@reclaimprotocol/attestor-core 4.0.3 → 5.0.1-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +660 -660
- package/README.md +1 -2
- package/lib/avs/abis/avsDirectoryABI.js +341 -342
- package/lib/avs/abis/delegationABI.js +4 -5
- package/lib/avs/abis/registryABI.js +722 -723
- package/lib/avs/client/create-claim-on-avs.d.ts +5 -5
- package/lib/avs/client/create-claim-on-avs.js +160 -139
- package/lib/avs/config.d.ts +1 -1
- package/lib/avs/config.js +25 -23
- package/lib/avs/contracts/ReclaimServiceManager.d.ts +436 -532
- package/lib/avs/contracts/ReclaimServiceManager.js +0 -3
- package/lib/avs/contracts/common.d.ts +40 -11
- package/lib/avs/contracts/common.js +0 -3
- package/lib/avs/contracts/factories/ReclaimServiceManager__factory.d.ts +13 -11
- package/lib/avs/contracts/factories/ReclaimServiceManager__factory.js +1157 -1148
- package/lib/avs/contracts/factories/index.d.ts +1 -1
- package/lib/avs/contracts/factories/index.js +4 -9
- package/lib/avs/contracts/index.d.ts +3 -3
- package/lib/avs/contracts/index.js +6 -40
- package/lib/avs/types/index.d.ts +6 -6
- package/lib/avs/types/index.js +0 -3
- package/lib/avs/utils/contracts.d.ts +14 -14
- package/lib/avs/utils/contracts.js +50 -35
- package/lib/avs/utils/register.d.ts +3 -3
- package/lib/avs/utils/register.js +71 -79
- package/lib/avs/utils/tasks.d.ts +4 -4
- package/lib/avs/utils/tasks.js +44 -41
- package/lib/browser/avs/abis/avsDirectoryABI.d.ts +60 -0
- package/lib/browser/avs/abis/avsDirectoryABI.js +343 -0
- package/lib/browser/avs/abis/delegationABI.d.ts +126 -0
- package/lib/browser/avs/abis/delegationABI.js +4 -0
- package/lib/browser/avs/abis/registryABI.d.ts +136 -0
- package/lib/browser/avs/abis/registryABI.js +728 -0
- package/lib/browser/avs/client/create-claim-on-avs.d.ts +12 -0
- package/lib/browser/avs/client/create-claim-on-avs.js +168 -0
- package/lib/browser/avs/config.d.ts +7 -0
- package/lib/browser/avs/config.js +26 -0
- package/lib/browser/avs/contracts/ReclaimServiceManager.d.ts +601 -0
- package/lib/browser/avs/contracts/ReclaimServiceManager.js +0 -0
- package/lib/browser/avs/contracts/common.d.ts +50 -0
- package/lib/browser/avs/contracts/common.js +0 -0
- package/lib/browser/avs/contracts/factories/ReclaimServiceManager__factory.d.ts +890 -0
- package/lib/browser/avs/contracts/factories/ReclaimServiceManager__factory.js +1183 -0
- package/lib/browser/avs/contracts/factories/index.d.ts +1 -0
- package/lib/browser/avs/contracts/factories/index.js +4 -0
- package/lib/browser/avs/contracts/index.d.ts +3 -0
- package/lib/browser/avs/contracts/index.js +6 -0
- package/lib/browser/avs/types/index.d.ts +55 -0
- package/lib/browser/avs/types/index.js +0 -0
- package/lib/browser/avs/utils/contracts.d.ts +21 -0
- package/lib/browser/avs/utils/contracts.js +53 -0
- package/lib/browser/avs/utils/register.d.ts +27 -0
- package/lib/browser/avs/utils/register.js +74 -0
- package/lib/browser/avs/utils/tasks.d.ts +22 -0
- package/lib/browser/avs/utils/tasks.js +48 -0
- package/lib/browser/client/create-claim.d.ts +5 -0
- package/lib/browser/client/create-claim.js +461 -0
- package/lib/browser/client/index.d.ts +3 -0
- package/lib/browser/client/index.js +3 -0
- package/lib/browser/client/tunnels/make-rpc-tcp-tunnel.d.ts +16 -0
- package/lib/browser/client/tunnels/make-rpc-tcp-tunnel.js +53 -0
- package/lib/browser/client/tunnels/make-rpc-tls-tunnel.d.ts +26 -0
- package/lib/browser/client/tunnels/make-rpc-tls-tunnel.js +127 -0
- package/lib/browser/client/utils/attestor-pool.d.ts +8 -0
- package/lib/browser/client/utils/attestor-pool.js +24 -0
- package/lib/browser/client/utils/client-socket.d.ts +11 -0
- package/lib/browser/client/utils/client-socket.js +120 -0
- package/lib/browser/client/utils/message-handler.d.ts +4 -0
- package/lib/browser/client/utils/message-handler.js +97 -0
- package/lib/browser/config/index.d.ts +31 -0
- package/lib/browser/config/index.js +62 -0
- package/lib/browser/external-rpc/benchmark.d.ts +1 -0
- package/lib/browser/external-rpc/benchmark.js +82 -0
- package/lib/browser/external-rpc/event-bus.d.ts +7 -0
- package/lib/browser/external-rpc/event-bus.js +17 -0
- package/lib/browser/external-rpc/global.d.js +0 -0
- package/lib/browser/external-rpc/handle-incoming-msg.d.ts +2 -0
- package/lib/browser/external-rpc/handle-incoming-msg.js +241 -0
- package/lib/browser/external-rpc/index.d.ts +3 -0
- package/lib/browser/external-rpc/index.js +3 -0
- package/lib/browser/external-rpc/jsc-polyfills/1.d.ts +14 -0
- package/lib/browser/external-rpc/jsc-polyfills/1.js +80 -0
- package/lib/browser/external-rpc/jsc-polyfills/2.js +15 -0
- package/lib/browser/external-rpc/jsc-polyfills/event.d.ts +10 -0
- package/lib/browser/external-rpc/jsc-polyfills/event.js +19 -0
- package/lib/browser/external-rpc/jsc-polyfills/index.d.ts +2 -0
- package/lib/browser/external-rpc/jsc-polyfills/index.js +2 -0
- package/lib/browser/external-rpc/jsc-polyfills/ws.d.ts +21 -0
- package/lib/browser/external-rpc/jsc-polyfills/ws.js +83 -0
- package/lib/browser/external-rpc/setup-browser.d.ts +6 -0
- package/lib/browser/external-rpc/setup-browser.js +33 -0
