@reclaimprotocol/attestor-core 5.0.1-beta.1 → 5.0.1-beta.2

package/lib/utils/generics.js

@@ -0,0 +1,268 @@
+import {
+  areUint8ArraysEqual,
+  CONTENT_TYPE_MAP,
+  crypto,
+  decryptWrappedRecord,
+  PACKET_TYPE,
+  SUPPORTED_CIPHER_SUITE_MAP,
+  uint8ArrayToBinaryStr,
+  uint8ArrayToDataView
+} from "@reclaimprotocol/tls";
+import { REDACTION_CHAR_CODE } from "@reclaimprotocol/zk-symmetric-crypto";
+import { RPCMessage, RPCMessages } from "../proto/api.js";
+const DEFAULT_REDACTION_DATA = new Uint8Array(4).fill(REDACTION_CHAR_CODE);
+function uint8ArrayToStr(arr) {
+  return new TextDecoder().decode(arr);
+}
+function strToUint8Array(str) {
+  return new TextEncoder().encode(str);
+}
+function getTranscriptString(receipt) {
+  const applMsgs = extractApplicationDataFromTranscript(receipt);
+  const strList = [];
+  for (const { message, sender } of applMsgs) {
+    const content = uint8ArrayToStr(message);
+    if (strList[strList.length - 1]?.startsWith(sender)) {
+      strList[strList.length - 1] += content;
+    } else {
+      strList.push(`${sender}: ${content}`);
+    }
+  }
+  return strList.join("\n");
+}
+const unixTimestampSeconds = () => Math.floor(Date.now() / 1e3);
+function findIndexInUint8Array(haystack, needle) {
+  for (let i = 0; i < haystack.length; i++) {
+    if (areUint8ArraysEqual(haystack.slice(i, i + needle.length), needle)) {
+      return i;
+    }
+  }
+  return -1;
+}
+function getZkAlgorithmForCipherSuite(cipherSuite) {
+  if (cipherSuite.includes("CHACHA20")) {
+    return "chacha20";
+  }
+  if (cipherSuite.includes("AES_256_GCM")) {
+    return "aes-256-ctr";
+  }
+  if (cipherSuite.includes("AES_128_GCM")) {
+    return "aes-128-ctr";
+  }
+  throw new Error(`${cipherSuite} not supported for ZK ops`);
+}
+function getPureCiphertext(content, cipherSuite) {
+  getZkAlgorithmForCipherSuite(cipherSuite);
+  content = content.slice(0, -16);
+  const {
+    ivLength: fixedIvLength
+  } = SUPPORTED_CIPHER_SUITE_MAP[cipherSuite];
+  const recordIvLength = 12 - fixedIvLength;
+  content = content.slice(recordIvLength);
+  return content;
+}
+function getRecordIV(content, cipherSuite) {
+  getZkAlgorithmForCipherSuite(cipherSuite);
+  const {
+    ivLength: fixedIvLength
+  } = SUPPORTED_CIPHER_SUITE_MAP[cipherSuite];
+  const recordIvLength = 12 - fixedIvLength;
+  return content.slice(0, recordIvLength);
+}
+function getProviderValue(params, fn, secretParams) {
+  return typeof fn === "function" ? fn(params, secretParams) : fn;
+}
+function generateRpcMessageId() {
+  return uint8ArrayToDataView(crypto.randomBytes(4)).getUint32(0);
+}
+function generateSessionId() {
+  return generateRpcMessageId();
+}
+function generateTunnelId() {
+  return generateRpcMessageId();
+}
+function makeRpcEvent(type, data) {
+  const ev = new Event(type);
+  ev.data = data;
+  return ev;
+}
+function getRpcTypeFromKey(key) {
+  if (key.endsWith("Request")) {
+    return {
+      type: key.slice(0, -7),
+      direction: "request"
+    };
+  }
+  if (key.endsWith("Response")) {
+    return {
+      type: key.slice(0, -8),
+      direction: "response"
+    };
+  }
+}
+function getRpcResponseType(type) {
+  return `${type}Response`;
+}
+function getRpcRequestType(type) {
+  return `${type}Request`;
+}
+function isApplicationData(packet, tlsVersion) {
+  return packet.type === "ciphertext" && (packet.contentType === "APPLICATION_DATA" || packet.data[0] === PACKET_TYPE.WRAPPED_RECORD && tlsVersion === "TLS1_2");
+}
+async function extractArrayBufferFromWsData(data) {
+  if (data instanceof ArrayBuffer) {
+    return new Uint8Array(data);
+  }
+  if (data instanceof Uint8Array || typeof data === "object" && data && "buffer" in data) {
+    return data;
+  }
+  if (typeof data === "string") {
+    return strToUint8Array(data);
+  }
+  if (typeof Blob !== "undefined" && data instanceof Blob) {
+    return new Uint8Array(await data.arrayBuffer());
+  }
