Add zklogin check and verify functions (#13817)

jonas-lj · sblackshear · tnowacki · web-flow · commit 4d9fa245063a · 2023-10-02T20:53:45.000+02:00
## Description 

Add functions which allows a user to prove that a certain identity was
used to create a zklogin address and link this identity to the address
(VerifiedID).

## Test Plan 

Unit tests

---
If your changes are not user-facing and not a breaking change, you can
skip the following section. Otherwise, please indicate what changed, and
then add to the Release Notes section as highlighted during the release
process.

### Type of Change (Check all that apply)

- [x] protocol change
- [x] user-visible impact
- [ ] breaking change for a client SDKs
- [x] breaking change for FNs (FN binary must upgrade)
- [x] breaking change for validators or node operators (must upgrade
binaries)
- [ ] breaking change for on-chain data layout
- [ ] necessitate either a data wipe or data migration

### Release notes

Add a `verify_zklogin_id` function to the SUI framework which allows
users to prove that a certain identity was used to create a zklogin
address and link this identity to their address. The function returns a
verified identity object which maybe used to authenticate towards smart
contracts. A similar function where the user only reveals who issued the
identity used to create a zklogin address, `verify_zklogin_iss` is also
added.

---------

Co-authored-by: Sam Blackshear &lt;sam.blackshear@gmail.com&gt;
Co-authored-by: Todd Nowacki &lt;tmn@mystenlabs.com&gt;
diff --git a/crates/sui-framework/packages/sui-framework/sources/crypto/zklogin_verified_id.move b/crates/sui-framework/packages/sui-framework/sources/crypto/zklogin_verified_id.move
@@ -0,0 +1,112 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+module sui::zklogin_verified_id {
+    use std::string::String;
+    use sui::object;
+    use sui::object::UID;
+    use sui::tx_context::TxContext;
+    use sui::tx_context;
+
+    /// Error if any of the inputs are longer than the allowed upper bounds.
+    const EInvalidInput: u64 = 0;
+
+    /// Error if the proof consisting of the inputs provided to the verification function is invalid.
+    const EInvalidProof: u64 = 1;
+
+    /// Posession of a VerifiedID proves that the user's address was created using zklogin and the given parameters.
+    struct VerifiedID has key {
+        /// The ID of this VerifiedID
+        id: UID,
+        /// The address this VerifiedID is associated with
+        owner: address,
+        /// The name of the key claim
+        key_claim_name: String,
+        /// The value of the key claim
+        key_claim_value: String,
+        /// The issuer
+        issuer: String,
+        /// The audience (wallet)
+        audience: String,
+    }
+
+    /// Returns the address associated with the given VerifiedID
+    public fun owner(verified_id: &VerifiedID): address {
+        verified_id.owner
+    }
+
+    /// Returns the name of the key claim associated with the given VerifiedID
+    public fun key_claim_name(verified_id: &VerifiedID): &String {
+        &verified_id.key_claim_name
+    }
+
+    /// Returns the value of the key claim associated with the given VerifiedID
+    public fun key_claim_value(verified_id: &VerifiedID): &String {
+        &verified_id.key_claim_value
+    }
+
+    /// Returns the issuer associated with the given VerifiedID
+    public fun issuer(verified_id: &VerifiedID): &String {
+        &verified_id.issuer
+    }
+
+    /// Returns the audience (wallet) associated with the given VerifiedID
+    public fun audience(verified_id: &VerifiedID): &String {
+        &verified_id.audience
+    }
+
+    /// Verify that the caller's address was created using zklogin and the given parametersand returns a `VerifiedID`
+    /// with the caller's id (claim name and value, issuer and wallet id).
+    ///
+    /// Aborts with `EInvalidInput` if any of the inputs are longer than the allowed upper bounds: `kc_name` must be at
+    /// most 32 characters, `kc_value` must be at most 115 characters and `aud` must be at most 145 characters.
+    ///
+    /// Aborts with `EInvalidProof` if the verification fails.
+    public fun verify_zklogin_id(
+        key_claim_name: String,
+        key_claim_value: String,
+        issuer: String,
+        audience: String,
+        pin_hash: u256,
+        ctx: &mut TxContext,
+    ): VerifiedID {
