feat: Dynamic Manifests (#435)

pluto · Feb 11, 2025 · 8769a82 · 8769a82
1 parent 1266e7e
commit 8769a82
Show file tree

Hide file tree

Showing 20 changed files with 32 additions and 83 deletions.
diff --git a/.github/workflows/staging-deploy/notary.service b/.github/workflows/staging-deploy/notary.service
@@ -7,7 +7,7 @@ User=notary
 Group=notary
 # TODO once web-prover-circuits paths is a config, change this
 WorkingDirectory=/opt/notary/bin
-ExecStart=/opt/notary/bin/notary --config /opt/notary/etc/notary-config.toml --manifest /opt/notary/etc/fixture/notary.origo_tcp_local.json
+ExecStart=/opt/notary/bin/notary --config /opt/notary/etc/notary-config.toml
 Restart=always
 Environment="RUST_LOG=info"
 

diff --git a/.github/workflows/test_client_native_origo.yaml b/.github/workflows/test_client_native_origo.yaml
@@ -37,7 +37,7 @@ jobs:
 
       - run: |
           export RUST_LOG=DEBUG
-          ./target/release/notary --config ./fixture/notary-config.toml  --manifest ./fixture/notary.origo_tcp_local.json &
+          ./target/release/notary --config ./fixture/notary-config.toml &
           sleep 10
 
           ./target/release/client --config ./fixture/client.origo_tcp_local.json
diff --git a/.github/workflows/test_client_native_tlsn.yaml b/.github/workflows/test_client_native_tlsn.yaml
@@ -37,7 +37,7 @@ jobs:
 
       - run: |
           export RUST_LOG=DEBUG 
-          ./target/release/notary --config ./fixture/notary-config.toml  --manifest ./fixture/notary.origo_tcp_local.json &
+          ./target/release/notary --config ./fixture/notary-config.toml &
           sleep 10
 
           ./target/release/client --config ./fixture/client.tlsn_tcp_local.json
diff --git a/.github/workflows/test_client_wasm_origo.yaml b/.github/workflows/test_client_wasm_origo.yaml
@@ -55,7 +55,7 @@ jobs:
 
       - run: |
           export RUST_LOG=DEBUG
-          ./target/release/notary --config ./fixture/notary-config.toml  --manifest ./fixture/notary.origo_tcp_local.json &
+          ./target/release/notary --config ./fixture/notary-config.toml &
           sleep 10
 
           # symlink proofs/web_proof_circuits

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Dockerfile b/Dockerfile
@@ -21,4 +21,4 @@ COPY --from=rust-builder /app/proofs /app/proofs
 EXPOSE 7443
 WORKDIR /app
 ENV RUST_LOG=info
-CMD ["./notary", "--config", "./fixture/notary-config.toml", "--manifest", "./fixture/notary.origo_tcp_local.json"]
+CMD ["./notary", "--config", "./fixture/notary-config.toml"]
diff --git a/Makefile b/Makefile
@@ -13,7 +13,7 @@ check-llvm:
 		exit 1; \
 	fi
 
-wasm: check-llvm artifacts
+wasm: artifacts
 	@# NOTE: This build depends on RUSTFLAGS in the client_wasm/.cargo/config.toml
 	-cargo install wasm-pack
 	-cd client_wasm/demo/static && rm -f build && ln -s ../../../proofs/web_proof_circuits build && cd ../../..

diff --git a/README.md b/README.md
@@ -22,15 +22,15 @@ Documentation is evolving throughout the repository as the pipeline becomes more
 ```
 make wasm
 make ios
-cargo run --release -p notary -- --config ./fixture/notary-config.toml --manifest ./fixture/notary.origo_tcp_local.json
+cargo run --release -p notary -- --config ./fixture/notary-config.toml
 cargo run --release -p client -- --config ./fixture/client.tlsn_tcp_local.json
 cargo run --release --bin mock_server
 ```
 
 ## WASM Demo
 
 ```
-cargo run --release -p notary -- --config ./fixture/notary-config.toml --manifest ./fixture/notary.origo_tcp_local.json
+cargo run --release -p notary -- --config ./fixture/notary-config.toml
 make wasm
 make wasm-demo
 open https://localhost:8090
@@ -39,7 +39,7 @@ open https://localhost:8090
 ## Native Client Demo
 
 ```
-cargo run --release -p notary -- --config ./fixture/notary-config.toml --manifest ./fixture/notary.origo_tcp_local.json
+cargo run --release -p notary -- --config ./fixture/notary-config.toml
 
 # TLSNotary flow
 cargo run --release -p client -- --config ./fixture/client.tlsn_tcp_local.json

diff --git a/client/Cargo.toml b/client/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name   ="client"
-version="0.2.0"
+version="0.3.0"
 edition="2021"
 build  ="build.rs"
 publish=false

diff --git a/client/src/errors.rs b/client/src/errors.rs
@@ -98,6 +98,9 @@ pub enum ClientErrors {
 
   #[error(transparent)]
   Canceled(#[from] futures::channel::oneshot::Canceled),
+
+  #[error("Manifest missing")]
+  ManifestMissingError,
 }
 
 #[cfg(target_arch = "wasm32")]

diff --git a/client/src/lib.rs b/client/src/lib.rs
@@ -91,9 +91,13 @@ pub async fn prover_inner_origo(
 
   let proof = origo::proxy_and_sign_and_generate_proof(config.clone(), proving_params).await?;
 
