@reclaimprotocol/attestor-core 5.0.1-beta.2 → 5.0.1-beta.22

package/lib/server/utils/tee-transcript-reconstruction.js

@@ -1,140 +1,187 @@
+/**
+ * TLS Transcript Reconstruction from TEE data
+ */
 import { AttestorError } from "../../utils/error.js";
 import { REDACTION_CHAR_CODE } from "../../utils/index.js";
-async function reconstructTlsTranscript(bundleData, logger, oprfResults) {
-  try {
-    const revealedRequest = reconstructRequest(bundleData, logger);
-    const reconstructedResponse = await reconstructConsolidatedResponse(bundleData, logger, oprfResults);
-    const certificateInfo = bundleData.kOutputPayload.certificateInfo;
-    logger.info("TLS transcript reconstruction completed successfully", {
-      requestSize: revealedRequest.length,
-      responseSize: reconstructedResponse.length,
-      hasCertificateInfo: !!certificateInfo
-    });
-    return {
-      revealedRequest,
-      reconstructedResponse,
-      certificateInfo
-    };
-  } catch (error) {
-    logger.error({ error }, "TLS transcript reconstruction failed");
-    throw new AttestorError("ERROR_INVALID_CLAIM", `Transcript reconstruction failed: ${error.message}`);
-  }
+/**
+ * Reconstructs TLS transcript from TEE bundle data
+ * @param bundleData - Validated TEE bundle data
+ * @param logger - Logger instance
+ * @param oprfResults - Optional OPRF results to apply during reconstruction
+ * @returns Reconstructed transcript data
+ */
+export async function reconstructTlsTranscript(bundleData, logger, oprfResults) {
+    try {
+        // 1. Reconstruct request using proof stream
+        const revealedRequest = reconstructRequest(bundleData, logger);
+        // 2. Reconstruct response using consolidated keystream and ciphertext
+        const reconstructedResponse = await reconstructConsolidatedResponse(bundleData, logger, oprfResults);
+        // 3. Extract certificate info from TEE_K payload
+        const certificateInfo = bundleData.kOutputPayload.certificateInfo;
+        logger.info('TLS transcript reconstruction completed successfully', {
+            requestSize: revealedRequest.length,
+            responseSize: reconstructedResponse.length,
+            hasCertificateInfo: !!certificateInfo
+        });
+        return {
+            revealedRequest,
+            reconstructedResponse,
+            certificateInfo
+        };
+    }
+    catch (error) {
+        logger.error({ error }, 'TLS transcript reconstruction failed');
+        throw new AttestorError('ERROR_INVALID_CLAIM', `Transcript reconstruction failed: ${error.message}`);
+    }
 }
+/**
+ * Reconstructs the original request by applying proof stream to redacted request
+ */
 function reconstructRequest(bundleData, logger) {
-  const { kOutputPayload } = bundleData;
-  if (!kOutputPayload.requestRedactionRanges || kOutputPayload.requestRedactionRanges.length === 0) {
-    logger.warn("No request redaction ranges - using redacted request as-is");
-    return kOutputPayload.redactedRequest;
-  }
-  const revealedRequest = new Uint8Array(kOutputPayload.redactedRequest);
-  const prettyRequest = new Uint8Array(revealedRequest);
-  for (const range of kOutputPayload.requestRedactionRanges) {
-    if (!range.type.includes("proof")) {
-      const start = range.start;
-      const length = range.length;
-      for (let i = 0; i < length && start + i < prettyRequest.length; i++) {
-        prettyRequest[start + i] = REDACTION_CHAR_CODE;
-      }
-    }
-  }
-  return prettyRequest;
+    const { kOutputPayload } = bundleData;
+    if (!kOutputPayload.requestRedactionRanges || kOutputPayload.requestRedactionRanges.length === 0) {
+        logger.warn('No request redaction ranges - using redacted request as-is');
+        return kOutputPayload.redactedRequest;
+    }
+    // Create a copy of the redacted request
+    const revealedRequest = new Uint8Array(kOutputPayload.redactedRequest);
+    // Create pretty display: show revealed proof data, but keep other sensitive data as '*'
+    const prettyRequest = new Uint8Array(revealedRequest);
+    for (const range of kOutputPayload.requestRedactionRanges) {
+        // Keep non-proof sensitive data as '*' for display
+        if (!range.type.includes('proof')) {
+            const start = range.start;
+            const length = range.length;
+            for (let i = 0; i < length && start + i < prettyRequest.length; i++) {
+                prettyRequest[start + i] = REDACTION_CHAR_CODE;
+            }
+        }
+    }
+    return prettyRequest;
 }
+/**
+ * NEW: Reconstructs response using consolidated keystream and ciphertext
+ * This is much simpler than the old packet-by-packet approach
+ */
 async function reconstructConsolidatedResponse(bundleData, logger, oprfResults) {
-  const { kOutputPayload, tOutputPayload } = bundleData;
-  const consolidatedKeystream = kOutputPayload.consolidatedResponseKeystream;
