diff --git a/circuits/circuits/prove/instances/prove_ecdsa_sha384_brainpoolP256r1_256.circom b/circuits/circuits/prove/instances/prove_ecdsa_sha384_brainpoolP256r1_256.circom new file mode 100644 index 000000000..f07b77ae7 --- /dev/null +++ b/circuits/circuits/prove/instances/prove_ecdsa_sha384_brainpoolP256r1_256.circom @@ -0,0 +1,5 @@ +pragma circom 2.1.9; + +include "../openpassport_prove.circom"; + +component main { public [ scope, user_identifier, current_date] } = OPENPASSPORT_PROVE(24, 64, 4, 512, 256, 20); \ No newline at end of file diff --git a/circuits/circuits/utils/passport/ecdsaVerifier.circom b/circuits/circuits/utils/passport/ecdsaVerifier.circom index c903ba74b..2370bbca1 100644 --- a/circuits/circuits/utils/passport/ecdsaVerifier.circom +++ b/circuits/circuits/utils/passport/ecdsaVerifier.circom @@ -15,11 +15,18 @@ template EcdsaVerifier(signatureAlgorithm, n, k) { signal hash[n * k]; - for (var i = n * k - 1; i >= 0; i--) { - if (i <= n * k - 1 - HASH_LEN_BITS) { - hash[i] <== 0; - }else { - hash[i] <== hashParsed[i - n * k + HASH_LEN_BITS]; + if (HASH_LEN_BITS >= n * k) { + for (var i = 0; i < n * k; i++) { + hash[i] <== hashParsed[i]; + } + } + if (HASH_LEN_BITS < n * k) { + for (var i = n * k - 1; i >= 0; i--) { + if (i <= n * k - 1 - HASH_LEN_BITS) { + hash[i] <== 0; + } else { + hash[i] <== hashParsed[i - n * k + HASH_LEN_BITS]; + } } } @@ -93,7 +100,7 @@ template EcdsaVerifier(signatureAlgorithm, n, k) { ecdsa_verify.hashed <== hash; ecdsa_verify.dummy <== 0; } - if (signatureAlgorithm == 21) { + if (signatureAlgorithm == 21 || signatureAlgorithm == 24) { component ecdsa_verify = verifyECDSABits(n, k, [ 16810331318623712729, 18122579188607900780, diff --git a/circuits/circuits/utils/passport/signatureAlgorithm.circom b/circuits/circuits/utils/passport/signatureAlgorithm.circom index 25c2336bc..24ba8e6ef 100644 --- a/circuits/circuits/utils/passport/signatureAlgorithm.circom +++ b/circuits/circuits/utils/passport/signatureAlgorithm.circom @@ -18,9 +18,10 @@ pragma circom 2.1.9; 17: rsapss_sha256_3_4096 18: rsapss_sha384_65537_3072 19: rsapss_sha256_65537_3072 - 21: ecdsa_sha256_brainpool256r1_256 - 22: ecdsa_sha384_brainpool384r1_384 + 21: ecdsa_sha256_brainpoolP256r1_256 + 22: ecdsa_sha384_brainpoolP384r1_384 23: ecdsa_sha256_secp384r1_384 + 24: ecdsa_sha384_brainpoolP256r1_256 */ function getHashLength(signatureAlgorithm) { @@ -84,6 +85,9 @@ function getHashLength(signatureAlgorithm) { if (signatureAlgorithm == 23) { return 256; } + if (signatureAlgorithm == 24) { + return 384; + } return 0; } @@ -145,6 +149,9 @@ function getKeyLength(signatureAlgorithm) { if (signatureAlgorithm == 23) { return 384; } + if (signatureAlgorithm == 24) { + return 256; + } return 0; } @@ -207,6 +214,9 @@ function