 15 | kx_sig: sig, 16 | } 17 | } 18 | 19 | /// Returns the key exchange parameters. 20 | pub fn kx_params(&self) -> &[u8] { 21 | &self.kx_params 22 | } 23 | 24 | /// Returns the key exchange signature. 25 | pub fn kx_sig(&self) -> &DigitallySignedStruct { 26 | &self.kx_sig 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /crates/tls/core/src/lib.rs: -------------------------------------------------------------------------------- 1 | mod error; 2 | pub mod key; 3 | #[allow(missing_docs)] 4 | #[macro_use] 5 | pub mod msgs; 6 | pub mod anchors; 7 | pub mod cert; 8 | pub mod cipher; 9 | pub mod dns; 10 | pub mod handshake; 11 | pub mod ke; 12 | #[cfg(feature = "prf")] 13 | pub mod prf; 14 | pub mod rand; 15 | pub mod suites; 16 | pub mod utils; 17 | pub mod verify; 18 | pub mod versions; 19 | pub mod x509; 20 | 21 | pub use error::Error; 22 | -------------------------------------------------------------------------------- /crates/tls/core/src/msgs/alert.rs: -------------------------------------------------------------------------------- 1 | use crate::msgs::{ 2 | codec::{Codec, Reader}, 3 | enums::{AlertDescription, AlertLevel}, 4 | }; 5 | 6 | #[derive(Debug)] 7 | pub struct AlertMessagePayload { 8 | pub level: AlertLevel, 9 | pub description: AlertDescription, 10 | } 11 | 12 | impl Codec for AlertMessagePayload { 13 | fn encode(&self, bytes: &mut Vec) { 14 | self.level.encode(bytes); 15 | self.description.encode(bytes); 16 | } 17 | 18 | fn read(r: &mut Reader) -> Option { 19 | let level = AlertLevel::read(r)?; 20 | let description = AlertDescription::read(r)?; 21 | 22 | Some(Self { level, description }) 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /crates/tls/core/src/msgs/ccs.rs: -------------------------------------------------------------------------------- 1 | use crate::msgs::codec::{Codec, Reader}; 2 | 3 | #[derive(Debug)] 4 | pub struct ChangeCipherSpecPayload; 5 | 6 | impl Codec for ChangeCipherSpecPayload { 7 | fn encode(&self, bytes: &mut Vec) { 8 | 1u8.encode(bytes); 9 | } 10 | 11 | fn read(r: &mut Reader) -> Option { 12 | let typ = u8::read(r)?; 13 | 14 | if typ == 1 && !r.any_left() { 15 | Some(Self {}) 16 | } else { 17 | None 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /crates/tls/core/src/msgs/handshake-test.1.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/src/msgs/handshake-test.1.bin -------------------------------------------------------------------------------- /crates/tls/core/src/msgs/mod.rs: -------------------------------------------------------------------------------- 1 | #![allow(clippy::upper_case_acronyms)] 2 | 3 | #[macro_use] 4 | mod macros; 5 | 6 | pub mod alert; 7 | pub mod base; 8 | pub mod ccs; 9 | pub mod codec; 10 | pub mod deframer; 11 | #[allow(non_camel_case_types)] 12 | pub mod enums; 13 | pub mod fragmenter; 14 | #[allow(non_camel_case_types)] 15 | pub mod handshake; 16 | pub mod hsjoiner; 17 | pub mod message; 18 | 19 | #[cfg(test)] 20 | mod handshake_test; 21 | 22 | #[cfg(test)] 23 | mod enums_test; 24 | 25 | #[cfg(test)] 26 | mod message_test; 27 | 28 | #[cfg(test)] 29 | mod test { 30 | use std::convert::TryFrom; 31 | 32 | #[test] 33 | fn smoketest() { 34 | use super::{ 35 | codec::Reader, 36 | message::{Message, OpaqueMessage}, 37 | }; 38 | let bytes = include_bytes!("handshake-test.1.bin"); 39 | let mut r = Reader::init(bytes); 40 | 41 | while r.any_left() { 42 | let m = OpaqueMessage::read(&mut r).unwrap(); 43 | 44 | let out = m.clone().encode(); 45 | assert!(!out.is_empty()); 46 | 47 | Message::try_from(m.into_plain_message()).unwrap(); 48 | } 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /crates/tls/core/src/rand.rs: -------------------------------------------------------------------------------- 1 | use crate::{msgs::codec, Error}; 2 | use rand::{rng, Rng}; 3 | 4 | /// Fill the whole slice with random material. 5 | pub fn fill_random(bytes: &mut [u8]) -> Result<(), Error> { 6 | rng().fill(bytes); 7 | Ok(()) 8 | } 9 | 10 | /// Make a Vec of the given size 11 | /// containing random material. 12 | pub fn random_vec(len: usize) -> Result, Error> { 13 | let mut v = vec![0; len]; 14 | fill_random(&mut v)?; 15 | Ok(v) 16 | } 17 | 18 | /// Return a uniformly random u32. 19 | pub fn random_u32() -> Result { 20 | let mut buf = [0u8; 4]; 21 | fill_random(&mut buf)?; 22 | codec::decode_u32(&buf).ok_or(Error::General( 23 | "failed to get random from system".to_string(), 24 | )) 25 | } 26 | -------------------------------------------------------------------------------- /crates/tls/core/src/utils/mod.rs: -------------------------------------------------------------------------------- 1 | mod bs_debug; 2 | 3 | pub(crate) use bs_debug::*; 4 | -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-arstechnica.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-arstechnica.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-arstechnica.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-arstechnica.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-arstechnica.2.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-arstechnica.2.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-arstechnica.3.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-arstechnica.3.