-  const consolidatedCiphertext = tOutputPayload.consolidatedResponseCiphertext;
-  if (!consolidatedKeystream || consolidatedKeystream.length === 0) {
-    throw new AttestorError("ERROR_INVALID_CLAIM", "No consolidated response keystream available");
-  }
-  if (!consolidatedCiphertext || consolidatedCiphertext.length === 0) {
-    throw new AttestorError("ERROR_INVALID_CLAIM", "No consolidated response ciphertext available");
-  }
-  if (consolidatedKeystream.length !== consolidatedCiphertext.length) {
-    logger.warn("Keystream and ciphertext length mismatch", {
-      keystreamLength: consolidatedKeystream.length,
-      ciphertextLength: consolidatedCiphertext.length
-    });
-  }
-  const minLength = Math.min(consolidatedKeystream.length, consolidatedCiphertext.length);
-  const reconstructedResponse = new Uint8Array(minLength);
-  for (let i = 0; i < minLength; i++) {
-    reconstructedResponse[i] = consolidatedKeystream[i] ^ consolidatedCiphertext[i];
-  }
-  logger.info(`Reconstructed response: ${reconstructedResponse.length} bytes, ${kOutputPayload.responseRedactionRanges?.length || 0} redaction ranges`);
-  let processedResponse = applyResponseRedactionRanges(reconstructedResponse, kOutputPayload.responseRedactionRanges, logger);
-  if (oprfResults && oprfResults.length > 0) {
-    logger.info(`Applying ${oprfResults.length} OPRF replacements before trimming`);
-    const { replaceOprfRanges } = await import("../../server/utils/tee-oprf-verification.js");
-    processedResponse = replaceOprfRanges(processedResponse, oprfResults, logger);
-  }
-  let leadingAsterisks = 0;
-  for (const element of processedResponse) {
-    if (element === REDACTION_CHAR_CODE) {
-      leadingAsterisks++;
-    } else {
-      break;
-    }
-  }
-  let trailingAsterisks = 0;
-  for (let i = processedResponse.length - 1; i >= leadingAsterisks; i--) {
-    if (processedResponse[i] === REDACTION_CHAR_CODE) {
-      trailingAsterisks++;
-    } else {
-      break;
-    }
-  }
-  const finalLength = processedResponse.length - leadingAsterisks - trailingAsterisks;
-  logger.info(`After processing: ${processedResponse.length} bytes, ${leadingAsterisks} leading and ${trailingAsterisks} trailing asterisks trimmed, final: ${finalLength} bytes`);
-  return processedResponse.slice(leadingAsterisks, processedResponse.length - trailingAsterisks);
+    const { kOutputPayload, tOutputPayload } = bundleData;
+    // Get consolidated data from both TEEs
+    const consolidatedKeystream = kOutputPayload.consolidatedResponseKeystream;
+    const consolidatedCiphertext = tOutputPayload.consolidatedResponseCiphertext;
+    if (!consolidatedKeystream || consolidatedKeystream.length === 0) {
+        throw new AttestorError('ERROR_INVALID_CLAIM', 'No consolidated response keystream available');
+    }
+    if (!consolidatedCiphertext || consolidatedCiphertext.length === 0) {
+        throw new AttestorError('ERROR_INVALID_CLAIM', 'No consolidated response ciphertext available');
+    }
+    // Verify lengths match
+    if (consolidatedKeystream.length !== consolidatedCiphertext.length) {
+        logger.warn('Keystream and ciphertext length mismatch', {
+            keystreamLength: consolidatedKeystream.length,
+            ciphertextLength: consolidatedCiphertext.length
+        });
+    }
+    // XOR to get plaintext (keystream XOR ciphertext = plaintext)
+    const minLength = Math.min(consolidatedKeystream.length, consolidatedCiphertext.length);
+    const reconstructedResponse = new Uint8Array(minLength);
+    for (let i = 0; i < minLength; i++) {
+        reconstructedResponse[i] = consolidatedKeystream[i] ^ consolidatedCiphertext[i];
+    }
+    logger.info(`Reconstructed response: ${reconstructedResponse.length} bytes, ${kOutputPayload.responseRedactionRanges?.length || 0} redaction ranges`);
+    // Apply response redaction ranges to the reconstructed response
+    let processedResponse = applyResponseRedactionRanges(reconstructedResponse, kOutputPayload.responseRedactionRanges, logger);
+    // Apply OPRF replacements BEFORE trimming leading asterisks
+    if (oprfResults && oprfResults.length > 0) {
+        logger.info(`Applying ${oprfResults.length} OPRF replacements before trimming`);
+        const { replaceOprfRanges } = await import("./tee-oprf-verification.js");
+        processedResponse = replaceOprfRanges(processedResponse, oprfResults, logger);
+    }
+    // Count leading asterisks
+    let leadingAsterisks = 0;
+    for (const element of processedResponse) {
+        if (element === REDACTION_CHAR_CODE) {
+            leadingAsterisks++;
+        }
+        else {
+            break;
+        }
+    }
+    // Count trailing asterisks (may contain undesired data like alerts)
+    let trailingAsterisks = 0;
