diff --git a/script/01_DeployAll.s.sol b/script/01_DeployAll.s.sol index e49c17f..01f232d 100644 --- a/script/01_DeployAll.s.sol +++ b/script/01_DeployAll.s.sol @@ -11,10 +11,10 @@ import "src/periphery/CommitmentMapperRegistry.sol"; import {HydraS3Verifier} from "src/verifiers/HydraS3Verifier.sol"; import {SismoConnectVerifier} from "src/SismoConnectVerifier.sol"; -import {AuthRequestBuilder} from "src/libs/utils/AuthRequestBuilder.sol"; -import {ClaimRequestBuilder} from "src/libs/utils/ClaimRequestBuilder.sol"; -import {SignatureBuilder} from "src/libs/utils/SignatureBuilder.sol"; -import {RequestBuilder} from "src/libs/utils/RequestBuilder.sol"; +import {AuthRequestBuilder} from "src/utils/AuthRequestBuilder.sol"; +import {ClaimRequestBuilder} from "src/utils/ClaimRequestBuilder.sol"; +import {SignatureBuilder} from "src/utils/SignatureBuilder.sol"; +import {RequestBuilder} from "src/utils/RequestBuilder.sol"; import {DeploymentConfig, BaseDeploymentConfig} from "script/BaseConfig.sol"; import {IAddressesProvider} from "src/periphery/interfaces/IAddressesProvider.sol"; diff --git a/src/SismoConnectVerifier.sol b/src/SismoConnectVerifier.sol index d63b348..bd55e4a 100644 --- a/src/SismoConnectVerifier.sol +++ b/src/SismoConnectVerifier.sol @@ -2,8 +2,8 @@ pragma solidity ^0.8.17; import "./interfaces/ISismoConnectVerifier.sol"; -import {AuthMatchingLib} from "./libs/utils/AuthMatchingLib.sol"; -import {ClaimMatchingLib} from "./libs/utils/ClaimMatchingLib.sol"; +import {AuthMatchingLib} from "./utils/AuthMatchingLib.sol"; +import {ClaimMatchingLib} from "./utils/ClaimMatchingLib.sol"; import {IBaseVerifier} from "./interfaces/IBaseVerifier.sol"; import {Initializable} from "@openzeppelin/contracts/proxy/utils/Initializable.sol"; import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol"; diff --git a/src/interfaces/IBaseVerifier.sol b/src/interfaces/IBaseVerifier.sol index 3b43a95..76a8c39 100644 --- a/src/interfaces/IBaseVerifier.sol +++ b/src/interfaces/IBaseVerifier.sol @@ -2,7 +2,7 @@ pragma solidity ^0.8.17; -import {SismoConnectProof, VerifiedAuth, VerifiedClaim} from "src/libs/utils/Structs.sol"; +import {SismoConnectProof, VerifiedAuth, VerifiedClaim} from "src/utils/Structs.sol"; interface IBaseVerifier { function verify( diff --git a/src/interfaces/ISismoConnectVerifier.sol b/src/interfaces/ISismoConnectVerifier.sol index 7997479..987e432 100644 --- a/src/interfaces/ISismoConnectVerifier.sol +++ b/src/interfaces/ISismoConnectVerifier.sol @@ -1,7 +1,7 @@ // SPDX-License-Identifier: MIT pragma solidity ^0.8.17; -import "../libs/utils/Structs.sol"; +import "../utils/Structs.sol"; interface ISismoConnectVerifier { event VerifierSet(bytes32, address); diff --git a/src/libs/utils/AuthBuilder.sol b/src/utils/AuthBuilder.sol similarity index 100% rename from src/libs/utils/AuthBuilder.sol rename to src/utils/AuthBuilder.sol diff --git a/src/libs/utils/AuthMatchingLib.sol b/src/utils/AuthMatchingLib.sol similarity index 100% rename from src/libs/utils/AuthMatchingLib.sol rename to src/utils/AuthMatchingLib.sol diff --git a/src/libs/utils/AuthRequestBuilder.sol b/src/utils/AuthRequestBuilder.sol similarity index 100% rename from src/libs/utils/AuthRequestBuilder.sol rename to src/utils/AuthRequestBuilder.sol diff --git a/src/libs/utils/ClaimBuilder.sol b/src/utils/ClaimBuilder.sol similarity index 100% rename from src/libs/utils/ClaimBuilder.sol rename