From 8769a8289ea5084905dc87aefefb30d905f7af49 Mon Sep 17 00:00:00 2001 From: Matt <1240531+mattes@users.noreply.github.com> Date: Tue, 11 Feb 2025 13:16:24 -0800 Subject: [PATCH] feat: Dynamic Manifests (#435) --- .../workflows/staging-deploy/notary.service | 2 +- .../workflows/test_client_native_origo.yaml | 2 +- .../workflows/test_client_native_tlsn.yaml | 2 +- .github/workflows/test_client_wasm_origo.yaml | 2 +- Cargo.lock | 8 ++-- Dockerfile | 2 +- Makefile | 2 +- README.md | 6 +-- client/Cargo.toml | 2 +- client/src/errors.rs | 3 ++ client/src/lib.rs | 6 ++- client/src/origo.rs | 1 + client_ios/Cargo.toml | 2 +- client_wasm/Cargo.toml | 2 +- fixture/notary.origo_tcp_local.json | 41 ------------------- notary/Cargo.toml | 2 +- notary/src/config.rs | 12 ------ notary/src/main.rs | 14 ++----- notary/src/origo.rs | 2 +- proofs/README.md | 2 +- 20 files changed, 32 insertions(+), 83 deletions(-) delete mode 100644 fixture/notary.origo_tcp_local.json diff --git a/.github/workflows/staging-deploy/notary.service b/.github/workflows/staging-deploy/notary.service index 51fb44b1..52598332 100644 --- a/.github/workflows/staging-deploy/notary.service +++ b/.github/workflows/staging-deploy/notary.service @@ -7,7 +7,7 @@ User=notary Group=notary # TODO once web-prover-circuits paths is a config, change this WorkingDirectory=/opt/notary/bin -ExecStart=/opt/notary/bin/notary --config /opt/notary/etc/notary-config.toml --manifest /opt/notary/etc/fixture/notary.origo_tcp_local.json +ExecStart=/opt/notary/bin/notary --config /opt/notary/etc/notary-config.toml Restart=always Environment="RUST_LOG=info" diff --git a/.github/workflows/test_client_native_origo.yaml b/.github/workflows/test_client_native_origo.yaml index f6f6b1e1..1413674c 100644 --- a/.github/workflows/test_client_native_origo.yaml +++ b/.github/workflows/test_client_native_origo.yaml @@ -37,7 +37,7 @@ jobs: - run: | export RUST_LOG=DEBUG - ./target/release/notary --config ./fixture/notary-config.toml --manifest ./fixture/notary.origo_tcp_local.json & + ./target/release/notary --config ./fixture/notary-config.toml & sleep 10 ./target/release/client --config ./fixture/client.origo_tcp_local.json diff --git a/.github/workflows/test_client_native_tlsn.yaml b/.github/workflows/test_client_native_tlsn.yaml index fcd2d75d..417cfb74 100644 --- a/.github/workflows/test_client_native_tlsn.yaml +++ b/.github/workflows/test_client_native_tlsn.yaml @@ -37,7 +37,7 @@ jobs: - run: | export RUST_LOG=DEBUG - ./target/release/notary --config ./fixture/notary-config.toml --manifest ./fixture/notary.origo_tcp_local.json & + ./target/release/notary --config ./fixture/notary-config.toml & sleep 10 ./target/release/client --config ./fixture/client.tlsn_tcp_local.json diff --git a/.github/workflows/test_client_wasm_origo.yaml b/.github/workflows/test_client_wasm_origo.yaml index 81f833ae..6365ce24 100644 --- a/.github/workflows/test_client_wasm_origo.yaml +++ b/.github/workflows/test_client_wasm_origo.yaml @@ -55,7 +55,7 @@ jobs: - run: | export RUST_LOG=DEBUG - ./target/release/notary --config ./fixture/notary-config.toml --manifest ./fixture/notary.origo_tcp_local.json & + ./target/release/notary --config ./fixture/notary-config.toml & sleep 10 # symlink proofs/web_proof_circuits diff --git a/Cargo.lock b/Cargo.lock index 2b528745..264808bd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1427,7 +1427,7 @@ checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6" [[package]] name = "client" -version = "0.2.0" +version = "0.3.0" dependencies = [ "async-tungstenite 0.25.1", "base64 0.22.1", @@ -1530,7 +1530,7 @@ dependencies = [ [[package]] name = "client_ios" -version = "0.2.0" +version = "0.3.0" dependencies = [ "cargo_metadata", "client", @@ -1544,7 +1544,7 @@ dependencies = [ [[package]] name = "client_wasm" -version = "0.2.0" +version = "0.3.0" dependencies = [ "cargo_metadata", "client", @@ -3877,7 +3877,7 @@ dependencies = [ [[package]] name = "notary" -version = "0.2.0" +version = "0.3.0" dependencies = [ "alloy-primitives", "async-trait", diff --git a/Dockerfile b/Dockerfile index d929bd21..110f0057 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,4 +21,4 @@ COPY --from=rust-builder /app/proofs /app/proofs EXPOSE 7443 WORKDIR /app ENV RUST_LOG=info -CMD ["./notary", "--config", "./fixture/notary-config.toml", "--manifest", "./fixture/notary.origo_tcp_local.json"] +CMD ["./notary", "--config", "./fixture/notary-config.toml"] diff --git a/Makefile b/Makefile index 836dd804..b32f00d6 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,7 @@ check-llvm: exit 1; \ fi -wasm: check-llvm artifacts +wasm: artifacts @# NOTE: This build depends on RUSTFLAGS in the client_wasm/.cargo/config.toml -cargo install wasm-pack -cd client_wasm/demo/static && rm -f build && ln -s ../../../proofs/web_proof_circuits build && cd ../../.. diff --git a/README.md b/README.md index aa67a801..934c10b2 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ Documentation is evolving throughout the repository as the pipeline becomes more ``` make wasm make ios -cargo run --release -p notary -- --config ./fixture/notary-config.toml --manifest ./fixture/notary.origo_tcp_local.json +cargo run --release -p notary -- --config ./fixture/notary-config.toml cargo run --release -p client -- --config ./fixture/client.tlsn_tcp_local.json cargo run --release --bin mock_server ``` @@ -30,7 +30,7 @@ cargo run --release --bin mock_server ## WASM Demo ``` -cargo run --release -p notary -- --config ./fixture/notary-config.toml --manifest ./fixture/notary.origo_tcp_local.json +cargo run --release -p notary -- --config ./fixture/notary-config.toml make wasm make wasm-demo open https://localhost:8090 @@ -39,7 +39,7 @@ open https://localhost:8090 ## Native Client Demo ``` -cargo run --release -p notary -- --config ./fixture/notary-config.toml --manifest ./fixture/notary.origo_tcp_local.json +cargo run --release -p notary -- --config ./fixture/notary-config.toml # TLSNotary flow cargo run --release -p client -- --config ./fixture/client.tlsn_tcp_local.json diff --git a/client/Cargo.toml b/client/Cargo.toml index 3107ecae..1c2c4260 100644 --- a/client/Cargo.toml +++ b/client/Cargo.toml @@ -1,6 +1,6 @@ [package] name ="client" -version="0.2.0" +version="0.3.0" edition="2021" build ="build.rs" publish=false diff --git a/client/src/errors.rs b/client/src/errors.rs index 76abc4a5..31e19adf 100644 --- a/client/src/errors.rs +++ b/client/src/errors.rs @@ -98,6 +98,9 @@ pub enum ClientErrors { #[error(transparent)] Canceled(#[from] futures::channel::oneshot::Canceled), + + #[error("Manifest missing")] + ManifestMissingError, } #[cfg(target_arch = "wasm32")] diff --git a/client/src/lib.rs b/client/src/lib.rs index 6ee5a8e0..a9efebe5 100644 --- a/client/src/lib.rs +++ b/client/src/lib.rs @@ -91,9 +91,13 @@ pub async fn prover_inner_origo( let proof = origo::proxy_and_sign_and_generate_proof(config.clone(), proving_params).await?; + let manifest = + config.proving.manifest.clone().ok_or(errors::ClientErrors::ManifestMissingError)?; + debug!("sending proof to proxy for verification"); let verify_response = - origo::verify(config, origo::VerifyBody { session_id, origo_proof: proof.clone() }).await?; + origo::verify(config, origo::VerifyBody { session_id, origo_proof: proof.clone(), manifest }) + .await?; if !verify_response.valid { Err(ProofError::VerifyFailed().into()) diff --git a/client/src/origo.rs b/client/src/origo.rs index 54297dd3..f89cc247 100644 --- a/client/src/origo.rs +++ b/client/src/origo.rs @@ -29,6 +29,7 @@ pub struct SignBody { pub struct VerifyBody { pub session_id: String, pub origo_proof: OrigoProof, + pub manifest: Manifest, } #[derive(Serialize, Deserialize, Debug, Clone)] diff --git a/client_ios/Cargo.toml b/client_ios/Cargo.toml index b81aa607..700a33d4 100644 --- a/client_ios/Cargo.toml +++ b/client_ios/Cargo.toml @@ -1,6 +1,6 @@ [package] name ="client_ios" -version="0.2.0" +version="0.3.0" edition="2021" build ="build.rs" publish=false diff --git a/client_wasm/Cargo.toml b/client_wasm/Cargo.toml index 73cf39c2..5f3f1666 100644 --- a/client_wasm/Cargo.toml +++ b/client_wasm/Cargo.toml @@ -1,6 +1,6 @@ [package] name ="client_wasm" -version="0.2.0" +version="0.3.0" edition="2021" build ="build.rs" publish=false diff --git a/fixture/notary.origo_tcp_local.json b/fixture/notary.origo_tcp_local.json deleted file mode 100644 index eb63955f..00000000 --- a/fixture/notary.origo_tcp_local.