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-digicert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs 3 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 4 | d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j 5 | ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL 6 | MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 7 | LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug 8 | RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm 9 | +9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW 10 | PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM 11 | xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB 12 | Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 13 | hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg 14 | EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF 15 | MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA 16 | FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec 17 | nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z 18 | eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF 19 | hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 20 | Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe 21 | vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep 22 | +OkuE6N36B9K 23 | -----END CERTIFICATE----- 24 | -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-duckduckgo.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-duckduckgo.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-duckduckgo.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-duckduckgo.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-github.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-github.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-github.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-github.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-google.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-google.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-google.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-google.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-google.2.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-google.2.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-hn.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-hn.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-hn.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-hn.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-reddit.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-reddit.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-reddit.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-reddit.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-rustlang.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-rustlang.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-rustlang.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-rustlang.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-rustlang.2.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-rustlang.2.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-rustlang.3.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-rustlang.3.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-servo.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-servo.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-servo.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-servo.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-stackoverflow.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-stackoverflow.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-stackoverflow.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-stackoverflow.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-stackoverflow.2.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-stackoverflow.2.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-twitter.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-twitter.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-twitter.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-twitter.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-wapo.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-wapo.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-wapo.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-wapo.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-wikipedia.0.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-wikipedia.0.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/cert-wikipedia.1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/cert-wikipedia.1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/deframer-empty-applicationdata.bin: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /crates/tls/core/testdata/deframer-invalid-contenttype.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/deframer-invalid-contenttype.bin -------------------------------------------------------------------------------- /crates/tls/core/testdata/deframer-invalid-empty.bin: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /crates/tls/core/testdata/deframer-invalid-length.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/deframer-invalid-length.bin -------------------------------------------------------------------------------- /crates/tls/core/testdata/deframer-invalid-version.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/deframer-invalid-version.bin -------------------------------------------------------------------------------- /crates/tls/core/testdata/deframer-test.1.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/deframer-test.1.bin -------------------------------------------------------------------------------- /crates/tls/core/testdata/deframer-test.2.bin: -------------------------------------------------------------------------------- 1 | n -------------------------------------------------------------------------------- /crates/tls/core/testdata/eddsakey.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/eddsakey.