From a89c926c50b1f9cc71e33d587c741944e238397a Mon Sep 17 00:00:00 2001 From: themighty1 Date: Wed, 23 Aug 2023 11:54:59 +0300 Subject: [PATCH] added feedback --- tlsn/examples/README.md | 18 +++++++++++++++++ tlsn/examples/simple_prover.rs | 28 ++++++++++++-------------- tlsn/examples/simple_verifier.rs | 34 +++++++++----------------------- 3 files changed, 40 insertions(+), 40 deletions(-) create mode 100644 tlsn/examples/README.md diff --git a/tlsn/examples/README.md b/tlsn/examples/README.md new file mode 100644 index 0000000000..d6ecc53015 --- /dev/null +++ b/tlsn/examples/README.md @@ -0,0 +1,18 @@ +This folder contains examples showing how to use the TLSNotary protocol. + +`quick_start.md` shows how to perform a simple notarization. + +`twitter_dm.md` shows how to notarize a Twitter DM. + + +### Starting a notary server + +Before running the examples please make sure that the Notary server is already running. The server can be started with: + +```shell +git clone https://github.com/tlsnotary/notary-server +cd notary-server +cargo run --release +``` + +By default the server will be listening on 127.0.0.1:7047 \ No newline at end of file diff --git a/tlsn/examples/simple_prover.rs b/tlsn/examples/simple_prover.rs index 13df574fa7..4234fc4f53 100644 --- a/tlsn/examples/simple_prover.rs +++ b/tlsn/examples/simple_prover.rs @@ -20,7 +20,7 @@ use tlsn_prover::{bind_prover, ProverConfig}; const SERVER_DOMAIN: &str = "example.com"; const USER_AGENT: &str = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"; -const NOTARY_DOMAIN: &str = "127.0.0.1"; +const NOTARY_HOST: &str = "127.0.0.1"; const NOTARY_PORT: u16 = 7047; const NOTARY_CA_CERT_PATH: &str = "./rootCA.crt"; const MAX_TRANSCRIPT_SIZE: usize = 16384; @@ -28,7 +28,8 @@ const MAX_TRANSCRIPT_SIZE: usize = 16384; /// Runs a simple Prover which connects to the Notary and notarizes a request/response from /// example.com. The Prover then generates a proof and writes it to disk. /// -/// Note that the Notary server must be already listening at NOTARY_DOMAIN:NOTARY_PORT +/// Note that the Notary server must be already listening on NOTARY_HOST:NOTARY_PORT +/// (see README.md "Starting a notary server") #[tokio::main] async fn main() { // Initialize logging @@ -36,6 +37,7 @@ async fn main() { // Establish an encrypted connection with the Notary let (notary_socket, session_id) = connect_to_notary().await; + println!("Connected to the Notary"); // A Prover configuration using the session_id returned by the Notary let config = ProverConfig::builder() @@ -51,7 +53,7 @@ async fn main() { .unwrap(); // Bind the Prover to the sockets. - // The returned `tls_mpc_connection` is an MPC TLS connection to the Server: all data written + // The returned `mpc_tls_connection` is an MPC TLS connection to the Server: all data written // to/read from it will be encrypted/decrypted using MPC with the Notary. let (mpc_tls_connection, prover_fut, notary_fut) = bind_prover(config, client_socket.compat(), notary_socket.compat()) @@ -77,24 +79,22 @@ async fn main() { .header("Host", SERVER_DOMAIN) .header("Accept", "*/*") // Using "identity" instructs the Server not to use compression for its HTTP response. - // TLSNotary does not support compressed responses. + // TLSNotary tooling does not support compression. .header("Accept-Encoding", "identity") .header("Connection", "close") .header("User-Agent", USER_AGENT) .body(Body::empty()) .unwrap(); - debug!("Sending request"); + println!("Starting an MPC TLS connection with the server"); // Send the request to the Server and get a response via the MPC TLS connection let response = request_sender.send_request(request).await.unwrap(); - debug!("Sent request, got response {:?}", response); + println!("Got a response from the server"); assert!(response.status() == StatusCode::OK); - debug!