diff --git a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_dsc_verify_1300.toml b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_dsc_verify_1300.toml index 89ae7d385..847d76156 100644 --- a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_dsc_verify_1300.toml +++ b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_dsc_verify_1300.toml @@ -1,5 +1,6 @@ comm_in = "0x0edb37df14cd00d4352dafa07efa293668fe5d6f9484bd331828c739bd6184bb" csc_pubkey = [191, 56, 52, 58, 68, 102, 237, 183, 171, 195, 84, 11, 3, 233, 51, 203, 74, 37, 42, 68, 152, 19, 154, 192, 131, 19, 113, 213, 124, 239, 224, 225, 165, 80, 127, 141, 153, 142, 67, 27, 80, 195, 133, 114, 240, 90, 185, 199, 165, 202, 176, 89, 69, 36, 65, 105, 30, 110, 4, 208, 12, 242, 135, 138, 112, 0, 112, 23, 63, 255, 106, 101, 85, 230, 227, 208, 200, 233, 85, 158, 57, 216, 198, 32, 116, 4, 181, 10, 208, 243, 151, 165, 147, 187, 14, 133, 61, 31, 15, 146, 160, 16, 91, 221, 65, 81, 131, 77, 250, 8, 5, 30, 244, 110, 139, 157, 228, 250, 47, 54, 46, 153, 235, 164, 201, 64, 61, 171, 152, 23, 115, 253, 143, 134, 106, 100, 221, 126, 124, 29, 158, 68, 169, 153, 8, 134, 19, 141, 243, 173, 103, 176, 135, 248, 179, 254, 74, 187, 86, 47, 12, 204, 128, 145, 46, 121, 60, 229, 217, 220, 247, 135, 186, 158, 69, 91, 128, 116, 92, 152, 233, 139, 249, 106, 63, 203, 217, 86, 113, 2, 78, 165, 244, 86, 152, 213, 164, 36, 24, 179, 100, 67, 182, 69, 30, 5, 131, 11, 129, 211, 171, 52, 237, 148, 104, 197, 107, 44, 64, 38, 244, 242, 170, 3, 191, 182, 145, 129, 165, 236, 217, 97, 192, 75, 17, 254, 254, 33, 68, 205, 70, 79, 134, 69, 244, 176, 24, 133, 19, 70, 24, 170, 161, 72, 171, 48, 146, 75, 134, 119, 13, 39, 217, 189, 2, 173, 141, 136, 176, 140, 220, 230, 94, 151, 182, 4, 120, 218, 39, 115, 34, 78, 139, 102, 230, 227, 223, 78, 72, 133, 59, 224, 128, 79, 71, 67, 133, 171, 11, 66, 200, 133, 21, 76, 125, 126, 111, 212, 29, 7, 92, 4, 5, 189, 41, 21, 15, 96, 31, 28, 233, 156, 44, 254, 47, 121, 82, 71, 133, 69, 3, 135, 247, 237, 29, 140, 111, 2, 232, 200, 129, 234, 113, 146, 243, 148, 127, 227, 183, 110, 190, 65, 93, 136, 180, 104, 17, 121, 45, 128, 216, 192, 95, 111, 75, 47, 182, 96, 41, 126, 100, 40, 129, 43, 154, 14, 220, 192, 8, 64, 47, 153, 2, 244, 140, 51, 4, 212, 105, 249, 255, 60, 143, 2, 60, 86, 176, 65, 253, 132, 133, 84, 56, 165, 169, 121, 182, 176, 237, 210, 209, 119, 253, 138, 95, 127, 194, 72, 248, 212, 91, 87, 203, 173, 38, 80, 222, 101, 163, 252, 86, 186, 143, 161, 184, 70, 24, 248, 230, 196, 157, 35, 205, 39, 49, 136, 8, 204, 176, 116, 68, 167, 1, 10, 217, 82, 208, 215, 28, 231, 252, 203, 70, 240, 62, 4, 211, 209, 148, 141, 44, 246, 215, 112, 162, 20, 129, 94, 123, 230, 126, 128, 33, 41, 231, 119, 64, 51, 253, 166, 145, 64, 10, 158, 141, 43, 193, 20, 69, 15, 194, 35, 139, 233, 28, 240, 166, 131, 61, 187, 241, 129] +csc_key_ne_hash = "0x1ca4af41d370d02b729b6a63b4aea3cf29242ad76ac8420c144d7558072ba172" salt = "0x1" country = "UTO" state1 = [2255395565, 3984421451, 1880533823, 1801696719, 786056496, 1504766900, 4275076418, 57901920] @@ -8,4 +9,4 @@ tbs_certificate_len = 850 csc_pubkey_redc_param = [21, 107, 159, 157, 72, 119, 18, 0, 27, 71, 177, 110, 89, 195, 140, 32, 0, 81, 204, 142, 10, 42, 57, 174, 56, 49, 20, 174, 40, 168, 13, 110, 119, 62, 130, 206, 113, 131, 163, 69, 216, 148, 52, 169, 100, 129, 114, 255, 46, 231, 61, 14, 80, 203, 136, 94, 50, 194, 33, 127, 20, 160, 234, 71, 20, 201, 8, 231, 223, 0, 192, 38, 138, 232, 188, 101, 68, 103, 102, 81, 27, 78, 37, 96, 11, 135, 61, 12, 158, 37, 141, 215, 151, 25, 176, 135, 41, 133, 163, 113, 221, 161, 175, 226, 9, 113, 252, 229, 239, 48, 55, 162, 33, 178, 224, 94, 18, 161, 220, 186, 163, 10, 133, 85, 127, 74, 95, 74, 192, 164, 69, 236, 121, 95, 224, 115, 181, 169, 156, 121, 161, 180, 127, 61, 26, 113, 65, 35, 241, 87, 67, 152, 40, 160, 29, 190, 249, 119, 178, 40, 99, 198, 222, 102, 162, 68, 138, 169, 237, 193, 199, 151, 159, 80, 118, 20, 141, 97, 224, 76, 212, 29, 80, 238, 32, 234, 172, 151, 141, 134, 227, 177, 61, 106, 9, 105, 194, 149, 232, 171, 165, 135, 244, 24, 214, 213, 28, 115, 68, 75, 160, 198, 129, 73, 238, 59, 59, 4, 45, 101, 235, 220, 224, 224, 5, 76, 13, 218, 137, 189, 174, 52, 38, 192, 245, 127, 138, 81, 96, 255, 162, 119, 44, 210, 247, 66, 99, 3, 202, 110, 26, 174, 27, 157, 15, 85, 81, 115, 162, 35, 217, 73, 84, 139, 198, 206, 205, 93, 221, 207, 182, 126, 20, 211, 178, 23, 232, 95, 253, 252, 254, 211, 143, 149, 130, 102, 69, 47, 230, 141, 23, 107, 148, 35, 98, 85, 98, 111, 238, 85, 148, 111, 251, 83, 220, 88, 156, 81, 27, 196, 8, 5, 66, 216, 111, 3, 226, 212, 80, 151, 38, 164, 172, 189, 112, 224, 225, 98, 165, 86, 180, 31, 32, 249, 202, 127, 244, 142, 127, 17, 239, 16, 41, 1, 191, 113, 134, 18, 66, 251, 227, 254, 73, 53, 180, 104, 27, 133, 32, 198, 218, 159, 226, 32, 79, 136, 115, 52, 110, 242, 239, 204, 109, 154, 29, 180, 85, 142, 244, 160, 90, 14, 37, 236, 159, 130, 229, 169, 11, 37, 132, 37, 49, 124, 225, 206, 164, 202, 94, 34, 8, 5, 49, 56, 17, 171, 65, 211, 126, 42, 109, 62, 176, 132, 107, 62, 190, 141, 214, 11, 217, 6, 52, 198, 157, 181, 22, 107, 245, 249, 222, 4, 71, 63, 54, 104, 23, 171, 180, 131, 16, 230, 23, 94, 39, 61, 149, 204, 15, 42, 7, 187, 147, 37, 55, 67, 188, 147, 194, 254, 154, 193, 95, 227, 162, 216, 3, 127, 116, 248, 115, 121, 126, 176, 253, 175, 7, 245, 175, 129, 254, 70, 151, 36, 174, 235, 172, 158, 244, 206, 119, 184, 231, 1, 14, 162, 152, 159, 97, 136, 82, 216, 75, 161, 36, 208, 59, 62, 13, 12, 35, 82, 236] dsc_signature = [1, 90, 47, 176, 125, 161, 115, 42, 228, 134, 123, 122, 5, 10, 192, 251, 21, 176, 234, 130, 181, 159, 129, 112, 177, 142, 115, 49, 83, 162, 150, 234, 133, 233, 115, 90, 20, 113, 84, 60, 187, 88, 115, 7, 236, 156, 43, 41, 97, 196, 158, 176, 156, 61, 214, 171, 84, 234, 120, 38, 152, 93, 137, 186, 244, 89, 139, 161, 114, 156, 16, 105, 104, 254, 128, 219, 168, 148, 238, 79, 117, 131, 9, 121, 107, 114, 88, 246, 52, 220, 17, 114, 106, 6, 103, 56, 105, 75, 39, 120, 64, 136, 237, 83, 122, 