0xPolygonID · vmidyllic · Apr 12, 2024 · Mar 21, 2024 · Mar 22, 2024 · Mar 22, 2024
diff --git a/index.html b/index.html
@@ -74,6 +74,9 @@
             publishState: async () => {
               return '0xc837f95c984892dbcc3ac41812ecb145fedc26d7003202c50e1b87e226a9b33c';
             },
+            publishStateGeneric: async () => {
+              return '0xc837f95c984892dbcc3ac41812ecb145fedc26d7003202c50e1b87e226a9b33c';
+            },
             getGISTProof: () => {
               return Promise.resolve({
                 root: 0n,

diff --git a/src/credentials/status/reverse-sparse-merkle-tree.ts b/src/credentials/status/reverse-sparse-merkle-tree.ts
@@ -5,7 +5,7 @@ import { IStateStorage } from '../../storage';
 import { CredentialStatusResolver, CredentialStatusResolveOptions } from './resolver';
 import { CredentialStatus, RevocationStatus, State } from '../../verifiable';
 import { VerifiableConstants, CredentialStatusType } from '../../verifiable/constants';
-import { isGenesisState } from '../../utils';
+import { isEthereumIdentity, isGenesisState } from '../../utils';
 import { IssuerResolver } from './sparse-merkle-tree';
 
 /**
@@ -173,11 +173,19 @@ export class RHSResolver implements CredentialStatusResolver {
         return this.getRevocationStatusFromIssuerData(issuerDID, issuerData, genesisState);
       }
       const currentStateBigInt = Hash.fromHex(stateHex).bigInt();
-      if (!isGenesisState(issuerDID, currentStateBigInt)) {
+
+      const isEthIdentity = isEthereumIdentity(issuerDID);
+
+      if (!isEthIdentity && !isGenesisState(issuerDID, currentStateBigInt)) {
         throw new Error(
           `latest state not found and state parameter ${stateHex} is not genesis state`
         );
       }
+
+      if (isEthIdentity) {
+        throw new Error(`State must be published for Ethereum based identity`);
+      }
+
       latestState = currentStateBigInt;
     }
 

diff --git a/src/identity/identity-wallet.ts b/src/identity/identity-wallet.ts
@@ -13,8 +13,7 @@ import {
   SchemaHash
 } from '@iden3/js-iden3-core';
 import { poseidon, PublicKey, sha256, Signature, Hex, getRandomBytes } from '@iden3/js-crypto';
-import { hashElems, ZERO_HASH } from '@iden3/js-merkletree';
-
+import { Hash, hashElems, ZERO_HASH } from '@iden3/js-merkletree';
 import { generateProfileDID, subjectPositionIndex } from './common';
 import * as uuid from 'uuid';
 import { JSONSchema, JsonSchemaValidator, cacheLoader } from '../schema-processor';
@@ -43,13 +42,14 @@ import {
   TreesModel
 } from '../credentials';
 import { TreeState } from '../circuits';
-import { byteEncoder } from '../utils';
+import { buildDIDFromEthPubKey, byteEncoder } from '../utils';
 import { Options } from '@iden3/js-jsonld-merklization';
 import { TransactionReceipt } from 'ethers';
 import {
   CredentialStatusPublisherRegistry,
   Iden3SmtRhsCredentialStatusPublisher
 } from '../credentials/status/credential-status-publisher';
+import { ProofService } from '../proof';
 
 /**
  * DID creation options
@@ -72,6 +72,9 @@ export type IdentityCreationOptions = {
     };
   };
   seed?: Uint8Array;
+  keyType?: KmsKeyType;
+  ethSigner?: any;
+  proofService?: ProofService;
 };
 
