@reclaimprotocol/attestor-core 5.0.1-beta.2 → 5.0.1-beta.22

package/lib/server/utils/assert-valid-claim-request.js

@@ -1,354 +1,325 @@
-import { areUint8ArraysEqual, concatenateUint8Arrays } from "@reclaimprotocol/tls";
+import { areUint8ArraysEqual, concatenateUint8Arrays } from '@reclaimprotocol/tls';
 import { ClaimTunnelRequest, TranscriptMessageSenderType } from "../../proto/api.js";
 import { providers } from "../../providers/index.js";
-import { niceParseJsonObject } from "../../server/utils/generics.js";
-import { computeOPRFRaw } from "../../server/utils/oprf-raw.js";
-import { processHandshake } from "../../server/utils/process-handshake.js";
-import { assertValidateProviderParams } from "../../server/utils/validation.js";
-import {
-  AttestorError,
-  binaryHashToStr,
-  canonicalStringify,
-  decryptDirect,
-  extractApplicationDataFromTranscript,
-  hashProviderParams,
-  SIGNATURES,
-  verifyZkPacket
-} from "../../utils/index.js";
+import { niceParseJsonObject } from "./generics.js";
+import { computeOPRFRaw } from "./oprf-raw.js";
+import { processHandshake } from "./process-handshake.js";
+import { assertValidateProviderParams } from "./validation.js";
+import { AttestorError, binaryHashToStr, canonicalStringify, decryptDirect, extractApplicationDataFromTranscript, hashProviderParams, SIGNATURES, verifyZkPacket } from "../../utils/index.js";
 import { getEngineString } from "../../utils/zk.js";
-async function assertValidClaimRequest(request, metadata, logger) {
-  const {
-    data,
-    signatures: { requestSignature } = {},
-    zkEngine,
-    fixedServerIV,
-    fixedClientIV
-  } = request;
-  if (!data) {
-    throw new AttestorError(
-      "ERROR_INVALID_CLAIM",
-      "No info provided on claim request"
-    );
-  }
-  if (!requestSignature?.length) {
-    throw new AttestorError(
-      "ERROR_INVALID_CLAIM",
-      "No signature provided on claim request"
-    );
-  }
-  const serialisedReq = ClaimTunnelRequest.encode({ ...request, signatures: void 0 }).finish();
-  const { verify: verifySig } = SIGNATURES[metadata.signatureType];
-  const verified = await verifySig(serialisedReq, requestSignature, data.owner);
-  if (!verified) {
-    throw new AttestorError(
-      "ERROR_INVALID_CLAIM",
-      "Invalid signature on claim request"
-    );
-  }
-  const receipt = await decryptTranscript(
-    request.transcript,
-    logger,
-    getEngineString(zkEngine),
-    fixedServerIV,
-    fixedClientIV
-  );
-  const reqHost = request.request?.host;
-  if (receipt.hostname !== reqHost) {
-    throw new Error(
-      `Expected server name ${reqHost}, got ${receipt.hostname}`
-    );
-  }
-  const applData = extractApplicationDataFromTranscript(receipt);
-  const newData = await assertValidProviderTranscript(
-    applData,
-    data,
-    logger,
-    { version: metadata.clientVersion },
-    receipt.oprfRawReplacements
-  );
-  if (newData !== data) {
-    logger.info({ newData }, "updated claim info");
-  }
-  return newData;
-}
-async function assertValidProviderTranscript(applData, info, logger, providerCtx, oprfRawReplacements) {
-  const providerName = info.provider;
-  const provider = providers[providerName];
-  if (!provider) {
-    throw new AttestorError(
-      "ERROR_INVALID_CLAIM",
-      `Unsupported provider: ${providerName}`
-    );
-  }
-  let params = niceParseJsonObject(info.parameters, "params");
-  const ctx = niceParseJsonObject(info.context, "context");
-  if (oprfRawReplacements?.length) {
-    let strParams = canonicalStringify(params) ?? "{}";
-    for (const { originalText, nullifierText } of oprfRawReplacements) {
-      strParams = strParams.replaceAll(originalText, nullifierText);
+/**
+ * Asserts that the claim request is valid.
