@reclaimprotocol/attestor-core 5.0.1-beta.2 → 5.0.1-beta.22

package/lib/server/utils/nitro-attestation.js

@@ -1,12 +1,17 @@
-import { AsnParser } from "@peculiar/asn1-schema";
-import { SubjectPublicKeyInfo } from "@peculiar/asn1-x509";
-import { Crypto } from "@peculiar/webcrypto";
-import { X509Certificate, X509ChainBuilder } from "@peculiar/x509";
-import { sign } from "cose-js";
+/**
+ * Working Nitro Attestation validation utilities
+ */
+import { AsnParser } from '@peculiar/asn1-schema';
+import { SubjectPublicKeyInfo } from '@peculiar/asn1-x509';
+import { Crypto } from '@peculiar/webcrypto';
+import { X509Certificate, X509ChainBuilder } from '@peculiar/x509';
+import { sign } from 'cose-js';
+// Helper function to dynamically import cbor-x
 async function getCborDecode() {
-  const { decode } = await import("cbor-x");
-  return decode;
+    const { decode } = await import('cbor-x');
+    return decode;
 }
+// AWS Nitro root certificate (from nitrite)
 const AWS_NITRO_ROOT_CERT = `-----BEGIN CERTIFICATE-----
 MIICETCCAZagAwIBAgIRAPkxdWgbkK/hHUbMtOTn+FYwCgYIKoZIzj0EAwMwSTEL
 MAkGA1UEBhMCVVMxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMRswGQYD
@@ -21,229 +26,299 @@ MQCjfy+Rocm9Xue4YnwWmNJVA44fA0P5W2OpYow9OYCVRaEevL8uO1XYru5xtMPW
 rfMCMQCi85sWBbJwKKXdS6BptQFuZbT73o/gBh1qUxl/nNr12UO8Yfwr6wPLb+6N
 IwLz3/Y=
 -----END CERTIFICATE-----`;
+// Expected PCR values (replace with actual values)
+// const EXPECTED_PCRS = {
+// 	//0: Buffer.from('000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000', 'hex'),
+// }
+//
+// // Secure buffer comparison to prevent timing attacks
+// function secureBufferCompare(a: Buffer, b: Buffer): boolean {
+// 	if(a.length !== b.length) {
+// 		return false
+// 	}
+//
+// 	let result = 0
+// 	for(const [i, element] of a.entries()) {
+// 		result |= element ^ b[i]
+// 	}
+//
+// 	return result === 0
+// }
+// Enhanced certificate chain validation
 async function validateCertificateChain(targetCert, intermediateCerts, rootCert, crypto) {
-  const errors = [];
-  try {
-    const rootSubject = rootCert.subject;
-    const rootIssuer = rootCert.issuer;
-    if (rootSubject !== rootIssuer) {
-      errors.push("Root certificate is not self-signed");
-    }
-    try {
-      const isRootValid = await rootCert.verify(void 0, crypto);
-      if (!isRootValid) {
-        errors.push("Root certificate signature verification failed");
-      }
-    } catch (error) {
-      errors.push(`Root certificate verification failed: ${error.message}`);
-    }
-    const chainBuilder = new X509ChainBuilder({
-      certificates: [rootCert, ...intermediateCerts]
-    });
-    let chain;
+    const errors = [];
     try {
-      chain = await chainBuilder.build(targetCert, crypto);
-    } catch (error) {
-      errors.push(`Certificate chain building failed: ${error.message}`);
-      return { isValid: false, errors, chain: [] };
-    }
-    if (!chain || chain.length === 0) {
-      errors.push("No valid certificate chain could be built");
-      return { isValid: false, errors, chain: [] };
-    }
-    const now = /* @__PURE__ */ new Date();
-    for (let i = 0; i < chain.length; i++) {
-      const cert = chain[i];
-      if (now < cert.notBefore) {
-        errors.push(`Certificate ${i} (${cert.subject}) is not yet valid`);
-      }
-      if (now > cert.notAfter) {
-        errors.push(`Certificate ${i} (${cert.subject}) has expired`);
-      }
-      if (i < chain.length - 1) {
+        // Validate root certificate is self-signed and trusted
+        const rootSubject = rootCert.subject;
+        const rootIssuer = rootCert.issuer;
+        if (rootSubject !== rootIssuer) {
+            errors.push('Root certificate is not self-signed');
+        }
+        // Verify root certificate signature (self-verification)
         try {
-          const issuer = chain[i + 1];
-          const isValid = await cert.verify(issuer, crypto);
-          if (!isValid) {
-            errors.push(`Certificate ${i} signature verification failed`);
-          }
-        } catch (error) {
-          errors.push(`Certificate ${i} verification failed: ${error.message}`);
-        }
-      }
-    }
-    return {
-      isValid: errors.length === 0,
-      errors,
-      chain
-    };
-  } catch (error) {
