1mod provider;
4pub mod transcript;
5
6pub use provider::FixtureEncodingProvider;
7
8use hex::FromHex;
9
10use crate::{
11 connection::{
12 CertBinding, CertBindingV1_2, ConnectionInfo, DnsName, HandshakeData, KeyType,
13 ServerEphemKey, ServerName, ServerSignature, SignatureScheme, TlsVersion, TranscriptLength,
14 },
15 transcript::{
16 encoding::{EncoderSecret, EncodingProvider},
17 Transcript,
18 },
19 webpki::CertificateDer,
20};
21
22#[derive(Clone)]
24#[allow(missing_docs)]
25pub struct ConnectionFixture {
26 pub server_name: ServerName,
27 pub connection_info: ConnectionInfo,
28 pub server_cert_data: HandshakeData,
29}
30
31impl ConnectionFixture {
32 pub fn tlsnotary(transcript_length: TranscriptLength) -> Self {
34 ConnectionFixture {
35 server_name: ServerName::Dns(DnsName::try_from("tlsnotary.org").unwrap()),
36 connection_info: ConnectionInfo {
37 time: 1671637529,
38 version: TlsVersion::V1_2,
39 transcript_length,
40 },
41 server_cert_data: HandshakeData {
42 certs: vec![
43 CertificateDer(include_bytes!("fixtures/data/tlsnotary.org/ee.der").to_vec()),
44 CertificateDer(
45 include_bytes!("fixtures/data/tlsnotary.org/inter.der").to_vec(),
46 ),
47 CertificateDer(include_bytes!("fixtures/data/tlsnotary.org/ca.der").to_vec()),
48 ],
49 sig: ServerSignature {
50 scheme: SignatureScheme::RSA_PKCS1_SHA256,
51 sig: Vec::<u8>::from_hex(include_bytes!(
52 "fixtures/data/tlsnotary.org/signature"
53 ))
54 .unwrap(),
55 },
56 binding: CertBinding::V1_2(CertBindingV1_2 {
57 client_random: <[u8; 32]>::from_hex(include_bytes!(
58 "fixtures/data/tlsnotary.org/client_random"
59 ))
60 .unwrap(),
61 server_random: <[u8; 32]>::from_hex(include_bytes!(
62 "fixtures/data/tlsnotary.org/server_random"
63 ))
64 .unwrap(),
65 server_ephemeral_key: ServerEphemKey {
66 typ: KeyType::SECP256R1,
67 key: Vec::<u8>::from_hex(include_bytes!(
68 "fixtures/data/tlsnotary.org/pubkey"
69 ))
70 .unwrap(),
71 },
72 }),
73 },
74 }
75 }
76
77 pub fn appliedzkp(transcript_length: TranscriptLength) -> Self {
79 ConnectionFixture {
80 server_name: ServerName::Dns(DnsName::try_from("appliedzkp.org").unwrap()),
81 connection_info: ConnectionInfo {
82 time: 1671637529,
83 version: TlsVersion::V1_2,
84 transcript_length,
85 },
86 server_cert_data: HandshakeData {
87 certs: vec![
88 CertificateDer(include_bytes!("fixtures/data/appliedzkp.org/ee.der").to_vec()),
89 CertificateDer(
90 include_bytes!("fixtures/data/appliedzkp.org/inter.der").to_vec(),
91 ),
92 CertificateDer(include_bytes!("fixtures/data/appliedzkp.org/ca.der").to_vec()),
93 ],
94 sig: ServerSignature {
95 scheme: SignatureScheme::ECDSA_NISTP256_SHA256,
96 sig: Vec::<u8>::from_hex(include_bytes!(
97 "fixtures/data/appliedzkp.org/signature"
98 ))
99 .unwrap(),
100 },
101 binding: CertBinding::V1_2(CertBindingV1_2 {
102 client_random: <[u8; 32]>::from_hex(include_bytes!(
103 "fixtures/data/appliedzkp.org/client_random"
104 ))
105 .unwrap(),
106 server_random: <[u8; 32]>::from_hex(include_bytes!(
107 "fixtures/data/appliedzkp.org/server_random"
108 ))
109 .unwrap(),
110 server_ephemeral_key: ServerEphemKey {
111 typ: KeyType::SECP256R1,
112 key: Vec::<u8>::from_hex(include_bytes!(
113 "fixtures/data/appliedzkp.org/pubkey"
114 ))
115 .unwrap(),
116 },
117 }),
118 },
119 }
120 }
121
122 pub fn server_ephemeral_key(&self) -> &ServerEphemKey {
124 let CertBinding::V1_2(CertBindingV1_2 {
125 server_ephemeral_key,
126 ..
127 }) = &self.server_cert_data.binding;
128 server_ephemeral_key
129 }
130}
131
132pub fn encoding_provider(tx: &[u8], rx: &[u8]) -> impl EncodingProvider {
134 let secret = encoder_secret();
135 FixtureEncodingProvider::new(&secret, Transcript::new(tx, rx))
136}
137
138const SEED: [u8; 32] = [0; 32];
140
141const DELTA: [u8; 16] = [1; 16];
143
144pub fn encoder_secret() -> EncoderSecret {
146 EncoderSecret::new(SEED, DELTA)
147}
148
149pub fn encoder_secret_tampered_seed() -> EncoderSecret {
151 let mut seed = SEED;
152 seed[0] += 1;
153 EncoderSecret::new(seed, DELTA)
154}