Skip to content

Commit

Permalink
chore: add core transcript unit tests (#649)
Browse files Browse the repository at this point in the history 
* Add transcript proof and lib tests.

* Init encoding tree test.

* Add encoding proof tests.

* Generalise fixture tests.

* Add seed arg to attestation fixture fn.

* Adjust cosmetics.

* Format comment.

---------

Co-authored-by: yuroitaki <>
  • Loading branch information
@yuroitaki
yuroitaki authored Nov 4, 2024
1 parent faab999 commit c10c915
Show file tree
Hide file tree
Showing 7 changed files with 732 additions and 192 deletions.
161 changes: 85 additions & 76 deletions crates/core/src/attestation/builder.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,64 +245,18 @@ mod test {

use crate::{
connection::{HandshakeData, HandshakeDataV1_2},
fixtures::{encoder_seed, encoding_provider, ConnectionFixture},
fixtures::{
encoder_seed, encoding_provider, request_fixture, ConnectionFixture, RequestFixture,
},
hash::Blake3,
request::RequestConfig,
transcript::{encoding::EncodingTree, Transcript, TranscriptCommitConfigBuilder},
transcript::Transcript,
};

use super::*;

fn request_and_connection() -> (Request, ConnectionFixture) {
let provider = CryptoProvider::default();

let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
let (sent_len, recv_len) = transcript.len();
// Plaintext encodings which the Prover obtained from GC evaluation
let encodings_provider = encoding_provider(GET_WITH_HEADER, OK_JSON);

// At the end of the TLS connection the Prover holds the:
let ConnectionFixture {
server_name,
server_cert_data,
..
} = ConnectionFixture::tlsnotary(transcript.length());

// Prover specifies the ranges it wants to commit to.
let mut transcript_commitment_builder = TranscriptCommitConfigBuilder::new(&transcript);
transcript_commitment_builder
.commit_sent(&(0..sent_len))
.unwrap()
.commit_recv(&(0..recv_len))
.unwrap();

let transcripts_commitment_config = transcript_commitment_builder.build().unwrap();

// Prover constructs encoding tree.
let encoding_tree = EncodingTree::new(
&Blake3::default(),
transcripts_commitment_config.iter_encoding(),
&encodings_provider,
&transcript.length(),
)
.unwrap();

let request_config = RequestConfig::default();
let mut request_builder = Request::builder(&request_config);

request_builder
.server_name(server_name.clone())
.server_cert_data(server_cert_data)
.transcript(transcript.clone())
.encoding_tree(encoding_tree);
let (request, _) = request_builder.build(&provider).unwrap();

(request, ConnectionFixture::tlsnotary(transcript.length()))
}

#[fixture]
#[once]
fn default_attestation_config() -> AttestationConfig {
fn attestation_config() -> AttestationConfig {
AttestationConfig::builder()
.supported_signature_algs([SignatureAlgId::SECP256K1])
.build()
Expand All @@ -319,7 +273,16 @@ mod test {

#[rstest]
fn test_attestation_builder_accept_unsupported_signer() {
let (request, _) = request_and_connection();
let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
let connection = ConnectionFixture::tlsnotary(transcript.length());

let RequestFixture { request, .. } = request_fixture(
transcript,
encoding_provider(GET_WITH_HEADER, OK_JSON),
connection,
Blake3::default(),
);

let attestation_config = AttestationConfig::builder()
.supported_signature_algs([SignatureAlgId::SECP256R1])
.build()
Expand All @@ -334,7 +297,15 @@ mod test {

#[rstest]
fn test_attestation_builder_accept_unsupported_hasher() {
let (request, _) = request_and_connection();
let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
let connection = ConnectionFixture::tlsnotary(transcript.length());

let RequestFixture { request, .. } = request_fixture(
transcript,
encoding_provider(GET_WITH_HEADER, OK_JSON),
connection,
Blake3::default(),
);

let attestation_config = AttestationConfig::builder()
.supported_signature_algs([SignatureAlgId::SECP256K1])
Expand All @@ -351,7 +322,15 @@ mod test {

