add dsc modulus check in dsc.circom

circuits/circuits/dsc.circom

@@ -5,20 +5,21 @@ include "circomlib/circuits/poseidon.circom";
 include "@zk-email/circuits/helpers/rsa.circom";
 include "@zk-email/circuits/helpers/extract.circom";
 include "@zk-email/circuits/helpers/sha.circom";
-// include "./utils/Sha256BytesStatic.circom";
 
-template DSC(max_cert_bytes, n, k) {
+template DSC(max_cert_bytes, n, k,l) {
     signal input raw_dsc_cert[max_cert_bytes]; 
     signal input message_padded_bytes;
     signal input modulus[k];
     signal input signature[k];
+    signal input dsc_modulus[l];
+    signal input start_index;
 
-    // ======== Variables Verification ========
+    // variables verification
     assert(max_cert_bytes % 64 == 0);
     assert(n * k > 2048);
     assert(n < (255 \ 2));
 
-    // ======== Hash Raw TBS Certificate ========
+    // hash raw TBS certificate
     signal sha[256] <== Sha256Bytes(max_cert_bytes)(raw_dsc_cert, message_padded_bytes);
 
     var msg_len = (256+n)\n;
@@ -33,7 +34,7 @@ template DSC(max_cert_bytes, n, k) {
         base_msg[i\n].in[i%n] <== 0;
     }
 
-    // ======== Verify RSA Signature ========
+    // verify RSA signature
     component rsa = RSAVerify65537(n, k);
     for (var i = 0; i < msg_len; i++) {
         rsa.base_message[i] <== base_msg[i].out;
@@ -48,6 +49,12 @@ template DSC(max_cert_bytes, n, k) {
         rsa.signature[i] <== signature[i];
     }
 
+    // verify DSC modulus
+    component shiftLeft = VarShiftLeft(2048, l);
+    shiftLeft.in <== raw_dsc_cert;
+    shiftLeft.shift <== start_index;
+    shiftLeft.out === dsc_modulus;
+
 }
 
-component main = DSC(2048, 121, 17);
+component main = DSC(2048, 121, 17, 256);

circuits/test/dsc.test.ts

@@ -5,6 +5,7 @@ import path from 'path';
 const wasm_tester = require("circom_tester").wasm;
 import { splitToWords } from '../../common/src/utils/utils';
 import { sha256Pad } from '../../common/src/utils/shaPad';
+import { findStartIndex } from '../../common/src/utils/csca';
 
 describe('DSC chain certificate', function () {
     this.timeout(0); // Disable timeout
@@ -43,13 +44,17 @@ describe('DSC chain certificate', function () {
     const dsc_tbsCertificateListOfBytes = Array.from(dsc_tbsCertificateBuffer).map(byte => BigInt(byte).toString());
     const dsc_tbsCertificateUint8Array = Uint8Array.from(dsc_tbsCertificateListOfBytes.map(byte => parseInt(byte)));
     const [dsc_message_padded, dsc_messagePaddedLen] = sha256Pad(dsc_tbsCertificateUint8Array, max_cert_bytes);
+    const [dsc_modulus_numArray, startIndex] = findStartIndex(dsc_modulus, dsc_message_padded);
 
+    assert(startIndex !== -1, "Modulus not found in message padded");
 
     const inputs = {
         raw_dsc_cert: Array.from(dsc_message_padded).map((x) => x.toString()),
         message_padded_bytes: BigInt(dsc_messagePaddedLen).toString(),
         modulus: csca_modulus_formatted,
         signature: dsc_signature_formatted,
+        start_index: startIndex.toString(),
+        dsc_modulus: dsc_modulus_numArray.map(x => x.toString()),
     }
     console.log("inputs:", inputs);
 
@@ -63,6 +68,7 @@ describe('DSC chain certificate', function () {
             }
         );
     });
+
     it('check inputs', () => {
         expect(inputs.raw_dsc_cert.length).to.equal(max_cert_bytes);
         expect(inputs.modulus.length).to.equal(k);
@@ -89,5 +95,4 @@ describe('DSC chain certificate', function () {
         console.log(witness);
     })
 
-})
-
+})

common/src/utils/csca.ts

@@ -0,0 +1,31 @@
+
+export function findStartIndex(modulus: string, messagePadded: Uint8Array): [number[], number] {
+    const modulusNumArray = [];
+    for (let i = 0; i < modulus.length; i += 2) {
+        const hexPair = modulus.slice(i, i + 2);
+        const number = parseInt(hexPair, 16);
+        modulusNumArray.push(number);
+    }
+    const messagePaddedNumber = [];
+    for (let i = 0; i < messagePadded.length; i += 1) {
+        const number = Number(messagePadded[i]);
+        messagePaddedNumber.push(number);
+    }
+    let startIndex = -1;
+    for (let i = 0; i <= messagePaddedNumber.length; i++) {
+        if (modulusNumArray[0] === messagePaddedNumber[i]) {
+            for (let j = 0; j < modulusNumArray.length; j++) {
+                if (modulusNumArray[j] !== messagePaddedNumber[i + j]) {
+                    console.log("NOT MODULUS");
+                    break;
+                }
+                else if (j === modulusNumArray.length - 1) {
+                    console.log("IS MODULUS");
+                    startIndex = i;
+                }
+            }
+            break;
+        }
+    }
+    return [modulusNumArray, startIndex];
+}