+  throw new Error("unsupported data: " + String(data));
+}
+function getRpcRequest(msg) {
+  if (msg.requestError) {
+    return {
+      direction: "response",
+      type: "error"
+    };
+  }
+  for (const key in msg) {
+    if (!msg[key]) {
+      continue;
+    }
+    const rpcType = getRpcTypeFromKey(key);
+    if (!rpcType) {
+      continue;
+    }
+    return rpcType;
+  }
+}
+function extractApplicationDataFromTranscript({ transcript, tlsVersion }) {
+  const msgs = [];
+  for (const m of transcript) {
+    let message;
+    if (m.redacted) {
+      if (!m.plaintextLength) {
+        message = DEFAULT_REDACTION_DATA;
+      } else {
+        const len = tlsVersion === "TLS1_3" ? m.plaintextLength - 1 : m.plaintextLength;
+        message = new Uint8Array(len).fill(REDACTION_CHAR_CODE);
+      }
+    } else if (tlsVersion === "TLS1_3") {
+      const contentType = m.message[m.message.length - 1];
+      if (contentType !== CONTENT_TYPE_MAP["APPLICATION_DATA"]) {
+        continue;
+      }
+      message = m.message.slice(0, -1);
+    } else if (m.recordHeader[0] === PACKET_TYPE.WRAPPED_RECORD) {
+      message = m.message;
+    } else {
+      continue;
+    }
+    msgs.push({ message, sender: m.sender });
+  }
+  return msgs;
+}
+function extractHandshakeFromTranscript({ transcript, tlsVersion }) {
+  const msgs = [];
+  for (const [i, m] of transcript.entries()) {
+    if (m.redacted) {
+      break;
+    }
+    let message;
+    if (m.recordHeader[0] === PACKET_TYPE.HELLO) {
+      message = m.message;
+    } else if (m.recordHeader[0] === PACKET_TYPE.WRAPPED_RECORD) {
+      if (tlsVersion === "TLS1_3") {
+        const contentType = m.message[m.message.length - 1];
+        if (contentType !== CONTENT_TYPE_MAP["HANDSHAKE"]) {
+          break;
+        }
+        message = m.message.slice(0, -1);
+      } else {
+        break;
+      }
+    } else {
+      continue;
+    }
+    if (!message.length) {
+      throw new Error("unsupported handshake message");
+    }
+    msgs.push({ message, sender: m.sender, index: i });
+  }
+  return msgs;
+}
+async function decryptDirect(directReveal, cipherSuite, recordHeader, serverTlsVersion, content) {
+  const { key, iv, recordNumber } = directReveal;
+  const { cipher } = SUPPORTED_CIPHER_SUITE_MAP[cipherSuite];
+  const importedKey = await crypto.importKey(cipher, key);
+  return await decryptWrappedRecord(
+    content,
+    {
+      iv,
+      key: importedKey,
+      recordHeader,
+      recordNumber,
+      version: serverTlsVersion,
+      cipherSuite
+    }
+  );
+}
+function packRpcMessages(...msgs) {
+  return RPCMessages.create({
+    messages: msgs.map((msg) => RPCMessage.create({
+      ...msg,
+      id: msg.id || generateRpcMessageId()
+    }))
+  });
+}
+function ethersStructToPlainObject(struct) {
+  if (!Array.isArray(struct)) {
+    return struct;
+  }
+  const namedKeys = Object.keys(struct).filter((key) => isNaN(Number(key)));
+  if (!namedKeys.length) {
+    return struct.map(ethersStructToPlainObject);
+  }
+  const obj = {};
+  for (const key of namedKeys) {
+    obj[key] = ethersStructToPlainObject(struct[key]);
+  }
+  return obj;
+}
+function isTls13Suite(suite) {
+  return suite === "TLS_AES_128_GCM_SHA256" || suite === "TLS_AES_256_GCM_SHA384" || suite === "TLS_CHACHA20_POLY1305_SHA256";
+}
+export {
+  decryptDirect,
+  ethersStructToPlainObject,
+  extractApplicationDataFromTranscript,
+  extractArrayBufferFromWsData,
+  extractHandshakeFromTranscript,
+  findIndexInUint8Array,
+  generateRpcMessageId,
+  generateSessionId,
+  generateTunnelId,
+  getProviderValue,
+  getPureCiphertext,
+  getRecordIV,
+  getRpcRequest,
+  getRpcRequestType,
+  getRpcResponseType,
+  getRpcTypeFromKey,
+  getTranscriptString,
+  getZkAlgorithmForCipherSuite,
+  isApplicationData,
+  isTls13Suite,
+  makeRpcEvent,
+  packRpcMessages,
+  strToUint8Array,
+  uint8ArrayToBinaryStr,
+  uint8ArrayToStr,
+  unixTimestampSeconds
+};

