Merge pull request #120 from iden3/fix/profile-and-state-checks

Fix profile and state checks
iden3 · Jan 6, 2024 · 1462c0f · 1462c0f
2 parents 2cb1704 + 57b4e1d
commit 1462c0f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/circuits/offchain/credentialAtomicQueryV3OffChain.circom b/circuits/offchain/credentialAtomicQueryV3OffChain.circom
@@ -187,9 +187,15 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySi
         treeRoot <== issuerClaimNonRevRevTreeRoot
     ); // 11763 constraints
 
+    // check issuer non revocation state only if we need it:
+    // 1. if Sig proof is provided we need to check non revocation of authClaim always
+    // AND non revocation of issuerClaim only if isRevocationChecked = 1
+    // 2. if MTP proof is provided we need to check non revocation of claim only if isRevocationChecked = 1
+    signal checkIssuerClaimNonRevState <== OR()(isSig, isRevocationChecked);
+
     // verify issuer state for claim non-revocation proof
     checkIdenStateMatchesRoots()(
-        one,
+        checkIssuerClaimNonRevState,
         issuerClaimNonRevClaimsTreeRoot,
         issuerClaimNonRevRevTreeRoot,
         issuerClaimNonRevRootsTreeRoot,

diff --git a/circuits/onchain/credentialAtomicQueryV3OnChain.circom b/circuits/onchain/credentialAtomicQueryV3OnChain.circom
@@ -173,6 +173,8 @@ template credentialAtomicQueryV3OnChain(issuerLevels, claimLevels, valueArraySiz
     // Auth check
     /////////////////////////////////////////////////////////////////
 
+    ForceEqualIfEnabled()(NOT()(authEnabled), [profileNonce, 0]);
+
     checkAuthV2(idOwnershipLevels, onChainLevels)(
         authEnabled, // enabled
         userGenesisID,