147, 231, 96, 120, 145, 199, 203, 17, 76, 243, 108, 145, 6, 53, 178, 217, 197, 42, 29, 45, 166, 18, 163, 37, 198, 170, 204, 246, 145, 28, 88, 220, 217, 127, 129, 200, 243, 202, 201, 100, 203, 21, 26, 82, 136, 221, 195, 134, 115, 215, 35, 122, 92, 11, 126, 239, 123, 69, 103, 185, 5, 53, 172, 70, 105, 92, 242, 116, 163, 110, 14, 150, 211, 129, 135, 95, 219, 68, 18, 205, 169, 48, 179, 202, 174, 150, 37, 254, 211, 150, 59, 44, 172, 4, 87, 133, 57, 206, 135, 138, 187, 101, 245, 146, 151, 9, 54, 228, 40, 0, 245, 140, 211, 134, 38, 50, 174, 82, 124, 107, 54, 255, 30, 31, 40, 201, 20, 119, 75, 74, 242, 187, 44, 218, 182, 218, 185, 153, 221, 170, 2, 145, 206, 75, 46, 206, 164, 0, 219, 171, 204, 169, 20, 212, 145, 93, 26, 101, 101, 222, 26, 93, 215, 141, 207, 218, 178, 94, 14, 54, 2, 45, 172, 249, 227, 172, 222, 105, 152, 120, 121, 246, 138, 144, 112, 123, 60, 250, 244, 40, 29, 247, 190, 99, 79, 54, 0, 240, 119, 110, 230, 129, 88, 95, 219, 196, 159, 249, 48, 236, 220, 232, 3, 177, 8, 34, 210, 101, 147, 135, 161, 82, 125, 47, 216, 138, 186, 108, 74, 178, 129, 57, 227, 132, 49, 251, 45, 248, 119, 44, 147, 173, 178, 29, 150, 89, 241, 165, 37, 22, 157, 75, 225, 2, 237, 3, 55, 220, 104, 206, 8, 164, 37, 217, 22, 186, 239, 230, 194, 49, 93, 213, 191, 141, 79, 207, 181, 221, 34, 59, 234, 173, 228, 10, 146, 250, 117, 36, 188, 147, 234, 126, 79, 165, 228, 43, 95, 202, 48, 170, 84, 5, 91, 7, 230, 92, 108, 44, 198, 200, 156, 24, 203, 65, 68, 120, 65, 209, 200, 217, 182, 140, 39, 101, 245, 218, 21, 193, 169, 153, 47, 112, 164, 252, 99, 62, 99, 201, 25, 13, 103, 97, 59, 198, 7, 193, 40, 148, 201, 184, 75, 25, 98, 54, 243, 239, 7, 2, 15, 30, 104, 73, 40, 61, 149, 233, 207, 151, 75, 135, 0, 108, 124, 158, 9, 14, 134, 151, 82, 138, 235, 199, 127, 184, 140, 178, 172, 224, 252, 94, 15, 254, 128, 230, 69, 139, 195, 122, 107, 172, 243, 151, 38, 66, 196, 210, 123] exponent = 65537 -salt_out = "0x2" +salt_out = "0x2" \ No newline at end of file diff --git a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_id_data_1300.toml b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_id_data_1300.toml index 22af47d34..dc1b77129 100644 --- a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_id_data_1300.toml +++ b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_id_data_1300.toml @@ -5,6 +5,7 @@ dg1 = [97, 91, 95, 31, 88, 80, 60, 85, 84, 79, 68, 79, 69, 60, 60, 74, 79, 72, 7 dsc_pubkey = [144, 96, 22, 98, 202, 23, 238, 6, 187, 83, 246, 10, 141, 149, 39, 62, 150, 207, 25, 76, 254, 121, 159, 193, 25, 17, 64, 229, 112, 170, 152, 94, 212, 213, 4, 191, 8, 183, 225, 184, 213, 181, 211, 100, 210, 60, 155, 26, 13, 219, 11, 116, 84, 236, 33, 212, 47, 5, 187, 226, 120, 161, 57, 97, 200, 250, 174, 139, 216, 171, 95, 178, 148, 109, 3, 137, 151, 245, 142, 53, 177, 251, 74, 202, 2, 157, 33, 55, 30, 189, 239, 243, 101, 183, 43, 68, 245, 198, 9, 90, 109, 89, 109, 33, 98, 32, 173, 121, 203, 2, 79, 68, 150, 135, 158, 72, 76, 223, 55, 66, 30, 45, 33, 16, 91, 153, 158, 127, 64, 221, 31, 151, 241, 93, 105, 235, 153, 176, 146, 221, 20, 231, 141, 2, 146, 77, 209, 30, 90, 33, 33, 232, 176, 145, 244, 229, 221, 43, 101, 10, 210, 55, 50, 200, 103, 87, 18, 82, 53, 193, 130, 124, 69, 96, 179, 87, 245, 203, 181, 205, 57, 67, 181, 80, 198, 57, 101, 151, 179, 103, 201, 243, 52, 68, 91, 122, 137, 209, 141, 39, 68, 73, 244, 200, 211, 125, 2, 176, 12, 80, 77, 81, 225, 169, 34, 209, 187, 212, 47, 56, 92, 220, 159, 89, 236, 133, 200, 211, 11, 237, 217, 129, 115, 191, 208, 39, 198, 179, 16, 28, 59, 121, 160, 48, 239, 81, 144, 102, 168, 122, 158, 59, 83, 54, 91, 211] dsc_pubkey_redc_param = [28, 94, 216, 205, 130, 214, 187, 182, 58, 208, 228, 159, 128, 141, 147, 245, 68, 203, 236, 129, 99, 140, 108, 211, 245, 198, 71, 176, 2, 196, 241, 58, 221, 37, 54, 244, 93, 131, 148, 193, 87, 121, 38, 188, 142, 196, 4, 105, 26, 37, 150, 148, 152, 205, 235, 126, 184, 93, 105, 56, 44, 19, 57, 156, 74, 145, 52, 201, 54, 91, 218, 1, 26, 107, 219, 199, 28, 10, 57, 32, 22, 195, 131, 58, 46, 165, 57, 181, 53, 133, 182, 229, 180, 5, 229, 103, 172, 187, 96, 43, 14, 4, 151, 199, 136, 53, 224, 199, 167, 81, 240, 180, 174, 254, 87, 255, 239, 218, 1, 170, 8, 126, 189, 0, 83, 125, 173, 191, 84, 53, 29, 80, 88, 48, 59, 50, 243, 156, 221, 1, 81, 7, 140, 195, 28, 126, 195, 88, 226, 224, 141, 129, 220, 242, 189, 217, 16, 44, 163, 154, 247, 61, 237, 213, 56, 204, 14, 199, 251, 110, 139, 117, 142, 16, 234, 116, 47, 82, 226, 88, 40, 15, 104, 74, 12, 48, 224, 229, 64, 4, 157, 1, 124, 203, 51, 181, 191, 194, 149, 113, 225, 34, 173, 236, 206, 22, 80, 189, 181, 158, 100, 248, 60, 60, 68, 157, 169, 68, 26, 229, 226, 151, 181, 39, 197, 51, 51, 171, 197, 130, 196, 219, 115, 145, 84, 69, 157, 247, 71, 141, 198, 109, 219, 255, 149, 228, 19, 23, 56, 175, 123, 107, 192, 219, 175, 130, 60] dsc_pubkey_offset_in_dsc_cert = 229 +exponent_offset_in_dsc_cert = 487 sod_signature = [55, 125, 38, 168, 223, 78, 57, 118, 228, 58, 135, 97, 165, 230, 168, 0, 91, 69, 158, 155, 110, 40, 239, 57, 178, 211, 54, 96, 253, 10, 240, 107, 184, 122, 27, 253, 124, 73, 89, 217, 97, 144, 99, 173, 170, 199, 64, 96, 11, 143, 50, 90, 234, 133, 108, 224, 104, 98, 171, 85, 251, 138, 248, 6, 241, 193, 212, 242, 58, 208, 107, 18, 239, 246, 157, 218, 85, 217, 68, 118, 211, 205, 230, 40, 68, 3, 2, 171, 231, 247, 10, 101, 21, 250, 17, 217, 56, 254, 79, 109, 61, 190, 241, 168, 231, 49, 118, 0, 114, 237, 216, 227, 110, 117, 137, 176, 223, 146, 29, 1, 172, 234, 23, 186, 203, 18, 188, 210, 42, 156, 133, 107, 124, 3, 244, 173, 53, 85, 75, 225, 4, 106, 118, 111, 35, 16, 133, 227, 31, 148, 60, 113, 230, 201, 147, 83, 236, 179, 245, 84, 84, 144, 62, 29, 198, 38, 19, 237, 145, 183, 6, 72, 247, 172, 73, 108, 87, 50, 128, 85, 152, 180, 222, 24, 88, 18, 149, 23, 217, 196, 219, 198, 93, 53, 3, 189, 190, 34, 221, 60, 73, 108, 54, 42, 162, 49, 195, 65, 119, 194, 214, 101, 35, 101, 247, 27, 29, 143, 169, 47, 249, 107, 101, 202, 185, 231, 48, 223, 63, 20, 164, 24, 38, 103, 147, 80, 168, 152, 