package/lib/utils/http-parser.d.ts

@@ -0,0 +1,59 @@
+import type { IncomingHttpHeaders } from 'http';
+import type { ArraySlice, Transcript } from '#src/types/index.ts';
+export type HttpRequest = {
+    method: string;
+    url: string;
+    protocol: string;
+    headers: IncomingHttpHeaders;
+    body?: Uint8Array;
+};
+export type HttpResponse = {
+    statusCode: number;
+    statusMessage: string;
+    headers: IncomingHttpHeaders;
+    body: Uint8Array;
+    headersComplete: boolean;
+    complete: boolean;
+    /**
+     * Index of the first byte of the status line
+     */
+    statusLineEndIndex?: number;
+    /**
+     * Index of the first byte of the body
+     * in the complete response
+     */
+    bodyStartIndex?: number;
+    /**
+     * If using chunked transfer encoding,
+     * this will be set & contain indices of each
+     * chunk in the complete response
+     */
+    chunks?: ArraySlice[];
+    headerIndices: Map<string, ArraySlice>;
+    /**
+     * index of separator \r\n\r\n between headers and body
+     */
+    headerEndIdx: number;
+};
+/**
+ * parses http/1.1 responses
+ */
+export declare function makeHttpResponseParser(): {
+    res: HttpResponse;
+    /**
+     * Parse the next chunk of data
+     * @param data the data to parse
+     */
+    onChunk(data: Uint8Array): void;
+    /**
+     * Call to prevent further parsing; indicating the end of the request
+     * Checks that the response is valid & complete, otherwise throws an error
+     */
+    streamEnded(): void;
+};
+/**
+ * Read the HTTP request from a TLS receipt transcript.
+ * @param receipt the transcript to read from or application messages if they were extracted beforehand
+ * @returns the parsed HTTP request
+ */
+export declare function getHttpRequestDataFromTranscript(receipt: Transcript<Uint8Array>): HttpRequest;