#[rstest]
fn test_attestation_builder_accept_unsupported_encoding_commitment() {
let (request, _) = request_and_connection();
let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
let connection = ConnectionFixture::tlsnotary(transcript.length());

let RequestFixture { request, .. } = request_fixture(
transcript,
encoding_provider(GET_WITH_HEADER, OK_JSON),
connection,
Blake3::default(),
);

let attestation_config = AttestationConfig::builder()
.supported_signature_algs([SignatureAlgId::SECP256K1])
Expand All @@ -371,13 +350,19 @@ mod test {
}

#[rstest]
fn test_attestation_builder_sign_missing_signer(
default_attestation_config: &AttestationConfig,
) {
let (request, _) = request_and_connection();
fn test_attestation_builder_sign_missing_signer(attestation_config: &AttestationConfig) {
let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
let connection = ConnectionFixture::tlsnotary(transcript.length());

let attestation_builder = Attestation::builder(default_attestation_config)
.accept_request(request.clone())
let RequestFixture { request, .. } = request_fixture(
transcript,
encoding_provider(GET_WITH_HEADER, OK_JSON),
connection,
Blake3::default(),
);

let attestation_builder = Attestation::builder(attestation_config)
.accept_request(request)
.unwrap();

let mut provider = CryptoProvider::default();
Expand All @@ -389,13 +374,21 @@ mod test {

#[rstest]
fn test_attestation_builder_sign_missing_encoding_seed(
default_attestation_config: &AttestationConfig,
attestation_config: &AttestationConfig,
crypto_provider: &CryptoProvider,
) {
let (request, connection) = request_and_connection();
let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
let connection = ConnectionFixture::tlsnotary(transcript.length());

let RequestFixture { request, .. } = request_fixture(
transcript,
encoding_provider(GET_WITH_HEADER, OK_JSON),
connection.clone(),
Blake3::default(),
);

let mut attestation_builder = Attestation::builder(default_attestation_config)
.accept_request(request.clone())
let mut attestation_builder = Attestation::builder(attestation_config)
.accept_request(request)
.unwrap();

let ConnectionFixture {
Expand All @@ -407,10 +400,10 @@ mod test {
let HandshakeData::V1_2(HandshakeDataV1_2 {
server_ephemeral_key,
..
}) = server_cert_data.handshake.clone();
}) = server_cert_data.handshake;

attestation_builder
.connection_info(connection_info.clone())
.connection_info(connection_info)
.server_ephemeral_key(server_ephemeral_key);

let err = attestation_builder.build(crypto_provider).err().unwrap();
Expand All @@ -419,21 +412,29 @@ mod test {

#[rstest]
fn test_attestation_builder_sign_missing_server_ephemeral_key(
default_attestation_config: &AttestationConfig,
attestation_config: &AttestationConfig,
crypto_provider: &CryptoProvider,
) {
let (request, connection) = request_and_connection();
let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
let connection = ConnectionFixture::tlsnotary(transcript.length());

let RequestFixture { request, .. } = request_fixture(
transcript,
encoding_provider(GET_WITH_HEADER, OK_JSON),
connection.clone(),
Blake3::default(),
);

let mut attestation_builder = Attestation::builder(default_attestation_config)
.accept_request(request.clone())
let mut attestation_builder = Attestation::builder(attestation_config)
.accept_request(request)
.unwrap();

let ConnectionFixture {
connection_info, ..
} = connection;

attestation_builder
.connection_info(connection_info.clone())
.connection_info(connection_info)
.encoding_seed(encoder_seed().to_vec());

let err = attestation_builder.build(crypto_provider).err().unwrap();
Expand All @@ -442,13 +443,21 @@ mod test {

#[rstest]
fn test_attestation_builder_sign_missing_connection_info(
default_attestation_config: &AttestationConfig,
attestation_config: &AttestationConfig,
crypto_provider: &CryptoProvider,
) {
let (request, connection) = request_and_connection();
let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
let connection = ConnectionFixture::tlsnotary(transcript.length());

let mut attestation_builder = Attestation::builder(default_attestation_config)
.accept_request(request.clone())
let RequestFixture { request, .. } = request_fixture(
transcript,
encoding_provider(GET_WITH_HEADER, OK_JSON),
connection.clone(),
Blake3::default(),
);

let mut attestation_builder = Attestation::builder(attestation_config)
.accept_request(request)
.unwrap();

