Circuits V3: init commit. Update package deps. Replace test( ti it(

package.json

@@ -12,13 +12,11 @@
   "scripts": {
     "test": "jest",
     "test:watch": "jest --watch",
-    "build:cjs:bundle": "node build.js",
     "build:types": "tsc -p tsconfig.build.json && tsc-alias",
     "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
     "lint": "eslint src test --ext .ts",
     "lint:fix": "eslint src test --ext .ts --fix",
-    "build": "npm run clean && patch-package && npm run build:cjs:bundle && npm run build:types",
-    "build:tsc": "tsc --module commonjs -p tsconfig.build.json && tsc-alias",
+    "build": "npm run clean && tsc --module commonjs -p tsconfig.build.json && tsc-alias",
     "clean": "rimraf ./dist"
   },
   "directories": {
@@ -34,41 +32,39 @@
     "url": "https://github.com/iden3/js-iden3-auth"
   },
   "dependencies": {
-    "@0xpolygonid/js-sdk": "1.2.2",
-    "@iden3/eslint-config": "https://github.com/iden3/eslint-config",
-    "@iden3/js-iden3-core": "1.0.2",
-    "@iden3/js-jsonld-merklization": "1.0.2",
-    "@iden3/js-jwz": "1.0.2",
-    "@iden3/js-merkletree": "1.0.1",
+    "@0xpolygonid/js-sdk": "file:../js-sdk",
+    "@iden3/js-iden3-core": "1.1.0",
+    "@iden3/js-jsonld-merklization": "1.1.2",
+    "@iden3/js-jwz": "1.1.2",
+    "@iden3/js-merkletree": "1.1.2",
     "did-resolver": "^4.1.0",
     "ethers": "^5.4.0",
     "nested-property": "^4.0.0",
-    "tslib": "^2.4.0",
-    "uuid": "^8.3.2"
+    "tslib": "^2.6.2",
+    "uuid": "^9.0.1"
   },
   "devDependencies": {
+    "@iden3/eslint-config": "https://github.com/iden3/eslint-config",
     "@typechain/ethers-v5": "^10.2.0",
     "@types/jest": "^29.5.2",
-    "@types/jsonld": "^1.5.9",
-    "@types/node": "^16.0.0",
-    "@types/uuid": "^9.0.2",
+    "@types/jsonld": "^1.5.13",
+    "@types/node": "^20.10.1",
+    "@types/uuid": "^9.0.7",
     "@typescript-eslint/eslint-plugin": "^5.0.0",
     "@typescript-eslint/parser": "^5.0.0",
-    "esbuild": "^0.18.3",
     "eslint": "^8.13.0",
     "eslint-config-prettier": "^8.3.0",
     "eslint-plugin-prettier": "^4.0.0",
     "jest": "29.1.0",
-    "patch-package": "^6.5.1",
     "postinstall-postinstall": "^2.1.0",
-    "prettier": "^2.3.2",
+    "prettier": "^2.7.1",
     "rimraf": "^3.0.2",
     "rollup-plugin-sourcemaps": "^0.6.3",
     "rollup-plugin-terser": "^7.0.2",
-    "ts-jest": "29.1.0",
-    "ts-node": "^10.0.0",
-    "tsc-alias": "^1.6.9",
-    "tsconfig-paths": "^3.10.1",
+    "ts-jest": "29.1.1",
+    "ts-node": "^10.9.1",
+    "tsc-alias": "^1.8.8",
+    "tsconfig-paths": "^3.14.2",
     "typechain": "^8.1.1",
     "typescript": "^4.3.5"
   }

src/auth/auth.ts

@@ -27,6 +27,7 @@ import {
 import { Resolvable } from 'did-resolver';
 import { Options, DocumentLoader } from '@iden3/js-jsonld-merklization';
 import path from 'path';
+import { DID } from '@iden3/js-iden3-core';
 
 /**
  *  createAuthorizationRequest is a function to create protocol authorization request
@@ -221,6 +222,12 @@ export class Verifier {
       throw new Error('message for signing from request is not presented in response');
     }
 