159, 186, 58, 107, 188, 155, 29, 221, 45, 107, 173, 106, 69, 98, 155, 39, 194, 22] tbs_certificate = [48, 130, 3, 78, 160, 3, 2, 1, 2, 2, 1, 2, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 48, 67, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 84, 49, 32, 48, 30, 6, 3, 85, 4, 10, 12, 23, 77, 111, 99, 107, 32, 80, 97, 115, 115, 112, 111, 114, 116, 32, 65, 117, 116, 104, 111, 114, 105, 116, 121, 49, 18, 48, 16, 6, 3, 85, 4, 3, 12, 9, 77, 111, 99, 107, 32, 67, 83, 67, 65, 48, 30, 23, 13, 50, 49, 48, 51, 50, 54, 49, 51, 52, 56, 48, 48, 90, 23, 13, 51, 49, 48, 51, 50, 52, 49, 51, 52, 56, 48, 48, 90, 48, 66, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 84, 49, 32, 48, 30, 6, 3, 85, 4, 10, 12, 23, 77, 111, 99, 107, 32, 80, 97, 115, 115, 112, 111, 114, 116, 32, 65, 117, 116, 104, 111, 114, 105, 116, 121, 49, 17, 48, 15, 6, 3, 85, 4, 3, 12, 8, 77, 111, 99, 107, 32, 68, 83, 67, 48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 144, 96, 22, 98, 202, 23, 238, 6, 187, 83, 246, 10, 141, 149, 39, 62, 150, 207, 25, 76, 254, 121, 159, 193, 25, 17, 64, 229, 112, 170, 152, 94, 212, 213, 4, 191, 8, 183, 225, 184, 213, 181, 211, 100, 210, 60, 155, 26, 13, 219, 11, 116, 84, 236, 33, 212, 47, 5, 187, 226, 120, 161, 57, 97, 200, 250, 174, 139, 216, 171, 95, 178, 148, 109, 3, 137, 151, 245, 142, 53, 177, 251, 74, 202, 2, 157, 33, 55, 30, 189, 239, 243, 101, 183, 43, 68, 245, 198, 9, 90, 109, 89, 109, 33, 98, 32, 173, 121, 203, 2, 79, 68, 150, 135, 158, 72, 76, 223, 55, 66, 30, 45, 33, 16, 91, 153, 158, 127, 64, 221, 31, 151, 241, 93, 105, 235, 153, 176, 146, 221, 20, 231, 141, 2, 146, 77, 209, 30, 90, 33, 33, 232, 176, 145, 244, 229, 221, 43, 101, 10, 210, 55, 50, 200, 103, 87, 18, 82, 53, 193, 130, 124, 69, 96, 179, 87, 245, 203, 181, 205, 57, 67, 181, 80, 198, 57, 101, 151, 179, 103, 201, 243, 52, 68, 91, 122, 137, 209, 141, 39, 68, 73, 244, 200, 211, 125, 2, 176, 12, 80, 77, 81, 225, 169, 34, 209, 187, 212, 47, 56, 92, 220, 159, 89, 236, 133, 200, 211, 11, 237, 217, 129, 115, 191, 208, 39, 198, 179, 16, 28, 59, 121, 160, 48, 239, 81, 144, 102, 168, 122, 158, 59, 83, 54, 91, 211, 2, 3, 1, 0, 1, 163, 130, 1, 100, 48, 130, 1, 96, 48, 15, 6, 3, 85, 29, 19, 1, 1, 255, 4, 5, 48, 3, 1, 1, 0, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 7, 128, 48, 41, 6, 3, 85, 29, 14, 4, 34, 4, 32, 236, 115, 196, 36, 236, 2, 138, 16, 34, 153, 224, 23, 230, 87, 56, 253, 158, 235, 14, 147, 38, 52, 87, 5, 72, 19, 213, 247, 131, 38, 127, 141, 48, 130, 1, 16, 6, 9, 43, 6, 1, 4, 1, 134, 141, 31, 1, 4, 130, 1, 1, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] signed_attributes = [49, 72, 48, 21, 6, 9, 42, 134, 72, 134, 247, 13, 1, 9, 3, 49, 8, 6, 6, 103, 129, 8, 1, 1, 1, 48, 47, 6, 9, 42, 134, 72, 134, 247, 13, 1, 9, 4, 49, 34, 4, 32, 83, 213, 2, 32, 92, 70, 157, 44, 204, 36, 20, 171, 99, 224, 204, 169, 133, 155, 24, 174, 188, 45, 208, 99, 91, 43, 205, 208, 68, 46, 41, 217, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] diff --git a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_dsc_720.toml b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_dsc_720.toml index e037e0640..995956008 100644 --- a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_dsc_720.toml +++ b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_dsc_720.toml @@ -1,4 +1,5 @@ csc_pubkey = [191, 56, 52, 58, 68, 102, 237, 183, 171, 195, 84, 11, 3, 233, 51, 203, 74, 37, 42, 68, 152, 19, 154, 192, 131, 19, 113, 213, 124, 239, 224, 225, 165, 80, 127, 141, 153, 142, 67, 27, 80, 195, 133, 114, 240, 90, 185, 199, 165, 202, 176, 89, 69, 36, 65, 105, 30, 110, 4, 208, 12, 242, 135, 138, 112, 0, 112, 23, 63, 255, 106, 101, 85, 230, 227, 208, 200, 233, 85, 158, 57, 216, 198, 32, 116, 4, 181, 10, 208, 243, 151, 165, 147, 187, 14, 133, 61, 31, 15, 146, 160, 16, 91, 221, 65, 81, 131, 77, 250, 8, 5, 30, 244, 110, 139, 157, 228, 250, 47, 54, 46, 153, 235, 164, 201, 64, 61, 171, 152, 23, 115, 253, 143, 134, 106, 100, 221, 126, 124, 29, 158, 68, 169, 153, 8, 134, 19, 141, 243, 173, 103, 176, 135, 248, 179, 254, 74, 187, 86, 47, 12, 204, 128, 145, 46, 121, 60, 229, 217, 220, 247, 135, 186, 158, 69, 91, 128, 116, 92, 152, 233, 139, 249, 106, 63, 203, 217, 86, 113, 2, 78, 165, 244, 86, 152, 213, 164, 36, 24, 179, 100, 67, 182, 69, 30, 5, 131, 11, 129, 211, 171, 52, 237, 148, 104, 197, 107, 44, 64, 38, 244, 242, 170, 3, 191, 182, 145, 129, 165, 236, 217, 97, 192, 75, 17, 254, 254, 33, 68, 205, 70, 79, 134, 69, 244, 176, 24, 133, 19, 70, 24, 170, 161, 72, 171, 48, 146, 75, 134, 119, 13, 39, 217, 189, 2, 173, 141, 136, 176, 140, 220, 230, 94, 151, 182, 4, 120, 218, 39, 115, 34, 78, 139, 102, 230, 227, 223, 78, 72, 133, 59, 224, 128, 79, 71, 67, 133, 171, 11, 66, 200, 133, 21, 76, 125, 126, 111, 212, 29, 7, 92, 4, 5, 189, 41, 21, 15, 96, 31, 28, 233, 156, 44, 254, 47, 121, 82, 71, 133, 69, 3, 135, 247, 237, 29, 140, 111, 2, 232, 200, 129, 234, 113, 146, 243, 148, 127, 227, 183, 110, 190, 65, 93, 136, 180, 104, 17, 121, 45, 128, 216, 192, 95, 111, 75, 47, 182, 96, 41, 126, 100, 40, 129, 43, 154, 14, 220, 192, 8, 64, 47, 153, 2, 244, 140, 51, 4, 212, 105, 249, 255, 60, 143, 2, 60, 86, 176, 65, 253, 132, 133, 84, 56, 165, 169, 121, 182, 176, 237, 210, 209, 119, 253, 138, 95, 127, 194, 72, 248, 212, 91, 87, 203, 173, 38, 80, 222, 101, 163, 252, 86, 186, 143, 161, 184, 70, 24, 248, 230, 196, 157, 35, 205, 39, 49, 136, 8, 204, 176, 116, 68, 167, 1, 10, 217, 82, 208, 215, 28, 231, 252, 203, 70, 240, 62, 4, 211, 209, 148, 141, 44, 246, 215, 112, 162, 20, 129, 94, 123, 230, 126, 128, 33, 41, 231, 119, 64, 51, 253, 166, 145, 64, 10, 158, 141, 43, 193, 20, 69, 15, 194, 35, 139, 233, 28, 240, 166, 131, 61, 187, 241, 129] +csc_key_ne_hash = "0x1ca4af41d370d02b729b6a63b4aea3cf29242ad76ac8420c144d7558072ba172" salt = "0x2" country = "UTO" tbs_certificate = [48, 130, 2, 54, 160, 3, 2, 1, 2, 2, 1, 2, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 48, 67, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 