verity_verify_tls/
session.rs

1use tlsn_core::proof::{SessionProof, TlsProof};
2
3use elliptic_curve::pkcs8::DecodePublicKey;
4
5/// This verifies the identity of the server using a default certificate verifier which trusts
6/// the root certificates from the `webpki-roots` crate.
7pub fn verify_session(proof: &String, pub_key: &String) -> Result<(), String> {
8    let session: SessionProof =
9        serde_json::from_str(proof.as_str()).or(Err("INVALID PROOF".to_owned()))?;
10
11    let pub_key = p256::PublicKey::from_public_key_pem(pub_key.as_str())
12        .or(Err("INVALID PUBLIC KEY".to_owned()))?;
13
14    session
15        .verify_with_default_cert_verifier(pub_key)
16        .or(Err("INVALID PROOF SESSION".to_owned()))
17}
18
19/// A simple verifier which reads a proof generated by `simple_prover.rs` from "proof.json", verifies
20/// it and prints the verified data to the console.
21pub fn verify_proof(proof: &String, pub_key: &String) -> Result<(String, String), String> {
22    // Deserialize the proof
23    let proof: TlsProof =
24        serde_json::from_str(proof.as_str()).or(Err("INVALID PROOF".to_owned()))?;
25
26    let TlsProof {
27        // The session proof establishes the identity of the server and the commitments
28        // to the TLS transcript.
29        session,
30        // The substrings proof proves select portions of the transcript, while redacting
31        // anything the Prover chose not to disclose.
32        substrings,
33    } = proof;
34
35    // Verify the session proof against the Notary's public key
36    let session_stringified = &serde_json::to_string(&session).unwrap();
37    verify_session(session_stringified, pub_key)?;
38
39    let SessionProof {
40        // The session header that was signed by the Notary is a succinct commitment to the TLS transcript.
41        header,
42        // This is the server name, checked against the certificate chain shared in the TLS handshake.
43        // server_name,
44        ..
45    } = session;
46
47    // Verify the substrings proof against the session header.
48    //
49    // This returns the redacted transcripts
50    let (mut sent, mut recv) = substrings
51        .verify(&header)
52        .or(Err("PROOF VERIFICATION FAILED".to_string()))?;
53
54    // Replace the bytes which the Prover chose not to disclose with 'X'
55    sent.set_redacted(b'X');
56    recv.set_redacted(b'X');
57
58    Ok((
59        String::from_utf8(recv.data().to_vec()).unwrap(),
60        String::from_utf8(sent.data().to_vec()).unwrap(),
61    ))
62}