audit fixes

.github/actions/mobile-setup/action.yml

@@ -52,5 +52,6 @@ runs:
       run: |
         cd ${{ inputs.app_path }}
         corepack enable
+        yarn set version 4.6.0
         yarn install
         yarn install-app:deploy

.github/actions/yarn-install/action.yml

@@ -15,7 +15,8 @@ runs:
       shell: bash
       run: |
         corepack enable
-        corepack prepare [email protected] --activate
+        corepack prepare [email protected] --activate
+        yarn set version 4.6.0
 
     - name: Setup Node.js
       uses: actions/setup-node@v4

.github/workflows/artifacts.yml

@@ -40,7 +40,9 @@ jobs:
 
       - name: Install dependencies
         run: |
-          npm i -g yarn && cd circuits && yarn
+          corepack enable
+          yarn set version 4.6.0
+          cd circuits && yarn
 
       - name: Setup Rust
         uses: dtolnay/rust-toolchain@stable
@@ -58,8 +60,8 @@ jobs:
       - name: Build cpp circuits
         run: |
           chmod +x circuits/scripts/build/build_cpp.sh && \
-          ./circuits/scripts/build/build_cpp.sh register && 
-          ./circuits/scripts/build/build_cpp.sh disclose && 
+          ./circuits/scripts/build/build_cpp.sh register &&
+          ./circuits/scripts/build/build_cpp.sh disclose &&
           ./circuits/scripts/build/build_cpp.sh dsc
 
       - name: Upload Artifact

circuits/circuits/utils/crypto/bigInt/bigInt.circom

@@ -8,7 +8,7 @@ include "../int/arithmetic.circom";
 include "@openpassport/zk-email-circuits/lib/bigint.circom";
 
 // What BigInt in this lib means
-// We represent big number as array of chunks with some shunk_size (will be explained later) 
+// We represent big number as array of chunks with some shunk_size (will be explained later)
 // for this example we will use N for number, n for chunk size and k for chunk_number:
 // N[k];
 // Number can be calculated by this formula:
@@ -31,14 +31,14 @@ template BigMultModP(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS, CHUNK_
 
     signal output div[CHUNK_NUMBER_DIV];
     signal output mod[CHUNK_NUMBER_MODULUS];
-    
+
     component mult = BigMultOverflow(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS);
     mult.in1 <== in1;
     mult.in2 <== in2;
 
     var reduced[200] = reduce_overflow_dl(CHUNK_SIZE, CHUNK_NUMBER_BASE - 1, CHUNK_NUMBER_BASE, mult.out);
     var long_division[2][200] = long_div_dl(CHUNK_SIZE, CHUNK_NUMBER_MODULUS, CHUNK_NUMBER_DIV - 1, reduced, modulus);
-    
+
     for (var i = 0; i < CHUNK_NUMBER_DIV; i++){
         div[i] <-- long_division[0][i];
 
@@ -51,26 +51,26 @@ template BigMultModP(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS, CHUNK_
         modChecks[i].in <== mod[i];
 
