fix sd for v3 circuit

iden3 · Feb 9, 2024 · 6f2268a · 6f2268a
1 parent 8fbeb18
commit 6f2268a
Show file tree

Hide file tree

Showing 7 changed files with 76 additions and 24 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@iden3/js-iden3-auth",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "iden3-auth implementation in JavaScript",
   "main": "dist/cjs/index.js",
   "source": "./src/index.ts",

diff --git a/src/circuits/atomicMtpV2.ts b/src/circuits/atomicMtpV2.ts
@@ -52,7 +52,7 @@ export class AtomicQueryMTPV2PubSignalsVerifier
       valueArraySize: valuesSize,
       isRevocationChecked: this.pubSignals.isRevocationChecked
     };
-    await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, opts);
+    await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, false, opts);
 
     return this.pubSignals;
   }

diff --git a/src/circuits/atomicSigV2.ts b/src/circuits/atomicSigV2.ts
@@ -45,7 +45,7 @@ export class AtomicQuerySigV2PubSignalsVerifier
       valueArraySize: valuesSize,
       isRevocationChecked: this.pubSignals.isRevocationChecked
     };
-    await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, opts);
+    await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, false, opts);
 
     return this.pubSignals;
   }

diff --git a/src/circuits/atomicV3.ts b/src/circuits/atomicV3.ts
@@ -54,9 +54,10 @@ export class AtomicQueryV3PubSignalsVerifier
       claimPathKey: this.pubSignals.claimPathKey,
       claimPathNotExists: this.pubSignals.claimPathNotExists,
       valueArraySize: valuesSize,
-      isRevocationChecked: this.pubSignals.isRevocationChecked
+      isRevocationChecked: this.pubSignals.isRevocationChecked,
+      operatorOutput: this.pubSignals.operatorOutput
     };
-    await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, opts);
+    await checkQueryRequest(query, outs, schemaLoader, verifiablePresentation, true, opts);
 
     const { proofType, verifierID, nullifier, nullifierSessionID, linkID } = this.pubSignals;
 

diff --git a/src/circuits/query.ts b/src/circuits/query.ts
@@ -40,13 +40,15 @@ export interface ClaimOutputs {
   claimPathNotExists?: number;
   valueArraySize: number;
   isRevocationChecked: number;
+  operatorOutput?: bigint;
 }
 
 export async function checkQueryRequest(
   query: Query,
   outputs: ClaimOutputs,
   schemaLoader?: DocumentLoader,
   verifiablePresentation?: JSON,
+  supportsSDOperator?: boolean,
   opts?: VerifyOpts
 ): Promise<void> {
   // validate issuer
@@ -93,7 +95,13 @@ export async function checkQueryRequest(
       if (!verifiablePresentation) {
         throw new Error(`no vp present in selective disclosure request`);
       }
-      await validateDisclosure(verifiablePresentation, cq, outputs, schemaLoader);
+      await validateDisclosure(
+        verifiablePresentation,
+        cq,
+        outputs,
+        schemaLoader,
+        supportsSDOperator
+      );
     } catch (e) {
       throw new Error(`failed to validate selective disclosure: ${(e as Error).message}`);
     }
@@ -188,22 +196,13 @@ async function validateDisclosure(
   verifiablePresentation: JSON,
   cq: CircuitQuery,
   outputs: ClaimOutputs,
-  ldLoader?: DocumentLoader
+  ldLoader?: DocumentLoader,
+  supportsSDOperator?: boolean
 ) {
   if (!verifiablePresentation) {
     throw new Error(`verifiablePresentation is required for selective disclosure request`);
   }
 
-  if (outputs.operator !== Operators.EQ) {
-    throw new Error(`operator for selective disclosure must be $eq`);
-  }
-
-  for (let index = 1; index < outputs.value.length; index++) {
-    if (outputs.value[index] !== 0n) {
-      throw new Error(`selective disclosure not available for array of values`);
-    }
-  }
-
   let mz: Merklizer;
   const strVerifiablePresentation: string = JSON.stringify(verifiablePresentation);
   try {
@@ -240,10 +239,35 @@ async function validateDisclosure(
       `path [${merklizedPath.parts}] doesn't exist in verifiablePresentation document`
     );
   }
-
   const bi = await value.mtEntry();
-  if (bi !== outputs.value[0]) {
-    throw new Error(`value that was used is not equal to requested in query`);
+
+  if (supportsSDOperator) {
+    if (outputs.operator !== Operators.SD) {
+      throw new Error(`operator for selective disclosure must be $sd`);
+    }
+
+    if (!outputs.operatorOutput || bi !== outputs.operatorOutput) {
+      throw new Error(`operator output must be equal to disclosed value`);
+    }
+
+    for (let index = 0; index < outputs.value.length; index++) {
+      if (outputs.value[index] !== 0n) {
+        throw new Error(`in selective disclosure, comparing values must be zero for $sd operator`);
+      }
+    }
+  } else {
+    if (outputs.operator !== Operators.EQ) {
+      throw new Error(`operator for selective disclosure must be $eq`);
+    }
+
+    for (let index = 1; index < outputs.value.length; index++) {
+      if (outputs.value[index] !== 0n) {
+        throw new Error(`selective disclosure not available for array of values`);
+      }
+    }
+    if (bi !== outputs.value[0]) {
+      throw new Error(`value that was used is not equal to requested in query`);
+    }
   }
 
   return;

diff --git a/test/query.test.ts b/test/query.test.ts
@@ -60,7 +60,7 @@ const KYCAgeNonMerklizedSchema = createSchemaHash(
     'https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-nonmerklized.jsonld#KYCAgeCredential'
   )
 );
-describe('Query', () => {
+describe.only('Query', () => {
   it('Check merklized query', async () => {
     const query: Query = {
       allowedIssuers: ['*'],
@@ -112,7 +112,7 @@ describe('Query', () => {
     await expect(checkQueryRequest(query, pubSig, defaultLoader)).resolves.not.toThrow();
   });
 
-  it('Selective disclosure', async () => {
+  it('Selective disclosure V2', async () => {
     const query: Query = {
       allowedIssuers: ['*'],
       credentialSubject: {
@@ -138,6 +138,33 @@ describe('Query', () => {
     await expect(checkQueryRequest(query, pubSig, defaultLoader, vp)).resolves.not.toThrow();
   });
 
+  it('Selective disclosure V3', async () => {
+    const query: Query = {
+      allowedIssuers: ['*'],
+      credentialSubject: {
+        countryCode: {}
+      },
+      context:
+        'https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-v3.json-ld',
+      type: 'KYCCountryOfResidenceCredential'
+    };
+    const pubSig: ClaimOutputs = {
+      issuerId: issuerID,
+      schemaHash: KYCCountrySchema,
+      claimPathKey: BigInt(
+        '17002437119434618783545694633038537380726339994244684348913844923422470806844'
+      ),
+      operator: 16,
+      value: [],
+      merklized: 1,
+      isRevocationChecked: 1,
+      valueArraySize: 64,
+      timestamp: getUnixTimestamp(new Date()),
+      operatorOutput: BigInt(800)
+    };
+    await expect(checkQueryRequest(query, pubSig, defaultLoader, vp, true)).resolves.not.toThrow();
+  });
+
   it('Query with boolean type', async () => {
     const query: Query = {
       allowedIssuers: ['*'],