-    errors.push(`Certificate chain validation error: ${error.message}`);
-    return { isValid: false, errors, chain: [] };
-  }
-}
-function extractPublicKeyFromUserData(userDataBuffer) {
-  try {
-    const userDataString = userDataBuffer.toString("utf-8");
-    const teeKMatch = userDataString.match(/^tee_k_public_key:(0x[0-9a-fA-F]{40})$/);
-    const teeTMatch = userDataString.match(/^tee_t_public_key:(0x[0-9a-fA-F]{40})$/);
-    if (teeKMatch) {
-      return {
-        teeType: "tee_k",
-        ethAddress: teeKMatch[1],
-        // Store the full ETH address with 0x prefix
-        pcr0: ""
-      };
+            const isRootValid = await rootCert.verify(undefined, crypto);
+            if (!isRootValid) {
+                errors.push('Root certificate signature verification failed');
+            }
+        }
+        catch (error) {
+            errors.push(`Root certificate verification failed: ${error.message}`);
+        }
+        // Build the certificate chain
+        const chainBuilder = new X509ChainBuilder({
+            certificates: [rootCert, ...intermediateCerts]
+        });
+        let chain;
+        try {
+            chain = await chainBuilder.build(targetCert, crypto);
+        }
+        catch (error) {
+            errors.push(`Certificate chain building failed: ${error.message}`);
+            return { isValid: false, errors, chain: [] };
+        }
+        if (!chain || chain.length === 0) {
+            errors.push('No valid certificate chain could be built');
+            return { isValid: false, errors, chain: [] };
+        }
+        // Validate each certificate in the chain
+        const now = new Date();
+        for (let i = 0; i < chain.length; i++) {
+            const cert = chain[i];
+            // Check expiration dates
+            if (now < cert.notBefore) {
+                errors.push(`Certificate ${i} (${cert.subject}) is not yet valid`);
+            }
+            if (now > cert.notAfter) {
+                errors.push(`Certificate ${i} (${cert.subject}) has expired`);
+            }
+            // Verify each certificate's signature (except root which is self-signed)
+            if (i < chain.length - 1) {
+                try {
+                    const issuer = chain[i + 1];
+                    const isValid = await cert.verify(issuer, crypto);
+                    if (!isValid) {
+                        errors.push(`Certificate ${i} signature verification failed`);
+                    }
+                }
+                catch (error) {
+                    errors.push(`Certificate ${i} verification failed: ${error.message}`);
+                }
+            }
+        }
+        return {
+            isValid: errors.length === 0,
+            errors,
+            chain
+        };
     }
-    if (teeTMatch) {
-      return {
-        teeType: "tee_t",
-        ethAddress: teeTMatch[1],
-        // Store the full ETH address with 0x prefix
-        pcr0: ""
-      };
+    catch (error) {
+        errors.push(`Certificate chain validation error: ${error.message}`);
+        return { isValid: false, errors, chain: [] };
     }
-    return null;
-  } catch {
-    return null;
-  }
 }
-async function validateNitroAttestationAndExtractKey(attestationBytes) {
-  const errors = [];
-  const warnings = [];
-  try {
-    const crypto = new Crypto();
-    const decode = await getCborDecode();
-    let decoded;
-    try {
-      decoded = decode(Buffer.from(attestationBytes));
-    } catch (error) {
-      errors.push(`CBOR decoding failed: ${error.message}`);
-      return { isValid: false, errors, warnings, pcr0: "" };
-    }
-    if (!Array.isArray(decoded) || decoded.length < 4) {
-      errors.push("Invalid COSE_Sign1 structure: expected array with 4 elements");
-      return { isValid: false, errors, warnings, pcr0: "" };
-    }
-    const [, , payload] = decoded;
-    if (!payload || payload.length === 0) {
-      errors.push("Empty or missing payload in COSE_Sign1 structure");
-      return { isValid: false, errors, warnings, pcr0: "" };
-    }
-    let doc;
-    try {
-      doc = decode(payload);
-    } catch (error) {
-      errors.push(`Payload decoding failed: ${error.message}`);
-      return { isValid: false, errors, warnings, pcr0: "" };
-    }
-    if (doc.module_id.length === 0) {