- package/lib/browser/external-rpc/setup-jsc.d.ts +24 -0
- package/lib/browser/external-rpc/setup-jsc.js +22 -0
- package/lib/{window-rpc → browser/external-rpc}/types.d.ts +56 -35
- package/lib/browser/external-rpc/types.js +0 -0
- package/lib/browser/external-rpc/utils.d.ts +20 -0
- package/lib/browser/external-rpc/utils.js +100 -0
- package/lib/browser/external-rpc/zk.d.ts +14 -0
- package/lib/browser/external-rpc/zk.js +58 -0
- package/lib/browser/index.browser.js +13 -0
- package/lib/browser/index.d.ts +9 -0
- package/lib/browser/index.js +13 -0
- package/lib/browser/mechain/abis/governanceABI.d.ts +50 -0
- package/lib/browser/mechain/abis/governanceABI.js +461 -0
- package/lib/browser/mechain/abis/taskABI.d.ts +157 -0
- package/lib/browser/mechain/abis/taskABI.js +512 -0
- package/lib/browser/mechain/client/create-claim-on-mechain.d.ts +10 -0
- package/lib/browser/mechain/client/create-claim-on-mechain.js +33 -0
- package/lib/browser/mechain/client/index.d.ts +1 -0
- package/lib/browser/mechain/client/index.js +1 -0
- package/lib/browser/mechain/constants/index.d.ts +3 -0
- package/lib/browser/mechain/constants/index.js +8 -0
- package/lib/browser/mechain/index.d.ts +2 -0
- package/lib/browser/mechain/index.js +2 -0
- package/lib/browser/mechain/types/index.d.ts +23 -0
- package/lib/browser/mechain/types/index.js +0 -0
- package/lib/browser/proto/api.d.ts +651 -0
- package/lib/browser/proto/api.js +4250 -0
- package/lib/browser/proto/tee-bundle.d.ts +156 -0
- package/lib/browser/proto/tee-bundle.js +1296 -0
- package/lib/browser/providers/http/index.d.ts +18 -0
- package/lib/browser/providers/http/index.js +640 -0
- package/lib/browser/providers/http/patch-parse5-tree.d.ts +6 -0
- package/lib/browser/providers/http/patch-parse5-tree.js +34 -0
- package/lib/browser/providers/http/utils.d.ts +77 -0
- package/lib/browser/providers/http/utils.js +283 -0
- package/lib/browser/providers/index.d.ts +4 -0
- package/lib/browser/providers/index.js +7 -0
- package/lib/browser/scripts/fallbacks/crypto.js +4 -0
- package/lib/browser/scripts/fallbacks/empty.js +4 -0
- package/lib/browser/scripts/fallbacks/gnark.js +15 -0
- package/lib/browser/scripts/fallbacks/re2.js +7 -0
- package/lib/browser/scripts/fallbacks/snarkjs.js +10 -0
- package/lib/browser/scripts/fallbacks/stwo.js +159 -0
- package/lib/browser/types/bgp.d.ts +11 -0
- package/lib/browser/types/bgp.js +0 -0
- package/lib/browser/types/claims.d.ts +70 -0
- package/lib/browser/types/claims.js +0 -0
- package/lib/browser/types/client.d.ts +163 -0
- package/lib/browser/types/client.js +0 -0
- package/lib/browser/types/general.d.ts +77 -0
- package/lib/browser/types/general.js +0 -0
- package/lib/browser/types/handlers.d.ts +10 -0
- package/lib/browser/types/handlers.js +0 -0
- package/lib/browser/types/index.d.ts +10 -0
- package/lib/browser/types/index.js +10 -0
- package/lib/browser/types/providers.d.ts +161 -0
- package/lib/browser/types/providers.gen.d.ts +443 -0
- package/lib/browser/types/providers.gen.js +16 -0
- package/lib/browser/types/providers.js +0 -0
- package/lib/browser/types/rpc.d.ts +35 -0
- package/lib/browser/types/rpc.js +0 -0
- package/lib/browser/types/signatures.d.ts +28 -0
- package/lib/browser/types/signatures.js +0 -0
- package/lib/browser/types/tunnel.d.ts +18 -0
- package/lib/browser/types/tunnel.js +0 -0
- package/lib/browser/types/zk.d.ts +38 -0
- package/lib/browser/types/zk.js +0 -0
- package/lib/browser/utils/auth.d.ts +8 -0
- package/lib/browser/utils/auth.js +71 -0
- package/lib/browser/utils/b64-json.d.ts +2 -0
- package/lib/browser/utils/b64-json.js +17 -0
- package/lib/browser/utils/claims.d.ts +33 -0
- package/lib/browser/utils/claims.js +89 -0
- package/lib/browser/utils/env.d.ts +3 -0
- package/lib/browser/utils/env.js +19 -0
- package/lib/browser/utils/error.d.ts +26 -0
- package/lib/browser/utils/error.js +54 -0
- package/lib/browser/utils/generics.d.ts +119 -0
- package/lib/browser/utils/generics.js +272 -0
- package/lib/browser/utils/http-parser.d.ts +59 -0
- package/lib/browser/utils/http-parser.js +201 -0
- package/lib/browser/utils/index.browser.js +13 -0
- package/lib/browser/utils/index.d.ts +13 -0
- package/lib/browser/utils/index.js +13 -0
- package/lib/browser/utils/logger.browser.js +88 -0
- package/lib/browser/utils/logger.d.ts +14 -0
- package/lib/browser/utils/logger.js +88 -0
- package/lib/browser/utils/prepare-packets.d.ts +16 -0
- package/lib/browser/utils/prepare-packets.js +69 -0
- package/lib/browser/utils/redactions.d.ts +73 -0
- package/lib/browser/utils/redactions.js +135 -0
- package/lib/browser/utils/retries.d.ts +12 -0
- package/lib/browser/utils/retries.js +26 -0
- package/lib/browser/utils/signatures/eth.d.ts +2 -0
- package/lib/browser/utils/signatures/eth.js +31 -0
- package/lib/browser/utils/signatures/index.d.ts +5 -0
- package/lib/browser/utils/signatures/index.js +12 -0
- package/lib/browser/utils/socket-base.d.ts +23 -0
- package/lib/browser/utils/socket-base.js +96 -0
- package/lib/browser/utils/tls-imports.d.ts +21 -0
- package/lib/browser/utils/tls-imports.js +71 -0
- package/lib/browser/utils/tls.d.ts +2 -0
- package/lib/browser/utils/tls.js +58 -0
