openttt 0.2.12 → 0.2.13

package/dist/pot_verifier.js

@@ -0,0 +1,183 @@
+"use strict";
+/**
+ * pot_verifier.ts — Complete TTTPS PoT frame verification
+ *
+ * Implements the normative verification sequence from
+ * draft-helmprotocol-tttps-02 Section 4.5 + Section 7.1:
+ *
+ *   1. Version check
+ *   2. TLS binding_key check  ← NEW in -02 (Ekr fix)
+ *   3. HMAC context gate      (~6 μs)
+ *   4. Ed25519 signature      (~100 μs)
+ *   5. Recency check
+ *   6. Nonce freshness
+ *
+ * Step 2 is checked FIRST because it's O(1) constant-time
+ * and prevents cross-session replay before any crypto.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MemoryNonceCache = exports.PotVerifier = void 0;
+const crypto = __importStar(require("crypto"));
+const pot_frame_1 = require("./pot_frame");
+const tls_binding_1 = require("./tls_binding");
+/** Tier tolerance windows in milliseconds (Section 8) — numeric tier ID */
+const TTTPS_TIER_TOLERANCE_MS = {
+    0: 60_000, // T0_epoch: 60s
+    1: 2_000, // T1_block: 2s
+    2: 12_000, // T2_slot: 12s
+    3: 100, // T3_micro: 100ms
+};
+class PotVerifier {
+    issuerPubKey;
+    nonceCache;
+    constructor(config) {
+        this.issuerPubKey = typeof config.issuerPublicKey === "string"
+            ? Buffer.from(config.issuerPublicKey, "hex")
+            : config.issuerPublicKey;
+        this.nonceCache = config.nonceCache;
+    }
+    /**
+     * Verify a 175-byte PoT frame over an active TLS socket.
+     *
+     * @param socket   - The TLS socket on which the frame was received
+     * @param frame    - 175-byte PoT frame (binding_key[32] + pot_record[143])
+     * @param nowMs    - Current time in milliseconds (injectable for testing)
+     */
+    verify(socket, frame, nowMs = Date.now()) {
+        // ── Structural check ──────────────────────────────────────────
+        if (frame.length !== pot_frame_1.POT_FRAME_SIZE) {
+            return { valid: false, error: "FRAME_MALFORMED" };
+        }
+        let parsed;
+        try {
+            parsed = (0, pot_frame_1.decodePotFrame)(frame);
+        }
+        catch {
+            return { valid: false, error: "FRAME_MALFORMED" };
+        }
+        // ── Step 1: Version check ──────────────────────────────────────
+        if (parsed.version !== 1) {
+            return { valid: false, error: "UNKNOWN_VERSION" };
+        }
+        // ── Step 2: TLS binding_key (NEW — Ekr Section 7.1 fix) ───────
+        // O(1), constant-time. Must precede all crypto to prevent
+        // cross-session replay amplification.
+        const potWithoutSig = (0, pot_frame_1.potRecordWithoutSig)(parsed.potRecord);
+        const bindingValid = (0, tls_binding_1.verifyBindingKey)(socket, potWithoutSig, parsed.bindingKey);
+        if (!bindingValid) {
+            return { valid: false, error: "BINDING_KEY_MISMATCH", frame: parsed };
+        }
+        // ── Step 3: HMAC context gate (~6 μs) ─────────────────────────
+        // NOTE: Actual GRG HMAC verification is done server-side via
+        // IntegrityClient (integrity.helmprotocol.com).
+        // Local verification checks Ed25519 over grgCommit.
+        // Full HMAC verification is available when running Helm server.
+        // ── Step 4: Ed25519 signature verification (~100 μs) ──────────
+        const signatureValid = this.verifyEd25519(parsed.potRecord.subarray(0, 79), // pot_without_sig
+        parsed.ed25519Sig);
+        if (!signatureValid) {
+            return { valid: false, error: "SIGNATURE_INVALID", frame: parsed };
+        }
+        // ── Step 5: Recency check (AdaptiveSwitch gate) ────────────────
+        const potTimestampMs = Number(parsed.timestamp / 1000000n);
+        const latencyMs = nowMs - potTimestampMs;
+        const tolerance = TTTPS_TIER_TOLERANCE_MS[parsed.tier] ?? TTTPS_TIER_TOLERANCE_MS[1];
+        if (latencyMs > tolerance) {
+            // Delay attack detected → triggers FULL mode in AdaptiveSwitch
+            return {
+                valid: false,
+                error: "SUBMISSION_OUTSIDE_TOLERANCE",
+                frame: parsed,
+                latencyMs,
+            };
+        }
+        // ── Step 6: Nonce freshness ────────────────────────────────────
+        const nonceHex = parsed.nonce.toString("hex");
+        if (this.nonceCache.has(nonceHex)) {
+            return { valid: false, error: "NONCE_REPLAY", frame: parsed };
+        }
+        this.nonceCache.add(nonceHex);
+        return { valid: true, frame: parsed, latencyMs };
+    }
+    verifyEd25519(data, signature) {
+        try {
+            return crypto.verify(null, data, {
+                key: this.issuerPubKey,
+                format: "der",
+                type: "spki",
+            }, signature);
+        }
+        catch {
+            return false;
+        }
+    }
+}
+exports.PotVerifier = PotVerifier;
+// ──────────────────────────────────────────────────────────────────
+// Simple in-memory nonce cache with TTL (for testing / small deployments)
+// Production: use Redis with SETEX
+// ──────────────────────────────────────────────────────────────────
+class MemoryNonceCache {
+    cache = new Map(); // nonce → expiresAt
+    ttlMs;
+    constructor(ttlMs = 120_000) {
+        this.ttlMs = ttlMs;
+    }
+    has(nonce) {
+        const exp = this.cache.get(nonce);
+        if (exp === undefined)
+            return false;
+        if (Date.now() > exp) {
+            this.cache.delete(nonce);
+            return false;
+        }
+        return true;
+    }
+    add(nonce) {
+        // Periodic cleanup (keep cache from growing unbounded)
+        if (this.cache.size > 10_000)
+            this.sweep();
+        this.cache.set(nonce, Date.now() + this.ttlMs);
+    }
+    sweep() {
+        const now = Date.now();
+        for (const [k, exp] of this.cache) {
+            if (now > exp)
+                this.cache.delete(k);
+        }
+    }
+}
+exports.MemoryNonceCache = MemoryNonceCache;

