npm - @zkpassport/sdk - Versions diffs - 0.3.0 → 0.3.1 - Mend

@zkpassport/sdk 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/cjs/assets/abi/ZKPassportVerifier.json +80 -27
package/dist/cjs/index.d.ts +14 -3
package/dist/cjs/index.js +95 -29
package/dist/esm/assets/abi/ZKPassportVerifier.json +80 -27
package/dist/esm/index.d.ts +14 -3
package/dist/esm/index.js +96 -30
package/package.json +1 -1
package/src/assets/abi/ZKPassportVerifier.json +80 -27
package/src/index.ts +130 -29

package/dist/esm/index.d.ts CHANGED Viewed

@@ -17,6 +17,7 @@ export type QueryResultErrors = {
         commitment?: QueryResultError<string>;
         date?: QueryResultError<string>;
         certificate?: QueryResultError<string>;
+        scope?: QueryResultError<string>;
     };
 };
 export type SolidityVerifierParameters = {
@@ -26,6 +27,8 @@ export type SolidityVerifierParameters = {
     committedInputs: string;
     committedInputCounts: number[];
     validityPeriodInDays: number;
+    scope: string;
+    subscope: string;
 };
 export type EVMChain = "ethereum_sepolia" | "local_anvil";
 export type * from "@zkpassport/utils";
@@ -215,6 +218,7 @@ export declare class ZKPassport {
     private checkIssuingCountryExclusionPublicInputs;
     private checkNationalityInclusionPublicInputs;
     private checkIssuingCountryInclusionPublicInputs;
+    private checkScopeFromDisclosureProof;
     private checkPublicInputs;
     /**
      * @notice Verify the proofs received from the mobile app.
@@ -224,17 +228,19 @@ export declare class ZKPassport {
      * @returns An object containing the unique identifier associated to the user
      * and a boolean indicating whether the proofs were successfully verified.
      */
-    verify({ proofs, queryResult, validity, }: {
+    verify({ proofs, queryResult, validity, scope, }: {
         proofs: Array<ProofResult>;
         queryResult: QueryResult;
         validity?: number;
+        scope?: string;
     }): Promise<{
         uniqueIdentifier: string | undefined;
         verified: boolean;
         queryResultErrors?: QueryResultErrors;
     }>;
     getSolidityVerifierDetails(network: EVMChain): {
-        address: string;
+        address: `0x${string}`;
+        functionName: string;
         abi: {
             type: "function" | "event" | "constructor";
             name: string;
@@ -250,7 +256,12 @@ export declare class ZKPassport {
             }[];
         }[];
     };
-    getSolidityVerifierParameters(proof: ProofResult, validityPeriodInDays?: number): SolidityVerifierParameters;
+    getSolidityVerifierParameters({ proof, validityPeriodInDays, domain, scope, }: {
+        proof: ProofResult;
+        validityPeriodInDays?: number;
+        domain?: string;
+        scope?: string;
+    }): SolidityVerifierParameters;
     /**
      * @notice Returns the URL of the request.
      * @param requestId The request ID.

