feat: increase sha256 byte size and add new rsa circuits #986
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 20511340 | Triggered | Generic Private Key | 14f90ef | common/src/mock_certificates/sha256_rsa_130689_4096/mock_csca.key | View secret |
| 20511341 | Triggered | Generic Private Key | 14f90ef | common/src/mock_certificates/sha1_rsa_64321_4096/mock_csca.key | View secret |
| 20511342 | Triggered | Generic Private Key | 14f90ef | common/src/constants/mockCertificates.ts | View secret |
| 20511343 | Triggered | Generic Private Key | 14f90ef | common/src/mock_certificates/sha1_rsa_64321_4096/mock_dsc.key | View secret |
| 20511344 | Triggered | Generic Private Key | 14f90ef | common/src/constants/mockCertificates.ts | View secret |
| 20511345 | Triggered | Generic Private Key | 14f90ef | common/src/mock_certificates/sha256_rsa_56611_4096/mock_dsc.key | View secret |
| 20511346 | Triggered | Generic Private Key | 14f90ef | common/src/mock_certificates/sha256_rsa_107903_4096/mock_csca.key | View secret |
| 20511347 | Triggered | Generic Private Key | 14f90ef | common/src/constants/mockCertificates.ts | View secret |
| 20511348 | Triggered | Generic Private Key | 14f90ef | common/src/mock_certificates/sha256_rsa_122125_4096/mock_csca.key | View secret |
| 20511349 | Triggered | Generic Private Key | 14f90ef | common/src/mock_certificates/sha256_rsa_56611_4096/mock_csca.key | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
WalkthroughAdds new RSA PKCS#1 v1.5 support with non-standard public exponents (IDs 47–51), introducing a generic RSA verifier path, exponentiation helper, and mappings. Updates many Circom instances (REGISTER/REGISTER_ID) to use larger padded lengths. Adds tests, mock certificates/keys, and updates TypeScript constants and test configs. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant User
participant SignatureVerifier
participant HashParser
participant RSA_PKCS1v1_5 as VerifyRsaGenericPkcs1v1_5
participant FpPow as FpPowGenericMod
User->>SignatureVerifier: message, signature, modulus, signatureAlgorithm
SignatureVerifier->>HashParser: parse hash into words
HashParser-->>SignatureVerifier: hashParsed[], msg_len
alt signatureAlgorithm in {47..51}
SignatureVerifier->>RSA_PKCS1v1_5: CHUNK=120, K=35, HASH=160/256, alg
note right of RSA_PKCS1v1_5: 1) PKCS#1 v1.5 padding\n2) Range checks\n3) Modular exponentiation\n4) Compare chunks
RSA_PKCS1v1_5->>FpPow: base=signature, modulus, alg (exponent)
FpPow-->>RSA_PKCS1v1_5: signature^e mod N (chunked)
RSA_PKCS1v1_5-->>SignatureVerifier: constraints satisfied
else other algorithms
SignatureVerifier->>...: existing ECDSA/RSA paths
end
SignatureVerifier-->>User: verification result via constraints
sequenceDiagram
autonumber
participant Verifier as VerifyRsaGenericPkcs1v1_5
participant Pad as Pkcs1v1_5Padding
participant Exp as FpPowGenericMod
Verifier->>Pad: modulus, message -> paddedHash[]
Verifier->>Exp: signature, modulus, exponent(e from alg)
Exp-->>Verifier: out[]
Verifier-->>Verifier: assert(out[i] == paddedHash[i]) for all i
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60–90 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
📜 Recent review detailsConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro 💡 Knowledge Base configuration:
You can enable these sources in your CodeRabbit configuration. 📒 Files selected for processing (5)
🚧 Files skipped from review as they are similar to previous changes (3)
🧰 Additional context used📓 Path-based instructions (2)circuits/**/*.circom⚙️ CodeRabbit configuration file
Files:
**/*.{ts,tsx}📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)
Files:
🧠 Learnings (4)📚 Learning: 2025-08-24T18:55:07.940ZApplied to files:
📚 Learning: 2025-08-24T18:55:07.940ZApplied to files:
📚 Learning: 2025-08-24T18:55:07.940ZApplied to files:
📚 Learning: 2025-08-24T18:55:07.940ZApplied to files:
🧬 Code graph analysis (2)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha224_ecdsa_secp224r1.circom (1)
circuits/tests/register_id/test_cases.ts (3)
⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
🔇 Additional comments (4)
✨ Finishing Touches
🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
Status, Documentation and Community
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 40
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (5)
common/src/utils/passports/passport_parsing/brutForceDscSignature.ts (2)
121-124: Avoid 'binary' string conversion; pass raw bytes to node-forge to prevent encoding bugs on RNBuffer.toString('binary') is lossy and platform-dependent. Feed Uint8Array directly through forge’s raw encoder to keep exact bytes.
Apply this diff:
- const signature = Buffer.from(signatureValue).toString('binary'); + // Preserve raw bytes across Node/RN + const signature = forge.util.binary.raw.encode(signatureValue);
61-76: Function promises boolean but lacks default return pathWith explicit return type boolean, missing default breaks type soundness and may compile depending on TS flags. Return false by default.
function verifySignature( dsc: CertificateData, csca: CertificateData, signatureAlgorithm: string, hashAlgorithm: string, saltLength: number = 0 ): boolean { switch (signatureAlgorithm) { case 'ecdsa': return verifyECDSA(dsc, csca, hashAlgorithm); case 'rsa': return verifyRSA(dsc, csca, hashAlgorithm); case 'rsapss': return verifyRSAPSS(dsc, csca, hashAlgorithm, saltLength); } + return false; }common/src/mock_certificates/sha256_rsa_107903_4096/mock_csca.key (1)
1-53: Exclude mock certificates from production bundles and published packages
- Move
common/src/mock_certificatesto a test-only directory (e.g.common/test/fixtures/mock_certificates)- Remove
"src/mock_certificates"from thefilesarray incommon/package.json- Add a blockList entry in
metro.config.jsto ignore**/mock_certificates/**/*.(key|pem)- If tests require these keys, load them via
fsat test time instead of static importscommon/src/constants/constants.ts (1)
101-111: Add MAX_CERT_BYTES entries for new RSA‑SHA256 exponents to avoid undefined lookupsYou added rsa_sha1_64321_4096, but the newly introduced SHA‑256 exponent variants (56611/107903/122125/130689) from types.ts aren’t covered here. If any code indexes MAX_CERT_BYTES by these algorithm keys, it will return undefined at runtime.
