Merge pull request #152 from zk-passport/rsa_verifier

switch rsa_verifier to a n,k = 121,17

circuits/circuits/tests/utils/rsa_verifier.circom

@@ -1,3 +1,3 @@
 include "@zk-email/circuits/lib/rsa.circom";
 
-component main = RSAVerifier65537(64, 32);
+component main = RSAVerifier65537(121, 17);

circuits/tests/utils/rsa_verifier.test.ts

@@ -46,6 +46,8 @@ describe('RSA Verifier', function () {
       mock_dsc_sha256_rsa_2048,
       mock_csca_sha256_rsa_2048
     );
+    const n = 121;
+    const k = 17;
 
     it('should verify DSC has been signed by the CSCA', () => {
       const isVerified = dscCert.verify(cscaCert.publicKey);
@@ -54,18 +56,8 @@ describe('RSA Verifier', function () {
     });
 
     it('should extract and log certificate information', async () => {
-      const csca_inputs = getCSCAInputs(
-        '0',
-        dscCert_forge,
-        cscaCert_forge,
-        64,
-        32,
-        64,
-        32,
-        2048,
-        true
-      );
-      const tbsCertificateHashFormatted = getTBSHash(dscCert_forge, 'sha256');
+      const csca_inputs = getCSCAInputs('0', dscCert_forge, cscaCert_forge, n, k, n, k, 2048, true);
+      const tbsCertificateHashFormatted = getTBSHash(dscCert_forge, 'sha256', n, k);
 
       const inputs = {
         message: tbsCertificateHashFormatted,

common/src/utils/csca.ts

@@ -24,11 +24,11 @@ export function findStartIndex(modulus: string, messagePadded: Uint8Array): numb
         if (modulusNumArray[0] === messagePaddedNumber[i]) {
             for (let j = 0; j < modulusNumArray.length; j++) {
                 if (modulusNumArray[j] !== messagePaddedNumber[i + j]) {
-                    console.log("NO MODULUS FOUND IN CERTIFICATE");
+                    //console.log("NO MODULUS FOUND IN CERTIFICATE");
                     break;
                 }
                 else if (j === modulusNumArray.length - 1) {
-                    console.log("MODULUS FOUND IN CERTIFICATE");
+                    //console.log("MODULUS FOUND IN CERTIFICATE");
                     startIndex = i;
                 }
             }
@@ -43,7 +43,7 @@ export function getCSCAInputs(dscSecret: string, dscCertificate: any, cscaCertif
     let csca_modulus_bigint;
     // the purpose of devmode is to get the csca modulus from the mock_csca certificate instead of using the registry which parses aki to csca modulus
     if (devmod) {
-        console.log('DEV MODE');
+        // console.log('DEV MODE');
         //const csca_modulus_bigint = BigInt('0x' + csca_modulus);
         //console.log("certificate", cscaCertificate);
         //console.log('csca_modulus_hex', cscaCertificate.getPublicKeyHex());
@@ -58,7 +58,7 @@ export function getCSCAInputs(dscSecret: string, dscCertificate: any, cscaCertif
 
     }
     else {
-        console.log('NOT DEV MODE');
+        // console.log('NOT DEV MODE');
         // Find the authorityKeyIdentifier extension
         const authorityKeyIdentifierExt = dscCertificate.extensions.find(
             (ext) => ext.name === 'authorityKeyIdentifier'
@@ -80,7 +80,7 @@ export function getCSCAInputs(dscSecret: string, dscCertificate: any, cscaCertif
     }
 
     const signatureAlgorithm = dscCertificate.signatureOid;;
-    console.log('signatureAlgorithm', signatureAlgorithm);
+    //console.log('signatureAlgorithm', signatureAlgorithm);
 
     //dsc modulus
     const dsc_modulus = dscCertificate.publicKey.n.toString(16).toLowerCase();
@@ -216,7 +216,7 @@ export function getCSCAModulusProof(leaf, n, k) {
     return [tree.root, proof];
 }
 
-export function getTBSHash(cert: forge.pki.Certificate, hashAlgorithm: 'sha1' | 'sha256'): string[] {
+export function getTBSHash(cert: forge.pki.Certificate, hashAlgorithm: 'sha1' | 'sha256', n: number, k: number): string[] {
     const tbsCertAsn1 = forge.pki.certificateToAsn1(cert).value[0];
     const tbsCertDer = forge.asn1.toDer(tbsCertAsn1 as any).getBytes();
     const md = hashAlgorithm === 'sha256' ? forge.md.sha256.create() : forge.md.sha1.create();
@@ -226,7 +226,7 @@ export function getTBSHash(cert: forge.pki.Certificate, hashAlgorithm: 'sha1' |
     const tbsCertificateHashHex = Buffer.from(tbsCertificateHashString, 'binary').toString('hex');
     const tbsCertificateHashBigint = BigInt(`0x${tbsCertificateHashHex}`);
     console.log('tbsCertificateHashBigint', tbsCertificateHashBigint);
-    return splitToWords(tbsCertificateHashBigint, BigInt(64), BigInt(32));
+    return splitToWords(tbsCertificateHashBigint, BigInt(n), BigInt(k));
 }
 
 

registry/src/csca/build_csca_merkle_tree.ts

@@ -81,8 +81,8 @@ async function buildCscaMerkleTree() {
 
     if (DEVELOPMENT_MODE) {
         const mockCscaList = [
-            '../common/src/mock_certificates/sha256_rsa_4096/mock_csca.crt',
-            '../common/src/mock_certificates/sha256_rsa_2048/mock_csca.crt',
+            '../common/src/mock_certificates/sha256_rsa_4096/mock_csca.pem',
+            '../common/src/mock_certificates/sha256_rsa_2048/mock_csca.pem',
             '../common/src/mock_certificates/sha256_rsapss_4096/mock_csca.pem',
             '../common/src/mock_certificates/sha256_rsapss_2048/mock_csca.pem',
             '../common/src/mock_certificates/sha1_rsa_4096/mock_csca.crt',