+    for (let i = processedResponse.length - 1; i >= leadingAsterisks; i--) {
+        if (processedResponse[i] === REDACTION_CHAR_CODE) {
+            trailingAsterisks++;
+        }
+        else {
+            break;
+        }
+    }
+    const finalLength = processedResponse.length - leadingAsterisks - trailingAsterisks;
+    logger.info(`After processing: ${processedResponse.length} bytes, ${leadingAsterisks} leading and ${trailingAsterisks} trailing asterisks trimmed, final: ${finalLength} bytes`);
+    return processedResponse.slice(leadingAsterisks, processedResponse.length - trailingAsterisks);
 }
+// Removed legacy packet-based extraction functions since we now use consolidated streams
+/**
+ * Applies response redaction ranges to replace random garbage with asterisks
+ * Response redaction ranges have NO type field - they all work the same way (binary redaction)
+ */
 function applyResponseRedactionRanges(response, redactionRanges, logger) {
-  if (!redactionRanges || redactionRanges.length === 0) {
-    return response;
-  }
-  const result = new Uint8Array(response);
-  const consolidatedRanges = consolidateRedactionRanges(redactionRanges);
-  if (logger) {
-    logger.info(`Applying ${consolidatedRanges.length} redaction ranges to ${response.length} byte response`);
-  }
-  for (const [idx, range] of consolidatedRanges.entries()) {
-    const rangeStart = range.start;
-    const rangeEnd = range.start + range.length;
-    if (rangeStart < 0 || rangeEnd > result.length) {
-      if (logger) {
-        logger.warn(`Redaction range #${idx} out of bounds: [${rangeStart}-${rangeEnd}] vs ${result.length}`);
-      }
-      continue;
-    }
-    if (logger && idx < 3) {
-      logger.info(`Redaction range #${idx}: [${rangeStart}-${rangeEnd}]`);
-    }
-    for (let i = rangeStart; i < rangeEnd; i++) {
-      result[i] = REDACTION_CHAR_CODE;
-    }
-  }
-  return result;
+    if (!redactionRanges || redactionRanges.length === 0) {
+        return response;
+    }
+    const result = new Uint8Array(response);
+    // Consolidate overlapping ranges (same as client implementation)
+    const consolidatedRanges = consolidateRedactionRanges(redactionRanges);
+    if (logger) {
+        logger.info(`Applying ${consolidatedRanges.length} redaction ranges to ${response.length} byte response`);
+    }
+    // Apply each redaction range to replace random garbage with asterisks
+    for (const [idx, range] of consolidatedRanges.entries()) {
+        const rangeStart = range.start;
+        const rangeEnd = range.start + range.length;
+        // Check bounds
+        if (rangeStart < 0 || rangeEnd > result.length) {
+            if (logger) {
+                logger.warn(`Redaction range #${idx} out of bounds: [${rangeStart}-${rangeEnd}] vs ${result.length}`);
+            }
+            continue;
+        }
+        if (logger && idx < 3) {
+            logger.info(`Redaction range #${idx}: [${rangeStart}-${rangeEnd}]`);
+        }
+        // Replace random garbage with asterisks
+        for (let i = rangeStart; i < rangeEnd; i++) {
+            result[i] = REDACTION_CHAR_CODE;
+        }
+    }
+    return result;
 }
+/**
+ * Consolidates overlapping redaction ranges
+ */
 function consolidateRedactionRanges(ranges) {
-  if (ranges.length === 0) {
-    return [];
-  }
-  const sortedRanges = [...ranges].sort((a, b) => a.start - b.start);
-  const consolidated = [];
-  let current = { ...sortedRanges[0] };
-  for (let i = 1; i < sortedRanges.length; i++) {
-    const next = sortedRanges[i];
-    if (next.start <= current.start + current.length) {
-      const endCurrent = current.start + current.length;
-      const endNext = next.start + next.length;
-      current.length = Math.max(endCurrent, endNext) - current.start;
-    } else {
-      consolidated.push(current);
-      current = { ...next };
-    }
-  }
-  consolidated.push(current);
-  return consolidated;
+    if (ranges.length === 0) {
+        return [];
+    }
+    // Sort ranges by start position
+    const sortedRanges = [...ranges].sort((a, b) => a.start - b.start);
+    const consolidated = [];
+    let current = { ...sortedRanges[0] };
+    for (let i = 1; i < sortedRanges.length; i++) {
+        const next = sortedRanges[i];
+        // Check if ranges overlap or are adjacent
+        if (next.start <= current.start + current.length) {
+            // Merge ranges
+            const endCurrent = current.start + current.length;
+            const endNext = next.start + next.length;
+            current.length = Math.max(endCurrent, endNext) - current.start;
+        }
+        else {
+            // No overlap, add current and move to next
+            consolidated.push(current);
+            current = { ...next };
+        }
+    }
+    consolidated.push(current);
+    return consolidated;
 }
-export {
-  reconstructTlsTranscript
-};