 /**
@@ -109,7 +112,7 @@ export interface IIdentityWallet {
    * adds auth BJJ credential to claims tree and generates mtp of inclusion
    * based on the resulting state it provides an identifier in DID form.
    *
-   * @param {IdentityCreationOptions} opts - default is did:iden3:polygon:mumbai** with generated key.
+   * @param {IdentityCreationOptions} opts - default is did:iden3:polygon:aloy** with generated key.
    * @returns `Promise<{ did: DID; credential: W3CCredential }>` - returns did and Auth BJJ credential
    * @public
    */
@@ -434,20 +437,24 @@ export class IdentityWallet implements IIdentityWallet {
   async createIdentity(
     opts: IdentityCreationOptions
   ): Promise<{ did: DID; credential: W3CCredential }> {
-    const tmpIdentifier = opts.seed ? uuid.v5(Hex.encode(sha256(opts.seed)), uuid.NIL) : uuid.v4();
-
-    opts.method = opts.method ?? DidMethod.Iden3;
-    opts.blockchain = opts.blockchain ?? Blockchain.Polygon;
-    opts.networkId = opts.networkId ?? NetworkId.Amoy;
-
-    await this._storage.mt.createIdentityMerkleTrees(tmpIdentifier);
-
-    opts.seed = opts.seed ?? getRandomBytes(32);
-
-    const keyId = await this._kms.createKeyFromSeed(KmsKeyType.BabyJubJub, opts.seed);
+    opts.keyType = opts.keyType ?? KmsKeyType.BabyJubJub;
+
+    switch (opts.keyType) {
+      case KmsKeyType.BabyJubJub:
+        return this.createBabyJubJubIdentity(opts);
+      case KmsKeyType.Secp256k1:
+        return this.createEthereumIdentity(opts);
+      default:
+        throw new Error(`Invalid KmsKeyType ${opts.keyType}`);
+    }
+  }
 
+  private async createAuthCoreClaim(
+    revNonce: number,
+    seed: Uint8Array
+  ): Promise<{ authClaim: Claim; pubKey: PublicKey }> {
+    const keyId = await this._kms.createKeyFromSeed(KmsKeyType.BabyJubJub, seed);
     const pubKeyHex = await this._kms.publicKey(keyId);
-
     const pubKey = PublicKey.newFromHex(pubKeyHex);
 
     const schemaHash = SchemaHash.authSchemaHash;
@@ -457,35 +464,23 @@ export class IdentityWallet implements IIdentityWallet {
       ClaimOptions.withIndexDataInts(pubKey.p[0], pubKey.p[1]),
       ClaimOptions.withRevocationNonce(BigInt(0))
     );
-    const revNonce = opts.revocationOpts.nonce ?? 0;
     authClaim.setRevocationNonce(BigInt(revNonce));
 
-    await this._storage.mt.addToMerkleTree(
-      tmpIdentifier,
-      MerkleTreeType.Claims,
-      authClaim.hiHv().hi,
-      authClaim.hiHv().hv
-    );
+    return { authClaim, pubKey };
+  }
 
+  private async createAuthBJJCredential(
+    did: DID,
+    pubKey: PublicKey,
+    authClaim: Claim,
+    currentState: Hash,
+    revocationOpts: { id: string; type: CredentialStatusType }
+  ): Promise<W3CCredential> {
     const claimsTree = await this._storage.mt.getMerkleTreeByIdentifierAndType(
-      tmpIdentifier,
+      did.string(),
       MerkleTreeType.Claims
     );
 
-    const currentState = hashElems([
-      (await claimsTree.root()).bigInt(),
-      ZERO_HASH.bigInt(),
-      ZERO_HASH.bigInt()
-    ]);
-
-    const didType = buildDIDType(opts.method, opts.blockchain, opts.networkId);
-    const identifier = Id.idGenesisFromIdenState(didType, currentState.bigInt());
-    const did = DID.parseFromId(identifier);
-
-    await this._storage.mt.bindMerkleTreeToNewIdentifier(tmpIdentifier, did.string());
-
-    const schema = JSON.parse(VerifiableConstants.AUTH.AUTH_BJJ_CREDENTIAL_SCHEMA_JSON);
-
     const authData = authClaim.getExpirationDate();
     const expiration = authData ? getUnixTimestamp(authData) : 0;
 