+ *
+ * 1. We begin by verifying the signature of the claim request.
+ * 2. Next, we produce the transcript of the TLS exchange
+ * from the proofs provided by the client.
+ * 3. We then pull the provider the client is trying to claim
+ * from
+ * 4. We then use the provider's verification function to verify
+ *  whether the claim is valid.
+ *
+ * If any of these steps fail, we throw an error.
+ */
+export async function assertValidClaimRequest(request, metadata, logger) {
+    const { data, signatures: { requestSignature } = {}, zkEngine, fixedServerIV, fixedClientIV } = request;
+    if (!data) {
+        throw new AttestorError('ERROR_INVALID_CLAIM', 'No info provided on claim request');
+    }
+    if (!requestSignature?.length) {
+        throw new AttestorError('ERROR_INVALID_CLAIM', 'No signature provided on claim request');
+    }
+    // verify request signature
+    const serialisedReq = ClaimTunnelRequest
+        .encode({ ...request, signatures: undefined })
+        .finish();
+    const { verify: verifySig } = SIGNATURES[metadata.signatureType];
+    const verified = await verifySig(serialisedReq, requestSignature, data.owner);
+    if (!verified) {
+        throw new AttestorError('ERROR_INVALID_CLAIM', 'Invalid signature on claim request');
+    }
+    const receipt = await decryptTranscript(request.transcript, logger, getEngineString(zkEngine), fixedServerIV, fixedClientIV);
+    const reqHost = request.request?.host;
+    if (receipt.hostname !== reqHost) {
+        throw new Error(`Expected server name ${reqHost}, got ${receipt.hostname}`);
     }
-    params = JSON.parse(strParams);
-    info.parameters = strParams;
-    logger.debug(
-      { replacements: oprfRawReplacements.length },
-      "applied oprf-raw parameter replacements"
-    );
-  }
-  assertValidateProviderParams(providerName, params);
-  const rslt = await provider.assertValidProviderReceipt({
-    receipt: applData,
-    params,
-    logger,
-    ctx: providerCtx
-  });
-  ctx.providerHash = hashProviderParams(params);
-  const extractedParameters = rslt?.extractedParameters || {};
-  if (Object.keys(extractedParameters).length) {
-    ctx.extractedParameters = extractedParameters;
-  }
-  info.context = canonicalStringify(ctx) ?? "";
-  return info;
+    // get all application data messages
+    const applData = extractApplicationDataFromTranscript(receipt);
+    const newData = await assertValidProviderTranscript(applData, data, logger, { version: metadata.clientVersion }, receipt.oprfRawReplacements);
+    if (newData !== data) {
+        logger.info({ newData }, 'updated claim info');
+    }
+    return newData;
 }
-function assertTranscriptsMatch(clientTranscript, tunnelTranscript) {
-  const clientSends = concatenateUint8Arrays(
-    clientTranscript.filter((m) => m.sender === TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT).map((m) => m.message)
-  );
-  const tunnelSends = concatenateUint8Arrays(
-    tunnelTranscript.filter((m) => m.sender === "client").map((m) => m.message)
-  );
-  if (!areUint8ArraysEqual(clientSends, tunnelSends)) {
-    throw AttestorError.badRequest(
-      "Outgoing messages from client do not match the tunnel transcript"
-    );
-  }
-  const clientRecvs = concatenateUint8Arrays(
-    clientTranscript.filter((m) => m.sender === TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER).map((m) => m.message)
-  );
-  const tunnelRecvs = concatenateUint8Arrays(
-    tunnelTranscript.filter((m) => m.sender === "server").map((m) => m.message)
-  ).slice(0, clientRecvs.length);
-  if (!areUint8ArraysEqual(clientRecvs, tunnelRecvs)) {
-    throw AttestorError.badRequest(
-      "Incoming messages from server do not match the tunnel transcript"
-    );
-  }
+/**
+ * Verify that the transcript contains a valid claim
+ * for the provider.
