fix: potential oprf raw text leak

adiwajshing · adiwajshing · commit 76db2036b0f2 · 2025-08-28T19:34:04.000+05:30
diff --git a/js/src/gnark/utils.ts b/js/src/gnark/utils.ts
@@ -154,7 +154,7 @@ export function generateGnarkWitness(
 		key: 'key' in input
 			? Base64.fromUint8Array(input.key)
 			: undefined,
-		ciphertext: 'out' in input
+		ciphertext: 'out' in input && input.out?.length
 			? Base64.fromUint8Array(input.out)
 			: undefined,
 		blocks: input.noncesAndCounters.map(n => ({
diff --git a/js/src/tests/lib.test.ts b/js/src/tests/lib.test.ts
@@ -142,8 +142,8 @@ for(const { zkEngine, algorithm } of TEST_MATRIX) {
 				operator
 			})
 			// fill output with 0s
-			for(let i = 0;i < proof.plaintext.length;i++) {
-				proof.plaintext[i] = 0
+			for(let i = 0;i < proof.plaintext!.length;i++) {
+				proof.plaintext![i] = 0
 			}
 
 			await assert.rejects(
diff --git a/js/src/tests/oprf.test.ts b/js/src/tests/oprf.test.ts
@@ -1,3 +1,4 @@
+import assert from 'assert'
 import { describe, it } from 'node:test'
 import { CONFIG } from '../config.ts'
 import { makeLocalFileFetch } from '../file-fetch.ts'
@@ -98,6 +99,7 @@ for(const { engine, algorithm } of OPRF_TEST_MATRIX) {
 					mask: req.mask,
 					toprf,
 				})
+				assert.ok(!proof.plaintext)
 
 				await verifyProof({
 					proof,
diff --git a/js/src/types.ts b/js/src/types.ts
@@ -16,8 +16,9 @@ export type Proof = {
 	/**
 	 * the plaintext obtained as an output
 	 * of the ZK circuit
+	 * Will be `undefined` if proving with TOPRF
 	 */
-	plaintext: Uint8Array
+	plaintext: Uint8Array | undefined
 }
 
 export type FileFetch = {
@@ -85,7 +86,7 @@ export type GetPublicSignalsOpts = {
 	algorithm: EncryptionAlgorithm
 	publicInput: PublicInput
 } & ({
-	plaintext: Uint8Array
+	plaintext: Uint8Array | undefined
 } | {
 	key: Uint8Array
 })
diff --git a/js/src/zk.ts b/js/src/zk.ts
@@ -12,6 +12,7 @@ import { ceilToBlockSizeMultiple, getBlockSizeBytes, getCounterForByteOffset, sp
 export async function generateProof(opts: GenerateProofOpts): Promise<Proof> {
 	const { algorithm, operator, logger } = opts
 	const { witness, plaintextArray } = await generateZkWitness(opts)
+
 	let wtnsSerialised: Uint8Array
 	if('mask' in opts) {
 		wtnsSerialised = await operator.generateWitness({
@@ -26,7 +27,11 @@ export async function generateProof(opts: GenerateProofOpts): Promise<Proof> {
 
 	const { proof } = await operator.groth16Prove(wtnsSerialised, logger)
 
-	return { algorithm, proofData: proof, plaintext: plaintextArray }
+	return {
+		algorithm,
+		proofData: proof,
+		plaintext: 'mask' in opts ? undefined : plaintextArray
+	}
 }
 
 /**
@@ -132,7 +137,7 @@ export async function getPublicSignals(
 	const pubSigs: ZKProofPublicSignals = {
 		noncesAndCounters,
 		in: concatenateUint8Arrays(ciphertextBlocks),
-		out: 'plaintext' in opts
+		out: 'plaintext' in opts && opts.plaintext
 			? opts.plaintext
 			: concatenateUint8Arrays(plaintextBlocks),
 	}
