feat(hmac-sha256): tls 1.3 key schedule

Cargo.toml

@@ -66,19 +66,19 @@ tlsn-harness-runner = { path = "crates/harness/runner" }
 tlsn-wasm = { path = "crates/wasm" }
 tlsn = { path = "crates/tlsn" }
 
-mpz-circuits = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-memory-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-common = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-vm-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-garble = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-garble-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-ole = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-ot = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-share-conversion = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-fields = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-zk = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
-mpz-hash = { git = "https://github.com/privacy-ethereum/mpz", rev = "3d90b6c" }
+mpz-circuits = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-memory-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-common = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-vm-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-garble = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-garble-core = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-ole = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-ot = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-share-conversion = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-fields = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-zk = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
+mpz-hash = { git = "https://github.com/privacy-ethereum/mpz", rev = "8a57d98" }
 
 rangeset = { version = "0.2" }
 serio = { version = "0.2" }

crates/components/hmac-sha256/Cargo.toml

@@ -20,21 +20,28 @@ mpz-core = { workspace = true }
 mpz-circuits = { workspace = true }
 mpz-hash = { workspace = true }
 
+rand = { workspace = true }
+sha2 = { workspace = true }
 thiserror = { workspace = true }
 tracing = { workspace = true }
-sha2 = { workspace = true }
 
 [dev-dependencies]
 mpz-ot = { workspace = true, features = ["ideal"] }
 mpz-garble = { workspace = true }
 mpz-common = { workspace = true, features = ["test-utils"] }
 
 criterion = { workspace = true, features = ["async_tokio"] }
-tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread"] }
-rand = { workspace = true }
 hex = { workspace = true }
+hmac = { workspace = true }
 ring = { workspace = true }
+rstest = { workspace = true }
+sha2 = { workspace = true }
+tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread"] }
 
 [[bench]]
-name = "prf"
+name = "tls12"
 harness = false
+
+[[bench]]
+name = "tls13"
+harness = false

crates/components/hmac-sha256/benches/prf.rs → crates/components/hmac-sha256/benches/tls12.rs

@@ -2,7 +2,7 @@
 
 use criterion::{criterion_group, criterion_main, Criterion};
 
-use hmac_sha256::{Mode, MpcPrf};
+use hmac_sha256::{Mode, Tls12Prf};
 use mpz_common::context::test_mt_context;
 use mpz_garble::protocol::semihonest::{Evaluator, Garbler};
 use mpz_ot::ideal::cot::ideal_cot;
@@ -15,20 +15,22 @@ use rand::{rngs::StdRng, SeedableRng};
 
 #[allow(clippy::unit_arg)]
 fn criterion_benchmark(c: &mut Criterion) {
-    let mut group = c.benchmark_group("prf");
+    let mut group = c.benchmark_group("tls12");
     group.sample_size(10);
     let rt = tokio::runtime::Runtime::new().unwrap();
 
-    group.bench_function("prf_normal", |b| b.to_async(&rt).iter(|| prf(Mode::Normal)));
-    group.bench_function("prf_reduced", |b| {
-        b.to_async(&rt).iter(|| prf(Mode::Reduced))
+    group.bench_function("tls12_normal", |b| {
+        b.to_async(&rt).iter(|| tls12(Mode::Normal))
+    });
+    group.bench_function("tls12_reduced", |b| {
+        b.to_async(&rt).iter(|| tls12(Mode::Reduced))
     });
 }
 
 criterion_group!(benches, criterion_benchmark);
 criterion_main!(benches);
 
-async fn prf(mode: Mode) {
+async fn tls12(mode: Mode) {
     let mut rng = StdRng::seed_from_u64(0);
 
     let pms = [42u8; 32];
@@ -55,8 +57,8 @@ async fn prf(mode: Mode) {
     follower_vm.assign(follower_pms, pms).unwrap();
     follower_vm.commit(follower_pms).unwrap();
 
-    let mut leader = MpcPrf::new(mode);
-    let mut follower = MpcPrf::new(mode);
+    let mut leader = Tls12Prf::new(mode);
+    let mut follower = Tls12Prf::new(mode);
 
     let leader_output = leader.alloc(&mut leader_vm, leader_pms).unwrap();
     let follower_output = follower.alloc(&mut follower_vm, follower_pms).unwrap();