Apply this diff to cover them (values match other 4096-bit RSA PKCS#1 v1.5 SHA‑256 cert sizes):
export const MAX_CERT_BYTES: Partial<Record<keyof typeof SignatureAlgorithmIndex, number>> = { rsa_sha256_65537_4096: 512, rsa_sha1_65537_4096: 640, rsa_sha1_64321_4096: 640, + rsa_sha256_56611_4096: 512, + rsa_sha256_107903_4096: 512, + rsa_sha256_122125_4096: 512, + rsa_sha256_130689_4096: 512, rsapss_sha256_65537_2048: 640, rsapss_sha256_65537_3072: 640, rsapss_sha256_65537_4096: 768, rsapss_sha256_3_3072: 768, rsapss_sha256_3_4096: 768, rsapss_sha384_65537_3072: 768, };circuits/tests/utils/rsaPkcs1v1_5.test.ts (1)
57-77: Brittle error assertion on wasmTester failure messageRelying on
'Assert Failed'string is version-fragile. Assert throw type, then (optionally) substring-check defensively.- } catch (error) { - expect(error.message).to.include('Assert Failed'); - } + } catch (error) { + expect(error).to.be.instanceOf(Error); + if ((error as Error).message) { + expect((error as Error).message).to.include('Assert Failed'); + } + }
🧹 Nitpick comments (8)
common/src/scripts/generateCertificates.sh (1)
246-255: Non-standard RSA exponents: clarify intent and isolate from prod artifacts.Exponents 64321/107903/122125/130689 are unusual. If these are only for circuit testing, ensure they don’t bleed into prod registries/anchors. Recommend placing them under a clearly test-only prefix (e.g., src/mock_certificates/test_only/...) or guard generation behind a flag.
circuits/circuits/utils/crypto/signature/FpPowMod.circom (3)
157-227: FpPow130689Mod: performance sanity.Chain is minimal-enough for this exponent, but please document the addition chain derivation (or script it) to avoid future drift. Property tests as above recommended.
228-300: FpPow122125Mod: correctness comment matches indices; keep chain generation reproducible.Commented binary and indices align. Same test ask as above; consider generating indices from exponent bits at build time to reduce maintenance risk.
301-373: FpPow107903Mod: larger popcount—watch constraint count.11 multiplies + 16 doublers adds notable constraints. If proving time regresses, consider windowed/signed addition chains. For now, ship with perf measurement in CI.
common/src/utils/passports/getMockDSC.ts (1)
164-171: Group PSS‐salt variants under a single case
Bothrsapss_sha256_65537_{2048,4096}use a 32-byte salt by default—collapse the_32literals into the unsuffixed labels to prevent future drift. For example:// 4096-bit PSS case 'rsapss_sha256_65537_4096': case 'rsapss_sha256_65537_4096_32': privateKeyPem = mockCertificates.mock_dsc_sha256_rsapss_32_65537_4096_key; dsc = mockCertificates.mock_dsc_sha256_rsapss_32_65537_4096; break; // 2048-bit PSS case 'rsapss_sha256_65537_2048': case 'rsapss_sha256_65537_2048_32': privateKeyPem = mockCertificates.mock_dsc_sha256_rsapss_32_65537_2048_key; dsc = mockCertificates.mock_dsc_sha256_rsapss_32_65537_2048; break;circuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circom (1)
10-11: Gate SHA-1 usage behind a policy flagSupport is fine for backward compatibility, but ensure this algo (ID 47) is disabled by default in production paths to avoid weak-hash acceptance.
If not already present, add a config/env guard checked in the caller before selecting algorithm 47. Want a small patch for that?
circuits/circuits/utils/crypto/signature/rsa/verifyRsa107903Pkcs1v1_5.circom (1)
7-16: Reduce duplication across exponent variants (shared verifier skeleton).All five templates are identical except the pow component. Consider a common template/macro that takes the pow component as a parameter (or include a shared sub-template) to prevent drift and reduce audit surface.
common/src/constants/mockCertificates.ts (1)
846-932: Limit legacy SHA-1 usage to tests; ensure no runtime acceptance.This SHA-1 compatible RSA set should never be accepted by runtime verification paths. Ensure trust-anchor config and code paths exclude mocks in non-test builds.