@@ -500,13 +495,14 @@ export class IdentityWallet implements IIdentityWallet {
       version: 0,
       expiration,
       revocationOpts: {
-        nonce: revNonce,
-        id: opts.revocationOpts.id.replace(/\/$/, ''),
-        type: opts.revocationOpts.type,
+        nonce: Number(authClaim.getRevocationNonce()),
+        id: revocationOpts.id.replace(/\/$/, ''),
+        type: revocationOpts.type,
         issuerState: currentState.hex()
       }
     };
 
+    const schema = JSON.parse(VerifiableConstants.AUTH.AUTH_BJJ_CREDENTIAL_SCHEMA_JSON);
     let credential: W3CCredential = new W3CCredential();
     try {
       credential = this._credentialWallet.createCredential(did, request, schema);
@@ -535,6 +531,64 @@ export class IdentityWallet implements IIdentityWallet {
 
     credential.proof = [mtpProof];
 
+    return credential;
+  }
+
+  /**
+   *
+   * creates Baby JubJub based identity
+   *
+   * @param {IdentityCreationOptions} opts - options for the creation of the identity
+   * @returns `{did,credential>}` - returns did and Auth BJJ credential
+   */
+  private async createBabyJubJubIdentity(
+    opts: IdentityCreationOptions
+  ): Promise<{ did: DID; credential: W3CCredential }> {
+    const tmpIdentifier = opts.seed ? uuid.v5(Hex.encode(sha256(opts.seed)), uuid.NIL) : uuid.v4();
+
+    opts.method = opts.method ?? DidMethod.Iden3;
+    opts.blockchain = opts.blockchain ?? Blockchain.Polygon;
+    opts.networkId = opts.networkId ?? NetworkId.Aloy;
+    opts.seed = opts.seed ?? getRandomBytes(32);
+
+    await this._storage.mt.createIdentityMerkleTrees(tmpIdentifier);
+
+    const revNonce = opts.revocationOpts.nonce ?? 0;
+
+    const { authClaim, pubKey } = await this.createAuthCoreClaim(revNonce, opts.seed);
+
+    await this._storage.mt.addToMerkleTree(
+      tmpIdentifier,
+      MerkleTreeType.Claims,
+      authClaim.hiHv().hi,
+      authClaim.hiHv().hv
+    );
+
+    const claimsTree = await this._storage.mt.getMerkleTreeByIdentifierAndType(
+      tmpIdentifier,
+      MerkleTreeType.Claims
+    );
+
+    const currentState = hashElems([
+      (await claimsTree.root()).bigInt(),
+      ZERO_HASH.bigInt(),
+      ZERO_HASH.bigInt()
+    ]);
+
+    const didType = buildDIDType(opts.method, opts.blockchain, opts.networkId);
+    const identifier = Id.idGenesisFromIdenState(didType, currentState.bigInt());
+    const did = DID.parseFromId(identifier);
+
+    await this._storage.mt.bindMerkleTreeToNewIdentifier(tmpIdentifier, did.string());
+
+    const credential = await this.createAuthBJJCredential(
+      did,
+      pubKey,
+      authClaim,
+      currentState,
+      opts.revocationOpts
+    );
+
     await this.publishRevocationInfoByCredentialStatusType(did, opts.revocationOpts.type, {
       rhsUrl: opts.revocationOpts.id,
       onChain: opts.revocationOpts.onChain
@@ -555,6 +609,101 @@ export class IdentityWallet implements IIdentityWallet {
     };
   }
 
