mirror of
https://github.com/selfxyz/self.git
synced 2026-04-27 03:01:15 -04:00
add dg1_hash_offset to sha1 circuit
This commit is contained in:
0xturboblitz
@@ -1,16 +1,20 @@
|
||||
pragma circom 2.1.5;
|
||||
|
||||
include "./utils/rsaPkcs1.circom";
|
||||
include "@zk-email/circuits/helpers/extract.circom";
|
||||
include "@zk-email/circuits/utils/bytes.circom";
|
||||
include "./utils/Sha1BytesStatic.circom";
|
||||
include "./utils/Sha1Bytes.circom";
|
||||
include "dmpierre/sha1-circom/circuits/sha1.circom";
|
||||
|
||||
template PassportVerifier_sha1WithRSAEncryption_65537(n, k, max_datahashes_bytes) {
|
||||
var hashLen = 20;
|
||||
var eContentBytesLength = 72 + hashLen; // 92
|
||||
|
||||
signal input mrz[93]; // formatted mrz (5 + 88) chars
|
||||
signal input dg1_hash_offset;
|
||||
signal input dataHashes[max_datahashes_bytes];
|
||||
signal input datahashes_padded_length;
|
||||
signal input eContentBytes[92];
|
||||
signal input eContentBytes[eContentBytesLength];
|
||||
|
||||
// pubkey that signed the passport
|
||||
signal input pubkey[k];
|
||||
@@ -22,10 +26,10 @@ template PassportVerifier_sha1WithRSAEncryption_65537(n, k, max_datahashes_bytes
|
||||
signal mrzSha[160] <== Sha1BytesStatic(93)(mrz);
|
||||
|
||||
// mrzSha_bytes: list of 32 Bits2Num
|
||||
component mrzSha_bytes[20];
|
||||
component mrzSha_bytes[hashLen];
|
||||
|
||||
// cast the 160 bits from mrzSha into a list of 32 bytes
|
||||
for (var i = 0; i < 20; i++) {
|
||||
// cast the 160 bits from mrzSha into a list of 20 bytes
|
||||
for (var i = 0; i < hashLen; i++) {
|
||||
mrzSha_bytes[i] = Bits2Num(8);
|
||||
|
||||
for (var j = 0; j < 8; j++) {
|
||||
@@ -33,17 +37,18 @@ template PassportVerifier_sha1WithRSAEncryption_65537(n, k, max_datahashes_bytes
|
||||
}
|
||||
}
|
||||
|
||||
// assert mrz_hash equals the one extracted from dataHashes input (bytes 32 to 52)
|
||||
for(var i = 0; i < 20; i++) {
|
||||
dataHashes[31 + i] === mrzSha_bytes[i].out;
|
||||
// assert mrz_hash equals the one extracted from dataHashes input (bytes dg1_hash_offset to dg1_hash_offset + hashLen)
|
||||
signal dg1Hash[hashLen] <== SelectSubArray(max_datahashes_bytes, hashLen)(dataHashes, dg1_hash_offset, hashLen);
|
||||
for(var i = 0; i < hashLen; i++) {
|
||||
dg1Hash[i] === mrzSha_bytes[i].out;
|
||||
}
|
||||
|
||||
// hash dataHashes dynamically
|
||||
signal dataHashesSha[160] <== Sha1Bytes(max_datahashes_bytes)(dataHashes, datahashes_padded_length);
|
||||
|
||||
// get output of dataHashes 160 into bytes to check against eContent
|
||||
component dataHashesSha_bytes[20];
|
||||
for (var i = 0; i < 20; i++) {
|
||||
// get output of dataHashes into bytes to check against eContent
|
||||
component dataHashesSha_bytes[hashLen];
|
||||
for (var i = 0; i < hashLen; i++) {
|
||||
dataHashesSha_bytes[i] = Bits2Num(8);
|
||||
for (var j = 0; j < 8; j++) {
|
||||
dataHashesSha_bytes[i].in[7 - j] <== dataHashesSha[i * 8 + j];
|
||||
@@ -51,22 +56,19 @@ template PassportVerifier_sha1WithRSAEncryption_65537(n, k, max_datahashes_bytes
|
||||
}
|
||||
|
||||
// assert dataHashesSha is in eContentBytes in range bytes 72 to 92
|
||||
for(var i = 0; i < 20; i++) {
|
||||
// log(dataHashesSha_bytes[i].out);
|
||||
|
||||
eContentBytes[72 + i] === dataHashesSha_bytes[i].out;
|
||||
for(var i = 0; i < hashLen; i++) {
|
||||
eContentBytes[eContentBytesLength - hashLen + i] === dataHashesSha_bytes[i].out;
|
||||
}
|
||||
|
||||
// hash eContentBytes
|
||||
signal eContentSha[160] <== Sha1BytesStatic(92)(eContentBytes);
|
||||
signal eContentSha[160] <== Sha1BytesStatic(eContentBytesLength)(eContentBytes);
|
||||
|
||||
// get output of eContentBytes sha1 into k chunks of n bits each
|
||||
var msg_len = (160 + n) \ n;
|
||||
|
||||
//eContentHash: list of length 160/n +1 of components of n bits
|
||||
//eContentHash: list of length 160/n +1 of components of n bits
|
||||
component eContentHash[msg_len];
|
||||
for (var i = 0; i < msg_len; i++) {
|
||||
//instantiate each component of the list of Bits2Num of size n
|
||||
eContentHash[i] = Bits2Num(n);
|