+        assert!(check_zklogin_id(tx_context::sender(ctx), &key_claim_name, &key_claim_value, &issuer, &audience, pin_hash), EInvalidProof);
+        VerifiedID { id: object::new(ctx), owner: tx_context::sender(ctx), key_claim_name, key_claim_value, issuer, audience}
+    }
+
+    /// Returns true if `address` was created using zklogin and the given parameters.
+    ///
+    /// Aborts with `EInvalidInput` if any of the inputs are longer than the allowed upper bounds: `kc_name` must be at
+    /// most 32 characters, `kc_value` must be at most 115 characters and `aud` must be at most 145 characters.
+    public fun check_zklogin_id(
+        address: address,
+        key_claim_name: &String,
+        key_claim_value: &String,
+        issuer: &String,
+        audience: &String,
+        pin_hash: u256
+    ): bool {
+        check_zklogin_id_internal(
+            address,
+            std::string::bytes(key_claim_name),
+            std::string::bytes(key_claim_value),
+            std::string::bytes(issuer),
+            std::string::bytes(audience),
+            pin_hash
+        )
+    }
+
+    /// Returns true if `address` was created using zklogin and the given parameters.
+    ///
+    /// Aborts with `EInvalidInput` if any of `kc_name`, `kc_value`, `iss` and `aud` is not a properly encoded UTF-8
+    /// string or if the inputs are longer than the allowed upper bounds: `kc_name` must be at most 32 characters,
+    /// `kc_value` must be at most 115 characters and `aud` must be at most 145 characters.
+    native fun check_zklogin_id_internal(
+        address: address,
+        key_claim_name: &vector<u8>,
+        key_claim_value: &vector<u8>,
+        issuer: &vector<u8>,
+        audience: &vector<u8>,
+        pin_hash: u256
+    ): bool;
+}
diff --git a/crates/sui-framework/packages/sui-framework/sources/crypto/zklogin_verified_id.spec.move b/crates/sui-framework/packages/sui-framework/sources/crypto/zklogin_verified_id.spec.move
@@ -0,0 +1,25 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+spec sui::zklogin_verified_id {
+    spec verify_zklogin_id {
+        pragma opaque;
+        // TODO: stub to be replaced by actual abort conditions if any
+        aborts_if [abstract] true;
+        // TODO: specify actual function behavior
+    }
+
+    spec check_zklogin_id {
+        pragma opaque;
+        // TODO: stub to be replaced by actual abort conditions if any
+        aborts_if [abstract] true;
+        // TODO: specify actual function behavior
+    }
+
+    spec check_zklogin_id_internal {
+        pragma opaque;
+        // TODO: stub to be replaced by actual abort conditions if any
+        aborts_if [abstract] true;
+        // TODO: specify actual function behavior
+    }
+}
diff --git a/crates/sui-framework/packages/sui-framework/sources/crypto/zklogin_verified_issuer.move b/crates/sui-framework/packages/sui-framework/sources/crypto/zklogin_verified_issuer.move
@@ -0,0 +1,68 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+module sui::zklogin_verified_issuer {
+    use std::string::String;
+    use sui::object;
+    use sui::object::UID;
+    use sui::tx_context::TxContext;
+    use sui::tx_context;
+
+    /// Error if the proof consisting of the inputs provided to the verification function is invalid.
+    const EInvalidInput: u64 = 0;
+
+    /// Error if the proof consisting of the inputs provided to the verification function is invalid.
+    const EInvalidProof: u64 = 1;
+
+    /// Posession of a VerifiedIssuer proves that the user's address was created using zklogin and with the given issuer
+    /// (identity provider).
+    struct VerifiedIssuer has key {
+        /// The ID of this VerifiedIssuer
+        id: UID,
+        /// The address this VerifiedID is associated with
+        owner: address,
+        /// The issuer
+        issuer: String,
+    }
+
+    /// Returns the address associated with the given VerifiedIssuer
+    public fun owner(verified_issuer: &VerifiedIssuer): address {
+        verified_issuer.owner
+    }
+
+    /// Returns the issuer associated with the given VerifiedIssuer
+    public fun issuer(verified_issuer: &VerifiedIssuer): &String {
+        &verified_issuer.issuer
+    }
+
+    /// Verify that the caller's address was created using zklogin with the given issuer. If so, a VerifiedIssuer object
+    /// with the issuers id returned.
+    ///
+    /// Aborts with `EInvalidProof` if the verification fails.
