@joclaim/attestor-core 0.2.0 → 0.2.3

package/src/server/utils/assert-valid-claim-request.ts

@@ -1,375 +0,0 @@
-import {
-	areUint8ArraysEqual,
-	concatenateUint8Arrays
-} from '@joclaim/tls'
-import type { ZKEngine } from '@joclaim/zk-symmetric-crypto'
-
-import type {
-	InitRequest,
-	MessageReveal_MessageRevealDirect as MessageRevealDirect,
-	MessageReveal_MessageRevealZk as MessageRevealZk,
-	ProviderClaimInfo } from '#src/proto/api.ts'
-import {
-	ClaimTunnelRequest,
-	TranscriptMessageSenderType,
-	ZKProofEngine
-} from '#src/proto/api.ts'
-import { providers } from '#src/providers/index.ts'
-import { niceParseJsonObject } from '#src/server/utils/generics.ts'
-import { processHandshake } from '#src/server/utils/process-handshake.ts'
-import { assertValidateProviderParams } from '#src/server/utils/validation.ts'
-import type {
-	IDecryptedTranscript, IDecryptedTranscriptMessage,
-	Logger,
-	ProviderCtx,
-	ProviderName,
-	TCPSocketProperties,
-	Transcript,
-} from '#src/types/index.ts'
-import {
-	AttestorError,
-	canonicalStringify, decryptDirect,
-	extractApplicationDataFromTranscript,
-	hashProviderParams,	SIGNATURES,
-	verifyZkPacket } from '#src/utils/index.ts'
-
-/**
- * Asserts that the claim request is valid.
- *
- * 1. We begin by verifying the signature of the claim request.
- * 2. Next, we produce the transcript of the TLS exchange
- * from the proofs provided by the client.
- * 3. We then pull the provider the client is trying to claim
- * from
- * 4. We then use the provider's verification function to verify
- *  whether the claim is valid.
- *
- * If any of these steps fail, we throw an error.
- */
-export async function assertValidClaimRequest(
-	request: ClaimTunnelRequest,
-	metadata: InitRequest,
-	logger: Logger,
-) {
-	const {
-		data,
-		signatures: { requestSignature } = {},
-		zkEngine,
-		fixedServerIV,
-		fixedClientIV
-	} = request
-	if(!data) {
-		throw new AttestorError(
-			'ERROR_INVALID_CLAIM',
-			'No info provided on claim request'
-		)
-	}
-
-	if(!requestSignature?.length) {
-		throw new AttestorError(
-			'ERROR_INVALID_CLAIM',
-			'No signature provided on claim request'
-		)
-	}
-
-	// verify request signature
-	const serialisedReq = ClaimTunnelRequest
-		.encode({ ...request, signatures: undefined })
-		.finish()
-	const { verify: verifySig } = SIGNATURES[metadata.signatureType]
-	const verified = await verifySig(serialisedReq, requestSignature, data.owner)
-	if(!verified) {
-		throw new AttestorError(
-			'ERROR_INVALID_CLAIM',
-			'Invalid signature on claim request'
-		)
-	}
-
-	const receipt = await decryptTranscript(
-		request.transcript,
-		logger,
-		zkEngine === ZKProofEngine.ZK_ENGINE_GNARK ? 'gnark' : 'snarkjs',
-		fixedServerIV,
-		fixedClientIV
-	)
-	const reqHost = request.request?.host
-	if(receipt.hostname !== reqHost) {
-		throw new Error(
-			`Expected server name ${reqHost}, got ${receipt.hostname}`
-		)
-	}
-
-	// get all application data messages
-	const applData = extractApplicationDataFromTranscript(receipt)
-
-	const newData = await assertValidProviderTranscript(
-		applData, data, logger, { version: metadata.clientVersion }
-	)
-	if(newData !== data) {
-		logger.info({ newData }, 'updated claim info')
-	}
-
-	return newData
-}
-
-/**
- * Verify that the transcript contains a valid claim
- * for the provider.
- */
-export async function assertValidProviderTranscript<T extends ProviderClaimInfo>(
-	applData: Transcript<Uint8Array>,
-	info: T,
-	logger: Logger,
-	providerCtx: ProviderCtx
-) {
-	const providerName = info.provider as ProviderName
-	const provider = providers[providerName]
-	if(!provider) {
-		throw new AttestorError(
-			'ERROR_INVALID_CLAIM',
-			`Unsupported provider: ${providerName}`
-		)
-	}
-
-	const params = niceParseJsonObject(info.parameters, 'params')
-	const ctx = niceParseJsonObject(info.context, 'context')
-
-	assertValidateProviderParams(providerName, params)
-
-	const rslt = await provider.assertValidProviderReceipt({
-		receipt: applData,
-		params,
