From e942b2fadd49ec8864d9a1e7cc273e870e29dec7 Mon Sep 17 00:00:00 2001 From: vmidyllic <74898029+vmidyllic@users.noreply.github.com> Date: Mon, 25 Apr 2022 19:34:15 +0300 Subject: [PATCH 1/3] update logic of claim slots verification --- go.mod | 2 +- go.sum | 4 +- processor/json-ld/processor_ipfs_test.go | 99 ++++-------------------- processor/json-ld/processor_test.go | 57 +------------- utils/claims.go | 62 +++++++-------- 5 files changed, 50 insertions(+), 174 deletions(-) diff --git a/go.mod b/go.mod index f20935a..dd40fea 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.17 require ( github.com/ethereum/go-ethereum v1.10.15 - github.com/iden3/go-iden3-core v0.0.13 + github.com/iden3/go-iden3-core v0.0.16 github.com/iden3/go-iden3-crypto v0.0.13 github.com/iden3/go-merkletree-sql v1.0.0-pre8 github.com/iden3/go-schema-registry-wrapper v0.0.7 diff --git a/go.sum b/go.sum index e209b28..8ddf6ed 100644 --- a/go.sum +++ b/go.sum @@ -214,8 +214,8 @@ github.com/huin/goupnp v1.0.2 h1:RfGLP+h3mvisuWEyybxNq5Eft3NWhHLPeUN72kpKZoI= github.com/huin/goupnp v1.0.2/go.mod h1:0dxJBVBHqTMjIUMkESDTNgOOx/Mw5wYIfyFmdzSamkM= github.com/huin/goutil v0.0.0-20170803182201-1ca381bf3150/go.mod h1:PpLOETDnJ0o3iZrZfqZzyLl6l7F3c6L1oWn7OICBi6o= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/iden3/go-iden3-core v0.0.13 h1:Bu9JDxxy+P43QAES9SMuBczvtlmRGbXVs0iyYcaMb+0= -github.com/iden3/go-iden3-core v0.0.13/go.mod h1:wJtcMK/bSazyW/JrQaRrbpUMgSMg79Pke3xgtfPxDnQ= +github.com/iden3/go-iden3-core v0.0.16 h1:BHNcRA+3Jbz0ur9VhQePP9u9o6cGvLBLB3Qs9OGoQlM= +github.com/iden3/go-iden3-core v0.0.16/go.mod h1:wJtcMK/bSazyW/JrQaRrbpUMgSMg79Pke3xgtfPxDnQ= github.com/iden3/go-iden3-crypto v0.0.11/go.mod h1:yUBWcXgAUDZxa1PvRl0zIT4Q4/rQO5PacE52Z06i8kw= github.com/iden3/go-iden3-crypto v0.0.13 h1:ixWRiaqDULNyIDdOWz2QQJG5t4PpNHkQk2P6GV94cok= github.com/iden3/go-iden3-crypto v0.0.13/go.mod h1:swXIv0HFbJKobbQBtsB50G7IHr6PbTowutSew/iBEoo= diff --git a/processor/json-ld/processor_ipfs_test.go b/processor/json-ld/processor_ipfs_test.go index 5d3726b..7f27ef8 100644 --- a/processor/json-ld/processor_ipfs_test.go +++ b/processor/json-ld/processor_ipfs_test.go @@ -3,8 +3,8 @@ package jsonld import ( "context" commonJSON "encoding/json" + schemaUtils "github.com/iden3/go-schema-processor/utils" "math/big" - "os" "testing" "github.com/iden3/go-iden3-crypto/utils" @@ -12,10 +12,8 @@ import ( jsonld "github.com/iden3/go-schema-processor/json-ld" "github.com/iden3/go-schema-processor/loaders" "github.com/iden3/go-schema-processor/processor" - schemaUtils "github.com/iden3/go-schema-processor/utils" "github.com/iden3/go-schema-processor/verifiable" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func getIPFSLoader(t string) processor.SchemaLoader { @@ -25,7 +23,7 @@ func getIPFSLoader(t string) processor.SchemaLoader { case "kyc": cid = "QmaniifmAkPfmTkpNzVQPcdn4Bu5LuNx1qn1dpNFmU6en6" case "kyc-v2": - cid = "QmZm9WhzuyqXnhBmvd9aNYP6qQAHnpghFbVzH5kiAikmhW" + cid = "QmP8NrKqoBKjmKwMsC8pwBCBxXR2PhwSepwXx31gnJxAbP" case "auth": cid = "QmWf7fD5txHaMH1zhrWUKSVvACgTLLqcdWbFPqQkKHa9yJ" default: @@ -33,7 +31,7 @@ func getIPFSLoader(t string) processor.SchemaLoader { } return &loaders.IPFS{ CID: cid, - URL: os.Getenv("IPFS_URL"), + URL: "https://25CLrk5mJXWhONKzbMQtQHEvepN:888f2b0d89b97887358b6a762ba9d95f@ipfs.infura.io:5001", } } @@ -142,7 +140,7 @@ func TestValidatorPFSLoader(t *testing.T) { } -func TestValidatorWithInvalidFieldPFSLoader(t *testing.T) { +func TestValidatorWithInvalidFieldIPFSLoader(t *testing.T) { loader := getIPFSLoader("kyc") validator := jsonld.Validator{ClaimType: "KYCAgeCredential"} @@ -174,7 +172,7 @@ func TestValidatorWithInvalidFieldPFSLoader(t *testing.T) { } -func TestValidatorWithPositionedDataPFSLoader(t *testing.T) { +func TestValidatorWithPositionedDataIPFSLoader(t *testing.T) { loader := getIPFSLoader("kyc") validator := jsonld.Validator{ClaimType: "KYCAgeCredential"} @@ -203,7 +201,7 @@ func TestValidatorWithPositionedDataPFSLoader(t *testing.T) { } -func TestParserWithSlotsTypesPFSLoader(t *testing.T) { +func