+ */
+export async function assertValidProviderTranscript(applData, info, logger, providerCtx, oprfRawReplacements) {
+    const providerName = info.provider;
+    const provider = providers[providerName];
+    if (!provider) {
+        throw new AttestorError('ERROR_INVALID_CLAIM', `Unsupported provider: ${providerName}`);
+    }
+    let params = niceParseJsonObject(info.parameters, 'params');
+    const ctx = niceParseJsonObject(info.context, 'context');
+    // Apply oprf-raw replacements to parameters (server-side OPRF)
+    if (oprfRawReplacements?.length) {
+        let strParams = canonicalStringify(params) ?? '{}';
+        for (const { originalText, nullifierText } of oprfRawReplacements) {
+            strParams = strParams.replaceAll(originalText, nullifierText);
+        }
+        params = JSON.parse(strParams);
+        // Update info.parameters with replaced values
+        info.parameters = strParams;
+        logger.debug({ replacements: oprfRawReplacements.length }, 'applied oprf-raw parameter replacements');
+    }
+    assertValidateProviderParams(providerName, params);
+    const rslt = await provider.assertValidProviderReceipt({
+        receipt: applData,
+        params,
+        logger,
+        ctx: providerCtx
+    });
+    ctx.providerHash = hashProviderParams(params);
+    const extractedParameters = rslt?.extractedParameters || {};
+    if (Object.keys(extractedParameters).length) {
+        ctx.extractedParameters = extractedParameters;
+    }
+    info.context = canonicalStringify(ctx) ?? '';
+    return info;
 }
-async function decryptTranscript(transcript, logger, zkEngine, serverIV, clientIV) {
-  const {
-    tlsVersion,
-    cipherSuite,
-    hostname,
-    nextMsgIndex
-  } = await processHandshake(transcript, logger);
-  let clientRecordNumber = tlsVersion === "TLS1_3" ? -1 : 0;
-  let serverRecordNumber = clientRecordNumber;
-  transcript = transcript.slice(nextMsgIndex);
-  const overshotMap = {};
-  const decryptedTranscript = [];
-  const oprfRawReplacements = [];
-  const pendingOprfRaw = {};
-  for (const [i, {
-    sender,
-    message,
-    reveal: { zkReveal, directReveal } = {}
-  }] of transcript.entries()) {
-    try {
-      await decryptMessage(sender, message, directReveal, zkReveal, i);
-    } catch (error) {
-      const err = new AttestorError(
-        "ERROR_INVALID_CLAIM",
-        `error in handling packet at idx ${i}: ${error}`,
-        { packetIdx: i, error }
-      );
-      if (error.stack) {
-        err.stack = error.stack;
-      }
-      throw err;
+/**
+ * Verify that the transcript provided by the client
+ * matches the transcript of the tunnel, the server
+ * has created.
+ */
+export function assertTranscriptsMatch(clientTranscript, tunnelTranscript) {
+    const clientSends = concatenateUint8Arrays(clientTranscript
+        .filter(m => m.sender === TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT)
+        .map(m => m.message));
+    const tunnelSends = concatenateUint8Arrays(tunnelTranscript
+        .filter(m => m.sender === 'client')
+        .map(m => m.message));
+    if (!areUint8ArraysEqual(clientSends, tunnelSends)) {
+        throw AttestorError.badRequest('Outgoing messages from client do not match the tunnel transcript');
     }
-  }
-  const remainingPending = Object.keys(pendingOprfRaw);
-  if (remainingPending.length) {
-    throw new AttestorError(
-      "ERROR_INVALID_CLAIM",
-      `oprf-raw cross-block markers incomplete: pending for packets ${remainingPending.join(", ")}`
-    );
-  }
-  return {
-    transcript: decryptedTranscript,
-    hostname,
-    tlsVersion,
-    oprfRawReplacements: oprfRawReplacements.length ? oprfRawReplacements : void 0
-  };
-  async function decryptMessage(sender, message, directReveal, zkReveal, i) {
-    const isServer = sender === TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER;
-    const recordHeader = message.slice(0, 5);
-    const content = getWithoutHeader(message);
-    if (isServer) {
-      serverRecordNumber++;
-    } else {
-      clientRecordNumber++;
+    const clientRecvs = concatenateUint8Arrays(clientTranscript
+        .filter(m => m.sender === TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER)
+        .map(m => m.message));