84, 49, 32, 48, 30, 6, 3, 85, 4, 10, 12, 23, 77, 111, 99, 107, 32, 80, 97, 115, 115, 112, 111, 114, 116, 32, 65, 117, 116, 104, 111, 114, 105, 116, 121, 49, 18, 48, 16, 6, 3, 85, 4, 3, 12, 9, 77, 111, 99, 107, 32, 67, 83, 67, 65, 48, 30, 23, 13, 50, 49, 48, 51, 50, 54, 49, 51, 53, 52, 49, 56, 90, 23, 13, 51, 49, 48, 51, 50, 52, 49, 51, 53, 52, 49, 56, 90, 48, 66, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 84, 49, 32, 48, 30, 6, 3, 85, 4, 10, 12, 23, 77, 111, 99, 107, 32, 80, 97, 115, 115, 112, 111, 114, 116, 32, 65, 117, 116, 104, 111, 114, 105, 116, 121, 49, 17, 48, 15, 6, 3, 85, 4, 3, 12, 8, 77, 111, 99, 107, 32, 68, 83, 67, 48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 144, 96, 22, 98, 202, 23, 238, 6, 187, 83, 246, 10, 141, 149, 39, 62, 150, 207, 25, 76, 254, 121, 159, 193, 25, 17, 64, 229, 112, 170, 152, 94, 212, 213, 4, 191, 8, 183, 225, 184, 213, 181, 211, 100, 210, 60, 155, 26, 13, 219, 11, 116, 84, 236, 33, 212, 47, 5, 187, 226, 120, 161, 57, 97, 200, 250, 174, 139, 216, 171, 95, 178, 148, 109, 3, 137, 151, 245, 142, 53, 177, 251, 74, 202, 2, 157, 33, 55, 30, 189, 239, 243, 101, 183, 43, 68, 245, 198, 9, 90, 109, 89, 109, 33, 98, 32, 173, 121, 203, 2, 79, 68, 150, 135, 158, 72, 76, 223, 55, 66, 30, 45, 33, 16, 91, 153, 158, 127, 64, 221, 31, 151, 241, 93, 105, 235, 153, 176, 146, 221, 20, 231, 141, 2, 146, 77, 209, 30, 90, 33, 33, 232, 176, 145, 244, 229, 221, 43, 101, 10, 210, 55, 50, 200, 103, 87, 18, 82, 53, 193, 130, 124, 69, 96, 179, 87, 245, 203, 181, 205, 57, 67, 181, 80, 198, 57, 101, 151, 179, 103, 201, 243, 52, 68, 91, 122, 137, 209, 141, 39, 68, 73, 244, 200, 211, 125, 2, 176, 12, 80, 77, 81, 225, 169, 34, 209, 187, 212, 47, 56, 92, 220, 159, 89, 236, 133, 200, 211, 11, 237, 217, 129, 115, 191, 208, 39, 198, 179, 16, 28, 59, 121, 160, 48, 239, 81, 144, 102, 168, 122, 158, 59, 83, 54, 91, 211, 2, 3, 1, 0, 1, 163, 78, 48, 76, 48, 15, 6, 3, 85, 29, 19, 1, 1, 255, 4, 5, 48, 3, 1, 1, 0, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 7, 128, 48, 41, 6, 3, 85, 29, 14, 4, 34, 4, 32, 236, 115, 196, 36, 236, 2, 138, 16, 34, 153, 224, 23, 230, 87, 56, 253, 158, 235, 14, 147, 38, 52, 87, 5, 72, 19, 213, 247, 131, 38, 127, 141, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] diff --git a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_id_data_720.toml b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_id_data_720.toml index 15815bf60..286711b2c 100644 --- a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_id_data_720.toml +++ b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_id_data_720.toml @@ -5,6 +5,7 @@ dg1 = [97, 91, 95, 31, 88, 80, 60, 85, 84, 79, 68, 79, 69, 60, 60, 74, 79, 72, 7 dsc_pubkey = [144, 96, 22, 98, 202, 23, 238, 6, 187, 83, 246, 10, 141, 149, 39, 62, 150, 207, 25, 76, 254, 121, 159, 193, 25, 17, 64, 229, 112, 170, 152, 94, 212, 213, 4, 191, 8, 183, 225, 184, 213, 181, 211, 100, 210, 60, 155, 26, 13, 219, 11, 116, 84, 236, 33, 212, 47, 5, 187, 226, 120, 161, 57, 97, 200, 250, 174, 139, 216, 171, 95, 178, 148, 109, 3, 137, 151, 245, 142, 53, 177, 251, 74, 202, 2, 157, 33, 55, 30, 189, 239, 243, 101, 183, 43, 68, 245, 198, 9, 90, 109, 89, 109, 33, 98, 32, 173, 121, 203, 2, 79, 68, 150, 135, 158, 72, 76, 223, 55, 66, 30, 45, 33, 16, 91, 153, 158, 127, 64, 221, 31, 151, 241, 93, 105, 235, 153, 176, 146, 221, 20, 231, 141, 2, 146, 77, 209, 30, 90, 33, 33, 232, 176, 145, 244, 229, 221, 43, 101, 10, 210, 55, 50, 200, 103, 87, 18, 82, 53, 193, 130, 124, 69, 96, 179, 87, 245, 203, 181, 205, 57, 67, 181, 80, 198, 57, 101, 151, 179, 103, 201, 243, 52, 68, 91, 122, 137, 209, 141, 39, 68, 73, 244, 200, 211, 125, 2, 176, 12, 80, 77, 81, 225, 169, 34, 209, 187, 212, 47, 56, 92, 220, 159, 89, 236, 133, 200, 211, 11, 237, 217, 129, 115, 191, 208, 39, 198, 179, 16, 28, 59, 121, 160, 48, 239, 81, 144, 102, 168, 122, 158, 59, 83, 54, 91, 211] dsc_pubkey_redc_param = [28, 94, 216, 205, 130, 214, 187, 182, 58, 208, 228, 159, 128, 141, 147, 245, 68, 203, 236, 129, 99, 140, 108, 211, 245, 198, 71, 176, 2, 196, 241, 58, 221, 37, 54, 244, 93, 131, 148, 193, 87, 121, 38, 188, 142, 196, 4, 105, 26, 37, 150, 148, 152, 205, 235, 126, 184, 93, 105, 56, 44, 19, 57, 156, 74, 145, 52, 201, 54, 91, 218, 1, 26, 107, 219, 199, 28, 10, 57, 32, 22, 195, 131, 58, 46, 165, 57, 181, 53, 133, 182, 229, 180, 5, 229, 103, 172, 187, 96, 43, 14, 4, 151, 199, 136, 53, 224, 199, 167, 81, 240, 180, 174, 254, 87, 255, 239, 218, 1, 170, 8, 126, 189, 0, 83, 125, 173, 191, 84, 53, 29, 80, 88, 48, 59, 50, 243, 156, 221, 1, 81, 7, 140, 195, 28, 126, 195, 88, 226, 224, 141, 129, 220, 242, 189, 217, 16, 44, 163, 154, 247, 61, 237, 213, 56, 204, 14, 199, 251, 110, 139, 117, 142, 16, 234, 116, 47, 82, 226, 88, 40, 15, 104, 74, 12, 48, 224, 229, 64, 4, 157, 1, 124, 203, 51, 181, 191, 194, 149, 113, 225, 34, 173, 236, 206, 22, 80, 189, 181, 158, 100, 248, 60, 60, 68, 157, 169, 68, 26, 229, 226, 151, 181, 39, 197, 51, 51, 171, 197, 130, 196, 219, 115, 145, 84, 69, 157, 247, 71, 141, 198, 109, 219, 255, 149, 228, 19, 23, 56, 175, 123, 107, 192, 219, 175, 130, 60] dsc_pubkey_offset_in_dsc_cert = 229 +exponent_offset_in_dsc_cert = 487 sod_signature = [55, 125, 38, 168, 223, 78, 57, 118, 228, 58, 135, 97, 165, 230, 168, 0, 91, 69, 158, 155, 110, 40, 239, 57, 178, 211, 54, 96, 253, 10, 240, 107, 184, 122, 27, 253, 124, 73, 89, 217, 97, 144, 99, 173, 170, 199, 64, 96, 11, 143, 50, 90, 234, 133, 108, 224, 104, 98, 171, 85, 251, 138, 248, 6, 241, 193, 212, 242, 58, 208, 107, 18, 239, 246, 157, 218, 85, 217, 68, 118, 211, 205, 230, 40, 68, 3, 2, 171, 231, 247, 10, 101, 21, 250, 17, 217, 56, 254, 79, 109, 61, 190, 241, 168, 231, 49, 118, 0, 114, 237, 216, 227, 110, 117, 137, 176, 223, 146, 29, 1, 172, 234, 23, 186, 203, 18, 188, 210, 42, 156, 133, 107, 124, 3, 244, 173, 53, 85, 75, 225, 4, 106, 118, 111, 35, 16, 133, 227, 31, 148, 60, 113, 230, 201, 147, 83, 236, 179, 245, 84, 84, 144, 62, 29, 198, 