1mod provider;
4
5pub use provider::FixtureEncodingProvider;
6
7use hex::FromHex;
8
9use crate::{
10 connection::{
11 CertBinding, CertBindingV1_2, ConnectionInfo, DnsName, HandshakeData, KeyType,
12 ServerEphemKey, ServerName, ServerSignature, SignatureScheme, TlsVersion, TranscriptLength,
13 },
14 transcript::{
15 encoding::{EncoderSecret, EncodingProvider},
16 Transcript,
17 },
18 webpki::CertificateDer,
19};
20
21#[derive(Clone)]
23#[allow(missing_docs)]
24pub struct ConnectionFixture {
25 pub server_name: ServerName,
26 pub connection_info: ConnectionInfo,
27 pub server_cert_data: HandshakeData,
28}
29
30impl ConnectionFixture {
31 pub fn tlsnotary(transcript_length: TranscriptLength) -> Self {
33 ConnectionFixture {
34 server_name: ServerName::Dns(DnsName::try_from("tlsnotary.org").unwrap()),
35 connection_info: ConnectionInfo {
36 time: 1671637529,
37 version: TlsVersion::V1_2,
38 transcript_length,
39 },
40 server_cert_data: HandshakeData {
41 certs: vec![
42 CertificateDer(include_bytes!("fixtures/data/tlsnotary.org/ee.der").to_vec()),
43 CertificateDer(
44 include_bytes!("fixtures/data/tlsnotary.org/inter.der").to_vec(),
45 ),
46 CertificateDer(include_bytes!("fixtures/data/tlsnotary.org/ca.der").to_vec()),
47 ],
48 sig: ServerSignature {
49 scheme: SignatureScheme::RSA_PKCS1_SHA256,
50 sig: Vec::<u8>::from_hex(include_bytes!(
51 "fixtures/data/tlsnotary.org/signature"
52 ))
53 .unwrap(),
54 },
55 binding: CertBinding::V1_2(CertBindingV1_2 {
56 client_random: <[u8; 32]>::from_hex(include_bytes!(
57 "fixtures/data/tlsnotary.org/client_random"
58 ))
59 .unwrap(),
60 server_random: <[u8; 32]>::from_hex(include_bytes!(
61 "fixtures/data/tlsnotary.org/server_random"
62 ))
63 .unwrap(),
64 server_ephemeral_key: ServerEphemKey {
65 typ: KeyType::SECP256R1,
66 key: Vec::<u8>::from_hex(include_bytes!(
67 "fixtures/data/tlsnotary.org/pubkey"
68 ))
69 .unwrap(),
70 },
71 }),
72 },
73 }
74 }
75
76 pub fn appliedzkp(transcript_length: TranscriptLength) -> Self {
78 ConnectionFixture {
79 server_name: ServerName::Dns(DnsName::try_from("appliedzkp.org").unwrap()),
80 connection_info: ConnectionInfo {
81 time: 1671637529,
82 version: TlsVersion::V1_2,
83 transcript_length,
84 },
85 server_cert_data: HandshakeData {
86 certs: vec![
87 CertificateDer(include_bytes!("fixtures/data/appliedzkp.org/ee.der").to_vec()),
88 CertificateDer(
89 include_bytes!("fixtures/data/appliedzkp.org/inter.der").to_vec(),
90 ),
91 CertificateDer(include_bytes!("fixtures/data/appliedzkp.org/ca.der").to_vec()),
92 ],
93 sig: ServerSignature {
94 scheme: SignatureScheme::ECDSA_NISTP256_SHA256,
95 sig: Vec::<u8>::from_hex(include_bytes!(
96 "fixtures/data/appliedzkp.org/signature"
97 ))
98 .unwrap(),
99 },
100 binding: CertBinding::V1_2(CertBindingV1_2 {
101 client_random: <[u8; 32]>::from_hex(include_bytes!(
102 "fixtures/data/appliedzkp.org/client_random"
103 ))
104 .unwrap(),
105 server_random: <[u8; 32]>::from_hex(include_bytes!(
106 "fixtures/data/appliedzkp.org/server_random"
107 ))
108 .unwrap(),
109 server_ephemeral_key: ServerEphemKey {
110 typ: KeyType::SECP256R1,
111 key: Vec::<u8>::from_hex(include_bytes!(
112 "fixtures/data/appliedzkp.org/pubkey"
113 ))
114 .unwrap(),
115 },
116 }),
117 },
118 }
119 }
120
121 pub fn server_ephemeral_key(&self) -> &ServerEphemKey {
123 let CertBinding::V1_2(CertBindingV1_2 {
124 server_ephemeral_key,
125 ..
126 }) = &self.server_cert_data.binding;
127 server_ephemeral_key
128 }
129}
130
131pub fn encoding_provider(tx: &[u8], rx: &[u8]) -> impl EncodingProvider {
133 let secret = encoder_secret();
134 FixtureEncodingProvider::new(&secret, Transcript::new(tx, rx))
135}
136
137const SEED: [u8; 32] = [0; 32];
139
140const DELTA: [u8; 16] = [1; 16];
142
143pub fn encoder_secret() -> EncoderSecret {
145 EncoderSecret::new(SEED, DELTA)
146}
147
148pub fn encoder_secret_tampered_seed() -> EncoderSecret {
150 let mut seed = SEED;
151 seed[0] += 1;
152 EncoderSecret::new(seed, DELTA)
153}