verity_verify_tls/
session.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
use tlsn_core::proof::{SessionProof, TlsProof};

use elliptic_curve::pkcs8::DecodePublicKey;

/// This verifies the identity of the server using a default certificate verifier which trusts
/// the root certificates from the `webpki-roots` crate.
pub fn verify_session(proof: &String, pub_key: &String) -> Result<(), String> {
    let session: SessionProof =
        serde_json::from_str(proof.as_str()).or(Err("INVALID PROOF".to_owned()))?;

    let pub_key = p256::PublicKey::from_public_key_pem(pub_key.as_str())
        .or(Err("INVALID PUBLIC KEY".to_owned()))?;

    session
        .verify_with_default_cert_verifier(pub_key)
        .or(Err("INVALID PUBLIC KEY".to_owned()))
}

/// A simple verifier which reads a proof generated by `simple_prover.rs` from "proof.json", verifies
/// it and prints the verified data to the console.
pub fn verify_proof(proof: &String, pub_key: &String) -> Result<(String, String), String> {
    // Deserialize the proof
    let proof: TlsProof =
        serde_json::from_str(proof.as_str()).or(Err("INVALID PROOF".to_owned()))?;

    let TlsProof {
        // The session proof establishes the identity of the server and the commitments
        // to the TLS transcript.
        session,
        // The substrings proof proves select portions of the transcript, while redacting
        // anything the Prover chose not to disclose.
        substrings,
    } = proof;

    // Verify the session proof against the Notary's public key
    let session_stringified = &serde_json::to_string(&session).unwrap();
    verify_session(session_stringified, pub_key)?;

    let SessionProof {
        // The session header that was signed by the Notary is a succinct commitment to the TLS transcript.
        header,
        // This is the server name, checked against the certificate chain shared in the TLS handshake.
        // server_name,
        ..
    } = session;

    // Verify the substrings proof against the session header.
    //
    // This returns the redacted transcripts
    let (mut sent, mut recv) = substrings
        .verify(&header)
        .or(Err("PROOF VERIFICATION FAILED".to_string()))?;

    // Replace the bytes which the Prover chose not to disclose with 'X'
    sent.set_redacted(b'X');
    recv.set_redacted(b'X');

    Ok((
        String::from_utf8(recv.data().to_vec()).unwrap(),
        String::from_utf8(sent.data().to_vec()).unwrap(),
    ))
}