chore: remove notarize methods for prover and verifier (#952)

* feat: remove notarize methods for prover and verifier

* clean up imports

* remove remaining notarize methods

* clean up imports

* remove wasm attestation bindings

---------

Co-authored-by: sinu <[email protected]>

Author: th4s

crates/tlsn/src/prover.rs

@@ -32,20 +32,16 @@ use crate::{
 use futures::{AsyncRead, AsyncWrite, TryFutureExt};
 use mpc_tls::{LeaderCtrl, MpcTlsLeader, SessionKeys};
 use rand::Rng;
-use serio::{SinkExt, stream::IoStreamExt};
+use serio::SinkExt;
 use std::sync::Arc;
 use tls_client::{ClientConnection, ServerName as TlsServerName};
 use tls_client_async::{TlsConnection, bind_client};
 use tls_core::msgs::enums::ContentType;
-use tlsn_attestation::{
-    Attestation, CryptoProvider, Secrets,
-    request::{Request, RequestConfig},
-};
 use tlsn_core::{
     ProvePayload,
     connection::ServerCertData,
     hash::{Blake3, HashAlgId, HashAlgorithm, Keccak256, Sha256},
-    transcript::{Direction, TlsTranscript, Transcript, TranscriptCommitment, TranscriptSecret},
+    transcript::{TlsTranscript, Transcript, TranscriptCommitment, TranscriptSecret},
 };
 use tlsn_deap::Deap;
 use tokio::sync::Mutex;
@@ -458,118 +454,6 @@ impl Prover<state::Committed> {
         Ok(output)
     }
 
-    /// Requests an attestation from the verifier.
-    ///
-    /// # Arguments
-    ///
-    /// * `config` - The attestation request configuration.
-    #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    #[deprecated(
-        note = "attestation functionality will be removed from this API in future releases."
-    )]
-    pub async fn notarize(
-        &mut self,
-        config: &RequestConfig,
-    ) -> Result<(Attestation, Secrets), ProverError> {
-        #[allow(deprecated)]
-        self.notarize_with_provider(config, &CryptoProvider::default())
-            .await
-    }
-
-    /// Requests an attestation from the verifier.
-    ///
-    /// # Arguments
-    ///
-    /// * `config` - The attestation request configuration.
-    /// * `provider` - Cryptography provider.
-    #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    #[deprecated(
-        note = "attestation functionality will be removed from this API in future releases."
-    )]
-    pub async fn notarize_with_provider(
-        &mut self,
-        config: &RequestConfig,
-        provider: &CryptoProvider,
-    ) -> Result<(Attestation, Secrets), ProverError> {
-        let mut builder = ProveConfig::builder(self.transcript());
-
-        if let Some(config) = config.transcript_commit() {
-            // Temporarily, we reject attestation requests which contain hash commitments to
-            // subsets of the transcript. We do this because we want to preserve the
-            // obliviousness of the reference notary, and hash commitments currently leak
-            // the ranges which are being committed.
-            for ((direction, idx), _) in config.iter_hash() {
-                let len = match direction {
-                    Direction::Sent => self.transcript().sent().len(),
-                    Direction::Received => self.transcript().received().len(),
-                };
-
-                if idx.start() > 0 || idx.end() < len || idx.count() != 1 {
-                    return Err(ProverError::attestation(
-                        "hash commitments to subsets of the transcript are currently not supported in attestation requests",
-                    ));
-                }
-            }
-
-            builder.transcript_commit(config.clone());
-        }
-
-        let disclosure_config = builder.build().map_err(ProverError::attestation)?;
-
-        let ProverOutput {
-            transcript_commitments,
-            transcript_secrets,
-            ..
-        } = self.prove(&disclosure_config).await?;
-
-        let state::Committed {
-            mux_fut,
-            ctx,
-            tls_transcript,
-            transcript,
-            ..
-        } = &mut self.state;
-
-        let mut builder = Request::builder(config);
-
-        builder
-            .server_name(self.config.server_name().clone())
-            .server_cert_data(ServerCertData {
-                certs: tls_transcript
-                    .server_cert_chain()
-                    .expect("server cert chain is present")
-                    .to_vec(),
-                sig: tls_transcript
-                    .server_signature()
-                    .expect("server signature is present")
-                    .clone(),
-                handshake: tls_transcript.handshake_data().clone(),
-            })
-            .transcript(transcript.clone())
-            .transcript_commitments(transcript_secrets, transcript_commitments);
-
-        let (request, secrets) = builder.build(provider).map_err(ProverError::attestation)?;
-
-        let attestation = mux_fut
-            .poll_with(async {
-                debug!("sending attestation request");
-
-                ctx.io_mut().send(request.clone()).await?;
-
-                let attestation: Attestation = ctx.io_mut().expect_next().await?;
-
-                Ok::<_, ProverError>(attestation)
-            })
-            .await?;
-
-        // Check the attestation is consistent with the Prover's view.
-        request
-            .validate(&attestation)
-            .map_err(ProverError::attestation)?;
-
-        Ok((attestation, secrets))
-    }
-
     /// Closes the connection with the verifier.
     #[instrument(parent = &self.span, level = "info", skip_all, err)]
     pub async fn close(self) -> Result<(), ProverError> {

