npm - @zkpassport/sdk - Versions diffs - 0.4.3 → 0.5.1 - Mend

@zkpassport/sdk 0.4.3 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/cjs/assets/abi/ZKPassportVerifier.json +11 -11
package/dist/cjs/index.d.ts +1 -0
package/dist/cjs/index.js +58 -15
package/dist/esm/assets/abi/ZKPassportVerifier.json +11 -11
package/dist/esm/index.d.ts +1 -0
package/dist/esm/index.js +59 -16
package/package.json +4 -4
package/src/assets/abi/ZKPassportVerifier.json +11 -11
package/src/index.ts +65 -15

package/dist/esm/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { getAlpha3Code, registerLocale } from "i18n-iso-countries";
-import { getProofData, getCommitmentFromDSCProof, getCommitmentInFromIDDataProof, getCommitmentOutFromIDDataProof, getNullifierFromDisclosureProof, getCommitmentInFromIntegrityProof, getCommitmentOutFromIntegrityProof, getCommitmentInFromDisclosureProof, getMerkleRootFromDSCProof, getCurrentDateFromIntegrityProof, DisclosedData, formatName, getHostedPackagedCircuitByName, getNumberOfPublicInputs, getParameterCommitmentFromDisclosureProof, getCountryParameterCommitment, getDiscloseParameterCommitment, getDateParameterCommitment, getCertificateRegistryRootFromOuterProof, getParamCommitmentsFromOuterProof, getCurrentDateFromCommittedInputs, getMinAgeFromCommittedInputs, getMaxAgeFromCommittedInputs, getAgeParameterCommitment, getMinDateFromCommittedInputs, getMaxDateFromCommittedInputs, getCurrentDateFromOuterProof, getNullifierFromOuterProof, getAgeEVMParameterCommitment, getDateEVMParameterCommitment, getDiscloseEVMParameterCommitment, getCountryEVMParameterCommitment, rightPadArrayWithZeros, getCommittedInputCount, ProofType, getScopeHash, getScopeFromOuterProof, getSubscopeFromOuterProof, getServiceScopeHash, getBindEVMParameterCommitment, getBindParameterCommitment, formatBoundData, } from "@zkpassport/utils";
+import { getProofData, getCommitmentFromDSCProof, getCommitmentInFromIDDataProof, getCommitmentOutFromIDDataProof, getNullifierFromDisclosureProof, getCommitmentInFromIntegrityProof, getCommitmentOutFromIntegrityProof, getCommitmentInFromDisclosureProof, getMerkleRootFromDSCProof, getCurrentDateFromIntegrityProof, DisclosedData, formatName, getNumberOfPublicInputs, getParameterCommitmentFromDisclosureProof, getCountryParameterCommitment, getDiscloseParameterCommitment, getDateParameterCommitment, getCertificateRegistryRootFromOuterProof, getParamCommitmentsFromOuterProof, getCurrentDateFromCommittedInputs, getMinAgeFromCommittedInputs, getMaxAgeFromCommittedInputs, getAgeParameterCommitment, getMinDateFromCommittedInputs, getMaxDateFromCommittedInputs, getCurrentDateFromOuterProof, getNullifierFromOuterProof, getAgeEVMParameterCommitment, getDateEVMParameterCommitment, getDiscloseEVMParameterCommitment, getCountryEVMParameterCommitment, rightPadArrayWithZeros, getCommittedInputCount, ProofType, getScopeHash, getScopeFromOuterProof, getSubscopeFromOuterProof, getServiceScopeHash, getBindEVMParameterCommitment, getBindParameterCommitment, formatBoundData, getCircuitRegistryRootFromOuterProof, } from "@zkpassport/utils";
 import { bytesToHex } from "@noble/ciphers/utils";
 import { noLogger as logger } from "./logger";
 import i18en from "i18n-iso-countries/langs/en.json";
@@ -9,7 +9,7 @@ import { hexToBytes } from "@noble/hashes/utils";
 import ZKPassportVerifierAbi from "./assets/abi/ZKPassportVerifier.json";
 import { RegistryClient } from "@zkpassport/registry";
 import { Bridge } from "@obsidion/bridge";
-const VERSION = "0.4.2";
+const VERSION = "0.5.0";
 const DEFAULT_DATE_VALUE = new Date(1111, 10, 11);
 // If Buffer is not defined, then we use the Buffer from the buffer package
 if (typeof globalThis.Buffer === "undefined") {
@@ -282,6 +282,9 @@ export class ZKPassport {
             },
             gte: (key, value) => {
                 numericalCompare("gte", key, value, topic, this.topicToConfig);
+                if (key === "age" && (value < 1 || value >= 100)) {
+                    throw new Error("Age must be between 1 and 99 (inclusive)");
+                }
                 return this.getZkPassportRequest(topic);
             },
             /*gt: <T extends NumericalIDCredential>(key: T, value: IDCredentialValue<T>) => {
@@ -1258,17 +1261,8 @@ export class ZKPassport {
             // Maintained certificate registry settled onchain
             // Here we use Ethereum Sepolia
             const registryClient = new RegistryClient({ chainId: 11155111 });
-            await registryClient.getCertificates(`0x${root.padStart(64, "0")}`);
-        }
-        catch (error) {
-            console.warn(error);
-            // Check the legacy static roots that were used before the registry was deployed onchain
-            const VALID_CERTIFICATE_REGISTRY_ROOT = [
-                BigInt("20192042006788880778219739574377003123593792072535937278552252195461520776494"),
-                BigInt("21301853597069384763054217328384418971999152625381818922211526730996340553696"),
-                BigInt("10839898448097753834842514286432152806152415606387598803678317315409344029817"),
-            ];
-            if (!VALID_CERTIFICATE_REGISTRY_ROOT.includes(BigInt(root))) {
+            const isValid = await registryClient.isCertificateRootValid(root);
+            if (!isValid) {
                 console.warn("The ID was signed by an unrecognized root certificate");
                 isCorrect = false;
                 queryResultErrors[outer ? "outer" : "sig_check_dsc"].certificate = {