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/nistp256key.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/nistp256key.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/nistp256key.pkcs8.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/nistp256key.pkcs8.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/nistp384key.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/nistp384key.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/nistp384key.pkcs8.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/nistp384key.pkcs8.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/prf-result.1.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/prf-result.1.bin -------------------------------------------------------------------------------- /crates/tls/core/testdata/prf-result.2.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/prf-result.2.bin -------------------------------------------------------------------------------- /crates/tls/core/testdata/rsa2048key.pkcs1.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/rsa2048key.pkcs1.der -------------------------------------------------------------------------------- /crates/tls/core/testdata/rsa2048key.pkcs8.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/core/testdata/rsa2048key.pkcs8.der -------------------------------------------------------------------------------- /crates/tls/server-fixture/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tls-server-fixture" 3 | authors = ["TLSNotary Team"] 4 | description = "Fixtures for testing" 5 | keywords = ["tls", "fixture"] 6 | categories = ["cryptography"] 7 | license = "MIT OR Apache-2.0" 8 | version = "0.0.0" 9 | edition = "2021" 10 | publish = false 11 | 12 | [lints] 13 | workspace = true 14 | 15 | [dependencies] 16 | bytes = { workspace = true } 17 | futures = { workspace = true } 18 | futures-rustls = { workspace = true } 19 | http-body-util = { workspace = true } 20 | hyper = { workspace = true, features = ["full"] } 21 | hyper-util = { workspace = true, features = ["full"] } 22 | tokio = { workspace = true } 23 | tokio-util = { workspace = true, features = ["compat", "io-util"] } 24 | tracing = { workspace = true } 25 | -------------------------------------------------------------------------------- /crates/tls/server-fixture/src/README.md: -------------------------------------------------------------------------------- 1 | # Create a private key for the root CA 2 | openssl genpkey -algorithm RSA -out root_ca.key -pkeyopt rsa_keygen_bits:2048 3 | 4 | # Create a self-signed root CA certificate (100 years validity) 5 | openssl req -x509 -new -nodes -key root_ca.key -sha256 -days 36525 -out root_ca.crt -subj "/C=US/ST=State/L=City/O=tlsnotary/OU=IT/CN=tlsnotary.org" 6 | 7 | # Create a private key for the end entity certificate 8 | openssl genpkey -algorithm RSA -out test_server.key -pkeyopt rsa_keygen_bits:2048 9 | 10 | # Create a certificate signing request (CSR) for the end entity certificate 11 | openssl req -new -key test_server.key -out test_server.csr -subj "/C=US/ST=State/L=City/O=tlsnotary/OU=IT/CN=test-server.io" 12 | 13 | # Sign the CSR with the root CA to create the end entity certificate (100 years validity) 14 | openssl x509 -req -in test_server.csr -CA root_ca.crt -CAkey root_ca.key -CAcreateserial -out test_server.crt -days 36525 -sha256 -extfile openssl.cnf -extensions v3_req 15 | 16 | # Convert the root CA certificate to DER format 17 | openssl x509 -in root_ca.crt -outform der -out root_ca_cert.der 18 | 19 | # Convert the end entity certificate to DER format 20 | openssl x509 -in test_server.crt -outform der -out test_server_cert.der 21 | 22 | # Convert the end entity certificate private key to DER format 23 | openssl pkcs8 -topk8 -inform PEM -outform DER -in test_server.key -out test_server_private_key.der -nocrypt -------------------------------------------------------------------------------- /crates/tls/server-fixture/src/openssl.cnf: -------------------------------------------------------------------------------- 1 | [ v3_req ] 2 | basicConstraints = CA:FALSE 3 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 4 | subjectAltName = @alt_names 5 | 6 | [ alt_names ] 7 | DNS.1 = test-server.io -------------------------------------------------------------------------------- /crates/tls/server-fixture/src/root_ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDrTCCApWgAwIBAgIUPO4oH+2bEenSnnIz7irzoPsDS4owDQYJKoZIhvcNAQEL 3 | BQAwZTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5 4 | MRIwEAYDVQQKDAl0bHNub3RhcnkxCzAJBgNVBAsMAklUMRYwFAYDVQQDDA10bHNu 5 | b3Rhcnkub3JnMCAXDTI0MDgwMjEwNDMyN1oYDzIxMjQwODAzMTA0MzI3WjBlMQsw 6 | CQYDVQQGEwJVUzEOMAwGA1UECAwFU3RhdGUxDTALBgNVBAcMBENpdHkxEjAQBgNV 7 | BAoMCXRsc25vdGFyeTELMAkGA1UECwwCSVQxFjAUBgNVBAMMDXRsc25vdGFyeS5v 8 | cmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVvgedJ3zVE7ICYoaD 9 | CwybhEN/6g1baoyDRVD8fpZfhdkh0uMMKBFqRa1qO9wF3Fthq6DJRaHsmZeE42Jm 10 | aDvlRtaKDfB0MMcSeNqmP8ia7+8TFgMBY/YP7dW3d9QADFHLqyMcS6O2iaSMjBzg 11 | 4nx33TdAhQOIPHOSZbMZJGO18jn55GEeogIz6UiV8gqjQtbel/cn8jXi2rOgub+p 12 | CZziixQ6ikppdW6a8p37B5W4/WNHDIRgRP890q0GyrEJWtj9TwyMmeC6/0mxXjZC 13 | caLWV0072j3Dd+66XvkeL04mSe4Bp0YUs8jcTPsfOAo3FAvPgyQ6UqQfZBqOnU93 14 | xmYzAgMBAAGjUzBRMB0GA1UdDgQWBBTJgXIkPw2ZVkTscFx/CKZZrhymzTAfBgNV 15 | HSMEGDAWgBTJgXIkPw2ZVkTscFx/CKZZrhymzTAPBgNVHRMBAf8EBTADAQH/MA0G 16 | CSqGSIb3DQEBCwUAA4IBAQAPRStXfyEyQ9nThEXsCC+qDPUDM9hrE9YKzGlqcjzA 17 | fRcWbtZQ4hR6nhoQ1wcs5o56R0xk7BvwP4Y+wX499uBDUUUWpFRasrlPjvAVoseU 18 | IXtIqjDKoag1Q2JULKD3cWxxbXITJttdUCEf0Kfn/3tS+6Fev6fquV47Dp32SuZP 19 | tnacPbsKC/q/K80siFoWYNRrwED+c4gnnOCKI/VCfv/oREGFpgyD2pFuLWMLVH3z 20 | wZW1EzkzQKgCNCjzs7oh0CyA2TFdJ4xVgDqAcmD5EPl8r6Nc9joYM/zBkY/cFRvp 21 | AVhUnBPgFr1gb5CcG+Y0nptal64ukTYrgfMaIiO9h6sx 22 | -----END CERTIFICATE----- 23 | -------------------------------------------------------------------------------- /crates/tls/server-fixture/src/root_ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCVvgedJ3zVE7IC 3 | YoaDCwybhEN/6g1baoyDRVD8fpZfhdkh0uMMKBFqRa1qO9wF3Fthq6DJRaHsmZeE 4 | 42JmaDvlRtaKDfB0MMcSeNqmP8ia7+8TFgMBY/YP7dW3d9QADFHLqyMcS6O2iaSM 5 | jBzg4nx33TdAhQOIPHOSZbMZJGO18jn55GEeogIz6UiV8gqjQtbel/cn8jXi2rOg 6 | ub+pCZziixQ6ikppdW6a8p37B5W4/WNHDIRgRP890q0GyrEJWtj9TwyMmeC6/0mx 7 | XjZCcaLWV0072j3Dd+66XvkeL04mSe4Bp0YUs8jcTPsfOAo3FAvPgyQ6UqQfZBqO 8 | nU93xmYzAgMBAAECggEAB+ybV4rgQCBqMlZyGtuJ/8Ld6uuBEx442wuJ2nV9J1yc 9 | cyicq6cv1hQONh8pKMWSr8EBjGqFw/u+znaqsuj/iRsYvbaOISqhpk3Eow6guD5L 10 | 7xJ3oepfJP786S12B8ifHYGWz+ewKA1HAB8RZNSSKf+ywv8nAt3Rbzpi4h47CUT4 11 | Z06gLJYZNimLVPIWLzrHa+/ZOyHq/XRWsr6GTFgXfT6nudfCxzdlIdajrBvaSLBG 12 | KbOs52tffEUHn+V1AoH6kmNp0EPSCbnR2b1KIv7loj6vi52UBpipjNFwa8PNzWfL 13 | Cuu9N6fl7qRv9VYCnC2gJz6rTARaNJWf57UP2avygQKBgQDJC89y4lgai8qJLv3w 14 | go+kFiWnZE0C8U69sOmNeACYhunQFKX2cG7EkTuPOnZj8XJcLYVHMSJLrEJcqyX/ 15 | wDv1at+KqDMQsf0j7NHCSpkoG93wlffCB87VPndy7ajRN4d17tbQOJP6zmOQo1YP 16 | 7MTeVtDF3JF9IxfTb+Pxmp5nswKBgQC+rDzBN8Drr1jp6FfzZrDcr/gvlSftXupF 17 | jTSkSxywQjophp02Hdi2t32Xq+wEuaMaJUOtywK/NVs5hJeGC584rWQjLObh7oUD 18 | td+2V802kzsERSeDiDwtBYgjePtkeO7MXadGLwJSaZxocjcjgGj2qWPs9ihUASuB 19 | TEtkO0jHgQKBgQCUFGXc2YhJLTOlrX4O+ytvkXx0ebUbeL8lirvLnlrZ/W0T/VFs 20 | Xc3IbKxwx3/SB1HTQRgMosz+7ccHWGwpnt7K2cgC6faK0n6ASnsJX0bFuxjSjrMp 21 | L/URLexvM0uHph3ZKG0CetnL/t5o91V5b0xl843cXqSuhf2Tl7NODjOkbwKBgAIn 22 | 5mP04myHxgSXCO+KmLNWFgNLt3DaouF4cEDvTHq9tPSlPf/PpJSkTHo7imafRrXT 23 | +AjuA7DvxIFI+4GbfghhBYHUTyP802owU0A3i+1zCrbIpWK6VpvXtStZgdYn++M5 24 | p9uGSotuAEO6Dt+K4yTu019phRk2DizfFPckKHWBAoGAehmqjR+5T7SpDiZwXFyN 25 | CA4qKVoYPexmNjbECYkpLbEkPxOc145H0Y4oHOBH46jIiHumSV3N2bvywYQ2IlyV 26 | BSGqGFAeFhpRAtMKCFMG7bNPTbskKcpUyGD2csoiYxXsFuFZX4Db9i0tpjt57C/a 27 | 9ij7zNzrAj5Iby8EMykK+aM= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /crates/tls/server-fixture/src/root_ca.srl: -------------------------------------------------------------------------------- 1 | 1B924A233FDF6D40DDA57D7E4C0C37DE64BE996A 2 | -------------------------------------------------------------------------------- /crates/tls/server-fixture/src/root_ca_cert.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/server-fixture/src/root_ca_cert.der -------------------------------------------------------------------------------- /crates/tls/server-fixture/src/test_server.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIID0DCCArigAwIBAgIUG5JKIz/fbUDdpX1+TAw33mS+mWowDQYJKoZIhvcNAQEL 3 | BQAwZTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5 4 | MRIwEAYDVQQKDAl0bHNub3RhcnkxCzAJBgNVBAsMAklUMRYwFAYDVQQDDA10bHNu 5 | b3Rhcnkub3JnMCAXDTI0MDgwMjEwNDM1NloYDzIxMjQwODAzMTA0MzU2WjBmMQsw 6 | CQYDVQQGEwJVUzEOMAwGA1UECAwFU3RhdGUxDTALBgNVBAcMBENpdHkxEjAQBgNV 7 | BAoMCXRsc25vdGFyeTELMAkGA1UECwwCSVQxFzAVBgNVBAMMDnRlc3Qtc2VydmVy 8 | LmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeBDxxxAASDtcXx4 9 | 07dK7YfLw2+cRz5rDdv/HHPHJLGJTvCXfZCTfV3y3KzTuLeOWHhGyG1bH075Jg/1 10 | TZ+nTdr/T/78mV4GXilf6hvmnwX3Pr7KLfXDEizRDKbnQqTgThs9hgHJ5pm8Jkid 11 | 5dWJEnvT5ChaBzwITpAe7qD05dVln7wkayKkT28IuV1iOglXjoBsozsL2qvj2wmL 12 | pYQqn17Ir98CY9AUjJ/D4tAGRbxGmhQ3+kLakO2wR+TA0E51opjlWeP4qc8i1OWp 13 | MH3fz5GddrC0BYVF0yute2VgjOXlM0PB2V4aMrqeB52hppix9XZOXymLeVQHddXQ 14 | YbtPPQIDAQABo3UwczAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAZBgNVHREEEjAQ 15 | gg50ZXN0LXNlcnZlci5pbzAdBgNVHQ4EFgQUXLxbOoGpjtxTs0zuIRtl74jPNokw 16 | HwYDVR0jBBgwFoAUyYFyJD8NmVZE7HBcfwimWa4cps0wDQYJKoZIhvcNAQELBQAD 17 | ggEBAIxHgJqh26P0XHawz8QQgYQlKHD74uuluMgStArVIydE1/gRqhuqBNt4kvdE 18 | /lU/ZtlfQ2sZjB5a1fz3Rj4VNxlysTvp8d5fMOzcYhKTYx5eWuwejWdioarg7CUO 19 | lHy65gRSAw9E4qiyLi3zXFK2Lu/ta29/RGH+OpyziSvoD/EQ0h+8Hr792UTkJqHB 20 | eHQkaLTCr/QfSd/rf+0ao3/LptJTeDC7L2hN54L692SC/PXTW197d0+1HCjEmwmK 21 | smgfAKZcIlfiRlN7HMGWaCIRpEVcdZmOBhiTDxpQVZQdbEAcME8y7ALLTYOMpyBE 22 | a2FHrDiKtxNQZCZnaoUw3seXKHg= 23 | -----END CERTIFICATE----- 24 | -------------------------------------------------------------------------------- /crates/tls/server-fixture/src/test_server.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICqzCCAZMCAQAwZjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYD 3 | VQQHDARDaXR5MRIwEAYDVQQKDAl0bHNub3RhcnkxCzAJBgNVBAsMAklUMRcwFQYD 4 | VQQDDA50ZXN0LXNlcnZlci5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC 5 | ggEBAKHgQ8ccQAEg7XF8eNO3Su2Hy8NvnEc+aw3b/xxzxySxiU7wl32Qk31d8tys 6 | 07i3jlh4RshtWx9O+SYP9U2fp03a/0/+/JleBl4pX+ob5p8F9z6+yi31wxIs0Qym 7 | 50Kk4E4bPYYByeaZvCZIneXViRJ70+QoWgc8CE6QHu6g9OXVZZ+8JGsipE9vCLld 8 | YjoJV46AbKM7C9qr49sJi6WEKp9eyK/fAmPQFIyfw+LQBkW8RpoUN/pC2pDtsEfk 9 | wNBOdaKY5Vnj+KnPItTlqTB938+RnXawtAWFRdMrrXtlYIzl5TNDwdleGjK6nged 10 | oaaYsfV2Tl8pi3lUB3XV0GG7Tz0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCA 11 | aNz5mVndHInJJloJIuFvHbQLeuglEfn1Iyjjk3ILLm29RqcVlJ1LsnZZXG4rv8JH 12 | YWHpvsLLrR/nIkT+wxFCfYVHp8szpyLVW/mTLWb6xAB/d6i1SEmYSN0LNkmNvWFS 13 | kDq9A3v5sa9SZ1/btgfIVa6QzZWHuqYqad3KWJcpn+PckqiG+Bihx69TGsIMJHgN 14 | 9P//ra2lWyL391KGycNrKTbydpFjRT6vwC2QZJWG47liRS/PYfm6wtdoJa7Mw9vl 15 | ciBvDhTFF7FYl0uV1NlzIoVyChMmRv2JR66efcTfWqfP44E4dhBKHIpBxc8+4GtI 16 | ol18bSfvVKBlIyoZPdRP 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /crates/tls/server-fixture/src/test_server_cert.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/server-fixture/src/test_server_cert.der -------------------------------------------------------------------------------- /crates/tls/server-fixture/src/test_server_private_key.