package/lib/utils/http-parser.js

@@ -0,0 +1,201 @@
+import { asciiToUint8Array, concatenateUint8Arrays } from "@reclaimprotocol/tls";
+import { findIndexInUint8Array, uint8ArrayToStr } from "../utils/generics.js";
+import { REDACTION_CHAR_CODE } from "../utils/redactions.js";
+const HTTP_HEADER_LINE_END = asciiToUint8Array("\r\n");
+function makeHttpResponseParser() {
+  const res = {
+    statusCode: 0,
+    statusMessage: "",
+    headers: {},
+    body: new Uint8Array(),
+    complete: false,
+    headersComplete: false,
+    headerIndices: /* @__PURE__ */ new Map(),
+    headerEndIdx: 0
+  };
+  let remainingBodyBytes = 0;
+  let isChunked = false;
+  let remaining = new Uint8Array();
+  let currentByteIdx = 0;
+  return {
+    res,
+    /**
+           * Parse the next chunk of data
+           * @param data the data to parse
+           */
+    onChunk(data) {
+      remaining = concatenateUint8Arrays([remaining, data]);
+      if (!res.headersComplete) {
+        for (let line = getLine(); typeof line !== "undefined"; line = getLine()) {
+          if (!res.statusCode) {
+            const [, statusCode, statusMessage] = line.match(/HTTP\/\d\.\d (\d+) (.*)/) || [];
+            res.statusCode = Number(statusCode);
+            res.statusMessage = statusMessage;
+            res.statusLineEndIndex = currentByteIdx - HTTP_HEADER_LINE_END.length;
+          } else if (line === "") {
+            res.headersComplete = true;
+            res.headerEndIdx = currentByteIdx - 4;
+            if (res.headers["transfer-encoding"]?.includes("chunked")) {
+              isChunked = true;
+              res.chunks = [];
+              break;
+            } else if (res.headers["content-length"]) {
+              remainingBodyBytes = Number(res.headers["content-length"]);
+              break;
+            } else {
+              remainingBodyBytes = -1;
+              break;
+            }
+          } else if (!res.complete) {
+            const [key, value] = line.split(": ");
+            res.headers[key.toLowerCase()] = value;
+            res.headerIndices[key.toLowerCase()] = {
+              fromIndex: currentByteIdx - line.length - HTTP_HEADER_LINE_END.length,
+              toIndex: currentByteIdx - HTTP_HEADER_LINE_END.length
+            };
+          } else {
+            throw new Error("got more data after response was complete");
+          }
+        }
+      }
+      if (res.headersComplete) {
+        if (remainingBodyBytes) {
+          readBody();
+          if (!remainingBodyBytes && !isChunked) {
+            res.complete = true;
+          }
+        }
+        if (res.headers["content-length"] === "0") {
+          res.complete = true;
+        }
+        if (isChunked) {
+          for (let line = getLine(); typeof line !== "undefined"; line = getLine()) {
+            if (line === "") {
+              continue;
+            }
+            const chunkSize = Number.parseInt(line, 16);
+            if (!chunkSize) {
+              res.complete = true;
+              continue;
+            }
+            res.chunks?.push({
+              fromIndex: currentByteIdx,
+              toIndex: currentByteIdx + chunkSize
+            });
+            remainingBodyBytes = chunkSize;
+            readBody();
+            if (remainingBodyBytes) {
+              break;
+            }
+          }
+        }
+      }
+    },
+    /**
+           * Call to prevent further parsing; indicating the end of the request
+           * Checks that the response is valid & complete, otherwise throws an error
+           */
+    streamEnded() {
+      if (!res.headersComplete) {
+        throw new Error("stream ended before headers were complete");
+      }
+      if (remaining.length) {
+        throw new Error("stream ended before remaining data arrived");
+      }
+      if (remainingBodyBytes > 0) {
+        throw new Error("stream ended before all body bytes were received");
+      }
+      res.complete = true;
+    }
+  };
+  function readBody() {
+    if (res.complete) {
+      throw new Error("got more data after response was complete");
+    }
+    if (!res.bodyStartIndex) {
+      res.bodyStartIndex = currentByteIdx;
+    }
+    let bytesToCopy;
+    if (remainingBodyBytes === -1) {
+      bytesToCopy = remaining.length;
+    } else {
+      bytesToCopy = Math.min(remainingBodyBytes, remaining.length);
+      remainingBodyBytes -= bytesToCopy;
+    }
+    res.body = concatenateUint8Arrays([
+      res.body,
+      remaining.slice(0, bytesToCopy)
+    ]);
+    remaining = remaining.slice(bytesToCopy);
+    currentByteIdx += bytesToCopy;
+  }
+  function getLine() {
+    const idx = findIndexInUint8Array(remaining, HTTP_HEADER_LINE_END);
+    if (idx === -1) {
+      return void 0;
+    }
+    const line = uint8ArrayToStr(remaining.slice(0, idx));
+    remaining = remaining.slice(idx + HTTP_HEADER_LINE_END.length);
+    currentByteIdx += idx + HTTP_HEADER_LINE_END.length;
+    return line;
+  }
+}
+function getHttpRequestDataFromTranscript(receipt) {
+  const clientMsgs = receipt.filter((s) => s.sender === "client");
+  if (clientMsgs[0].message[0] === REDACTION_CHAR_CODE) {
+    throw new Error("First client message request is redacted. Cannot parse");
+  }
+  const request = {
+    method: "",
+    url: "",
+    protocol: "",
+    headers: {}
+  };
+  let requestBuffer = concatenateUint8Arrays(clientMsgs.map((m) => m.message));
+  for (let line = getLine(); typeof line !== "undefined"; line = getLine()) {
+    if (line === "") {
+      break;
+    }
+    if (!request.method) {
+      const [, method, url, protocol] = line.match(/(\w+) (.*) (.*)/) || [];
+      request.method = method.toLowerCase();
+      request.url = url;
+      request.protocol = protocol;
+    } else {
+      let keyIdx = line.indexOf(":");
+      if (keyIdx === -1) {
+        keyIdx = line.length - 1;
+      }
+      const key = line.slice(0, keyIdx).toLowerCase().trim();
+      const value = line.slice(keyIdx + 1).trim();
+      const oldValue = request.headers[key];
+      if (typeof oldValue === "string") {
+        request.headers[key] = [oldValue, value];
+      } else if (Array.isArray(oldValue)) {
+        oldValue.push(value);
+      } else {
+        request.headers[key] = value;
+      }
+    }
+  }
+  if (requestBuffer.length) {
+    request.body = requestBuffer;
+  }
+  if (!request.method) {
+    throw new Error("Client request is incomplete");
+  }
+  return request;
+  function getLine() {
+    const idx = findIndexInUint8Array(requestBuffer, HTTP_HEADER_LINE_END);
+    if (idx === -1) {
+      return void 0;
+    }
+    const line = uint8ArrayToStr(requestBuffer.slice(0, idx));
+    requestBuffer = requestBuffer.slice(idx + HTTP_HEADER_LINE_END.length);
+    return line;
+  }
+}
+export {
+  getHttpRequestDataFromTranscript,
+  makeHttpResponseParser
+};