TestParserWithSlotsTypesIPFSLoader(t *testing.T) { loader := getIPFSLoader("kyc-v2") validator := json.Validator{} @@ -243,7 +241,7 @@ func TestParserWithSlotsTypesPFSLoader(t *testing.T) { } -func TestGetFieldIndexWithSlotsTypesPFSLoader(t *testing.T) { +func TestGetFieldIndexWithSlotsTypesIPFSLoader(t *testing.T) { loader := getIPFSLoader("kyc-v2") validator := json.Validator{} @@ -272,7 +270,7 @@ func TestGetFieldIndexWithSlotsTypesPFSLoader(t *testing.T) { } -func TestParserForBigIntegersPFSLoader(t *testing.T) { +func TestParserForBigIntegersIPFSLoader(t *testing.T) { loader := getIPFSLoader("auth") validator := json.Validator{} @@ -313,66 +311,9 @@ func TestParserForBigIntegersPFSLoader(t *testing.T) { assert.Empty(t, parsedData.ValueB) } -func TestParserParseClaimWithoutSubjectIDPFSLoader(t *testing.T) { - - jsonLDDocument := `{"id":"c0f6ac87-603e-44cd-8d83-0caeb458d50d","@context":["https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/iden3credential.json-ld","https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/auth.json-ld"],"@type":["Iden3Credential"],"expiration":"2361-03-21T21:14:48+02:00","updatable":false,"version":0,"rev_nonce":2034832188220019200,"credentialSubject":{"type":"AuthBJJCredential","x":"12747559771369266961976321746772881814229091957322087014312756428846389160887","y":"7732074634595480184356588475330446395691728690271550550016720788712795268212"},"credentialStatus":{"id":"http://localhost:8001/api/v1/identities/118VhAf6ng6J44FhNrGeYzSbJgGVmcpeXYFR2YTrZ6/claims/revocation/status/2034832188220019081","type":"SparseMerkleTreeProof"},"credentialSchema":{"@id":"auth","type":"JsonSchemaValidator2018"},"proof":[{"@type":"BJJSignature2021","issuer":"118VhAf6ng6J44FhNrGeYzSbJgGVmcpeXYFR2YTrZ6","h_index":"c89cf5b95157f091f2d8bf49bc1a57cd7988da83bbcd982a74c5e8c70e566403","h_value":"0262b2cd6b9ae44cd9a39045c9bb03ad4e1f056cb81d855f1fc4ef0cdf827912","created":1642518655,"issuer_mtp":{"@type":"Iden3SparseMerkleProof","issuer":"118VhAf6ng6J44FhNrGeYzSbJgGVmcpeXYFR2YTrZ6","h_index":"201a02eb979be695702ea37d930309d2965d803541be5f7b3900459b2fad8726","h_value":"0654da1d53ca201cb42b767a6f12265ff7a08720b88a82182e0f20702479d12d","state":{"claims_tree_root":"a5087cfa6f2c7c565d831327091533f09999133df1df51104d2ce6f8e4d90529","value":"dca344e95da517a301729d94b213298b9de96dfddaf7aad9423d918ea3208820"},"mtp":{"existence":true,"siblings":[]}},"verification_method":"2764e2d8241b18c217010ebf90bebb30240d32c33f3007f33e42d58680813123","proof_value":"c354eb1006534c59766ed8398d49a9a614312e430c5373ea493395db6369d49485e9a0d63f3bfe9fd157294ffbf706b6b7df7a8662a58fae0056a046af1caa04","proof_purpose":"Authentication"},{"@type":"Iden3SparseMerkleProof","issuer":"118VhAf6ng6J44FhNrGeYzSbJgGVmcpeXYFR2YTrZ6","h_index":"c89cf5b95157f091f2d8bf49bc1a57cd7988da83bbcd982a74c5e8c70e566403","h_value":"0262b2cd6b9ae44cd9a39045c9bb03ad4e1f056cb81d855f1fc4ef0cdf827912","state":{"tx_id":"0xf2e23524ab76cb4f371b921a214ff411d5d391962899a2afe20f356e3bdc0c71","block_timestamp":1642522496,"block_number":11837707,"claims_tree_root":"bebcaee8444e93b6e32855f54e9f617d5fd654570badce7d6bc649304169681d","revocation_tree_root":"0000000000000000000000000000000000000000000000000000000000000000","value":"2806aa9a045b2a5503b12f2979b2d19933e803fd3dd73d8ad40dc138bc9a582e"},"mtp":{"existence":true,"siblings":["0","0","0","18555164879275043542501047154170418730098376961920428892719505858997411121317"]}}]}` - - var vc verifiable.Iden3Credential - - err := commonJSON.Unmarshal([]byte(jsonLDDocument), &vc) - assert.Nil(t, err) - - credType := vc.CredentialSubject["type"].