tlsn_verifier/
notarize.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
//! This module handles the notarization phase of the verifier.
//!
//! The TLS verifier acts as a Notary, i.e. the verifier produces an
//! attestation but does not verify transcript data.

use super::{state::Notarize, Verifier, VerifierError};
use mpz_ot::CommittedOTSender;
use serio::{stream::IoStreamExt, SinkExt as _};

use tlsn_core::{
    attestation::{Attestation, AttestationConfig},
    request::Request,
};
use tracing::{debug, info, instrument};

impl Verifier<Notarize> {
    /// Notarizes the TLS session.
    ///
    /// # Arguments
    ///
    /// * `config` - The attestation configuration.
    #[instrument(parent = &self.span, level = "debug", skip_all, err)]
    pub async fn finalize(self, config: &AttestationConfig) -> Result<Attestation, VerifierError> {
        let Notarize {
            mut io,
            mux_ctrl,
            mut mux_fut,
            mut vm,
            mut ot_send,
            mut ctx,
            encoder_seed,
            server_ephemeral_key,
            connection_info,
        } = self.state;

        let attestation = mux_fut
            .poll_with(async {
                // Receive attestation request, which also contains commitments required before
                // finalization.
                let request: Request = io.expect_next().await?;

                // Finalize all MPC before attesting.
                ot_send.reveal(&mut ctx).await?;

                debug!("revealed OT secret");

                vm.finalize().await?;

                info!("Finalized all MPC");

                let mut builder = Attestation::builder(config)
                    .accept_request(request)
                    .map_err(VerifierError::attestation)?;

                builder
                    .connection_info(connection_info)
                    .server_ephemeral_key(server_ephemeral_key)
                    .encoding_seed(encoder_seed.to_vec());

                let attestation = builder
                    .build(self.config.crypto_provider())
                    .map_err(VerifierError::attestation)?;

                io.send(attestation.clone()).await?;

                info!("Sent attestation");

                Ok::<_, VerifierError>(attestation)
            })
            .await?;

        if !mux_fut.is_complete() {
            mux_ctrl.mux().close();
            mux_fut.await?;
        }

        Ok(attestation)
    }
}