bring back hashAlgorithm and fix dsc tests

common/src/utils/certificate_parsing/dataStructure.ts

@@ -10,6 +10,7 @@ export interface CertificateData {
     subjectKeyIdentifier: string;
     authorityKeyIdentifier: string;
     signatureAlgorithm: string;
+    hashAlgorithm: string;
     publicKeyDetails: PublicKeyDetailsRSA | PublicKeyDetailsECDSA | PublicKeyDetailsRSAPSS | undefined;
     rawPem: string;
     rawTxt: string;

common/src/utils/certificate_parsing/parseCertificateSimple.ts

@@ -20,6 +20,7 @@ export function parseCertificateSimple(pem: string): CertificateData {
         subjectKeyIdentifier: '',
         authorityKeyIdentifier: '',
         signatureAlgorithm: '',
+        hashAlgorithm: '',
         publicKeyDetails: undefined,
         rawPem: '',
         rawTxt: ''
@@ -41,7 +42,9 @@ export function parseCertificateSimple(pem: string): CertificateData {
         const cert = new Certificate({ schema: asn1.result });
         const publicKeyAlgoOID = cert.subjectPublicKeyInfo.algorithm.algorithmId;
         const publicKeyAlgoFN = getFriendlyName(publicKeyAlgoOID);
-
+        const signatureAlgoOID = cert.signatureAlgorithm.algorithmId;
+        const signatureAlgoFN = getFriendlyName(signatureAlgoOID);
+        certificateData.hashAlgorithm = getHashAlgorithm(signatureAlgoFN);
         let params;
         if (publicKeyAlgoFN === 'RSA') {
             certificateData.signatureAlgorithm = "rsa";
@@ -72,6 +75,12 @@ export function parseCertificateSimple(pem: string): CertificateData {
         const authorityKeyIdentifier = getAuthorityKeyIdentifier(cert);
         certificateData.authorityKeyIdentifier = authorityKeyIdentifier;
 
+        // corner case for rsapss
+        if (certificateData.signatureAlgorithm === "rsapss" && !certificateData.hashAlgorithm) {
+            certificateData.hashAlgorithm = (certificateData.publicKeyDetails as PublicKeyDetailsRSAPSS).hashAlgorithm;
+        }
+
+
         return certificateData;
 
     } catch (error) {
@@ -287,4 +296,24 @@ export const getCircuitNameOld = (circuitMode: Mode, signatureAlgorithm: string,
     else {
         return circuit + "_" + signatureAlgorithm + "_65537_" + hashFunction;
     }
+}
+
+export function getHashAlgorithm(rawSignatureAlgorithm: string) {
+    const input = rawSignatureAlgorithm.toLowerCase();
+    const patterns = [
+        /sha-?1/i,
+        /sha-?256/i,
+        /sha-?384/i,
+        /sha-?512/i
+    ];
+
+    for (const pattern of patterns) {
+        const match = input.match(pattern);
+        if (match) {
+            // Remove any hyphens and return standardized format
+            return match[0].replace('-', '');
+        }
+    }
+
+    return 'unknown';
 }

common/src/utils/csca.ts

@@ -138,7 +138,7 @@ export function generateCircuitInputsDSC(
 
   }
 
-
+  console.log('dsc_pubKey_length', pubKey_dsc.length);
   return {
     signature_algorithm: `${signatureAlgorithm}_${curve || exponent}_${hashAlgorithm}_${4096}`,
     inputs: {

common/src/utils/parsePassportData.ts

@@ -151,6 +151,7 @@ export function brutforceHashAlgorithm(passportData: PassportData): any {
     return null;
 }
 
+
 export function parsePassportData(passportData: PassportData): PassportMetadata {
     const dg1HashInfo = passportData.mrz ?
         findDG1HashInEContent(passportData.mrz, passportData.eContent) :

common/src/utils/pubkeyTree.ts

@@ -4,7 +4,7 @@ import { poseidon16, poseidon2, poseidon7 } from 'poseidon-lite';
 import { formatDg2Hash, getNAndK, getNAndKCSCA, hexToDecimal, splitToWords } from './utils';
 import { flexiblePoseidon } from './poseidon';
 import { parseCertificateSimple } from './certificate_parsing/parseCertificateSimple';
-import { PublicKeyDetailsECDSA, PublicKeyDetailsRSA } from './certificate_parsing/dataStructure';
+import { PublicKeyDetailsECDSA, PublicKeyDetailsRSA, PublicKeyDetailsRSAPSS } from './certificate_parsing/dataStructure';
 import { SignatureAlgorithm } from './types';
 
 export function customHasher(pubKeyFormatted: string[]) {
@@ -25,8 +25,7 @@ export function customHasher(pubKeyFormatted: string[]) {
 }
 
 export function getLeaf(dsc: string): string {
-  const { signatureAlgorithm, publicKeyDetails } = parseCertificateSimple(dsc);
-
+  const { signatureAlgorithm, publicKeyDetails, hashAlgorithm } = parseCertificateSimple(dsc);
 
 
   if (signatureAlgorithm === 'ecdsa') {
@@ -57,7 +56,8 @@ export function getLeaf(dsc: string): string {
   }
 }
 export function getLeafCSCA(dsc: string): string {
-  const { signatureAlgorithm, publicKeyDetails } = parseCertificateSimple(dsc);
+  const { signatureAlgorithm, publicKeyDetails, hashAlgorithm } = parseCertificateSimple(dsc);
+
   const { n, k } = getNAndKCSCA(signatureAlgorithm as any);
 
 
@@ -68,11 +68,20 @@ export function getLeafCSCA(dsc: string): string {
     let qx = splitToWords(BigInt(hexToDecimal(x)), n, k);
     let qy = splitToWords(BigInt(hexToDecimal(y)), n, k);
     return customHasher([sigAlgIndex, ...qx, ...qy]);
-  } else {
+  } else if (signatureAlgorithm === 'rsa') {
     const { modulus, bits, exponent } = publicKeyDetails as PublicKeyDetailsRSA;
     const sigAlgKey = `${signatureAlgorithm}_${hashAlgorithm}_${exponent}_${bits}`;
     const sigAlgIndex = SignatureAlgorithmIndex[sigAlgKey];
-
+    const pubkeyChunked = splitToWords(BigInt(hexToDecimal(modulus)), n, k);
+    return customHasher([sigAlgIndex, ...pubkeyChunked]);
+    if (sigAlgIndex == undefined) {
+      console.error(`\x1b[31mInvalid signature algorithm: ${sigAlgKey}\x1b[0m`);
+      throw new Error(`Invalid signature algorithm: ${sigAlgKey}`);
+    }
+  } else if (signatureAlgorithm === 'rsapss') {
+    const { modulus, bits, exponent, hashAlgorithm } = publicKeyDetails as PublicKeyDetailsRSAPSS;
+    const sigAlgKey = `${signatureAlgorithm}_${hashAlgorithm}_${exponent}_${bits}`;
+    const sigAlgIndex = SignatureAlgorithmIndex[sigAlgKey];
     if (sigAlgIndex == undefined) {
       console.error(`\x1b[31mInvalid signature algorithm: ${sigAlgKey}\x1b[0m`);
       throw new Error(`Invalid signature algorithm: ${sigAlgKey}`);