+    const tunnelRecvs = concatenateUint8Arrays(tunnelTranscript
+        .filter(m => m.sender === 'server')
+        .map(m => m.message))
+        // We only need to compare the first N messages
+        // that the client claims to have received
+        // the rest are not relevant -- so even if they're
+        // not present in the tunnel transcript, it's fine
+        .slice(0, clientRecvs.length);
+    if (!areUint8ArraysEqual(clientRecvs, tunnelRecvs)) {
+        throw AttestorError.badRequest('Incoming messages from server do not match the tunnel transcript');
     }
-    let redacted = true;
-    let plaintext = void 0;
-    let plaintextLength;
-    if (directReveal?.key?.length) {
-      const result = await decryptDirect(
-        directReveal,
-        cipherSuite,
-        recordHeader,
-        tlsVersion,
-        content
-      );
-      plaintext = result.plaintext;
-      redacted = false;
-      plaintextLength = plaintext.length;
-    } else if (zkReveal?.proofs?.length) {
-      const iv = sender === TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER ? serverIV : clientIV;
-      const recordNumber = isServer ? serverRecordNumber : clientRecordNumber;
-      const result = await verifyZkPacket(
-        {
-          ciphertext: content,
-          zkReveal,
-          iv,
-          recordNumber,
-          toprfOvershotNullifier: overshotMap[i]?.data,
-          getNextPacket(overshot) {
-            const nextIdx = transcript.findIndex((t, j) => t.sender === sender && j > i);
-            if (nextIdx < 0) {
-              return;
+}
+export async function decryptTranscript(transcript, logger, zkEngine, serverIV, clientIV) {
+    const { tlsVersion, cipherSuite, hostname, nextMsgIndex } = await processHandshake(transcript, logger);
+    // TLS 1.3 has already one record encrypted at this point
+    let clientRecordNumber = tlsVersion === 'TLS1_3' ? -1 : 0;
+    let serverRecordNumber = clientRecordNumber;
+    transcript = transcript.slice(nextMsgIndex);
+    const overshotMap = {};
+    const decryptedTranscript = [];
+    const oprfRawReplacements = [];
+    // Track pending oprf-raw markers that span multiple packets
+    // keyed by packet index that will receive the overshot data
+    const pendingOprfRaw = {};
+    for (const [i, { sender, message, reveal: { zkReveal, directReveal } = {} }] of transcript.entries()) {
+        try {
+            //start with first message after last handshake message
+            await decryptMessage(sender, message, directReveal, zkReveal, i);
+        }
+        catch (error) {
+            const err = new AttestorError('ERROR_INVALID_CLAIM', `error in handling packet at idx ${i}: ${error}`, { packetIdx: i, error });
+            if (error.stack) {
+                err.stack = error.stack;
             }
-            overshotMap[nextIdx] = { data: overshot };
-            return getWithoutHeader(transcript[nextIdx].message);
-          },
-          logger,
-          cipherSuite,
-          zkEngine
+            throw err;
+        }
+    }
+    // Fail if any oprf-raw markers remain incomplete
+    const remainingPending = Object.keys(pendingOprfRaw);
+    if (remainingPending.length) {
+        throw new AttestorError('ERROR_INVALID_CLAIM', `oprf-raw cross-block markers incomplete: pending for packets ${remainingPending.join(', ')}`);
+    }
+    return {
+        transcript: decryptedTranscript,
+        hostname: hostname,
+        tlsVersion: tlsVersion,
+        oprfRawReplacements: oprfRawReplacements.length ? oprfRawReplacements : undefined
+    };
+    async function decryptMessage(sender, message, directReveal, zkReveal, i) {
+        const isServer = sender === TranscriptMessageSenderType
+            .TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER;
+        const recordHeader = message.slice(0, 5);
+        const content = getWithoutHeader(message);
+        if (isServer) {
+            serverRecordNumber++;
         }
-      );
-      plaintext = result.redactedPlaintext;
-      const pendingForThis = pendingOprfRaw[i];
-      if (pendingForThis && zkReveal?.overshotOprfRawLength) {
-        const overshootLen = zkReveal.overshotOprfRawLength;
-        const overshootData = plaintext.slice(0, overshootLen);