+    public fun verify_zklogin_issuer(
+        address_seed: u256,
+        issuer: String,
+        ctx: &mut TxContext,
+    ): VerifiedIssuer {
+        assert!(check_zklogin_issuer(tx_context::sender(ctx), address_seed, &issuer), EInvalidProof);
+        VerifiedIssuer {id: object::new(ctx), owner: tx_context::sender(ctx), issuer}
+    }
+
+    /// Returns true if `address` was created using zklogin with the given issuer and address seed.
+    public fun check_zklogin_issuer(
+        address: address,
+        address_seed: u256,
+        issuer: &String,
+    ): bool {
+        check_zklogin_issuer_internal(address, address_seed, std::string::bytes(issuer))
+    }
+
+    /// Returns true if `address` was created using zklogin with the given issuer and address seed.
+    ///
+    /// Aborts with `EInvalidInput` if the `iss` input is not a valid UTF-8 string.
+    native fun check_zklogin_issuer_internal(
+        address: address,
+        address_seed: u256,
+        issuer: &vector<u8>,
+    ): bool;
+}
diff --git a/crates/sui-framework/packages/sui-framework/sources/crypto/zklogin_verified_issuer.spec.move b/crates/sui-framework/packages/sui-framework/sources/crypto/zklogin_verified_issuer.spec.move
@@ -0,0 +1,24 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+spec sui::zklogin_verified_issuer {
+    spec verify_zklogin_issuer {
+        pragma opaque;
+        // TODO: stub to be replaced by actual abort conditions if any
+        aborts_if [abstract] true;
+        // TODO: specify actual function behavior
+    }
+    spec check_zklogin_issuer {
+        pragma opaque;
+        // TODO: stub to be replaced by actual abort conditions if any
+        aborts_if [abstract] true;
+        // TODO: specify actual function behavior
+    }
+
+    spec check_zklogin_issuer_internal {
+        pragma opaque;
+        // TODO: stub to be replaced by actual abort conditions if any
+        aborts_if [abstract] true;
+        // TODO: specify actual function behavior
+    }
+}
diff --git a/crates/sui-framework/packages/sui-framework/tests/crypto/zklogin_verified_id_tests.move b/crates/sui-framework/packages/sui-framework/tests/crypto/zklogin_verified_id_tests.move
@@ -0,0 +1,91 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+#[test_only]
+module sui::zklogin_verified_id_tests {
+    use sui::zklogin_verified_id::check_zklogin_id;
+    use sui::address;
+    use std::string::utf8;
+
+    #[test]
+    fun test_check_zklogin_id() {
+        let address = address::from_bytes(x"1c6b623a2f2c91333df730c98d220f11484953b391a3818680f922c264cc0c6b");
+        let kc_name = utf8(b"sub");
+        let kc_value = utf8(b"106294049240999307923");
+        let aud = utf8(b"575519204237-msop9ep45u2uo98hapqmngv8d84qdc8k.apps.googleusercontent.com");
+        let iss = utf8(b"https://accounts.google.com");
+        let salt_hash = 15232766888716517538274372547598053531354666056102343895255590477425668733026u256;
+        assert!(check_zklogin_id(address, &kc_name, &kc_value, &iss, &aud, salt_hash), 0);
+
+        // Negative tests
+        let other_address = address::from_bytes(x"016b623a2f2c91333df730c98d220f11484953b391a3818680f922c264cc0c6b");
+        assert!(!check_zklogin_id(other_address, &kc_name, &kc_value, &iss, &aud, salt_hash), 1);
+
+        let other_kc_name = utf8(b"name");
+        assert!(!check_zklogin_id(address, &other_kc_name, &kc_value, &iss, &aud, salt_hash), 2);
+
+        let other_kc_value = utf8(b"106294049240999307924");
+        assert!(!check_zklogin_id(address, &other_kc_name, &other_kc_value, &iss, &aud, salt_hash), 3);
+
+        let other_iss = utf8(b"https://other.issuer.com");
+        assert!(!check_zklogin_id(address, &kc_name, &kc_value, &other_iss, &aud, salt_hash), 4);
+
+        let other_aud = utf8(b"other.wallet.com");
+        assert!(!check_zklogin_id(address, &kc_name, &kc_value, &iss, &other_aud, salt_hash), 5);
+
+        let other_salt_hash = 15232766888716517538274372547598053531354666056102343895255590477425668733027u256;
+        assert!(!check_zklogin_id(address, &kc_name, &kc_value, &iss, &aud, other_salt_hash), 6);
+    }
+
+    #[test]
+    fun test_check_zklogin_id_upper_bounds() {
+        // Set kc_name, kc_value and aud to be as long as they can be (32, 115 and 145 bytes respectively) and verify
+        // that the check function doesn't abort.