- package/lib/browser/utils/ws.d.ts +7 -0
- package/lib/browser/utils/ws.js +22 -0
- package/lib/browser/utils/zk.d.ts +71 -0
- package/lib/browser/utils/zk.js +625 -0
- package/lib/client/create-claim.d.ts +2 -2
- package/lib/client/create-claim.js +437 -400
- package/lib/client/index.d.ts +3 -3
- package/lib/client/index.js +3 -20
- package/lib/client/tunnels/make-rpc-tcp-tunnel.d.ts +2 -2
- package/lib/client/tunnels/make-rpc-tcp-tunnel.js +49 -56
- package/lib/client/tunnels/make-rpc-tls-tunnel.d.ts +4 -3
- package/lib/client/tunnels/make-rpc-tls-tunnel.js +123 -131
- package/lib/client/utils/attestor-pool.d.ts +3 -1
- package/lib/client/utils/attestor-pool.js +21 -25
- package/lib/client/utils/client-socket.d.ts +4 -4
- package/lib/client/utils/client-socket.js +114 -94
- package/lib/client/utils/message-handler.d.ts +2 -2
- package/lib/client/utils/message-handler.js +89 -86
- package/lib/config/index.d.ts +6 -3
- package/lib/config/index.js +60 -37
- package/lib/external-rpc/benchmark.d.ts +1 -0
- package/lib/external-rpc/benchmark.js +82 -0
- package/lib/external-rpc/event-bus.d.ts +7 -0
- package/lib/external-rpc/event-bus.js +17 -0
- package/lib/external-rpc/global.d.js +0 -0
- package/lib/external-rpc/handle-incoming-msg.d.ts +2 -0
- package/lib/external-rpc/handle-incoming-msg.js +241 -0
- package/lib/external-rpc/index.d.ts +3 -0
- package/lib/external-rpc/index.js +3 -0
- package/lib/external-rpc/jsc-polyfills/1.d.ts +14 -0
- package/lib/external-rpc/jsc-polyfills/1.js +80 -0
- package/lib/external-rpc/jsc-polyfills/2.js +15 -0
- package/lib/external-rpc/jsc-polyfills/event.d.ts +10 -0
- package/lib/external-rpc/jsc-polyfills/event.js +19 -0
- package/lib/external-rpc/jsc-polyfills/index.d.ts +2 -0
- package/lib/external-rpc/jsc-polyfills/index.js +2 -0
- package/lib/external-rpc/jsc-polyfills/ws.d.ts +21 -0
- package/lib/external-rpc/jsc-polyfills/ws.js +83 -0
- package/lib/external-rpc/setup-browser.d.ts +6 -0
- package/lib/external-rpc/setup-browser.js +33 -0
- package/lib/external-rpc/setup-jsc.d.ts +24 -0
- package/lib/external-rpc/setup-jsc.js +22 -0
- package/lib/external-rpc/types.d.ts +213 -0
- package/lib/external-rpc/types.js +0 -0
- package/lib/external-rpc/utils.d.ts +20 -0
- package/lib/external-rpc/utils.js +100 -0
- package/lib/external-rpc/zk.d.ts +14 -0
- package/lib/external-rpc/zk.js +58 -0
- package/lib/index.browser.d.ts +9 -0
- package/lib/index.d.ts +8 -9
- package/lib/index.js +12 -49
- package/lib/mechain/abis/governanceABI.js +460 -461
- package/lib/mechain/abis/taskABI.js +505 -506
- package/lib/mechain/client/create-claim-on-mechain.d.ts +3 -3
- package/lib/mechain/client/create-claim-on-mechain.js +31 -30
- package/lib/mechain/client/index.d.ts +1 -1
- package/lib/mechain/client/index.js +1 -18
- package/lib/mechain/constants/index.js +8 -7
- package/lib/mechain/index.d.ts +2 -2
- package/lib/mechain/index.js +2 -19
- package/lib/mechain/types/index.d.ts +2 -2
- package/lib/mechain/types/index.js +0 -3
- package/lib/proto/api.d.ts +182 -39
- package/lib/proto/api.js +4105 -3555
- package/lib/proto/tee-bundle.d.ts +156 -0
- package/lib/proto/tee-bundle.js +1296 -0
- package/lib/providers/http/index.d.ts +16 -1
- package/lib/providers/http/index.js +603 -576
- package/lib/providers/http/patch-parse5-tree.d.ts +6 -0
- package/lib/providers/http/patch-parse5-tree.js +34 -0
- package/lib/providers/http/utils.d.ts +7 -4
- package/lib/providers/http/utils.js +240 -317
- package/lib/providers/index.d.ts +1 -1
- package/lib/providers/index.js +5 -9
- package/lib/scripts/check-avs-registration.d.ts +1 -1
- package/lib/scripts/check-avs-registration.js +24 -25
- package/lib/scripts/fallbacks/crypto.d.ts +1 -0
- package/lib/scripts/fallbacks/crypto.js +4 -0
- package/lib/scripts/fallbacks/empty.d.ts +3 -0
- package/lib/scripts/fallbacks/empty.js +4 -0
- package/lib/scripts/fallbacks/gnark.d.ts +7 -0
- package/lib/scripts/fallbacks/gnark.js +15 -0
- package/lib/scripts/fallbacks/re2.d.ts +1 -0
- package/lib/scripts/fallbacks/re2.js +7 -0
- package/lib/scripts/fallbacks/snarkjs.d.ts +1 -0
- package/lib/scripts/fallbacks/snarkjs.js +10 -0
- package/lib/scripts/fallbacks/stwo.d.ts +6 -0
- package/lib/scripts/generate-provider-types.js +92 -73
- package/lib/scripts/generate-receipt.d.ts +2 -2
- package/lib/scripts/generate-receipt.js +94 -83
- package/lib/scripts/generate-toprf-keys.js +17 -16
- package/lib/scripts/jsc-cli-rpc.d.ts +1 -0
- package/lib/scripts/jsc-cli-rpc.js +35 -0
- package/lib/scripts/register-avs-operator.d.ts +1 -1
- package/lib/scripts/register-avs-operator.js +3 -7
- package/lib/scripts/start-server.d.ts +1 -1
- package/lib/scripts/start-server.js +9 -11
- package/lib/scripts/update-avs-metadata.d.ts +1 -1
- package/lib/scripts/update-avs-metadata.js +17 -19
- package/lib/scripts/utils.js +8 -9
- package/lib/scripts/whitelist-operator.d.ts +1 -1
- package/lib/scripts/whitelist-operator.js +13 -15
- package/lib/server/create-server.d.ts +3 -2
- package/lib/server/create-server.js +98 -85
- package/lib/server/handlers/claimTeeBundle.d.ts +6 -0
- package/lib/server/handlers/claimTeeBundle.js +232 -0