-        const fullData = concatenateUint8Arrays([
-          pendingForThis.partialData,
-          overshootData
-        ]);
-        const expectedLen = pendingForThis.dataLocation.length;
-        if (fullData.length !== expectedLen) {
-          throw new AttestorError(
-            "ERROR_INVALID_CLAIM",
-            `oprf-raw cross-block length mismatch: got ${fullData.length}, expected ${expectedLen}`
-          );
+        else {
+            clientRecordNumber++;
         }
-        const oprfResults = await computeOPRFRaw(
-          fullData,
-          [{ dataLocation: { fromIndex: 0, length: fullData.length } }],
-          logger
-        );
-        if (oprfResults.length) {
-          const { nullifier } = oprfResults[0];
-          const originalText = new TextDecoder().decode(fullData);
-          const nullifierStr = binaryHashToStr(nullifier, fullData.length);
-          oprfRawReplacements.push({ originalText, nullifierText: nullifierStr });
-          const nullifierBytes = new TextEncoder().encode(nullifierStr);
-          const overshootNullifier = nullifierBytes.slice(pendingForThis.partialData.length);
-          plaintext.set(overshootNullifier, 0);
-          const prevPkt = decryptedTranscript[pendingForThis.originPktIdx];
-          if (prevPkt) {
-            const firstPartNullifier = nullifierBytes.slice(0, pendingForThis.partialData.length);
-            prevPkt.message.set(firstPartNullifier, pendingForThis.dataLocation.fromIndex);
-          }
+        let redacted = true;
+        let plaintext = undefined;
+        let plaintextLength;
+        if (directReveal?.key?.length) {
+            const result = await decryptDirect(directReveal, cipherSuite, recordHeader, tlsVersion, content);
+            plaintext = result.plaintext;
+            redacted = false;
+            plaintextLength = plaintext.length;
         }
-        delete pendingOprfRaw[i];
-      }
-      if (result.oprfRawMarkers?.length) {
-        const { markersThisPacket, pendingMarker } = separateOprfRawMarkers(
-          result.oprfRawMarkers,
-          plaintext.length,
-          () => transcript.findIndex((t, j) => t.sender === sender && j > i),
-          decryptedTranscript.length,
-          logger
-        );
-        if (pendingMarker) {
-          pendingMarker.pending.partialData.set(
-            plaintext.slice(pendingMarker.pending.dataLocation.fromIndex)
-          );
-          pendingOprfRaw[pendingMarker.nextIdx] = pendingMarker.pending;
+        else if (zkReveal?.proofs?.length) {
+            const iv = sender === TranscriptMessageSenderType
+                .TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER
+                ? serverIV
+                : clientIV;
+            const recordNumber = isServer
+                ? serverRecordNumber
+                : clientRecordNumber;
+            const result = await verifyZkPacket({
+                ciphertext: content,
+                zkReveal,
+                iv,
+                recordNumber,
+                toprfOvershotNullifier: overshotMap[i]?.data,
+                getNextPacket(overshot) {
+                    const nextIdx = transcript
+                        .findIndex((t, j) => t.sender === sender && j > i);
+                    if (nextIdx < 0) {
+                        return;
+                    }
+                    overshotMap[nextIdx] = { data: overshot };
+                    return getWithoutHeader(transcript[nextIdx].message);
+                },
+                logger,
+                cipherSuite,
+                zkEngine: zkEngine,
+            });
+            plaintext = result.redactedPlaintext;
+            // Handle pending oprf-raw data from previous packet (cross-block)
+            const pendingForThis = pendingOprfRaw[i];
+            if (pendingForThis && zkReveal?.overshotOprfRawLength) {
+                const overshootLen = zkReveal.overshotOprfRawLength;
+                // Collect the overshot plaintext from this packet
+                const overshootData = plaintext.slice(0, overshootLen);
+                const fullData = concatenateUint8Arrays([
+                    pendingForThis.partialData,
+                    overshootData
