Feat: Jwt Circuit and Helpers #1
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SoraSuegami
reviewed
Oct 15, 2024
|
|
||
| include "./jwt-verifier.circom"; | ||
|
|
||
| component main = JWTVerifier(121, 17, 1024, 128, 896, 72, 605); |
There was a problem hiding this comment.
@shreyas-londhe
I think this file is not necessary if you already have the test circuit in tests/test-circuits.
SoraSuegami
reviewed
Oct 15, 2024
| // Verify if the typ in the header is "JWT" | ||
| var typLength = JWT_TYP_LENGTH(); | ||
| var typ[typLength] = JWT_TYP(); | ||
| signal typMatch[typLength] <== RevealSubstring(maxHeaderLength, typLength, 0)(header, jwtTypStartIndex, typLength); |
There was a problem hiding this comment.
Could you share the context about disabling the shouldCheckUniqueness here?
Also, I don't understand how RevealSubstring prevents unrelated jwtTypStartIndex such that the substring from jwtTypStartIndex contains "JWT" but is not for "typ"?
(The zk-regex prevents it by masking all characters except for the value of "typ" defined by the regex.)
SoraSuegami
reviewed
Oct 15, 2024
| // Check if the command in the nonce has a valid email address and remove the email address if it exists | ||
| signal emailAddrRegexOut, emailAddrRegexReveal[maxCommandLength]; | ||
| (emailAddrRegexOut, emailAddrRegexReveal) <== EmailAddrRegex(maxCommandLength)(command); | ||
| signal isEmailAddrExist <== IsZero()(emailAddrRegexOut-1); |
There was a problem hiding this comment.
This can be simplified to isEmailAddrExist <== emailAddrRegexOut as emailAddrRegexOut is either 0 or 1.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a JWT Verifier circuit capable of verifying Google Identity Services JWTs. It also includes TS helpers to generate circuit inputs and solidity contracts to verify the JWT proofs on-chain.