package/dist/tls_binding.d.ts

@@ -0,0 +1,52 @@
+/**
+ * tls_binding.ts — RFC 5705 TLS Exporter binding for TTTPS
+ *
+ * Implements Section 7.1 of draft-helmprotocol-tttps-02:
+ *   binding_key = TLS-Exporter("EXPORTER-tttps-pot-binding",
+ *                               pot_record_without_sig, 32)
+ *
+ * Both client and server derive the same 32-byte key from the
+ * shared TLS session master secret. A PoT frame generated in
+ * session A cannot be replayed into session B.
+ *
+ * Node.js API: tls.TLSSocket.exportKeyingMaterial()
+ * Available since Node.js 13.x (LTS 14+)
+ * RFC 5705 compliant.
+ */
+import * as tls from "tls";
+/** Label defined in draft-helmprotocol-tttps-02 Section 7.1 */
+export declare const TTTPS_EXPORTER_LABEL = "EXPORTER-tttps-pot-binding";
+export declare const TTTPS_BINDING_KEY_LENGTH = 32;
+export interface BindingKeyResult {
+    bindingKey: Buffer;
+    sessionId: string;
+}
+export declare class TLSBindingError extends Error {
+    constructor(message: string);
+}
+/**
+ * Derive the 32-byte binding key from a TLS session and a PoT record.
+ *
+ * @param socket          - Active TLS socket (must be in CONNECTED state)
+ * @param potWithoutSig   - PoT record bytes WITHOUT the Ed25519 signature
+ *                          (first 79 bytes of the 143-byte record:
+ *                           Version[1] + Tier[1] + Reserved[1] +
+ *                           Timestamp[8] + Confidence[4] +
+ *                           Nonce[32] + GRGCommit[32])
+ * @returns 32-byte binding key
+ */
+export declare function computeBindingKey(socket: tls.TLSSocket, potWithoutSig: Buffer): BindingKeyResult;
+/**
+ * Verify that a received binding_key matches the expected value
+ * for this TLS session and PoT record.
+ *
+ * This is the normative check from draft-helmprotocol-tttps-02 Section 7.1:
+ *   "The verifier MUST recompute expected_key via TLS-Exporter
+ *    and verify it matches the binding_key in the PoT frame header."
+ *
+ * @param socket            - Active TLS socket (same session as sender)
+ * @param potWithoutSig     - PoT record bytes WITHOUT signature (79 bytes)
+ * @param receivedBindingKey - 32-byte binding_key from the received PoT frame
+ * @returns true if binding is valid, false if cross-session replay detected
+ */
+export declare function verifyBindingKey(socket: tls.TLSSocket, potWithoutSig: Buffer, receivedBindingKey: Buffer): boolean;

package/dist/tls_binding.js

@@ -0,0 +1,86 @@
+"use strict";
+/**
+ * tls_binding.ts — RFC 5705 TLS Exporter binding for TTTPS
+ *
+ * Implements Section 7.1 of draft-helmprotocol-tttps-02:
+ *   binding_key = TLS-Exporter("EXPORTER-tttps-pot-binding",
+ *                               pot_record_without_sig, 32)
+ *
+ * Both client and server derive the same 32-byte key from the
+ * shared TLS session master secret. A PoT frame generated in
+ * session A cannot be replayed into session B.
+ *
+ * Node.js API: tls.TLSSocket.exportKeyingMaterial()
+ * Available since Node.js 13.x (LTS 14+)