crates/tlsn/src/prover/error.rs

@@ -49,13 +49,6 @@ impl ProverError {
     {
         Self::new(ErrorKind::Commit, source)
     }
-
-    pub(crate) fn attestation<E>(source: E) -> Self
-    where
-        E: Into<Box<dyn Error + Send + Sync + 'static>>,
-    {
-        Self::new(ErrorKind::Attestation, source)
-    }
 }
 
 #[derive(Debug)]
@@ -65,7 +58,6 @@ enum ErrorKind {
     Zk,
     Config,
     Commit,
-    Attestation,
 }
 
 impl fmt::Display for ProverError {
@@ -78,7 +70,6 @@ impl fmt::Display for ProverError {
             ErrorKind::Zk => f.write_str("zk error")?,
             ErrorKind::Config => f.write_str("config error")?,
             ErrorKind::Commit => f.write_str("commit error")?,
-            ErrorKind::Attestation => f.write_str("attestation error")?,
         }
 
         if let Some(source) = &self.source {

crates/tlsn/src/verifier.rs

@@ -30,12 +30,11 @@ use mpz_common::Context;
 use mpz_core::Block;
 use mpz_garble_core::Delta;
 use mpz_vm_core::prelude::*;
-use serio::{SinkExt, stream::IoStreamExt};
+use serio::stream::IoStreamExt;
 use tls_core::{msgs::enums::ContentType, verify::WebPkiVerifier};
-use tlsn_attestation::{Attestation, AttestationConfig, CryptoProvider, request::Request};
 use tlsn_core::{
     ProvePayload,
-    connection::{ConnectionInfo, ServerName, TranscriptLength},
+    connection::{ConnectionInfo, ServerName},
     transcript::{TlsTranscript, TranscriptCommitment},
 };
 use tlsn_deap::Deap;
@@ -152,59 +151,6 @@ impl Verifier<state::Initialized> {
         })
     }
 
-    /// Runs the verifier to completion and attests to the TLS session.
-    ///
-    /// This is a convenience method which runs all the steps needed for
-    /// notarization.
-    ///
-    /// # Arguments
-    ///
-    /// * `socket` - The socket to the prover.
-    /// * `config` - The attestation configuration.
-    #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    #[deprecated(
-        note = "attestation functionality will be removed from this API in future releases."
-    )]
-    pub async fn notarize<S: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
-        self,
-        socket: S,
-        config: &AttestationConfig,
-    ) -> Result<Attestation, VerifierError> {
-        #[allow(deprecated)]
-        self.notarize_with_provider(socket, config, &CryptoProvider::default())
-            .await
-    }
-
-    /// Runs the verifier to completion and attests to the TLS session.
-    ///
-    /// This is a convenience method which runs all the steps needed for
-    /// notarization.
-    ///
-    /// # Arguments
-    ///
-    /// * `socket` - The socket to the prover.
-    /// * `config` - The attestation configuration.
-    /// * `provider` - Cryptography provider.
-    #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    #[deprecated(
-        note = "attestation functionality will be removed from this API in future releases."
-    )]
-    pub async fn notarize_with_provider<S: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
-        self,
-        socket: S,
-        config: &AttestationConfig,
-        provider: &CryptoProvider,
-    ) -> Result<Attestation, VerifierError> {
-        let mut verifier = self.setup(socket).await?.run().await?;
-
-        #[allow(deprecated)]
-        let attestation = verifier.notarize_with_provider(config, provider).await?;
-
-        verifier.close().await?;
-
-        Ok(attestation)
-    }
-
     /// Runs the TLS verifier to completion, verifying the TLS session.
     ///
     /// This is a convenience method which runs all the steps needed for
@@ -472,123 +418,6 @@ impl Verifier<state::Committed> {
         })
     }
 