package/dist/esm/index.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { randomBytes } from "crypto";
 import { getAlpha3Code, registerLocale } from "i18n-iso-countries";
-import { getProofData, getCommitmentFromDSCProof, getCommitmentInFromIDDataProof, getCommitmentOutFromIDDataProof, getNullifierFromDisclosureProof, getCommitmentInFromIntegrityProof, getCommitmentOutFromIntegrityProof, getCommitmentInFromDisclosureProof, getMerkleRootFromDSCProof, getCurrentDateFromIntegrityProof, DisclosedData, formatName, getHostedPackagedCircuitByName, getNumberOfPublicInputs, getParameterCommitmentFromDisclosureProof, getCountryParameterCommitment, getDiscloseParameterCommitment, getDateParameterCommitment, getCertificateRegistryRootFromOuterProof, getParamCommitmentsFromOuterProof, getCurrentDateFromCommittedInputs, getMinAgeFromCommittedInputs, getMaxAgeFromCommittedInputs, getAgeParameterCommitment, getMinDateFromCommittedInputs, getMaxDateFromCommittedInputs, getCurrentDateFromOuterProof, getNullifierFromOuterProof, getAgeEVMParameterCommitment, getDateEVMParameterCommitment, getDiscloseEVMParameterCommitment, getCountryEVMParameterCommitment, rightPadArrayWithZeros, getCommittedInputCount, ProofType, } from "@zkpassport/utils";
+import { getProofData, getCommitmentFromDSCProof, getCommitmentInFromIDDataProof, getCommitmentOutFromIDDataProof, getNullifierFromDisclosureProof, getCommitmentInFromIntegrityProof, getCommitmentOutFromIntegrityProof, getCommitmentInFromDisclosureProof, getMerkleRootFromDSCProof, getCurrentDateFromIntegrityProof, DisclosedData, formatName, getHostedPackagedCircuitByName, getNumberOfPublicInputs, getParameterCommitmentFromDisclosureProof, getCountryParameterCommitment, getDiscloseParameterCommitment, getDateParameterCommitment, getCertificateRegistryRootFromOuterProof, getParamCommitmentsFromOuterProof, getCurrentDateFromCommittedInputs, getMinAgeFromCommittedInputs, getMaxAgeFromCommittedInputs, getAgeParameterCommitment, getMinDateFromCommittedInputs, getMaxDateFromCommittedInputs, getCurrentDateFromOuterProof, getNullifierFromOuterProof, getAgeEVMParameterCommitment, getDateEVMParameterCommitment, getDiscloseEVMParameterCommitment, getCountryEVMParameterCommitment, rightPadArrayWithZeros, getCommittedInputCount, ProofType, getScopeHash, getScopeFromOuterProof, getSubscopeFromOuterProof, } from "@zkpassport/utils";
 import { bytesToHex } from "@noble/ciphers/utils";
 import { getWebSocketClient } from "./websocket";
 import { createEncryptedJsonRpcRequest } from "./json-rpc";
@@ -95,6 +95,7 @@ export class ZKPassport {
             proofs: this.topicToProofs[topic],
             queryResult: result,
             validity: this.topicToLocalConfig[topic]?.validity,
+            scope: this.topicToService[topic]?.scope,
         });
         delete this.topicToProofs[topic];
         const hasFailedProofs = this.topicToFailedProofCount[topic] > 0;
@@ -1234,7 +1235,29 @@ export class ZKPassport {
         }
         return { isCorrect, queryResultErrors };
     }
-    async checkPublicInputs(proofs, queryResult, validity) {
+    checkScopeFromDisclosureProof(proofData, queryResultErrors, key, scope) {
+        let isCorrect = true;
+        if (this.domain && getScopeHash(this.domain) !== BigInt(proofData.publicInputs[1])) {
+            console.warn("The proof comes from a different domain than the one expected");
+            isCorrect = false;
+            queryResultErrors[key].scope = {
+                expected: `Scope: ${getScopeHash(this.domain).toString()}`,
+                received: `Scope: ${BigInt(proofData.publicInputs[1]).toString()}`,
+                message: "The proof comes from a different domain than the one expected",
+            };
+        }
+        if (scope && getScopeHash(scope) !== BigInt(proofData.publicInputs[2])) {
+            console.warn("The proof uses a different scope than the one expected");
+            isCorrect = false;
+            queryResultErrors[key].scope = {
+                expected: `Scope: ${getScopeHash(scope).toString()}`,
+                received: `Scope: ${BigInt(proofData.publicInputs[2]).toString()}`,
+                message: "The proof uses a different scope than the one expected",
+            };
+        }
+        return { isCorrect, queryResultErrors };
+    }
+    async checkPublicInputs(proofs, queryResult, validity, scope) {
         let commitmentIn;
         let commitmentOut;
         let isCorrect = true;
@@ -1327,6 +1350,24 @@ export class ZKPassport {
                         message: "The proof does not verify all the requested conditions and information",
                     };
                 }
+                if (this.domain && getScopeHash(this.domain) !== getScopeFromOuterProof(proofData)) {
+                    console.warn("The proof comes from a different domain than the one expected");
+                    isCorrect = false;