let ConnectionFixture {
Expand All @@ -458,7 +467,7 @@ mod test {
let HandshakeData::V1_2(HandshakeDataV1_2 {
server_ephemeral_key,
..
}) = server_cert_data.handshake.clone();
}) = server_cert_data.handshake;

attestation_builder
.server_ephemeral_key(server_ephemeral_key)
Expand Down
109 changes: 108 additions & 1 deletion crates/core/src/fixtures.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,23 @@ use hex::FromHex;
use p256::ecdsa::SigningKey;

use crate::{
attestation::{Attestation, AttestationConfig},
connection::{
Certificate, ConnectionInfo, HandshakeData, HandshakeDataV1_2, KeyType, ServerCertData,
ServerEphemKey, ServerName, ServerSignature, SignatureScheme, TlsVersion, TranscriptLength,
},
transcript::{encoding::EncodingProvider, Transcript},
hash::HashAlgorithm,
request::{Request, RequestConfig},
signing::SignatureAlgId,
transcript::{
encoding::{EncodingProvider, EncodingTree},
Transcript, TranscriptCommitConfigBuilder,
},
CryptoProvider,
};

/// A fixture containing various TLS connection data.
#[derive(Clone)]
#[allow(missing_docs)]
pub struct ConnectionFixture {
pub server_name: ServerName,
Expand Down Expand Up @@ -134,3 +143,101 @@ pub fn encoder_seed() -> [u8; 32] {
pub fn notary_signing_key() -> SigningKey {
SigningKey::from_slice(&[1; 32]).unwrap()
}

/// A Request fixture used for testing.
#[allow(missing_docs)]
pub struct RequestFixture {
pub encoding_tree: EncodingTree,
pub request: Request,
}

/// Returns a request fixture for testing.
pub fn request_fixture(
transcript: Transcript,
encodings_provider: impl EncodingProvider,
connection: ConnectionFixture,
encoding_hasher: impl HashAlgorithm,
) -> RequestFixture {
let provider = CryptoProvider::default();
let (sent_len, recv_len) = transcript.len();

let ConnectionFixture {
server_name,
server_cert_data,
..
} = connection;

let mut transcript_commitment_builder = TranscriptCommitConfigBuilder::new(&transcript);
transcript_commitment_builder
.commit_sent(&(0..sent_len))
.unwrap()
.commit_recv(&(0..recv_len))
.unwrap();
let transcripts_commitment_config = transcript_commitment_builder.build().unwrap();

// Prover constructs encoding tree.
let encoding_tree = EncodingTree::new(
&encoding_hasher,
transcripts_commitment_config.iter_encoding(),
&encodings_provider,
&transcript.length(),
)
.unwrap();

let request_config = RequestConfig::default();
let mut request_builder = Request::builder(&request_config);
request_builder
.server_name(server_name)
.server_cert_data(server_cert_data)
.transcript(transcript)
.encoding_tree(encoding_tree.clone());

let (request, _) = request_builder.build(&provider).unwrap();

RequestFixture {
encoding_tree,
request,
}
}

/// Returns an attestation fixture for testing.
pub fn attestation_fixture(
request: Request,
connection: ConnectionFixture,
signature_alg: SignatureAlgId,
encoding_seed: Vec<u8>,
) -> Attestation {
let ConnectionFixture {
connection_info,
server_cert_data,
..
} = connection;

let HandshakeData::V1_2(HandshakeDataV1_2 {
server_ephemeral_key,
..
}) = server_cert_data.handshake;

let mut provider = CryptoProvider::default();
match signature_alg {
SignatureAlgId::SECP256K1 => provider.signer.set_secp256k1(&[42u8; 32]).unwrap(),
SignatureAlgId::SECP256R1 => provider.signer.set_secp256r1(&[42u8; 32]).unwrap(),
_ => unimplemented!(),
};

let attestation_config = AttestationConfig::builder()
.supported_signature_algs([signature_alg])
.build()
.unwrap();

let mut attestation_builder = Attestation::builder(&attestation_config)
.accept_request(request)
.unwrap();

attestation_builder
.connection_info(connection_info)
.server_ephemeral_key(server_ephemeral_key)
.encoding_seed(encoding_seed);

attestation_builder.build(&provider).unwrap()
}
Loading

0 comments on commit c10c915

Please sign in to comment.