From 253836969be6e400c5e09341b2df34a032e5e530 Mon Sep 17 00:00:00 2001 From: vmidyllic <74898029+vmidyllic@users.noreply.github.com> Date: Fri, 15 Dec 2023 15:54:44 +0200 Subject: [PATCH] add circuits params --- auth.go | 27 +++++++--------------- go.sum | 6 ----- pubsignals/atomicMtpV2.go | 1 + pubsignals/atomicSigV2.go | 1 + pubsignals/atomicV3.go | 41 +++++++++++++++++++++++++--------- pubsignals/authV2.go | 1 + pubsignals/circuitsVerifier.go | 2 +- pubsignals/verifyopts.go | 25 +++++---------------- 8 files changed, 49 insertions(+), 55 deletions(-) diff --git a/auth.go b/auth.go index 49c63af..671b11e 100644 --- a/auth.go +++ b/auth.go @@ -379,28 +379,17 @@ func (v *Verifier) VerifyAuthResponse( for _, o := range opts { o(cfg) } - // check if VerifierDID is set to opts - if cfg.VerifierDID == nil { - aud, err := w3c.ParseDID(request.From) // TODO: this is assuming that response.TO is always DID. - if err != nil { - return err - } - opts = append(opts, pubsignals.WithVerifierDID(aud)) - } - // check if NullifierSessionID is set to opts - if cfg.NullifierSessionID == nil { - nullifierSessionIDParam, ok := proofRequest.Params["nullifierSessionID"] - if ok { - nullifierSessionID, ok := new(big.Int).SetString(fmt.Sprintf("%v", nullifierSessionIDParam), 10) - if !ok { - return errors.Errorf("verifier session id is not valid big int %s", nullifierSessionID.String()) - } - opts = append(opts, pubsignals.WithNullifierSessionID(nullifierSessionID)) - } + if proofRequest.Params == nil { + proofRequest.Params = make(map[string]interface{}) + } + verifierDID, err := w3c.ParseDID(request.From) // TODO: this is assuming that response.TO is always DID. + if err != nil { + return err } + proofRequest.Params[pubsignals.ParamNameVerifierDID] = verifierDID - err = cv.VerifyQuery(ctx, query, v.documentLoader, rawMessage, opts...) + err = cv.VerifyQuery(ctx, query, v.documentLoader, rawMessage, proofRequest.Params, opts...) if err != nil { return err } diff --git a/go.sum b/go.sum index 042554b..b454ef5 100644 --- a/go.sum +++ b/go.sum @@ -107,12 +107,8 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO github.com/huin/goupnp v1.2.0 h1:uOKW26NG1hsSSbXIZ1IR7XP9Gjd1U8pnLaCMgntmkmY= github.com/iden3/contracts-abi/state/go/abi v1.0.0-beta.3 h1:ZHFnK2dU3NJglY+igY48JLHWtNGN/Vhf5/L/qrFk/tM= github.com/iden3/contracts-abi/state/go/abi v1.0.0-beta.3/go.mod h1:TxgIrXCvxms3sbOdsy8kTvffUCIpEEifNy0fSXdkU4w= -github.com/iden3/go-circuits/v2 v2.0.1-0.20231107104826-eb84f9065195 h1:UeFjbxOGP3/iVXF+YECgVib20IAI6uurR17YLvuoI/A= -github.com/iden3/go-circuits/v2 v2.0.1-0.20231107104826-eb84f9065195/go.mod h1:VIFIp51+IH0hOzjnKhb84bCeyq7hq76zX/C14ua6zh4= github.com/iden3/go-circuits/v2 v2.0.1-0.20231206142403-a3ef66e48eee h1:HgDAwl7GR0Om2uZYD6vt8JVmK3BhF+TGRopilr54mN4= github.com/iden3/go-circuits/v2 v2.0.1-0.20231206142403-a3ef66e48eee/go.mod h1:VIFIp51+IH0hOzjnKhb84bCeyq7hq76zX/C14ua6zh4= -github.com/iden3/go-iden3-core/v2 v2.0.1-0.20231130210351-b20901fdcaa6 h1:/aGy/IBE2cKFXaiAZxuuajh9ixpTOfKJs50EhNXuZKo= -github.com/iden3/go-iden3-core/v2 v2.0.1-0.20231130210351-b20901fdcaa6/go.mod h1:L9PxhWPvoS9qTb3inEkZBm1RpjHBt+VTwvxssdzbAdw= github.com/iden3/go-iden3-core/v2 v2.0.1-0.20231201093815-43513060218f h1:SckYN8tfMOBwmZLgaRDG7C18JM+fP1R6fpPErM5BuJo= github.com/iden3/go-iden3-core/v2 v2.0.1-0.20231201093815-43513060218f/go.mod