+                    queryResultErrors.outer.scope = {
+                        expected: `Scope: ${getScopeHash(this.domain).toString()}`,
+                        received: `Scope: ${getScopeFromOuterProof(proofData).toString()}`,
+                        message: "The proof comes from a different domain than the one expected",
+                    };
+                }
+                if (scope && getScopeHash(scope) !== getSubscopeFromOuterProof(proofData)) {
+                    console.warn("The proof uses a different scope than the one expected");
+                    isCorrect = false;
+                    queryResultErrors.outer.scope = {
+                        expected: `Scope: ${getScopeHash(scope).toString()}`,
+                        received: `Scope: ${getSubscopeFromOuterProof(proofData).toString()}`,
+                        message: "The proof uses a different scope than the one expected",
+                    };
+                }
                 if (!!committedInputs?.compare_age) {
                     const ageCommittedInputs = committedInputs?.compare_age;
                     const ageParameterCommitment = isForEVM
@@ -1577,11 +1618,18 @@ export class ZKPassport {
                         message: "The disclosed data does not match the data committed by the proof",
                     };
                 }
+                const { isCorrect: isCorrectScope, queryResultErrors: queryResultErrorsScope } = this.checkScopeFromDisclosureProof(proofData, queryResultErrors, "disclose", scope);
+                isCorrect = isCorrect && isCorrectScope;
+                queryResultErrors = {
+                    ...queryResultErrors,
+                    ...queryResultErrorsScope,
+                };
                 const { isCorrect: isCorrectDisclose, queryResultErrors: queryResultErrorsDisclose } = this.checkDiscloseBytesPublicInputs(proof, queryResult);
-                isCorrect = isCorrect && isCorrectDisclose;
+                isCorrect = isCorrect && isCorrectDisclose && isCorrectScope;
                 queryResultErrors = {
                     ...queryResultErrors,
                     ...queryResultErrorsDisclose,
+                    ...queryResultErrorsScope,
                 };
                 uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
             }
@@ -1608,11 +1656,13 @@ export class ZKPassport {
                         message: "The conditions for the age check do not match the conditions checked by the proof",
                     };
                 }
+                const { isCorrect: isCorrectScope, queryResultErrors: queryResultErrorsScope } = this.checkScopeFromDisclosureProof(proofData, queryResultErrors, "age", scope);
                 const { isCorrect: isCorrectAge, queryResultErrors: queryResultErrorsAge } = this.checkAgePublicInputs(proof, queryResult);
-                isCorrect = isCorrect && isCorrectAge;
+                isCorrect = isCorrect && isCorrectAge && isCorrectScope;
                 queryResultErrors = {
                     ...queryResultErrors,
                     ...queryResultErrorsAge,
+                    ...queryResultErrorsScope,
                 };
                 uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
             }
@@ -1639,11 +1689,13 @@ export class ZKPassport {
                         message: "The conditions for the birthdate check do not match the conditions checked by the proof",
                     };
                 }
+                const { isCorrect: isCorrectScope, queryResultErrors: queryResultErrorsScope } = this.checkScopeFromDisclosureProof(proofData, queryResultErrors, "birthdate", scope);
                 const { isCorrect: isCorrectBirthdate, queryResultErrors: queryResultErrorsBirthdate } = this.checkBirthdatePublicInputs(proof, queryResult);
-                isCorrect = isCorrect && isCorrectBirthdate;
+                isCorrect = isCorrect && isCorrectBirthdate && isCorrectScope;
                 queryResultErrors = {
                     ...queryResultErrors,
                     ...queryResultErrorsBirthdate,
+                    ...queryResultErrorsScope,
                 };
                 uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
             }
@@ -1670,11 +1722,13 @@ export class ZKPassport {
                         message: "The conditions for the expiry date check do not match the conditions checked by the proof",
                     };
                 }
+                const { isCorrect: isCorrectScope, queryResultErrors: queryResultErrorsScope } = this.checkScopeFromDisclosureProof(proofData, queryResultErrors, "expiry_date", scope);
                 const { isCorrect: isCorrectExpiryDate, queryResultErrors: queryResultErrorsExpiryDate } = this.checkExpiryDatePublicInputs(proof, queryResult);
-                isCorrect = isCorrect && isCorrectExpiryDate;