+    if (request.from !== response.to) {
+      throw new Error(
+        `sender of the request is not a target of response - expected ${request.from}, given ${response.to}`
+      );
+    }
+
     for (const proofRequest of request.body.scope) {
       const proofResp = response.body.scope.find((proofResp) => proofResp.id === proofRequest.id);
       if (!proofResp) {
@@ -244,6 +251,8 @@ export class Verifier {
         throw new Error(`circuit ${circuitId} is not supported by the library`);
       }
 
+      opts = opts?.verifierDID ? opts : { ...opts, verifierDID: DID.parse(request.from) };
+
       // verify query
       const verifier = new CircuitVerifier(proofResp.pub_signals);
       await verifier.verifyQuery(

src/circuits/atomicV3.ts

@@ -0,0 +1,124 @@
+import { PubSignalsVerifier, VerifyOpts } from '@lib/circuits/registry';
+import { checkQueryRequest, ClaimOutputs, Query } from '@lib/circuits/query';
+import { Resolvers } from '@lib/state/resolver';
+import { IDOwnershipPubSignals } from '@lib/circuits/ownershipVerifier';
+import { checkIssuerNonRevState, checkUserState, getResolverByID } from '@lib/circuits/common';
+import { DID, getDateFromUnixTimestamp } from '@iden3/js-iden3-core';
+import { DocumentLoader } from '@iden3/js-jsonld-merklization';
+import { AtomicQueryV3PubSignals, byteEncoder, ProofType } from '@0xpolygonid/js-sdk';
+
+const valuesSize = 64;
+const defaultProofVerifyOpts = 1 * 60 * 60 * 1000; // 1 hour
+
+export class AtomicQueryV3PubSignalsVerifier
+  extends IDOwnershipPubSignals
+  implements PubSignalsVerifier
+{
+  pubSignals = new AtomicQueryV3PubSignals();
+
+  constructor(pubSignals: string[]) {
+    super();
+    this.pubSignals = this.pubSignals.pubSignalsUnmarshal(
+      byteEncoder.encode(JSON.stringify(pubSignals))
+    );
+
+    this.userId = this.pubSignals.userID;
+    this.challenge = this.pubSignals.requestID;
+  }
+
+  async verifyQuery(
+    query: Query,
+    schemaLoader?: DocumentLoader,
+    verifiablePresentation?: JSON,
+    opts?: VerifyOpts
+  ): Promise<void> {
+    const outs: ClaimOutputs = {
+      issuerId: this.pubSignals.issuerID,
+      schemaHash: this.pubSignals.claimSchema,
+      slotIndex: this.pubSignals.slotIndex,
+      operator: this.pubSignals.operator,
+      value: this.pubSignals.value,
+      timestamp: this.pubSignals.timestamp,
+      merklized: this.pubSignals.merklized,
+      claimPathKey: this.pubSignals.claimPathKey,
+      claimPathNotExists: this.pubSignals.claimPathNotExists,
+      valueArraySize: valuesSize,
+      isRevocationChecked: this.pubSignals.isRevocationChecked
+    };
+    await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, opts);
+
+    const { proofType, verifierID, verifierSessionID, linkID, nullifier } = this.pubSignals;
+
+    if (
+      !(query.proofType === ProofType.BJJSignature && proofType === 1) &&
+      !(query.proofType === ProofType.Iden3SparseMerkleTreeProof && proofType === 2)
+    ) {
+      throw new Error('invalid proof type');
+    }
+
+    if (nullifier && BigInt(nullifier) !== 0n) {
+      // verify nullifier information
+      if (!opts?.verifierDID) {
+        throw new Error('verifierDID is required');
+      }
+
+      const id = DID.idFromDID(opts.verifierDID);
+
+      if (verifierID.bigInt() != id.bigInt()) {
+        throw new Error('wrong verifier is used for nullification');
+      }
+
+      if (!query.verifierSessionId) {
+        throw new Error('verifierSessionId is required');
+      }
+
+      const vSessionID = BigInt(query.verifierSessionId);
+
+      if (verifierSessionID !== vSessionID) {
+        throw new Error(
+          `wrong verifier session id is used for nullification, expected ${vSessionID}, got ${verifierSessionID}`
+        );
+      }
+    }
+
+    if (query.linkSessionId && !linkID) {
+      throw new Error("proof doesn't contain link id, but link session id is provided");
+    }
+  }
+
+  async verifyStates(resolvers: Resolvers, opts?: VerifyOpts): Promise<void> {
+    const resolver = getResolverByID(resolvers, this.pubSignals.issuerID);
+    if (!resolver) {
+      throw new Error(`resolver not found for issuerID ${this.pubSignals.issuerID.string()}`);
+    }
+
+    await checkUserState(resolver, this.pubSignals.issuerID, this.pubSignals.issuerState);
+
+    if (this.pubSignals.isRevocationChecked === 0) {
+      return;
+    }
+
+    // if IsRevocationChecked is set to 0. Skip validation revocation status of issuer.
+    if (this.pubSignals.isRevocationChecked === 0) {
+      return;
+    }
+
+    const issuerNonRevStateResolved = await checkIssuerNonRevState(
+      resolver,
+      this.pubSignals.issuerID,
+      this.pubSignals.issuerClaimNonRevState
+    );
+
+    const acceptedStateTransitionDelay =
+      opts?.acceptedStateTransitionDelay ?? defaultProofVerifyOpts;
+
+    if (!issuerNonRevStateResolved.latest) {
+      const timeDiff =
+        Date.now() -
+        getDateFromUnixTimestamp(Number(issuerNonRevStateResolved.transitionTimestamp)).getTime();
+      if (timeDiff > acceptedStateTransitionDelay) {
+        throw new Error('issuer state is outdated');
+      }
+    }
+  }
+}