+  /**
+   *
+   * creates Ethereum based identity
+   *
+   * @param {IdentityCreationOptions} opts - options for the creation of the identity
+   * @returns `{did,credential>}` - returns did and Auth BJJ credential
+   */
+  private async createEthereumIdentity(
+    opts: IdentityCreationOptions
+  ): Promise<{ did: DID; credential: W3CCredential }> {
+    opts.method = opts.method ?? DidMethod.Iden3;
+    opts.blockchain = opts.blockchain ?? Blockchain.Polygon;
+    opts.networkId = opts.networkId ?? NetworkId.Aloy;
+    opts.seed = opts.seed ?? getRandomBytes(32);
+
+    const proofService = opts.proofService;
+    const ethSigner = opts.ethSigner;
+
+    const currentState = ZERO_HASH; // In Ethereum identities we don't have an initial state with the auth credential
+
+    const didType = buildDIDType(opts.method, opts.blockchain, opts.networkId);
+
+    const keyIdEth = await this._kms.createKeyFromSeed(KmsKeyType.Secp256k1, opts.seed);
+    const pubKeyHexEth = (await this._kms.publicKey(keyIdEth)).slice(2); // 04 + x + y (uncompressed key)
+    const did = buildDIDFromEthPubKey(didType, pubKeyHexEth);
+
+    await this._storage.mt.createIdentityMerkleTrees(did.string());
+
+    await this._storage.identity.saveIdentity({
+      did: did.string(),
+      state: currentState,
+      isStatePublished: false,
+      isStateGenesis: true
+    });
+
+    // Add Auth BJJ credential after saving identity for Ethereum identities
+    const { authClaim, pubKey } = await this.createAuthCoreClaim(
+      opts.revocationOpts.nonce ?? 0,
+      opts.seed
+    );
+
+    await this._storage.mt.addToMerkleTree(
+      did.string(),
+      MerkleTreeType.Claims,
+      authClaim.hiHv().hi,
+      authClaim.hiHv().hv
+    );
+
+    const claimsTree = await this._storage.mt.getMerkleTreeByIdentifierAndType(
+      did.string(),
+      MerkleTreeType.Claims
+    );
+
+    const stateAuthClaim = hashElems([
+      (await claimsTree.root()).bigInt(),
+      ZERO_HASH.bigInt(),
+      ZERO_HASH.bigInt()
+    ]);
+
+    const credential = await this.createAuthBJJCredential(
+      did,
+      pubKey,
+      authClaim,
+      stateAuthClaim,
+      opts.revocationOpts
+    );
+
+    // Old tree state genesis state
+    const oldTreeState: TreeState = {
+      revocationRoot: ZERO_HASH,
+      claimsRoot: ZERO_HASH,
+      state: currentState,
+      rootOfRoots: ZERO_HASH
+    };
+
+    if (!proofService) {
+      throw new Error('Proof service is required to create Ethereum identities');
+    }
+
+    // Mandatory transit state after adding auth credential in Ethereum identities
+    await proofService?.transitState(did, oldTreeState, true, this._storage.states, ethSigner);
+
+    await this.publishRevocationInfoByCredentialStatusType(did, opts.revocationOpts.type, {
+      rhsUrl: opts.revocationOpts.id,
+      onChain: opts.revocationOpts.onChain
+    });
+
+    await this._credentialWallet.save(credential);
+
+    return {
+      did,
+      credential
+    };
+  }
+
   /** {@inheritDoc IIdentityWallet.getGenesisDIDMetadata} */
   async getGenesisDIDMetadata(did: DID): Promise<{ nonce: number; genesisDID: DID }> {
     // check if it is a genesis identity

diff --git a/src/kms/key-providers/sec256k1-provider.ts b/src/kms/key-providers/sec256k1-provider.ts
@@ -42,7 +42,7 @@ export class Sec256k1Provider implements IKeyProvider {
     const keyPair = this._ec.keyFromPrivate(seed);
     const kmsId = {
       type: this.keyType,
-      id: providerHelpers.keyPath(this.keyType, keyPair.getPublic().encode('hex', false))
+      id: providerHelpers.keyPath(this.keyType, keyPair.getPublic().encode('hex', false)) // 04 + x + y (uncompressed key)
     };
     await this._keyStore.importKey({ alias: kmsId.id, key: keyPair.getPrivate().toString('hex') });
 
@@ -56,7 +56,7 @@ export class Sec256k1Provider implements IKeyProvider {
    */
   async publicKey(keyId: KmsKeyId): Promise<string> {
     const privateKeyHex = await this.privateKey(keyId);
-    return this._ec.keyFromPrivate(privateKeyHex, 'hex').getPublic().encode('hex', false);
+    return this._ec.keyFromPrivate(privateKeyHex, 'hex').getPublic().encode('hex', false); // 04 + x + y (uncompressed key)
   }
 
   /**