Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix sd for v3 circuit #82

Merged
merged 2 commits into from
Feb 9, 2024
Merged

fix sd for v3 circuit #82

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6f2268a
fix sd for v3 circuit
vmidyllic Feb 9, 2024
febe407
fix only
vmidyllic Feb 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@iden3/js-iden3-auth",
"version": "1.1.0",
"version": "1.1.1",
"description": "iden3-auth implementation in JavaScript",
"main": "dist/cjs/index.js",
"source": "./src/index.ts",
Expand Down
2 changes: 1 addition & 1 deletion src/circuits/atomicMtpV2.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ export class AtomicQueryMTPV2PubSignalsVerifier
valueArraySize: valuesSize,
isRevocationChecked: this.pubSignals.isRevocationChecked
};
await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, opts);
await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, false, opts);

return this.pubSignals;
}
Expand Down
2 changes: 1 addition & 1 deletion src/circuits/atomicSigV2.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ export class AtomicQuerySigV2PubSignalsVerifier
valueArraySize: valuesSize,
isRevocationChecked: this.pubSignals.isRevocationChecked
};
await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, opts);
await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, false, opts);

return this.pubSignals;
}
Expand Down
5 changes: 3 additions & 2 deletions src/circuits/atomicV3.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,10 @@ export class AtomicQueryV3PubSignalsVerifier
claimPathKey: this.pubSignals.claimPathKey,
claimPathNotExists: this.pubSignals.claimPathNotExists,
valueArraySize: valuesSize,
isRevocationChecked: this.pubSignals.isRevocationChecked
isRevocationChecked: this.pubSignals.isRevocationChecked,
operatorOutput: this.pubSignals.operatorOutput
};
await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, opts);
await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, true, opts);

const { proofType, verifierID, nullifier, nullifierSessionID, linkID } = this.pubSignals;

Expand Down
54 changes: 39 additions & 15 deletions src/circuits/query.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,15 @@ export interface ClaimOutputs {
claimPathNotExists?: number;
valueArraySize: number;
isRevocationChecked: number;
operatorOutput?: bigint;
}

export async function checkQueryRequest(
query: Query,
outputs: ClaimOutputs,
schemaLoader?: DocumentLoader,
verifiablePresentation?: JSON,
supportsSDOperator?: boolean,
opts?: VerifyOpts
): Promise<void> {
// validate issuer
Expand Down Expand Up @@ -93,7 +95,13 @@ export async function checkQueryRequest(
if (!verifiablePresentation) {
throw new Error(`no vp present in selective disclosure request`);
}
await validateDisclosure(verifiablePresentation, cq, outputs, schemaLoader);
await validateDisclosure(
verifiablePresentation,
cq,
outputs,
schemaLoader,
supportsSDOperator
);
} catch (e) {
throw new Error(`failed to validate selective disclosure: ${(e as Error).message}`);
}
Expand Down Expand Up @@ -188,22 +196,13 @@ async function validateDisclosure(
verifiablePresentation: JSON,
cq: CircuitQuery,
outputs: ClaimOutputs,
ldLoader?: DocumentLoader
ldLoader?: DocumentLoader,
supportsSDOperator?: boolean
) {
if (!verifiablePresentation) {
throw new Error(`verifiablePresentation is required for selective disclosure request`);
}

if (outputs.operator !== Operators.EQ) {
throw new Error(`operator for selective disclosure must be $eq`);
}

for (let index = 1; index < outputs.value.length; index++) {
if (outputs.value[index] !== 0n) {
throw new Error(`selective disclosure not available for array of values`);
}
}

let mz: Merklizer;
const strVerifiablePresentation: string = JSON.stringify(verifiablePresentation);
try {
Expand Down Expand Up @@ -240,10 +239,35 @@ async function validateDisclosure(
`path [${merklizedPath.parts}] doesn't exist in verifiablePresentation document`
);
}

const bi = await value.mtEntry();
if (bi !== outputs.value[0]) {
throw new Error(`value that was used is not equal to requested in query`);

if (supportsSDOperator) {
if (outputs.operator !== Operators.SD) {
throw new Error(`operator for selective disclosure must be $sd`);
}

if (!outputs.operatorOutput || bi !== outputs.operatorOutput) {
throw new Error(`operator output must be equal to disclosed value`);
}

for (let index = 0; index < outputs.value.length; index++) {
if (outputs.value[index] !== 0n) {
throw new Error(`in selective disclosure, comparing values must be zero for $sd operator`);
}
}
} else {
if (outputs.operator !== Operators.EQ) {
throw new Error(`operator for selective disclosure must be $eq`);
}

for (let index = 1; index < outputs.value.length; index++) {
if (outputs.value[index] !== 0n) {
throw new Error(`selective disclosure not available for array of values`);
}
}
if (bi !== outputs.value[0]) {
throw new Error(`value that was used is not equal to requested in query`);
}
}

return;
Expand Down
29 changes: 28 additions & 1 deletion test/query.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ describe('Query', () => {
await expect(checkQueryRequest(query, pubSig, defaultLoader)).resolves.not.toThrow();
});

it('Selective disclosure', async () => {
it('Selective disclosure V2', async () => {
const query: Query = {
allowedIssuers: ['*'],
credentialSubject: {
Expand All @@ -138,6 +138,33 @@ describe('Query', () => {
await expect(checkQueryRequest(query, pubSig, defaultLoader, vp)).resolves.not.toThrow();
});

it('Selective disclosure V3', async () => {
const query: Query = {
allowedIssuers: ['*'],
credentialSubject: {
countryCode: {}
},
context:
'https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-v3.json-ld',
type: 'KYCCountryOfResidenceCredential'
};
const pubSig: ClaimOutputs = {
issuerId: issuerID,
schemaHash: KYCCountrySchema,
claimPathKey: BigInt(
'17002437119434618783545694633038537380726339994244684348913844923422470806844'
),
operator: 16,
value: [],
merklized: 1,
isRevocationChecked: 1,
valueArraySize: 64,
timestamp: getUnixTimestamp(new Date()),
operatorOutput: BigInt(800)
};
await expect(checkQueryRequest(query, pubSig, defaultLoader, vp, true)).resolves.not.toThrow();
});

it('Query with boolean type', async () => {
const query: Query = {
allowedIssuers: ['*'],
Expand Down
Loading