Merge pull request #156 from zk-passport/dev

Merge last commits from dev

.gitignore

@@ -1,3 +1,5 @@
 contracts/contracts/RegisterASCII.txt
 sdk/.env
-dist
+dist
+**/node_modules
+**/node_modules/

circuits/circuits/tests/dsc/dsc_sha1_rsa_4096.circom

@@ -1,5 +1,5 @@
 pragma circom  2.1.6;
 
-include "../../dsc_sha1WithRSAEncryption.circom";
+include "../../dsc/dsc_sha1_rsa.circom";
 
-component main { public [ merkle_root ] } = DSC_sha1WithRSAEncryption(1664,121 ,17 ,121, 34, 256, 12);
+component main { public [ merkle_root ] } = DSC_SHA1_RSA(1664,121 ,17 ,121, 34, 256, 12);

circuits/circuits/tests/dsc/dsc_sha256_rsa_4096.circom

@@ -0,0 +1,5 @@
+pragma circom  2.1.6;
+
+include "../../dsc/dsc_sha256_rsa.circom";
+
+component main { public [ merkle_root ] } = DSC_SHA256_RSA(1664,121 ,17 ,121, 34, 256, 12);

circuits/circuits/tests/utils/rsapss_verifier.circom

@@ -0,0 +1,20 @@
+include "../../utils/RSASSAPSS_padded.circom";
+
+template RSAPSSVerifier(n,k,max_bytes) {
+    signal input signature[k];
+    signal input modulus[k];
+    signal input raw_message[max_bytes];
+    signal input raw_message_padded_bytes;
+
+    component rsaDecode = RSASSAPSS_Decode(n, k);
+    rsaDecode.signature <== signature;
+    rsaDecode.modulus <== modulus;
+    var emLen = div_ceil(n * k, 8);
+    signal encodedMessage[emLen] <== rsaDecode.eM;
+
+    component rsaVerify = RSASSAPSSVerify_SHA256(n * k, max_bytes);
+    rsaVerify.eM <== encodedMessage;
+    rsaVerify.message <== raw_message;
+    rsaVerify.messagePaddedLen <== raw_message_padded_bytes;
+}
+component main = RSAPSSVerifier(64,32, 960);

