From 5e83716273061d99c1249c348760ef4cc4c897f7 Mon Sep 17 00:00:00 2001
From: turboblitz <florent.tavernier@gmail.com>
Date: Wed, 19 Feb 2025 17:36:43 -0800
Subject: [PATCH] hotfix off-by-one issues (#145)

---
 circuits/circuits/dsc/dsc.circom                    |  2 +-
 .../utils/passport/signatureVerifier.circom         |  4 ++--
 circuits/tests/dsc/dsc.test.ts                      | 13 +++++++++++++
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/circuits/circuits/dsc/dsc.circom b/circuits/circuits/dsc/dsc.circom
index fd07696d3..43fc74aeb 100644
--- a/circuits/circuits/dsc/dsc.circom
+++ b/circuits/circuits/dsc/dsc.circom
@@ -87,7 +87,7 @@ template DSC(
     // this should guarantee the dsc commitment is unique for each commitment
     component byte_checks[MAX_DSC_LENGTH];
     for (var i = 0; i < MAX_DSC_LENGTH; i++) {
-        byte_checks[i] = GreaterThan(12);
+        byte_checks[i] = GreaterEqThan(12);
         byte_checks[i].in[0] <== i;
         byte_checks[i].in[1] <== raw_dsc_padded_length;
         
diff --git a/circuits/circuits/utils/passport/signatureVerifier.circom b/circuits/circuits/utils/passport/signatureVerifier.circom
index 4edd4780e..71b4ee6ef 100644
--- a/circuits/circuits/utils/passport/signatureVerifier.circom
+++ b/circuits/circuits/utils/passport/signatureVerifier.circom
@@ -25,7 +25,7 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
     signal input pubKey[kScaled];
     signal input signature[kScaled];
 
-    var msg_len = (HASH_LEN_BITS + n) \ n;
+    var msg_len = (HASH_LEN_BITS + n - 1) \ n;
 
     signal hashParsed[msg_len] <== HashParser(signatureAlgorithm, n, k)(hash);
    
@@ -124,7 +124,7 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
 
 template HashParser(signatureAlgorithm, n, k) {
     var HASH_LEN_BITS = getHashLength(signatureAlgorithm);
-    var msg_len = (HASH_LEN_BITS + n) \ n;
+    var msg_len = (HASH_LEN_BITS + n - 1) \ n;
 
     component hashParser[msg_len];
     signal input hash[HASH_LEN_BITS];
diff --git a/circuits/tests/dsc/dsc.test.ts b/circuits/tests/dsc/dsc.test.ts
index d741d17b5..f378473f1 100644
--- a/circuits/tests/dsc/dsc.test.ts
+++ b/circuits/tests/dsc/dsc.test.ts
@@ -283,6 +283,19 @@ testSuite.forEach(({ sigAlg, hashFunction, domainParameter, keyLength }) => {
       }
     });
 
+    it('should not allow tampering of raw_dsc[raw_dsc_padded_length]', async () => {
+      try {
+        const tamperedInputs = JSON.parse(JSON.stringify(inputs));
+        const paddedLength = Number(tamperedInputs.raw_dsc_padded_length);
+        tamperedInputs.raw_dsc[paddedLength] = '255'; // or any nonzero value
+
+        await circuit.calculateWitness(tamperedInputs);
+        expect.fail('Expected an error but none was thrown.');
+      } catch (error: any) {
+        expect(error.message).to.include('Assert Failed');
+      }
+    });
+
     it('should fail if raw_csca has a signal that is longer than a byte', async function () {
       try {
         const tamperedInputs = JSON.parse(JSON.stringify(inputs));