+                ]);
+                // Verify accumulated length matches declared length
+                const expectedLen = pendingForThis.dataLocation.length;
+                if (fullData.length !== expectedLen) {
+                    throw new AttestorError('ERROR_INVALID_CLAIM', `oprf-raw cross-block length mismatch: got ${fullData.length}, expected ${expectedLen}`);
+                }
+                // Compute OPRF for the complete data
+                const oprfResults = await computeOPRFRaw(fullData, [{ dataLocation: { fromIndex: 0, length: fullData.length } }], logger);
+                if (oprfResults.length) {
+                    const { nullifier } = oprfResults[0];
+                    const originalText = new TextDecoder().decode(fullData);
+                    const nullifierStr = binaryHashToStr(nullifier, fullData.length);
+                    oprfRawReplacements.push({ originalText, nullifierText: nullifierStr });
+                    // Replace in original packet (handled when that packet was processed)
+                    // Replace in current packet
+                    const nullifierBytes = new TextEncoder().encode(nullifierStr);
+                    const overshootNullifier = nullifierBytes.slice(pendingForThis.partialData.length);
+                    plaintext.set(overshootNullifier, 0);
+                    // Also need to update the previous packet's plaintext
+                    // The previous packet has the first part of the nullifier
+                    const prevPkt = decryptedTranscript[pendingForThis.originPktIdx];
+                    if (prevPkt) {
+                        const firstPartNullifier = nullifierBytes.slice(0, pendingForThis.partialData.length);
+                        prevPkt.message.set(firstPartNullifier, pendingForThis.dataLocation.fromIndex);
+                    }
+                }
+                delete pendingOprfRaw[i];
+            }
+            // Process oprf-raw markers: compute OPRF server-side and replace with nullifier
+            if (result.oprfRawMarkers?.length) {
+                const { markersThisPacket, pendingMarker } = separateOprfRawMarkers(result.oprfRawMarkers, plaintext.length, () => transcript.findIndex((t, j) => t.sender === sender && j > i), decryptedTranscript.length, logger);
+                // Store pending marker for cross-block processing
+                if (pendingMarker) {
+                    // Copy partial data from plaintext
+                    pendingMarker.pending.partialData.set(plaintext.slice(pendingMarker.pending.dataLocation.fromIndex));
+                    pendingOprfRaw[pendingMarker.nextIdx] = pendingMarker.pending;
+                }
+                // Process markers that fit in this packet
+                if (markersThisPacket.length) {
+                    const pt = plaintext;
+                    const oprfResults = await computeOPRFRaw(pt, markersThisPacket, logger);
+                    // Capture all original texts BEFORE any replacements
+                    // to avoid reading corrupted data when markers are adjacent
+                    const originalTexts = oprfResults.map(({ dataLocation }) => new TextDecoder().decode(pt.slice(dataLocation.fromIndex, dataLocation.fromIndex + dataLocation.length)));
+                    // Now replace plaintext at marker positions with nullifier string
+                    for (const [idx, { dataLocation, nullifier }] of oprfResults.entries()) {
+                        const originalText = originalTexts[idx];
+                        const nullifierStr = binaryHashToStr(nullifier, dataLocation.length);
+                        oprfRawReplacements.push({ originalText, nullifierText: nullifierStr });
+                        const nullifierBytes = new TextEncoder().encode(nullifierStr);
+                        pt.set(nullifierBytes, dataLocation.fromIndex);
+                    }
+                }
+            }
+            redacted = false;
+            plaintextLength = plaintext.length;
         }
-        if (markersThisPacket.length) {
-          const pt = plaintext;
-          const oprfResults = await computeOPRFRaw(pt, markersThisPacket, logger);
-          const originalTexts = oprfResults.map(({ dataLocation }) => new TextDecoder().decode(