getKLengthFactor(signatureAlgorithm) { if (signatureAlgorithm == 23) { return 2; } + if (signatureAlgorithm == 24) { + return 2; + } return 0; } diff --git a/circuits/circuits/utils/passport/signatureVerifier.circom b/circuits/circuits/utils/passport/signatureVerifier.circom index 1d8c1e4c3..1bb4fafff 100644 --- a/circuits/circuits/utils/passport/signatureVerifier.circom +++ b/circuits/circuits/utils/passport/signatureVerifier.circom @@ -79,6 +79,7 @@ template SignatureVerifier(signatureAlgorithm, n, k) { || signatureAlgorithm == 21 || signatureAlgorithm == 22 || signatureAlgorithm == 23 + || signatureAlgorithm == 24 ) { EcdsaVerifier (signatureAlgorithm, n, k)(signature, pubKey, hash); } diff --git a/circuits/private.ec.key b/circuits/private.ec.key index 15518bc88..71beb5df6 100644 --- a/circuits/private.ec.key +++ b/circuits/private.ec.key @@ -1,6 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MIGkAgEBBDBZthN5/vhpqE/ALHj35A/pMkfSDRxFKKweTYs2IxR0eW6RJQlZhdgk -TGP7rQ4EKF6gBwYFK4EEACKhZANiAASsl16vufqKa/qdJWIEDO5no2useouKh4Zk -AdtBf3fWjDnsT3J9ulxe0Ep+QbC8010o3dGQZL5UqwzoarLGrFentQ4wTJYzLXX2 -VHrLCyDjwswia1U3+I9ZYLp1TA9+88A= +MHgCAQEEIIhHbA4GKMOiNXQcXTiFlQUX2YFKz5U/Ya+vQa/YFo6foAsGCSskAwMC +CAEBB6FEA0IABKje0Lfu0ACxcGqEJc2vF6AYckbw9LaoHIKRyM6ko91AFuNhEIsx +pUF1FV+lornr3u0I7bOxL4PlOD+nZuRXGQE= -----END EC PRIVATE KEY----- diff --git a/circuits/test.cer b/circuits/test.cer index 9d9edead1..cbf0befb5 100644 --- a/circuits/test.cer +++ b/circuits/test.cer @@ -1,14 +1,13 @@ -----BEGIN CERTIFICATE----- -MIICHDCCAaKgAwIBAgIUIxGxDq5DcnphGZhSQNaAMWC5WtcwCgYIKoZIzj0EAwIw +MIIB3zCCAYagAwIBAgIUNxoAJFWOPOCE9KOmtQZpg4NiEzMwCgYIKoZIzj0EAwMw RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu -dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDEyMjgwNTMwMzlaFw0yNTEyMjgw -NTMwMzlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD -VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAASsl16vufqKa/qdJWIEDO5no2useouKh4ZkAdtBf3fWjDnsT3J9ulxe0Ep+ -QbC8010o3dGQZL5UqwzoarLGrFentQ4wTJYzLXX2VHrLCyDjwswia1U3+I9ZYLp1 -TA9+88CjUzBRMB0GA1UdDgQWBBQuToV7daaeM2l+EdWsqXX4NP1gFjAfBgNVHSME -GDAWgBQuToV7daaeM2l+EdWsqXX4NP1gFjAPBgNVHRMBAf8EBTADAQH/MAoGCCqG -SM49BAMCA2gAMGUCMFEUPb/G0QxEiAW0d1S7njA4UPPtgugQ44PDjWhFrwEowtEv -gmDwQUgL/nKb+7GsSQIxANABnyvZSR9heu9rqqYxeW/0eGoQoDnSiZowdf7Z6fJP -aiTuTmjxvd1KKxrCkmuSDg== +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDEyMjgwNjE0MTZaFw0yNTEyMjgw +NjE0MTZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD +VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwWjAUBgcqhkjOPQIBBgkrJAMD +AggBAQcDQgAEqN7Qt+7QALFwaoQlza8XoBhyRvD0tqgcgpHIzqSj3UAW42EQizGl +QXUVX6Wiueve7Qjts7Evg+U4P6dm5FcZAaNTMFEwHQYDVR0OBBYEFHB+vSzRl9Vy +UedDOcm9V+sbVYlLMB8GA1UdIwQYMBaAFHB+vSzRl9VyUedDOcm9V+sbVYlLMA8G +A1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDRwAwRAIgFv62dVvKdRlqCcRfQdax +iSfNPb3k7L2E0ETWSZ0KLvICIC8csz7X6VOTuVspKl1YXlBM6hOx7gTVdaGKmTR2 +WtFT -----END CERTIFICATE----- diff --git a/circuits/tests/prove.test.ts b/circuits/tests/prove.test.ts index 26c4958d8..4537581b8 100644 --- a/circuits/tests/prove.test.ts +++ b/circuits/tests/prove.test.ts @@ -25,8 +25,9 @@ const sigAlgs = [ // { sigAlg: 'ecdsa', hashFunction: 'sha256', domainParameter: 'secp256r1', keyLength: '256' }, // { sigAlg: 'ecdsa', hashFunction: 'sha1', domainParameter: 'secp256r1', keyLength: '256' }, // { sigAlg: 'ecdsa', hashFunction: 'sha256', domainParameter: 'brainpoolP256r1', keyLength: '256' }, + { sigAlg: 'ecdsa', hashFunction: 'sha384', domainParameter: 'brainpoolP256r1', keyLength: '256' }, // { sigAlg: 'ecdsa', hashFunction: 'sha384', domainParameter: 'secp384r1', keyLength: '384' }, - { sigAlg: 'ecdsa', hashFunction: 'sha256', domainParameter: 'secp384r1', keyLength: '384' }, + // { sigAlg: 'ecdsa', hashFunction: 'sha256', domainParameter: 'secp384r1', keyLength: '384' }, // { sigAlg: 'ecdsa', hashFunction: 'sha384', domainParameter: 'brainpoolP384r1', keyLength: '384' }, ]; diff --git a/common/src/constants/constants.ts b/common/src/constants/constants.ts index 9f1be648c..61efa0f00 100644 --- a/common/src/constants/constants.ts +++ b/common/src/constants/constants.ts @@ -41,6 +41,7 @@ export const MAX_PADDED_ECONTENT_LEN: Partial< rsa_sha256_65537_3072: 384, rsa_sha256_3_2048: 384, ecdsa_sha256_brainpoolP256r1_256: 384, + ecdsa_sha384_brainpoolP256r1_256: 512, ecdsa_sha384_brainpoolP384r1_384: 512, }; @@ -62,6 +63,7 @@ export const MAX_PADDED_SIGNED_ATTR_LEN: Partial< rsa_sha256_65537_3072: 192, rsa_sha256_3_2048: 192, ecdsa_sha256_brainpoolP256r1_256: 192, + ecdsa_sha384_brainpoolP256r1_256: 256, ecdsa_sha384_brainpoolP384r1_384: 256, }; @@ -108,6 +110,7 @@ export enum SignatureAlgorithmIndex { ecdsa_sha256_brainpoolP256r1_256 = 21, ecdsa_sha384_brainpoolP384r1_384 = 22, ecdsa_sha256_secp384r1_384 = 23, + ecdsa_sha384_brainpoolP256r1_256 = 24, } export const attributeToPosition = { diff --git a/common/src/constants/mockCertificates.ts b/common/src/constants/mockCertificates.ts index 1717153a4..cbc25b1e2 100644 --- a/common/src/constants/mockCertificates.ts +++ b/common/src/constants/mockCertificates.ts @@ -1266,6 +1266,28 @@ Tvkpy9dRVAEaF2QmoiMtCHKnAiAe9FkZw6iO8h4GWKyeiAsvnk/tiRcLwkOQoLNc -----END CERTIFICATE----- `; +export const mock_dsc_key_sha384_brainpoolP256r1 = `-----BEGIN EC PRIVATE KEY----- +MHgCAQEEIIhHbA4GKMOiNXQcXTiFlQUX2YFKz5U/Ya+vQa/YFo6foAsGCSskAwMC +CAEBB6FEA0IABKje0Lfu0ACxcGqEJc2vF6AYckbw9LaoHIKRyM6ko91AFuNhEIsx +pUF1FV+lornr3u0I7bOxL4PlOD+nZuRXGQE= +-----END EC PRIVATE KEY----- +`; + +export const mock_dsc_sha384_brainpoolP256r1 = `-----BEGIN CERTIFICATE----- +MIIB3zCCAYagAwIBAgIUNxoAJFWOPOCE9KOmtQZpg4NiEzMwCgYIKoZIzj0EAwMw +RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDEyMjgwNjE0MTZaFw0yNTEyMjgw +NjE0MTZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD +VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwWjAUBgcqhkjOPQIBBgkrJAMD +AggBAQcDQgAEqN7Qt+7QALFwaoQlza8XoBhyRvD0tqgcgpHIzqSj3UAW42EQizGl +QXUVX6Wiueve7Qjts7Evg+U4P6dm5FcZAaNTMFEwHQYDVR0OBBYEFHB+vSzRl9Vy +UedDOcm9V+sbVYlLMB8GA1UdIwQYMBaAFHB+vSzRl9VyUedDOcm9V+sbVYlLMA8G +A1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDRwAwRAIgFv62dVvKdRlqCcRfQdax +iSfNPb3k7L2E0ETWSZ0KLvICIC8csz7X6VOTuVspKl1YXlBM6hOx7gTVdaGKmTR2 +WtFT +-----END CERTIFICATE----- +`; + export const mock_dsc_key_sha256_secp384r1 = `-----BEGIN EC PRIVATE KEY----- MIGkAgEBBDBZthN5/vhpqE/ALHj35A/pMkfSDRxFKKweTYs2IxR0eW6RJQlZhdgk TGP7rQ4EKF6gBwYFK4EEACKhZANiAASsl16vufqKa/qdJWIEDO5no2useouKh4Zk diff --git a/common/src/utils/genMockPassportData.ts b/common/src/utils/genMockPassportData.ts index 7367425da..ec1a09e67 100644 --- a/common/src/utils/genMockPassportData.ts +++ b/common/src/utils/genMockPassportData.ts @@ -38,6 +38,8 @@ import { mock_dsc_sha384_brainpoolP384r1, mock_dsc_key_sha256_secp384r1, mock_dsc_sha256_secp384r1, + mock_dsc_key_sha384_brainpoolP256r1, + mock_dsc_sha384_brainpoolP256r1, } from '../constants/mockCertificates'; import { sampleDataHashes_small, sampleDataHashes_large } from '../constants/sampleDataHashes'; import { countryCodes } from '../constants/constants'; @@ -153,6 +155,11 @@ export function genMockPassportData( privateKeyPem = mock_dsc_key_sha256_brainpoolP256r1; dsc = mock_dsc_sha256_brainpoolP256r1; break; + case 'ecdsa_sha384_brainpoolP256r1_256': + sampleDataHashes = genSampleDataHashes('large', 48); + privateKeyPem = mock_dsc_key_sha384_brainpoolP256r1; + dsc = mock_dsc_sha384_brainpoolP256r1; + break; case 'rsa_sha256_3_2048': sampleDataHashes = genSampleDataHashes('large', 32); privateKeyPem = mock_dsc_key_sha256_rsa_3_2048; @@ -182,7 +189,7 @@ export function genMockPassportData( const { hashFunction, hashLen } = parseCertificate(dsc); - console.log('hashFUnction', hashFunction); + console.log('hashFunction', hashFunction); const mrzHash = hash(hashFunction, formatMrz(mrz)); const concatenatedDataHashes = formatAndConcatenateDataHashes( diff --git a/common/src/utils/types.ts b/common/src/utils/types.ts index c9b01354d..a1798b19b 100644 --- a/common/src/utils/types.ts +++ b/common/src/utils/types.ts @@ -25,6 +25,7 @@ export type SignatureAlgorithm = | 'ecdsa_sha384_secp384r1_384' | 'ecdsa_sha256_secp384r1_384' | 'ecdsa_sha256_brainpoolP256r1_256' + | 'ecdsa_sha384_brainpoolP256r1_256' | 'rsa_sha256_3_2048' | 'rsa_sha256_65537_3072' | 'rsa_sha256_65537_4096'