h1:L9PxhWPvoS9qTb3inEkZBm1RpjHBt+VTwvxssdzbAdw= github.com/iden3/go-iden3-crypto v0.0.15 h1:4MJYlrot1l31Fzlo2sF56u7EVFeHHJkxGXXZCtESgK4= @@ -133,8 +129,6 @@ github.com/iden3/go-rapidsnark/witness/wazero v0.0.0-20230524142950-0986cf057d4e github.com/iden3/go-rapidsnark/witness/wazero v0.0.0-20230524142950-0986cf057d4e/go.mod h1:UEBifEzw62T6VzIHJeHuUgeLg2U/J9ttf7hOwQEqnYk= github.com/iden3/go-schema-processor/v2 v2.0.1 h1:eh54MdgEm+Au9LZzFpx56YxW342t3H/tgJAPgm6iR8A= github.com/iden3/go-schema-processor/v2 v2.0.1/go.mod h1:eWRQDbxixZ/9k/uPlciKIy6TUYlKX/6hdqyTuAQi3wE= -github.com/iden3/iden3comm/v2 v2.0.0 h1:cFDfF6aJ589ENg5zlTBEPK6Qqv4I11C/gliAWZORpyY= -github.com/iden3/iden3comm/v2 v2.0.0/go.mod h1:wrXoxi8eoQSLopatRW5+hYF9lDRvzGL2As9ZE88q/kA= github.com/iden3/iden3comm/v2 v2.0.1-0.20231206141252-dc3389b6e759 h1:VysOX75ElqQQkRK3GOuOJtDWezncf0VgSLlvqZbUzso= github.com/iden3/iden3comm/v2 v2.0.1-0.20231206141252-dc3389b6e759/go.mod h1:wrXoxi8eoQSLopatRW5+hYF9lDRvzGL2As9ZE88q/kA= github.com/ipfs/boxo v0.8.0 h1:UdjAJmHzQHo/j3g3b1bAcAXCj/GM6iTwvSlBDvPBNBs= diff --git a/pubsignals/atomicMtpV2.go b/pubsignals/atomicMtpV2.go index 3d136f9..b6c166d 100644 --- a/pubsignals/atomicMtpV2.go +++ b/pubsignals/atomicMtpV2.go @@ -25,6 +25,7 @@ func (c *AtomicQueryMTPV2) VerifyQuery( query Query, schemaLoader ld.DocumentLoader, verifiablePresentation json.RawMessage, + _ map[string]interface{}, opts ...VerifyOpt, ) error { return query.Check(ctx, schemaLoader, &CircuitOutputs{ diff --git a/pubsignals/atomicSigV2.go b/pubsignals/atomicSigV2.go index 5e99699..707fa44 100644 --- a/pubsignals/atomicSigV2.go +++ b/pubsignals/atomicSigV2.go @@ -25,6 +25,7 @@ func (c *AtomicQuerySigV2) VerifyQuery( query Query, schemaLoader ld.DocumentLoader, verifiablePresentation json.RawMessage, + _ map[string]interface{}, opts ...VerifyOpt, ) error { err := query.Check(ctx, schemaLoader, &CircuitOutputs{ diff --git a/pubsignals/atomicV3.go b/pubsignals/atomicV3.go index e3fac9c..ae09247 100644 --- a/pubsignals/atomicV3.go +++ b/pubsignals/atomicV3.go @@ -26,6 +26,7 @@ func (c *AtomicQueryV3) VerifyQuery( query Query, schemaLoader ld.DocumentLoader, verifiablePresentation json.RawMessage, + params map[string]interface{}, opts ...VerifyOpt, ) error { err := query.Check(ctx, schemaLoader, &CircuitOutputs{ @@ -65,23 +66,43 @@ func (c *AtomicQueryV3) VerifyQuery( default: } + if params != nil { + nullifierSessionIDparam, ok := params[ParamNameNullifierSessionID].(string) + if ok { + verifierDID, ok := params[ParamNameNullifierSessionID].(*w3c.DID) + if !ok { + return errors.New("verifier did is mandatory if nullifier session is set in the request") + } + id, err := core.IDFromDID(*verifierDID) + if err != nil { + return err + } + if c.VerifierID.BigInt().Cmp(id.BigInt()) != 0 { + return errors.New("wrong verifier is used for nullification") + } + + nullifierSessionID, ok := new(big.Int).SetString(nullifierSessionIDparam, 10) + if !ok { + return errors.New("nullifier session is not a valid big integer") + } + if c.NullifierSessionID.Cmp(nullifierSessionID) != 0 { + return errors.Errorf("wrong verifier session id is used for nullification: expected %s given %s,", nullifierSessionID.String(), c.NullifierSessionID.String()) + } + } else { + // if no nullifierSessionID in params - we need to verify that nullifier