- package/lib/server/handlers/claimTunnel.d.ts +1 -1
- package/lib/server/handlers/claimTunnel.js +75 -73
- package/lib/server/handlers/completeClaimOnChain.d.ts +1 -1
- package/lib/server/handlers/completeClaimOnChain.js +27 -26
- package/lib/server/handlers/createClaimOnChain.d.ts +1 -1
- package/lib/server/handlers/createClaimOnChain.js +30 -29
- package/lib/server/handlers/createTaskOnMechain.d.ts +1 -1
- package/lib/server/handlers/createTaskOnMechain.js +54 -49
- package/lib/server/handlers/createTunnel.d.ts +1 -1
- package/lib/server/handlers/createTunnel.js +91 -94
- package/lib/server/handlers/disconnectTunnel.d.ts +1 -1
- package/lib/server/handlers/disconnectTunnel.js +6 -8
- package/lib/server/handlers/fetchCertificateBytes.d.ts +2 -0
- package/lib/server/handlers/fetchCertificateBytes.js +57 -0
- package/lib/server/handlers/index.d.ts +1 -1
- package/lib/server/handlers/index.js +24 -21
- package/lib/server/handlers/init.d.ts +1 -1
- package/lib/server/handlers/init.js +31 -34
- package/lib/server/handlers/toprf.d.ts +1 -1
- package/lib/server/handlers/toprf.js +17 -19
- package/lib/server/index.d.ts +4 -4
- package/lib/server/index.js +4 -21
- package/lib/server/socket.d.ts +7 -7
- package/lib/server/socket.js +104 -106
- package/lib/server/tunnels/make-tcp-tunnel.d.ts +5 -3
- package/lib/server/tunnels/make-tcp-tunnel.js +189 -162
- package/lib/server/utils/apm.d.ts +1 -1
- package/lib/server/utils/apm.js +26 -40
- package/lib/server/utils/assert-valid-claim-request.d.ts +6 -5
- package/lib/server/utils/assert-valid-claim-request.js +339 -185
- package/lib/server/utils/config-env.js +4 -7
- package/lib/server/utils/dns.js +18 -16
- package/lib/server/utils/gcp-attestation.d.ts +17 -0
- package/lib/server/utils/gcp-attestation.js +237 -0
- package/lib/server/utils/generics.d.ts +3 -3
- package/lib/server/utils/generics.js +37 -51
- package/lib/server/utils/iso.js +255 -256
- package/lib/server/utils/keep-alive.d.ts +2 -2
- package/lib/server/utils/keep-alive.js +36 -40
- package/lib/server/utils/nitro-attestation.d.ts +33 -0
- package/lib/server/utils/nitro-attestation.js +249 -0
- package/lib/server/utils/oprf-raw.d.ts +21 -0
- package/lib/server/utils/oprf-raw.js +61 -0
- package/lib/server/utils/process-handshake.d.ts +3 -3
- package/lib/server/utils/process-handshake.js +217 -175
- package/lib/server/utils/proxy-session.d.ts +1 -0
- package/lib/server/utils/proxy-session.js +4 -0
- package/lib/server/utils/tee-oprf-mpc-verification.d.ts +16 -0
- package/lib/server/utils/tee-oprf-mpc-verification.js +86 -0
- package/lib/server/utils/tee-oprf-verification.d.ts +24 -0
- package/lib/server/utils/tee-oprf-verification.js +151 -0
- package/lib/server/utils/tee-transcript-reconstruction.d.ts +24 -0
- package/lib/server/utils/tee-transcript-reconstruction.js +140 -0
- package/lib/server/utils/tee-verification.d.ts +28 -0
- package/lib/server/utils/tee-verification.js +358 -0
- package/lib/{utils → server/utils}/validation.d.ts +1 -1
- package/lib/server/utils/validation.js +45 -0
- package/lib/types/bgp.js +0 -3
- package/lib/types/claims.d.ts +7 -10
- package/lib/types/claims.js +0 -3
- package/lib/types/client.d.ts +5 -5
- package/lib/types/client.js +0 -3
- package/lib/types/general.d.ts +30 -4
- package/lib/types/general.js +0 -3
- package/lib/types/handlers.d.ts +3 -3
- package/lib/types/handlers.js +0 -3
- package/lib/types/index.d.ts +10 -10
- package/lib/types/index.js +10 -27
- package/lib/types/providers.d.ts +15 -4
- package/lib/types/providers.gen.d.ts +15 -1
- package/lib/types/providers.gen.js +15 -13
- package/lib/types/providers.js +0 -3
- package/lib/types/rpc.d.ts +2 -2
- package/lib/types/rpc.js +0 -3
- package/lib/types/signatures.js +0 -3
- package/lib/types/tunnel.d.ts +2 -2
- package/lib/types/tunnel.js +0 -3
- package/lib/types/zk.d.ts +17 -2
- package/lib/types/zk.js +0 -3
- package/lib/utils/auth.d.ts +2 -1
- package/lib/utils/auth.js +66 -59
- package/lib/utils/b64-json.js +13 -19
- package/lib/utils/bgp-listener.d.ts +1 -1
- package/lib/utils/bgp-listener.js +111 -114
- package/lib/utils/claims.d.ts +3 -3
- package/lib/utils/claims.js +78 -101
- package/lib/utils/env.js +15 -16
- package/lib/utils/error.d.ts +6 -7
- package/lib/utils/error.js +50 -39
- package/lib/utils/generics.d.ts +20 -13
- package/lib/utils/generics.js +221 -297
- package/lib/utils/http-parser.d.ts +1 -1
- package/lib/utils/http-parser.js +186 -237
- package/lib/utils/index.browser.d.ts +13 -0
- package/lib/utils/index.d.ts +14 -12
- package/lib/utils/index.js +14 -29
- package/lib/utils/logger.browser.d.ts +14 -0
- package/lib/utils/logger.d.ts +1 -1
- package/lib/utils/logger.js +69 -87
- package/lib/utils/prepare-packets.d.ts +3 -3
- package/lib/utils/prepare-packets.js +66 -58
- package/lib/utils/redactions.d.ts +20 -1
- package/lib/utils/redactions.js +116 -129
- package/lib/utils/retries.d.ts +1 -1
- package/lib/utils/retries.js +24 -26
- package/lib/utils/signatures/eth.d.ts +1 -1
- package/lib/utils/signatures/eth.js +28 -30
- package/lib/utils/signatures/index.d.ts +3 -3
- package/lib/utils/signatures/index.js +11 -10
- package/lib/utils/socket-base.d.ts +6 -5