circuits/scripts/build_dsc_circuit_2048.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# Record the start time
+TOTAL_START_TIME=$(date +%s)
+
+mkdir -p build
+cd build
+if [ ! -f powersOfTau28_hez_final_20.ptau ]; then
+    echo -e "\033[34mDownload power of tau....\033[0m"
+    wget https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_20.ptau
+    echo -e "\033[32mFinished download!\033[0m"
+else 
+    echo -e "\033[90mPowers of tau file already downloaded\033[0m"
+fi
+cd ..
+
+build_circuit() {
+    local CIRCUIT_NAME=$1
+    local START_TIME=$(date +%s)
+
+    echo -e "\033[34mcompiling circuit: $CIRCUIT_NAME\033[0m"
+    circom circuits/tests/dsc/${CIRCUIT_NAME}.circom -l node_modules -l ./node_modules/@zk-kit/binary-merkle-root.circom/src -l ./node_modules/circomlib/circuits --r1cs --O1 --wasm -c --output build
+
+    echo -e "\033[34mbuilding zkey\033[0m"
+    yarn snarkjs groth16 setup build/${CIRCUIT_NAME}.r1cs build/powersOfTau28_hez_final_20.ptau build/${CIRCUIT_NAME}.zkey
+
+    if command -v openssl &> /dev/null
+    then
+        RAND_STR=$(openssl rand -hex 64)
+    else
+        RAND_STR="random text"
+    fi
+
+    echo -e "\033[34mbuilding vkey\033[0m"
+    echo $RAND_STR | yarn snarkjs zkey contribute build/${CIRCUIT_NAME}.zkey build/${CIRCUIT_NAME}_final.zkey
+    yarn snarkjs zkey export verificationkey build/${CIRCUIT_NAME}_final.zkey build/${CIRCUIT_NAME}_vkey.json
+
+    yarn snarkjs zkey export solidityverifier build/${CIRCUIT_NAME}_final.zkey build/Verifier_${CIRCUIT_NAME}.sol
+    sed -i '' "s/Groth16Verifier/Verifier_${CIRCUIT_NAME}/g" build/Verifier_${CIRCUIT_NAME}.sol
+    cp build/Verifier_${CIRCUIT_NAME}.sol ../contracts/contracts/Verifier_${CIRCUIT_NAME}.sol
+    echo -e "\033[34mcopied Verifier_${CIRCUIT_NAME}.sol to contracts\033[0m"
+
+    echo -e "\033[32mBuild of $CIRCUIT_NAME completed in $(($(date +%s) - START_TIME)) seconds\033[0m"
+
+    echo "file sizes:"
+    echo -e "\033[34mSize of ${CIRCUIT_NAME}.r1cs: $(wc -c <build/${CIRCUIT_NAME}.r1cs) bytes\033[0m"
+    echo -e "\033[34mSize of ${CIRCUIT_NAME}.wasm: $(wc -c <build/${CIRCUIT_NAME}_js/${CIRCUIT_NAME}.wasm) bytes\033[0m"
+    echo -e "\033[34mSize of ${CIRCUIT_NAME}_final.zkey: $(wc -c <build/${CIRCUIT_NAME}_final.zkey) bytes\033[0m"
+}
+
+# Define circuits and their deployment flags
+# name:deploy_flag
+CIRCUITS=(
+    "dsc_sha256_rsapss_2048:true"
+    "dsc_sha256_rsa_2048:true"
+    "dsc_sha1_rsa_2048:true"
+)
+
+for circuit in "${CIRCUITS[@]}"; do
+    IFS=':' read -r CIRCUIT_NAME DEPLOY_FLAG <<< "$circuit"
+    if [ "$DEPLOY_FLAG" = "true" ]; then
+        echo -e "\033[34mBuilding circuit $CIRCUIT_NAME\033[0m"
+        build_circuit "$CIRCUIT_NAME"
+    else
+        echo -e "\033[90mSkipping build for $CIRCUIT_NAME\033[0m"
+    fi
+done
+
+echo -e "\033[32mTotal build completed in $(($(date +%s) - TOTAL_START_TIME)) seconds\033[0m"