is zero + if c.NullifierSessionID != nil && c.NullifierSessionID.Int64() != 0 { + return errors.New("nullfifier id is generated but wasn't requested") + } + } + + } // verify nullifier information if c.Nullifier != nil && c.Nullifier.Cmp(big.NewInt(0)) != 0 { cfg := defaultProofVerifyOpts for _, o := range opts { o(&cfg) } - id, err := core.IDFromDID(*cfg.VerifierDID) - if err != nil { - return err - } - if c.VerifierID.BigInt().Cmp(id.BigInt()) != 0 { - return errors.New("wrong verifier is used for nullification") - } - if c.NullifierSessionID.Cmp(cfg.NullifierSessionID) != 0 { - return errors.Errorf("wrong verifier session id is used for nullification: expected %s given %s,", cfg.NullifierSessionID.String(), c.NullifierSessionID.String()) - } } if query.LinkSessionID != "" && c.LinkID == nil { diff --git a/pubsignals/authV2.go b/pubsignals/authV2.go index 42b43f7..693a498 100644 --- a/pubsignals/authV2.go +++ b/pubsignals/authV2.go @@ -25,6 +25,7 @@ func (c *AuthV2) VerifyQuery( _ Query, _ ld.DocumentLoader, _ json.RawMessage, + _ ...VerifyOpt) error { return errors.New("authV2 circuit doesn't support queries") } diff --git a/pubsignals/circuitsVerifier.go b/pubsignals/circuitsVerifier.go index 79206f9..7fc6c3d 100644 --- a/pubsignals/circuitsVerifier.go +++ b/pubsignals/circuitsVerifier.go @@ -18,7 +18,7 @@ type StateResolver interface { // Verifier is interface for verification of public signals of zkp type Verifier interface { - VerifyQuery(ctx context.Context, query Query, schemaLoader ld.DocumentLoader, verifiablePresentation json.RawMessage, opts ...VerifyOpt) error + VerifyQuery(ctx context.Context, query Query, schemaLoader ld.DocumentLoader, verifiablePresentation json.RawMessage, circuitParams map[string]interface{}, opts ...VerifyOpt) error VerifyStates(ctx context.Context, resolvers map[string]StateResolver, opts ...VerifyOpt) error VerifyIDOwnership(userIdentifier string, challenge *big.Int) error diff --git a/pubsignals/verifyopts.go b/pubsignals/verifyopts.go index 1b7faa9..62b0e49 100644 --- a/pubsignals/verifyopts.go +++ b/pubsignals/verifyopts.go @@ -1,10 +1,7 @@ package pubsignals import ( - "math/big" "time" - - "github.com/iden3/go-iden3-core/v2/w3c" ) var ( @@ -27,20 +24,6 @@ func WithAcceptedProofGenerationDelay(duration time.Duration) VerifyOpt { } } -// WithVerifierDID sets verifier to request -func WithVerifierDID(did *w3c.DID) VerifyOpt { - return func(v *VerifyConfig) { - v.VerifierDID = did - } -} - -// WithNullifierSessionID sets nullifierSessionID to request -func WithNullifierSessionID(nullifierSessionID *big.Int) VerifyOpt { - return func(v *VerifyConfig) { - v.NullifierSessionID = nullifierSessionID - } -} - // VerifyOpt sets options. type VerifyOpt func(v *VerifyConfig) @@ -49,6 +32,10 @@ type VerifyConfig struct { // is the period of time that a revoked state remains valid. AcceptedStateTransitionDelay time.Duration AcceptedProofGenerationDelay time.Duration - VerifierDID *w3c.DID - NullifierSessionID *big.Int } + +// ParamNameVerifierDID is a verifier did - specific circuit param for V3, but can be utilized by other circuits +const ParamNameVerifierDID = "verifierDid" + +// ParamNameNullifierSessionID is a nullifier session id - specific circuit param for V3 to generate nullifier +const ParamNameNullifierSessionID = "nullifierSessionId"