- package/lib/utils/socket-base.js +89 -88
- package/lib/utils/tls-imports.d.ts +21 -0
- package/lib/utils/tls-imports.js +71 -0
- package/lib/utils/tls.d.ts +1 -1
- package/lib/utils/tls.js +54 -28
- package/lib/utils/ws.d.ts +1 -6
- package/lib/utils/ws.js +17 -33
- package/lib/utils/zk.d.ts +28 -12
- package/lib/utils/zk.js +587 -406
- package/package.json +79 -60
- package/lib/avs/tests/test.operator.d.ts +0 -11
- package/lib/avs/tests/test.operator.js +0 -313
- package/lib/avs/tests/utils.d.ts +0 -2
- package/lib/avs/tests/utils.js +0 -50
- package/lib/scripts/verify-root-ca.d.ts +0 -1
- package/lib/scripts/verify-root-ca.js +0 -51
- package/lib/tests/describe-with-server.d.ts +0 -20
- package/lib/tests/describe-with-server.js +0 -64
- package/lib/tests/mock-provider-server.d.ts +0 -13
- package/lib/tests/mock-provider-server.js +0 -65
- package/lib/tests/mocks.d.ts +0 -4
- package/lib/tests/mocks.js +0 -23
- package/lib/tests/test.auth.js +0 -75
- package/lib/tests/test.bgp-listener.js +0 -169
- package/lib/tests/test.claim-creation.js +0 -280
- package/lib/tests/test.http-parser.d.ts +0 -1
- package/lib/tests/test.http-parser.js +0 -120
- package/lib/tests/test.http-provider-utils.js +0 -2416
- package/lib/tests/test.http-provider.js +0 -114
- package/lib/tests/test.rpc-communication.d.ts +0 -1
- package/lib/tests/test.rpc-communication.js +0 -64
- package/lib/tests/test.rpc-tunnel.d.ts +0 -1
- package/lib/tests/test.rpc-tunnel.js +0 -172
- package/lib/tests/test.signatures.d.ts +0 -1
- package/lib/tests/test.signatures.js +0 -24
- package/lib/tests/test.tcp-tunnel.d.ts +0 -1
- package/lib/tests/test.tcp-tunnel.js +0 -64
- package/lib/tests/test.zk.d.ts +0 -1
- package/lib/tests/test.zk.js +0 -337
- package/lib/tests/utils.d.ts +0 -18
- package/lib/tests/utils.js +0 -64
- package/lib/utils/atomic-operations.d.ts +0 -24
- package/lib/utils/atomic-operations.js +0 -65
- package/lib/utils/benchmark.d.ts +0 -1
- package/lib/utils/benchmark.js +0 -70
- package/lib/utils/connection-state-machine.d.ts +0 -43
- package/lib/utils/connection-state-machine.js +0 -129
- package/lib/utils/resource-monitor.d.ts +0 -61
- package/lib/utils/resource-monitor.js +0 -107
- package/lib/utils/validation.js +0 -46
- package/lib/window-rpc/index.d.ts +0 -3
- package/lib/window-rpc/index.js +0 -20
- package/lib/window-rpc/setup-window-rpc.d.ts +0 -5
- package/lib/window-rpc/setup-window-rpc.js +0 -291
- package/lib/window-rpc/types.js +0 -3
- package/lib/window-rpc/utils.d.ts +0 -14
- package/lib/window-rpc/utils.js +0 -102
- package/lib/window-rpc/window-rpc-zk.d.ts +0 -15
- package/lib/window-rpc/window-rpc-zk.js +0 -85
- /package/lib/{tests/test.auth.d.ts → browser/external-rpc/jsc-polyfills/2.d.ts} +0 -0
- /package/lib/{tests/test.bgp-listener.d.ts → external-rpc/jsc-polyfills/2.d.ts} +0 -0
- /package/lib/{tests/test.claim-creation.d.ts → scripts/build-browser.d.ts} +0 -0
- /package/lib/{tests/test.http-provider-utils.d.ts → scripts/build-jsc.d.ts} +0 -0
- /package/lib/{tests/test.http-provider.d.ts → scripts/build-lib.d.ts} +0 -0
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Working Nitro Attestation validation utilities
|
|
3
|
+
*/
|
|
4
|
+
export interface AttestationDocument {
|
|
5
|
+
module_id: string;
|
|
6
|
+
digest: string;
|
|
7
|
+
timestamp: bigint;
|
|
8
|
+
pcrs: {
|
|
9
|
+
[key: number]: Buffer;
|
|
10
|
+
};
|
|
11
|
+
certificate: Buffer;
|
|
12
|
+
cabundle: Buffer[];
|
|
13
|
+
public_key?: Buffer;
|
|
14
|
+
user_data?: Buffer;
|
|
15
|
+
nonce?: Buffer;
|
|
16
|
+
}
|
|
17
|
+
export interface NitroValidationResult {
|
|
18
|
+
isValid: boolean;
|
|
19
|
+
errors: string[];
|
|
20
|
+
warnings: string[];
|
|
21
|
+
userDataType?: 'tee_k' | 'tee_t';
|
|
22
|
+
ethAddress?: string;
|
|
23
|
+
pcr0: string;
|
|
24
|
+
}
|
|
25
|
+
export interface AddressExtractionResult {
|
|
26
|
+
teeType: 'tee_k' | 'tee_t';
|
|
27
|
+
ethAddress?: string;
|
|
28
|
+
pcr0: string;
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Working validation function copied from nitroattestor
|
|
32
|
+
*/
|
|
33
|
+
export declare function validateNitroAttestationAndExtractKey(attestationBytes: Uint8Array): Promise<NitroValidationResult>;
|
|
@@ -0,0 +1,249 @@
|
|
|
1
|
+
import { AsnParser } from "@peculiar/asn1-schema";
|
|
2
|
+
import { SubjectPublicKeyInfo } from "@peculiar/asn1-x509";
|
|
3
|
+
import { Crypto } from "@peculiar/webcrypto";
|
|
4
|
+
import { X509Certificate, X509ChainBuilder } from "@peculiar/x509";
|
|
5
|
+
import { sign } from "cose-js";
|
|
6
|
+
async function getCborDecode() {
|
|
7
|
+
const { decode } = await import("cbor-x");
|
|
8
|
+
return decode;
|
|
9
|
+
}
|
|
10
|
+
const AWS_NITRO_ROOT_CERT = `-----BEGIN CERTIFICATE-----
|
|
11
|
+
MIICETCCAZagAwIBAgIRAPkxdWgbkK/hHUbMtOTn+FYwCgYIKoZIzj0EAwMwSTEL
|
|
12
|
+
MAkGA1UEBhMCVVMxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMRswGQYD
|
|
13
|
+
VQQDDBJhd3Mubml0cm8tZW5jbGF2ZXMwHhcNMTkxMDI4MTMyODA1WhcNNDkxMDI4
|
|
14
|
+
MTQyODA1WjBJMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQL
|
|
15
|
+
DANBV1MxGzAZBgNVBAMMEmF3cy5uaXRyby1lbmNsYXZlczB2MBAGByqGSM49AgEG