38, 19, 237, 145, 183, 6, 72, 247, 172, 73, 108, 87, 50, 128, 85, 152, 180, 222, 24, 88, 18, 149, 23, 217, 196, 219, 198, 93, 53, 3, 189, 190, 34, 221, 60, 73, 108, 54, 42, 162, 49, 195, 65, 119, 194, 214, 101, 35, 101, 247, 27, 29, 143, 169, 47, 249, 107, 101, 202, 185, 231, 48, 223, 63, 20, 164, 24, 38, 103, 147, 80, 168, 152, 159, 186, 58, 107, 188, 155, 29, 221, 45, 107, 173, 106, 69, 98, 155, 39, 194, 22] tbs_certificate = [48, 130, 2, 54, 160, 3, 2, 1, 2, 2, 1, 2, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 48, 67, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 84, 49, 32, 48, 30, 6, 3, 85, 4, 10, 12, 23, 77, 111, 99, 107, 32, 80, 97, 115, 115, 112, 111, 114, 116, 32, 65, 117, 116, 104, 111, 114, 105, 116, 121, 49, 18, 48, 16, 6, 3, 85, 4, 3, 12, 9, 77, 111, 99, 107, 32, 67, 83, 67, 65, 48, 30, 23, 13, 50, 49, 48, 51, 50, 54, 49, 51, 53, 52, 49, 56, 90, 23, 13, 51, 49, 48, 51, 50, 52, 49, 51, 53, 52, 49, 56, 90, 48, 66, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 84, 49, 32, 48, 30, 6, 3, 85, 4, 10, 12, 23, 77, 111, 99, 107, 32, 80, 97, 115, 115, 112, 111, 114, 116, 32, 65, 117, 116, 104, 111, 114, 105, 116, 121, 49, 17, 48, 15, 6, 3, 85, 4, 3, 12, 8, 77, 111, 99, 107, 32, 68, 83, 67, 48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 144, 96, 22, 98, 202, 23, 238, 6, 187, 83, 246, 10, 141, 149, 39, 62, 150, 207, 25, 76, 254, 121, 159, 193, 25, 17, 64, 229, 112, 170, 152, 94, 212, 213, 4, 191, 8, 183, 225, 184, 213, 181, 211, 100, 210, 60, 155, 26, 13, 219, 11, 116, 84, 236, 33, 212, 47, 5, 187, 226, 120, 161, 57, 97, 200, 250, 174, 139, 216, 171, 95, 178, 148, 109, 3, 137, 151, 245, 142, 53, 177, 251, 74, 202, 2, 157, 33, 55, 30, 189, 239, 243, 101, 183, 43, 68, 245, 198, 9, 90, 109, 89, 109, 33, 98, 32, 173, 121, 203, 2, 79, 68, 150, 135, 158, 72, 76, 223, 55, 66, 30, 45, 33, 16, 91, 153, 158, 127, 64, 221, 31, 151, 241, 93, 105, 235, 153, 176, 146, 221, 20, 231, 141, 2, 146, 77, 209, 30, 90, 33, 33, 232, 176, 145, 244, 229, 221, 43, 101, 10, 210, 55, 50, 200, 103, 87, 18, 82, 53, 193, 130, 124, 69, 96, 179, 87, 245, 203, 181, 205, 57, 67, 181, 80, 198, 57, 101, 151, 179, 103, 201, 243, 52, 68, 91, 122, 137, 209, 141, 39, 68, 73, 244, 200, 211, 125, 2, 176, 12, 80, 77, 81, 225, 169, 34, 209, 187, 212, 47, 56, 92, 220, 159, 89, 236, 133, 200, 211, 11, 237, 217, 129, 115, 191, 208, 39, 198, 179, 16, 28, 59, 121, 160, 48, 239, 81, 144, 102, 168, 122, 158, 59, 83, 54, 91, 211, 2, 3, 1, 0, 1, 163, 78, 48, 76, 48, 15, 6, 3, 85, 29, 19, 1, 1, 255, 4, 5, 48, 3, 1, 1, 0, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 7, 128, 48, 41, 6, 3, 85, 29, 14, 4, 34, 4, 32, 236, 115, 196, 36, 236, 2, 138, 16, 34, 153, 224, 23, 230, 87, 56, 253, 158, 235, 14, 147, 38, 52, 87, 5, 72, 19, 213, 247, 131, 38, 127, 141, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] signed_attributes = [49, 72, 48, 21, 6, 9, 42, 134, 72, 134, 247, 13, 1, 9, 3, 49, 8, 6, 6, 103, 129, 8, 1, 1, 1, 48, 47, 6, 9, 42, 134, 72, 134, 247, 13, 1, 9, 4, 49, 34, 4, 32, 83, 213, 2, 32, 92, 70, 157, 44, 204, 36, 20, 171, 99, 224, 204, 169, 133, 155, 24, 174, 188, 45, 208, 99, 91, 43, 205, 208, 68, 46, 41, 217, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] diff --git a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_720/src/main.nr b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_720/src/main.nr index 124e1456e..5565db6f5 100644 --- a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_720/src/main.nr +++ b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_720/src/main.nr @@ -1,15 +1,16 @@ // Verify CSCA signed DSC certificate (720-byte TBS) use commitment::hash_salt_country_tbs; -use sig_check_rsa::verify_signature; +use sig_check_rsa::{compute_key_ne_hash, verify_signature}; use utils::get_asn1_element_length; use utils::types::Alpha3CountryCode; fn main( csc_pubkey: pub [u8; 512], + csc_key_ne_hash: pub Field, + csc_pubkey_redc_param: [u8; 513], salt: Field, country: Alpha3CountryCode, tbs_certificate: [u8; 720], - csc_pubkey_redc_param: [u8; 513], dsc_signature: [u8; 512], exponent: u32, tbs_certificate_len: u32, @@ -27,6 +28,10 @@ fn main( tbs_certificate_len == computed_len, "tbs_certificate_len does not match ASN.1 header", ); + assert( + csc_key_ne_hash == compute_key_ne_hash::<512>(csc_pubkey, exponent), + "CSC key hash does not match (n||e)", + ); assert( verify_signature::<512, 0, 720, 32>( diff --git a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/Nargo.toml b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/Nargo.toml index 5037fa836..9db3cdc45 100644 --- a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/Nargo.toml +++ b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/Nargo.toml @@ -6,6 +6,7 @@ compiler_version = ">=1.0.0" [dependencies] partial_sha256 = { path = "../../../partial_sha256" } fragmented_sig_check_rsa = { path = "../../utils/sig-check/fragmented-rsa" } +sig_check_rsa = { path = "../../utils/sig-check/rsa" } utils = { path = "../../utils/utils" } commitment = { path = "../../utils/commitment/common" } poseidon = { tag = "v0.1.1", git = "https://github.com/noir-lang/poseidon" } diff --git a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/src/main.nr b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/src/main.nr index 22991b4ca..9fe631d4a 100644 --- a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/src/main.nr +++ b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/src/main.nr @@ -5,6 +5,7 @@ use partial_sha256::{ use fragmented_sig_check_rsa::verify_rsa_signature; use utils::check_zero_padding; use utils::get_asn1_element_length; +use sig_check_rsa::compute_key_ne_hash; use utils::types::{Alpha3CountryCode, SHA256Digest}; global CHUNK1_SIZE: u32 = 640; @@ -14,12 +15,13 @@ global TBS_CERT_SIZE: u32 = 1300; fn main( comm_in: pub Field, csc_pubkey: pub [u8; 512], + csc_key_ne_hash: pub Field, + csc_pubkey_redc_param: [u8; 513], salt: Field, country: Alpha3CountryCode, state1: SHA256State, tbs_certificate: [u8; TBS_CERT_SIZE], tbs_certificate_len: u32, - csc_pubkey_redc_param: [u8; 513], dsc_signature: [u8; 512], exponent: u32, salt_out: Field, @@ -41,6 +43,10 @@ fn main( // Ensure all bytes beyond the signed length are zero so that trailing // bytes cannot carry attacker-controlled data into the commitment. check_zero_padding(tbs_certificate, tbs_certificate_len); + assert( + csc_key_ne_hash == compute_key_ne_hash::<512>(csc_pubkey, exponent), + "CSC key hash does not match (n||e)", + ); let mut chunk1: [u8; CHUNK1_SIZE] = [0; CHUNK1_SIZE]; for i in 0..CHUNK1_SIZE { diff --git a/noir-examples/noir-passport/merkle_age_check/t_add_id_data_1300/src/main.nr b/noir-examples/noir-passport/merkle_age_check/t_add_id_data_1300/src/main.nr index 62762576f..bcd2609eb 100644 --- a/noir-examples/noir-passport/merkle_age_check/t_add_id_data_1300/src/main.nr +++ b/noir-examples/noir-passport/merkle_age_check/t_add_id_data_1300/src/main.nr @@ -12,17 +12,18 @@ fn main( dsc_pubkey: [u8; 256], dsc_pubkey_redc_param: [u8; 257], dsc_pubkey_offset_in_dsc_cert: u32, + exponent: u32, + exponent_offset_in_dsc_cert: u32, sod_signature: [u8; 256], tbs_certificate: [u8; 1300], signed_attributes: SignedAttrsData, - exponent: u32, e_content: EContentData, ) -> pub Field { // Compute TBS certificate length from DER header assert(tbs_certificate[0] == 0x30, "TBS must start with SEQUENCE tag"); let tbs_certificate_len = get_asn1_element_length(tbs_certificate); - verify_rsa_pubkey_in_tbs(dsc_pubkey, tbs_certificate, dsc_pubkey_offset_in_dsc_cert, tbs_certificate_len); + verify_rsa_pubkey_in_tbs(dsc_pubkey, tbs_certificate, dsc_pubkey_offset_in_dsc_cert, tbs_certificate_len,exponent,exponent_offset_in_dsc_cert); // Compute signed_attributes_size from ASN.1 header let signed_attributes_size = get_asn1_element_length(signed_attributes); diff --git a/noir-examples/noir-passport/merkle_age_check/t_add_id_data_720/src/main.nr b/noir-examples/noir-passport/merkle_age_check/t_add_id_data_720/src/main.nr index c0b0dad95..d0b05623a 100644 --- a/noir-examples/noir-passport/merkle_age_check/t_add_id_data_720/src/main.nr +++ b/noir-examples/noir-passport/merkle_age_check/t_add_id_data_720/src/main.nr @@ -13,17 +13,18 @@ fn main( dsc_pubkey: [u8; 256], dsc_pubkey_redc_param: [u8; 257], dsc_pubkey_offset_in_dsc_cert: u32, + exponent: u32, + exponent_offset_in_dsc_cert: u32, sod_signature: [u8; 256], tbs_certificate: [u8; 720], signed_attributes: SignedAttrsData, - exponent: u32, e_content: EContentData, ) -> pub Field { // Compute TBS certificate length from DER header assert(tbs_certificate[0] == 0x30, "TBS must start with SEQUENCE tag"); let tbs_certificate_len = get_asn1_element_length(tbs_certificate); - verify_rsa_pubkey_in_tbs(dsc_pubkey, tbs_certificate, dsc_pubkey_offset_in_dsc_cert, tbs_certificate_len); + verify_rsa_pubkey_in_tbs(dsc_pubkey, tbs_certificate, dsc_pubkey_offset_in_dsc_cert, tbs_certificate_len,exponent,exponent_offset_in_dsc_cert); // Compute signed_attributes_size from ASN.1 header let signed_attributes_size = get_asn1_element_length(signed_attributes); diff --git a/noir-examples/noir-passport/utils/data-check/tbs-pubkey/Nargo.toml b/noir-examples/noir-passport/utils/data-check/tbs-pubkey/Nargo.toml index a0b4d4c7d..048dc329e 100644 --- a/noir-examples/noir-passport/utils/data-check/tbs-pubkey/Nargo.toml +++ b/noir-examples/noir-passport/utils/data-check/tbs-pubkey/Nargo.toml @@ -1,8 +1,9 @@ [package] -name = "data_check_integrity_lib" +name = "data_check_tbs_pubkey" type = "lib" authors = ["Theo Madzou"] compiler_version = ">=0.22.0" [dependencies] -utils = { path = "../../utils" } \ No newline at end of file +utils = { path = "../../utils" } +common = { path = "../../sig-check/common" } \ No newline at end of file diff --git a/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr b/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr index 149807e67..e99325fc5 100644 --- a/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr +++ b/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr @@ -1,8 +1,19 @@ +use common::assert_allowed_rsa_exponent; + +/// Verifies that `dsc_pubkey` and `exponent` are present at the specified offsets +/// within the authenticated `tbs_certificate`. +/// +/// `pubkey_offset` -- byte index in `tbs_certificate` where the modulus bytes start. +/// `exponent_offset` -- byte index in `tbs_certificate` where the exponent value bytes +/// start (i.e. the first byte of the DER INTEGER value field, +/// including any DER sign byte for two's-complement encoding). pub fn verify_rsa_pubkey_in_tbs( dsc_pubkey: [u8; DSC_KEY_SIZE], tbs_certificate: [u8; TBS_CERT_SIZE], pubkey_offset: u32, tbs_certificate_len: u32, + exponent: u32, + exponent_offset: u32, ) { // Ensure the pubkey lies entirely within the signed (authenticated) region of the TBS, assert( @@ -72,10 +83,130 @@ pub fn verify_rsa_pubkey_in_tbs( for i in 0..DSC_KEY_SIZE { assert(tbs_certificate[i + pubkey_offset] == dsc_pubkey[i]); } + + // Validate exponent is in the allowed set. + assert_allowed_rsa_exponent(exponent); + + // Verify exponent bytes match the authenticated TBS certificate at exponent_offset. + // + // All 8 allowed exponents are either 1 byte (exponent=3) or 3 bytes (all others). + // + // 3-byte exponents and their expected DER value bytes: + // 38129 (0x94B1) -> [0x00, 0x94, 0xB1] (sign byte needed, MSB >= 128) + // 56611 (0xDD23) -> [0x00, 0xDD, 0x23] (sign byte needed, MSB >= 128) + // 65537 (0x010001) -> [0x01, 0x00, 0x01] + // 107903 (0x01A57F) -> [0x01, 0xA5, 0x7F] + // 109729 (0x01AC61) -> [0x01, 0xAC, 0x61] + // 122125 (0x01DC0D) -> [0x01, 0xDC, 0x0D] + // 130689 (0x01FF01) -> [0x01, 0xFF, 0x01] + // + // For the 3-byte case, u32 >> 16 naturally gives 0x00 for exponents needing a sign byte, + // and the expected 3-byte sequence matches the DER value encoding directly. + if exponent < 0x100 { + assert(exponent_offset < TBS_CERT_SIZE, "Exponent offset out of bounds"); + // 1-byte exponent (only exponent=3 in the allowed list). + // exponent_offset must point to the single value byte in TBS. + assert( + tbs_certificate[exponent_offset] == exponent as u8, + "Exponent mismatch in TBS", + ); + } else { + // 3-byte exponent. exponent_offset points to the first value byte (incl. sign byte). + assert(exponent_offset + 3 <= TBS_CERT_SIZE, "Exponent bytes out of bounds"); + assert( + tbs_certificate[exponent_offset] == ((exponent >> 16) & 0xFF) as u8, + "Exponent byte 0 mismatch in TBS", + ); + assert( + tbs_certificate[exponent_offset + 1] == ((exponent >> 8) & 0xFF) as u8, + "Exponent byte 1 mismatch in TBS", + ); + assert( + tbs_certificate[exponent_offset + 2] == (exponent & 0xFF) as u8, + "Exponent byte 2 mismatch in TBS", + ); + } +} + +#[test] +fn test_verify_rsa_pubkey_in_tbs_with_allowed_exponent_65537() { + let modulus: [u8; 4] = [0x90, 0x11, 0x22, 0x33]; + let mut tbs: [u8; 32] = [0; 32]; + + // Modulus at offset 0 (no DER header needed, offset is provided directly) + for i in 0..4 { + tbs[i] = modulus[i]; + } + // Exponent 65537 = [0x01, 0x00, 0x01] at offset 4 + tbs[4] = 0x01; + tbs[5] = 0x00; + tbs[6] = 0x01; + + verify_rsa_pubkey_in_tbs(modulus, tbs, 7, 0, 65537, 4); +} + +#[test] +fn test_verify_rsa_pubkey_in_tbs_with_allowed_exponent_3() { + let modulus: [u8; 4] = [0x10, 0x11, 0x22, 0x33]; + let mut tbs: [u8; 32] = [0; 32]; + + for i in 0..4 { + tbs[i] = modulus[i]; + } + // Exponent 3 = [0x03] at offset 4 (1 byte) + tbs[4] = 0x03; + + verify_rsa_pubkey_in_tbs(modulus, tbs, 5,0, 3, 4); +} + +#[test] +fn test_verify_rsa_pubkey_in_tbs_with_allowed_exponent_56611() { + let modulus: [u8; 4] = [0x90, 0x11, 0x22, 0x33]; + let mut tbs: [u8; 32] = [0; 32]; + + for i in 0..4 { + tbs[i] = modulus[i]; + } + // 56611 = 0xDD23, MSB >= 128, DER sign byte needed -> [0x00, 0xDD, 0x23] + tbs[4] = 0x00; + tbs[5] = 0xDD; + tbs[6] = 0x23; + + verify_rsa_pubkey_in_tbs(modulus, tbs, 7, 0, 56611, 4); +} + +#[test(should_fail_with = "Unsupported RSA exponent")] +fn test_verify_rsa_pubkey_in_tbs_rejects_exponent_1() { + let modulus: [u8; 4] = [0x90, 0x11, 0x22, 0x33]; + let mut tbs: [u8; 32] = [0; 32]; + + for i in 0..4 { + tbs[i] = modulus[i]; + } + tbs[4] = 0x01; + + verify_rsa_pubkey_in_tbs(modulus, tbs, 5, 0, 1, 4); +} + +#[test(should_fail_with = "Exponent mismatch in TBS")] +fn test_verify_rsa_pubkey_in_tbs_rejects_wrong_exponent_bytes() { + let modulus: [u8; 4] = [0x90, 0x11, 0x22, 0x33]; + let mut tbs: [u8; 32] = [0; 32]; + + for i in 0..4 { + tbs[i] = modulus[i]; + } + // TBS has exponent byte = 0x07, but we claim exponent = 3 + tbs[4] = 0x07; + + verify_rsa_pubkey_in_tbs(modulus, tbs,5, 0, 3, 4); } /// Build a 300-byte TBS with a 256-byte pubkey embedded at `offset` with correct -/// DER SubjectPublicKeyInfo structure: SEQUENCE { INTEGER(modulus), ... } +/// DER SubjectPublicKeyInfo structure: SEQUENCE { INTEGER(modulus), INTEGER(exponent) } +/// Exponent 65537 (0x010001) is written as DER INTEGER at offset+256: +/// 02 03 01 00 01 (tag, length, value bytes) +/// exponent_offset = offset + 258 (first value byte). fn build_test_tbs(pubkey: [u8; 256], offset: u32) -> [u8; 300] { let mut tbs: [u8; 300] = [0; 300]; let has_leading_zero = pubkey[0] as u32 >= 0x80; @@ -106,6 +237,12 @@ fn build_test_tbs(pubkey: [u8; 256], offset: u32) -> [u8; 300] { for i in 0..256 { tbs[offset + i] = pubkey[i]; } + // Exponent INTEGER: 02 03 [01 00 01] immediately after modulus + tbs[offset + 256] = 0x02; // INTEGER tag + tbs[offset + 257] = 0x03; // length = 3 + tbs[offset + 258] = 0x01; // exponent value byte 0 (65537 = 0x010001) + tbs[offset + 259] = 0x00; // exponent value byte 1 + tbs[offset + 260] = 0x01; // exponent value byte 2 tbs } @@ -117,7 +254,7 @@ fn test_valid_pubkey_with_leading_zero() { let offset: u32 = 15; let tbs = build_test_tbs(pubkey, offset); let tbs_len: u32 = 271; // offset + 256 - verify_rsa_pubkey_in_tbs(pubkey, tbs, offset, tbs_len); + verify_rsa_pubkey_in_tbs(pubkey, tbs, offset, tbs_len, 65537, offset + 258); } /// Valid case: pubkey within signed region, correct SPKI structure (no leading zero case). @@ -128,7 +265,7 @@ fn test_valid_pubkey_without_leading_zero() { let offset: u32 = 15; let tbs = build_test_tbs(pubkey, offset); let tbs_len: u32 = 271; - verify_rsa_pubkey_in_tbs(pubkey, tbs, offset, tbs_len); + verify_rsa_pubkey_in_tbs(pubkey, tbs, offset, tbs_len, 65537, offset + 258); } /// Pubkey offset extends beyond signed TBS length -> must fail. @@ -139,7 +276,7 @@ fn test_pubkey_offset_beyond_signed_length_fails() { let offset: u32 = 15; let tbs = build_test_tbs(pubkey, offset); let tbs_len: u32 = 200; // too small - verify_rsa_pubkey_in_tbs(pubkey, tbs, offset, tbs_len); + verify_rsa_pubkey_in_tbs(pubkey, tbs, offset, tbs_len, 65537, offset + 258); } /// Invalid DER INTEGER encoding before modulus -> must fail. @@ -153,7 +290,7 @@ fn test_invalid_der_integer_encoding_fails() { tbs[offset - 5] = 0x04; // OCTET STRING instead of INTEGER tbs[offset - 4] = 0x04; // also corrupt offset-4 to break form_b let tbs_len: u32 = 271; - verify_rsa_pubkey_in_tbs(pubkey, tbs, offset, tbs_len); + verify_rsa_pubkey_in_tbs(pubkey, tbs, offset, tbs_len, 65537, offset + 258); } /// Missing RSAPublicKey SEQUENCE wrapper -> must fail. @@ -166,7 +303,7 @@ fn test_missing_sequence_wrapper_fails() { // Corrupt the SEQUENCE tag tbs[offset - 9] = 0x04; // not a SEQUENCE let tbs_len: u32 = 271; - verify_rsa_pubkey_in_tbs(pubkey, tbs, offset, tbs_len); + verify_rsa_pubkey_in_tbs(pubkey, tbs, offset, tbs_len, 65537, offset + 258); } /// Pubkey bytes at valid DER structure but bytes don't match dsc_pubkey -> must fail. @@ -180,5 +317,5 @@ fn test_pubkey_mismatch_fails() { let mut wrong_pubkey: [u8; 256] = [0xBB; 256]; wrong_pubkey[0] = 0x90; let tbs_len: u32 = 271; - verify_rsa_pubkey_in_tbs(wrong_pubkey, tbs, offset, tbs_len); + verify_rsa_pubkey_in_tbs(wrong_pubkey, tbs, offset, tbs_len, 