If any runtime code can pick a mock via configuration, fail it fast (feature flag, environment guard) and add a unit test asserting the rejection in production mode.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (10)
common/src/mock_certificates/sha1_rsa_64321_4096/mock_csca.pemis excluded by!**/*.pemcommon/src/mock_certificates/sha1_rsa_64321_4096/mock_dsc.pemis excluded by!**/*.pemcommon/src/mock_certificates/sha256_rsa_107903_4096/mock_csca.pemis excluded by!**/*.pemcommon/src/mock_certificates/sha256_rsa_107903_4096/mock_dsc.pemis excluded by!**/*.pemcommon/src/mock_certificates/sha256_rsa_122125_4096/mock_csca.pemis excluded by!**/*.pemcommon/src/mock_certificates/sha256_rsa_122125_4096/mock_dsc.pemis excluded by!**/*.pemcommon/src/mock_certificates/sha256_rsa_130689_4096/mock_csca.pemis excluded by!**/*.pemcommon/src/mock_certificates/sha256_rsa_130689_4096/mock_dsc.pemis excluded by!**/*.pemcommon/src/mock_certificates/sha256_rsa_56611_4096/mock_csca.pemis excluded by!**/*.pemcommon/src/mock_certificates/sha256_rsa_56611_4096/mock_dsc.pemis excluded by!**/*.pem
📒 Files selected for processing (69)
circuits/circuits/dsc/instances/dsc_sha256_rsa_107903_4096.circom(1 hunks)circuits/circuits/dsc/instances/dsc_sha256_rsa_122125_4096.circom(1 hunks)circuits/circuits/dsc/instances/dsc_sha256_rsa_130689_4096.circom(1 hunks)circuits/circuits/dsc/instances/dsc_sha256_rsa_56611_4096.circom(1 hunks)circuits/circuits/register/instances/register_sha1_sha1_sha1_rsa_64321_4096.circom(1 hunks)circuits/circuits/register/instances/register_sha1_sha256_sha256_rsa_65537_4096.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha1_sha1_rsa_65537_4096.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha224_ecdsa_secp224r1.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP256r1.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp256r1.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp384r1.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_3_4096.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_65537_4096.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_3_32_2048.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_2048.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_3072.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_4096.circom(1 hunks)circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_64_2048.circom(1 hunks)circuits/circuits/register/instances/register_sha512_sha512_sha256_rsapss_65537_32_2048.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha1_sha256_sha256_rsa_65537_4096.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha224_ecdsa_secp224r1.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP256r1.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp256r1.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp384r1.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsa_3_4096.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsa_65537_4096.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_3_32_2048.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_2048.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_3072.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_64_2048.circom(1 hunks)circuits/circuits/register_id/instances/register_id_sha512_sha512_sha256_rsapss_65537_32_2048.circom(1 hunks)circuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circom(1 hunks)circuits/circuits/tests/utils/rsa/test_rsa_sha256_107903_4096.circom(1 hunks)circuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circom(1 hunks)circuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circom(1 hunks)circuits/circuits/tests/utils/rsa/test_rsa_sha256_56611_4096.circom(1 hunks)circuits/circuits/utils/crypto/signature/FpPowMod.circom(1 hunks)circuits/circuits/utils/crypto/signature/rsa/verifyRsa107903Pkcs1v1_5.circom(1 hunks)circuits/circuits/utils/crypto/signature/rsa/verifyRsa122125Pkcs1v1_5.circom(1 hunks)circuits/circuits/utils/crypto/signature/rsa/verifyRsa130689Pkcs1v1_5.circom(1 hunks)circuits/circuits/utils/crypto/signature/rsa/verifyRsa56611Pkcs1v1_5.circom(1 hunks)circuits/circuits/utils/crypto/signature/rsa/verifyRsa64321Pkcs1v1_5.circom(1 hunks)circuits/circuits/utils/passport/signatureAlgorithm.circom(9 hunks)circuits/circuits/utils/passport/signatureVerifier.circom(7 hunks)circuits/tests/dsc/test_cases.ts(1 hunks)circuits/tests/register/test_cases.ts(1 hunks)circuits/tests/register_id/test_cases.ts(1 hunks)circuits/tests/utils/generateMockInputsInCircuits.ts(1 hunks)circuits/tests/utils/rsaPkcs1v1_5.test.ts(2 hunks)common/src/constants/constants.ts(3 hunks)common/src/constants/mockCertificates.ts(4 hunks)common/src/constants/skiPem.ts(1 hunks)common/src/mock_certificates/sha1_rsa_64321_4096/mock_csca.key(1 hunks)common/src/mock_certificates/sha1_rsa_64321_4096/mock_dsc.key(1 hunks)common/src/mock_certificates/sha256_rsa_107903_4096/mock_csca.key(1 hunks)common/src/mock_certificates/sha256_rsa_107903_4096/mock_dsc.key(1 hunks)common/src/mock_certificates/sha256_rsa_122125_4096/mock_csca.key(1 hunks)common/src/mock_certificates/sha256_rsa_122125_4096/mock_dsc.key(1 hunks)common/src/mock_certificates/sha256_rsa_130689_4096/mock_csca.key(1 hunks)common/src/mock_certificates/sha256_rsa_130689_4096/mock_dsc.key(1 hunks)common/src/mock_certificates/sha256_rsa_56611_4096/mock_csca.key(1 hunks)common/src/mock_certificates/sha256_rsa_56611_4096/mock_dsc.key(1 hunks)common/src/scripts/generateCertificates.sh(4 hunks)common/src/utils/passports/genMockPassportData.ts(1 hunks)common/src/utils/passports/getMockDSC.ts(1 hunks)common/src/utils/passports/passport_parsing/brutForceDscSignature.ts(1 hunks)common/src/utils/types.ts(1 hunks)
🧰 Additional context used
📓 Path-based instructions (4)
circuits/**/*.circom
⚙️ CodeRabbit configuration file
circuits/**/*.circom: Review ZK circuit code for:
- Circuit correctness and completeness
- Constraint efficiency
- Input validation
- Security considerations for zero-knowledge proofs
Files:
circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP256r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_3072.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp384r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_64_2048.circomcircuits/circuits/register_id/instances/register_id_sha1_sha256_sha256_rsa_65537_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circomcircuits/circuits/register/instances/register_sha256_sha256_sha224_ecdsa_secp224r1.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_3_4096.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha224_ecdsa_secp224r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsa_3_4096.circomcircuits/circuits/register/instances/register_sha256_sha1_sha1_rsa_65537_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa56611Pkcs1v1_5.circomcircuits/circuits/register/instances/register_sha512_sha512_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa130689Pkcs1v1_5.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_3_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_65537_4096.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_3_32_2048.circomcircuits/circuits/register_id/instances/register_id_sha512_sha512_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_64_2048.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp256r1.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_107903_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_122125_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_107903_4096.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP256r1.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circomcircuits/circuits/register/instances/register_sha1_sha1_sha1_rsa_64321_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_130689_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_56611_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa64321Pkcs1v1_5.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp384r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_3072.circomcircuits/circuits/register/instances/register_sha1_sha256_sha256_rsa_65537_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa122125Pkcs1v1_5.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_56611_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa107903Pkcs1v1_5.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp256r1.circomcircuits/circuits/utils/passport/signatureVerifier.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsa_65537_4096.circomcircuits/circuits/utils/passport/signatureAlgorithm.circomcircuits/circuits/utils/crypto/signature/FpPowMod.circom