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/tls/server-fixture/src/test_server_private_key.der -------------------------------------------------------------------------------- /crates/verifier/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-verifier" 3 | authors = ["TLSNotary Team"] 4 | description = "A library for the TLSNotary verifier" 5 | keywords = ["tls", "mpc", "2pc"] 6 | categories = ["cryptography"] 7 | license = "MIT OR Apache-2.0" 8 | version = "0.1.0-alpha.11" 9 | edition = "2021" 10 | 11 | [lints] 12 | workspace = true 13 | 14 | [features] 15 | default = ["rayon"] 16 | rayon = ["mpz-common/rayon"] 17 | force-st = ["mpz-common/force-st"] 18 | 19 | [dependencies] 20 | tlsn-common = { workspace = true } 21 | tlsn-core = { workspace = true } 22 | tlsn-deap = { workspace = true } 23 | tlsn-mpc-tls = { workspace = true } 24 | tlsn-tls-core = { workspace = true } 25 | 26 | serio = { workspace = true, features = ["compat"] } 27 | uid-mux = { workspace = true, features = ["serio"] } 28 | 29 | mpz-core = { workspace = true } 30 | mpz-common = { workspace = true } 31 | mpz-garble = { workspace = true } 32 | mpz-garble-core = { workspace = true } 33 | mpz-memory-core = { workspace = true } 34 | mpz-ole = { workspace = true } 35 | mpz-ot = { workspace = true } 36 | mpz-vm-core = { workspace = true } 37 | mpz-zk = { workspace = true } 38 | 39 | derive_builder = { workspace = true } 40 | futures = { workspace = true } 41 | opaque-debug = { workspace = true } 42 | rand = { workspace = true } 43 | thiserror = { workspace = true } 44 | tokio = { workspace = true, features = ["sync"] } 45 | tracing = { workspace = true } 46 | web-time = { workspace = true } 47 | -------------------------------------------------------------------------------- /crates/verifier/src/state.rs: -------------------------------------------------------------------------------- 1 | //! TLS Verifier state. 2 | 3 | use std::sync::Arc; 4 | 5 | use crate::{Mpc, Zk}; 6 | use mpc_tls::{MpcTlsFollower, SessionKeys}; 7 | use mpz_common::Context; 8 | use mpz_memory_core::correlated::Delta; 9 | use tlsn_common::{ 10 | mux::{MuxControl, MuxFuture}, 11 | transcript::TranscriptRefs, 12 | zk_aes::ZkAesCtr, 13 | }; 14 | use tlsn_core::connection::{ConnectionInfo, ServerEphemKey}; 15 | use tlsn_deap::Deap; 16 | use tokio::sync::Mutex; 17 | 18 | /// TLS Verifier state. 19 | pub trait VerifierState: sealed::Sealed {} 20 | 21 | /// Initialized state. 22 | pub struct Initialized; 23 | 24 | opaque_debug::implement!(Initialized); 25 | 26 | /// State after MPC setup has completed. 27 | pub struct Setup { 28 | pub(crate) mux_ctrl: MuxControl, 29 | pub(crate) mux_fut: MuxFuture, 30 | pub(crate) delta: Delta, 31 | pub(crate) mpc_tls: MpcTlsFollower, 32 | pub(crate) zk_aes: ZkAesCtr, 33 | pub(crate) _keys: SessionKeys, 34 | pub(crate) vm: Arc>>, 35 | } 36 | 37 | /// State after the TLS connection has been closed. 38 | pub struct Committed { 39 | pub(crate) mux_ctrl: MuxControl, 40 | pub(crate) mux_fut: MuxFuture, 41 | pub(crate) delta: Delta, 42 | pub(crate) ctx: Context, 43 | pub(crate) vm: Zk, 44 | pub(crate) server_ephemeral_key: ServerEphemKey, 45 | pub(crate) connection_info: ConnectionInfo, 46 | pub(crate) transcript_refs: TranscriptRefs, 47 | } 48 | 49 | opaque_debug::implement!(Committed); 50 | 51 | impl VerifierState for Initialized {} 52 | impl VerifierState for Setup {} 53 | impl VerifierState for Committed {} 54 | 55 | mod sealed { 56 | pub trait Sealed {} 57 | impl Sealed for super::Initialized {} 58 | impl Sealed for super::Setup {} 59 | impl Sealed for super::Committed {} 60 | } 61 | -------------------------------------------------------------------------------- /crates/wasm-test-runner/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tlsn-wasm-test-runner" 3 | version = "0.0.0" 4 | edition = "2021" 5 | publish = false 6 | 7 | [lints] 8 | workspace = true 9 | 10 | [dependencies] 11 | tlsn-common = { workspace = true } 12 | tlsn-core = { workspace = true } 13 | tlsn-prover = { workspace = true } 14 | tlsn-server-fixture = { workspace = true } 15 | tlsn-server-fixture-certs = { workspace = true } 16 | tlsn-tls-core = { workspace = true } 17 | tlsn-verifier = { workspace = true } 18 | 19 | websocket-relay = { workspace = true } 20 | 21 | anyhow = { workspace = true } 22 | axum = { workspace = true } 23 | chromiumoxide = { version = "0.6", features = ["tokio-runtime"] } 24 | futures = { workspace = true } 25 | serde = { workspace = true, features = ["derive"] } 26 | tokio = { workspace = true, features = ["full"] } 27 | tokio-util = { workspace = true, features = ["compat"] } 28 | tower = { version = "0.4" } 29 | tower-http = { version = "0.5", features = ["fs", "set-header"] } 30 | tracing = { workspace = true } 31 | tracing-subscriber = { workspace = true, features = ["env-filter"] } 32 | -------------------------------------------------------------------------------- /crates/wasm-test-runner/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Ensure the script runs in the folder that contains this script 4 | cd "$(dirname "$0")" 5 | 6 | RUSTFLAGS='-C target-feature=+atomics,+bulk-memory,+mutable-globals -C link-arg=--max-memory=4294967296 --cfg getrandom_backend="wasm_js"' \ 7 | rustup run nightly \ 8 | wasm-pack build ../wasm --target web --no-pack --out-dir=../wasm-test-runner/static/generated -- -Zbuild-std=panic_abort,std --features test,no-bundler && 9 | RUST_LOG=debug cargo run --release 10 | -------------------------------------------------------------------------------- /crates/wasm-test-runner/src/lib.rs: -------------------------------------------------------------------------------- 1 | use std::fmt::Display; 2 | 3 | pub mod chrome_driver; 4 | pub mod server_fixture; 5 | pub mod tlsn_fixture; 6 | pub mod wasm_server; 7 | pub mod ws; 8 | 9 | pub static DEFAULT_SERVER_IP: &str = "127.0.0.1"; 10 | pub static DEFAULT_WASM_PORT: u16 = 8013; 11 | pub static DEFAULT_WS_PORT: u16 = 8080; 12 | pub static DEFAULT_SERVER_PORT: u16 = 8083; 13 | pub static DEFAULT_VERIFIER_PORT: u16 = 8010; 14 | pub static DEFAULT_NOTARY_PORT: u16 = 8011; 15 | pub static DEFAULT_PROVER_PORT: u16 = 8012; 16 | 17 | #[derive(Debug, serde::Deserialize)] 18 | pub struct TestResult { 19 | pub name: String, 20 | pub passed: bool, 21 | #[serde(default)] 22 | pub duration_secs: f64, 23 | pub error: Option, 24 | } 25 | 26 | impl Display for TestResult { 27 | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { 28 | if self.passed { 29 | write!(f, "{}: passed in {} seconds", self.name, self.duration_secs)?; 30 | } else { 31 | write!(f, "{}: failed", self.name)?; 32 | if let Some(error) = &self.error { 33 | write!(f, "\ncaused by: {}", error)?; 34 | } 35 | } 36 | 37 | Ok(()) 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /crates/wasm-test-runner/src/main.rs: -------------------------------------------------------------------------------- 1 | use anyhow::Result; 2 | 3 | fn init_tracing() { 4 | use tracing_subscriber::EnvFilter; 5 | 6 | tracing_subscriber::fmt() 7 | .with_env_filter(EnvFilter::from_default_env()) 8 | .init(); 9 | } 10 | 11 | #[tokio::main] 12 | async fn main() -> Result<()> { 13 | init_tracing(); 14 | 15 | let fut_wasm = tlsn_wasm_test_runner::wasm_server::start().await?; 16 | let fut_proxy = tlsn_wasm_test_runner::ws::start().await?; 17 | let fut_tlsn = tlsn_wasm_test_runner::tlsn_fixture::start().await?; 18 | let fut_server = tlsn_wasm_test_runner::server_fixture::start().await?; 19 | 20 | tokio::spawn(async move { 21 | futures::future::try_join4(fut_wasm, fut_proxy, fut_tlsn, fut_server) 22 | .await 23 | .unwrap() 24 | }); 25 | 26 | let results = tlsn_wasm_test_runner::chrome_driver::run().await?; 27 | 28 | for result in &results { 29 | println!("{}", result); 30 | } 31 | 32 | let passed = results.iter().filter(|r| r.passed).count(); 33 | let failed = results.iter().filter(|r| !r.passed).count(); 34 | 35 | println!("{} passed, {} failed", passed, failed); 36 | 37 | if results.iter().any(|r| !r.passed) { 38 | std::process::exit(1); 39 | } 40 | 41 | Ok(()) 42 | } 43 | -------------------------------------------------------------------------------- /crates/wasm-test-runner/src/server_fixture.rs: -------------------------------------------------------------------------------- 1 | use std::{env, net::IpAddr}; 2 | 3 | use tlsn_server_fixture; 4 | 5 | use anyhow::Result; 6 | use futures::Future; 7 | use tokio::net::TcpListener; 8 | use tokio_util::compat::TokioAsyncReadCompatExt; 9 | use tracing::{info, instrument}; 10 | 11 | use crate::{DEFAULT_SERVER_IP, DEFAULT_SERVER_PORT}; 12 | 13 | #[instrument] 14 | pub async fn start() -> Result>> { 15 | let port: u16 = env::var("SERVER_PORT") 16 | .map(|port| port.parse().expect("port should be valid integer")) 17 | .unwrap_or(DEFAULT_SERVER_PORT); 18 | let addr: IpAddr = env::var("SERVER_IP") 19 | .map(|addr| addr.parse().expect("should be valid IP address")) 20 | .unwrap_or(IpAddr::V4(DEFAULT_SERVER_IP.parse().unwrap())); 21 | 22 | let listener = TcpListener::bind((addr, port)).await?; 23 | 24 | info!("listening on: {}", listener.local_addr()?); 25 | 26 | Ok(async move { 27 | loop { 28 | let (socket, addr) = listener.accept().await?; 29 | info!("accepted connection from: {}", addr); 30 | 31 | tokio::spawn(tlsn_server_fixture::bind(socket.compat())); 32 | } 33 | }) 34 | } 35 | -------------------------------------------------------------------------------- /crates/wasm-test-runner/src/wasm_server.rs: -------------------------------------------------------------------------------- 1 | use std::{env, net::IpAddr}; 2 | 3 | use anyhow::Result; 4 | use axum::{ 5 | http::{HeaderName, HeaderValue}, 6 | Router, 7 | }; 8 | use futures::Future; 9 | use tokio::net::TcpListener; 10 | use tower::ServiceBuilder; 11 | use tower_http::{services::ServeDir, set_header::SetResponseHeaderLayer}; 12 | use tracing::{info, instrument}; 13 | 14 | use crate::{DEFAULT_SERVER_IP, DEFAULT_WASM_PORT}; 15 | 16 | #[instrument] 17 | pub async fn start() -> Result>> { 18 | let port: u16 = env::var("WASM_PORT") 19 | .map(|port| port.parse().expect("port should be valid integer")) 20 | .unwrap_or(DEFAULT_WASM_PORT); 21 | let addr: IpAddr = env::var("WASM_IP") 22 | .map(|addr| addr.parse().expect("should be valid IP address")) 23 | .unwrap_or(IpAddr::V4(DEFAULT_SERVER_IP.parse().unwrap())); 24 | 25 | let files = ServeDir::new("static"); 26 | 27 | let service = ServiceBuilder::new() 28 | .layer(SetResponseHeaderLayer::if_not_present( 29 | HeaderName::from_static("cross-origin-embedder-policy"), 30 | HeaderValue::from_static("require-corp"), 31 | )) 32 | .layer(SetResponseHeaderLayer::if_not_present( 33 | HeaderName::from_static("cross-origin-opener-policy"), 34 | HeaderValue::from_static("same-origin"), 35 | )) 36 | .service(files); 37 | 38 | // build our application with a single route 39 | let app = Router::new().fallback_service(service); 40 | 41 | let listener = TcpListener::bind((addr, port)).await?; 42 | 43 | info!