|
|
16
|
+
BSuBBAAiA2IABPwCVOumCMHzaHDimtqQvkY4MpJzbolL//Zy2YlES1BR5TSksfbb
|
|
17
|
+
48C8WBoyt7F2Bw7eEtaaP+ohG2bnUs990d0JX28TcPQXCEPZ3BABIeTPYwEoCWZE
|
|
18
|
+
h8l5YoQwTcU/9KNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUkCW1DdkF
|
|
19
|
+
R+eWw5b6cp3PmanfS5YwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2kAMGYC
|
|
20
|
+
MQCjfy+Rocm9Xue4YnwWmNJVA44fA0P5W2OpYow9OYCVRaEevL8uO1XYru5xtMPW
|
|
21
|
+
rfMCMQCi85sWBbJwKKXdS6BptQFuZbT73o/gBh1qUxl/nNr12UO8Yfwr6wPLb+6N
|
|
22
|
+
IwLz3/Y=
|
|
23
|
+
-----END CERTIFICATE-----`;
|
|
24
|
+
async function validateCertificateChain(targetCert, intermediateCerts, rootCert, crypto) {
|
|
25
|
+
const errors = [];
|
|
26
|
+
try {
|
|
27
|
+
const rootSubject = rootCert.subject;
|
|
28
|
+
const rootIssuer = rootCert.issuer;
|
|
29
|
+
if (rootSubject !== rootIssuer) {
|
|
30
|
+
errors.push("Root certificate is not self-signed");
|
|
31
|
+
}
|
|
32
|
+
try {
|
|
33
|
+
const isRootValid = await rootCert.verify(void 0, crypto);
|
|
34
|
+
if (!isRootValid) {
|
|
35
|
+
errors.push("Root certificate signature verification failed");
|
|
36
|
+
}
|
|
37
|
+
} catch (error) {
|
|
38
|
+
errors.push(`Root certificate verification failed: ${error.message}`);
|
|
39
|
+
}
|
|
40
|
+
const chainBuilder = new X509ChainBuilder({
|
|
41
|
+
certificates: [rootCert, ...intermediateCerts]
|
|
42
|
+
});
|
|
43
|
+
let chain;
|
|
44
|
+
try {
|
|
45
|
+
chain = await chainBuilder.build(targetCert, crypto);
|
|
46
|
+
} catch (error) {
|
|
47
|
+
errors.push(`Certificate chain building failed: ${error.message}`);
|
|
48
|
+
return { isValid: false, errors, chain: [] };
|
|
49
|
+
}
|
|
50
|
+
if (!chain || chain.length === 0) {
|
|
51
|
+
errors.push("No valid certificate chain could be built");
|
|
52
|
+
return { isValid: false, errors, chain: [] };
|
|
53
|
+
}
|
|
54
|
+
const now = /* @__PURE__ */ new Date();
|
|
55
|
+
for (let i = 0; i < chain.length; i++) {
|
|
56
|
+
const cert = chain[i];
|
|
57
|
+
if (now < cert.notBefore) {
|
|
58
|
+
errors.push(`Certificate ${i} (${cert.subject}) is not yet valid`);
|
|
59
|
+
}
|
|
60
|
+
if (now > cert.notAfter) {
|
|
61
|
+
errors.push(`Certificate ${i} (${cert.subject}) has expired`);
|
|
62
|
+
}
|
|
63
|
+
if (i < chain.length - 1) {
|
|
64
|
+
try {
|
|
65
|
+
const issuer = chain[i + 1];
|
|
66
|
+
const isValid = await cert.verify(issuer, crypto);
|
|
67
|
+
if (!isValid) {
|
|
68
|
+
errors.push(`Certificate ${i} signature verification failed`);
|
|
69
|
+
}
|
|
70
|
+
} catch (error) {
|
|
71
|
+
errors.push(`Certificate ${i} verification failed: ${error.message}`);
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
return {
|
|
76
|
+
isValid: errors.length === 0,
|
|
77
|
+
errors,
|
|
78
|
+
chain
|
|
79
|
+
};
|
|
80
|
+
} catch (error) {
|
|
81
|
+
errors.push(`Certificate chain validation error: ${error.message}`);
|
|
82
|
+
return { isValid: false, errors, chain: [] };
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
function extractPublicKeyFromUserData(userDataBuffer) {
|
|
86
|
+
try {
|
|
87
|
+
const userDataString = userDataBuffer.toString("utf-8");
|
|
88
|
+
const teeKMatch = userDataString.match(/^tee_k_public_key:(0x[0-9a-fA-F]{40})$/);
|
|
89
|
+
const teeTMatch = userDataString.match(/^tee_t_public_key:(0x[0-9a-fA-F]{40})$/);
|
|
90
|
+
if (teeKMatch) {
|
|
91
|
+
return {
|
|
92
|
+
teeType: "tee_k",
|
|
93
|
+
ethAddress: teeKMatch[1],
|
|
94
|
+
// Store the full ETH address with 0x prefix
|
|
95
|
+
pcr0: ""
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
if (teeTMatch) {
|
|
99
|
+
return {
|
|
100
|
+
teeType: "tee_t",
|
|
101
|
+
ethAddress: teeTMatch[1],
|
|
102
|
+
// Store the full ETH address with 0x prefix
|
|
103
|
+
pcr0: ""
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
return null;
|
|
107
|
+
} catch {
|
|
108
|
+
return null;
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
async function validateNitroAttestationAndExtractKey(attestationBytes) {
|
|
112
|
+
const errors = [];
|
|
113
|
+
const warnings = [];
|
|
114
|
+
try {
|
|
115
|
+
const crypto = new Crypto();
|
|
116
|
+
const decode = await getCborDecode();
|
|
117
|
+
let decoded;
|
|
118
|
+
try {
|
|
119
|
+
decoded = decode(Buffer.from(attestationBytes));
|
|
120
|
+
} catch (error) {
|
|
121
|
+
errors.push(`CBOR decoding failed: ${error.message}`);
|
|
122
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
123
|
+
}
|
|
124
|
+
if (!Array.isArray(decoded) || decoded.length < 4) {
|
|
125
|
+
errors.push("Invalid COSE_Sign1 structure: expected array with 4 elements");
|
|
126
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
127
|
+
}
|
|
128
|
+
const [, , payload] = decoded;
|
|
129
|
+
if (!payload || payload.length === 0) {
|
|
130
|
+
errors.push("Empty or missing payload in COSE_Sign1 structure");
|
|
131
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
132
|
+
}
|
|
133
|
+
let doc;
|
|
134
|
+
try {
|
|
135
|
+
doc = decode(payload);
|
|
136
|
+
} catch (error) {
|
|
137
|
+
errors.push(`Payload decoding failed: ${error.message}`);
|
|
138
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
139
|
+
}
|
|
140