@@ -1278,6 +1272,43 @@ export class ZKPassport {
                 };
             }
         }
+        catch (error) {
+            console.warn(error);
+            console.warn("The ID was signed by an unrecognized root certificate");
+            isCorrect = false;
+            queryResultErrors[outer ? "outer" : "sig_check_dsc"].certificate = {
+                expected: `A valid root from ZKPassport Registry`,
+                received: `Got invalid certificate registry root: ${root}`,
+                message: "The ID was signed by an unrecognized root certificate",
+            };
+        }
+        return { isCorrect, queryResultErrors };
+    }
+    async checkCircuitRegistryRoot(root, queryResultErrors) {
+        let isCorrect = true;
+        try {
+            const registryClient = new RegistryClient({ chainId: 11155111 });
+            const isValid = await registryClient.isCircuitRootValid(root);
+            if (!isValid) {
+                console.warn("The proof uses unrecognized circuits");
+                isCorrect = false;
+                queryResultErrors.outer.circuit = {
+                    expected: `A valid circuit from ZKPassport Registry`,
+                    received: `Got invalid circuit registry root: ${root}`,
+                    message: "The proof uses an unrecognized circuit",
+                };
+            }
+        }
+        catch (error) {
+            console.warn(error);
+            console.warn("The proof uses unrecognized circuits");
+            isCorrect = false;
+            queryResultErrors.outer.circuit = {
+                expected: `A valid circuit from ZKPassport Registry`,
+                received: `Got invalid circuit registry root: ${root}`,
+                message: "The proof uses an unrecognized circuit",
+            };
+        }
         return { isCorrect, queryResultErrors };
     }
     checkBindPublicInputs(queryResult, boundData) {
@@ -1385,6 +1416,13 @@ export class ZKPassport {
                     ...queryResultErrors,
                     ...queryResultErrorsCertificateRegistryRoot,
                 };
+                const circuitRegistryRoot = getCircuitRegistryRootFromOuterProof(proofData);
+                const { isCorrect: isCorrectCircuitRegistryRoot, queryResultErrors: queryResultErrorsCircuitRegistryRoot, } = await this.checkCircuitRegistryRoot(circuitRegistryRoot.toString(16), queryResultErrors);
+                isCorrect = isCorrect && isCorrectCircuitRegistryRoot;
+                queryResultErrors = {
+                    ...queryResultErrors,
+                    ...queryResultErrorsCircuitRegistryRoot,
+                };
                 const currentDate = getCurrentDateFromOuterProof(proofData);
                 const todayToCurrentDate = today.getTime() - currentDate.getTime();
                 const differenceInDays = validity ?? 180;
@@ -2016,9 +2054,14 @@ export class ZKPassport {
         }
         // Only proceed with the proof verification if the public inputs are correct
         if (verified) {
+            const registryClient = new RegistryClient({ chainId: 11155111 });
+            const circuitManifest = await registryClient.getCircuitManifest(undefined, {
+                // We assume all proofs have the same version
+                version: proofs[0].version,
+            });
             for (const proof of proofs) {
                 const proofData = getProofData(proof.proof, getNumberOfPublicInputs(proof.name));
-                const hostedPackagedCircuit = await getHostedPackagedCircuitByName(proof.version, proof.name);
+                const hostedPackagedCircuit = await registryClient.getPackagedCircuit(proof.name, circuitManifest);
                 if (proof.name?.startsWith("outer_evm")) {
                     try {
                         const { createPublicClient, http } = await import("viem");
@@ -2081,7 +2124,7 @@ export class ZKPassport {
         if (network === "ethereum_sepolia") {
             return {
                 ...baseConfig,
-                address: "0x5e4B11F7B7995F5Cee0134692a422b045091112F",
+                address: "0xEE9F10f38319eAE2730dBa28fB09081dB806c5E5",
             };
         }
         else if (network === "local_anvil") {
@@ -2187,7 +2230,7 @@ export class ZKPassport {
             }
             committedInputs.push({ circuitName, inputs: compressedCommittedInputs });
         }
-        const parameterCommitments = proofData.publicInputs.slice(11, proofData.publicInputs.length - 1);
+        const parameterCommitments = proofData.publicInputs.slice(12, proofData.publicInputs.length - 1);
         let compressedCommittedInputs = "";
         let committedInputCountsArray = [];
         for (const commitment of parameterCommitments) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@zkpassport/sdk",
-  "version": "0.4.3",
+  "version": "0.5.1",
   "description": "Privacy-preserving identity verification using passports and ID cards",
   "main": "./dist/cjs/index.js",
   "module": "./dist/esm/index.js",
@@ -42,9 +42,9 @@
     "@noble/ciphers": "^1.2.1",
     "@noble/hashes": "^1.7.2",
     "@noble/secp256k1": "^2.2.3",
-    "@obsidion/bridge": "^0.10.1",
-    "@zkpassport/registry": "^0.2.1",
-    "@zkpassport/utils": "^0.9.6",
+    "@obsidion/bridge": "^0.10.2",
+    "@zkpassport/registry": "^0.5.1",
+    "@zkpassport/utils": "^0.13.1",
     "buffer": "^6.0.3",
     "i18n-iso-countries": "^7.12.0",
     "pako": "^2.1.0",