tlsn-core fixtures (#359)

* move fixtures back into tlsn-core crate

* add --all-features tests

* limit --all-features tests to tlsn workspace

* satisfy clippy

* fix eph key fixture

* Update tlsn/tlsn-core/src/fixtures/cert.rs

Co-authored-by: dan <[email protected]>

* remove webpki tests, and factor out cert verifier

* fix unused import

---------

Co-authored-by: dan <[email protected]>

.github/workflows/rust.yml

@@ -31,6 +31,8 @@ jobs:
         include:
           - package: components/integration-tests
             release: true
+          - package: tlsn
+            all-features: true
     defaults:
       run:
         working-directory: ${{ matrix.package }}
@@ -63,10 +65,18 @@ jobs:
         if: ${{ matrix.release != true }}
         run: cargo test --lib --bins --tests --examples --workspace
 
+      - name: "Test all features"
+        if: ${{ matrix.release != true && matrix.all-features == true }}
+        run: cargo test --lib --bins --tests --examples --workspace --all-features
+
       - name: "Integration Test"
         if: ${{ matrix.release == true }}
         run: cargo test --release --tests
 
+      - name: "Integration Test all features"
+        if: ${{ matrix.release == true && matrix.all-features == true }}
+        run: cargo test --release --tests --all-features
+
       - name: "Check that benches compile"
         run: cargo bench --no-run
 

components/tls/tls-client-async/src/lib.rs

@@ -121,7 +121,7 @@ pub fn bind_client<T: AsyncRead + AsyncWrite + Send + Unpin + 'static>(
                                 // error.
                                 let _ignored = client.write_tls_async(&mut server_tx).await;
 
-                                return Err(std::io::Error::new(std::io::ErrorKind::InvalidData, e))?;
+                                Err(std::io::Error::new(std::io::ErrorKind::InvalidData, e))?
                             }
                         }
 

tlsn/Cargo.toml

@@ -3,7 +3,6 @@ members = [
     "tlsn-core",
     "tlsn-notary",
     "tlsn-prover",
-    "tlsn-fixtures",
     "tlsn-server-fixture",
     "tests-integration",
     "examples",
@@ -14,7 +13,6 @@ resolver = "2"
 tlsn-core = { path = "tlsn-core" }
 tlsn-prover = { path = "tlsn-prover" }
 tlsn-notary = { path = "tlsn-notary" }
-tlsn-fixtures = { path = "tlsn-fixtures" }
 tlsn-server-fixture = { path = "tlsn-server-fixture" }
 
 tlsn-tls-core = { path = "../components/tls/tls-core" }

tlsn/tlsn-core/Cargo.toml

@@ -10,6 +10,7 @@ edition = "2021"
 
 [features]
 default = []
+fixtures = ["dep:hex"]
 
 [dependencies]
 tlsn-tls-core = { workspace = true, features = ["serde"] }
@@ -33,8 +34,6 @@ opaque-debug.workspace = true
 bimap = { version = "0.6.3", features = ["serde"] }
 
 [dev-dependencies]
-tlsn-fixtures.workspace = true
-
 rstest.workspace = true
 hex.workspace = true
 rand_core.workspace = true
@@ -43,3 +42,4 @@ bincode.workspace = true
 
 [[test]]
 name = "api"
+required-features = ["fixtures"]

tlsn/tlsn-core/src/commitment/builder.rs

@@ -2,7 +2,6 @@ use std::collections::HashMap;
 
 use bimap::BiMap;
 use mpz_core::hash::Hash;
-use mpz_garble_core::{encoding_state, EncodedValue};
 use utils::range::RangeSet;
 
 use crate::{
@@ -11,12 +10,9 @@ use crate::{
     },
     merkle::MerkleTree,
     transcript::get_value_ids,
-    Direction,
+    Direction, EncodingProvider,
 };
 
-type EncodingProvider =
-    Box<dyn Fn(&[&str]) -> Option<Vec<EncodedValue<encoding_state::Active>>> + Send>;
-
 /// An error for [`TranscriptCommitmentBuilder`]
 #[derive(Debug, thiserror::Error)]
 pub enum TranscriptCommitmentBuilderError {