     }
-    
+
     component greaterThan = BigGreaterThan(CHUNK_SIZE, CHUNK_NUMBER_MODULUS);
-    
+
     greaterThan.in[0] <== modulus;
     greaterThan.in[1] <== mod;
     greaterThan.out === 1;
-    
+
     component mult2;
     if (CHUNK_NUMBER_DIV >= CHUNK_NUMBER_MODULUS){
         mult2 = BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER_DIV, CHUNK_NUMBER_MODULUS);
-        
+
         mult2.in1 <== div;
         mult2.in2 <== modulus;
     } else {
         mult2 = BigMultNonEqualOverflow(CHUNK_SIZE, CHUNK_NUMBER_MODULUS, CHUNK_NUMBER_DIV);
-        
+
         mult2.in2 <== div;
         mult2.in1 <== modulus;
     }
-    
+
     component isZero = BigIntIsZero(CHUNK_SIZE, CHUNK_SIZE * 2 + log_ceil(CHUNK_NUMBER_MODULUS + CHUNK_NUMBER_DIV - 1), CHUNK_NUMBER_BASE - 1);
     for (var i = 0; i < CHUNK_NUMBER_MODULUS; i++) {
         isZero.in[i] <== mult.out[i] - mult2.out[i] - mod[i];
@@ -84,40 +84,40 @@ template BigMultModP(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS, CHUNK_
 // in[0] <= in[1]
 template BigLessEqThan(CHUNK_SIZE, CHUNK_NUMBER){
     signal input in[2][CHUNK_NUMBER];
-    
+
     signal output out;
-    
+
     component lessThan[CHUNK_NUMBER];
     component isEqual[CHUNK_NUMBER];
     signal result[CHUNK_NUMBER];
     for (var i = 0; i < CHUNK_NUMBER; i++){
         lessThan[i] = LessThan(CHUNK_SIZE);
         lessThan[i].in[0] <== in[0][i];
         lessThan[i].in[1] <== in[1][i];
-        
+
         isEqual[i] = IsEqual();
         isEqual[i].in[0] <== in[0][i];
         isEqual[i].in[1] <== in[1][i];
     }
-    
+
     for (var i = 0; i < CHUNK_NUMBER; i++){
     if (i == 0){
             result[i] <== lessThan[i].out + isEqual[i].out;
         } else {
             result[i] <== lessThan[i].out + isEqual[i].out * result[i - 1];
         }
     }
-    
+
     out <== result[CHUNK_NUMBER - 1];
-    
+
 }
 
 // in[0] > in[1]
 template BigGreaterThan(CHUNK_SIZE, CHUNK_NUMBER){
     signal input in[2][CHUNK_NUMBER];
-    
+
     signal output out;
-    
+
     component lessEqThan = BigLessEqThan(CHUNK_SIZE, CHUNK_NUMBER);
     lessEqThan.in <== in;
     out <== 1 - lessEqThan.out;
@@ -149,20 +149,20 @@ template BigModInv(CHUNK_SIZE, CHUNK_NUMBER) {
     signal input in[CHUNK_NUMBER];
     signal input modulus[CHUNK_NUMBER];
     signal output out[CHUNK_NUMBER];
-    
-    
+
+
     var inv[200] = mod_inv_dl(CHUNK_SIZE, CHUNK_NUMBER, in, modulus);
     for (var i = 0; i < CHUNK_NUMBER; i++) {
         out[i] <-- inv[i];
     }
-    
+
     component mult = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER, CHUNK_NUMBER, CHUNK_NUMBER);
     mult.in1 <== in;
     mult.in2 <== out;
     mult.modulus <== modulus;
-    
+
     mult.mod[0] === 1;
     for (var i = 1; i < CHUNK_NUMBER; i++) {
         mult.mod[i] === 0;
     }
-}
+}

circuits/circuits/utils/crypto/hasher/shaBytes/dynamic/sha1Bytes.circom

@@ -28,7 +28,7 @@ template Sha1Bytes(max_num_bytes) {
     for (var i = 0; i < 160; i++) {
         out[i] <== sha.out[i];
     }
-   
+
 }
 
 //Adapted from @openpassport/zk-email-circuits/helpers/sha256general.circom
@@ -66,9 +66,9 @@ template Sha1General(maxBitsPadded) {
     component he0 = H_sha1(4);
 
     component sha1compression[maxBlocks];
-    
+
     for (i=0; i<maxBlocks; i++) {
-        
+
         sha1compression[i] = Sha1compression();
 
         if (i==0) {
@@ -86,13 +86,13 @@ template Sha1General(maxBitsPadded) {
                 sha1compression[i].hin[32*2+k] <== sha1compression[i-1].out[32*2+31-k];
                 sha1compression[i].hin[32*3+k] <== sha1compression[i-1].out[32*3+31-k];
                 sha1compression[i].hin[32*4+k] <== sha1compression[i-1].out[32*4+31-k];
-            } 
+            }
         }
 
         for (k=0; k<512; k++) {
             sha1compression[i].inp[k] <== paddedIn[i*512+k];
         }
-        
+
     }
 
     component arraySelectors[160];
@@ -115,4 +115,4 @@ template Sha1General(maxBitsPadded) {
         arraySelectors[i].index <== inBlockIndex - 1;
         out[i] <== arraySelectors[i].out;
     }
-}
+}

circuits/circuits/utils/crypto/hasher/shaBytes/shaBytesDynamic.circom

@@ -3,6 +3,8 @@ pragma circom 2.1.9;
 include "./dynamic/sha1Bytes.circom";
 include "./dynamic/sha224Bytes.circom";
 include "@openpassport/zk-email-circuits/lib/sha.circom";
+include "@openpassport/zk-email-circuits/utils/array.circom";
+include "circomlib/circuits/bitify.circom";
 include "./dynamic/sha384Bytes.circom";
 include "./dynamic/sha512Bytes.circom";
 