+  let manifest =
+    config.proving.manifest.clone().ok_or(errors::ClientErrors::ManifestMissingError)?;
+
   debug!("sending proof to proxy for verification");
   let verify_response =
-    origo::verify(config, origo::VerifyBody { session_id, origo_proof: proof.clone() }).await?;
+    origo::verify(config, origo::VerifyBody { session_id, origo_proof: proof.clone(), manifest })
+      .await?;
 
   if !verify_response.valid {
     Err(ProofError::VerifyFailed().into())

diff --git a/client/src/origo.rs b/client/src/origo.rs
@@ -29,6 +29,7 @@ pub struct SignBody {
 pub struct VerifyBody {
   pub session_id:  String,
   pub origo_proof: OrigoProof,
+  pub manifest:    Manifest,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone)]

diff --git a/client_ios/Cargo.toml b/client_ios/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name   ="client_ios"
-version="0.2.0"
+version="0.3.0"
 edition="2021"
 build  ="build.rs"
 publish=false

diff --git a/client_wasm/Cargo.toml b/client_wasm/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name   ="client_wasm"
-version="0.2.0"
+version="0.3.0"
 edition="2021"
 build  ="build.rs"
 publish=false

diff --git a/fixture/notary.origo_tcp_local.json b/fixture/notary.origo_tcp_local.json
diff --git a/notary/Cargo.toml b/notary/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name   ="notary"
-version="0.2.0"
+version="0.3.0"
 edition="2021"
 build  ="build.rs"
 

diff --git a/notary/src/config.rs b/notary/src/config.rs
@@ -11,9 +11,6 @@ use crate::errors::NotaryServerError;
 struct Args {
   #[arg(short, long, default_value = "config.toml")]
   config: String,
-
-  #[arg(short, long, default_value = "manifest.json")]
-  manifest: String,
 }
 
 #[derive(Debug, Default, Deserialize, PartialEq, Eq)]
@@ -62,12 +59,3 @@ pub fn read_config() -> Config {
   let c: Config = builder.build().unwrap().try_deserialize().unwrap();
   c
 }
-
-pub fn read_manifest() -> Result<Manifest, NotaryServerError> {
-  let args = Args::parse();
-
-  let manifest_json = std::fs::read_to_string(args.manifest)?;
-  let manifest: Manifest = serde_json::from_str(&manifest_json)?;
-
-  Ok(manifest)
-}
diff --git a/notary/src/main.rs b/notary/src/main.rs
@@ -17,7 +17,6 @@ use hyper::{body::Incoming, server::conn::http1};
 use hyper_util::rt::TokioIo;
 use k256::ecdsa::SigningKey as Secp256k1SigningKey;
 use p256::{ecdsa::SigningKey, pkcs8::DecodePrivateKey};
-use proofs::program::manifest::Manifest;
 use rustls::{
   pki_types::{CertificateDer, PrivateKeyDer},
   ServerConfig,
@@ -50,7 +49,6 @@ struct SharedState {
   origo_sessions:     Arc<Mutex<HashMap<String, tls_parser::Transcript<tls_parser::Raw>>>>,
   verifier_sessions:  Arc<Mutex<HashMap<String, origo::VerifierInputs>>>,
   verifier:           verifier::Verifier,
-  manifest:           Manifest,
 }
 
 /// Main entry point for the notary server application.
@@ -96,22 +94,18 @@ async fn main() -> Result<(), NotaryServerError> {
   let _ = rustls::crypto::ring::default_provider().install_default();
 
   let c = config::read_config();
-  let manifest = config::read_manifest()?;
 
   let listener = TcpListener::bind(&c.listen).await?;
   info!("Listening on https://{}", &c.listen);
 
   let shared_state = Arc::new(SharedState {
     notary_signing_key: load_notary_signing_key(&c.notary_signing_key),
-    origo_signing_key: load_origo_signing_key(&c.origo_signing_key),
+    origo_signing_key:  load_origo_signing_key(&c.origo_signing_key),
     tlsn_max_sent_data: c.tlsn_max_sent_data,
     tlsn_max_recv_data: c.tlsn_max_recv_data,
-    origo_sessions: Default::default(),
-    verifier_sessions: Default::default(),
-    verifier: verifier::initialize_verifier().unwrap(),
-    // TODO: This is obviously not sufficient, we need richer logic
-    // for informing the notary of a valid manifest.
-    manifest,
+    origo_sessions:     Default::default(),
+    verifier_sessions:  Default::default(),
+    verifier:           verifier::initialize_verifier().unwrap(),
   });
 
   let router = Router::new()

diff --git a/notary/src/origo.rs b/notary/src/origo.rs
@@ -227,7 +227,7 @@ pub async fn verify(
   let verifier = &state.verifier;
 
   let InitialNIVCInputs { initial_nivc_input, .. } =
-    state.manifest.initial_inputs::<MAX_STACK_HEIGHT, CIRCUIT_SIZE_512>(
+    payload.manifest.initial_inputs::<MAX_STACK_HEIGHT, CIRCUIT_SIZE_512>(
       &verifier_inputs.request_messages,
       &verifier_inputs.response_messages,
     )?;

diff --git a/proofs/README.md b/proofs/README.md
@@ -40,7 +40,7 @@ To generate witness using wasm binary, just modify these keys in [setup](./setup
 
 - run notary:
 ```
-RUST_LOG=debug cargo run --release -p notary -- --config ./fixture/notary-config.toml  --manifest ./fixture/notary.origo_tcp_local.json
+RUST_LOG=debug cargo run --release -p notary -- --config ./fixture/notary-config.toml
 ```
 
 - run `make wasm` or `make wasm-debug` (for better stacktraces in wasm (really necessary to debug))