(string) - parser := jsonld.Parser{ClaimType: credType, - ParsingStrategy: processor.OneFieldPerSlotStrategy} - loader := getIPFSLoader(vc.CredentialSchema.ID) - schemaBytes, ext, err := loader.Load(context.Background()) - assert.Nil(t, err) - assert.Equal(t, ext, "json-ld") - assert.NotEmpty(t, schemaBytes) - - coreClaim, err := parser.ParseClaim(&vc, schemaBytes) - assert.Nil(t, err) - _, err = coreClaim.GetID() - assert.Errorf(t, err, "ID is not set") - schemaClaimBytes, err := coreClaim.GetSchemaHash().MarshalText() - assert.Nil(t, err) - assert.Equal(t, "825a563818f8450461ea87bd23bf56af", - string(schemaClaimBytes)) - - revNonce := coreClaim.GetRevocationNonce() - assert.Equal(t, vc.RevNonce, revNonce) - - expTime, _ := coreClaim.GetExpirationDate() - assert.Equal(t, vc.Expiration.Unix(), expTime.Unix()) - - updatable := coreClaim.GetFlagUpdatable() - assert.Equal(t, vc.Updatable, updatable) - - indexSlots, _ := coreClaim.RawSlots() - hIndex, hValue, err := schemaUtils.IndexValueHash(*coreClaim) - require.NoError(t, err) - - xBigInt, ok := new(big.Int).SetString("12747559771369266961976321746772881814229091957322087014312756428846389160887", - 10) - assert.True(t, ok) - yBigInt, ok := new(big.Int).SetString("7732074634595480184356588475330446395691728690271550550016720788712795268212", - 10) - assert.True(t, ok) - assert.Equal(t, - "c522586cce36201d072f2bb8a75e6c729960ef54d3c75903c17ab705ba43b11a", - hIndex.Hex()) - assert.Equal(t, - "449c53013992e70856c3cb7c7a10ac0b3aa455de305f4af5a93b9ade4592f319", - hValue.Hex()) - assert.Equal(t, xBigInt, indexSlots[2].ToInt()) - assert.Equal(t, yBigInt, indexSlots[3].ToInt()) - -} func TestParserParseClaimWithSubjectIDPFSLoader(t *testing.T) { - jsonLDDocument := `{"id":"2caf3139-7f69-4f9c-a2cb-5a35cff78aab","@context":["https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/iden3credential.json-ld","https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-v2.json-ld"],"@type":["Iden3Credential"],"expiration":"2361-03-21T21:14:48+02:00","updatable":false,"version":0,"rev_nonce":3473370693766599700,"credentialSubject":{"countryCode":980,"documentType":1,"id":"114RrowVvS5fz1XDmTG1EXBuYsruvdYzGByqFBvpHc","type":"KYCCountryOfResidenceCredential"},"credentialStatus":{"id":"http://localhost:8001/api/v1/identities/115mN2C7gh65EpfKt6skXeKGcJ53PACCSGfapzYkAW/claims/revocation/status/3473370693766599916","type":"SparseMerkleTreeProof"},"credentialSchema":{"@id":"kyc-v2","type":"JsonSchemaValidator2018"},"proof":[{"@type":"BJJSignature2021","issuer":"115mN2C7gh65EpfKt6skXeKGcJ53PACCSGfapzYkAW","h_index":"519c009c790b3bcb3ea3e9f33fc8071bacf7a1c6510e944dbb648419025e500c","h_value":"1d4895af94c1d4abfe658876f75baf527711d20b130cba4589e879afdaed7520","created":1642497726,"issuer_mtp":{"@type":"Iden3SparseMerkleProof","issuer":"115mN2C7gh65EpfKt6skXeKGcJ53PACCSGfapzYkAW","h_index":"eaa341a91db8b914d61326d9642c35ac2ca4f6dbb1a87609f84b669685141f11","h_value":"46993eb76d20c1880406798b1b9237092515c2d9949620510ec7196e43fd3205","state":{"claims_tree_root":"5ce2c11a4474fe4c6041e5105b0b381c0efb203ef0ce4d88c4ed32d3d8877001","value":"9a47b0353868f5c0ec3eae7a20bab97cbfd789b334424ab41c9bd40c1f762823"},"mtp":{"existence":true,"siblings":[]}},"verification_method":"ddba158931e361d48f195417413a2ec931441847200fe276bcb1648a4e184c1e","proof_value":"40dd0fb06386d78021d999c4b49d659dd90333a64d87d27870297d31188f95948e86ea2d37f605295074f16a837b6a9bc6189d90aaed1be10bcaca06292a4005","proof_purpose":"Authentication"},{"@type":"Iden3SparseMerkleProof","issuer":"115mN2C7gh65EpfKt6skXeKGcJ53PACCSGfapzYkAW","h_index":"6a3978073c5828f2760381ba02b24bdfddf0456a244fe5d485e1135ee472042e","h_value":"1d4895af94c1d4abfe658876f75baf527711d20b130cba4589e879afdaed7520","state":{"tx_id":"0x8537e0645996e34a8115da9a60b307094580e840a030668127393826d61cd0d1","block_timestamp":1642497740,"block_number":11836551,"claims_tree_root":"0511047e551c7e0d2ae1884636fbdf86c1a5a0156938b6ea857a4e34e06a7a0c","revocation_tree_root":"0000000000000000000000000000000000000000000000000000000000000000","value":"c5803aeb2c6d0a357855e070c24fddd5c4ccfef4692cfbf5e1c9068581d53712"},"mtp":{"existence":true,"siblings":["5691303581499283741098849603802493433441417335538778353796518252917364457995","0","0","0","0","0","0","651137301185586690938826662242457730822130240763746109003863565068434268764"]}}]}` - + jsonLDDocument := `{"id":"e65a0bfb-d1a0-4f8d-bbd4-7705a17f6b5d","@context":["https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/iden3credential.json-ld","ipfs://QmP8NrKqoBKjmKwMsC8pwBCBxXR2PhwSepwXx31gnJxAbP"],"@type":["Iden3Credential"],"expiration":"2361-03-21T21:14:48+02:00","updatable":false,"version":0,"rev_nonce":1427136406,"credentialSubject":{"countryCode":980,"documentType":1,"id":"116iPg7dwEP5VqNr1DHQKo4JRbypL2ccJryV3626yV","type":"KYCCountryOfResidenceCredential"},"credentialStatus":{"id":"http://localhost:8001/api/v1/identities/118HT4DprVZDh1hwxNbgXvj3WYfs7aJMejdKBCr3fz/claims/revocation/status/1427136406","type":"SparseMerkleTreeProof"},"credentialSchema":{"@id":"ipfs://QmP8NrKqoBKjmKwMsC8pwBCBxXR2PhwSepwXx31gnJxAbP","type":"KYCCountryOfResidenceCredential"},"proof":{"@type":"BJJSignature2021","issuer":"118HT4DprVZDh1hwxNbgXvj3WYfs7aJMejdKBCr3fz","h_index":"6e43eefcb286da6410752683af39ac01fe4c2b71bb6bc33153f817c1ff72b323","h_value":"095192dcc00fc43d0df69c59905b150376c317a92f0f29e5cb958cd2856b8908","created":1650903921,"issuer_mtp":{"@type":"Iden3SparseMerkleProof","issuer":"118HT4DprVZDh1hwxNbgXvj3WYfs7aJMejdKBCr3fz","h_index":"90feb35f5b65f0b51d24d88a933dd6bde9809dc0d5bfe1f48219864036e61105","h_value":"46993eb76d20c1880406798b1b9237092515c2d9949620510ec7196e43fd3205","state":{"claims_tree_root":"4a215db950a071439fee5c2d4862d6fab89c2f7b1e06735e1c23e96b0584142e","value":"c4000e554cc3a6a725e0298b816e1952c3b1681bbed44e0a84fc6957b908900f","status":"created"},"mtp":{"existence":true,"siblings":[]}},"verification_method":"d2050abbe1e4d788621e5e54ef0e40081d3e1a1e5753b08e159608f60eb48715","proof_value":"6b3b95fa5365df397cb2d0d638fc2d9ec2e7bb687937a50d3c9aa8820343c01c80821f66eea8c706cf836040e7b58dc85513b3aad99abbc7067cbe1ee6a36701","proof_purpose":"Authentication"}}` var vc verifiable.Iden3Credential err := commonJSON.Unmarshal([]byte(jsonLDDocument), &vc) @@ -383,7 +324,7 @@ func TestParserParseClaimWithSubjectIDPFSLoader(t *testing.T) { parser := jsonld.Parser{ClaimType: credType, ParsingStrategy: processor.OneFieldPerSlotStrategy} - loader := getIPFSLoader(vc.CredentialSchema.ID) + loader := getIPFSLoader("kyc-v2") schemaBytes, ext, err := loader.Load(context.Background()) assert.Nil(t, err) assert.Equal(t, ext, "json-ld") @@ -397,7 +338,7 @@ func TestParserParseClaimWithSubjectIDPFSLoader(t *testing.T) { schemaClaimBytes, err := coreClaim.GetSchemaHash().MarshalText() assert.Nil(t, err) - assert.Equal(t, "782bb5dd29b875efb42f6c54ab585fdb", + assert.Equal(t, "ce38102464833febf36e714922a83050", string(schemaClaimBytes)) revNonce := coreClaim.GetRevocationNonce() @@ -409,20 +350,6 @@ func TestParserParseClaimWithSubjectIDPFSLoader(t *testing.T) { updatable := coreClaim.GetFlagUpdatable() assert.Equal(t, vc.Updatable, updatable) - hIndex, hValue, err := schemaUtils.IndexValueHash(*coreClaim) - require.NoError(t, err) - indexSlots, _ := coreClaim.RawSlots() - xBigInt, ok := new(big.Int).SetString("980", 10) - assert.True(t, ok) - yBigInt, ok := new(big.Int).SetString("1", 10) - assert.True(t, ok) - assert.Equal(t, - "519c009c790b3bcb3ea3e9f33fc8071bacf7a1c6510e944dbb648419025e500c", - hIndex.Hex()) - assert.Equal(t, - "4da320609775b1caa029c7058f27069eccfb70560c582e8df7319ce54124b00c", - hValue.Hex()) - assert.Equal(t, xBigInt, indexSlots[2].ToInt()) - assert.Equal(t, yBigInt, indexSlots[3].ToInt()) - + err = schemaUtils.VerifyClaimHash(&vc, coreClaim) + assert.Nil(t, err) } diff --git a/processor/json-ld/processor_test.go b/processor/json-ld/processor_test.go index 6acf92b..2ef2e08 100644 --- a/processor/json-ld/processor_test.go +++ b/processor/json-ld/processor_test.go @@ -14,7 +14,6 @@ import ( schemaUtils "github.com/iden3/go-schema-processor/utils" "github.com/iden3/go-schema-processor/verifiable" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestParserWithSimpleData(t *testing.T) { @@ -303,8 +302,7 @@ func TestParserForBigIntegers(t *testing.T) { func TestParserParseClaimWithoutSubjectID(t *testing.T) { - jsonLDDocument := `{"id":"c0f6ac87-603e-44cd-8d83-0caeb458d50d","@context":["https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/iden3credential.json-ld","https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/auth.json-ld"],"@type":["Iden3Credential"],"expiration":"2361-03-21T21:14:48+02:00","updatable":false,"version":0,"rev_nonce":2034832188220019200,"credentialSubject":{"type":"AuthBJJCredential","x":"12747559771369266961976321746772881814229091957322087014312756428846389160887","y":"7732074634595480184356588475330446395691728690271550550016720788712795268212"},"credentialStatus":{"id":"http://localhost:8001/api/v1/identities/118VhAf6ng6J44FhNrGeYzSbJgGVmcpeXYFR2YTrZ6/claims/revocation/status/2034832188220019081","type":"SparseMerkleTreeProof"},"credentialSchema":{"@id":"https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/auth.json-ld","type":"JsonSchemaValidator2018"},"proof":[{"@type":"BJJSignature2021","issuer":"118VhAf6ng6J44FhNrGeYzSbJgGVmcpeXYFR2YTrZ6","h_index":"c89cf5b95157f091f2d8bf49bc1a57cd7988da83bbcd982a74c5e8c70e566403","h_value":"0262b2cd6b9ae44cd9a39045c9bb03ad4e1f056cb81d855f1fc4ef0cdf827912","created":1642518655,"issuer_mtp":{"@type":"Iden3SparseMerkleProof","issuer":"118VhAf6ng6J44FhNrGeYzSbJgGVmcpeXYFR2YTrZ6","h_index":"201a02eb979be695702ea37d930309d2965d803541be5f7b3900459b2fad8726","h_value":"0654da1d53ca201cb42b767a6f12265ff7a08720b88a82182e0f20702479d12d","state":{"claims_tree_root":"a5087cfa6f2c7c565d831327091533f09999133df1df51104d2ce6f8e4d90529","value":"dca344e95da517a301729d94b213298b9de96dfddaf7aad9423d918ea3208820"},"mtp":{"existence":true,"siblings":[]}},"verification_method":"2764e2d8241b18c217010ebf90bebb30240d32c33f3007f33e42d58680813123","proof_value":"c354eb1006534c59766ed8398d49a9a614312e430c5373ea493395db6369d49485e9a0d63f3bfe9fd157294ffbf706b6b7df7a8662a58fae0056a046af1caa04","proof_purpose":"Authentication"},{"@type":"Iden3SparseMerkleProof","issuer":"118VhAf6ng6J44FhNrGeYzSbJgGVmcpeXYFR2YTrZ6","h_index":"c89cf5b95157f091f2d8bf49bc1a57cd7988da83bbcd982a74c5e8c70e566403","h_value":"0262b2cd6b9ae44cd9a39045c9bb03ad4e1f056cb81d855f1fc4ef0cdf827912","state":{"tx_id":"0xf2e23524ab76cb4f371b921a214ff411d5d391962899a2afe20f356e3bdc0c71","block_timestamp":1642522496,"block_number":11837707,"claims_tree_root":"bebcaee8444e93b6e32855f54e9f617d5fd654570badce7d6bc649304169681d","revocation_tree_root":"0000000000000000000000000000000000000000000000000000000000000000","value":"2806aa9a045b2a5503b12f2979b2d19933e803fd3dd73d8ad40dc138bc9a582e"},"mtp":{"existence":true,"siblings":["0","0","0","18555164879275043542501047154170418730098376961920428892719505858997411121317"]}}]}` - + jsonLDDocument := `{"id":"43a43795-bbf2-4793-8bb3-b2c7adda38c2","@context":["https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/iden3credential.json-ld","https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/auth.json-ld"],"@type":["Iden3Credential"],"expiration":"2361-03-21T21:14:48+02:00","updatable":false,"version":0,"rev_nonce":2718740429,"credentialSubject":{"type":"AuthBJJCredential","x":"20409658749787088412096793141437101561442676297213277276857597798284501440331","y":"3183003504125265840590980610899311014430663361485132256793125936481857108909"},"credentialStatus":{"id":"http://localhost:8001/api/v1/identities/1129q213BgoVEnnvUGB4TsmNuScS1icbiN2C1RBpPF/claims/revocation/status/2718740429","type":"SparseMerkleTreeProof"},"credentialSchema":{"@id":"https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/auth.json-ld","type":"AuthBJJCredential"},"proof":{"@type":"BJJSignature2021","issuer":"1129q213BgoVEnnvUGB4TsmNuScS1icbiN2C1RBpPF","h_index":"c423a3e302df8d1b3acc126b23a7bc670923b7a25bed848df0df77695a15ff26","h_value":"72c0318618293988eb9d7820fb762b09c4f906ac54eebe0108959313a4f8441d","created":1650898704,"issuer_mtp":{"@type":"Iden3SparseMerkleProof","issuer":"1129q213BgoVEnnvUGB4TsmNuScS1icbiN2C1RBpPF","h_index":"b530c7ed22879305e899914ba8a378c713bd023144cb79808a1d2adf4947a517","h_value":"46993eb76d20c1880406798b1b9237092515c2d9949620510ec7196e43fd3205","state":{"claims_tree_root":"f93fd2d63e1961711b996de149efe0a5297e8651203eb42f6a90245e82fa9500","value":"a4b6b022a2b95f34ad63b4ef589ea60282af283e833f26a456588e9b563b1e1e","status":"created"},"mtp":{"existence":true,"siblings":[]}},"verification_method":"93f822075aefe096f69a66e1623bdbf907230c49950ef41738c00f6b91682425","proof_value":"68818ecc8cf007fd07bf82c0c2aa1b456b91d7d560d0a642c442b0e34a6bca245143a99b04c14e2499d2a9009c8a22fb6438f09da55daf10185834e6dcb48604","proof_purpose":"Authentication"}}` var