|
+
if (doc.module_id.length === 0) {
|
|
141
|
+
errors.push("Missing or invalid module_id");
|
|
142
|
+
}
|
|
143
|
+
if (doc.digest.length === 0) {
|
|
144
|
+
errors.push("Missing or invalid digest");
|
|
145
|
+
}
|
|
146
|
+
if (!doc.pcrs || typeof doc.pcrs !== "object") {
|
|
147
|
+
errors.push("Missing or invalid pcrs");
|
|
148
|
+
}
|
|
149
|
+
if (!Buffer.isBuffer(doc.certificate) || doc.certificate.length === 0) {
|
|
150
|
+
errors.push("Missing or invalid certificate");
|
|
151
|
+
}
|
|
152
|
+
if (!Array.isArray(doc.cabundle) || doc.cabundle.length === 0) {
|
|
153
|
+
errors.push("Missing or invalid cabundle");
|
|
154
|
+
}
|
|
155
|
+
if (errors.length > 0) {
|
|
156
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
157
|
+
}
|
|
158
|
+
const pcr0 = doc.pcrs[0].toString("hex");
|
|
159
|
+
const intermediateCerts = [];
|
|
160
|
+
for (let i = 0; i < doc.cabundle.length; i++) {
|
|
161
|
+
try {
|
|
162
|
+
const cert = new X509Certificate(doc.cabundle[i].toString("base64"));
|
|
163
|
+
intermediateCerts.push(cert);
|
|
164
|
+
} catch (error) {
|
|
165
|
+
errors.push(`Failed to parse cabundle certificate ${i}: ${error.message}`);
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
let targetCert;
|
|
169
|
+
try {
|
|
170
|
+
targetCert = new X509Certificate(doc.certificate.toString("base64"));
|
|
171
|
+
} catch (error) {
|
|
172
|
+
errors.push(`Failed to parse target certificate: ${error.message}`);
|
|
173
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
174
|
+
}
|
|
175
|
+
let rootCert;
|
|
176
|
+
try {
|
|
177
|
+
rootCert = new X509Certificate(AWS_NITRO_ROOT_CERT);
|
|
178
|
+
} catch (error) {
|
|
179
|
+
errors.push(`Failed to parse AWS Nitro root certificate: ${error.message}`);
|
|
180
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
181
|
+
}
|
|
182
|
+
const chainResult = await validateCertificateChain(targetCert, intermediateCerts, rootCert, crypto);
|
|
183
|
+
if (!chainResult.isValid) {
|
|
184
|
+
errors.push(...chainResult.errors);
|
|
185
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
186
|
+
}
|
|
187
|
+
let publicKeyRaw;
|
|
188
|
+
try {
|
|
189
|
+
publicKeyRaw = Buffer.from(targetCert.publicKey.rawData);
|
|
190
|
+
} catch (error) {
|
|
191
|
+
errors.push(`Failed to extract public key: ${error.message}`);
|
|
192
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
193
|
+
}
|
|
194
|
+
if (publicKeyRaw.length !== 120 || publicKeyRaw[0] !== 48) {
|
|
195
|
+
errors.push(`Invalid public key format: expected 120-byte DER-encoded key, got ${publicKeyRaw.length} bytes`);
|
|
196
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
197
|
+
}
|
|
198
|
+
let spki;
|
|
199
|
+
try {
|
|
200
|
+
spki = AsnParser.parse(publicKeyRaw, SubjectPublicKeyInfo);
|
|
201
|
+
} catch (error) {
|
|
202
|
+
errors.push(`Failed to parse SubjectPublicKeyInfo: ${error.message}`);
|
|
203
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
204
|
+
}
|
|
205
|
+
const ecPoint = Buffer.from(spki.subjectPublicKey);
|
|
206
|
+
if (ecPoint.length !== 97 || ecPoint[0] !== 4) {
|
|
207
|
+
errors.push("Invalid EC point: expected 97-byte uncompressed P-384 key");
|
|
208
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
209
|
+
}
|
|
210
|
+
const x = ecPoint.subarray(1, 49);
|
|
211
|
+
const y = ecPoint.subarray(49, 97);
|
|
212
|
+
try {
|
|
213
|
+
const verifier = {
|
|
214
|
+
key: {
|
|
215
|
+
x,
|
|
216
|
+
y
|
|
217
|
+
}
|
|
218
|
+
};
|
|
219
|
+
const options = { defaultType: 18 };
|
|
220
|
+
await sign.verify(Buffer.from(attestationBytes), verifier, options);
|
|
221
|
+
} catch (error) {
|
|
222
|
+
errors.push(`COSE signature verification failed: ${error.message}`);
|
|
223
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
224
|
+
}
|
|
225
|
+
let userDataType;
|
|
226
|
+
let ethAddress;
|
|
227
|
+
if (doc.user_data) {
|
|
228
|
+
const keyInfo = extractPublicKeyFromUserData(doc.user_data);
|
|
229
|
+
if (keyInfo) {
|
|
230
|
+
userDataType = keyInfo.teeType;
|
|
231
|
+
ethAddress = keyInfo.ethAddress;
|
|
232
|
+
}
|
|
233
|
+
}
|
|
234
|
+
return {
|
|
235
|
+
isValid: errors.length === 0,
|
|
236
|
+
errors,
|
|
237
|
+
warnings,
|
|
238
|
+
userDataType,
|
|
239
|
+
ethAddress,
|
|
240
|
+
pcr0
|
|
241
|
+
};
|
|
242
|
+
} catch (error) {
|
|
243
|
+
errors.push(`Unexpected error during validation: ${error.message}`);
|
|
244
|
+
return { isValid: false, errors, warnings, pcr0: "" };
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
export {
|
|
248
|
+
validateNitroAttestationAndExtractKey
|
|
249
|
+
};
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import type { MessageReveal_OPRFRawMarker as OPRFRawMarker } from '#src/proto/api.ts';
|
|
2
|
+
import type { Logger } from '#src/types/index.ts';
|
|
3
|
+
export type OPRFRawResult = {
|
|
4
|
+
/** Location of the data that was OPRF'd */
|
|
5
|
+
dataLocation: {
|
|
6
|
+
fromIndex: number;
|
|
7
|
+
length: number;
|
|
8
|
+
};
|
|
9
|
+
/** The OPRF nullifier (hash output) */
|
|
10
|
+
nullifier: Uint8Array;
|
|
11
|
+
};
|
|
12
|
+
/**
|
|
13
|
+
* Compute OPRF for plaintext data marked with oprf-raw.