tlsn/tlsn-core/src/fixtures/cert.rs

@@ -0,0 +1,130 @@
+use tls_core::{
+    key::{Certificate, PublicKey},
+    msgs::{
+        codec::Codec,
+        enums::{NamedGroup, SignatureScheme},
+        handshake::{DigitallySignedStruct, Random, ServerECDHParams},
+    },
+};
+
+use hex::FromHex;
+
+/// Collects data needed for testing
+pub struct TestData {
+    /// end-entity cert
+    pub ee: Certificate,
+    /// intermediate cert
+    pub inter: Certificate,
+    /// CA cert
+    pub ca: Certificate,
+    /// client random
+    pub cr: Random,
+    /// server random
+    pub sr: Random,
+    /// server ephemeral P256 pubkey
+    pub pubkey: PublicKey,
+    /// server signature over the key exchange parameters
+    pub sig: Vec<u8>,
+    /// unix time when TLS handshake began
+    pub time: u64,
+    /// algorithm used to create the sig
+    pub sig_scheme: SignatureScheme,
+    /// DNS name of the website
+    pub dns_name: String,
+}
+
+impl TestData {
+    /// Returns the [ServerECDHParams] in encoded form
+    pub fn kx_params(&self) -> Vec<u8> {
+        let mut params = Vec::new();
+        let ecdh_params = ServerECDHParams::new(NamedGroup::secp256r1, &self.pubkey.key);
+        ecdh_params.encode(&mut params);
+        params
+    }
+
+    /// Returns the [DigitallySignedStruct]
+    pub fn dss(&self) -> DigitallySignedStruct {
+        DigitallySignedStruct::new(self.sig_scheme, self.sig.clone())
+    }
+
+    /// Returns the client random + server random + kx params in encoded form
+    pub fn signature_msg(&self) -> Vec<u8> {
+        let mut msg = Vec::new();
+        msg.extend_from_slice(&self.cr.0);
+        msg.extend_from_slice(&self.sr.0);
+        msg.extend_from_slice(&self.kx_params());
+        msg
+    }
+}
+
+/// Returns test data for the tlsnotary.org website
+pub fn tlsnotary() -> TestData {
+    TestData {
+        ee: Certificate(include_bytes!("testdata/key_exchange/tlsnotary.org/ee.der").to_vec()),
+        inter: Certificate(
+            include_bytes!("testdata/key_exchange/tlsnotary.org/inter.der").to_vec(),
+        ),
+        ca: Certificate(include_bytes!("testdata/key_exchange/tlsnotary.org/ca.der").to_vec()),
+        cr: Random(
+            <[u8; 32]>::from_hex(include_bytes!(
+                "testdata/key_exchange/tlsnotary.org/client_random"
+            ))
+            .unwrap(),
+        ),
+        sr: Random(
+            <[u8; 32]>::from_hex(include_bytes!(
+                "testdata/key_exchange/tlsnotary.org/server_random"
+            ))
+            .unwrap(),
+        ),
+        pubkey: PublicKey::new(
+            NamedGroup::secp256r1,
+            &Vec::<u8>::from_hex(include_bytes!("testdata/key_exchange/tlsnotary.org/pubkey"))
+                .unwrap(),
+        ),
+        sig: Vec::<u8>::from_hex(include_bytes!(
+            "testdata/key_exchange/tlsnotary.org/signature"
+        ))
+        .unwrap(),
+        time: 1671637529,
+        sig_scheme: SignatureScheme::RSA_PKCS1_SHA256,
+        dns_name: "tlsnotary.org".to_string(),
+    }
+}
+
+/// Returns test data for the appliedzkp.org website
+pub fn appliedzkp() -> TestData {
+    TestData {
+        ee: Certificate(include_bytes!("testdata/key_exchange/appliedzkp.org/ee.der").to_vec()),
+        inter: Certificate(
+            include_bytes!("testdata/key_exchange/appliedzkp.org/inter.der").to_vec(),
+        ),
+        ca: Certificate(include_bytes!("testdata/key_exchange/appliedzkp.org/ca.der").to_vec()),
+        cr: Random(
+            <[u8; 32]>::from_hex(include_bytes!(
+                "testdata/key_exchange/appliedzkp.org/client_random"
+            ))
+            .unwrap(),
+        ),
+        sr: Random(
+            <[u8; 32]>::from_hex(include_bytes!(
+                "testdata/key_exchange/appliedzkp.org/server_random"
+            ))
+            .unwrap(),
+        ),
+        pubkey: PublicKey::new(
+            NamedGroup::secp256r1,
+            &Vec::<u8>::from_hex(include_bytes!(
+                "testdata/key_exchange/appliedzkp.org/pubkey"
+            ))
+            .unwrap(),
+        ),
+        sig: Vec::<u8>::from_hex(include_bytes!(
+            "testdata/key_exchange/appliedzkp.org/signature"
+        ))
+        .unwrap(),
+        time: 1671637529,
+        sig_scheme: SignatureScheme::ECDSA_NISTP256_SHA256,
+        dns_name: "appliedzkp.org".to_string(),
+    }
+}