("listening on {}", listener.local_addr()?); 44 | 45 | Ok(async move { 46 | axum::serve(listener, app).await?; 47 | Ok(()) 48 | }) 49 | } 50 | -------------------------------------------------------------------------------- /crates/wasm-test-runner/src/ws.rs: -------------------------------------------------------------------------------- 1 | use std::{env, net::IpAddr}; 2 | 3 | use anyhow::{Context, Result}; 4 | use futures::Future; 5 | use tokio::net::TcpListener; 6 | use tracing::{info, instrument}; 7 | 8 | use crate::{DEFAULT_SERVER_IP, DEFAULT_WS_PORT}; 9 | 10 | #[instrument] 11 | pub async fn start() -> Result>> { 12 | let port: u16 = env::var("PROXY_PORT") 13 | .map(|port| port.parse().expect("port should be valid integer")) 14 | .unwrap_or(DEFAULT_WS_PORT); 15 | let addr: IpAddr = env::var("PROXY_IP") 16 | .map(|addr| addr.parse().expect("should be valid IP address")) 17 | .unwrap_or(IpAddr::V4(DEFAULT_SERVER_IP.parse().unwrap())); 18 | 19 | let listener = TcpListener::bind((addr, port)) 20 | .await 21 | .context("failed to bind to address")?; 22 | 23 | info!("listening on: {}", listener.local_addr()?); 24 | 25 | Ok(websocket_relay::run(listener)) 26 | } 27 | -------------------------------------------------------------------------------- /crates/wasm-test-runner/static/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/crates/wasm-test-runner/static/favicon.ico -------------------------------------------------------------------------------- /crates/wasm-test-runner/static/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /crates/wasm-test-runner/static/index.js: -------------------------------------------------------------------------------- 1 | import * as Comlink from "https://unpkg.com/comlink/dist/esm/comlink.mjs"; 2 | 3 | const testWorker = Comlink.wrap(new Worker("worker.js", { type: "module" })); 4 | 5 | window.testWorker = testWorker; 6 | -------------------------------------------------------------------------------- /crates/wasm-test-runner/static/worker.js: -------------------------------------------------------------------------------- 1 | import * as Comlink from "https://unpkg.com/comlink/dist/esm/comlink.mjs"; 2 | import init_wasm, * as wasm from "./generated/tlsn_wasm.js"; 3 | 4 | class TestWorker { 5 | async init() { 6 | try { 7 | console.log("initializing wasm"); 8 | await init_wasm(); 9 | await wasm.initialize({ level: "Debug" }, navigator.hardwareConcurrency); 10 | } catch (e) { 11 | console.error(e); 12 | throw e; 13 | } 14 | } 15 | 16 | async run() { 17 | let promises = []; 18 | for (const [name, func] of Object.entries(wasm)) { 19 | if (name.startsWith("test_") && (typeof func === 'function')) { 20 | promises.push((async () => { 21 | console.log("running test", name); 22 | const start = performance.now(); 23 | try { 24 | await func(); 25 | } catch (error) { 26 | return { 27 | name: name, 28 | passed: false, 29 | error: error.toString(), 30 | } 31 | } 32 | 33 | const duration_secs = (performance.now() - start) / 1000; 34 | console.log(`Test ${name} passed in ${duration_secs} seconds`); 35 | return { 36 | name: name, 37 | passed: true, 38 | duration_secs, 39 | } 40 | })()); 41 | } 42 | } 43 | return Promise.all(promises); 44 | } 45 | } 46 | 47 | const worker = new TestWorker(); 48 | 49 | Comlink.expose(worker); 50 | -------------------------------------------------------------------------------- /crates/wasm/.cargo/config.toml: -------------------------------------------------------------------------------- 1 | [build] 2 | target = "wasm32-unknown-unknown" 3 | 4 | [unstable] 5 | build-std = ["panic_abort", "std"] 6 | 7 | [target.wasm32-unknown-unknown] 8 | rustflags = [ 9 | "-C", 10 | "target-feature=+atomics,+bulk-memory,+mutable-globals", 11 | "-C", 12 | # 4GB 13 | "link-arg=--max-memory=4294967296", 14 | "--cfg", 15 | 'getrandom_backend="wasm_js"', 16 | ] 17 | -------------------------------------------------------------------------------- /crates/wasm/README.md: -------------------------------------------------------------------------------- 1 | # TLSNotary WASM Bindings 2 | 3 | This crate provides a WebAssembly package for TLSNotary, offering core functionality for the TLSNotary attestation protocol along with useful TypeScript types. 4 | 5 | For most use cases, you may prefer to use the `tlsn-js` package instead: [tlsn-js on npm](https://www.npmjs.com/package/tlsn-js). 6 | 7 | ## Links 8 | 9 | - [Website](https://tlsnotary.org) 10 | - [Documentation](https://docs.tlsnotary.org) 11 | - [API Docs](https://tlsnotary.github.io/tlsn) -------------------------------------------------------------------------------- /crates/wasm/build-docs.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | cd "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 5 | 6 | # List the packages you want to document 7 | PACKAGES=("tlsn-core" "tlsn-prover" "tlsn-verifier" "tlsn-wasm") 8 | 9 | # Find all features, except for the "test" features 10 | FEATURES=$( 11 | cargo metadata --no-deps --format-version=1 | 12 | jq -r --argjson names "$(printf '%s\n' "${PACKAGES[@]}" | jq -R . | jq -s .)" ' 13 | .packages[] 14 | | select(.name as $n | $names | index($n)) 15 | | .features 16 | | keys[] 17 | | select(. != "test" and . != "rstest") 18 | ' | sort -u | paste -sd, - 19 | ) 20 | 21 | # Join package names for the `-p` args 22 | PACKAGE_ARGS=() 23 | for pkg in "${PACKAGES[@]}"; do 24 | PACKAGE_ARGS+=("-p" "$pkg") 25 | done 26 | 27 | # Build docs using the correct config and filtered features 28 | cargo +nightly doc \ 29 | "${PACKAGE_ARGS[@]}" \ 30 | --no-deps \ 31 | --features "$FEATURES" 32 | 33 | # https://dev.to/deciduously/prepare-your-rust-api-docs-for-github-pages-2n5i 34 | echo "Add index file -> tlsn_prover" 35 | echo "" >../../target/wasm32-unknown-unknown/doc/index.html 36 | -------------------------------------------------------------------------------- /crates/wasm/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This crate must be built using the nightly Rust compiler with specific flags. 