**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)
**/*.{ts,tsx}: Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')
Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)
Files:
common/src/utils/passports/getMockDSC.tscommon/src/utils/passports/genMockPassportData.tscommon/src/utils/passports/passport_parsing/brutForceDscSignature.tscircuits/tests/utils/generateMockInputsInCircuits.tscommon/src/utils/types.tscircuits/tests/utils/rsaPkcs1v1_5.test.tscircuits/tests/register_id/test_cases.tscircuits/tests/register/test_cases.tscircuits/tests/dsc/test_cases.tscommon/src/constants/constants.tscommon/src/constants/mockCertificates.tscommon/src/constants/skiPem.ts
common/src/**/*.{ts,tsx,js,jsx}
⚙️ CodeRabbit configuration file
common/src/**/*.{ts,tsx,js,jsx}: Review shared utilities for:
- Reusability and modular design
- Type safety and error handling
- Side-effect management
- Documentation and naming clarity
Files:
common/src/utils/passports/getMockDSC.tscommon/src/utils/passports/genMockPassportData.tscommon/src/utils/passports/passport_parsing/brutForceDscSignature.tscommon/src/utils/types.tscommon/src/constants/constants.tscommon/src/constants/mockCertificates.tscommon/src/constants/skiPem.ts
**/*.{test,spec}.{ts,js,tsx,jsx}
⚙️ CodeRabbit configuration file
**/*.{test,spec}.{ts,js,tsx,jsx}: Review test files for:
- Test coverage completeness
- Test case quality and edge cases
- Mock usage appropriateness
- Test readability and maintainability
Files:
circuits/tests/utils/rsaPkcs1v1_5.test.ts
🧠 Learnings (10)
📓 Common learnings
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to circuits/circuits/dsc/dsc.circom : DSC proof circuit must support signature algorithms RSA-2048 and ECDSA-P256
📚 Learning: 2025-08-24T18:55:07.940Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to circuits/circuits/dsc/dsc.circom : DSC proof circuit must support signature algorithms RSA-2048 and ECDSA-P256
Applied to files:
circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP256r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp384r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_64_2048.circomcircuits/circuits/register_id/instances/register_id_sha1_sha256_sha256_rsa_65537_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circomcircuits/circuits/register/instances/register_sha256_sha256_sha224_ecdsa_secp224r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha224_ecdsa_secp224r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha1_sha1_rsa_65537_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa56611Pkcs1v1_5.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa130689Pkcs1v1_5.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_3_32_2048.circomcircuits/circuits/register_id/instances/register_id_sha512_sha512_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_64_2048.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp256r1.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_107903_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_122125_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_107903_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_130689_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_56611_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa64321Pkcs1v1_5.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp384r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_3072.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa122125Pkcs1v1_5.circomcircuits/tests/utils/rsaPkcs1v1_5.test.tscircuits/circuits/dsc/instances/dsc_sha256_rsa_56611_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa107903Pkcs1v1_5.circomcircuits/circuits/utils/passport/signatureVerifier.circomcircuits/tests/dsc/test_cases.tscircuits/circuits/utils/passport/signatureAlgorithm.circom
📚 Learning: 2025-08-24T18:55:07.940Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to circuits/circuits/register/register.circom : Register circuit output must be a Poseidon hash commitment with domain separation tag "register-v1"
Applied to files:
circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP256r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_3072.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp384r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_64_2048.circomcircuits/circuits/register_id/instances/register_id_sha1_sha256_sha256_rsa_65537_4096.circomcircuits/circuits/register/instances/register_sha256_sha256_sha224_ecdsa_secp224r1.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_3_4096.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha224_ecdsa_secp224r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsa_3_4096.circomcircuits/circuits/register/instances/register_sha256_sha1_sha1_rsa_65537_4096.circomcircuits/circuits/register/instances/register_sha512_sha512_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_4096.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_3_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_65537_4096.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_3_32_2048.circomcircuits/circuits/register_id/instances/register_id_sha512_sha512_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_64_2048.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp256r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP256r1.circomcircuits/circuits/register/instances/register_sha1_sha1_sha1_rsa_64321_4096.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp384r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_3072.circomcircuits/circuits/register/instances/register_sha1_sha256_sha256_rsa_65537_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_56611_4096.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp256r1.circomcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsa_65537_4096.circom
📚 Learning: 2025-08-24T18:55:07.940Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to circuits/circuits/register/register.circom : Register circuit must validate country code as ISO 3166-1 alpha-3
Applied to files:
circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP256r1.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_3072.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp384r1.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_3_4096.circomcircuits/circuits/register/instances/register_sha256_sha1_sha1_rsa_65537_4096.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_4096.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_65537_4096.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_3_32_2048.circomcircuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_64_2048.circomcircuits/circuits/register/instances/register_sha1_sha256_sha256_rsa_65537_4096.circom
📚 Learning: 2025-08-24T18:55:07.940Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to **/*.{ts,tsx} : Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Applied to files:
common/src/utils/passports/getMockDSC.tscommon/src/mock_certificates/sha256_rsa_122125_4096/mock_dsc.keycircuits/tests/register_id/test_cases.tscircuits/tests/register/test_cases.tscommon/src/constants/mockCertificates.ts
📚 Learning: 2025-08-24T18:52:25.796Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to noir/crates/dg1/src/dg1/dg1.nr : Document verification processing using ICAO standards and DSC verification with multiple signature algorithms in dg1.nr
Applied to files:
circuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_107903_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_56611_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa64321Pkcs1v1_5.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsa107903Pkcs1v1_5.circomcircuits/circuits/utils/passport/signatureVerifier.circom
📚 Learning: 2025-08-24T18:55:07.940Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to circuits/circuits/dsc/dsc.circom : DSC proof circuit must check revocation via Merkle inclusion proofs
Applied to files:
circuits/circuits/dsc/instances/dsc_sha256_rsa_107903_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_122125_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_130689_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_56611_4096.circom
📚 Learning: 2025-08-24T18:55:07.940Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to circuits/circuits/dsc/dsc.circom : DSC proof circuit must verify certificate chain from CSCA to DSC
Applied to files:
circuits/circuits/dsc/instances/dsc_sha256_rsa_107903_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_122125_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_130689_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_56611_4096.circomcircuits/circuits/utils/passport/signatureVerifier.circom
📚 Learning: 2025-08-24T18:55:07.940Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to circuits/circuits/dsc/dsc.circom : DSC proof circuit must keep peak memory usage under 300MB
Applied to files:
circuits/circuits/dsc/instances/dsc_sha256_rsa_107903_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_122125_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_130689_4096.circomcircuits/circuits/dsc/instances/dsc_sha256_rsa_56611_4096.circom
📚 Learning: 2025-08-24T18:55:07.940Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to **/*.{ts,tsx} : Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)
Applied to files:
circuits/tests/utils/rsaPkcs1v1_5.test.ts
🧬 Code graph analysis (23)
circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (3)
Sha256_264_run(966773-967359)Sha256General_262_create(965936-965944)Sha256BytesStatic_251_run(964912-965054)
circuits/circuits/register/instances/register_sha256_sha1_sha1_rsa_65537_4096.circom (1)
common/src/utils/generateInputs.ts (2)
generateCircuitInputsProve(240-271)generateCircuitInputsRegister(30-133)
circuits/circuits/register/instances/register_sha512_sha512_sha256_rsapss_65537_32_2048.circom (1)
common/src/utils/generateInputs.ts (2)
generateCircuitInputsProve(240-271)generateCircuitInputsRegister(30-133)
circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_4096.circom (1)
common/src/utils/generateInputs.ts (2)
generateCircuitInputsProve(240-271)generateCircuitInputsRegister(30-133)
circuits/circuits/utils/crypto/signature/rsa/verifyRsa130689Pkcs1v1_5.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (3)
RSAVerify65537_278_run(969764-970010)RSAVerify65537_278_create(969754-969762)RSAPad_268_run(967709-968146)
circuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_65537_4096.circom (1)
common/src/utils/generateInputs.ts (1)
generateCircuitInputsRegister(30-133)
circuits/circuits/register_id/instances/register_id_sha512_sha512_sha256_rsapss_65537_32_2048.circom (1)
common/src/utils/generateInputs.ts (2)
generateCircuitInputsProve(240-271)generateCircuitInputsRegister(30-133)
circuits/circuits/dsc/instances/dsc_sha256_rsa_107903_4096.circom (1)
common/src/utils/generateInputs.ts (2)
generateCircuitInputsDisclose(135-181)generateCircuitInputsRegister(30-133)
circuits/circuits/dsc/instances/dsc_sha256_rsa_122125_4096.circom (1)
common/src/utils/generateInputs.ts (2)
generateCircuitInputsProve(240-271)generateCircuitInputsRegister(30-133)
circuits/circuits/tests/utils/rsa/test_rsa_sha256_107903_4096.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (3)
RSAVerify65537_278_run(969764-970010)PassportVerifier_279_run(970022-970527)RSAVerify65537_278_create(969754-969762)
circuits/circuits/register/instances/register_sha1_sha1_sha1_rsa_64321_4096.circom (1)
common/src/utils/generateInputs.ts (1)
generateCircuitInputsProve(240-271)
circuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (3)
RSAVerify65537_278_run(969764-970010)RSAPad_268_run(967709-968146)RSAVerify65537_278_create(969754-969762)
circuits/circuits/dsc/instances/dsc_sha256_rsa_130689_4096.circom (1)
common/src/utils/generateInputs.ts (2)
generateCircuitInputsProve(240-271)generateCircuitInputsRegister(30-133)
circuits/circuits/utils/crypto/signature/rsa/verifyRsa64321Pkcs1v1_5.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (3)
RSAVerify65537_278_create(969754-969762)RSAVerify65537_278_run(969764-970010)PassportVerifier_279_run(970022-970527)
common/src/utils/types.ts (3)
common/src/utils/shaPad.ts (1)
shaPad(3-9)common/src/utils/utils.ts (1)
extractRSFromSignature(352-368)common/src/utils/generateInputs.ts (2)
generateCircuitInputsRegister(30-133)generateCircuitInputsProve(240-271)
circuits/circuits/utils/crypto/signature/rsa/verifyRsa122125Pkcs1v1_5.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (2)
RSAVerify65537_278_create(969754-969762)RSAVerify65537_278_run(969764-970010)
circuits/tests/utils/rsaPkcs1v1_5.test.ts (1)
common/src/utils/types.ts (1)
SignatureAlgorithm(55-108)
circuits/circuits/dsc/instances/dsc_sha256_rsa_56611_4096.circom (1)
common/src/utils/generateInputs.ts (2)
generateCircuitInputsDisclose(135-181)generateCircuitInputsRegister(30-133)
circuits/circuits/utils/crypto/signature/rsa/verifyRsa107903Pkcs1v1_5.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (2)
RSAVerify65537_278_run(969764-970010)RSAVerify65537_278_create(969754-969762)
circuits/tests/dsc/test_cases.ts (2)
common/src/utils/generateInputs.ts (2)
generateCircuitInputsRegister(30-133)alg(56-56)common/src/utils/shaPad.ts (1)
shaPad(3-9)
common/src/constants/constants.ts (1)
common/src/utils/shaPad.ts (3)
shaPad(3-9)sha1Pad(12-30)sha256Pad(34-52)
common/src/constants/mockCertificates.ts (1)
common/src/utils/generateInputs.ts (1)
generateCircuitInputsRegister(30-133)
circuits/circuits/utils/crypto/signature/FpPowMod.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (4)
FpPow65537Mod_277_run(969442-969752)FpMul_276_run(969019-969430)FpPow65537Mod_277_create(969432-969440)poly_eval_5(150418-150458)
🪛 GitHub Actions: Common CI
common/src/constants/mockCertificates.ts
[warning] 1-1: Prettier formatting issues found in 'src/constants/mockCertificates.ts'. Run 'prettier --write' to fix.
⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: test
- GitHub Check: build-android
- GitHub Check: build-ios
🔇 Additional comments (48)
circuits/circuits/register/instances/register_sha256_sha256_sha224_ecdsa_secp224r1.circom (1)
5-5: Manual verification required: confirm SHA-256 config and length binding for 256-byte signed_attr
- Ensure the
signed_attr_padded_length = 256parameter is passed through the REGISTER template into the SHA-256 gadget so it allocates exactly 4 blocks- Confirm any unused bytes in the 256-byte preimage are constrained to zero to prevent malleability
- Verify boundary tests at lengths 0, 1, 64, 65, 128, 129, 255, 256 succeed and that inputs ≥ 257 bytes are rejected
- Check the final Poseidon commitment still uses the
"register-v1"domain separation tagcircuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circom (1)
5-5: Validate constraint growth and update CI thresholds: NonumConstraintsor artifact size metrics were found forregister_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1—please manually measure R1CS constraints, proving time, and mobile footprint (e.g., via Circom’s reporter or CI artifacts) and adjust performance thresholds accordingly.circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_3072.circom (1)
5-5: Verify internal sizing & domain separation
- All sha256/sha256/sha256 instances now pass MAX_SIGNED_ATTR_PADDED_LEN = 256 (prev 128); ensure register.circom uses that parameter to size its input arrays and Num2Bits packers to avoid constraint underflow.