to src/utils/ClaimBuilder.sol diff --git a/src/libs/utils/ClaimMatchingLib.sol b/src/utils/ClaimMatchingLib.sol similarity index 100% rename from src/libs/utils/ClaimMatchingLib.sol rename to src/utils/ClaimMatchingLib.sol diff --git a/src/libs/utils/ClaimRequestBuilder.sol b/src/utils/ClaimRequestBuilder.sol similarity index 100% rename from src/libs/utils/ClaimRequestBuilder.sol rename to src/utils/ClaimRequestBuilder.sol diff --git a/src/libs/utils/Fmt.sol b/src/utils/Fmt.sol similarity index 100% rename from src/libs/utils/Fmt.sol rename to src/utils/Fmt.sol diff --git a/src/libs/utils/RequestBuilder.sol b/src/utils/RequestBuilder.sol similarity index 100% rename from src/libs/utils/RequestBuilder.sol rename to src/utils/RequestBuilder.sol diff --git a/src/libs/utils/SignatureBuilder.sol b/src/utils/SignatureBuilder.sol similarity index 100% rename from src/libs/utils/SignatureBuilder.sol rename to src/utils/SignatureBuilder.sol diff --git a/src/libs/utils/SismoConnectHelper.sol b/src/utils/SismoConnectHelper.sol similarity index 100% rename from src/libs/utils/SismoConnectHelper.sol rename to src/utils/SismoConnectHelper.sol diff --git a/src/libs/utils/SismoConnectProofBuilder.sol b/src/utils/SismoConnectProofBuilder.sol similarity index 100% rename from src/libs/utils/SismoConnectProofBuilder.sol rename to src/utils/SismoConnectProofBuilder.sol diff --git a/src/libs/utils/Structs.sol b/src/utils/Structs.sol similarity index 100% rename from src/libs/utils/Structs.sol rename to src/utils/Structs.sol diff --git a/src/verifiers/HydraS3Verifier.sol b/src/verifiers/HydraS3Verifier.sol index 95f2fb8..143e425 100644 --- a/src/verifiers/HydraS3Verifier.sol +++ b/src/verifiers/HydraS3Verifier.sol @@ -9,7 +9,7 @@ import {ICommitmentMapperRegistry} from "../periphery/interfaces/ICommitmentMapp import {IAvailableRootsRegistry} from "../periphery/interfaces/IAvailableRootsRegistry.sol"; import {Initializable} from "@openzeppelin/contracts/proxy/utils/Initializable.sol"; import {HydraS3ProofData, HydraS3Lib, HydraS3ProofInput} from "./HydraS3Lib.sol"; -import {Auth, ClaimType, AuthType, Claim, SismoConnectProof, VerifiedAuth, VerifiedClaim} from "src/libs/utils/Structs.sol"; +import {Auth, ClaimType, AuthType, Claim, SismoConnectProof, VerifiedAuth, VerifiedClaim} from "src/utils/Structs.sol"; contract HydraS3Verifier is IHydraS3Verifier, IBaseVerifier, HydraS3SnarkVerifier, Initializable { using HydraS3Lib for HydraS3ProofData; diff --git a/test/BaseTest.t.sol b/test/BaseTest.t.sol index 8ade653..29c8e6f 100644 --- a/test/BaseTest.t.sol +++ b/test/BaseTest.t.sol @@ -6,10 +6,10 @@ import "forge-std/console.sol"; import {AddressesProviderMock} from "test/mocks/AddressesProviderMock.sol"; import {IAddressesProvider} from "src/periphery/interfaces/IAddressesProvider.sol"; import {SismoConnectVerifier} from "src/SismoConnectVerifier.sol"; -import {RequestBuilder} from "src/libs/utils/RequestBuilder.sol"; -import {AuthRequestBuilder} from "src/libs/utils/AuthRequestBuilder.sol"; -import {ClaimRequestBuilder} from "src/libs/utils/ClaimRequestBuilder.sol"; -import {SignatureBuilder} from "src/libs/utils/SignatureBuilder.sol"; +import {RequestBuilder} from "src/utils/RequestBuilder.sol"; +import {AuthRequestBuilder} from "src/utils/AuthRequestBuilder.sol"; +import {ClaimRequestBuilder} from "src/utils/ClaimRequestBuilder.sol"; +import {SignatureBuilder} from "src/utils/SignatureBuilder.sol"; contract BaseTest is Test { address immutable user1 = vm.addr(1); diff --git a/test/mocks/VerifierMock.sol b/test/mocks/VerifierMock.sol index be0b576..7b4f9b1 100644 --- a/test/mocks/VerifierMock.sol +++ b/test/mocks/VerifierMock.sol @@ -3,7 +3,7 @@ pragma solidity ^0.8.17; import "forge-std/console.sol"; import {IBaseVerifier} from "src/interfaces/IBaseVerifier.sol"; -import {Auth, ClaimType, AuthType, Claim, SismoConnectProof, VerifiedAuth, VerifiedClaim} from "src/libs/utils/Structs.sol"; +import {Auth, ClaimType, AuthType, Claim, SismoConnectProof, VerifiedAuth, VerifiedClaim} from "src/utils/Structs.sol"; contract VerifierMock is IBaseVerifier { bytes32 public immutable VERSION = "mock-scheme"; diff --git a/test/unit/SismoConnectVerifier.t.sol b/test/unit/SismoConnectVerifier.t.sol index 35f48ca..8d7982a 100644 --- a/test/unit/SismoConnectVerifier.t.sol +++ b/test/unit/SismoConnectVerifier.t.sol @@ -5,12 +5,12 @@ import "forge-std/console.sol"; import {ResponseBuilder, ResponseWithoutProofs} from "test/utils/ResponseBuilderLib.sol"; import {VerifierMockBaseTest} from "test/verifiers/mocks/VerifierMockBaseTest.t.sol"; import {BaseDeploymentConfig} from "script/BaseConfig.sol"; -import {RequestBuilder} from "src/libs/utils/RequestBuilder.sol"; -import {ClaimRequestBuilder} from "src/libs/utils/ClaimRequestBuilder.sol"; -import {AuthBuilder} from "src/libs/utils/AuthBuilder.sol"; -import {ClaimBuilder} from "src/libs/utils/ClaimBuilder.sol"; -import "src/libs/utils/Structs.sol"; -import "src/libs/utils/Fmt.sol"; +import {RequestBuilder} from "src/utils/RequestBuilder.sol"; +import {ClaimRequestBuilder} from "src/utils/ClaimRequestBuilder.sol"; +import {AuthBuilder} from "src/utils/AuthBuilder.sol"; +import {ClaimBuilder} from "src/utils/ClaimBuilder.sol"; +import "src/utils/Structs.sol"; +import "src/utils/Fmt.sol"; contract SismoConnectVerifierTest is VerifierMockBaseTest { using ResponseBuilder for SismoConnectResponse; @@ -534,7 +534,7 @@ contract SismoConnectVerifierTest is VerifierMockBaseTest { }); } - function test_OneAuthOneClaimOneSignature() public { + function test_OneAuthOneClaimOneSignature() public view { SismoConnectResponse memory validResponse = DEFAULT_RESPONSE .withAuth({ auth: AuthBuilder.build({authType: AuthType.VAULT}), diff --git a/test/utils/ResponseBuilderLib.sol b/test/utils/ResponseBuilderLib.sol index bf3be3c..44b8769 100644 --- a/test/utils/ResponseBuilderLib.sol +++ b/test/utils/ResponseBuilderLib.sol @@ -1,8 +1,8 @@ // SPDX-License-Identifier: MIT pragma solidity ^0.8.17; -import "src/libs/utils/Structs.sol"; -import {ProofBuilder} from "src/libs/utils/SismoConnectProofBuilder.sol"; +import "src/utils/Structs.sol"; +import {ProofBuilder} from "src/utils/SismoConnectProofBuilder.sol"; // We introduce an intermediate struct that will not store the proofs // This is useful to be able to store this struct in the a contract storage diff --git a/test/verifiers/hydra-s3/HydraS3BaseTest.t.sol b/test/verifiers/hydra-s3/HydraS3BaseTest.t.sol index 622556d..0fcfba1 100644 --- a/test/verifiers/hydra-s3/HydraS3BaseTest.t.sol +++ b/test/verifiers/hydra-s3/HydraS3BaseTest.t.sol @@ -8,13 +8,15 @@ import {CommitmentMapperRegistryMock, ICommitmentMapperRegistry} from "test/mock import {AvailableRootsRegistryMock} from "test/mocks/AvailableRootsRegistryMock.sol"; contract HydraS3BaseTest is BaseTest { - HydraS3Proofs