crates/components/hmac-sha256/benches/tls13.rs

@@ -0,0 +1,139 @@
+#![allow(clippy::let_underscore_future)]
+
+use criterion::{criterion_group, criterion_main, Criterion};
+
+use hmac_sha256::{Mode, Role, Tls13KeySched};
+use mpz_common::context::test_mt_context;
+use mpz_garble::protocol::semihonest::{Evaluator, Garbler};
+use mpz_ot::ideal::cot::ideal_cot;
+use mpz_vm_core::{
+    memory::{
+        binary::{Binary, U8},
+        correlated::Delta,
+        Array,
+    },
+    prelude::*,
+    Execute, Vm,
+};
+use rand::{rngs::StdRng, SeedableRng};
+
+#[allow(clippy::unit_arg)]
+fn criterion_benchmark(c: &mut Criterion) {
+    let mut group = c.benchmark_group("tls13");
+    group.sample_size(10);
+    let rt = tokio::runtime::Runtime::new().unwrap();
+
+    group.bench_function("tls13_normal", |b| {
+        b.to_async(&rt).iter(|| tls13(Mode::Normal))
+    });
+    group.bench_function("tls13_reduced", |b| {
+        b.to_async(&rt).iter(|| tls13(Mode::Reduced))
+    });
+}
+
+criterion_group!(benches, criterion_benchmark);
+criterion_main!(benches);
+
+async fn tls13(mode: Mode) {
+    let mut rng = StdRng::seed_from_u64(0);
+
+    let pms = [42u8; 32];
+
+    let (mut leader_exec, mut follower_exec) = test_mt_context(8);
+    let mut leader_ctx = leader_exec.new_context().await.unwrap();
+    let mut follower_ctx = follower_exec.new_context().await.unwrap();
+
+    let delta = Delta::random(&mut rng);
+    let (ot_send, ot_recv) = ideal_cot(delta.into_inner());
+
+    let mut leader_vm = Garbler::new(ot_send, [0u8; 16], delta);
+    let mut follower_vm = Evaluator::new(ot_recv);
+
+    fn setup_ks(
+        vm: &mut (dyn Vm<Binary> + Send),
+        pms: [u8; 32],
+        mode: Mode,
+        role: Role,
+    ) -> Tls13KeySched {
+        let secret: Array<U8, 32> = vm.alloc().unwrap();
+        vm.mark_public(secret).unwrap();
+        vm.assign(secret, pms).unwrap();
+        vm.commit(secret).unwrap();
+
+        let mut ks = Tls13KeySched::new(mode, role);
+        ks.alloc(vm, secret).unwrap();
+        ks
+    }
+
+    let mut leader_ks = setup_ks(&mut leader_vm, pms, mode, Role::Leader);
+    let mut follower_ks = setup_ks(&mut follower_vm, pms, mode, Role::Follower);
+
+    while leader_ks.wants_flush() || follower_ks.wants_flush() {
+        tokio::try_join!(
+            async {
+                leader_ks.flush(&mut leader_vm).unwrap();
+                leader_vm.execute_all(&mut leader_ctx).await
+            },
+            async {
+                follower_ks.flush(&mut follower_vm).unwrap();
+                follower_vm.execute_all(&mut follower_ctx).await
+            }
+        )
+        .unwrap();
+    }
+
+    let hello_hash = [1u8; 32];
+
+    leader_ks.set_hello_hash(hello_hash).unwrap();
+    follower_ks.set_hello_hash(hello_hash).unwrap();
+
+    while leader_ks.wants_flush() || follower_ks.wants_flush() {
+        tokio::try_join!(
+            async {
+                leader_ks.flush(&mut leader_vm).unwrap();
+                leader_vm.execute_all(&mut leader_ctx).await
+            },
+            async {
+                follower_ks.flush(&mut follower_vm).unwrap();
+                follower_vm.execute_all(&mut follower_ctx).await
+            }
+        )
+        .unwrap();
+    }
+
+    leader_ks.continue_to_app_keys().unwrap();
+    follower_ks.continue_to_app_keys().unwrap();
+
+    while leader_ks.wants_flush() || follower_ks.wants_flush() {
+        tokio::try_join!(
+            async {
+                leader_ks.flush(&mut leader_vm).unwrap();
+                leader_vm.execute_all(&mut leader_ctx).await
+            },
+            async {
+                follower_ks.flush(&mut follower_vm).unwrap();
+                follower_vm.execute_all(&mut follower_ctx).await
+            }
+        )
+        .unwrap();
+    }
+
+    let handshake_hash = [2u8; 32];
+
+    leader_ks.set_handshake_hash(handshake_hash).unwrap();
+    follower_ks.set_handshake_hash(handshake_hash).unwrap();
+
+    while leader_ks.wants_flush() || follower_ks.wants_flush() {
+        tokio::try_join!(
+            async {
+                leader_ks.flush(&mut leader_vm).unwrap();
+                leader_vm.execute_all(&mut leader_ctx).await
+            },
+            async {
+                follower_ks.flush(&mut follower_vm).unwrap();
+                follower_vm.execute_all(&mut follower_ctx).await
+            }
+        )
+        .unwrap();
+    }
+}

crates/components/hmac-sha256/src/config.rs

@@ -1,10 +1,10 @@
-//! PRF modes.
+//! Modes of operation.
 
-/// Modes for the PRF.
-#[derive(Debug, Clone, Copy)]
+/// Modes for the TLS 1.2 PRF and the TLS 1.3 key schedule.
+#[derive(Debug, Clone, Copy, PartialEq)]
 pub enum Mode {
     /// Computes some hashes locally.
     Reduced,
-    /// Computes the whole PRF in MPC.
+    /// Computes the whole function in MPC.
     Normal,
 }

crates/components/hmac-sha256/src/error.rs

@@ -3,15 +3,15 @@ use std::error::Error;
 
 use mpz_hash::sha256::Sha256Error;
 
-/// A PRF error.
+/// An error type used by the functionalities of this crate.
 #[derive(Debug, thiserror::Error)]
-pub struct PrfError {
+pub struct FError {
     kind: ErrorKind,
     #[source]
     source: Option<Box<dyn Error + Send + Sync>>,
 }
 
-impl PrfError {
+impl FError {
     pub(crate) fn new<E>(kind: ErrorKind, source: E) -> Self
     where
         E: Into<Box<dyn Error + Send + Sync>>,
@@ -34,7 +34,7 @@ impl PrfError {
     }
 }
 
-impl From<Sha256Error> for PrfError {
+impl From<Sha256Error> for FError {
     fn from(value: Sha256Error) -> Self {
         Self::new(ErrorKind::Hash, value)
     }
@@ -47,7 +47,7 @@ pub(crate) enum ErrorKind {
     Hash,
 }
 
-impl fmt::Display for PrfError {
+impl fmt::Display for FError {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         match self.kind {
             ErrorKind::Vm => write!(f, "vm error")?,