tlsn/tlsn-core/src/fixtures/mod.rs

@@ -0,0 +1,164 @@
+//! Fixtures for testing
+
+/// Certificate fixtures
+pub mod cert;
+
+use std::collections::HashMap;
+
+use hex::FromHex;
+use mpz_circuits::types::ValueType;
+use mpz_core::{commit::HashCommit, hash::Hash, value::ValueId};
+use mpz_garble_core::{ChaChaEncoder, Encoder};
+use tls_core::{
+    cert::ServerCertDetails,
+    handshake::HandshakeData,
+    ke::ServerKxDetails,
+    key::{Certificate, PublicKey},
+    msgs::{
+        codec::Codec,
+        enums::{NamedGroup, SignatureScheme},
+        handshake::{DigitallySignedStruct, Random, ServerECDHParams},
+    },
+};
+
+use p256::ecdsa::SigningKey;
+
+use crate::{
+    merkle::MerkleRoot,
+    session::{HandshakeSummary, SessionHeader},
+    EncodingProvider,
+};
+
+/// Returns a session header fixture using the given transcript lengths and merkle root.
+///
+/// # Arguments
+///
+/// * `root` - The merkle root of the transcript commitments.
+/// * `sent_len` - The length of the sent transcript.
+/// * `recv_len` - The length of the received transcript.
+pub fn session_header(root: MerkleRoot, sent_len: usize, recv_len: usize) -> SessionHeader {
+    SessionHeader::new(
+        encoder_seed(),
+        root,
+        sent_len,
+        recv_len,
+        handshake_summary(),
+    )
+}
+
+/// Returns an encoding provider fixture using the given transcripts.
+pub fn encoding_provider(transcript_tx: &[u8], transcript_rx: &[u8]) -> EncodingProvider {
+    let encoder = encoder();
+    let mut active_encodings = HashMap::new();
+    for (idx, byte) in transcript_tx.iter().enumerate() {
+        let id = format!("tx/{idx}");
+        let enc = encoder.encode_by_type(ValueId::new(&id).to_u64(), &ValueType::U8);
+        active_encodings.insert(id, enc.select(*byte).unwrap());
+    }
+    for (idx, byte) in transcript_rx.iter().enumerate() {
+        let id = format!("rx/{idx}");
+        let enc = encoder.encode_by_type(ValueId::new(&id).to_u64(), &ValueType::U8);
+        active_encodings.insert(id, enc.select(*byte).unwrap());
+    }
+
+    Box::new(move |ids: &[&str]| {
+        ids.iter()
+            .map(|id| active_encodings.get(*id).cloned())
+            .collect()
+    })
+}
+
+/// Returns a handshake summary fixture.
+pub fn handshake_summary() -> HandshakeSummary {
+    HandshakeSummary::new(1671637529, server_ephemeral_key(), handshake_commitment())
+}
+
+/// Returns a handshake commitment fixture.
+pub fn handshake_commitment() -> Hash {
+    let (_, hash) = handshake_data().hash_commit();
+    hash
+}
+
+/// Returns a handshake data fixture.
+pub fn handshake_data() -> HandshakeData {
+    HandshakeData::new(
+        server_cert_details(),
+        server_kx_details(),
+        client_random(),
+        server_random(),
+    )
+}
+
+/// Returns a server certificate details fixture.
+pub fn server_cert_details() -> ServerCertDetails {
+    ServerCertDetails::new(
+        vec![
+            Certificate(include_bytes!("testdata/key_exchange/tlsnotary.org/ee.der").to_vec()),
+            Certificate(include_bytes!("testdata/key_exchange/tlsnotary.org/inter.der").to_vec()),
+            Certificate(include_bytes!("testdata/key_exchange/tlsnotary.org/ca.der").to_vec()),
+        ],
+        vec![],
+        None,
+    )
+}
+
+/// Returns a server key exchange details fixture.
+pub fn server_kx_details() -> ServerKxDetails {
+    let mut params = Vec::new();
+    let ecdh_params = ServerECDHParams::new(NamedGroup::secp256r1, &server_ephemeral_key().key);
+    ecdh_params.encode(&mut params);
+
+    ServerKxDetails::new(
+        params,
+        DigitallySignedStruct::new(
+            SignatureScheme::RSA_PKCS1_SHA256,
+            Vec::<u8>::from_hex(include_bytes!(
+                "testdata/key_exchange/tlsnotary.org/signature"
+            ))
+            .unwrap(),
+        ),
+    )
+}
+
+/// Returns a client random fixture.
+pub fn client_random() -> Random {
+    Random(
+        <[u8; 32]>::from_hex(include_bytes!(
+            "testdata/key_exchange/tlsnotary.org/client_random"
+        ))
+        .unwrap(),
+    )
+}
+
+/// Returns a server random fixture.
+pub fn server_random() -> Random {
+    Random(
+        <[u8; 32]>::from_hex(include_bytes!(
+            "testdata/key_exchange/tlsnotary.org/server_random"
+        ))
+        .unwrap(),
+    )
+}
+
+/// Returns an encoder fixture.
+pub fn encoder() -> ChaChaEncoder {
+    ChaChaEncoder::new(encoder_seed())
+}
+
+/// Returns an encoder seed fixture.
+pub fn encoder_seed() -> [u8; 32] {
+    [0u8; 32]
+}
+
+/// Returns a server ephemeral key fixture.
+pub fn server_ephemeral_key() -> PublicKey {
+    PublicKey::new(
+        NamedGroup::secp256r1,
+        &Vec::<u8>::from_hex(include_bytes!("testdata/key_exchange/tlsnotary.org/pubkey")).unwrap(),
+    )
+}
+
+/// Returns a notary signing key fixture.
+pub fn notary_signing_key() -> SigningKey {
+    SigningKey::from_slice(&[1; 32]).unwrap()
+}