-      errors.push("Missing or invalid module_id");
-    }
-    if (doc.digest.length === 0) {
-      errors.push("Missing or invalid digest");
-    }
-    if (!doc.pcrs || typeof doc.pcrs !== "object") {
-      errors.push("Missing or invalid pcrs");
-    }
-    if (!Buffer.isBuffer(doc.certificate) || doc.certificate.length === 0) {
-      errors.push("Missing or invalid certificate");
-    }
-    if (!Array.isArray(doc.cabundle) || doc.cabundle.length === 0) {
-      errors.push("Missing or invalid cabundle");
-    }
-    if (errors.length > 0) {
-      return { isValid: false, errors, warnings, pcr0: "" };
-    }
-    const pcr0 = doc.pcrs[0].toString("hex");
-    const intermediateCerts = [];
-    for (let i = 0; i < doc.cabundle.length; i++) {
-      try {
-        const cert = new X509Certificate(doc.cabundle[i].toString("base64"));
-        intermediateCerts.push(cert);
-      } catch (error) {
-        errors.push(`Failed to parse cabundle certificate ${i}: ${error.message}`);
-      }
-    }
-    let targetCert;
-    try {
-      targetCert = new X509Certificate(doc.certificate.toString("base64"));
-    } catch (error) {
-      errors.push(`Failed to parse target certificate: ${error.message}`);
-      return { isValid: false, errors, warnings, pcr0: "" };
-    }
-    let rootCert;
-    try {
-      rootCert = new X509Certificate(AWS_NITRO_ROOT_CERT);
-    } catch (error) {
-      errors.push(`Failed to parse AWS Nitro root certificate: ${error.message}`);
-      return { isValid: false, errors, warnings, pcr0: "" };
-    }
-    const chainResult = await validateCertificateChain(targetCert, intermediateCerts, rootCert, crypto);
-    if (!chainResult.isValid) {
-      errors.push(...chainResult.errors);
-      return { isValid: false, errors, warnings, pcr0: "" };
-    }
-    let publicKeyRaw;
-    try {
-      publicKeyRaw = Buffer.from(targetCert.publicKey.rawData);
-    } catch (error) {
-      errors.push(`Failed to extract public key: ${error.message}`);
-      return { isValid: false, errors, warnings, pcr0: "" };
-    }
-    if (publicKeyRaw.length !== 120 || publicKeyRaw[0] !== 48) {
-      errors.push(`Invalid public key format: expected 120-byte DER-encoded key, got ${publicKeyRaw.length} bytes`);
-      return { isValid: false, errors, warnings, pcr0: "" };
-    }
-    let spki;
+/**
+ * Extract public key from user_data field in attestation document
+ */
+function extractPublicKeyFromUserData(userDataBuffer) {
     try {
-      spki = AsnParser.parse(publicKeyRaw, SubjectPublicKeyInfo);
-    } catch (error) {
-      errors.push(`Failed to parse SubjectPublicKeyInfo: ${error.message}`);
-      return { isValid: false, errors, warnings, pcr0: "" };
+        const userDataString = userDataBuffer.toString('utf-8');
+        // Parse new format: "tee_k_public_key:0xETH_ADDRESS" or "tee_t_public_key:0xETH_ADDRESS"
+        const teeKMatch = userDataString.match(/^tee_k_public_key:(0x[0-9a-fA-F]{40})$/);
+        const teeTMatch = userDataString.match(/^tee_t_public_key:(0x[0-9a-fA-F]{40})$/);
+        if (teeKMatch) {
+            return {
+                teeType: 'tee_k',
+                ethAddress: teeKMatch[1], // Store the full ETH address with 0x prefix
+                pcr0: ''
+            };
+        }
+        if (teeTMatch) {
+            return {
+                teeType: 'tee_t',
+                ethAddress: teeTMatch[1], // Store the full ETH address with 0x prefix
+                pcr0: ''
+            };
+        }
+        return null;
     }
-    const ecPoint = Buffer.from(spki.subjectPublicKey);
-    if (ecPoint.length !== 97 || ecPoint[0] !== 4) {
-      errors.push("Invalid EC point: expected 97-byte uncompressed P-384 key");
-      return { isValid: false, errors, warnings, pcr0: "" };
+    catch {
+        return null;
     }
-    const x = ecPoint.subarray(1, 49);
-    const y = ecPoint.subarray(49, 97);
+}
+/**
+ * Working validation function copied from nitroattestor
+ */
+export async function validateNitroAttestationAndExtractKey(attestationBytes) {
+    const errors = [];
+    const warnings = [];
     try {
-      const verifier = {
-        key: {
-          x,
-          y
-        }
-      };
-      const options = { defaultType: 18 };
-      await sign.verify(Buffer.from(attestationBytes), verifier, options);