@@ -19,6 +21,10 @@ template ShaBytesDynamic(hashLen, max_num_bytes) {
 
     signal output hash_bits[hashLen];
 
+    // Assert `in_len_padded_bytes` fits in `ceil(log2(max_num_bytes * 8))`
+    component rangeCheck = Num2Bits(log2Ceil(max_num_bytes * 8));
+    rangeCheck.in <== in_len_padded_bytes;
+
     if (hashLen == 512) {
         hash_bits <== Sha512Bytes(max_num_bytes)(in_padded, in_len_padded_bytes);
     }
@@ -28,11 +34,11 @@ template ShaBytesDynamic(hashLen, max_num_bytes) {
     if (hashLen == 256) {
         hash_bits <== Sha256Bytes(max_num_bytes)(in_padded, in_len_padded_bytes);
     }
-    if (hashLen == 224) { 
+    if (hashLen == 224) {
         hash_bits <== Sha224Bytes(max_num_bytes)(in_padded, in_len_padded_bytes);
     }
     if (hashLen == 160) {
         hash_bits <== Sha1Bytes(max_num_bytes)(in_padded, in_len_padded_bytes);
     }
 
-}
+}

circuits/circuits/utils/passport/disclose/disclose_id.circom

@@ -42,9 +42,9 @@ template DISCLOSE_ID(
     signal input ofac_nameyob_smt_leaf_key;
     signal input ofac_nameyob_smt_root;
     signal input ofac_nameyob_smt_siblings[nameyobTreeLevels];
-    
+
     signal input selector_ofac;
-    
+
     // assert selectors are 0 or 1
     for (var i = 0; i < 90; i++) {
         selector_dg1[i] * (selector_dg1[i] - 1) === 0;
@@ -64,11 +64,11 @@ template DISCLOSE_ID(
     older_than_verified[0] <== isOlderThan.out * majority[0];
     older_than_verified[1] <== isOlderThan.out * majority[1];
 
-    signal revealedData[94]; // mrz: 88 bytes | older_than: 2 bytes | ofac: 3 byte
+    signal revealedData[94]; // mrz: 90 bytes | older_than: 2 bytes | ofac: 2 byte
     for (var i = 0; i < 90; i++) {
         revealedData[i] <== dg1[5+i] * selector_dg1[i];
     }
-    
+
     revealedData[90] <== older_than_verified[0] * selector_older_than;
     revealedData[91] <== older_than_verified[1] * selector_older_than;
 
@@ -91,4 +91,4 @@ template DISCLOSE_ID(
 
     var chunkLength = computeIntChunkLength(MAX_FORBIDDEN_COUNTRIES_LIST_LENGTH * 3);
     signal output forbidden_countries_list_packed[chunkLength] <== ProveCountryIsNotInList_ID(MAX_FORBIDDEN_COUNTRIES_LIST_LENGTH)(dg1, forbidden_countries_list);
-}
+}

circuits/scripts/build/build_disclose_circuits.sh

@@ -16,6 +16,7 @@ OUTPUT_DIR="build/${CIRCUIT_TYPE}"
 # format: name:poweroftau:build_flag
 CIRCUITS=(
     "vc_and_disclose:20:true"
+    "vc_and_disclose_id:20:true"
 )
 
 build_circuits "$CIRCUIT_TYPE" "$OUTPUT_DIR" "${CIRCUITS[@]}"

circuits/scripts/build/common.sh

@@ -72,9 +72,9 @@ build_circuit() {
 
     # Compile circuit
     circom ${CIRCUIT_PATH} \
-        -l node_modules \
-        -l ./node_modules/@zk-kit/binary-merkle-root.circom/src \
-        -l ./node_modules/circomlib/circuits \
+        -l ../node_modules \
+        -l ../node_modules/@zk-kit/binary-merkle-root.circom/src \
+        -l ../node_modules/circomlib/circuits \
         --r1cs --O1 --wasm -c \
         --output ${OUTPUT_DIR}/${CIRCUIT_NAME}/
 