package/lib/utils/index.d.ts

@@ -0,0 +1,13 @@
+export * from './generics.ts';
+export * from './logger.ts';
+export * from './redactions.ts';
+export * from './http-parser.ts';
+export * from './zk.ts';
+export * from './claims.ts';
+export * from './error.ts';
+export * from './prepare-packets.ts';
+export * from './signatures/index.ts';
+export * from './auth.ts';
+export * from './b64-json.ts';
+export * from './bgp-listener.ts';
+export * from './tls.ts';

package/lib/utils/index.js

@@ -0,0 +1,13 @@
+export * from "./generics.js";
+export * from "./logger.js";
+export * from "./redactions.js";
+export * from "./http-parser.js";
+export * from "./zk.js";
+export * from "./claims.js";
+export * from "./error.js";
+export * from "./prepare-packets.js";
+export * from "./signatures/index.js";
+export * from "./auth.js";
+export * from "./b64-json.js";
+export * from "./bgp-listener.js";
+export * from "./tls.js";

package/lib/utils/logger.d.ts

@@ -0,0 +1,13 @@
+import type { LogLevel } from '#src/types/index.ts';
+export declare let logger: import("pino").Logger<never, boolean>;
+/**
+ * Creates a logger instance with optional redaction of PII.
+ * Replaces default logger
+ * See PII_PROPERTIES for the list of properties that will be redacted.
+ *
+ * @param redactPii - whether to redact PII from logs
+ * @param level - the log level to use
+ * @param onLog - a callback to call when a log is written
+ */
+export declare function makeLogger(redactPii: boolean, level?: LogLevel, onLog?: (level: LogLevel, log: any) => void): import("pino").Logger<never, boolean>;
+export declare function redact(json: any): any;