-    } catch (error) {
-      errors.push(`COSE signature verification failed: ${error.message}`);
-      return { isValid: false, errors, warnings, pcr0: "" };
+        // Set up WebCrypto
+        const crypto = new Crypto();
+        // Decode CBOR - use exact same approach as working nitroattestor
+        const decode = await getCborDecode();
+        let decoded;
+        try {
+            decoded = decode(Buffer.from(attestationBytes));
+        }
+        catch (error) {
+            errors.push(`CBOR decoding failed: ${error.message}`);
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        // Extract COSE_Sign1 structure
+        if (!Array.isArray(decoded) || decoded.length < 4) {
+            errors.push('Invalid COSE_Sign1 structure: expected array with 4 elements');
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        const [, , payload] = decoded;
+        // Validate payload exists and is not empty
+        if (!payload || payload.length === 0) {
+            errors.push('Empty or missing payload in COSE_Sign1 structure');
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        // Decode payload - use exact same approach as working code
+        let doc;
+        try {
+            doc = decode(payload);
+        }
+        catch (error) {
+            errors.push(`Payload decoding failed: ${error.message}`);
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        // Validate mandatory fields with strict type checking
+        if (doc.module_id.length === 0) {
+            errors.push('Missing or invalid module_id');
+        }
+        if (doc.digest.length === 0) {
+            errors.push('Missing or invalid digest');
+        }
+        if (!doc.pcrs || typeof doc.pcrs !== 'object') {
+            errors.push('Missing or invalid pcrs');
+        }
+        if (!Buffer.isBuffer(doc.certificate) || doc.certificate.length === 0) {
+            errors.push('Missing or invalid certificate');
+        }
+        if (!Array.isArray(doc.cabundle) || doc.cabundle.length === 0) {
+            errors.push('Missing or invalid cabundle');
+        }
+        // Early return if basic validation fails
+        if (errors.length > 0) {
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        const pcr0 = doc.pcrs[0].toString('hex');
+        // Validate PCRs with secure comparison
+        // for(const [index, expected] of Object.entries(EXPECTED_PCRS)) {
+        // 	const pcrIndex = parseInt(index)
+        // 	const actualPcr = doc.pcrs[pcrIndex]
+        //
+        // 	if(!Buffer.isBuffer(actualPcr)) {
+        // 		errors.push(`PCR${index} is not a Buffer`)
+        // 		continue
+        // 	}
+        //
+        // 	if(!secureBufferCompare(expected, actualPcr)) {
+        // 		errors.push(`PCR${index} mismatch`)
+        // 	}
+        // }
+        // Parse certificates with better error handling
+        const intermediateCerts = [];
+        for (let i = 0; i < doc.cabundle.length; i++) {
+            try {
+                const cert = new X509Certificate(doc.cabundle[i].toString('base64'));
+                intermediateCerts.push(cert);
+            }
+            catch (error) {
+                errors.push(`Failed to parse cabundle certificate ${i}: ${error.message}`);
+            }
+        }
+        // Parse target certificate
+        let targetCert;
+        try {
+            targetCert = new X509Certificate(doc.certificate.toString('base64'));
+        }
+        catch (error) {
+            errors.push(`Failed to parse target certificate: ${error.message}`);
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        // Parse root certificate
+        let rootCert;
+        try {
+            rootCert = new X509Certificate(AWS_NITRO_ROOT_CERT);
+        }
+        catch (error) {
+            errors.push(`Failed to parse AWS Nitro root certificate: ${error.message}`);
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        // Enhanced certificate chain validation
+        const chainResult = await validateCertificateChain(targetCert, intermediateCerts, rootCert, crypto);
+        if (!chainResult.isValid) {
+            errors.push(...chainResult.errors);
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        // Parse and validate public key