immutable hydraS3Proofs = new HydraS3Proofs(); + HydraS3Proofs hydraS3Proofs; HydraS3Verifier hydraS3Verifier; ICommitmentMapperRegistry commitmentMapperRegistry; AvailableRootsRegistryMock availableRootsRegistry; function setUp() public virtual override { - super.setUp(); + BaseTest.setUp(); + + hydraS3Proofs = new HydraS3Proofs(); commitmentMapperRegistry = new CommitmentMapperRegistryMock(); availableRootsRegistry = new AvailableRootsRegistryMock(); diff --git a/test/verifiers/hydra-s3/HydraS3Proofs.sol b/test/verifiers/hydra-s3/HydraS3Proofs.sol index 30fca7d..14e2934 100644 --- a/test/verifiers/hydra-s3/HydraS3Proofs.sol +++ b/test/verifiers/hydra-s3/HydraS3Proofs.sol @@ -2,10 +2,10 @@ pragma solidity ^0.8.17; import "forge-std/console.sol"; -import "src/libs/utils/Structs.sol"; -import {AuthBuilder} from "src/libs/utils/AuthBuilder.sol"; -import {ClaimBuilder} from "src/libs/utils/ClaimBuilder.sol"; -import {ProofBuilder} from "src/libs/utils/SismoConnectProofBuilder.sol"; +import "src/utils/Structs.sol"; +import {AuthBuilder} from "src/utils/AuthBuilder.sol"; +import {ClaimBuilder} from "src/utils/ClaimBuilder.sol"; +import {ProofBuilder} from "src/utils/SismoConnectProofBuilder.sol"; import {ResponseBuilder} from "test/utils/ResponseBuilderLib.sol"; contract HydraS3Proofs { diff --git a/test/verifiers/hydra-s3/HydraS3Verifier.t.sol b/test/verifiers/hydra-s3/HydraS3Verifier.t.sol index c541746..3bfdd22 100644 --- a/test/verifiers/hydra-s3/HydraS3Verifier.t.sol +++ b/test/verifiers/hydra-s3/HydraS3Verifier.t.sol @@ -4,45 +4,78 @@ pragma solidity ^0.8.17; import "forge-std/console.sol"; import {HydraS3BaseTest} from "./HydraS3BaseTest.t.sol"; import {HydraS3ProofData, HydraS3Lib, HydraS3ProofInput} from "src/verifiers/HydraS3Lib.sol"; +import {ClaimBuilder} from "src/utils/ClaimBuilder.sol"; +import {AuthBuilder} from "src/utils/AuthBuilder.sol"; +import "src/utils/Structs.sol"; contract HydraS3VerifierTest is HydraS3BaseTest { using HydraS3Lib for HydraS3ProofData; + using ClaimBuilder for bytes16; + using AuthBuilder for uint8; address user = 0x7def1d6D28D6bDa49E69fa89aD75d160BEcBa3AE; - bytes16 constant appId = 0x11b1de449c6c4adb0b5775b3868b28b3; - bytes16 constant groupId = 0xe9ed316946d3d98dfcd829a53ec9822e; - + bytes16 constant DEFAULT_APP_ID = 0x11b1de449c6c4adb0b5775b3868b28b3; + bytes16 constant DEFAULT_GROUP_ID = 0xe9ed316946d3d98dfcd829a53ec9822e; + bytes16 constant DEFAULT_GROUP_TIMESTAMP = bytes16("latest"); + bytes16 public DEFAULT_NAMESPACE = bytes16(keccak256("main")); bool public DEFAULT_IS_IMPERSONATION_MODE = false; - ClaimRequest claimRequest; - AuthRequest authRequest; - SignatureRequest signature; - HydraS3ProofData snarkProof; + SignatureRequest public DEFAULT_SIGNATURE_REQUEST = + SignatureRequest({message: abi.encode(user), isSelectableByUser: false, extraData: ""}); + function setUp() public virtual override { - super.setUp(); - sismoConnect = new SismoConnectHarness(appId, DEFAULT_IS_IMPERSONATION_MODE); - claimRequest = sismoConnect.exposed_buildClaim({groupId: groupId}); - authRequest = sismoConnect.exposed_buildAuth({authType: AuthType.VAULT}); - signature = sismoConnect.exposed_buildSignature({message: abi.encode(user)}); + HydraS3BaseTest.setUp(); } function test_RevertWith_InvalidVersionOfProvingScheme() public { (SismoConnectResponse memory invalidResponse, ) = hydraS3Proofs .getResponseWithOneClaimAndSignature(); invalidResponse.proofs[0].provingScheme = bytes32("fake-proving-scheme"); - // register the fake proving scheme to the HydraS3Verifier address i the SismoConnectVerifier contract - // if the proving scheme is not registered, it will revert without an error since the SismoConnectVerifier will not be able to find the verifier when routing - vm.prank(owner); - sismoConnectVerifier.registerVerifier(bytes32("fake-proving-scheme"), address(hydraS3Verifier)); + vm.expectRevert( abi.encodeWithSignature("InvalidVersion(bytes32)", bytes32("fake-proving-scheme")) ); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] + }); + } + + function test_RevertWith_OnlyOneAuthAndOneClaimIsSupported() public { + (SismoConnectResponse memory invalidResponse, ) = hydraS3Proofs + .getResponseWithOneClaimOneAuthAndOneMessage(); + + Auth[] memory auths = new Auth[](2); + // take the first auth from the valid response + auths[0] = invalidResponse.proofs[1].auths[0]; + // we add a second auth to the proof + auths[1] = AuthBuilder.build({authType: AuthType.VAULT}); + + Claim[] memory claims = new Claim[](2); + claims[0] = invalidResponse.proofs[0].claims[0]; + // we add a second claim to the proof + claims[1] = ClaimBuilder.build({groupId: DEFAULT_GROUP_ID}); + + invalidResponse.proofs[0] = SismoConnectProof({ + provingScheme: invalidResponse.proofs[0].provingScheme, + auths: auths, + claims: claims, + proofData: invalidResponse.proofs[0].proofData, + extraData: "" + }); + + vm.expectRevert(abi.encodeWithSignature("OnlyOneAuthAndOneClaimIsSupported()")); + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -52,7 +85,7 @@ contract HydraS3VerifierTest is HydraS3BaseTest { vm.assume(invalidVaultNamespace < 2 ** 128 - 1); vm.assume( invalidVaultNamespace != - uint256(keccak256(abi.encodePacked(appId, bytes16(0)))) % HydraS3Lib.SNARK_FIELD + uint256(keccak256(abi.encodePacked(DEFAULT_APP_ID, bytes16(0)))) % HydraS3Lib.SNARK_FIELD ); (SismoConnectResponse memory invalidResponse, ) = hydraS3Proofs .getResponseWithOnlyOneAuthAndMessage(); @@ -67,13 +100,15 @@ contract HydraS3VerifierTest is HydraS3BaseTest { abi.encodeWithSignature( "VaultNamespaceMismatch(uint256,uint256)", snarkProof._getVaultNamespace(), - uint256(keccak256(abi.encodePacked(appId, bytes16(0)))) % HydraS3Lib.SNARK_FIELD + uint256(keccak256(abi.encodePacked(DEFAULT_APP_ID, bytes16(0)))) % HydraS3Lib.SNARK_FIELD ) ); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - auth: authRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -89,17 +124,14 @@ contract HydraS3VerifierTest is HydraS3BaseTest { extraData: "" }); - // we change the authType to be equal to GITHUB instead of ANON, so it is the same as in the response and we can test the revert of the destinationVerificationEnabled - AuthRequest memory githubAuthRequest = sismoConnect.exposed_buildAuth({ - authType: AuthType.GITHUB - }); - - // this should revert because the destinationVerificationEnabled is false and the AuthType is different from ANON + // this should revert because the destinationVerificationEnabled is false and the AuthType is different from VAULT vm.expectRevert(abi.encodeWithSignature("DestinationVerificationNotEnabled()")); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - auth: githubAuthRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -130,10 +162,6 @@ contract HydraS3VerifierTest is HydraS3BaseTest { // destinationVerificationEnabled at index 