diff --git a/contracts/hardhat.config.ts b/contracts/hardhat.config.ts index 89f1ef2d3..a5ffaf728 100644 --- a/contracts/hardhat.config.ts +++ b/contracts/hardhat.config.ts @@ -76,10 +76,10 @@ const config: HardhatUserConfig = { }, }, etherscan: { - apiKey: process.env.ETHERSCAN_API_KEY as string, - // apiKey: { - // "celo-sepolia": process.env.ETHERSCAN_API_KEY as string, - // }, + // apiKey: process.env.ETHERSCAN_API_KEY as string, + apiKey: { + "celo-sepolia": process.env.ETHERSCAN_API_KEY as string, + }, customChains: [ { network: "celo", diff --git a/contracts/ignition/deployments/chain-11142220/deployed_addresses.json b/contracts/ignition/deployments/chain-11142220/deployed_addresses.json index 85593d9e3..a80ca80fe 100644 --- a/contracts/ignition/deployments/chain-11142220/deployed_addresses.json +++ b/contracts/ignition/deployments/chain-11142220/deployed_addresses.json @@ -97,5 +97,12 @@ "DeployHubV2#IdentityVerificationHub": "0x16ECBA51e18a4a7e61fdC417f0d47AFEeDfbed74", "DeployNewHubAndUpgradee#IdentityVerificationHubV2": "0x16ECBA51e18a4a7e61fdC417f0d47AFEeDfbed74", "DeployNewHubAndUpgradee#CustomVerifier": "0x2711E535D68D8B8729a7d126fEb13aEc0fe29A27", - "DeployNewHubAndUpgradee#IdentityVerificationHubImplV2": "0x48985ec4f71cBC8f387c5C77143110018560c7eD" + "DeployNewHubAndUpgradee#IdentityVerificationHubImplV2": "0x48985ec4f71cBC8f387c5C77143110018560c7eD", + "DeployKycRegistryModule#PCR0Manager": "0xf2810D5E9938816D42F0Ae69D33F013a23C0aED2", + "DeployKycRegistryModule#PoseidonT3": "0x163983BAe19dE94A007C6C502b7389F6C359C818", + "DeployKycRegistryModule#Verifier_gcp_jwt": "0x13ee8CEa15a262D81a245b37889F7b4bEd015f4c", + "DeployKycRegistryModule#IdentityRegistryKycImplV1": "0x94f6DE38E10140B9E3963a770B5B769b38459a3B", + "DeployKycRegistryModule#IdentityRegistry": "0x90e907E4AaB6e9bcFB94997Af4A097e8CAadBdf3", + "UpdateAllRegistries#PCR0Manager": "0xf2810D5E9938816D42F0Ae69D33F013a23C0aED2", + "UpdateAllRegistries#a3": "0x90e907E4AaB6e9bcFB94997Af4A097e8CAadBdf3" } diff --git a/contracts/ignition/modules/hub/updateRegistries.ts b/contracts/ignition/modules/hub/updateRegistries.ts index 6468c0a04..29754b337 100644 --- a/contracts/ignition/modules/hub/updateRegistries.ts +++ b/contracts/ignition/modules/hub/updateRegistries.ts @@ -8,13 +8,15 @@ const AttestationId = { E_PASSPORT: "0x0000000000000000000000000000000000000000000000000000000000000001", EU_ID_CARD: "0x0000000000000000000000000000000000000000000000000000000000000002", AADHAAR: "0x0000000000000000000000000000000000000000000000000000000000000003", + KYC: "0x0000000000000000000000000000000000000000000000000000000000000004", }; // Map registry deployment modules to their attestation IDs const registryToAttestationId: Record = { // "DeployRegistryModule#IdentityRegistry": AttestationId.E_PASSPORT, // "DeployIdCardRegistryModule#IdentityRegistry": AttestationId.EU_ID_CARD, - "DeployAadhaarRegistryModule#IdentityRegistry": AttestationId.AADHAAR, + // "DeployAadhaarRegistryModule#IdentityRegistry": AttestationId.AADHAAR, + "DeployKycRegistryModule#IdentityRegistry": AttestationId.KYC, }; const ids = (() => { @@ -61,6 +63,8 @@ export default buildModule("UpdateHubRegistries", (m) => { const hubContract = updateHubRegistries(m, hubAddress, deployedAddresses); + + return { hubContract, }; diff --git a/contracts/ignition/modules/hub/updateVerifiers.ts b/contracts/ignition/modules/hub/updateVerifiers.ts index 1ceb03ea7..51b197658 100644 --- a/contracts/ignition/modules/hub/updateVerifiers.ts +++ b/contracts/ignition/modules/hub/updateVerifiers.ts @@ -9,6 +9,7 @@ const AttestationId = { E_PASSPORT: "0x0000000000000000000000000000000000000000000000000000000000000001", EU_ID_CARD: "0x0000000000000000000000000000000000000000000000000000000000000002", AADHAAR: "0x0000000000000000000000000000000000000000000000000000000000000003", + KYC: "0x0000000000000000000000000000000000000000000000000000000000000004", }; // Circuit type mappings based on circuit names @@ -21,6 +22,8 @@ const getCircuitType = ( return { attestationId: AttestationId.EU_ID_CARD, typeId, circuitType: "register" }; } else if (circuitName === "register_aadhaar") { return { attestationId: AttestationId.AADHAAR, typeId, circuitType: "register" }; + } else if (circuitName === "register_kyc") { + return { attestationId: AttestationId.KYC, typeId, circuitType: "register" }; } else { return { attestationId: AttestationId.E_PASSPORT, typeId, circuitType: "register" }; } @@ -33,6 +36,8 @@ const getCircuitType = ( return { attestationId: AttestationId.EU_ID_CARD, typeId: 0, circuitType: "vc_and_disclose" }; } else if (circuitName === "vc_and_disclose_aadhaar") { return { attestationId: AttestationId.AADHAAR, typeId: 0, circuitType: "vc_and_disclose" }; + } else if (circuitName === "vc_and_disclose_kyc") { + return { attestationId: AttestationId.KYC, typeId: 0, circuitType: "vc_and_disclose" }; } else { return { attestationId: AttestationId.E_PASSPORT, typeId: 0, circuitType: "vc_and_disclose" }; } diff --git a/contracts/ignition/modules/registry/deployKycRegistry.ts b/contracts/ignition/modules/registry/deployKycRegistry.ts new file mode 100644 index 000000000..4c98e0b47 --- /dev/null +++ b/contracts/ignition/modules/registry/deployKycRegistry.ts @@ -0,0 +1,52 @@ +import { buildModule } from "@nomicfoundation/hardhat-ignition/modules"; +import { artifacts } from "hardhat"; +import { ethers } from "ethers"; + +export default buildModule("DeployKycRegistryModule", (m) => { + // Deploy PoseidonT3 + console.log("📚 Deploying PoseidonT3 library..."); + const poseidonT3 = m.library("PoseidonT3"); + + console.log("🏗️ Deploying IdentityRegistryKycImplV1 implementation..."); + // Deploy IdentityRegistryImplV1 + const identityRegistryKycImpl = m.contract("IdentityRegistryKycImplV1", [], { + libraries: { PoseidonT3: poseidonT3 }, + }); + + console.log("⚙️ Preparing registry initialization data..."); + // Get the interface and encode the initialize function call + const registryInterface = getRegistryInitializeData(); + + const registryInitData = registryInterface.encodeFunctionData("initialize", [ethers.ZeroAddress, ethers.ZeroAddress]); + console.log(" Init data:", registryInitData); + + console.log("🚀 Deploying IdentityRegistry proxy..."); + // Deploy the proxy contract with the implementation address and initialization data + const registry = m.contract("IdentityRegistry", [identityRegistryKycImpl, registryInitData]); + + const gcpKycVerifier = m.contract("Verifier_gcp_jwt", []); + + const pcr0Manager = m.contract("PCR0Manager", []); + + console.log("✅ Registry deployment module setup complete!"); + console.log(" 📋 Summary:"); + console.log(" - PoseidonT3: Library"); + console.log(" - IdentityRegistryKycImplV1: Implementation contract"); + console.log(" - IdentityRegistry: Proxy contract"); + console.log(" - Verifier_gcp_jwt: GCP JWT verifier contract"); + console.log(" - PCR0Manager: PCR0Manager contract"); + + return { + poseidonT3, + identityRegistryKycImpl, + registry, + gcpKycVerifier, + pcr0Manager, + }; +}); + +function getRegistryInitializeData() { + const registryArtifact = artifacts.readArtifactSync("IdentityRegistryKycImplV1"); + const registryInterface = new ethers.Interface(registryArtifact.abi); + return registryInterface; +} diff --git a/contracts/ignition/modules/registry/updateRegistries.ts b/contracts/ignition/modules/registry/updateRegistries.ts index 0cfaaa572..29a89d0c8 100644 --- a/contracts/ignition/modules/registry/updateRegistries.ts +++ b/contracts/ignition/modules/registry/updateRegistries.ts @@ -19,18 +19,29 @@ const registries = { // hub: "0x16ECBA51e18a4a7e61fdC417f0d47AFEeDfbed74", // cscaRoot: "13859398115974385161464830211947258005860166431741677064758266112192747818198", // }, - "DeployAadhaarRegistryModule#IdentityRegistry": { + // "DeployAadhaarRegistryModule#IdentityRegistry": { + // shouldChange: true, + // nameAndDobOfac: "4183822562579010781434914867177251983368244626022840551534475857364967864437", + // nameAndYobOfac: "14316795765689804800341464910235935757494922653038299433675973925727164473934", + // hub: "0xe57F4773bd9c9d8b6Cd70431117d353298B9f5BF", + // pubkeyCommitments: [ + // "5648956411273136337349787488442520720416229937879112788241850936049694492145", + // "18304035373718681408213540837772113004961405604264885188535510276454415833542", + // "3099763118716361008062312602688327679110629275746483297740895929951765195538", + // "5960616419594750988984019912914733527854225713611991429799390436159340745422", + // "1312086597361744268424404341813751658452218312204370523713186983060138886330", + // ], + // }, + "DeployKycRegistryModule#IdentityRegistry": { shouldChange: true, - nameAndDobOfac: "4183822562579010781434914867177251983368244626022840551534475857364967864437", - nameAndYobOfac: "14316795765689804800341464910235935757494922653038299433675973925727164473934", - hub: "0xe57F4773bd9c9d8b6Cd70431117d353298B9f5BF", - pubkeyCommitments: [ - "5648956411273136337349787488442520720416229937879112788241850936049694492145", - "18304035373718681408213540837772113004961405604264885188535510276454415833542", - "3099763118716361008062312602688327679110629275746483297740895929951765195538", - "5960616419594750988984019912914733527854225713611991429799390436159340745422", - "1312086597361744268424404341813751658452218312204370523713186983060138886330", - ], + hub: "0x16ECBA51e18a4a7e61fdC417f0d47AFEeDfbed74", + nameAndDobOfac: "12056959379782485690824392224737824782985009863971097094085968061978428696483", + nameAndYobOfac: "14482015433179009576094845155298164108788397224633034095648782513909282765564", + onlyTEEAddress: "0xe6b2856a51a17bd4edeb88b3f74370d64475b0fc", + gcpJWTVerifier: "0x13ee8CEa15a262D81a245b37889F7b4bEd015f4c", + pcr0Manager: "0xf2810D5E9938816D42F0Ae69D33F013a23C0aED2", + imageDigest: "0x67368d91dc708dee7be8fd9d85eff1fce3181e6e5b9fdfa37fc2d99034ea88e6", + gcpRootCAPubkeyHash: "14165687497759817957828709957846495993787741657460065475757428560999622217191" }, }; @@ -40,6 +51,7 @@ function getImplementationName(registryModule: string): string { "DeployRegistryModule#IdentityRegistry": "IdentityRegistryImplV1", "DeployIdCardRegistryModule#IdentityRegistry": "IdentityRegistryIdCardImplV1", "DeployAadhaarRegistryModule#IdentityRegistry": "IdentityRegistryAadhaarImplV1", + "DeployKycRegistryModule#IdentityRegistry": "IdentityRegistryKycImplV1", }; return implMap[registryModule] || "IdentityRegistryImplV1"; @@ -70,51 +82,79 @@ export function handleRegistryDeployment( let currentOperation: any = registryContract; - if (registryData.shouldChange) { - // Update hub for all registries - if (registryData.hub) { - const callOptions = { after: [currentOperation], id: ids() }; - currentOperation = m.call(registryContract, "updateHub", [registryData.hub], callOptions); - } + if (!registryData.shouldChange) { + return { registryContract, lastOperation: currentOperation }; + } - if (registryData.cscaRoot) { - const callOptions = { after: [currentOperation], id: ids() }; - currentOperation = m.call(registryContract, "updateCscaRoot", [registryData.cscaRoot], callOptions); - } + // Update hub for all registries + if (registryData.hub) { + const callOptions = { after: [currentOperation], id: ids() }; + currentOperation = m.call(registryContract, "updateHub", [registryData.hub], callOptions); + } - if (registryData.passportNoOfac) { - const callOptions = { after: [currentOperation], id: ids() }; - currentOperation = m.call( - registryContract, - "updatePassportNoOfacRoot", - [registryData.passportNoOfac], - callOptions, - ); - } - if (registryData.nameAndDobOfac) { - const callOptions = { after: [currentOperation], id: ids() }; - currentOperation = m.call( - registryContract, - "updateNameAndDobOfacRoot", - [registryData.nameAndDobOfac], - callOptions, - ); - } - if (registryData.nameAndYobOfac) { - const callOptions = { after: [currentOperation], id: ids() }; - currentOperation = m.call( - registryContract, - "updateNameAndYobOfacRoot", - [registryData.nameAndYobOfac], - callOptions, - ); - } + if (registryData.cscaRoot) { + const callOptions = { after: [currentOperation], id: ids() }; + currentOperation = m.call(registryContract, "updateCscaRoot", [registryData.cscaRoot], callOptions); + } - if (registryData.pubkeyCommitments && registryData.pubkeyCommitments.length > 0) { - for (const pubkeyCommitment of registryData.pubkeyCommitments) { - const callOptions = { after: [currentOperation], id: ids() }; - currentOperation = m.call(registryContract, "registerUidaiPubkeyCommitment", [pubkeyCommitment], callOptions); - } + if (registryData.passportNoOfac) { + const callOptions = { after: [currentOperation], id: ids() }; + currentOperation = m.call( + registryContract, + "updatePassportNoOfacRoot", + [registryData.passportNoOfac], + callOptions, + ); + } + if (registryData.nameAndDobOfac) { + const callOptions = { after: [currentOperation], id: ids() }; + currentOperation = m.call( + registryContract, + "updateNameAndDobOfacRoot", + [registryData.nameAndDobOfac], + callOptions, + ); + } + if (registryData.nameAndYobOfac) { + const callOptions = { after: [currentOperation], id: ids() }; + currentOperation = m.call( + registryContract, + "updateNameAndYobOfacRoot", + [registryData.nameAndYobOfac], + callOptions, + ); + } + + if (registryData.gcpRootCAPubkeyHash) { + const callOptions = { after: [currentOperation], id: ids() }; + currentOperation = m.call(registryContract, "updateGCPRootCAPubkeyHash", [registryData.gcpRootCAPubkeyHash], callOptions); + } + + if (registryData.pubkeyCommitments && registryData.pubkeyCommitments.length > 0) { + for (const pubkeyCommitment of registryData.pubkeyCommitments) { + const callOptions = { after: [currentOperation], id: ids() }; + currentOperation = m.call(registryContract, "registerUidaiPubkeyCommitment", [pubkeyCommitment], callOptions); + } + } + + if (registryData.onlyTEEAddress) { + const callOptions = { after: [currentOperation], id: ids() }; + currentOperation = m.call(registryContract, "updateTEE", [registryData.onlyTEEAddress], callOptions); + } + + if (registryData.gcpJWTVerifier) { + const callOptions = { after: [currentOperation], id: ids() }; + currentOperation = m.call(registryContract, "updateGCPJWTVerifier", [registryData.gcpJWTVerifier], callOptions); + } + + if (registryData.pcr0Manager) { + const callOptions = { after: [currentOperation], id: ids() }; + currentOperation = m.call(registryContract, "updatePCR0Manager", [registryData.pcr0Manager], callOptions); + + if (registryData.imageDigest) { + const callOptions = { after: [currentOperation], id: ids() }; + const pcr0Manager = m.contractAt("PCR0Manager", registryData.pcr0Manager); + currentOperation = m.call(pcr0Manager, "addPCR0", [registryData.imageDigest], callOptions); } } diff --git a/contracts/ignition/modules/verifiers/deployAllVerifiers.ts b/contracts/ignition/modules/verifiers/deployAllVerifiers.ts index 3b04995ae..3ee301c18 100644 --- a/contracts/ignition/modules/verifiers/deployAllVerifiers.ts +++ b/contracts/ignition/modules/verifiers/deployAllVerifiers.ts @@ -55,6 +55,7 @@ export type CircuitName = | "register_id_sha512_sha512_sha512_rsa_65537_4096" | "register_id_sha512_sha512_sha512_rsapss_65537_64_2048" | "register_aadhaar" + | "register_kyc" | "register_sha1_sha1_sha1_rsa_64321_4096" | "register_sha256_sha1_sha1_rsa_65537_4096" | "register_sha256_sha256_sha256_rsapss_65537_32_4096" @@ -86,7 +87,8 @@ export type CircuitName = | "dsc_sha256_rsa_56611_4096" | "vc_and_disclose" | "vc_and_disclose_id" - | "vc_and_disclose_aadhaar"; + | "vc_and_disclose_aadhaar" + | "vc_and_disclose_kyc"; // Record mapping circuit names to numbers export const circuitIds: Record = { @@ -148,6 +150,7 @@ export const circuitIds: Record = { register_sha256_sha256_sha256_rsapss_65537_32_4096: [true, 55], register_id_sha512_sha512_sha256_rsapss_65537_32_2048: [true, 56], register_sha512_sha512_sha256_rsapss_65537_32_2048: [true, 57], + register_kyc: [true, 58], dsc_sha1_ecdsa_brainpoolP256r1: [true, 0], dsc_sha1_rsa_65537_4096: [true, 1], @@ -177,6 +180,7 @@ export const circuitIds: Record = { vc_and_disclose: [true, 24], vc_and_disclose_id: [true, 25], vc_and_disclose_aadhaar: [true, 26], + vc_and_disclose_kyc: [true, 27], }; export default buildModule("DeployAllVerifiers", (m) => {