1mod provider;
4pub mod transcript;
5
6pub use provider::FixtureEncodingProvider;
7
8use hex::FromHex;
9
10use crate::{
11 connection::{
12 CertBinding, CertBindingV1_2, ConnectionInfo, DnsName, HandshakeData, KeyType,
13 ServerEphemKey, ServerName, ServerSignature, SignatureAlgorithm, TlsVersion,
14 TranscriptLength,
15 },
16 transcript::{
17 encoding::{EncoderSecret, EncodingProvider},
18 Transcript,
19 },
20 webpki::CertificateDer,
21};
22
23#[derive(Clone)]
25#[allow(missing_docs)]
26pub struct ConnectionFixture {
27 pub server_name: ServerName,
28 pub connection_info: ConnectionInfo,
29 pub server_cert_data: HandshakeData,
30}
31
32impl ConnectionFixture {
33 pub fn tlsnotary(transcript_length: TranscriptLength) -> Self {
35 ConnectionFixture {
36 server_name: ServerName::Dns(DnsName::try_from("tlsnotary.org").unwrap()),
37 connection_info: ConnectionInfo {
38 time: 1671637529,
39 version: TlsVersion::V1_2,
40 transcript_length,
41 },
42 server_cert_data: HandshakeData {
43 certs: vec![
44 CertificateDer(include_bytes!("fixtures/data/tlsnotary.org/ee.der").to_vec()),
45 CertificateDer(
46 include_bytes!("fixtures/data/tlsnotary.org/inter.der").to_vec(),
47 ),
48 CertificateDer(include_bytes!("fixtures/data/tlsnotary.org/ca.der").to_vec()),
49 ],
50 sig: ServerSignature {
51 alg: SignatureAlgorithm::RSA_PKCS1_2048_8192_SHA256,
52 sig: Vec::<u8>::from_hex(include_bytes!(
53 "fixtures/data/tlsnotary.org/signature"
54 ))
55 .unwrap(),
56 },
57 binding: CertBinding::V1_2(CertBindingV1_2 {
58 client_random: <[u8; 32]>::from_hex(include_bytes!(
59 "fixtures/data/tlsnotary.org/client_random"
60 ))
61 .unwrap(),
62 server_random: <[u8; 32]>::from_hex(include_bytes!(
63 "fixtures/data/tlsnotary.org/server_random"
64 ))
65 .unwrap(),
66 server_ephemeral_key: ServerEphemKey {
67 typ: KeyType::SECP256R1,
68 key: Vec::<u8>::from_hex(include_bytes!(
69 "fixtures/data/tlsnotary.org/pubkey"
70 ))
71 .unwrap(),
72 },
73 }),
74 },
75 }
76 }
77
78 pub fn appliedzkp(transcript_length: TranscriptLength) -> Self {
80 ConnectionFixture {
81 server_name: ServerName::Dns(DnsName::try_from("appliedzkp.org").unwrap()),
82 connection_info: ConnectionInfo {
83 time: 1671637529,
84 version: TlsVersion::V1_2,
85 transcript_length,
86 },
87 server_cert_data: HandshakeData {
88 certs: vec![
89 CertificateDer(include_bytes!("fixtures/data/appliedzkp.org/ee.der").to_vec()),
90 CertificateDer(
91 include_bytes!("fixtures/data/appliedzkp.org/inter.der").to_vec(),
92 ),
93 CertificateDer(include_bytes!("fixtures/data/appliedzkp.org/ca.der").to_vec()),
94 ],
95 sig: ServerSignature {
96 alg: SignatureAlgorithm::ECDSA_NISTP256_SHA256,
97 sig: Vec::<u8>::from_hex(include_bytes!(
98 "fixtures/data/appliedzkp.org/signature"
99 ))
100 .unwrap(),
101 },
102 binding: CertBinding::V1_2(CertBindingV1_2 {
103 client_random: <[u8; 32]>::from_hex(include_bytes!(
104 "fixtures/data/appliedzkp.org/client_random"
105 ))
106 .unwrap(),
107 server_random: <[u8; 32]>::from_hex(include_bytes!(
108 "fixtures/data/appliedzkp.org/server_random"
109 ))
110 .unwrap(),
111 server_ephemeral_key: ServerEphemKey {
112 typ: KeyType::SECP256R1,
113 key: Vec::<u8>::from_hex(include_bytes!(
114 "fixtures/data/appliedzkp.org/pubkey"
115 ))
116 .unwrap(),
117 },
118 }),
119 },
120 }
121 }
122
123 pub fn server_ephemeral_key(&self) -> &ServerEphemKey {
125 let CertBinding::V1_2(CertBindingV1_2 {
126 server_ephemeral_key,
127 ..
128 }) = &self.server_cert_data.binding;
129 server_ephemeral_key
130 }
131}
132
133pub fn encoding_provider(tx: &[u8], rx: &[u8]) -> impl EncodingProvider {
135 let secret = encoder_secret();
136 FixtureEncodingProvider::new(&secret, Transcript::new(tx, rx))
137}
138
139const SEED: [u8; 32] = [0; 32];
141
142const DELTA: [u8; 16] = [1; 16];
144
145pub fn encoder_secret() -> EncoderSecret {
147 EncoderSecret::new(SEED, DELTA)
148}
149
150pub fn encoder_secret_tampered_seed() -> EncoderSecret {
152 let mut seed = SEED;
153 seed[0] += 1;
154 EncoderSecret::new(seed, DELTA)
155}