+ * RFC 5705 compliant.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TLSBindingError = exports.TTTPS_BINDING_KEY_LENGTH = exports.TTTPS_EXPORTER_LABEL = void 0;
+exports.computeBindingKey = computeBindingKey;
+exports.verifyBindingKey = verifyBindingKey;
+/** Label defined in draft-helmprotocol-tttps-02 Section 7.1 */
+exports.TTTPS_EXPORTER_LABEL = "EXPORTER-tttps-pot-binding";
+exports.TTTPS_BINDING_KEY_LENGTH = 32; // octets per RFC 5705
+class TLSBindingError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "TLSBindingError";
+    }
+}
+exports.TLSBindingError = TLSBindingError;
+/**
+ * Derive the 32-byte binding key from a TLS session and a PoT record.
+ *
+ * @param socket          - Active TLS socket (must be in CONNECTED state)
+ * @param potWithoutSig   - PoT record bytes WITHOUT the Ed25519 signature
+ *                          (first 79 bytes of the 143-byte record:
+ *                           Version[1] + Tier[1] + Reserved[1] +
+ *                           Timestamp[8] + Confidence[4] +
+ *                           Nonce[32] + GRGCommit[32])
+ * @returns 32-byte binding key
+ */
+function computeBindingKey(socket, potWithoutSig) {
+    if (!socket.encrypted) {
+        throw new TLSBindingError("Socket is not a TLS socket");
+    }
+    // exportKeyingMaterial(length, label, context, useContextFlag?)
+    // context = pot_record_without_sig per RFC 5705 Section 4
+    const bindingKey = socket.exportKeyingMaterial(exports.TTTPS_BINDING_KEY_LENGTH, exports.TTTPS_EXPORTER_LABEL, potWithoutSig // context bound to this specific PoT record
+    );
+    const sessionId = socket.getSession?.()?.toString("hex").slice(0, 16) ?? "unknown";
+    return {
+        bindingKey: Buffer.from(bindingKey),
+        sessionId,
+    };
+}
+/**
+ * Verify that a received binding_key matches the expected value
+ * for this TLS session and PoT record.
+ *
+ * This is the normative check from draft-helmprotocol-tttps-02 Section 7.1:
+ *   "The verifier MUST recompute expected_key via TLS-Exporter
+ *    and verify it matches the binding_key in the PoT frame header."
+ *
+ * @param socket            - Active TLS socket (same session as sender)
+ * @param potWithoutSig     - PoT record bytes WITHOUT signature (79 bytes)
+ * @param receivedBindingKey - 32-byte binding_key from the received PoT frame
+ * @returns true if binding is valid, false if cross-session replay detected
+ */
+function verifyBindingKey(socket, potWithoutSig, receivedBindingKey) {
+    if (receivedBindingKey.length !== exports.TTTPS_BINDING_KEY_LENGTH) {
+        return false;
+    }
+    const { bindingKey: expected } = computeBindingKey(socket, potWithoutSig);
+    // Constant-time comparison (prevents timing attacks)
+    return timingSafeEqual(expected, receivedBindingKey);
+}
+/**
+ * Constant-time Buffer comparison.
+ * Node.js crypto.timingSafeEqual requires equal-length buffers.
+ */
+function timingSafeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    const { timingSafeEqual } = require("crypto");
+    return timingSafeEqual(a, b);
+}

