diff --git a/circuits/circuits/dsc/dsc_rsa_65537_sha1.circom b/circuits/circuits/dsc/dsc_rsa_65537_sha1.circom index c164f1c5..7d67e3cd 100644 --- a/circuits/circuits/dsc/dsc_rsa_65537_sha1.circom +++ b/circuits/circuits/dsc/dsc_rsa_65537_sha1.circom @@ -9,7 +9,7 @@ include "../utils/Sha1Bytes.circom"; include "../utils/leafHasherLight.circom"; include "../utils/rsaPkcs1.circom"; -template DSC_RSA_65537_SHA1(max_cert_bytes, n_dsc, k_dsc, n_csca, k_csca, dsc_mod_len, nLevels ) { +template DSC_RSA_65537_SHA1(max_cert_bytes, n_dsc, k_dsc, n_csca, k_csca, dsc_mod_len, nLevels, signatureAlgorithm) { signal input raw_dsc_cert[max_cert_bytes]; signal input raw_dsc_cert_padded_bytes; signal input csca_modulus[k_csca]; @@ -25,9 +25,10 @@ template DSC_RSA_65537_SHA1(max_cert_bytes, n_dsc, k_dsc, n_csca, k_csca, dsc_mo signal output blinded_dsc_commitment; //verify the leaf - component leafHasherLight = LeafHasherLight(k_csca); - leafHasherLight.in <== csca_modulus; - signal leaf <== leafHasherLight.out; + component leafHasher = LeafHasherLightWithSigAlg(k_csca); + leafHasher.sigAlg <== signatureAlgorithm; + leafHasher.in <== csca_modulus; + signal leaf <== leafHasher.out; signal computed_merkle_root <== BinaryMerkleRoot(nLevels)(leaf, nLevels, path, siblings); diff --git a/circuits/circuits/dsc/dsc_rsa_65537_sha256.circom b/circuits/circuits/dsc/dsc_rsa_65537_sha256.circom index ba51e0dd..9a3184f8 100644 --- a/circuits/circuits/dsc/dsc_rsa_65537_sha256.circom +++ b/circuits/circuits/dsc/dsc_rsa_65537_sha256.circom @@ -10,7 +10,7 @@ include "../utils/splitBytesToWords.circom"; include "../utils/splitSignalsToWords.circom"; include "../utils/leafHasherLight.circom"; -template DSC_RSA_65537_SHA256(max_cert_bytes, n_dsc, k_dsc, n_csca, k_csca, dsc_mod_len, nLevels ) { +template DSC_RSA_65537_SHA256(max_cert_bytes, n_dsc, k_dsc, n_csca, k_csca, dsc_mod_len, nLevels, signatureAlgorithm) { signal input raw_dsc_cert[max_cert_bytes]; signal input raw_dsc_cert_padded_bytes; signal input csca_modulus[k_csca]; @@ -25,9 +25,11 @@ template DSC_RSA_65537_SHA256(max_cert_bytes, n_dsc, k_dsc, n_csca, k_csca, dsc_ signal output blinded_dsc_commitment; - component leafHasherLight = LeafHasherLight(k_csca); - leafHasherLight.in <== csca_modulus; - signal leaf <== leafHasherLight.out; + //verify the leaf + component leafHasher = LeafHasherLightWithSigAlg(k_csca); + leafHasher.sigAlg <== signatureAlgorithm; + leafHasher.in <== csca_modulus; + signal leaf <== leafHasher.out; signal computed_merkle_root <== BinaryMerkleRoot(nLevels)(leaf, nLevels, path, siblings); diff --git a/circuits/circuits/dsc/dsc_rsapss_65537_sha256.circom b/circuits/circuits/dsc/dsc_rsapss_65537_sha256.circom index 79b2c81f..e44cf62d 100644 --- a/circuits/circuits/dsc/dsc_rsapss_65537_sha256.circom +++ b/circuits/circuits/dsc/dsc_rsapss_65537_sha256.circom @@ -10,7 +10,7 @@ include "../utils/splitSignalsToWords.circom"; include "../utils/leafHasherLight.circom"; include "../utils/rsapss/rsapss.circom"; -template DSC_RSAPSS_65537_SHA256(max_cert_bytes, n_dsc, k_dsc, n_csca, k_csca, modulus_bits_size, dsc_mod_len, nLevels ) { +template DSC_RSAPSS_65537_SHA256(max_cert_bytes, n_dsc, k_dsc, n_csca, k_csca, modulus_bits_size, dsc_mod_len, nLevels, signatureAlgorithm) { signal input raw_dsc_cert[max_cert_bytes]; signal input raw_dsc_cert_padded_bytes; signal input csca_modulus[k_csca]; @@ -25,10 +25,11 @@ template DSC_RSAPSS_65537_SHA256(max_cert_bytes, n_dsc, k_dsc, n_csca, k_csca, m signal output blinded_dsc_commitment; - // verify the leaf - component leafHasherLight = LeafHasherLight(k_csca); - leafHasherLight.in <== csca_modulus; - signal leaf <== leafHasherLight.out; + //verify the leaf + component leafHasher = LeafHasherLightWithSigAlg(k_csca); + leafHasher.sigAlg <== signatureAlgorithm; + leafHasher.in <== csca_modulus; + signal leaf <== leafHasher.out; signal computed_merkle_root <== BinaryMerkleRoot(nLevels)(leaf, nLevels, path, siblings); merkle_root === computed_merkle_root; diff --git a/circuits/circuits/tests/dsc/dsc_sha1_rsa_2048.circom b/circuits/circuits/tests/dsc/dsc_sha1_rsa_2048.circom