44use std:: str:: FromStr ;
55
66use crate :: bn254:: utils:: {
7- gen_address_seed, gen_address_seed_with_salt_hash, get_nonce, get_zk_login_address,
7+ gen_address_seed, gen_address_seed_with_salt_hash, get_nonce, get_proof , get_zk_login_address,
88} ;
99use crate :: bn254:: zk_login:: big_int_array_to_bits;
1010use crate :: bn254:: zk_login:: bitarray_to_bytearray;
@@ -14,8 +14,9 @@ use crate::bn254::zk_login::{
1414 parse_jwks, trim, verify_extended_claim, Claim , JWTDetails , JwkId ,
1515} ;
1616use crate :: bn254:: zk_login:: { fetch_jwks, OIDCProvider } ;
17- use crate :: bn254:: zk_login_api:: ZkLoginEnv ;
18- use crate :: bn254:: zk_login_api:: { verify_zk_login_id, verify_zk_login_iss, Bn254Fr } ;
17+ use crate :: bn254:: zk_login_api:: {
18+ verify_zk_login_id, verify_zk_login_iss, Bn254Fr , CircuitVersion , ZkLoginEnv ,
19+ } ;
1920use crate :: bn254:: {
2021 zk_login:: { ZkLoginInputs , JWK } ,
2122 zk_login_api:: verify_zk_login,
@@ -27,7 +28,7 @@ use ark_std::rand::SeedableRng;
2728use fastcrypto:: ed25519:: Ed25519KeyPair ;
2829use fastcrypto:: encoding:: { Encoding , Hex } ;
2930use fastcrypto:: error:: FastCryptoError ;
30- use fastcrypto:: jwt_utils:: JWTHeader ;
31+ use fastcrypto:: jwt_utils:: { parse_and_validate_jwt , JWTHeader } ;
3132use fastcrypto:: traits:: KeyPair ;
3233use im:: hashmap:: HashMap as ImHashMap ;
3334use num_bigint:: BigUint ;
@@ -166,7 +167,14 @@ async fn test_verify_zk_login_google() {
166167 ) ,
167168 content,
168169 ) ;
169- let res = verify_zk_login ( & zk_login_inputs, 10 , & eph_pubkey, & map, & ZkLoginEnv :: Prod ) ;
170+ let res = verify_zk_login (
171+ & zk_login_inputs,
172+ 10 ,
173+ & eph_pubkey,
174+ & map,
175+ & ZkLoginEnv :: Prod ,
176+ CircuitVersion :: V1 ,
177+ ) ;
170178 assert ! ( res. is_ok( ) ) ;
171179}
172180
@@ -673,6 +681,7 @@ fn test_alternative_iss_for_google() {
673681 & eph_pubkey_bytes,
674682 & all_jwk,
675683 & ZkLoginEnv :: Test ,
684+ CircuitVersion :: V1 ,
676685 ) ;
677686 assert ! ( res. is_ok( ) ) ;
678687
@@ -682,10 +691,87 @@ fn test_alternative_iss_for_google() {
682691 & eph_pubkey_bytes,
683692 & all_jwk,
684693 & ZkLoginEnv :: Test ,
694+ CircuitVersion :: V1 ,
685695 ) ;
686696 assert ! ( invalid_res. is_err( ) ) ;
687697}
688698
699+ #[ tokio:: test]
700+ async fn test_zklogin_v2 ( ) {
701+ let max_epoch = 10 ;
702+ let jwt_randomness = "100681567828351849884072155819400689117" ;
703+ let user_salt = "129390038577185583942388216820280642146" ;
704+
705+ // Generate an ephemeral key pair
706+ let kp = Ed25519KeyPair :: generate ( & mut StdRng :: from_seed ( [ 0 ; 32 ] ) ) ;
707+ let mut eph_pubkey = vec ! [ 0x00 ] ;
708+ eph_pubkey. extend ( kp. public ( ) . as_ref ( ) ) ;
709+ let kp_bigint = BigUint :: from_bytes_be ( & eph_pubkey) . to_string ( ) ;
710+
711+ // Get nonce
712+ let nonce = get_nonce ( kp. public ( ) . as_ref ( ) , max_epoch, jwt_randomness) . unwrap ( ) ;
713+
714+ // Get JWT from 8192-bit key endpoint
715+ let client = reqwest:: Client :: new ( ) ;
716+ let iss = OIDCProvider :: TestIssuerKey8192 . get_config ( ) . iss ;
717+ let response = client
718+ . post ( format ! (
719+ "https://jwt-tester.mystenlabs.com/8192/jwt?nonce={}&iss={}&sub={}" ,
720+ nonce, iss, "test"
721+ ) )
722+ . header ( "Content-Type" , "application/json" )
723+ . header ( "Content-Length" , "0" )
724+ . send ( )
725+ . await
726+ . unwrap ( ) ;
727+ let jwt_response: serde_json:: Value = response. json ( ) . await . unwrap ( ) ;
728+ let parsed_token = jwt_response[ "jwt" ] . as_str ( ) . unwrap ( ) . to_string ( ) ;
729+
730+ // Get a proof from the V2 endpoint
731+ let reader = get_proof (
732+ & parsed_token,
733+ max_epoch,
734+ jwt_randomness,
735+ & kp_bigint,
736+ user_salt,
737+ "http://185.209.177.123:8080/v2" ,
738+ )
739+ . await
740+ . expect ( "get_proof failed" ) ;
741+
742+ // Get sub and aud
743+ let ( sub, aud, _) =
744+ parse_and_validate_jwt ( & parsed_token) . expect ( "parse_and_validate_jwt failed" ) ;
745+
746+ // Get the address seed
747+ let address_seed =
748+ gen_address_seed ( user_salt, "sub" , & sub, & aud) . expect ( "gen_address_seed failed" ) ;
749+
750+ let zk_login_inputs =
751+ ZkLoginInputs :: from_reader ( reader, & address_seed) . expect ( "from_reader failed" ) ;
752+
753+ // Fetch the 8192-bit RSA JWK
754+ let jwks_vec = fetch_jwks ( & OIDCProvider :: TestIssuerKey8192 , & client, false )
755+ . await
756+ . unwrap ( ) ;
757+
758+ let mut all_jwk = ImHashMap :: new ( ) ;
759+ for ( jwk_id, jwk) in jwks_vec {
760+ all_jwk. insert ( jwk_id, jwk) ;
761+ }
762+
763+ // V2 proof should verify using TEST_VERIFYING_KEY_V2
764+ let res_v2 = verify_zk_login (
765+ & zk_login_inputs,
766+ max_epoch,
767+ & eph_pubkey,
768+ & all_jwk,
769+ & ZkLoginEnv :: Test ,
770+ CircuitVersion :: V2 ,
771+ ) ;
772+ assert ! ( res_v2. is_ok( ) ) ;
773+ }
774+
689775#[ test]
690776fn test_base64_to_bitarray ( ) {
691777 let input = "a" ;
0 commit comments