@@ -85,10 +85,10 @@ build_circuit() {
         ${OUTPUT_DIR}/${CIRCUIT_NAME}/${CIRCUIT_NAME}.zkey
 
     # Generate and contribute random string
-    local RAND_STR=$(get_random_string)
-    echo $RAND_STR | yarn snarkjs zkey contribute \
-        ${OUTPUT_DIR}/${CIRCUIT_NAME}/${CIRCUIT_NAME}.zkey \
-        ${OUTPUT_DIR}/${CIRCUIT_NAME}/${CIRCUIT_NAME}_final.zkey
+    # local RAND_STR=$(get_random_string)
+    # echo $RAND_STR | yarn snarkjs zkey contribute \
+    #     ${OUTPUT_DIR}/${CIRCUIT_NAME}/${CIRCUIT_NAME}.zkey \
+    #     ${OUTPUT_DIR}/${CIRCUIT_NAME}/${CIRCUIT_NAME}_final.zkey
 
     echo -e "${BLUE}Building vkey${NC}"
     yarn snarkjs zkey export verificationkey \

circuits/tests/disclose/vc_and_disclose_id.test.ts

@@ -13,7 +13,6 @@ import crypto from 'crypto';
 import { SMT } from '@openpassport/zk-kit-smt';
 import nameAndDobjson from '@selfxyz/common/ofacdata/outputs/nameAndDobSMT_ID.json' with { type: 'json' };
 import nameAndYobjson from '@selfxyz/common/ofacdata/outputs/nameAndYobSMT_ID.json' with { type: 'json' };
-import passportNojson from '@selfxyz/common/ofacdata/outputs/passportNoAndNationalitySMT.json' with { type: 'json' };
 import {
   formatAndUnpackForbiddenCountriesList,
   formatAndUnpackReveal,
@@ -53,9 +52,6 @@ describe('Disclose', function () {
   const tree: any = new LeanIMT((a, b) => poseidon2([a, b]), []);
   tree.insert(BigInt(commitment));
 
-  const passportNo_smt = new SMT(poseidon2, true);
-  passportNo_smt.import(passportNojson);
-
   const nameAndDob_smt = new SMT(poseidon2, true);
   nameAndDob_smt.import(nameAndDobjson);
 
@@ -85,7 +81,7 @@ describe('Disclose', function () {
       selector_older_than,
       tree,
       majority,
-      passportNo_smt,
+      null,
       nameAndDob_smt,
       nameAndYob_smt,
       selector_ofac,
@@ -141,7 +137,7 @@ describe('Disclose', function () {
         const revealedData_packed = await circuit.getOutput(w, ['revealedData_packed[4]']);
         const reveal_unpacked = formatAndUnpackReveal(revealedData_packed, 'id');
 
-        for (let i = 0; i < 88; i++) {
+        for (let i = 0; i < 90; i++) {
           if (selector_dg1[i] == '1') {
             const char = String.fromCharCode(Number(inputs.dg1[i + 5]));
             assert(reveal_unpacked[i] == char, 'Should reveal the right character');
@@ -187,8 +183,8 @@ describe('Disclose', function () {
     const revealedData_packed = await circuit.getOutput(w, ['revealedData_packed[4]']);
 
     const reveal_unpacked = formatAndUnpackReveal(revealedData_packed, 'id');
-    expect(reveal_unpacked[88]).to.equal('\x00');
-    expect(reveal_unpacked[89]).to.equal('\x00');
+    expect(reveal_unpacked[90]).to.equal('\x00');
+    expect(reveal_unpacked[91]).to.equal('\x00');
   });
 
   describe('OFAC disclosure', function () {
@@ -269,7 +265,7 @@ describe('Disclose', function () {
           selector_older_than,
           tree,
           majority,
-          passportNo_smt,
+          null,
           nameAndDob_smt,
           nameAndYob_smt,
           '1', // selector_ofac