circuits/scripts/build_dsc_circuit_4096.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# Record the start time
+TOTAL_START_TIME=$(date +%s)
+
+mkdir -p build
+cd build
+if [ ! -f powersOfTau28_hez_final_22.ptau ]; then
+    echo -e "\033[34mDownload power of tau....\033[0m"
+    wget https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_22.ptau
+    echo -e "\033[32mFinished download!\033[0m"
+else 
+    echo -e "\033[90mPowers of tau file already downloaded\033[0m"
+fi
+cd ..
+
+build_circuit() {
+    local CIRCUIT_NAME=$1
+    local START_TIME=$(date +%s)
+
+    echo -e "\033[34mcompiling circuit: $CIRCUIT_NAME\033[0m"
+    circom circuits/tests/dsc/${CIRCUIT_NAME}.circom -l node_modules -l ./node_modules/@zk-kit/binary-merkle-root.circom/src -l ./node_modules/circomlib/circuits --r1cs --O1 --wasm -c --output build
+
+    echo -e "\033[34mbuilding zkey\033[0m"
+    yarn snarkjs groth16 setup build/${CIRCUIT_NAME}.r1cs build/powersOfTau28_hez_final_22.ptau build/${CIRCUIT_NAME}.zkey
+
+    if command -v openssl &> /dev/null
+    then
+        RAND_STR=$(openssl rand -hex 64)
+    else
+        RAND_STR="random text"
+    fi
+
+    echo -e "\033[34mbuilding vkey\033[0m"
+    echo $RAND_STR | yarn snarkjs zkey contribute build/${CIRCUIT_NAME}.zkey build/${CIRCUIT_NAME}_final.zkey
+    yarn snarkjs zkey export verificationkey build/${CIRCUIT_NAME}_final.zkey build/${CIRCUIT_NAME}_vkey.json
+
+    yarn snarkjs zkey export solidityverifier build/${CIRCUIT_NAME}_final.zkey build/Verifier_${CIRCUIT_NAME}.sol
+    sed -i '' "s/Groth16Verifier/Verifier_${CIRCUIT_NAME}/g" build/Verifier_${CIRCUIT_NAME}.sol
+    cp build/Verifier_${CIRCUIT_NAME}.sol ../contracts/contracts/Verifier_${CIRCUIT_NAME}.sol
+    echo -e "\033[34mcopied Verifier_${CIRCUIT_NAME}.sol to contracts\033[0m"
+
+    echo -e "\033[32mBuild of $CIRCUIT_NAME completed in $(($(date +%s) - START_TIME)) seconds\033[0m"
+
+    echo "file sizes:"
+    echo -e "\033[34mSize of ${CIRCUIT_NAME}.r1cs: $(wc -c <build/${CIRCUIT_NAME}.r1cs) bytes\033[0m"
+    echo -e "\033[34mSize of ${CIRCUIT_NAME}.wasm: $(wc -c <build/${CIRCUIT_NAME}_js/${CIRCUIT_NAME}.wasm) bytes\033[0m"
+    echo -e "\033[34mSize of ${CIRCUIT_NAME}_final.zkey: $(wc -c <build/${CIRCUIT_NAME}_final.zkey) bytes\033[0m"
+}
+
+# Define circuits and their deployment flags
+# name:deploy_flag
+CIRCUITS=(
+    "dsc_sha256_rsa_4096:false"
+    "dsc_sha1_rsa_4096:false"
+)
+
+for circuit in "${CIRCUITS[@]}"; do
+    IFS=':' read -r CIRCUIT_NAME DEPLOY_FLAG <<< "$circuit"
+    if [ "$DEPLOY_FLAG" = "true" ]; then
+        echo -e "\033[34mBuilding circuit $CIRCUIT_NAME\033[0m"
+        build_circuit "$CIRCUIT_NAME"
+    else
+        echo -e "\033[90mSkipping build for $CIRCUIT_NAME\033[0m"
+    fi
+done
+
+echo -e "\033[32mTotal build completed in $(($(date +%s) - TOTAL_START_TIME)) seconds\033[0m"

circuits/scripts/build_utils_circuits.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+source "scripts/download_ptau.sh"
+
+    echo "compiling circuit rsapss_verifier"
+    circom circuits/tests/utils/rsapss_verifier.circom -l node_modules -l ./node_modules/@zk-kit/binary-merkle-root.circom/src -l ./node_modules/circomlib/circuits --r1cs --O1 --wasm -c --output build