src/circuits/query.ts

@@ -36,6 +36,9 @@ export interface Query {
   type: string;
   claimID?: string;
   skipClaimRevocationCheck?: boolean;
+  proofType?: string;
+  verifierSessionId?: string;
+  linkSessionId?: string;
 }
 
 // ClaimOutputs fields that are used in proof generation

src/circuits/registry.ts

@@ -4,12 +4,15 @@ import { AtomicQuerySigV2PubSignalsVerifier } from '@lib/circuits/atomicSigV2';
 import { Query } from '@lib/circuits/query';
 import { Resolvers } from '@lib/state/resolver';
 import { DocumentLoader } from '@iden3/js-jsonld-merklization';
+import { DID } from '@iden3/js-iden3-core';
+import { AtomicQueryV3PubSignalsVerifier } from './atomicV3';
 
 export type VerifyOpts = {
   // acceptedStateTransitionDelay is the period of time in milliseconds that a revoked state remains valid.
   acceptedStateTransitionDelay?: number;
   // acceptedProofGenerationDelay is the period of time in milliseconds that a generated proof remains valid.
   acceptedProofGenerationDelay?: number;
+  verifierDID?: DID;
 };
 
 export interface PubSignalsVerifier {
@@ -30,13 +33,15 @@ export interface PubSignals {
 const authV2 = AuthPubSignalsV2;
 const credentialAtomicQueryMTPV2 = AtomicQueryMTPV2PubSignalsVerifier;
 const credentialAtomicQuerySigV2 = AtomicQuerySigV2PubSignalsVerifier;
+const credentialAtomicQueryV3 = AtomicQueryV3PubSignalsVerifier;
 
 export type VerifierType = PubSignalsVerifier & PubSignals;
 
 const supportedCircuits: { [key: string]: unknown } = {
   authV2,
   credentialAtomicQueryMTPV2,
-  credentialAtomicQuerySigV2
+  credentialAtomicQuerySigV2,
+  credentialAtomicQueryV3
 };
 
 export class Circuits {