+        let publicKeyRaw;
+        try {
+            publicKeyRaw = Buffer.from(targetCert.publicKey.rawData);
+        }
+        catch (error) {
+            errors.push(`Failed to extract public key: ${error.message}`);
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        // Validate public key format (P-384 ECDSA)
+        if (publicKeyRaw.length !== 120 || publicKeyRaw[0] !== 0x30) {
+            errors.push(`Invalid public key format: expected 120-byte DER-encoded key, got ${publicKeyRaw.length} bytes`);
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        let spki;
+        try {
+            spki = AsnParser.parse(publicKeyRaw, SubjectPublicKeyInfo);
+        }
+        catch (error) {
+            errors.push(`Failed to parse SubjectPublicKeyInfo: ${error.message}`);
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        const ecPoint = Buffer.from(spki.subjectPublicKey);
+        if (ecPoint.length !== 97 || ecPoint[0] !== 0x04) {
+            errors.push('Invalid EC point: expected 97-byte uncompressed P-384 key');
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        const x = ecPoint.subarray(1, 49); // 48-byte x coordinate
+        const y = ecPoint.subarray(49, 97); // 48-byte y coordinate
+        // Validate ECDSA signature using cose-js
+        try {
+            const verifier = {
+                key: {
+                    x: x,
+                    y: y,
+                },
+            };
+            const options = { defaultType: 18 }; // cose.sign.Sign1Tag
+            await sign.verify(Buffer.from(attestationBytes), verifier, options);
+        }
+        catch (error) {
+            errors.push(`COSE signature verification failed: ${error.message}`);
+            return { isValid: false, errors, warnings, pcr0: '' };
+        }
+        // Extract public key from user_data if present
+        let userDataType;
+        let ethAddress;
+        if (doc.user_data) {
+            const keyInfo = extractPublicKeyFromUserData(doc.user_data);
+            if (keyInfo) {
+                userDataType = keyInfo.teeType;
+                ethAddress = keyInfo.ethAddress;
+            }
+        }
+        return {
+            isValid: errors.length === 0,
+            errors,
+            warnings,
+            userDataType,
+            ethAddress,
+            pcr0: pcr0
+        };
     }
-    let userDataType;
-    let ethAddress;
-    if (doc.user_data) {
-      const keyInfo = extractPublicKeyFromUserData(doc.user_data);
-      if (keyInfo) {
-        userDataType = keyInfo.teeType;
-        ethAddress = keyInfo.ethAddress;
-      }
+    catch (error) {
+        errors.push(`Unexpected error during validation: ${error.message}`);
+        return { isValid: false, errors, warnings, pcr0: '' };
     }
-    return {
-      isValid: errors.length === 0,
-      errors,
-      warnings,
-      userDataType,
-      ethAddress,
-      pcr0
-    };
-  } catch (error) {
-    errors.push(`Unexpected error during validation: ${error.message}`);
-    return { isValid: false, errors, warnings, pcr0: "" };
-  }
 }
-export {
-  validateNitroAttestationAndExtractKey
-};

package/lib/server/utils/oprf-raw.js

@@ -1,61 +1,54 @@
-import { getBytes } from "ethers";
+import { getBytes } from 'ethers';
 import { TOPRF_DOMAIN_SEPARATOR } from "../../config/index.js";
 import { getEnvVariable } from "../../utils/env.js";
 import { makeDefaultOPRFOperator } from "../../utils/zk.js";
-async function computeOPRFRaw(plaintext, markers, logger) {
-  if (!markers.length) {
-    return [];
-  }
-  const PRIVATE_KEY_STR = getEnvVariable("TOPRF_SHARE_PRIVATE_KEY");
-  const PUBLIC_KEY_STR = getEnvVariable("TOPRF_SHARE_PUBLIC_KEY");
-  if (!PRIVATE_KEY_STR || !PUBLIC_KEY_STR) {
-    throw new Error("TOPRF keys not configured. Cannot compute oprf-raw.");
-  }
-  const privateKey = getBytes(PRIVATE_KEY_STR);
-  const publicKey = getBytes(PUBLIC_KEY_STR);
-  const operator = makeDefaultOPRFOperator("chacha20", "gnark", logger);
-  const results = [];
-  for (const marker of markers) {
-    const { dataLocation } = marker;
-    if (!dataLocation) {
-      logger.warn("oprf-raw marker missing dataLocation, skipping");
-      continue;
+/**
+ * Compute OPRF for plaintext data marked with oprf-raw.