4 | # This script automates the build process. 5 | 6 | set -e 7 | 8 | # Clean up older builds 9 | rm -rf pkg 10 | 11 | # Build tlsn_wasm package 12 | wasm-pack build --target web . 13 | 14 | # Patch tlsn_wasm.js import in spawn.js snippet and copy it to the main folder 15 | file=$(find ./pkg/snippets -name "spawn.js" -print -quit) 16 | if [ -z "$file" ]; then 17 | echo "Error: spawn.js snippet not found" 18 | find pkg 19 | exit 1 20 | fi 21 | temp=$(mktemp) 22 | sed 's|../../..|../../../tlsn_wasm.js|' "$file" >"$temp" && mv "$temp" "$file" 23 | cp ${file} ./pkg 24 | 25 | # Add all files and snippets directory to package.json 26 | file="pkg/package.json" 27 | temp=$(mktemp) 28 | jq '.files += ["tlsn_wasm_bg.wasm.d.ts"]' "$file" >"$temp" && mv "$temp" "$file" 29 | jq '.files += ["spawn.js"]' "$file" >"$temp" && mv "$temp" "$file" 30 | jq '.files += ["snippets/"]' "$file" >"$temp" && mv "$temp" "$file" 31 | -------------------------------------------------------------------------------- /crates/wasm/rust-toolchain: -------------------------------------------------------------------------------- 1 | [toolchain] 2 | channel = "nightly" 3 | components = ["rust-src"] 4 | targets = ["wasm32-unknown-unknown"] -------------------------------------------------------------------------------- /crates/wasm/src/prover/config.rs: -------------------------------------------------------------------------------- 1 | use crate::types::NetworkSetting; 2 | use serde::Deserialize; 3 | use tlsn_common::config::ProtocolConfig; 4 | use tsify_next::Tsify; 5 | #[derive(Debug, Tsify, Deserialize)] 6 | #[tsify(from_wasm_abi)] 7 | pub struct ProverConfig { 8 | pub server_name: String, 9 | pub max_sent_data: usize, 10 | pub max_recv_data_online: Option, 11 | pub max_recv_data: usize, 12 | pub defer_decryption_from_start: Option, 13 | pub max_sent_records: Option, 14 | pub max_recv_records: Option, 15 | pub network: NetworkSetting, 16 | } 17 | 18 | impl From for tlsn_prover::ProverConfig { 19 | fn from(value: ProverConfig) -> Self { 20 | let mut builder = ProtocolConfig::builder(); 21 | 22 | builder.max_sent_data(value.max_sent_data); 23 | builder.max_recv_data(value.max_recv_data); 24 | 25 | if let Some(value) = value.max_recv_data_online { 26 | builder.max_recv_data_online(value); 27 | } 28 | 29 | if let Some(value) = value.max_sent_records { 30 | builder.max_sent_records(value); 31 | } 32 | 33 | if let Some(value) = value.max_recv_records { 34 | builder.max_recv_records(value); 35 | } 36 | 37 | if let Some(value) = value.defer_decryption_from_start { 38 | builder.defer_decryption_from_start(value); 39 | } 40 | 41 | builder.network(value.network.into()); 42 | let protocol_config = builder.build().unwrap(); 43 | 44 | let mut builder = tlsn_prover::ProverConfig::builder(); 45 | builder 46 | .server_name(value.server_name.as_ref()) 47 | .protocol_config(protocol_config); 48 | 49 | builder.build().unwrap() 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /crates/wasm/src/verifier/config.rs: -------------------------------------------------------------------------------- 1 | use serde::Deserialize; 2 | use tlsn_common::config::ProtocolConfigValidator; 3 | use tsify_next::Tsify; 4 | 5 | #[derive(Debug, Tsify, Deserialize)] 6 | #[tsify(from_wasm_abi)] 7 | pub struct VerifierConfig { 8 | pub max_sent_data: usize, 9 | pub max_recv_data: usize, 10 | pub max_sent_records: Option, 11 | pub max_recv_records: Option, 12 | } 13 | 14 | impl From for tlsn_verifier::VerifierConfig { 15 | fn from(value: VerifierConfig) -> Self { 16 | let mut builder = ProtocolConfigValidator::builder(); 17 | 18 | builder.max_sent_data(value.max_sent_data); 19 | builder.max_recv_data(value.max_recv_data); 20 | 21 | if let Some(value) = value.max_sent_records { 22 | builder.max_sent_records(value); 23 | } 24 | 25 | if let Some(value) = value.max_recv_records { 26 | builder.max_recv_records(value); 27 | } 28 | 29 | let validator = builder.build().unwrap(); 30 | 31 | tlsn_verifier::VerifierConfig::builder() 32 | .protocol_config_validator(validator) 33 | .build() 34 | .unwrap() 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /pre-commit-check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script is used to run checks before committing changes to the repository. 4 | # It is a good approximation of what CI will do. 5 | 6 | # Fail if any command fails 7 | set -e 8 | 9 | # Check formatting 10 | cargo +nightly fmt --all 11 | 12 | # Check clippy 13 | cargo clippy --all-features --all-targets -- -D warnings 14 | 15 | # Build all targets 16 | # cargo build --all-targets 17 | 18 | # Run tests 19 | # cargo test 20 | 21 | # Run wasm tests 22 | # ./crates/wasm-test-runner/run.sh 23 | -------------------------------------------------------------------------------- /rustfmt.toml: -------------------------------------------------------------------------------- 1 | ignore = ["crates/tls/core", "crates/tls/client"] 2 | 3 | imports_granularity = "Crate" 4 | wrap_comments = true 5 | -------------------------------------------------------------------------------- /tlsn-banner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tlsnotary/tlsn/878fe7e87d6d3306b283148abecc5bc19e04579b/tlsn-banner.png --------------------------------------------------------------------------------