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "manifestVersion": "1", - "id": "reddit-user-karma", - "title": "Total Reddit Karma", - "description": "Generate a proof that you have a certain amount of karma", - "prepareUrl": "https://www.reddit.com/login/", - "request": { - "method": "GET", - "version": "HTTP/1.1", - "url": "https://gist.githubusercontent.com/mattes/23e64faadb5fd4b5112f379903d2572e/raw/74e517a60c21a5c11d94fec8b572f68addfade39/example.json", - "headers": { - "accept-encoding": "identity" - }, - "body": { - "userId": "<% userId %>" - }, - "vars": { - "userId": { - "regex": "[a-z]{,20}+" - }, - "token": { - "type": "base64", - "length": 32 - } - } - }, - "response": { - "status": "200", - "version": "HTTP/1.1", - "message": "OK", - "headers": { - "Content-Type": "text/plain; charset=utf-8" - }, - "body": { - "json": [ - "hello" - ], - "contains": "this_string_exists_in_body" - } - } -} \ No newline at end of file diff --git a/notary/Cargo.toml b/notary/Cargo.toml index 5e83f78a..70bedc19 100644 --- a/notary/Cargo.toml +++ b/notary/Cargo.toml @@ -1,6 +1,6 @@ [package] name ="notary" -version="0.2.0" +version="0.3.0" edition="2021" build ="build.rs" diff --git a/notary/src/config.rs b/notary/src/config.rs index f67f158a..ced7a5ca 100644 --- a/notary/src/config.rs +++ b/notary/src/config.rs @@ -11,9 +11,6 @@ use crate::errors::NotaryServerError; struct Args { #[arg(short, long, default_value = "config.toml")] config: String, - - #[arg(short, long, default_value = "manifest.json")] - manifest: String, } #[derive(Debug, Default, Deserialize, PartialEq, Eq)] @@ -62,12 +59,3 @@ pub fn read_config() -> Config { let c: Config = builder.build().unwrap().try_deserialize().unwrap(); c } - -pub fn read_manifest() -> Result { - let args = Args::parse(); - - let manifest_json = std::fs::read_to_string(args.manifest)?; - let manifest: Manifest = serde_json::from_str(&manifest_json)?; - - Ok(manifest) -} diff --git a/notary/src/main.rs b/notary/src/main.rs index bcf47a6f..34fc01ac 100644 --- a/notary/src/main.rs +++ b/notary/src/main.rs @@ -17,7 +17,6 @@ use hyper::{body::Incoming, server::conn::http1}; use hyper_util::rt::TokioIo; use k256::ecdsa::SigningKey as Secp256k1SigningKey; use p256::{ecdsa::SigningKey, pkcs8::DecodePrivateKey}; -use proofs::program::manifest::Manifest; use rustls::{ pki_types::{CertificateDer, PrivateKeyDer}, ServerConfig, @@ -50,7 +49,6 @@ struct SharedState { origo_sessions: Arc>>>, verifier_sessions: Arc>>, verifier: verifier::Verifier, - manifest: Manifest, } /// Main entry point for the notary server application. @@ -96,22 +94,18 @@ async fn main() -> Result<(), NotaryServerError> { let _ = rustls::crypto::ring::default_provider().install_default(); let c = config::read_config(); - let manifest = config::read_manifest()?; let listener = TcpListener::bind(&c.listen).await?; info!("Listening on https://{}", &c.listen); let shared_state = Arc::new(SharedState { notary_signing_key: load_notary_signing_key(&c.notary_signing_key), - origo_signing_key: load_origo_signing_key(&c.origo_signing_key), + origo_signing_key: load_origo_signing_key(&c.origo_signing_key), tlsn_max_sent_data: c.tlsn_max_sent_data, tlsn_max_recv_data: c.tlsn_max_recv_data, - origo_sessions: Default::default(), - verifier_sessions: Default::default(), - verifier: verifier::initialize_verifier().unwrap(), - // TODO: This is obviously not sufficient, we need richer logic - // for informing the notary of a valid manifest. - manifest, + origo_sessions: Default::default(), + verifier_sessions: Default::default(), + verifier: verifier::initialize_verifier().unwrap(), }); let router = Router::new() diff --git a/notary/src/origo.rs b/notary/src/origo.rs index 2a18b84d..4469db76 100644 --- a/notary/src/origo.rs +++ b/notary/src/origo.rs @@ -227,7 +227,7 @@ pub async fn verify( let verifier = &state.verifier; let InitialNIVCInputs { initial_nivc_input, .. } = - state.manifest.initial_inputs::( + payload.manifest.initial_inputs::( &verifier_inputs.request_messages, &verifier_inputs.response_messages, )?; diff --git a/proofs/README.md b/proofs/README.md index 28cbe8aa..0538e586 100644 --- a/proofs/README.md +++ b/proofs/README.md @@ -40,7 +40,7 @@ To generate witness using wasm binary, just modify these keys in [setup](./setup - run notary: ``` -RUST_LOG=debug cargo run --release -p notary -- --config ./fixture/notary-config.toml --manifest ./fixture/notary.origo_tcp_local.json +RUST_LOG=debug cargo run --release -p notary -- --config ./fixture/notary-config.toml ``` - run `make wasm` or `make wasm-debug` (for better stacktraces in wasm (really necessary to debug))