add dg2 hash verification

circuits/circuits/prove/openpassport_prove.circom

@@ -9,8 +9,12 @@ template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, M
     var kLengthFactor = getKLengthFactor(signatureAlgorithm);
     var kScaled = k * kLengthFactor;
 
+    var HASH_LEN_BITS = getHashLength(signatureAlgorithm);
+    var HASH_LEN_BYTES = HASH_LEN_BITS / 8;
+
     signal input dg1[93];
     signal input dg1_hash_offset;
+    signal input dg2_hash[HASH_LEN_BYTES];
     signal input econtent[MAX_ECONTENT_PADDED_LEN];
     signal input econtent_padded_length;
     signal input signed_attr[MAX_SIGNED_ATTR_PADDED_LEN];
@@ -20,7 +24,7 @@ template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, M
     signal input pubKey[kScaled];
 
     // passport verifier
-    PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN)(dg1,dg1_hash_offset,econtent,econtent_padded_length, signed_attr, signed_attr_padded_length, signed_attr_econtent_hash_offset, pubKey, signature);
+    PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN)(dg1,dg1_hash_offset, dg2_hash, econtent,econtent_padded_length, signed_attr, signed_attr_padded_length, signed_attr_econtent_hash_offset, pubKey, signature);
 
     // nullifier
     signal output nullifier <== CustomHasher(kScaled)(signature);

circuits/circuits/register/openpassport_register.circom

@@ -9,10 +9,14 @@ template OPENPASSPORT_REGISTER(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN
     var kLengthFactor = getKLengthFactor(signatureAlgorithm);
     var kScaled = k * kLengthFactor;
 
+    var HASH_LEN_BITS = getHashLength(signatureAlgorithm);
+    var HASH_LEN_BYTES = HASH_LEN_BITS / 8;
+
     signal input secret;
     signal input dsc_secret;
     signal input dg1[93];
     signal input dg1_hash_offset;
+    signal input dg2_hash[HASH_LEN_BYTES];
     signal input econtent[MAX_ECONTENT_PADDED_LEN];
     signal input econtent_padded_length;
     signal input signed_attr[MAX_SIGNED_ATTR_PADDED_LEN];
@@ -25,7 +29,7 @@ template OPENPASSPORT_REGISTER(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN
     signal input attestation_id;
 
     // passport verifier
-    PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN)(dg1,dg1_hash_offset,econtent,econtent_padded_length, signed_attr, signed_attr_padded_length, signed_attr_econtent_hash_offset, pubKey, signature);
+    PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN)(dg1,dg1_hash_offset, dg2_hash, econtent,econtent_padded_length, signed_attr, signed_attr_padded_length, signed_attr_econtent_hash_offset, pubKey, signature);
 
     // leaf
     signal leaf  <== LeafHasher(kScaled)(pubKey, signatureAlgorithm);

circuits/circuits/utils/passport/passportVerifier.circom

@@ -16,6 +16,7 @@ template PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_LEN, MAX_SIGNED
 
     signal input dg1[93];
     signal input dg1_hash_offset;
+    signal input dg2_hash[HASH_LEN_BYTES];
     signal input econtent[MAX_ECONTENT_LEN];
     signal input econtent_padded_length;
     signal input signed_attr[MAX_SIGNED_ATTR_LEN];
@@ -35,10 +36,11 @@ template PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_LEN, MAX_SIGNED
         }
     }
 
-    // assert DG1 hash matches the one in econtent input
-    signal dg1Hash[HASH_LEN_BYTES] <== SelectSubArray(MAX_ECONTENT_LEN, HASH_LEN_BYTES)(econtent, dg1_hash_offset, HASH_LEN_BYTES); // TODO: use varShifLeft instead
+    // assert DG1 and DG2 hashes match the ones in econtent input
+    signal dg1AndDg2Hash[2 * HASH_LEN_BYTES] <== SelectSubArray(MAX_ECONTENT_LEN, 2 * HASH_LEN_BYTES)(econtent, dg1_hash_offset, 2 * HASH_LEN_BYTES); // TODO: use varShifLeft instead
     for(var i = 0; i < HASH_LEN_BYTES; i++) {
-        dg1Hash[i] === dg1ShaBytes[i].out;
+        dg1AndDg2Hash[i] === dg1ShaBytes[i].out;
+        dg1AndDg2Hash[i + HASH_LEN_BYTES] === dg2_hash[i];
     }
 
     // compute hash of econtent

common/src/utils/genMockPassportData.ts

@@ -96,6 +96,7 @@ export function genMockPassportData(
   return {
     dsc: dsc,
     mrz: mrz,
+    dg2Hash: sampleDataHashes[0][1],
     eContent: concatenatedDataHashes,
     signedAttr: eContent,
     encryptedDigest: signatureBytes,

common/src/utils/generateInputs.ts

@@ -36,7 +36,7 @@ export function generateCircuitInputsRegister(
   n_dsc: number,
   k_dsc: number
 ) {
-  const { mrz, eContent, signedAttr, encryptedDigest, dsc } = passportData;
+  const { mrz, eContent, signedAttr, encryptedDigest, dsc, dg2Hash } = passportData;
   const { signatureAlgorithm, hashFunction, hashLen, x, y, modulus, curve, exponent, bits } = parseCertificate(passportData.dsc);
 
   const signatureAlgorithmFullName = `${signatureAlgorithm}_${curve || exponent}_${hashFunction}_${bits}`;
@@ -104,6 +104,7 @@ export function generateCircuitInputsRegister(
     dsc_secret: [dscSecret],
     dg1: dg1.map(byte => String(byte)),
     dg1_hash_offset: [dg1HashOffset.toString()], // uncomment when adding new circuits
+    dg2_hash: dg2Hash.map((x) => toUnsignedByte(x).toString()),
     econtent: Array.from(eContentPadded).map((x) => x.toString()),
     econtent_padded_length: [eContentLen.toString()],
     signed_attr: Array.from(signedAttrPadded).map((x) => x.toString()),
@@ -239,6 +240,7 @@ export function generateCircuitInputsProve(
   return {
     dg1: register_inputs.dg1,
     dg1_hash_offset: register_inputs.dg1_hash_offset, // uncomment when adding new circuits
+    dg2_hash: register_inputs.dg2_hash,
     econtent: register_inputs.econtent,
     econtent_padded_length: register_inputs.econtent_padded_length,
     signed_attr: register_inputs.signed_attr,

common/src/utils/types.ts

@@ -1,5 +1,6 @@
 export type PassportData = {
   mrz: string;
+  dg2Hash?: number[];
   dsc: string;
   eContent: number[];
   signedAttr: number[];