- Manually confirm the domain-separation tag "register-v1" and ISO-3166-1 alpha-3 validation are still enforced in register.circom.
- Replace remaining magic literals in instance files with named constants (e.g. MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN) to prevent drift.
common/src/mock_certificates/sha256_rsa_56611_4096/mock_dsc.key (1)
1-53: Block mock_dsc.key from production bundles
No non-test references found, but no bundler or publishing exclusion rule detected; verify metro.config (blockList/blacklistRE) and package publish settings (files/publishConfig) block this file from any production artifacts.circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_64_2048.circom (1)
5-5: REGISTER(..., 256): confirm parameter semantics & cross-module consistency.register.circom uses the final param as MAX_SIGNED_ATTR_PADDED_LEN (sizes signed_attr and is forwarded to PassportVerifier) and does not hard-code 128 — but several instance files still pass 128 while the target instance uses 256. Verify the change is intentional and that all dependent artifacts (TS constants, tests, proving/verifier keys) are aligned.
- Check register template and usage: circuits/circuits/register/register.circom.
- Instance under review: circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_64_2048.circom (last arg = 256).
- Examples of remaining 128-sized instances to review: circuits/circuits/register/instances/register_sha256_sha1_sha1_rsa_65537_4096.circom, register_sha1_sha1_sha1_rsa_64321_4096.circom, register_sha256_sha224_sha224_ecdsa_secp224r1.circom.
- Confirm signatureAlgorithm index 46 is the intended algorithm in both circom and TS: circuits/circuits/utils/passport/signatureAlgorithm.circom (46 -> rsapss_sha256_65537_2048) and common/src/constants/constants.ts (check the corresponding enum/IDs used by the test harness).
- If this instance’s MAX_SIGNED_ATTR_PADDED_LEN actually changed, regenerate & version proving/verifier keys and update any test/config constants to avoid CI mismatches.
circuits/tests/register_id/test_cases.ts (1)
14-21: RSA-PSS with SHA-512 using 32-byte salt is nonstandard—confirm intent or use 64.PSS typically uses saltLen = hashLen; for SHA-512 that’s 64. If this case is meant to exercise the “32-byte salt” circuit variant, consider switching dg/eContent hash to sha256 instead. Otherwise, use saltLength: '64'.
Apply one of:
- dgHashAlgo: 'sha512', - eContentHashAlgo: 'sha512', + dgHashAlgo: 'sha512', + eContentHashAlgo: 'sha512', @@ - saltLength: '32', + saltLength: '64',or (if targeting the 32-byte-salt variant explicitly):
- dgHashAlgo: 'sha512', - eContentHashAlgo: 'sha512', + dgHashAlgo: 'sha256', + eContentHashAlgo: 'sha256', @@ - saltLength: '32', + saltLength: '32',circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_2048.circom (1)
5-5: Confirm constraints & config for sha256_sha256_sha256_rsapss_65537_32_2048 instance
- Algorithm index 4 in
REGISTER(256,256,4,…)matchesrsapss_sha256_65537_2048 = 4in common/src/constants/constants.ts- Input sizes 256/256 align with triple-SHA256
- Regenerate proving/verification keys for this circuit and update any downstream config or circuit registry to include this new instance
common/src/mock_certificates/sha256_rsa_107903_4096/mock_dsc.key (1)
1-52: Critical: Unencrypted private key committed
- Remove or encrypt the RSA key under common/src/mock_certificates/**.
- Ensure all build configs (Metro, Gradle, Xcode) explicitly exclude mock_certificates/** so these fixtures never ship in production or mobile bundles.
circuits/circuits/register_id/instances/register_id_sha1_sha256_sha256_rsa_65537_4096.circom (1)
5-5: Verify SHA-256 block support and centralize max-bytes constant
- Confirm that
REGISTER_ID’s last parameter indeed limits the input to 4 SHA-256 blocks and is strictly enforced in its SHA-256 gadget (no slack acceptance).- Add boundary tests: 255 B and 256 B should pass; 257 B should fail with an explicit “max bytes exceeded” error.
- Refactor to centralize the 256 B limit in a shared constant (e.g.
REGISTER_ID_SIGNED_ATTR_MAX_BYTES) to avoid drift across instances.circuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_65537_4096.circom (1)
5-5: Approve 256 bump—constants aligned
MAX_PADDED_SIGNED_ATTR_LEN.sha256 is set to 256 in constants.ts and every sha256-based REGISTER instance ends with “, 256);”.circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circom (1)
5-5: OK, but watch proving cost.The 128 → 256 increase expands byte arrays and constraints; keep an eye on proving time/memory for P384 flows. If regressions surface, consider slicing or hashing preimages earlier.
Suggest adding/refreshing a perf check for this instance in CI to catch constraint growth regressions.
circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp256r1.circom (1)
5-5: Looks consistent with the repo-wide 256 bump.No issues spotted. Keep MAX_PADDED_SIGNED_ATTR_LEN synced in TS.
common/src/constants/constants.ts (2)
131-137: Circuits updated; verify SDK generators/tests
No REGISTER or REGISTER_ID instances in circuits/ now use 128 for SHA-256 signed-attrs padding. Manually ensure all SDK input generators and tests expecting signed-attr length reference 256, not 128.
246-247: SignatureAlgorithmIndex wiring validated—ensure test fixtures
- circuits/circuits/utils/passport/signatureAlgorithm.circom routes rsa_sha1_64321_4096 = 47 alongside existing IDs without collision
- common/src/utils/passports/getMockDSC.ts switch covers the new algorithm
- no consumers of MAX_CERT_BYTES indexing require adjustment
Verify test fixtures and any other downstream consumers include rsa_sha1_64321_4096.
circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_4096.circom (1)
5-5: Params align with 256-byte SHA‑256 signed‑attrsREGISTER(..., 512, 256) matches the new MAX_PADDED_SIGNED_ATTR_LEN.sha256 and avoids length mismatches.
circuits/circuits/register/instances/register_sha512_sha512_sha256_rsapss_65537_32_2048.circom (1)
5-5: Correct padding budget for SHA‑512 eContent and SHA‑256 signed‑attrsREGISTER(…, 896, 256) is consistent with MAX_PADDED_ECONTENT_LEN.sha512 and the new SHA‑256 256‑byte signed‑attrs.