package/lib/utils/logger.js

@@ -0,0 +1,82 @@
+import { pino, stdTimeFunctions } from "pino";
+import { getEnvVariable } from "../utils/env.js";
+const PII_PROPERTIES = ["ownerPrivateKey", "secretParams"];
+const redactedText = "[REDACTED]";
+const envLevel = getEnvVariable("LOG_LEVEL");
+let logger = pino();
+makeLogger(false, envLevel);
+function makeLogger(redactPii, level, onLog) {
+  const opts = {
+    // Log human readable time stamps instead of epoch time
+    timestamp: stdTimeFunctions.isoTime
+  };
+  if (redactPii) {
+    opts.formatters = { log: redact };
+    opts.serializers = { redact };
+    opts.browser = {
+      write: {
+        fatal: (log) => writeLog("fatal", log),
+        error: (log) => writeLog("error", log),
+        warn: (log) => writeLog("warn", log),
+        info: (log) => writeLog("info", log),
+        debug: (log) => writeLog("debug", log),
+        trace: (log) => writeLog("trace", log)
+      }
+    };
+  }
+  const pLogger = pino(opts);
+  pLogger.level = level || "info";
+  logger = pLogger;
+  return pLogger;
+  function writeLog(level2, log) {
+    log = redact(log);
+    const { msg, ...obj } = log;
+    if (console[level2]) {
+      console[level2](obj, msg);
+    } else {
+      console.log(obj, msg);
+    }
+    onLog?.(level2, log);
+  }
+}
+function isObjectProperty(property) {
+  return typeof property === "object" && !Array.isArray(property) && property !== null;
+}
+function getReplacer() {
+  const references = /* @__PURE__ */ new WeakSet();
+  return function(key, value) {
+    const isObject = typeof value === "object" && value !== null;
+    if (isObject) {
+      if (references.has(value)) {
+        return "[CIRCULAR]";
+      }
+      references.add(value);
+    }
+    return value;
+  };
+}
+function redact(json) {
+  const isObject = isObjectProperty(json);
+  if (!isObject && !Array.isArray(json)) {
+    return json;
+  }
+  const redacted = JSON.parse(JSON.stringify(json, getReplacer()));
+  for (const prop in redacted) {
+    if (PII_PROPERTIES.includes(prop)) {
+      redacted[prop] = redactedText;
+    }
+    if (Array.isArray(redacted[prop])) {
+      for (const [index, value] of redacted[prop].entries()) {
+        redacted[prop][index] = redact(value);
+      }
+    } else if (isObjectProperty(redacted[prop])) {
+      redacted[prop] = redact(redacted[prop]);
+    }
+  }
+  return redacted;
+}
+export {
+  logger,
+  makeLogger,
+  redact
+};

package/lib/utils/prepare-packets.d.ts

@@ -0,0 +1,16 @@
+import type { CipherSuite, TLSPacketContext } from '@reclaimprotocol/tls';
+import type { ClaimTunnelRequest_TranscriptMessage as TranscriptMessage } from '#src/proto/api.ts';
+import type { CompleteTLSPacket, Logger, MessageRevealInfo, PrepareZKProofsBaseOpts, Transcript } from '#src/types/index.ts';
+export type PreparePacketsForRevealOpts = {
+    cipherSuite: CipherSuite;
+    logger: Logger;
+    /**
+     * Progress of Zk proof generation
+     */
+    onZkProgress?(blocksDone: number, totalBlocks: number): void;
+} & PrepareZKProofsBaseOpts;
+/**
+ * Prepares the packets for reveal to the server
+ * according to the specified reveal type
+ */
+export declare function preparePacketsForReveal(tlsTranscript: Transcript<CompleteTLSPacket>, reveals: Map<TLSPacketContext, MessageRevealInfo>, { onZkProgress, ...opts }: PreparePacketsForRevealOpts): Promise<TranscriptMessage[]>;