+ * This runs server-side since the attestor has access to the revealed plaintext.
+ *
+ * @param plaintext - The revealed plaintext from the TLS transcript
+ * @param markers - Positions in the plaintext to compute OPRF for
+ * @param logger - Logger instance
+ * @returns Array of OPRF results with nullifiers
+ */
+export async function computeOPRFRaw(plaintext, markers, logger) {
+    if (!markers.length) {
+        return [];
     }
-    const { fromIndex, length } = dataLocation;
-    const endIndex = fromIndex + length;
-    if (endIndex > plaintext.length) {
-      throw new Error(
-        `oprf-raw marker out of bounds: fromIndex=${fromIndex}, length=${length}, plaintextLength=${plaintext.length}`
-      );
+    const PRIVATE_KEY_STR = getEnvVariable('TOPRF_SHARE_PRIVATE_KEY');
+    const PUBLIC_KEY_STR = getEnvVariable('TOPRF_SHARE_PUBLIC_KEY');
+    if (!PRIVATE_KEY_STR || !PUBLIC_KEY_STR) {
+        throw new Error('TOPRF keys not configured. Cannot compute oprf-raw.');
     }
-    const data = plaintext.slice(fromIndex, endIndex);
-    const request = await operator.generateOPRFRequestData(
-      data,
-      TOPRF_DOMAIN_SEPARATOR,
-      logger
-    );
-    const response = await operator.evaluateOPRF(
-      privateKey,
-      request.maskedData,
-      logger
-    );
-    const nullifier = await operator.finaliseOPRF(
-      publicKey,
-      request,
-      [{ ...response, publicKeyShare: publicKey }],
-      logger
-    );
-    results.push({
-      dataLocation: { fromIndex, length },
-      nullifier
-    });
-    logger.debug(
-      { fromIndex, length, nullifierHex: Buffer.from(nullifier).toString("hex").slice(0, 16) + "..." },
-      "computed oprf-raw nullifier"
-    );
-  }
-  return results;
+    const privateKey = getBytes(PRIVATE_KEY_STR);
+    const publicKey = getBytes(PUBLIC_KEY_STR);
+    // Use gnark engine for server-side OPRF (same as TOPRF handler)
+    const operator = makeDefaultOPRFOperator('chacha20', 'gnark', logger);
+    const results = [];
+    for (const marker of markers) {
+        const { dataLocation } = marker;
+        if (!dataLocation) {
+            logger.warn('oprf-raw marker missing dataLocation, skipping');
+            continue;
+        }
+        const { fromIndex, length } = dataLocation;
+        const endIndex = fromIndex + length;
+        if (endIndex > plaintext.length) {
+            throw new Error(`oprf-raw marker out of bounds: fromIndex=${fromIndex}, length=${length}, plaintextLength=${plaintext.length}`);
+        }
+        // Extract the data to OPRF
+        const data = plaintext.slice(fromIndex, endIndex);
+        // Generate OPRF request (server-side, we do the full flow)
+        const request = await operator.generateOPRFRequestData(data, TOPRF_DOMAIN_SEPARATOR, logger);
+        // Evaluate OPRF with server's private key
+        const response = await operator.evaluateOPRF(privateKey, request.maskedData, logger);
+        // Finalize to get the nullifier
+        const nullifier = await operator.finaliseOPRF(publicKey, request, [{ ...response, publicKeyShare: publicKey }], logger);
+        results.push({
+            dataLocation: { fromIndex, length },
+            nullifier
+        });
+        logger.debug({ fromIndex, length, nullifierHex: Buffer.from(nullifier).toString('hex').slice(0, 16) + '...' }, 'computed oprf-raw nullifier');
+    }
+    return results;
 }
-export {
-  computeOPRFRaw
-};