diff --git a/circuits/circuits/dsc/instances/dsc_rsa_sha1_65537_4096.circom b/circuits/circuits/dsc/instances/dsc_rsa_sha1_65537_4096.circom index c4bbd0b1f..9400fab90 100644 --- a/circuits/circuits/dsc/instances/dsc_rsa_sha1_65537_4096.circom +++ b/circuits/circuits/dsc/instances/dsc_rsa_sha1_65537_4096.circom @@ -2,4 +2,4 @@ pragma circom 2.1.9; include "../openpassport_dsc.circom"; -component main { public [ merkle_root ] } = OPENPASSPORT_DSC(11, 64, 32, 120, 35, 1664, 256, 12); \ No newline at end of file +component main { public [ merkle_root ] } = OPENPASSPORT_DSC(11, 64, 32, 64, 64, 1664, 256, 12); \ No newline at end of file diff --git a/circuits/circuits/dsc/instances/dsc_rsa_sha256_65537_4096.circom b/circuits/circuits/dsc/instances/dsc_rsa_sha256_65537_4096.circom index 728c2b938..7c97beb15 100644 --- a/circuits/circuits/dsc/instances/dsc_rsa_sha256_65537_4096.circom +++ b/circuits/circuits/dsc/instances/dsc_rsa_sha256_65537_4096.circom @@ -2,4 +2,4 @@ pragma circom 2.1.9; include "../openpassport_dsc.circom"; -component main { public [ merkle_root ] } = OPENPASSPORT_DSC(10, 64, 32, 120, 35, 1664, 256, 12); \ No newline at end of file +component main { public [ merkle_root ] } = OPENPASSPORT_DSC(10, 64, 32, 64, 64, 1664, 256, 12); \ No newline at end of file diff --git a/circuits/circuits/dsc/openpassport_dsc.circom b/circuits/circuits/dsc/openpassport_dsc.circom index e27b35938..1da79d371 100644 --- a/circuits/circuits/dsc/openpassport_dsc.circom +++ b/circuits/circuits/dsc/openpassport_dsc.circom @@ -34,6 +34,8 @@ template OPENPASSPORT_DSC(signatureAlgorithm, n_dsc, k_dsc, n_csca, k_csca, max_ signal input path[nLevels]; signal input siblings[nLevels]; + signal input dummy; + // leaf signal leaf <== LeafHasher(kScaled)(csca_pubKey, signatureAlgorithm); @@ -55,7 +57,7 @@ template OPENPASSPORT_DSC(signatureAlgorithm, n_dsc, k_dsc, n_csca, k_csca, max_ // signal hashedCertificate[hashLength] <== ShaBytesDynamic(hashLength, max_cert_bytes)(raw_dsc_cert, raw_dsc_cert_padded_bytes); // for now 512 but it can be 1024 as well signal hashedCertificate[hashLength] <== ShaHashChunks((max_cert_bytes * 8) \ 512, hashLength)(raw_dsc_cert_bits, 0); - SignatureVerifier(signatureAlgorithm, n_csca, k_csca)(hashedCertificate, csca_pubKey, signature); + SignatureVerifier(signatureAlgorithm, n_csca, k_csca)(hashedCertificate, csca_pubKey, signature, dummy); // verify DSC csca_pubKey component shiftLeft = VarShiftLeft(max_cert_bytes, dscPubkeyBytesLength); // use select subarray for dscPubKey variable length diff --git a/circuits/circuits/prove/openpassport_prove.circom b/circuits/circuits/prove/openpassport_prove.circom index 00efbdd62..d8901702d 100644 --- a/circuits/circuits/prove/openpassport_prove.circom +++ b/circuits/circuits/prove/openpassport_prove.circom @@ -47,6 +47,8 @@ template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, M signal input secret; signal input dsc_secret; + signal input dummy; + signal attestation_id <== 1; signal selectorModeDisclosure <== selector_mode[0]; @@ -58,7 +60,7 @@ template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, M // verify passport signature - PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN)(dg1,dg1_hash_offset, dg2_hash, eContent,eContent_padded_length, signed_attr, signed_attr_padded_length, signed_attr_econtent_hash_offset, pubKey, signature); + PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN)(dg1,dg1_hash_offset, dg2_hash, eContent,eContent_padded_length, signed_attr, signed_attr_padded_length, signed_attr_econtent_hash_offset, pubKey, signature, dummy); // verify passport is not expired component isValid = IsValid(); isValid.currDate <== current_date; diff --git a/circuits/circuits/utils/passport/passportVerifier.circom b/circuits/circuits/utils/passport/passportVerifier.circom index 6afa9820c..943f7cdc9 100644 --- a/circuits/circuits/utils/passport/passportVerifier.circom +++ b/circuits/circuits/utils/passport/passportVerifier.circom @@ -29,6 +29,8 @@ template PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_LEN, MAX_SIGNED signal input pubKey[kScaled]; signal input signature[kScaled]; + signal input dummy; + // compute hash of DG1 // signal dg1Sha[HASH_LEN_BITS] <== ShaBytesStatic(HASH_LEN_BITS, 93)(dg1); signal dg1Bits[93 * 8]; @@ -91,6 +93,6 @@ template PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_LEN, MAX_SIGNED signal signedAttrSha[HASH_LEN_BITS] <== ShaBytesDynamic(HASH_LEN_BITS, MAX_SIGNED_ATTR_LEN)(signed_attr, signed_attr_padded_length); - SignatureVerifier(signatureAlgorithm, n, k)(signedAttrSha, pubKey, signature); + SignatureVerifier(signatureAlgorithm, n, k)(signedAttrSha, pubKey, signature, dummy); } diff --git a/circuits/circuits/utils/passport/signatureVerifier.circom b/circuits/circuits/utils/passport/signatureVerifier.circom index 4930a1e9a..c48f2adf6 100644 --- a/circuits/circuits/utils/passport/signatureVerifier.circom +++ b/circuits/circuits/utils/passport/signatureVerifier.circom @@ -17,42 +17,36 @@ template SignatureVerifier(signatureAlgorithm, n, k) { signal input pubKey[kScaled]; signal input signature[kScaled]; - // var msg_len = (HASH_LEN_BITS + n) \ n; + signal input dummy; - // signal hashParsed[msg_len] <== HashParser(signatureAlgorithm, n, k)(hash); + var msg_len = (HASH_LEN_BITS + n) \ n; + + signal hashParsed[msg_len] <== HashParser(signatureAlgorithm, n, k)(hash); - if (signatureAlgorithm == 1 || signatureAlgorithm == 10) { - // component rsa = RSAVerifier65537(n, k); - // for (var i = 0; i < msg_len; i++) { - // rsa.message[i] <== hashParsed[i]; - // } - // for (var i = msg_len; i < k; i++) { - // rsa.message[i] <== 0; - // } - // rsa.modulus <== pubKey; - // rsa.signature <== signature; + if (signatureAlgorithm == 1) { + component rsa = VerifyRsaPkcs1v1_5(signatureAlgorithm, n, k, 65537, 256); + for (var i = 0; i < msg_len; i++) { + rsa.message[i] <== hashParsed[i]; + } + for (var i = msg_len; i < k; i++) { + rsa.message[i] <== 0; + } + rsa.modulus <== pubKey; + rsa.signature <== signature; + rsa.dummy <== dummy; } - if (signatureAlgorithm == 3 || signatureAlgorithm == 11) { - component SplitSignalsToWords = SplitSignalsToWords(1, 160, 64, 32); - SplitSignalsToWords.in <== hash; - signal hashParsedWords[32]; - hashParsedWords <== SplitSignalsToWords.out; - - // component rsa_pkcs1 = RSAVerifier65537Pkcs1(n, k); - // for (var i = 0; i < msg_len; i++) { - // rsa_pkcs1.message[i] <== hashParsed[i]; - // } - // for (var i = msg_len; i < k; i++) { - // rsa_pkcs1.message[i] <== 0; - // } - // rsa_pkcs1.modulus <== pubKey; - // rsa_pkcs1.signature <== signature; - // component rsa = VerifyRsaPkcs1v1_5(3, 64, 32, 65537, 160); - // rsa.message <== hashParsedWords; - // rsa.modulus <== pubKey; - // rsa.signature <== signature; - // rsa.dummy <== 0; + if (signatureAlgorithm == 3) { + component rsa = VerifyRsaPkcs1v1_5(signatureAlgorithm, n, k, 65537, 160); + for (var i = 0; i < msg_len; i++) { + rsa.message[i] <== hashParsed[i]; + } + for (var i = msg_len; i < k; i++) { + rsa.message[i] <== 0; + } + rsa.modulus <== pubKey; + rsa.signature <== signature; + rsa.dummy <== dummy; } if (signatureAlgorithm == 4 || signatureAlgorithm == 12) { @@ -72,6 +66,60 @@ template SignatureVerifier(signatureAlgorithm, n, k) { } if (signatureAlgorithm == 9) { } + if (signatureAlgorithm == 10) { + component rsa = VerifyRsaPkcs1v1_5(signatureAlgorithm, n, k, 65537, 256); + for (var i = 0; i < msg_len; i++) { + rsa.message[i] <== hashParsed[i]; + } + for (var i = msg_len; i < k; i++) { + rsa.message[i] <== 0; + } + rsa.modulus <== pubKey; + rsa.signature <== signature; + rsa.dummy <== dummy; + } + if (signatureAlgorithm == 11) { + component rsa = VerifyRsaPkcs1v1_5(signatureAlgorithm, n, k, 65537, 160); + for (var i = 0; i < msg_len; i++) { + rsa.message[i] <== hashParsed[i]; + } + for (var i = msg_len; i < k; i++) { + rsa.message[i] <== 0; + } + rsa.modulus <== pubKey; + rsa.signature <== signature; + rsa.dummy <== dummy; + } + if (signatureAlgorithm == 12) { + + } + if (signatureAlgorithm == 13) { + component rsa = VerifyRsaPkcs1v1_5(signatureAlgorithm, n, k, 3, 256); + for (var i = 0; i < msg_len; i++) { + rsa.message[i] <== hashParsed[i]; + } + for (var i = msg_len; i < k; i++) { + rsa.message[i] <== 0; + } + rsa.modulus <== pubKey; + rsa.signature <== signature; + rsa.dummy <== dummy; + } + if (signatureAlgorithm == 14) { + component rsa = VerifyRsaPkcs1v1_5(signatureAlgorithm, n, k, 65537, 256); + for (var i = 0; i < msg_len; i++) { + rsa.message[i] <== hashParsed[i]; + } + for (var i = msg_len; i < k; i++) { + rsa.message[i] <== 0; + } + rsa.modulus <== pubKey; + rsa.signature <== signature; + rsa.dummy <== dummy; + } + if (signatureAlgorithm == 15) { + + } } diff --git a/circuits/package.json b/circuits/package.json index e20fb9a3a..80e9a5f96 100644 --- a/circuits/package.json +++ b/circuits/package.json @@ -5,6 +5,7 @@ "license": "MIT", "scripts": { "test": "yarn ts-mocha --max-old-space-size=8192 'tests/**/*.test.ts' 'tests/*.test.ts' --exit", + "test-dsc": "yarn ts-mocha --max-old-space-size=8192 'tests/dsc.test.ts' --exit", "test-prove": "yarn ts-mocha --max-old-space-size=8192 'tests/prove.test.ts' --exit", "test-rsa": "yarn ts-mocha --max-old-space-size=8192 'tests/utils/rsaPkcs1v1_5.test.ts' --exit", "install-circuits": "cd ../common && yarn && cd ../circuits && yarn", diff --git a/circuits/tests/dsc.test.ts b/circuits/tests/dsc.test.ts index 78ba8c11f..bdc78af89 100644 --- a/circuits/tests/dsc.test.ts +++ b/circuits/tests/dsc.test.ts @@ -14,8 +14,8 @@ import { max_cert_bytes } from '../../common/src/constants/constants'; import { getCircuitName } from '../../common/src/utils/certificates/handleCertificate'; const sigAlgs = [ - { sigAlg: 'rsa', hashFunction: 'sha1', domainParameter: '65537', keyLength: '4096' }, - // { sigAlg: 'rsa', hashFunction: 'sha256', domainParameter: '65537', keyLength: '4096' }, + // { sigAlg: 'rsa', hashFunction: 'sha1', domainParameter: '65537', keyLength: '4096' }, + { sigAlg: 'rsa', hashFunction: 'sha256', domainParameter: '65537', keyLength: '4096' }, // { sigAlg: 'rsapss', hashFunction: 'sha256', domainParameter: '65537', keyLength: '4096' }, ]; @@ -56,9 +56,9 @@ sigAlgs.forEach(({ sigAlg, hashFunction, domainParameter, keyLength }) => { ), { include: [ - 'node_modules', - './node_modules/@zk-kit/binary-merkle-root.circom/src', - './node_modules/circomlib/circuits', + // 'node_modules', + // './node_modules/@zk-kit/binary-merkle-root.circom/src', + // './node_modules/circomlib/circuits', ], } ); diff --git a/circuits/tests/prove.test.ts b/circuits/tests/prove.test.ts index 7e2241ff4..abd335f1c 100644 --- a/circuits/tests/prove.test.ts +++ b/circuits/tests/prove.test.ts @@ -14,10 +14,10 @@ import namejson from '../../common/ofacdata/outputs/nameSMT.json'; const sigAlgs = [ { sigAlg: 'rsa', hashFunction: 'sha1', domainParameter: '65537', keyLength: '2048' }, - // { sigAlg: 'rsa', hashFunction: 'sha256', domainParameter: '65537', keyLength: '2048' }, + { sigAlg: 'rsa', hashFunction: 'sha256', domainParameter: '65537', keyLength: '2048' }, // { sigAlg: 'rsapss', hashFunction: 'sha256', domainParameter: '65537', keyLength: '2048' }, - // { sigAlg: 'rsa', hashFunction: 'sha256', domainParameter: '3', keyLength: '2048' }, - // { sigAlg: 'rsa', hashFunction: 'sha256', domainParameter: '65537', keyLength: '3072' }, + { sigAlg: 'rsa', hashFunction: 'sha256', domainParameter: '3', keyLength: '2048' }, + { sigAlg: 'rsa', hashFunction: 'sha256', domainParameter: '65537', keyLength: '3072' }, // { sigAlg: 'ecdsa', hashFunction: 'sha256', domainParameter: 'secp256r1', keyLength: '256' }, // { sigAlg: 'ecdsa', hashFunction: 'sha1', domainParameter: 'secp256r1', keyLength: '256' }, ]; @@ -44,6 +44,8 @@ sigAlgs.forEach(({ sigAlg, hashFunction, domainParameter, keyLength }) => { const selector_ofac = 1; const forbidden_countries_list = ['DZA']; + const dummy = 0; + let name_smt = new SMT(poseidon2, true); name_smt.import(namejson); const inputs = generateCircuitInputsProve(