tlsn/lib.rs
1//! TLSNotary protocol implementation.
2//!
3//! This crate provides the core protocol for generating and verifying proofs
4//! of TLS sessions. A prover can demonstrate to a verifier that specific data
5//! was exchanged with a TLS server, without revealing the full transcript.
6//!
7//! # Overview
8//!
9//! The protocol involves two parties:
10//!
11//! - **Prover** ([`Prover`](prover::Prover)): connects to a TLS server and
12//! generates proofs about the session.
13//! - **Verifier** ([`Verifier`](verifier::Verifier)): collaborates with the
14//! prover during the TLS session and verifies the resulting proofs.
15//!
16//! Both parties communicate through an established [`Session`].
17//!
18//! # Workflow
19//!
20//! The protocol has two main phases:
21//!
22//! **Commitment**: The prover and verifier collaborate to construct a TLS
23//! transcript commitment from the prover's communication with a TLS server.
24//! This authenticates the transcript for the verifier, without the verifier
25//! learning the contents.
26//!
27//! **Selective Disclosure**: The prover selectively reveals portions of the
28//! committed transcript to the verifier, proving statements about the data
29//! exchanged with the server.
30//!
31//! ## Steps
32//!
33//! 1. Establish a communication channel between prover and verifier.
34//! 2. Create a [`Session`] on each side from the channel.
35//! 3. Create a [`Prover`](prover::Prover) or [`Verifier`](verifier::Verifier).
36//! 4. Run the commitment phase: the prover connects to the TLS server and
37//! exchanges data to obtain a commitment to the TLS transcript.
38//! 5. (Optional) Perform selective disclosure: the prover provably reveals
39//! selected data to the verifier.
40
41#![deny(missing_docs, unreachable_pub, unused_must_use)]
42#![deny(clippy::all)]
43#![forbid(unsafe_code)]
44
45mod error;
46pub(crate) mod ghash;
47pub(crate) mod map;
48pub(crate) mod mpz;
49pub(crate) mod msg;
50pub mod prover;
51mod session;
52pub(crate) mod tag;
53pub(crate) mod transcript_internal;
54pub mod verifier;
55
56pub use error::Error;
57pub use rangeset;
58pub use session::{Session, SessionDriver, SessionHandle};
59pub use tlsn_attestation as attestation;
60pub use tlsn_core::{config, connection, hash, transcript, webpki};
61
62/// Result type.
63pub type Result<T, E = Error> = core::result::Result<T, E>;
64
65use std::sync::LazyLock;
66
67use semver::Version;
68
69// Package version.
70pub(crate) static VERSION: LazyLock<Version> = LazyLock::new(|| {
71 Version::parse(env!("CARGO_PKG_VERSION")).expect("cargo pkg version should be a valid semver")
72});
73
74/// The party's role in the TLSN protocol.
75///
76/// A Notary is classified as a Verifier.
77#[derive(Debug, Clone, Copy, PartialEq, Eq)]
78pub(crate) enum Role {
79 /// The prover.
80 Prover,
81 /// The verifier.
82 Verifier,
83}