circuits/tests/utils/rsapss_verifier.test.ts

@@ -0,0 +1,72 @@
+import { expect } from 'chai';
+import { X509Certificate } from 'crypto';
+import path from 'path';
+import { getCSCAInputs, getTBSHash } from '../../../common/src/utils/csca';
+const wasm_tester = require('circom_tester').wasm;
+import forge from 'node-forge';
+
+import {
+  mock_dsc_sha256_rsapss_2048,
+  mock_csca_sha256_rsapss_2048,
+} from '../../../common/src/constants/mockCertificates';
+
+function loadCertificates(dscCertContent: string, cscaCertContent: string) {
+  const dscCert = new X509Certificate(dscCertContent);
+  const cscaCert = new X509Certificate(cscaCertContent);
+  const dscCert_forge = forge.pki.certificateFromPem(dscCertContent);
+  const cscaCert_forge = forge.pki.certificateFromPem(cscaCertContent);
+
+  return { dscCert, cscaCert, dscCert_forge, cscaCert_forge };
+}
+
+describe('RSAPSS Verifier', function () {
+  this.timeout(0);
+  let circuit;
+
+  this.beforeAll(async () => {
+    const circuitPath = path.resolve(
+      __dirname,
+      '../../circuits/tests/utils/rsapss_verifier.circom'
+    );
+    circuit = await wasm_tester(circuitPath, {
+      include: [
+        'node_modules',
+        './node_modules/@zk-kit/binary-merkle-root.circom/src',
+        './node_modules/circomlib/circuits',
+      ],
+    });
+  });
+  describe('Circuit', () => {
+    it('should compile and load the circuit', () => {
+      expect(circuit).not.to.be.undefined;
+    });
+  });
+
+  describe('SHA-256 certificates', async () => {
+    const { dscCert, cscaCert, dscCert_forge, cscaCert_forge } = loadCertificates(
+      mock_dsc_sha256_rsapss_2048,
+      mock_csca_sha256_rsapss_2048
+    );
+    const n = 64;
+    const k = 32;
+
+    it('should verify DSC has been signed by the CSCA', () => {
+      const isVerified = dscCert.verify(cscaCert.publicKey);
+      console.log(`SHA-256 DSC certificate verification result: ${isVerified}`);
+      expect(isVerified).to.be.true;
+    });
+
+    it('should extract and log certificate information', async () => {
+      const csca_inputs = getCSCAInputs('0', dscCert_forge, cscaCert_forge, n, k, n, k, 960, true);
+      // const tbsCertificateHashFormatted = getTBSHash(dscCert_forge, 'sha256', n, k);
+
+      const inputs = {
+        raw_message: csca_inputs.raw_dsc_cert,
+        raw_message_padded_bytes: csca_inputs.raw_dsc_cert_padded_bytes,
+        signature: csca_inputs.dsc_signature,
+        modulus: csca_inputs.csca_modulus,
+      };
+      //const witness = await circuit.calculateWitness(inputs, true);
+    });
+  });
+});

common/package.json

@@ -4,6 +4,7 @@
     "@zk-kit/imt": "https://gitpkg.now.sh/0xturboblitz/zk-kit/packages/imt?6d417675",
     "@zk-kit/lean-imt": "^2.0.1",
     "asn1.js": "^5.4.1",
+    "axios": "^1.7.2",
     "elliptic": "^6.5.5",
     "fs": "^0.0.1-security",
     "js-sha1": "^0.7.0",
@@ -19,4 +20,4 @@
   "devDependencies": {
     "@types/node-forge": "^1.3.10"
   }
-}
+}

common/src/utils/csca.ts

@@ -1,11 +1,12 @@
 import { sha1Pad, sha256Pad } from "./shaPad";
 import * as forge from "node-forge";
 import { splitToWords } from "./utils";
-import { CSCA_AKI_MODULUS, CSCA_TREE_DEPTH } from "../constants/constants";
+import { CSCA_AKI_MODULUS, CSCA_TREE_DEPTH, MODAL_SERVER_ADDRESS } from "../constants/constants";
 import { poseidon16, poseidon2, poseidon4 } from "poseidon-lite";
 import { IMT } from "@zk-kit/imt";
 import serialized_csca_tree from "../../pubkeys/serialized_csca_tree.json"
 import { createHash } from "crypto";
+import axios from "axios";
 
 export function findStartIndex(modulus: string, messagePadded: Uint8Array): number {
     const modulusNumArray = [];
@@ -230,4 +231,24 @@ export function getTBSHash(cert: forge.pki.Certificate, hashAlgorithm: 'sha1' |
 }
 
 
-
+export const sendCSCARequest = async (inputs_csca: any): Promise<any> => {
+    try {
+        const response = await axios.post(MODAL_SERVER_ADDRESS, inputs_csca, {
+            headers: {
+                'Content-Type': 'application/json'
+            }
+        });
+        return response.data;
+    } catch (error) {
+        if (axios.isAxiosError(error)) {
+            console.error('Axios error:', error.message);
+            if (error.response) {
+                console.error('Response data:', error.response.data);
+                console.error('Response status:', error.response.status);
+            }
+        } else {
+            console.error('Unexpected error:', error);
+        }
+        throw error;
+    }
+};