circuits/circuits/register/instances/register_sha256_sha1_sha1_rsa_65537_4096.circom (1)
5-5: Signed-attrs padding correctly remains at 128 bytes for SHA-1 variants
I’ve verified across all REGISTER instances, test cases, and input generators—there are no hardcoded 256-byte expectations forsigned_attr.common/src/constants/skiPem.ts (1)
558-562: Manual verification required: validate SKI ↔ certificate integrity and RSA parameters
CI environment lacks the tools (OpenSSL/cryptography) to auto-verify. Please manually confirm that each new entry incommon/src/constants/skiPem.tsis a valid DER-encoded X.509, its calculated SKI matches the map key, and the RSA key size and public exponent meet circuit requirements.circuits/tests/dsc/test_cases.ts (1)
10-60: Comment label inconsistencies can mislead test selection.Several comments mis-state keyLength/exponent (e.g., “sha1_rsa_65537_4096” alongside keyLength '2048'). Please align labels to prevent misconfigured fixture lookups and brittle test routing.
circuits/circuits/utils/crypto/signature/FpPowMod.circom (2)
85-156: FpPow64321Mod: addition chain looks correct; add cross-check tests to lock behavior.Indices cover all 1-bits except 2^0, which is included via final multiply by base. Please add randomized property tests comparing circuit output vs. BigInt powmod to guard against off-by-one indexing.
I can provide a small JS harness to generate random (base, modulus odd) vectors and assert equality across 50–100 cases.
374-446: FpPow56611Mod: indices match documented bits; LGTM with tests.Same property-test recommendation; no functional concerns found.
circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp384r1.circom (1)
5-5: Same 128→256 increase: confirm cross-circuit consistency and prover/verifier artifacts.Changing this parameter alters circuit shape. Ensure proving/verifying keys are regenerated and any on-chain verifier metadata or registry hashes updated atomically. Align the common input generation to 256 to prevent OOB/constraint failures.
circuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_3_4096.circom (1)
5-5: Extract padded‐length into shared constant & add boundary tests
LastREGISTERparameter (256) definessigned_attrarray size – verify circuit behavior and proving performance, and add tests for padded lengths 254, 255, 256.circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_3_32_2048.circom (1)
5-5: RSAPSS salt and digest lengths are correctly decoupled
Verified thatREGISTER_IDonly uses its last parameter for the signed‐attribute buffer size (MAX_SIGNED_ATTR_PADDED_LEN), while PSS salt length and hash length are computed entirely withinSignatureVerifierbased on thesignatureAlgorithmID. No accidental reuse of the 256-byte bound for salt or digest.circuits/circuits/register_id/instances/register_id_sha256_sha256_sha224_ecdsa_secp224r1.circom (1)
5-5: REGISTER_ID correctly derives hash byte lengths from algorithm parameters, not the MAX_SIGNED_ATTR_PADDED_LEN argument.circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_3072.circom (1)
5-5: Measure proof cost for REGISTER_ID(256) and gate heavy CI tests if neededRaising the byte bound to 256 can significantly increase R1CS size and prover time. Repo has r1cs build scripts and many circuit tests that disable Mocha timeouts, but I found no repo-level proving budget or CI timeout that would automatically safeguard against a large jump.
- circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_3072.circom — main uses REGISTER_ID(256, 256, 19, 120, 35, 512, 256).
- circuits/scripts/build/common.sh and circuits/scripts/build/build_r1cs_wasm.sh — r1cs/wasm build steps (prints .r1cs size).
- circuits/tests/** (e.g. circuits/tests/register_id/register_id.test.ts) — many tests use this.timeout(0).
- packages/mobile-sdk-alpha/src/config/defaults.ts — client proof timeout defaults (proofMs).
Run a local build+prove for this instance and compare .r1cs size and proof times to the previous bound; if size/prove-time increases materially and risks CI timeouts, gate the heavy circuit tests or increase CI job timeouts/resource limits.
circuits/tests/register/test_cases.ts (1)
14-19: Test-only isolation confirmed for RSA PKCS#1 v1.5 + SHA-1 (e=64321/4096)
This variant appears exclusively in test fixtures (e.g. rsaPkcs1v1_5.test.ts, generateMockInputsInCircuits, signatureAlgorithm.circom) and is never referenced in production profiles.circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp256r1.circom (1)
5-5: Compile and compare R1CS rows/wires against the previous build to confirm no unintended constraint growth from the SHA-256 width bump.circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP256r1.circom (1)
5-5: Ensure Poseidon hash uses “register-v1” domain separation
No occurrences of"register-v1"were found in any.circomfile—please confirm (or add) the tag inregister_id.circom(and its base) so that the register output remains a Poseidon commitment with domain-separation"register-v1".circuits/circuits/dsc/instances/dsc_sha256_rsa_56611_4096.circom (1)
5-5: No action needed—DSC ID 51 and chunking parameters are correct
ID 51 maps torsa_sha256_56611_4096in signatureAlgorithm.circom and types.ts, DSC(51, 120, 35) is used only in the intended instance, and JS’ssplitToWords(n, k)calls align with 120/35 chunking for RSA-4096.circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsa_65537_4096.circom (1)
5-5: Verify JS padding cap & rebuild artifacts
- Confirm common/src/constants/constants.ts sets
MAX_PADDED_SIGNED_ATTR_LEN.sha256 = 256; update input-gen/tests if needed and regenerate/version the zkeys/vkeys forregister_id_sha256_sha256_sha256_rsa_65537_4096.circom.circuits/circuits/dsc/instances/dsc_sha256_rsa_130689_4096.circom (1)
5-5: Confirm compile-time footprint and CI test for RSA variant
ID 48 correctly maps torsa_sha256_130689_4096incircuits/utils/passport/signatureAlgorithm.circomandcommon/src/utils/types.ts. Compilecircuits/circuits/dsc/instances/dsc_sha256_rsa_130689_4096.circomto verify it remains under the 300 MB peak memory target, and add or confirm a CI job that executes an end-to-end proof with this ID.circuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circom (1)
10-11: LGTM: parameters match 4096-bit RSA limbing.CHUNK_SIZE=120, CHUNK_NUMBER=35, HASH_SIZE=256 aligns with 4096-bit PKCS#1 v1.5 over SHA-256.