vc verifiable.Iden3Credential err := commonJSON.Unmarshal([]byte(jsonLDDocument), &vc) @@ -338,30 +336,13 @@ func TestParserParseClaimWithoutSubjectID(t *testing.T) { updatable := coreClaim.GetFlagUpdatable() assert.Equal(t, vc.Updatable, updatable) - hIndex, hValue, err := schemaUtils.IndexValueHash(*coreClaim) - require.NoError(t, err) - - xBigInt, ok := new(big.Int).SetString("12747559771369266961976321746772881814229091957322087014312756428846389160887", - 10) - assert.True(t, ok) - yBigInt, ok := new(big.Int).SetString("7732074634595480184356588475330446395691728690271550550016720788712795268212", - 10) - assert.True(t, ok) - assert.Equal(t, - "f11cb68c61628ed00bad0f797a6756bd16faa983019af7f20daeb2600c437d28", - hIndex.Hex()) - assert.Equal(t, - "449c53013992e70856c3cb7c7a10ac0b3aa455de305f4af5a93b9ade4592f319", - hValue.Hex()) - indexSlots, _ := coreClaim.RawSlots() - assert.Equal(t, xBigInt, indexSlots[2].ToInt()) - assert.Equal(t, yBigInt, indexSlots[3].ToInt()) + err = schemaUtils.VerifyClaimHash(&vc, coreClaim) + assert.Nil(t, err) } func TestParserParseClaimWithSubjectID(t *testing.T) { - jsonLDDocument := `{"id":"2caf3139-7f69-4f9c-a2cb-5a35cff78aab","@context":["https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/iden3credential.json-ld","https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-v2.json-ld"],"@type":["Iden3Credential"],"expiration":"2361-03-21T21:14:48+02:00","updatable":false,"version":0,"rev_nonce":3473370693766599700,"credentialSubject":{"countryCode":980,"documentType":1,"id":"114RrowVvS5fz1XDmTG1EXBuYsruvdYzGByqFBvpHc","type":"KYCCountryOfResidenceCredential"},"credentialStatus":{"id":"http://localhost:8001/api/v1/identities/115mN2C7gh65EpfKt6skXeKGcJ53PACCSGfapzYkAW/claims/revocation/status/3473370693766599916","type":"SparseMerkleTreeProof"},"credentialSchema":{"@id":"https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-v2.json-ld","type":"JsonSchemaValidator2018"},"proof":[{"@type":"BJJSignature2021","issuer":"115mN2C7gh65EpfKt6skXeKGcJ53PACCSGfapzYkAW","h_index":"6a3978073c5828f2760381ba02b24bdfddf0456a244fe5d485e1135ee472042e","h_value":"1d4895af94c1d4abfe658876f75baf527711d20b130cba4589e879afdaed7520","created":1642497726,"issuer_mtp":{"@type":"Iden3SparseMerkleProof","issuer":"115mN2C7gh65EpfKt6skXeKGcJ53PACCSGfapzYkAW","h_index":"eaa341a91db8b914d61326d9642c35ac2ca4f6dbb1a87609f84b669685141f11","h_value":"46993eb76d20c1880406798b1b9237092515c2d9949620510ec7196e43fd3205","state":{"claims_tree_root":"5ce2c11a4474fe4c6041e5105b0b381c0efb203ef0ce4d88c4ed32d3d8877001","value":"9a47b0353868f5c0ec3eae7a20bab97cbfd789b334424ab41c9bd40c1f762823"},"mtp":{"existence":true,"siblings":[]}},"verification_method":"ddba158931e361d48f195417413a2ec931441847200fe276bcb1648a4e184c1e","proof_value":"40dd0fb06386d78021d999c4b49d659dd90333a64d87d27870297d31188f95948e86ea2d37f605295074f16a837b6a9bc6189d90aaed1be10bcaca06292a4005","proof_purpose":"Authentication"},{"@type":"Iden3SparseMerkleProof","issuer":"115mN2C7gh65EpfKt6skXeKGcJ53PACCSGfapzYkAW","h_index":"6a3978073c5828f2760381ba02b24bdfddf0456a244fe5d485e1135ee472042e","h_value":"1d4895af94c1d4abfe658876f75baf527711d20b130cba4589e879afdaed7520","state":{"tx_id":"0x8537e0645996e34a8115da9a60b307094580e840a030668127393826d61cd0d1","block_timestamp":1642497740,"block_number":11836551,"claims_tree_root":"0511047e551c7e0d2ae1884636fbdf86c1a5a0156938b6ea857a4e34e06a7a0c","revocation_tree_root":"0000000000000000000000000000000000000000000000000000000000000000","value":"c5803aeb2c6d0a357855e070c24fddd5c4ccfef4692cfbf5e1c9068581d53712"},"mtp":{"existence":true,"siblings":["5691303581499283741098849603802493433441417335538778353796518252917364457995","0","0","0","0","0","0","651137301185586690938826662242457730822130240763746109003863565068434268764"]}}]}` - + jsonLDDocument := `{"id":"4102dcf4-9382-443a-8108-959e631b5d2f","@context":["https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/iden3credential.json-ld","https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-v2.json-ld"],"@type":["Iden3Credential"],"expiration":"2361-03-21T21:14:48+02:00","updatable":false,"version":0,"rev_nonce":2761125786,"credentialSubject":{"birthday":19960424,"documentType":1,"id":"118akjaAsZ2i3bSSYEaM88mCMpXAcL6WvpZH68fKZn","type":"KYCAgeCredential"},"credentialStatus":{"id":"http://localhost:8001/api/v1/identities/1129q213BgoVEnnvUGB4TsmNuScS1icbiN2C1RBpPF/claims/revocation/status/2761125786","type":"SparseMerkleTreeProof"},"credentialSchema":{"@id":"https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-v2.json-ld","type":"KYCAgeCredential"},"proof":[{"@type":"BJJSignature2021","issuer":"1129q213BgoVEnnvUGB4TsmNuScS1icbiN2C1RBpPF","h_index":"2c3a63fb838bbc1809c1e80a19139019fe37b24b1623ce2daba44183872cc41d","h_value":"463b48e77f0661d31a56f61681c97b6223b1412505e3b04c7a4e0b08f3181819","created":1650898533,"issuer_mtp":{"@type":"Iden3SparseMerkleProof","issuer":"1129q213BgoVEnnvUGB4TsmNuScS1icbiN2C1RBpPF","h_index":"b530c7ed22879305e899914ba8a378c713bd023144cb79808a1d2adf4947a517","h_value":"46993eb76d20c1880406798b1b9237092515c2d9949620510ec7196e43fd3205","state":{"claims_tree_root":"f93fd2d63e1961711b996de149efe0a5297e8651203eb42f6a90245e82fa9500","value":"a4b6b022a2b95f34ad63b4ef589ea60282af283e833f26a456588e9b563b1e1e","status":"created"},"mtp":{"existence":true,"siblings":[]}},"verification_method":"93f822075aefe096f69a66e1623bdbf907230c49950ef41738c00f6b91682425","proof_value":"842a7044245669d898bb42106573469fa3e56805eaeab78cbd06ecda0cd82490a1c03d3438705a764b5cef11d764c16d17dd86d9463966c703286ccb80139d00","proof_purpose":"Authentication"},{"@type":"Iden3SparseMerkleProof","issuer":"1129q213BgoVEnnvUGB4TsmNuScS1icbiN2C1RBpPF","h_index":"2c3a63fb838bbc1809c1e80a19139019fe37b24b1623ce2daba44183872cc41d","h_value":"463b48e77f0661d31a56f61681c97b6223b1412505e3b04c7a4e0b08f3181819","state":{"tx_id":"0x7482579da9942ce9c218174fb509ab15fa9f94e70cb29d63cb7072b306b3b866","block_timestamp":1650900717,"block_number":26082637,"root_of_roots":"ffa2d0eec32ee4588b5fdac7aaa2d136d5d3ab96bb25d8507570a391dfd14922","claims_tree_root":"682409da4fdaf072f30314e0578848662975d2d3aa967a46b0b678745368e12b","revocation_tree_root":"0000000000000000000000000000000000000000000000000000000000000000","value":"0d3a999d58f26f1ccc21bbe745ee9d62efdc618613caf930009c533e2e56831f","status":"confirmed"},"mtp":{"existence":true,"siblings":["264989163946140659119067438613111086251856808194270247179339188846199980025","0","0","412703772382477972262931479259998079304255691105270144442886052862988158651"]}}]}` var vc verifiable.Iden3Credential err := commonJSON.Unmarshal([]byte(jsonLDDocument), &vc) @@ -385,34 +366,4 @@ func TestParserParseClaimWithSubjectID(t *testing.T) { assert.Nil(t, err) assert.Equal(t, subjectID, id.String()) - schemaClaimBytes, err := coreClaim.GetSchemaHash().MarshalText() - assert.Nil(t, err) - assert.Equal(t, "ce38102464833febf36e714922a83050", - string(schemaClaimBytes)) - - revNonce := coreClaim.GetRevocationNonce() - assert.Equal(t, vc.RevNonce, revNonce) - - expTime, _ := coreClaim.GetExpirationDate() - assert.Equal(t, vc.Expiration.Unix(), expTime.Unix()) - - updatable := coreClaim.GetFlagUpdatable() - assert.Equal(t, vc.Updatable, updatable) - - hIndex, hValue, err := schemaUtils.IndexValueHash(*coreClaim) - require.NoError(t, err) - xBigInt, ok := new(big.Int).SetString("980", 10) - assert.True(t, ok) - yBigInt, ok := new(big.Int).SetString("1", 10) - assert.True(t, ok) - assert.Equal(t, - "28876d2aeb56324aaf9c506b7313f19d309b223cbc047eb4528f2a6fdb8d1d1c", - hIndex.Hex()) - assert.Equal(t, - "4da320609775b1caa029c7058f27069eccfb70560c582e8df7319ce54124b00c", - hValue.Hex()) - indexSlots, _ := coreClaim.RawSlots() - assert.Equal(t, xBigInt, indexSlots[2].ToInt()) - assert.Equal(t, yBigInt, indexSlots[3].ToInt()) - } diff --git a/utils/claims.go b/utils/claims.go index 363f227..b9c20b2 100644 --- a/utils/claims.go +++ b/utils/claims.go @@ -3,12 +3,11 @@ package utils import ( "encoding/json" "fmt" + "github.com/iden3/go-merkletree-sql" "math/big" "github.com/ethereum/go-ethereum/crypto" core "github.com/iden3/go-iden3-core" - "github.com/iden3/go-iden3-crypto/poseidon" - "github.com/iden3/go-merkletree-sql" "github.com/iden3/go-schema-processor/processor" "github.com/iden3/go-schema-processor/verifiable" "github.com/pkg/errors" @@ -164,51 +163,50 @@ func CreateSchemaHash(schemaBytes []byte, func VerifyClaimHash(credential *verifiable.Iden3Credential, claim *core.Claim) error { - hi, hv, err := IndexValueHash(*claim) + hi, hv, err := claim.HiHv() if err != nil { return err } switch proof := credential.Proof.(type) { - case []verifiable.BasicProof: + case []interface{}: for _, p := range proof { - if p.HIndex != hi.Hex() { + var basicProof verifiable.BasicProof + proofBytes, err := json.Marshal(p) + if err != nil { + return err + } + err = json.Unmarshal(proofBytes, &basicProof) + if err != nil { + return err + } + if basicProof.HIndex != merkletree.NewHashFromBigInt(hi).Hex() { return errIndexHashNotEqual } - if p.HValue != hv.Hex() { + if basicProof.HValue != merkletree.NewHashFromBigInt(hv).Hex() { return errValueHashNotEqual } } - case verifiable.BasicProof: - if proof.HIndex != hi.Hex() { + case interface{}: + var basicProof verifiable.BasicProof + proofBytes, err := json.Marshal(proof) + if err != nil { + return err + } + err = json.Unmarshal(proofBytes, &basicProof) + if err != nil { + return err + } + + if basicProof.HIndex != merkletree.NewHashFromBigInt(hi).Hex() { return errIndexHashNotEqual } - if proof.HValue != hv.Hex() { + if basicProof.HValue != merkletree.NewHashFromBigInt(hv).Hex() { return errValueHashNotEqual } - } - return nil - -} - -// IndexValueHash returns hashes of index and value of a claim -func IndexValueHash(c core.Claim) ( - indexHash *merkletree.Hash, valueHash *merkletree.Hash, err error) { - - indexSlots, valueSlots := c.RawSlots() - - var indexHashInt, valueHashInt *big.Int - - indexHashInt, err = poseidon.Hash(core.ElemBytesToInts(indexSlots[:])) - if err != nil { - return + default: + return errors.New("proof can't be parsed") } - valueHashInt, err = poseidon.Hash(core.ElemBytesToInts(valueSlots[:])) - if err != nil { - return - } + return nil - indexHash = merkletree.NewHashFromBigInt(indexHashInt) - valueHash = merkletree.NewHashFromBigInt(valueHashInt) - return } From d5469237bd461723903a8a5fdc5fe4ad431c00d9 Mon Sep 17 00:00:00 2001 From: vmidyllic <74898029+vmidyllic@users.noreply.github.com> Date: Mon, 25 Apr 2022 19:36:03 +0300 Subject: [PATCH 2/3] fix url --- processor/json-ld/processor_ipfs_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/processor/json-ld/processor_ipfs_test.go b/processor/json-ld/processor_ipfs_test.go index 7f27ef8..f194931 100644 --- a/processor/json-ld/processor_ipfs_test.go +++ b/processor/json-ld/processor_ipfs_test.go @@ -5,6 +5,7 @@ import ( commonJSON "encoding/json" schemaUtils "github.com/iden3/go-schema-processor/utils" "math/big" + "os" "testing" "github.com/iden3/go-iden3-crypto/utils" @@ -31,7 +32,7 @@ func getIPFSLoader(t string) processor.SchemaLoader { } return &loaders.IPFS{ CID: cid, - URL: "https://25CLrk5mJXWhONKzbMQtQHEvepN:888f2b0d89b97887358b6a762ba9d95f@ipfs.infura.io:5001", + URL: os.Getenv("IPFS_URL"), } } From cf75009ef9b1b7b05257bb76338802bc7cc9cd9c Mon Sep 17 00:00:00 2001 From: vmidyllic <74898029+vmidyllic@users.noreply.github.com> Date: Mon, 25 Apr 2022 19:47:06 +0300 Subject: [PATCH 3/3] add hash verification --- processor/json-ld/processor_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/processor/json-ld/processor_test.go b/processor/json-ld/processor_test.go index 2ef2e08..ae734a4 100644 --- a/processor/json-ld/processor_test.go +++ b/processor/json-ld/processor_test.go @@ -366,4 +366,6 @@ func TestParserParseClaimWithSubjectID(t *testing.T) { assert.Nil(t, err) assert.Equal(t, subjectID, id.String()) + err = schemaUtils.VerifyClaimHash(&vc, coreClaim) + assert.Nil(t, err) }