+                isCorrect = isCorrect && isCorrectExpiryDate && isCorrectScope;
                 queryResultErrors = {
                     ...queryResultErrors,
                     ...queryResultErrorsExpiryDate,
+                    ...queryResultErrorsScope,
                 };
                 uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
             }
@@ -1701,11 +1755,13 @@ export class ZKPassport {
                         message: "The committed country list for the exclusion check does not match the one from the proof",
                     };
                 }
+                const { isCorrect: isCorrectScope, queryResultErrors: queryResultErrorsScope } = this.checkScopeFromDisclosureProof(proofData, queryResultErrors, "nationality", scope);
                 const { isCorrect: isCorrectNationalityExclusion, queryResultErrors: queryResultErrorsNationalityExclusion, } = this.checkNationalityExclusionPublicInputs(queryResult, countryList);
-                isCorrect = isCorrect && isCorrectNationalityExclusion;
+                isCorrect = isCorrect && isCorrectNationalityExclusion && isCorrectScope;
                 queryResultErrors = {
                     ...queryResultErrors,
                     ...queryResultErrorsNationalityExclusion,
+                    ...queryResultErrorsScope,
                 };
                 uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
             }
@@ -1732,11 +1788,13 @@ export class ZKPassport {
                         message: "The committed country list for the issuing country exclusion check does not match the one from the proof",
                     };
                 }
+                const { isCorrect: isCorrectScope, queryResultErrors: queryResultErrorsScope } = this.checkScopeFromDisclosureProof(proofData, queryResultErrors, "nationality", scope);
                 const { isCorrect: isCorrectIssuingCountryExclusion, queryResultErrors: queryResultErrorsIssuingCountryExclusion, } = this.checkIssuingCountryExclusionPublicInputs(queryResult, countryList);
-                isCorrect = isCorrect && isCorrectIssuingCountryExclusion;
+                isCorrect = isCorrect && isCorrectIssuingCountryExclusion && isCorrectScope;
                 queryResultErrors = {
                     ...queryResultErrors,
                     ...queryResultErrorsIssuingCountryExclusion,
+                    ...queryResultErrorsScope,
                 };
                 uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
             }
@@ -1763,11 +1821,13 @@ export class ZKPassport {
                         message: "The committed country list for the nationality inclusion check does not match the one from the proof",
                     };
                 }
+                const { isCorrect: isCorrectScope, queryResultErrors: queryResultErrorsScope } = this.checkScopeFromDisclosureProof(proofData, queryResultErrors, "nationality", scope);
                 const { isCorrect: isCorrectNationalityInclusion, queryResultErrors: queryResultErrorsNationalityInclusion, } = this.checkNationalityInclusionPublicInputs(queryResult, countryList);
-                isCorrect = isCorrect && isCorrectNationalityInclusion;
+                isCorrect = isCorrect && isCorrectNationalityInclusion && isCorrectScope;
                 queryResultErrors = {
                     ...queryResultErrors,
                     ...queryResultErrorsNationalityInclusion,
+                    ...queryResultErrorsScope,
                 };
                 uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
             }
@@ -1794,11 +1854,13 @@ export class ZKPassport {
                         message: "The committed country list for the issuing country inclusion check does not match the one from the proof",
                     };
                 }
+                const { isCorrect: isCorrectScope, queryResultErrors: queryResultErrorsScope } = this.checkScopeFromDisclosureProof(proofData, queryResultErrors, "nationality", scope);
                 const { isCorrect: isCorrectIssuingCountryInclusion, queryResultErrors: queryResultErrorsIssuingCountryInclusion, } = this.checkIssuingCountryInclusionPublicInputs(queryResult, countryList);
-                isCorrect = isCorrect && isCorrectIssuingCountryInclusion;
+                isCorrect = isCorrect && isCorrectIssuingCountryInclusion && isCorrectScope;
                 queryResultErrors = {
                     ...queryResultErrors,
                     ...queryResultErrorsIssuingCountryInclusion,
+                    ...queryResultErrorsScope,
                 };
                 uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
             }
@@ -1813,7 +1875,7 @@ export class ZKPassport {
      * @returns An object containing the unique identifier associated to the user
      * and a boolean indicating whether the proofs were successfully verified.