-            pt.slice(dataLocation.fromIndex, dataLocation.fromIndex + dataLocation.length)
-          ));
-          for (const [idx, { dataLocation, nullifier }] of oprfResults.entries()) {
-            const originalText = originalTexts[idx];
-            const nullifierStr = binaryHashToStr(nullifier, dataLocation.length);
-            oprfRawReplacements.push({ originalText, nullifierText: nullifierStr });
-            const nullifierBytes = new TextEncoder().encode(nullifierStr);
-            pt.set(nullifierBytes, dataLocation.fromIndex);
-          }
+        else {
+            plaintext = content;
+            plaintextLength = plaintext.length;
         }
-      }
-      redacted = false;
-      plaintextLength = plaintext.length;
-    } else {
-      plaintext = content;
-      plaintextLength = plaintext.length;
+        decryptedTranscript.push({
+            sender: sender === TranscriptMessageSenderType
+                .TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT
+                ? 'client'
+                : 'server',
+            redacted,
+            message: plaintext,
+            recordHeader,
+            plaintextLength,
+        });
     }
-    decryptedTranscript.push({
-      sender: sender === TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT ? "client" : "server",
-      redacted,
-      message: plaintext,
-      recordHeader,
-      plaintextLength
-    });
-  }
 }
-function getWithoutHeader(message) {
-  return message.slice(5);
+export function getWithoutHeader(message) {
+    // strip the record header (xx 03 03 xx xx)
+    return message.slice(5);
 }
+/**
+ * Separate oprf-raw markers into those that fit in current packet
+ * vs those that span to the next packet
+ */
 function separateOprfRawMarkers(markers, plaintextLength, findNextPacketIdx, currentTranscriptLength, logger) {
-  const markersThisPacket = [];
-  let pendingMarker;
-  for (const marker of markers) {
-    const dataLocation = marker.dataLocation;
-    if (!dataLocation) {
-      continue;
-    }
-    const { fromIndex, length } = dataLocation;
-    const endInPacket = fromIndex + length;
-    if (endInPacket <= plaintextLength) {
-      markersThisPacket.push({ dataLocation });
-      continue;
-    }
-    const nextIdx = findNextPacketIdx();
-    if (nextIdx < 0) {
-      throw new AttestorError(
-        "ERROR_INVALID_CLAIM",
-        "oprf-raw marker spans packets but no next packet found"
-      );
+    const markersThisPacket = [];
+    let pendingMarker;
+    for (const marker of markers) {
+        const dataLocation = marker.dataLocation;
+        if (!dataLocation) {
+            continue;
+        }
+        const { fromIndex, length } = dataLocation;
+        const endInPacket = fromIndex + length;
+        if (endInPacket <= plaintextLength) {
+            markersThisPacket.push({ dataLocation });
+            continue;
+        }
+        // Spans to next packet
+        const nextIdx = findNextPacketIdx();
+        if (nextIdx < 0) {
+            throw new AttestorError('ERROR_INVALID_CLAIM', 'oprf-raw marker spans packets but no next packet found');
+        }
+        pendingMarker = {
+            nextIdx,
+            pending: {
+                partialData: new Uint8Array(plaintextLength - fromIndex),
+                dataLocation: { fromIndex, length },
+                originPktIdx: currentTranscriptLength
+            }
+        };
+        logger.debug({ fromIndex, length, partialLen: plaintextLength - fromIndex, nextIdx }, 'oprf-raw marker spans packets, storing partial data');
     }
-    pendingMarker = {
-      nextIdx,
-      pending: {
-        partialData: new Uint8Array(plaintextLength - fromIndex),
-        dataLocation: { fromIndex, length },
-        originPktIdx: currentTranscriptLength
-      }
-    };
-    logger.debug(
-      { fromIndex, length, partialLen: plaintextLength - fromIndex, nextIdx },
-      "oprf-raw marker spans packets, storing partial data"
-    );
-  }
-  return { markersThisPacket, pendingMarker };
+    return { markersThisPacket, pendingMarker };
 }
-export {
-  assertTranscriptsMatch,
-  assertValidClaimRequest,
-  assertValidProviderTranscript,
-  decryptTranscript,
-  getWithoutHeader
-};