-    /// Attests to the TLS session.
-    ///
-    /// # Arguments
-    ///
-    /// * `config` - Attestation configuration.
-    #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    #[deprecated(
-        note = "attestation functionality will be removed from this API in future releases."
-    )]
-    pub async fn notarize(
-        &mut self,
-        config: &AttestationConfig,
-    ) -> Result<Attestation, VerifierError> {
-        #[allow(deprecated)]
-        self.notarize_with_provider(config, &CryptoProvider::default())
-            .await
-    }
-
-    /// Attests to the TLS session.
-    ///
-    /// # Arguments
-    ///
-    /// * `config` - Attestation configuration.
-    /// * `provider` - Cryptography provider.
-    #[instrument(parent = &self.span, level = "info", skip_all, err)]
-    #[deprecated(
-        note = "attestation functionality will be removed from this API in future releases."
-    )]
-    pub async fn notarize_with_provider(
-        &mut self,
-        config: &AttestationConfig,
-        provider: &CryptoProvider,
-    ) -> Result<Attestation, VerifierError> {
-        let VerifierOutput {
-            server_name,
-            transcript,
-            transcript_commitments,
-        } = self.verify(&VerifyConfig::default()).await?;
-
-        if server_name.is_some() {
-            return Err(VerifierError::attestation(
-                "server name can not be revealed to a verifier",
-            ));
-        } else if transcript.is_some() {
-            return Err(VerifierError::attestation(
-                "transcript data can not be revealed to a verifier",
-            ));
-        }
-
-        let state::Committed {
-            mux_fut,
-            ctx,
-            tls_transcript,
-            ..
-        } = &mut self.state;
-
-        let sent_len = tls_transcript
-            .sent()
-            .iter()
-            .filter_map(|record| {
-                if let ContentType::ApplicationData = record.typ {
-                    Some(record.ciphertext.len())
-                } else {
-                    None
-                }
-            })
-            .sum::<usize>();
-
-        let recv_len = tls_transcript
-            .recv()
-            .iter()
-            .filter_map(|record| {
-                if let ContentType::ApplicationData = record.typ {
-                    Some(record.ciphertext.len())
-                } else {
-                    None
-                }
-            })
-            .sum::<usize>();
-
-        let request: Request = mux_fut
-            .poll_with(ctx.io_mut().expect_next().map_err(VerifierError::from))
-            .await?;
-
-        let mut builder = Attestation::builder(config)
-            .accept_request(request)
-            .map_err(VerifierError::attestation)?;
-
-        builder
-            .connection_info(ConnectionInfo {
-                time: tls_transcript.time(),
-                version: (*tls_transcript.version()),
-                transcript_length: TranscriptLength {
-                    sent: sent_len as u32,
-                    received: recv_len as u32,
-                },
-            })
-            .server_ephemeral_key(tls_transcript.server_ephemeral_key().clone())
-            .transcript_commitments(transcript_commitments);
-
-        let attestation = builder
-            .build(provider)
-            .map_err(VerifierError::attestation)?;
-
-        mux_fut
-            .poll_with(
-                ctx.io_mut()
-                    .send(attestation.clone())
-                    .map_err(VerifierError::from),
-            )
-            .await?;
-
-        info!("Sent attestation");
-
-        Ok(attestation)
-    }
-
     /// Closes the connection with the prover.
     #[instrument(parent = &self.span, level = "info", skip_all, err)]
     pub async fn close(self) -> Result<(), VerifierError> {