      */
-    async verify({ proofs, queryResult, validity, }) {
+    async verify({ proofs, queryResult, validity, scope, }) {
         const formattedResult = queryResult;
         // Make sure to reconvert the dates to Date objects
         if (formattedResult.birthdate && formattedResult.birthdate.disclose) {
@@ -1827,7 +1889,7 @@ export class ZKPassport {
         let verified = true;
         let uniqueIdentifier;
         let queryResultErrors;
-        const { isCorrect, uniqueIdentifier: uniqueIdentifierFromPublicInputs, queryResultErrors: queryResultErrorsFromPublicInputs, } = await this.checkPublicInputs(proofs, formattedResult, validity);
+        const { isCorrect, uniqueIdentifier: uniqueIdentifierFromPublicInputs, queryResultErrors: queryResultErrorsFromPublicInputs, } = await this.checkPublicInputs(proofs, formattedResult, validity, scope);
         uniqueIdentifier = uniqueIdentifierFromPublicInputs;
         verified = isCorrect;
         queryResultErrors = isCorrect ? undefined : queryResultErrorsFromPublicInputs;
@@ -1840,24 +1902,22 @@ export class ZKPassport {
                     try {
                         const { createPublicClient, http } = await import("viem");
                         const { sepolia } = await import("viem/chains");
-                        const verifierDetails = this.getSolidityVerifierDetails("ethereum_sepolia");
+                        const { address, abi, functionName } = this.getSolidityVerifierDetails("ethereum_sepolia");
                         const client = createPublicClient({
                             chain: sepolia,
                             transport: http("https://ethereum-sepolia-rpc.publicnode.com"),
                         });
-                        const params = this.getSolidityVerifierParameters(proof);
+                        const params = this.getSolidityVerifierParameters({
+                            proof,
+                            validityPeriodInDays: validity,
+                            domain: this.domain,
+                            scope,
+                        });
                         const result = await client.readContract({
-                            address: verifierDetails.address,
-                            abi: verifierDetails.abi,
-                            functionName: "verifyProof",
-                            args: [
-                                params.vkeyHash,
-                                params.proof,
-                                params.publicInputs,
-                                params.committedInputs,
-                                params.committedInputCounts,
-                                params.validityPeriodInDays,
-                            ],
+                            address,
+                            abi,
+                            functionName,
+                            args: [params],
                         });
                         const isVerified = Array.isArray(result) ? Boolean(result[0]) : false;
                         verified = isVerified;
@@ -1892,21 +1952,25 @@ export class ZKPassport {
         return { uniqueIdentifier, verified, queryResultErrors };
     }
     getSolidityVerifierDetails(network) {
+        const baseConfig = {
+            functionName: "verifyProof",
+            abi: ZKPassportVerifierAbi.abi,
+        };
         if (network === "ethereum_sepolia") {
             return {
-                address: "0xca644D3424c2ee577FaaF2b56C0f9D1937E8e87C",
-                abi: ZKPassportVerifierAbi.abi,
+                ...baseConfig,
+                address: "0x21E12Fa30a1F98699F242ac062Db4a8e7b344B5d",
             };
         }
         else if (network === "local_anvil") {
             return {
-                address: "0x0",
-                abi: ZKPassportVerifierAbi.abi,
+                ...baseConfig,
+                address: "0x2279B7A0a67DB372996a5FaB50D91eAA73d2eBe6",
             };
         }
         throw new Error(`Unsupported network: ${network}`);
     }
-    getSolidityVerifierParameters(proof, validityPeriodInDays = 7) {
+    getSolidityVerifierParameters({ proof, validityPeriodInDays = 7, domain, scope, }) {
         if (!proof.name?.startsWith("outer_evm")) {
             throw new Error("This proof cannot be verified on an EVM chain. Please make sure to use the `compressed-evm` mode.");
         }
@@ -2032,6 +2096,8 @@ export class ZKPassport {
             committedInputs: `0x${compressedCommittedInputs}`,
             committedInputCounts: committedInputCountsArray,
             validityPeriodInDays,
+            scope: domain ?? this.domain,
+            subscope: scope ?? "",
         };
         return params;
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@zkpassport/sdk",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "description": "Privacy-preserving identity verification using passports and ID cards",
   "main": "./dist/cjs/index.js",
   "module": "./dist/esm/index.js",