be explicit to use a wrong vk for env=prod

fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs

@@ -155,6 +155,10 @@ fn test_verify_zk_login_google() {
     );
     let res = verify_zk_login(&zklogin_inputs, 10, &eph_pubkey, &map, ZkLoginEnv::Test);
     assert!(res.is_ok());
+
+    // Do not verify against the prod vk.
+    let res1 = verify_zk_login(&zklogin_inputs, 10, &eph_pubkey, &map, ZkLoginEnv::Prod);
+    assert!(res1.is_ok());
 }
 
 #[test]
@@ -203,6 +207,10 @@ fn test_verify_zk_login_twitch() {
     });
     let res = verify_zk_login(&zklogin_inputs, 10, &eph_pubkey, &map, ZkLoginEnv::Test);
     assert!(res.is_ok());
+
+    // Do not verify against the prod vk.
+    let res1 = verify_zk_login(&zklogin_inputs, 10, &eph_pubkey, &map, ZkLoginEnv::Prod);
+    assert!(res1.is_ok());
 }
 
 #[test]
@@ -252,10 +260,13 @@ fn test_verify_zk_login_facebook() {
     });
     let res = verify_zk_login(&zklogin_inputs, 10, &eph_pubkey, &map, ZkLoginEnv::Test);
     assert!(res.is_ok());
+    // Do not verify against the prod vk.
+    let res1 = verify_zk_login(&zklogin_inputs, 10, &eph_pubkey, &map, ZkLoginEnv::Prod);
+    assert!(res1.is_err());
 }
 
 #[test]
-fn test_parsed_masked_content() {
+fn test_parse_jwt_details() {
     let header = JWTHeader::new("eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEifQ").unwrap();
     assert_eq!(header.alg, "RS256");
     assert_eq!(header.typ, "JWT");

fastcrypto-zkp/src/bn254/zk_login.rs

@@ -48,6 +48,19 @@ pub enum OIDCProvider {
     Facebook,
 }
 
+impl FromStr for OIDCProvider {
+    type Err = FastCryptoError;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        match s {
+            "Google" => Ok(Self::Google),
+            "Twitch" => Ok(Self::Twitch),
+            "Facebook" => Ok(Self::Facebook),
+            _ => Err(FastCryptoError::InvalidInput),
+        }
+    }
+}
+
 /// Struct that contains all the OIDC provider's JWK. A list of them can
 /// be retrieved from the JWK endpoint (e.g. <https://www.googleapis.com/oauth2/v3/certs>)
 /// and published on the bulletin along with a trusted party's signature.
@@ -163,6 +176,16 @@ impl OIDCProvider {
             ),
         }
     }
+
+    /// Returns the OIDCProvider for the given iss string.
+    pub fn from_iss(iss: &str) -> Result<Self, FastCryptoError> {
+        match iss {
+            "https://accounts.google.com" => Ok(Self::Google),
+            "https://id.twitch.tv/oauth2" => Ok(Self::Twitch),
+            "https://www.facebook.com" => Ok(Self::Facebook),
+            _ => Err(FastCryptoError::InvalidInput),
+        }
+    }
 }
 
 /// Necessary value for claim.

fastcrypto-zkp/src/bn254/zk_login_api.rs

@@ -32,10 +32,99 @@ impl Default for ZkLoginEnv {
     }
 }
 
-// TODO: Replace after ceremony.
-static GLOBAL_VERIFYING_KEY: Lazy<PreparedVerifyingKey<Bn254>> = Lazy::new(global_pvk);
+/// Produced from ceremony. Secure to use for mainnet.
+static GLOBAL_VERIFYING_KEY: Lazy<PreparedVerifyingKey<Bn254>> = Lazy::new(random_pvk);
+/// Produced from a local trusted setup. Insecure to use for mainnet.
 static INSECURE_GLOBAL_VERIFYING_KEY: Lazy<PreparedVerifyingKey<Bn254>> = Lazy::new(global_pvk);
 