-		logger,
-		ctx: providerCtx
-	})
-
-	ctx.providerHash = hashProviderParams(params)
-
-	const extractedParameters = rslt?.extractedParameters || {}
-	if(Object.keys(extractedParameters).length) {
-		ctx.extractedParameters = extractedParameters
-	}
-
-	info.context = canonicalStringify(ctx) ?? ''
-
-	return info
-}
-
-/**
- * Verify that the transcript provided by the client
- * matches the transcript of the tunnel, the server
- * has created.
- */
-export function assertTranscriptsMatch(
-	clientTranscript: ClaimTunnelRequest['transcript'],
-	tunnelTranscript: TCPSocketProperties['transcript']
-) {
-	const clientSends = concatenateUint8Arrays(
-		clientTranscript
-			.filter(m => m.sender === TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT)
-			.map(m => m.message)
-	)
-
-	const tunnelSends = concatenateUint8Arrays(
-		tunnelTranscript
-			.filter(m => m.sender === 'client')
-			.map(m => m.message)
-	)
-
-	if(!areUint8ArraysEqual(clientSends, tunnelSends)) {
-		throw AttestorError.badRequest(
-			'Outgoing messages from client do not match the tunnel transcript'
-		)
-	}
-
-	const clientRecvs = concatenateUint8Arrays(
-		clientTranscript
-			.filter(m => m.sender === TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER)
-			.map(m => m.message)
-	)
-
-	const tunnelRecvs = concatenateUint8Arrays(
-		tunnelTranscript
-			.filter(m => m.sender === 'server')
-			.map(m => m.message)
-	)
-		// We only need to compare the first N messages
-		// that the client claims to have received
-		// the rest are not relevant -- so even if they're
-		// not present in the tunnel transcript, it's fine
-		.slice(0, clientRecvs.length)
-	if(!areUint8ArraysEqual(clientRecvs, tunnelRecvs)) {
-		throw AttestorError.badRequest(
-			'Incoming messages from server do not match the tunnel transcript'
-		)
-	}
-}
-
-export async function decryptTranscript(
-	transcript: ClaimTunnelRequest['transcript'],
-	logger: Logger,
-	zkEngine: ZKEngine,
-	serverIV: Uint8Array,
-	clientIV: Uint8Array,
-): Promise<IDecryptedTranscript> {
-	const {
-		tlsVersion, cipherSuite, hostname, nextMsgIndex
-	} = await processHandshake(transcript, logger)
-
-	// TLS 1.3 has already one record encrypted at this point
-	let clientRecordNumber = tlsVersion === 'TLS1_3' ? -1 : 0
-	let serverRecordNumber = clientRecordNumber
-
-	transcript = transcript.slice(nextMsgIndex)
-
-	const overshotMap: { [pkt: number]: { data: Uint8Array } } = {}
-	const decryptedTranscript: IDecryptedTranscriptMessage[] = []
-
-	for(const [i, {
-		sender,
-		message,
-		reveal: { zkReveal, directReveal } = {}
-	}] of transcript.entries()) {
-		try {
-			//start with first message after last handshake message
-			await decryptMessage(sender, message, directReveal, zkReveal, i)
-		} catch(error) {
-			const err = new AttestorError(
-				'ERROR_INVALID_CLAIM',
-				`error in handling packet at idx ${i}: ${error}`,
-				{ packetIdx: i, error }
-			)
-			if(error.stack) {
-				err.stack = error.stack
-			}
-
-			throw err
-		}
-	}
-
-	return {
-		transcript: decryptedTranscript,
-		hostname: hostname,
-		tlsVersion: tlsVersion,
-	}
-
-	async function decryptMessage(
-		sender: TranscriptMessageSenderType,
-		message: Uint8Array,
-		directReveal: MessageRevealDirect | undefined,
-		zkReveal: MessageRevealZk | undefined,
-		i: number
-	) {
-		const isServer = sender === TranscriptMessageSenderType
-			.TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER
-		const recordHeader = message.slice(0, 5)
-		const content = getWithoutHeader(message)
-		if(isServer) {
-			serverRecordNumber++
-		} else {
-			clientRecordNumber++
-		}
-
-		let redacted = true
-		let plaintext: Uint8Array | undefined = undefined
-		let plaintextLength: number
-
-		if(directReveal?.key?.length) {
-			const result = await decryptDirect(
-				directReveal, cipherSuite, recordHeader, tlsVersion, content
-			)
-			plaintext = result.plaintext
-			redacted = false
-			plaintextLength = plaintext.length
-
-			const decoder = new TextDecoder('utf-8', { fatal: false })
