add and fix 521 instances

2026-01-09 14:48:06 -05:00 · 2025-03-08 19:36:03 -08:00
parent 9d403a5355
commit 5cea47e35f
7 changed files with 45 additions and 13 deletions
--- a/circuits/circuits/dsc/instances/dsc_sha256_ecdsa_secp521r1.circom
+++ b/circuits/circuits/dsc/instances/dsc_sha256_ecdsa_secp521r1.circom
@@ -0,0 +1,5 @@
+pragma circom 2.1.9;
+
+include "../dsc.circom";
+
+component main { public [ merkle_root] } = DSC(40, 66, 8);
--- a/circuits/circuits/dsc/instances/dsc_sha512_ecdsa_secp521r1.circom
+++ b/circuits/circuits/dsc/instances/dsc_sha512_ecdsa_secp521r1.circom
@@ -0,0 +1,5 @@
+pragma circom 2.1.9;
+
+include "../dsc.circom";
+
+component main { public [ merkle_root] } = DSC(41, 66, 8);
--- a/circuits/circuits/register/instances/register_sha512_sha512_sha512_ecdsa_secp521r1.circom
+++ b/circuits/circuits/register/instances/register_sha512_sha512_sha512_ecdsa_secp521r1.circom
@@ -2,4 +2,4 @@ pragma circom 2.1.9;

 include "../register.circom";

-component main { public [ merkle_root ] } = REGISTER(512, 512, 41, 64, 8, 896, 256);
+component main { public [ merkle_root ] } = REGISTER(512, 512, 41, 66, 8, 896, 256);
--- a/circuits/circuits/utils/passport/signatureAlgorithm.circom
+++ b/circuits/circuits/utils/passport/signatureAlgorithm.circom
@@ -221,9 +221,9 @@ function getMinKeyLength(signatureAlgorithm) {
    } else if (signatureAlgorithm == 39) {
        return 4096;
    } else if (signatureAlgorithm == 40) {
-        return 521;
+        return 528;
    } else if (signatureAlgorithm == 41) {
-        return 521;
+        return 528;
    } else if (signatureAlgorithm == 42) {
        return 2048;
    } else if (signatureAlgorithm == 43) {
@@ -485,6 +485,6 @@ function getValidECDSAPrefixes() {
 }

 function prefixIndexToECDSAKeyLength() {
-    var keyLengths[13] = [224, 224, 256, 256, 256, 256, 384, 384, 384, 384, 512, 521, 521];
+    var keyLengths[13] = [224, 224, 256, 256, 256, 256, 384, 384, 384, 384, 512, 528, 528];
    return keyLengths;
 }
--- a/circuits/tests/dsc/test_cases.ts
+++ b/circuits/tests/dsc/test_cases.ts
@@ -49,4 +49,9 @@ export const fullSigAlgs = [
  { sigAlg: 'ecdsa', hashFunction: 'sha256', domainParameter: 'secp256r1', keyLength: '256' },
  { sigAlg: 'ecdsa', hashFunction: 'sha256', domainParameter: 'secp384r1', keyLength: '384' },
  { sigAlg: 'ecdsa', hashFunction: 'sha384', domainParameter: 'secp384r1', keyLength: '384' },
+  { sigAlg: 'ecdsa', hashFunction: 'sha256', domainParameter: 'secp521r1', keyLength: '521' },
+  { sigAlg: 'ecdsa', hashFunction: 'sha512', domainParameter: 'secp521r1', keyLength: '521' },
+  // this last one does not pass right now but only because of the issue
+  // of the function that selects the position of the pubkey in ecdsa certs
+  // sometimes being off by one 
 ];
--- a/circuits/tests/register/test_cases.ts
+++ b/circuits/tests/register/test_cases.ts
@@ -17,16 +17,8 @@ export const sigAlgs: TestCase[] = [
    sigAlg: 'rsapss',
    domainParameter: '65537',
    keyLength: '2048',
-    saltLength: '64' // Denmark case
+    saltLength: '64' // Denmark
  },
-  // {
-  //   dgHashAlgo: 'sha512',
-  //   eContentHashAlgo: 'sha512',
-  //   hashFunction: 'sha512',
-  //   sigAlg: 'ecdsa',
-  //   domainParameter: 'secp521r1',
-  //   keyLength: '521',
-  // }, // same problem as other 521s
 ];

 export const fullSigAlgs: TestCase[] = [
@@ -88,6 +80,15 @@ export const fullSigAlgs: TestCase[] = [
    domainParameter: '65537',
    keyLength: '2048',
  },
+  {
+    dgHashAlgo: 'sha256',
+    eContentHashAlgo: 'sha256',
+    hashFunction: 'sha256',
+    sigAlg: 'rsapss',
+    domainParameter: '65537',
+    keyLength: '2048',
+    saltLength: '64' // Denmark
+  },
  {
    dgHashAlgo: 'sha256',
    eContentHashAlgo: 'sha256',
@@ -203,4 +204,12 @@ export const fullSigAlgs: TestCase[] = [
    domainParameter: 'secp384r1',
    keyLength: '384',
  },
+  {
+    dgHashAlgo: 'sha512',
+    eContentHashAlgo: 'sha512',
+    hashFunction: 'sha512',
+    sigAlg: 'ecdsa',
+    domainParameter: 'secp521r1',
+    keyLength: '521',
+  },
 ];
--- a/common/src/utils/passports/genMockPassportData.ts
+++ b/common/src/utils/passports/genMockPassportData.ts
@@ -206,6 +206,14 @@ export function genMockPassportData(
      privateKeyPem = mockCertificates.mock_dsc_sha512_ecdsa_brainpoolP512r1_key;
      dsc = mockCertificates.mock_dsc_sha512_ecdsa_brainpoolP512r1;
      break;
+    case 'ecdsa_sha512_secp521r1_521':
+      privateKeyPem = mockCertificates.mock_dsc_sha512_ecdsa_secp521r1_key;
+      dsc = mockCertificates.mock_dsc_sha512_ecdsa_secp521r1;
+      break;
+    case 'ecdsa_sha256_secp521r1_521':
+      privateKeyPem = mockCertificates.mock_dsc_sha256_ecdsa_secp521r1_key;
+      dsc = mockCertificates.mock_dsc_sha256_ecdsa_secp521r1;
+      break;
    case 'rsa_sha256_65537_4096':
      privateKeyPem = mockCertificates.mock_dsc_sha256_rsa_65537_4096_key;
      dsc = mockCertificates.mock_dsc_sha256_rsa_65537_4096;