+// TODO: Replace after ceremony.
+fn random_pvk() -> PreparedVerifyingKey<Bn254> {
+    // Convert the Circom G1/G2/GT to arkworks G1/G2/GT
+    let vk_alpha_1 = g1_affine_from_str_projective(vec![
+        "20491192805390485299153009773594534940189261866228447918068658471970481763042".to_string(),
+        "9383485363053290200918347156157836566562967994039712273449902621266178545958".to_string(),
+        "1".to_string(),
+    ]);
+    let vk_beta_2 = g2_affine_from_str_projective(vec![
+        vec![
+            "6375614351688725206403948262868962793625744043794305715222011528459656738731"
+                .to_string(),
+            "4252822878758300859123897981450591353533073413197771768651442665752259397132"
+                .to_string(),
+        ],
+        vec![
+            "10505242626370262277552901082094356697409835680220590971873171140371331206856"
+                .to_string(),
+            "21847035105528745403288232691147584728191162732299865338377159692350059136679"
+                .to_string(),
+        ],
+        vec!["1".to_string(), "0".to_string()],
+    ]);
+    let vk_gamma_2 = g2_affine_from_str_projective(vec![
+        vec![
+            "10857046999023057135944570762232829481370756359578518086990519993285655852781"
+                .to_string(),
+            "11559732032986387107991004021392285783925812861821192530917403151452391805634"
+                .to_string(),
+        ],
+        vec![
+            "8495653923123431417604973247489272438418190587263600148770280649306958101930"
+                .to_string(),
+            "4082367875863433681332203403145435568316851327593401208105741076214120093531"
+                .to_string(),
+        ],
+        vec!["1".to_string(), "0".to_string()],
+    ]);
+    let vk_delta_2 = g2_affine_from_str_projective(vec![
+        vec![
+            "10857046999023057135944570762232829481370756359578518086990519993285655852781"
+                .to_string(),
+            "11559732032986387107991004021392285783925812861821192530917403151452391805634"
+                .to_string(),
+        ],
+        vec![
+            "8495653923123431417604973247489272438418190587263600148770280649306958101930"
+                .to_string(),
+            "4082367875863433681332203403145435568316851327593401208105741076214120093531"
+                .to_string(),
+        ],
+        vec!["1".to_string(), "0".to_string()],
+    ]);
+
+    // Create a vector of G1Affine elements from the IC
+    let mut vk_gamma_abc_g1 = Vec::new();
+    for e in vec![
+        vec![
+            "18931764958316061396537365316410279129357566768168194299771466990652581507745"
+                .to_string(),
+            "19589594864158083697499253358172374190940731232487666687594341722397321059767"
+                .to_string(),
+            "1".to_string(),
+        ],
+        vec![
+            "6267760579143073538587735682191258967573139158461221609828687320377758856284"
+                .to_string(),
+            "18672820669757254021555424652581702101071897282778751499312181111578447239911"
+                .to_string(),
+            "1".to_string(),
+        ],
+    ] {
+        let g1 = g1_affine_from_str_projective(e);
+        vk_gamma_abc_g1.push(g1);
+    }
+
+    let vk = VerifyingKey {
+        alpha_g1: vk_alpha_1,
+        beta_g2: vk_beta_2,
+        gamma_g2: vk_gamma_2,
+        delta_g2: vk_delta_2,
+        gamma_abc_g1: vk_gamma_abc_g1,
+    };
+
+    // Convert the verifying key into the prepared form.
+    process_vk_special(&Bn254VerifyingKey(vk)).as_arkworks_pvk()
+}
+
 /// Load a fixed verifying key from zklogin.vkey output. This is based on a local setup and should not use in production.
 fn global_pvk() -> PreparedVerifyingKey<Bn254> {
     // Convert the Circom G1/G2/GT to arkworks G1/G2/GT
@@ -120,7 +209,7 @@ fn global_pvk() -> PreparedVerifyingKey<Bn254> {
         gamma_abc_g1: vk_gamma_abc_g1,
     };
 
-    // Conver thte verifying key into the prepared form.
+    // Convert the verifying key into the prepared form.
     process_vk_special(&Bn254VerifyingKey(vk)).as_arkworks_pvk()
 }
 
@@ -130,7 +219,7 @@ pub fn verify_zk_login(
     max_epoch: u64,
     eph_pubkey_bytes: &[u8],
     all_jwk: &HashMap<(String, String), JWK>,
-    usage: ZkLoginEnv,
+    env: ZkLoginEnv,
 ) -> Result<(), FastCryptoError> {
     // Load the expected JWK based on (kid, iss).
     let (kid, iss) = (input.get_kid().to_string(), input.get_iss().to_string());
@@ -145,7 +234,7 @@ pub fn verify_zk_login(
 
     // Calculat all inputs hash and passed to the verification function.
     match verify_zk_login_proof_with_fixed_vk(
-        usage,
+        env,
         input.get_proof().as_arkworks(),
         &input.calculate_all_inputs_hash(eph_pubkey_bytes, &modulus, max_epoch)?,
     ) {