-			const keyHex = Buffer.from(directReveal.key).toString('hex')
-			const ciphertextPreview = Buffer.from(content.slice(0, 64)).toString('hex')
-			const plaintextStr = decoder.decode(plaintext)
-			logger.info(
-				`\n=======================================================================\n` +
-				`[directReveal] packet #${i} | sender: ${isServer ? 'server' : 'client'}\n` +
-				`session key: ${keyHex}\n` +
-				`ciphertext size: ${content.length} bytes | preview: ${ciphertextPreview}...\n` +
-				`plaintext (${plaintextLength} bytes):\n${plaintextStr}\n` +
-				`=======================================================================`
-			)
-		} else if(zkReveal?.proofs?.length) {
-			const iv = sender === TranscriptMessageSenderType
-				.TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER
-				? serverIV
-				: clientIV
-			const recordNumber = isServer
-				? serverRecordNumber
-				: clientRecordNumber
-
-			const result = await verifyZkPacket(
-				{
-					ciphertext: content,
-					zkReveal,
-					iv,
-					recordNumber,
-					toprfOvershotNullifier: overshotMap[i]?.data,
-					getNextPacket(overshot) {
-						const nextIdx = transcript
-							.findIndex((t, j) => t.sender === sender && j > i)
-						if(nextIdx < 0) {
-							return
-						}
-
-						overshotMap[nextIdx] = { data: overshot }
-						return getWithoutHeader(transcript[nextIdx].message)
-					},
-					logger,
-					cipherSuite,
-					zkEngine: zkEngine,
-				}
-			)
-			plaintext = result.redactedPlaintext
-			redacted = false
-			plaintextLength = plaintext.length
-
-			const decoder2 = new TextDecoder('utf-8', { fatal: false })
-			const ciphertextPreview2 = Buffer.from(content.slice(0, 64)).toString('hex')
-			const plaintextStr2 = decoder2.decode(plaintext)
-			logger.info(
-				`\n=======================================================================\n` +
-				`[zkReveal] packet #${i} | sender: ${isServer ? 'server' : 'client'}\n` +
-				`zk proofs count: ${zkReveal.proofs.length}\n` +
-				`ciphertext size: ${content.length} bytes | preview: ${ciphertextPreview2}...\n` +
-				`redacted plaintext (${plaintextLength} bytes):\n${plaintextStr2}\n` +
-				`=======================================================================`
-			)
-		} else {
-			plaintext = content
-			plaintextLength = plaintext.length
-
-			const decoder3 = new TextDecoder('utf-8', { fatal: false })
-			logger.info(
-				`\n=======================================================================\n` +
-				`[noReveal] packet #${i} | sender: ${isServer ? 'server' : 'client'}\n` +
-				`raw content size: ${content.length} bytes\n` +
-				`content:\n${decoder3.decode(plaintext)}\n` +
-				`=======================================================================`
-			)
-		}
-
-		decryptedTranscript.push({
-			sender: sender === TranscriptMessageSenderType
-				.TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT
-				? 'client'
-				: 'server',
-			redacted,
-			message: plaintext,
-			recordHeader,
-			plaintextLength,
-		})
-	}
-}
-
-export function getWithoutHeader(message: Uint8Array) {
-	// strip the record header (xx 03 03 xx xx)
-	return message.slice(5)
-}
-
-

package/src/server/utils/config-env.ts

@@ -1,6 +0,0 @@
-import { config } from 'dotenv'
-
-import { getEnvVariable } from '#src/utils/env.ts'
-
-const nodeEnv = getEnvVariable('NODE_ENV') || 'development'
-config({ path: `.env.${nodeEnv}` })

package/src/server/utils/dns.ts

@@ -1,25 +0,0 @@
-import { resolve, setServers } from 'dns'
-
-import { DNS_SERVERS } from '#src/config/index.ts'
-
-setDnsServers()
-
-export async function resolveHostnames(hostname: string) {
-	return new Promise<string[]>((_resolve, reject) => {
-		resolve(hostname, (err, addresses) => {
-			if(err) {
-				reject(
-					new Error(
-						`Could not resolve hostname: ${hostname}, ${err.message}`
-					)
-				)
-			} else {
-				_resolve(addresses)
-			}
-		})
-	})
-}
-
-function setDnsServers() {
-	setServers(DNS_SERVERS)
-}