index 6b11e35c..c588f208 100644 --- a/circuits/circuits/tests/dsc/dsc_sha1_rsa_2048.circom +++ b/circuits/circuits/tests/dsc/dsc_sha1_rsa_2048.circom @@ -2,4 +2,4 @@ pragma circom 2.1.6; include "../../dsc/dsc_rsa_65537_sha1.circom"; -component main { public [ merkle_root ] } = DSC_RSA_65537_SHA1(960, 64, 32, 64, 32, 256, 12); \ No newline at end of file +component main { public [ merkle_root ] } = DSC_RSA_65537_SHA1(960, 64, 32, 64, 32, 256, 12, 3); \ No newline at end of file diff --git a/circuits/circuits/tests/dsc/dsc_sha256_rsa_2048.circom b/circuits/circuits/tests/dsc/dsc_sha256_rsa_2048.circom index 3150cecf..b914e90b 100644 --- a/circuits/circuits/tests/dsc/dsc_sha256_rsa_2048.circom +++ b/circuits/circuits/tests/dsc/dsc_sha256_rsa_2048.circom @@ -2,4 +2,4 @@ pragma circom 2.1.6; include "../../dsc/dsc_rsa_65537_sha256.circom"; -component main { public [ merkle_root ] } = DSC_RSA_65537_SHA256(960, 64, 32, 64, 32, 256, 12); \ No newline at end of file +component main { public [ merkle_root ] } = DSC_RSA_65537_SHA256(960, 64, 32, 64, 32, 256, 12,1); \ No newline at end of file diff --git a/circuits/circuits/tests/dsc/dsc_sha256_rsapss_2048.circom b/circuits/circuits/tests/dsc/dsc_sha256_rsapss_2048.circom index c7ecb2d3..e7b85cad 100644 --- a/circuits/circuits/tests/dsc/dsc_sha256_rsapss_2048.circom +++ b/circuits/circuits/tests/dsc/dsc_sha256_rsapss_2048.circom @@ -2,4 +2,4 @@ pragma circom 2.1.6; include "../../dsc/dsc_rsapss_65537_sha256.circom"; -component main { public [ merkle_root ] } = DSC_RSAPSS_65537_SHA256(960, 64, 32, 64, 32, 2048, 256, 12); \ No newline at end of file +component main { public [ merkle_root ] } = DSC_RSAPSS_65537_SHA256(960, 64, 32, 64, 32, 2048, 256, 12,4); \ No newline at end of file diff --git a/circuits/tests/dsc/dsc_sha1_rsa_2048.test.ts b/circuits/tests/dsc/dsc_sha1_rsa_2048.test.ts index ada9dded..f4111057 100644 --- a/circuits/tests/dsc/dsc_sha1_rsa_2048.test.ts +++ b/circuits/tests/dsc/dsc_sha1_rsa_2048.test.ts @@ -8,7 +8,7 @@ import { mock_dsc_sha1_rsa_2048, mock_csca_sha1_rsa_2048, } from '../../../common/src/constants/mockCertificates'; -import { k_csca, k_dsc, n_csca, n_dsc } from '../../../common/src/constants/constants'; +import { k_dsc, n_dsc } from '../../../common/src/constants/constants'; describe('DSC chain certificate - SHA1 RSA', function () { this.timeout(0); // Disable timeout @@ -23,8 +23,8 @@ describe('DSC chain certificate - SHA1 RSA', function () { cscaCert, n_dsc, k_dsc, - n_csca, - k_csca, + n_dsc, + k_dsc, max_cert_bytes, true ); diff --git a/circuits/tests/dsc/dsc_sha256_rsa_2048.test.ts b/circuits/tests/dsc/dsc_sha256_rsa_2048.test.ts index cc85ff61..b411a88d 100644 --- a/circuits/tests/dsc/dsc_sha256_rsa_2048.test.ts +++ b/circuits/tests/dsc/dsc_sha256_rsa_2048.test.ts @@ -8,7 +8,7 @@ import { mock_dsc_sha256_rsa_2048, mock_csca_sha256_rsa_2048, } from '../../../common/src/constants/mockCertificates'; -import { k_csca, k_dsc, n_csca, n_dsc } from '../../../common/src/constants/constants'; +import { k_dsc, n_dsc } from '../../../common/src/constants/constants'; describe('DSC chain certificate - SHA256 RSA', function () { this.timeout(0); // Disable timeout @@ -23,8 +23,8 @@ describe('DSC chain certificate - SHA256 RSA', function () { cscaCert, n_dsc, k_dsc, - n_csca, - k_csca, + n_dsc, + k_dsc, max_cert_bytes, true ); diff --git a/common/src/utils/csca.ts b/common/src/utils/csca.ts index b9c95604..598a12fd 100644 --- a/common/src/utils/csca.ts +++ b/common/src/utils/csca.ts @@ -126,7 +126,9 @@ export function getCSCAInputs(dscSecret: string, dscCertificate: any, cscaCertif // console.log('dsc_messagePaddedLen_formatted', dsc_messagePaddedLen_formatted); // merkle tree saga - const leaf = getLeaf(cscaCertificate, n_csca, k_csca); + const pemContent = forge.pki.certificateToPem(cscaCertificate); + const leaf = getLeaf(pemContent, n_csca, k_csca); + console.log('leaf', leaf); const [root, proof] = getCSCAModulusProof(leaf, n_csca, k_csca); const { signatureAlgorithm: signatureAlgorithmName, hashFunction } = getSignatureAlgorithmDetails(signatureAlgorithm);