|
|
14
|
+
* This runs server-side since the attestor has access to the revealed plaintext.
|
|
15
|
+
*
|
|
16
|
+
* @param plaintext - The revealed plaintext from the TLS transcript
|
|
17
|
+
* @param markers - Positions in the plaintext to compute OPRF for
|
|
18
|
+
* @param logger - Logger instance
|
|
19
|
+
* @returns Array of OPRF results with nullifiers
|
|
20
|
+
*/
|
|
21
|
+
export declare function computeOPRFRaw(plaintext: Uint8Array, markers: OPRFRawMarker[], logger: Logger): Promise<OPRFRawResult[]>;
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import { getBytes } from "ethers";
|
|
2
|
+
import { TOPRF_DOMAIN_SEPARATOR } from "../../config/index.js";
|
|
3
|
+
import { getEnvVariable } from "../../utils/env.js";
|
|
4
|
+
import { makeDefaultOPRFOperator } from "../../utils/zk.js";
|
|
5
|
+
async function computeOPRFRaw(plaintext, markers, logger) {
|
|
6
|
+
if (!markers.length) {
|
|
7
|
+
return [];
|
|
8
|
+
}
|
|
9
|
+
const PRIVATE_KEY_STR = getEnvVariable("TOPRF_SHARE_PRIVATE_KEY");
|
|
10
|
+
const PUBLIC_KEY_STR = getEnvVariable("TOPRF_SHARE_PUBLIC_KEY");
|
|
11
|
+
if (!PRIVATE_KEY_STR || !PUBLIC_KEY_STR) {
|
|
12
|
+
throw new Error("TOPRF keys not configured. Cannot compute oprf-raw.");
|
|
13
|
+
}
|
|
14
|
+
const privateKey = getBytes(PRIVATE_KEY_STR);
|
|
15
|
+
const publicKey = getBytes(PUBLIC_KEY_STR);
|
|
16
|
+
const operator = makeDefaultOPRFOperator("chacha20", "gnark", logger);
|
|
17
|
+
const results = [];
|
|
18
|
+
for (const marker of markers) {
|
|
19
|
+
const { dataLocation } = marker;
|
|
20
|
+
if (!dataLocation) {
|
|
21
|
+
logger.warn("oprf-raw marker missing dataLocation, skipping");
|
|
22
|
+
continue;
|
|
23
|
+
}
|
|
24
|
+
const { fromIndex, length } = dataLocation;
|
|
25
|
+
const endIndex = fromIndex + length;
|
|
26
|
+
if (endIndex > plaintext.length) {
|
|
27
|
+
throw new Error(
|
|
28
|
+
`oprf-raw marker out of bounds: fromIndex=${fromIndex}, length=${length}, plaintextLength=${plaintext.length}`
|
|
29
|
+
);
|
|
30
|
+
}
|
|
31
|
+
const data = plaintext.slice(fromIndex, endIndex);
|
|
32
|
+
const request = await operator.generateOPRFRequestData(
|
|
33
|
+
data,
|
|
34
|
+
TOPRF_DOMAIN_SEPARATOR,
|
|
35
|
+
logger
|
|
36
|
+
);
|
|
37
|
+
const response = await operator.evaluateOPRF(
|
|
38
|
+
privateKey,
|
|
39
|
+
request.maskedData,
|
|
40
|
+
logger
|
|
41
|
+
);
|
|
42
|
+
const nullifier = await operator.finaliseOPRF(
|
|
43
|
+
publicKey,
|
|
44
|
+
request,
|
|
45
|
+
[{ ...response, publicKeyShare: publicKey }],
|
|
46
|
+
logger
|
|
47
|
+
);
|
|
48
|
+
results.push({
|
|
49
|
+
dataLocation: { fromIndex, length },
|
|
50
|
+
nullifier
|
|
51
|
+
});
|
|
52
|
+
logger.debug(
|
|
53
|
+
{ fromIndex, length, nullifierHex: Buffer.from(nullifier).toString("hex").slice(0, 16) + "..." },
|
|
54
|
+
"computed oprf-raw nullifier"
|
|
55
|
+
);
|
|
56
|
+
}
|
|
57
|
+
return results;
|
|
58
|
+
}
|
|
59
|
+
export {
|
|
60
|
+
computeOPRFRaw
|
|
61
|
+
};
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { ClaimTunnelRequest } from '
|
|
2
|
-
import { Logger } from '
|
|
1
|
+
import type { ClaimTunnelRequest } from '#src/proto/api.ts';
|
|
2
|
+
import type { Logger } from '#src/types/index.ts';
|
|
3
3
|
/**
|
|
4
4
|
* Verifies server cert chain and removes handshake messages from transcript
|
|
5
5
|
* @param receipt
|
|
@@ -7,7 +7,7 @@ import { Logger } from '../../types';
|
|
|
7
7
|
*/
|
|
8
8
|
export declare function processHandshake(receipt: ClaimTunnelRequest['transcript'], logger: Logger): Promise<{
|
|
9
9
|
tlsVersion: "TLS1_3" | "TLS1_2";
|
|
10
|
-
cipherSuite: "TLS_CHACHA20_POLY1305_SHA256" | "TLS_AES_256_GCM_SHA384" | "TLS_AES_128_GCM_SHA256" | "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" | "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" | "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" | "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" | "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" | "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
|
|
10
|
+
cipherSuite: "TLS_CHACHA20_POLY1305_SHA256" | "TLS_AES_256_GCM_SHA384" | "TLS_AES_128_GCM_SHA256" | "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" | "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" | "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" | "TLS_RSA_WITH_AES_128_GCM_SHA256" | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" | "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" | "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" | "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
|
|
11
11
|
hostname: string;
|
|
12
12
|
nextMsgIndex: number;
|
|
13
13
|
}>;
|