+        let address = address::from_bytes(x"1c6b623a2f2c91333df730c98d220f11484953b391a3818680f922c264cc0c6b");
+        let kc_name = utf8(b"qvKbuwvu6LTnYocFPwz1EiIClFUAuMC3");
+        let kc_value = utf8(b"BA7SREzYLKG5opithujfrU8SFaSpKI4zezu8Vb2GBPVpZsMUpYVeXl6oEAo84ryIlbHOqrMWpI7mlTfvr7HYxiF70jdyIY4rPOOpuJIYWwN3o1olTP2");
+        let aud = utf8(b"munO2fnn2XnBNq5fXRmSmhC4GPL3yX4Rv9fGoECXTsmniR8dwkPTefbmLF08zh7BnVcaxriii4dEPNwzEF2puLIHmJoeuYbQxV84J9of4NRaL3IhwImVGubgPHWfMfCuGuedCdLn6KUdJsgG1");
+        let iss = utf8(b"https://issuer.com");
+        let salt_hash = 1234u256;
+        assert!(!check_zklogin_id(address, &kc_name, &kc_value, &iss, &aud, salt_hash), 0);
+    }
+
+    #[test]
+    #[expected_failure(abort_code = sui::zklogin_verified_id::EInvalidInput)]
+    fun test_check_zklogin_id_long_kc_name() {
+        let address = address::from_bytes(x"1c6b623a2f2c91333df730c98d220f11484953b391a3818680f922c264cc0c6b");
+        // Should at most be 32 bytes
+        let long_kc_name = utf8(b"qvKbuwvu6LTnYocFPwz1EiIClFUAuMC3G");
+        let kc_value = utf8(b"106294049240999307923");
+        let aud = utf8(b"575519204237-msop9ep45u2uo98hapqmngv8d84qdc8k.apps.googleusercontent.com");
+        let iss = utf8(b"https://accounts.google.com");
+        let salt_hash = 15232766888716517538274372547598053531354666056102343895255590477425668733026u256;
+        check_zklogin_id(address, &long_kc_name, &kc_value, &iss, &aud, salt_hash);
+    }
+
+    #[test]
+    #[expected_failure(abort_code = sui::zklogin_verified_id::EInvalidInput)]
+    fun test_check_zklogin_id_long_aud() {
+        let address = address::from_bytes(x"1c6b623a2f2c91333df730c98d220f11484953b391a3818680f922c264cc0c6b");
+        let kc_name = utf8(b"sub");
+        // Should at most be 115 bytes
+        let long_kc_value = utf8(b"BA7SREzYLKG5opithujfrU8SFaSpKI4zezu8Vb2GBPVpZsMUpYVeXl6oEAo84ryIlbHOqrMWpI7mlTfvr7HYxiF70jdyIY4rPOOpuJIYWwN3o1olTP2c");
+        let aud = utf8(b"575519204237-msop9ep45u2uo98hapqmngv8d84qdc8k.apps.googleusercontent.com");
+        let iss = utf8(b"https://accounts.google.com");
+        let salt_hash = 15232766888716517538274372547598053531354666056102343895255590477425668733026u256;
+        check_zklogin_id(address, &kc_name, &long_kc_value, &iss, &aud, salt_hash);
+    }
+
+    #[test]
+    #[expected_failure(abort_code = sui::zklogin_verified_id::EInvalidInput)]
+    fun test_check_zklogin_id_long_kc_value() {
+        let address = address::from_bytes(x"1c6b623a2f2c91333df730c98d220f11484953b391a3818680f922c264cc0c6b");
+        let kc_name = utf8(b"sub");
+        let kc_value = utf8(b"106294049240999307923");
+        // Should be at most 145 bytes
+        let long_aud = utf8(b"munO2fnn2XnBNq5fXRmSmhC4GPL3yX4Rv9fGoECXTsmniR8dwkPTefbmLF08zh7BnVcaxriii4dEPNwzEF2puLIHmJoeuYbQxV84J9of4NRaL3IhwImVGubgPHWfMfCuGuedCdLn6KUdJsgG1S");
+        let iss = utf8(b"https://accounts.google.com");
+        let salt_hash = 15232766888716517538274372547598053531354666056102343895255590477425668733026u256;
+        check_zklogin_id(address, &kc_name, &kc_value, &iss, &long_aud, salt_hash);
+    }
+}
diff --git a/crates/sui-framework/packages/sui-framework/tests/crypto/zklogin_verified_issuer_tests.move b/crates/sui-framework/packages/sui-framework/tests/crypto/zklogin_verified_issuer_tests.move
@@ -0,0 +1,26 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+#[test_only]
+module sui::zklogin_verified_issuer_tests {
+    use sui::zklogin_verified_issuer::check_zklogin_issuer;
+    use sui::address;
+    use std::string::utf8;
+
+    #[test]
+    fun test_check_zklogin_issuer() {
+        let address = address::from_bytes(x"1c6b623a2f2c91333df730c98d220f11484953b391a3818680f922c264cc0c6b");
+        let iss = utf8(b"https://accounts.google.com");
+        let address_seed = 3006596378422062745101035755700472756930796952630484939867684134047976874601u256;
+        assert!(check_zklogin_issuer(address,  address_seed, &iss,), 0);
+
+        let other_address = address::from_bytes(x"006b623a2f2c91333df730c98d220f11484953b391a3818680f922c264cc0c6b");
+        assert!(!check_zklogin_issuer(other_address, address_seed, &iss), 1);
+
+        let other_address_seed = 1234u256;
+        assert!(!check_zklogin_issuer(address, other_address_seed, &iss), 2);
+
+        let other_iss = utf8(b"https://other.issuer.com");
+        assert!(!check_zklogin_issuer(address, address_seed, &other_iss), 3);
+    }
+}