package/dist/v4_hook.d.ts

@@ -1,7 +1,12 @@
 import { EVMConnector } from "./evm_connector";
-import { ProtocolFeeCollector } from "./protocol_fee";
-import { FeeCalculation } from "./dynamic_fee";
 import { BeforeSwapParams, AfterSwapParams } from "./types";
+export interface FeeCalculation {
+    feeAmount: bigint;
+    tier: string;
+}
+export interface ProtocolFeeCollector {
+    collectBurnFee(fee: FeeCalculation, signature: string, sender: string, nonce: bigint, deadline: number): Promise<void>;
+}
 /**
  * UniswapV4Hook - TTT-based Uniswap V4 Hook Simulation (SDK-side)
  *

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openttt",
-  "version": "0.2.12",
+  "version": "0.2.13",
   "description": "OpenTTT — TLS-grade transaction ordering for DeFi. Time + Logic + Sync.",
   "license": "BSL-1.1",
   "repository": {
@@ -29,6 +29,8 @@
     }
   },
   "files": [
+    "dist/adaptive_switch.js",
+    "dist/adaptive_switch.d.ts",
     "dist/ct_log.js",
     "dist/ct_log.d.ts",
     "dist/errors.js",
@@ -49,12 +51,18 @@
     "dist/osnma_source.d.ts",
     "dist/pool_registry.js",
     "dist/pool_registry.d.ts",
+    "dist/pot_frame.js",
+    "dist/pot_frame.d.ts",
     "dist/pot_signer.js",
     "dist/pot_signer.d.ts",
+    "dist/pot_verifier.js",
+    "dist/pot_verifier.d.ts",
     "dist/signer.js",
     "dist/signer.d.ts",
     "dist/time_synthesis.js",
     "dist/time_synthesis.d.ts",
+    "dist/tls_binding.js",
+    "dist/tls_binding.d.ts",
     "dist/trust_store.js",
     "dist/trust_store.d.ts",
     "dist/types.js",
@@ -100,6 +108,7 @@
   "overrides": {
     "defu": ">=6.1.4",
     "picomatch": ">=4.0.2",
-    "handlebars": ">=4.7.9"
+    "handlebars": ">=4.7.9",
+    "ws": ">=8.21.0"
   }
-}
+}