65537, offset + 258); } diff --git a/noir-examples/noir-passport/utils/sig-check/common/src/lib.nr b/noir-examples/noir-passport/utils/sig-check/common/src/lib.nr index 84f53cfd9..cf5d25610 100644 --- a/noir-examples/noir-passport/utils/sig-check/common/src/lib.nr +++ b/noir-examples/noir-passport/utils/sig-check/common/src/lib.nr @@ -3,6 +3,20 @@ use sha256::{sha224_var, sha256_var}; use sha512::{sha384, sha512}; use utils::check_zero_padding; +pub fn assert_allowed_rsa_exponent(exponent: u32) { + assert( + (exponent == 3) + | (exponent == 56611) + | (exponent == 38129) + | (exponent == 109729) + | (exponent == 130689) + | (exponent == 122125) + | (exponent == 107903) + | (exponent == 65537), + "Unsupported RSA exponent", + ); +} + pub fn sha1_and_check_data_to_sign( data_to_sign: [u8; DATA_TO_SIGN_MAX_LEN], data_to_sign_len: u32, diff --git a/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/Nargo.toml b/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/Nargo.toml index 3f79f5522..ad9b14667 100644 --- a/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/Nargo.toml +++ b/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/Nargo.toml @@ -7,3 +7,4 @@ compiler_version = ">=1.0.0" rsa = { git = "https://github.com/zkpassport/noir_rsa", tag = "v0.9.2" } bignum = { git = "https://github.com/noir-lang/noir-bignum", tag = "v0.8.0" } utils = { path = "../../utils" } +common = { path = "../common" } diff --git a/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/src/lib.nr b/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/src/lib.nr index 11a290bfc..ec8d52ea5 100644 --- a/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/src/lib.nr +++ b/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/src/lib.nr @@ -1,4 +1,5 @@ use bignum::{params::BigNumParams, RuntimeBigNum}; +use common::assert_allowed_rsa_exponent; use rsa::rsa::verify_sha256_pkcs1v15; // Part 2 RSA verification - takes pre-computed hash (used in fragmented circuits) @@ -8,7 +9,7 @@ pub fn verify_rsa_signature( sig_bytes: [u8; (((SIG_BYTES * 8) + 7) / 8)], redc_param_bytes: [u8; SIG_BYTES + 1], exponent: u32, - msg_hash: [u8; 32] // Pre-computed SHA256 hash + msg_hash: [u8; 32], // Pre-computed SHA256 hash ) -> bool { assert( (SIG_BYTES == 768) @@ -18,6 +19,8 @@ pub fn verify_rsa_signature( | (SIG_BYTES == 128), "Only modulus of bit size 1024, 2048, 3072, 4096 and 6144 are supported", ); + // TODO: Add support for more exponent values if needed for other countries. + assert_allowed_rsa_exponent(exponent); let pubkey = utils::pack_be_bytes_into_u128s::(pubkey_bytes); diff --git a/noir-examples/noir-passport/utils/sig-check/rsa/Nargo.toml b/noir-examples/noir-passport/utils/sig-check/rsa/Nargo.toml index 48f80911a..fe6fedb3f 100644 --- a/noir-examples/noir-passport/utils/sig-check/rsa/Nargo.toml +++ b/noir-examples/noir-passport/utils/sig-check/rsa/Nargo.toml @@ -9,3 +9,4 @@ rsa = { git = "https://github.com/zkpassport/noir_rsa", tag = "v0.9.2" } bignum = { git = "https://github.com/noir-lang/noir-bignum", tag = "v0.8.0"} utils = { path = "../../utils" } common = { path = "../common" } +poseidon = { tag = "v0.1.1", git = "https://github.com/noir-lang/poseidon" } diff --git a/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr b/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr index 86a8c03d5..062d8fc96 100644 --- a/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr +++ b/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr @@ -1,13 +1,41 @@ use bignum::{params::BigNumParams, RuntimeBigNum}; use common::{ - sha1_and_check_data_to_sign, sha256_and_check_data_to_sign, sha384_and_check_data_to_sign, - sha512_and_check_data_to_sign, + assert_allowed_rsa_exponent, sha1_and_check_data_to_sign, sha256_and_check_data_to_sign, + sha384_and_check_data_to_sign, sha512_and_check_data_to_sign, }; +use poseidon::poseidon2::Poseidon2; use rsa::rsa::{ verify_sha1_pkcs1v15, verify_sha1_pss, verify_sha256_pkcs1v15, verify_sha256_pss, verify_sha384_pkcs1v15, verify_sha384_pss, verify_sha512_pkcs1v15, verify_sha512_pss, }; +global RSA_KEY_NE_HASH_DOMAIN: Field = 0x5253415f4e455f48; // "RSA_NE_H" + +fn exponent_to_be_bytes(exponent: u32) -> [u8; 4] { + [ + ((exponent >> 24) & 0xFF) as u8, + ((exponent >> 16) & 0xFF) as u8, + ((exponent >> 8) & 0xFF) as u8, + (exponent & 0xFF) as u8, + ] +} + +pub fn compute_key_ne_hash(pubkey_bytes: [u8; SIG_BYTES], exponent: u32) -> Field { + assert_allowed_rsa_exponent(exponent); + let exponent_bytes = exponent_to_be_bytes(exponent); + let packed_pubkey: [Field; (SIG_BYTES + 30) / 31] = + utils::pack_be_bytes_into_fields::(pubkey_bytes); + let packed_exponent: [Field; 1] = utils::pack_be_bytes_into_fields::<4, 1, 31>(exponent_bytes); + + let mut hash_input: [Field; 2 + (SIG_BYTES + 30) / 31] = [0; 2 + (SIG_BYTES + 30) / 31]; + hash_input[0] = RSA_KEY_NE_HASH_DOMAIN; + for i in 0..((SIG_BYTES + 30) / 31) { + hash_input[1 + i] = packed_pubkey[i]; + } + hash_input[1 + ((SIG_BYTES + 30) / 31)] = packed_exponent[0]; + Poseidon2::hash(hash_input, 2 + ((SIG_BYTES + 30) / 31)) +} + pub fn verify_signature( pubkey_bytes: [u8; SIG_BYTES], // This is equivalent to sig_bytes: [u8; SIG_BYTES] but because of @@ -27,6 +55,8 @@ pub fn verify_signature(pubkey_bytes); @@ -70,3 +100,40 @@ pub fn verify_signature(pubkey, 65537); + let hash_3 = compute_key_ne_hash::<4>(pubkey, 3); + assert(hash_65537 != hash_3); +} + +#[test] +fn test_compute_key_ne_hash_differs_by_pubkey() { + // Same exponent, different pubkey must produce different hash. + // Catches regressions where the pubkey is dropped from the hash input. + let pubkey_a: [u8; 4] = [0x01, 0x02, 0x03, 0x04]; + let pubkey_b: [u8; 4] = [0x05, 0x06, 0x07, 0x08]; + let hash_a = compute_key_ne_hash::<4>(pubkey_a, 65537); + let hash_b = compute_key_ne_hash::<4>(pubkey_b, 65537); + assert(hash_a != hash_b); +} \ No newline at end of file