13 in the snarkProof's inputs invalidResponse = _changeProofDataInSismoConnectResponse(invalidResponse, 13, uint256(1)); // true - // we change the authType to be equal to GITHUB instead of ANON, so it is the same as in the response and we can test the revert of the destinationVerificationEnabled - AuthRequest memory githubAuthRequest = sismoConnect.exposed_buildAuth({ - authType: AuthType.GITHUB - }); vm.expectRevert( abi.encodeWithSignature( "CommitmentMapperPubKeyMismatch(bytes32,bytes32,bytes32,bytes32)", @@ -143,10 +171,12 @@ contract HydraS3VerifierTest is HydraS3BaseTest { bytes32(snarkProof._getCommitmentMapperPubKey()[1]) ) ); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - auth: githubAuthRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -176,10 +206,6 @@ contract HydraS3VerifierTest is HydraS3BaseTest { // with an AuthType different from ANON, the destinationVerificationEnabled should be true invalidResponse = _changeProofDataInSismoConnectResponse(invalidResponse, 13, uint256(1)); // destinationVerificationEnabled at index 13 is equal to true - // we change the authType to be equal to GITHUB instead of ANON, so it is the same as in the response and we can test the revert of the destinationVerificationEnabled - AuthRequest memory githubAuthRequest = sismoConnect.exposed_buildAuth({ - authType: AuthType.GITHUB - }); vm.expectRevert( abi.encodeWithSignature( "CommitmentMapperPubKeyMismatch(bytes32,bytes32,bytes32,bytes32)", @@ -189,10 +215,12 @@ contract HydraS3VerifierTest is HydraS3BaseTest { bytes32(incorrectCommitmentMapperPubKeyY) ) ); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - auth: githubAuthRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -204,10 +232,12 @@ contract HydraS3VerifierTest is HydraS3BaseTest { // claimValue is at index 7 in the snarkProof's inputs invalidResponse = _changeProofDataInSismoConnectResponse(invalidResponse, 7, invalidClaimValue); vm.expectRevert(abi.encodeWithSignature("ClaimValueMismatch()")); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -215,16 +245,13 @@ contract HydraS3VerifierTest is HydraS3BaseTest { uint256 incorrectRequestIdentifier ) public { uint256 correctRequestIdentifier = _encodeRequestIdentifier( - groupId, - bytes16("latest"), - appId, - bytes16(keccak256("main")) + DEFAULT_GROUP_ID, + DEFAULT_GROUP_TIMESTAMP, + DEFAULT_APP_ID, + DEFAULT_NAMESPACE ); // we force that the incorrectRequestIdentifier is different from the correct requestIdentifier when fuzzing - vm.assume( - incorrectRequestIdentifier != - _encodeRequestIdentifier(groupId, bytes16("latest"), appId, bytes16(keccak256("main"))) - ); + vm.assume(incorrectRequestIdentifier != correctRequestIdentifier); (SismoConnectResponse memory invalidResponse, ) = hydraS3Proofs .getResponseWithOneClaimAndSignature(); // requestIdentifier is at index 5 in the snarkProof's inputs @@ -240,10 +267,12 @@ contract HydraS3VerifierTest is HydraS3BaseTest { correctRequestIdentifier ) ); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -269,14 +298,15 @@ contract HydraS3VerifierTest is HydraS3BaseTest { bytes32(snarkProof._getCommitmentMapperPubKey()[1]) ) ); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); - // it should also revert whe in impersonation mode - SismoConnectHarness impersonationSismoConnect = new SismoConnectHarness(appId, true); + // it should also revert when impersonation mode is set to true