||||
}
|
||||
|
||||
@@ -79,10 +81,8 @@ template PassportVerifier_sha1WithRSAEncryption_65537(n, k, max_datahashes_bytes
|
||||
}
|
||||
|
||||
// verify eContentHash signature
|
||||
// component rsa = RSAVerify65537(64, 32);
|
||||
component rsa = RSAVerify65537(n, k);
|
||||
|
||||
|
||||
for (var i = 0; i < msg_len; i++) {
|
||||
rsa.base_message[i] <== eContentHash[i].out;
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
pragma circom 2.1.5;
|
||||
|
||||
include "circomlib/circuits/poseidon.circom";
|
||||
include "@zk-email/circuits/helpers/extract.circom";
|
||||
include "@zk-email/circuits/utils/bytes.circom";
|
||||
include "./passport_verifier_sha1WithRSAEncryption_65537.circom";
|
||||
include "./utils/chunk_data.circom";
|
||||
include "./utils/compute_pubkey_leaf.circom";
|
||||
@@ -11,6 +11,7 @@ template Register_sha1WithRSAEncryption_65537(n, k, max_datahashes_bytes, nLevel
|
||||
signal input secret;
|
||||
|
||||
signal input mrz[93];
|
||||
signal input dg1_hash_offset;
|
||||
signal input econtent[max_datahashes_bytes];
|
||||
signal input datahashes_padded_length;
|
||||
signal input signed_attributes[92];
|
||||
@@ -31,6 +32,7 @@ template Register_sha1WithRSAEncryption_65537(n, k, max_datahashes_bytes, nLevel
|
||||
// Verify passport validity
|
||||
component PV = PassportVerifier_sha1WithRSAEncryption_65537(n, k, max_datahashes_bytes);
|
||||
PV.mrz <== mrz;
|
||||
PV.dg1_hash_offset <== dg1_hash_offset;
|
||||
PV.dataHashes <== econtent;
|
||||
PV.datahashes_padded_length <== datahashes_padded_length;
|
||||
PV.eContentBytes <== signed_attributes;
|
||||
@@ -43,7 +45,7 @@ template Register_sha1WithRSAEncryption_65537(n, k, max_datahashes_bytes, nLevel
|
||||
poseidon_hasher.inputs[1] <== attestation_id;
|
||||
poseidon_hasher.inputs[2] <== leaf;
|
||||
|
||||
signal mrz_packed[3] <== PackBytes(93, 3, 31)(mrz);
|
||||
signal mrz_packed[3] <== PackBytes(93)(mrz);
|
||||
for (var i = 0; i < 3; i++) {
|
||||
poseidon_hasher.inputs[i + 3] <== mrz_packed[i];
|
||||
}
|
||||
|
||||
@@ -1,7 +1,10 @@
|
||||
pragma circom 2.1.5;
|
||||
|
||||
include "@zk-email/circuits/helpers/utils.circom";
|
||||
include "dmpierre/sha1-circom/circuits/sha1compression.circom";
|
||||
include "circomlib/circuits/bitify.circom";
|
||||
include "circomlib/circuits/comparators.circom";
|
||||
include "circomlib/circuits/mimcsponge.circom";
|
||||
include "@zk-email/circuits/lib/fp.circom";
|
||||
|
||||
//Adapted from @zk-email/circuits/helpers/sha.circom
|
||||
template Sha1Bytes(max_num_bytes) {
|
||||
@@ -33,7 +36,7 @@ template Sha1Bytes(max_num_bytes) {
|
||||
//Sha1 template from https://github.com/dmpierre/sha1-circom/blob/fe18319cf72b9f3b83d0cea8f49a1f04482c125b/circuits/sha1.circom
|
||||
template Sha1General(maxBitsPadded) {
|
||||
assert(maxBitsPadded % 512 == 0);
|
||||
var maxBitsPaddedBits = log2_ceil(maxBitsPadded);
|
||||
var maxBitsPaddedBits = log2Ceil(maxBitsPadded);
|
||||
assert(2 ** maxBitsPaddedBits > maxBitsPadded);
|
||||
|
||||
signal input paddedIn[maxBitsPadded];
|
||||
@@ -46,7 +49,7 @@ template Sha1General(maxBitsPadded) {
|
||||
var j;
|
||||
var maxBlocks;
|
||||
maxBlocks = (maxBitsPadded\512);
|
||||
var maxBlocksBits = log2_ceil(maxBlocks);
|
||||
var maxBlocksBits = log2Ceil(maxBlocks);
|
||||
assert(2 ** maxBlocksBits > maxBlocks);
|
||||
|
||||
inBlockIndex <-- (in_len_padded_bits >> 9);
|
||||
@@ -105,7 +108,7 @@ template Sha1General(maxBitsPadded) {
|
||||
}
|
||||
|
||||
for (i =0; i < 160; i++) {
|
||||
arraySelectors[i] = QuinSelector(maxBlocks, maxBlocksBits);
|
||||
arraySelectors[i] = ItemAtIndex(maxBlocks);
|
||||
for (j=0; j<maxBlocks; j++) {
|
||||
arraySelectors[i].in[j] <== outs[j][i];
|
||||
}
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
pragma circom 2.1.5;
|
||||
|
||||
include "@zk-email/circuits/helpers/fp.circom";
|
||||
|
||||
include "@zk-email/circuits/lib/fp.circom";
|
||||
|
||||
// Computes base^65537 mod modulus
|
||||
// Does not necessarily reduce fully mod modulus (the answer could be
|
||||
|
||||
Reference in New Issue
Block a user