("Response OK"); - // Close the connection to the server let mut client_socket = connection_task.await.unwrap().unwrap().io.into_inner(); client_socket.close().await.unwrap(); @@ -125,8 +125,6 @@ async fn main() { // Finalize, returning the notarized session let notarized_session = prover.finalize().await.unwrap(); - debug!("Notarization complete!"); - // Create a proof for all committed data in this session let session_proof = notarized_session.session_proof(); let ids = (0..notarized_session.data().commitments().len()).collect(); @@ -173,7 +171,7 @@ async fn connect_to_notary() -> (TlsStream, String) { // Establish a TCP connection to the notary let notary_socket = tokio::net::TcpStream::connect(SocketAddr::new( - IpAddr::V4(NOTARY_DOMAIN.parse().unwrap()), + IpAddr::V4(NOTARY_HOST.parse().unwrap()), NOTARY_PORT, )) .await @@ -201,9 +199,9 @@ async fn connect_to_notary() -> (TlsStream, String) { }) .unwrap(); let request = Request::builder() - .uri(format!("https://{NOTARY_DOMAIN}:{NOTARY_PORT}/session")) + .uri(format!("https://{NOTARY_HOST}:{NOTARY_PORT}/session")) .method("POST") - .header("Host", NOTARY_DOMAIN.clone()) + .header("Host", NOTARY_HOST.clone()) // Need to specify application/json for axum to parse it as json .header("Content-Type", "application/json") .body(Body::from(payload)) @@ -234,9 +232,9 @@ async fn connect_to_notary() -> (TlsStream, String) { // Request the notary to prepare for notarization via HTTP, where the underlying TCP connection // will be extracted later let request = Request::builder() - .uri(format!("https://{NOTARY_DOMAIN}:{NOTARY_PORT}/notarize")) + .uri(format!("https://{NOTARY_HOST}:{NOTARY_PORT}/notarize")) .method("GET") - .header("Host", NOTARY_DOMAIN) + .header("Host", NOTARY_HOST) .header("Connection", "Upgrade") // Need to specify this upgrade header for server to extract tcp connection later .header("Upgrade", "TCP") diff --git a/tlsn/examples/simple_verifier.rs b/tlsn/examples/simple_verifier.rs index 86a262081b..dd9a562fed 100644 --- a/tlsn/examples/simple_verifier.rs +++ b/tlsn/examples/simple_verifier.rs @@ -52,38 +52,22 @@ fn main() { ) .unwrap(); - // Verfify the proof + // Verify the proof let (sent_slices, recv_slices) = substrings_proof.verify(&header).unwrap(); - // Flatten transcript slices into a bytestring - - // Flatten tx slices - let mut transcript_tx: Vec = Vec::new(); - - // Previous slice's end bound - let mut prev_end = 0; + // Flatten transcript slices into a bytestring, filling the bytes which the Prover chose not + // to disclose with 'X' + let mut transcript_tx = vec![b'X'; header.sent_len() as usize]; for slice in sent_slices { - // Fill gaps between slices (if any) with "X"s - transcript_tx.extend(vec![b'X'; (slice.range().start - prev_end) as usize]); - transcript_tx.extend(slice.data()); - prev_end = slice.range().end; + transcript_tx[slice.range().start as usize..slice.range().end as usize] + .copy_from_slice(slice.data()) } - // It is possible that the last slice doesn't cover the end of the transcript - transcript_tx.extend(vec![b'X'; (header.sent_len() - prev_end) as usize]); - - // Flatten rx slices - let mut transcript_rx: Vec = Vec::new(); - // Previous slice's end bound - let mut prev_end = 0; + let mut transcript_rx = vec![b'X'; header.recv_len() as usize]; for slice in recv_slices { - // Fill gaps between slices (if any) with "X"s - transcript_rx.extend(vec![b'X'; (slice.range().start - prev_end) as usize]); - transcript_rx.extend(slice.data()); - prev_end = slice.range().end; + transcript_rx[slice.range().start as usize..slice.range().end as usize] + .copy_from_slice(slice.data()) } - // It is possible that the last slice doesn't cover the end of the transcript - transcript_rx.extend(vec![b'X'; (header.recv_len() - prev_end) as usize]); println!("-------------------------------------------------------------------"); println!(