vm.expectRevert( abi.encodeWithSignature( "CommitmentMapperPubKeyMismatch(bytes32,bytes32,bytes32,bytes32)", @@ -286,10 +316,12 @@ contract HydraS3VerifierTest is HydraS3BaseTest { bytes32(snarkProof._getCommitmentMapperPubKey()[1]) ) ); - impersonationSismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: true, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -315,14 +347,15 @@ contract HydraS3VerifierTest is HydraS3BaseTest { bytes32(incorrectCommitmentMapperPubKeyY) ) ); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); - // it should also revert whe in impersonation mode - SismoConnectHarness impersonationSismoConnect = new SismoConnectHarness(appId, true); + // it should also revert when impersonation mode is set to true vm.expectRevert( abi.encodeWithSignature( "CommitmentMapperPubKeyMismatch(bytes32,bytes32,bytes32,bytes32)", @@ -332,10 +365,12 @@ contract HydraS3VerifierTest is HydraS3BaseTest { bytes32(incorrectCommitmentMapperPubKeyY) ) ); - impersonationSismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: true, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -346,10 +381,12 @@ contract HydraS3VerifierTest is HydraS3BaseTest { // sourceVerificationEnabled is at index 12 in snarkProof's inputs invalidResponse = _changeProofDataInSismoConnectResponse(invalidResponse, 12, uint256(0)); vm.expectRevert(abi.encodeWithSignature("SourceVerificationNotEnabled()")); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -370,10 +407,12 @@ contract HydraS3VerifierTest is HydraS3BaseTest { vm.expectRevert( abi.encodeWithSignature("RegistryRootNotAvailable(uint256)", invalidRegistryTreeRoot) ); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -400,18 +439,20 @@ contract HydraS3VerifierTest is HydraS3BaseTest { correctAccountsTreeValue ) ); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } function test_RevertWith_ClaimTypeMismatch() public { (SismoConnectResponse memory invalidResponse, ) = hydraS3Proofs .getResponseWithOneClaimAndSignature(); - // we change the claimComparator to be equal to 1, the claimType should be EQ to not revert - // but we keep the claimType of GTE in the claimRequest + // we change the claimComparator to be equal to 1 in the proof, the claimType should be EQ to not revert + // but we keep the claimType of GTE in the claim uint256 incorrectClaimComparator = 1; // claimComparator is at index 9 in snarkProof's inputs invalidResponse = _changeProofDataInSismoConnectResponse( @@ -423,13 +464,15 @@ contract HydraS3VerifierTest is HydraS3BaseTest { abi.encodeWithSignature( "ClaimTypeMismatch(uint256,uint256)", incorrectClaimComparator, - claimRequest.claimType + invalidResponse.proofs[0].claims[0].claimType ) ); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -454,10 +497,12 @@ contract HydraS3VerifierTest is HydraS3BaseTest { correctExtraData ) ); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); } @@ -477,10 +522,12 @@ contract HydraS3VerifierTest is HydraS3BaseTest { incorrectProofIdentifier ); vm.expectRevert(abi.encodeWithSignature("InvalidProof()")); - sismoConnect.exposed_verify({ - responseBytes: abi.encode(invalidResponse), - claim: claimRequest, - signature: signature + hydraS3Verifier.verify({ + appId: DEFAULT_APP_ID, + namespace: DEFAULT_NAMESPACE, + isImpersonationMode: DEFAULT_IS_IMPERSONATION_MODE, + signedMessage: DEFAULT_SIGNATURE_REQUEST.message, + sismoConnectProof: invalidResponse.proofs[0] }); }