circuits/circuits/tests/utils/rsa/test_rsa_sha256_56611_4096.circom (1)
10-11: LGTM: correct configuration for 4096-bit PKCS#1 v1.5 over SHA-256.Consistent with other RSA test harnesses.
circuits/circuits/dsc/instances/dsc_sha256_rsa_122125_4096.circom (1)
5-5: Selector 49 → RSA exponent 122125: verified.signatureAlgorithm.circom (entry 49) maps to rsa_sha256_122125_4096; signatureVerifier.circom instantiates VerifyRsa122125Pkcs1v1_5 (wired to message/modulus/signature); verifyRsa122125 uses FpPow122125Mod; tests/generateMockInputs set publicExponent=122125 — DSC(49,120,35) is consistent.
circuits/circuits/tests/utils/rsa/test_rsa_sha256_107903_4096.circom (1)
5-11: LGTM: test harness correctly wires SHA-256/107903 verifierInstantiation params (120, 35, 256) and IO wiring look consistent with the RSA-4096 chunking used elsewhere.
circuits/circuits/utils/passport/signatureVerifier.circom (1)
56-106: Routing for new RSA exponents looks correctHash chunking, zero-padding to k, and modulus/signature wiring are consistent across 47–51. No constraint gaps spotted.
circuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circom (1)
5-11: LGTM: mirrors existing RSA-4096/SHA-256 test patternParameters and wiring match the new 130689 verifier template.
circuits/circuits/utils/passport/signatureAlgorithm.circom (4)
48-52: New IDs registered appropriatelyIDs 47–51 are clearly documented and align with the added circuits.
145-154: Hash-length mapping is consistent47→160 (SHA-1), 48–51→256 (SHA-256) aligns with the verifier usage.
425-434: Exponent-bit mapping matches intended e values64321/56611→16 bits; 130689/122125/107903→17 bits. This keeps suffix-length logic coherent.
458-469: DER suffix bytes for new exponents look correctHex values decode to the documented exponents; lengths match getSuffixLength() expectations.
circuits/circuits/utils/crypto/signature/rsa/verifyRsa130689Pkcs1v1_5.circom (1)
20-27: Confirm HASH_SIZE enforcement onmessage(zero high limbs/bits if not already enforced).If
Pkcs1v1_5Paddingdoes not itself constrainmessageto exactlyHASH_SIZEbits, the prover could inject non-zero data above the digest. Either confirm the padder enforces this, or add constraints to zero out high limbs and the unused high bits of the last limb.If needed, apply:
+ // Constrain message to HASH_SIZE bits (if not already enforced by padder) + var usedChunks = (HASH_SIZE + CHUNK_SIZE - 1) / CHUNK_SIZE; + for (var i = usedChunks; i < CHUNK_NUMBER; i++) { + message[i] === 0; + } + var extraBits = (usedChunks * CHUNK_SIZE) - HASH_SIZE; + if (extraBits > 0) { + component msgLastBits = Num2Bits(CHUNK_SIZE); + msgLastBits.in <== message[usedChunks - 1]; + for (var b = CHUNK_SIZE - extraBits; b < CHUNK_SIZE; b++) { + msgLastBits.out[b] === 0; + } + }circuits/circuits/utils/crypto/signature/rsa/verifyRsa56611Pkcs1v1_5.circom (1)
22-27: Verify digest-size handling is strict.Please confirm
Pkcs1v1_5Paddingstrictly bindsmessagetoHASH_SIZEbits (including zeroing unused high bits). If not, add the same constraints suggested in the 130689 variant.circuits/circuits/utils/crypto/signature/rsa/verifyRsa122125Pkcs1v1_5.circom (1)
47-50: Chunk-wise equality to padder output: good.Final equality across all limbs is correct and mirrors the 65537 verifier pattern.
circuits/circuits/utils/crypto/signature/rsa/verifyRsa64321Pkcs1v1_5.circom (1)
7-16: Double-check SHA-256 byte-size change is reflected in PKCS#1 v1.5 DER.Given the PR objective mentions “increase sha256 byte size,” ensure the DER DigestInfo prefix and
HASH_SIZEused byPkcs1v1_5Paddingmatch the new byte-size expectation; otherwise verifications will silently fail.common/src/constants/mockCertificates.ts (2)
1078-1164: Fix CI formatting: runpnpm prettier --write common/src/constants/mockCertificates.tsto satisfy the pipeline; Prettier leaves template-literal PEM content intact.
759-845: Mapping present; add e2e signature tests for new exponents (107903, 122125)
- Confirmed: common/src/utils/passports/getMockDSC.ts maps 'rsa_sha256_122125_4096' and 'rsa_sha256_107903_4096' to mockCertificates.*.
- Missing: no references to 107903 or 122125 were found under tests/ or test/** — add end‑to‑end tests that exercise signature verification for each new exponent variant.
|
|
||
| include "../dsc.circom"; | ||
|
|
||
| component main { public [ merkle_root ] } = DSC(50, 120, 35); |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Confirm algorithm ID (50) mapping and input chunking alignment
Ensure ID 50 maps to rsa_sha256_107903_4096 and that (120,35) matches JS splitToWords usage for 4096-bit RSA in input generation.
🏁 Script executed:
#!/bin/bash
rg -nP '(rsa_sha256_107903_4096|\\b50\\b)' circuits/circuits/utils/passport/signatureAlgorithm.circom common/src/constants common/src/utils/types.ts -C2
rg -nP 'DSC\\(50,\\s*120,\\s*35\\)' circuits/circuits/dsc/instances -n
rg -nP 'splitToWords\\(.*,(\\s*120\\s*),(\\s*35\\s*)\\)' common/src/utils -C2Length of output: 1001
🏁 Script executed:
#!/bin/bash
# Locate splitToWords definition and all its invocations
rg -n "function splitToWords" -g "*.ts" -g "*.js" -C3
rg -n "splitToWords" -g "*.ts" -g "*.js" -C3
# Double-check DSC instantiation parameters in the target instance file
rg -n "DSC(50, 120, 35)" -g "circuits/circuits/dsc/instances/*.circom"Length of output: 10917
🏁 Script executed:
#!/bin/bash
# Extract getNAndK implementation to see how n and k are assigned for each algorithm
rg -nP 'function\s+getNAndK' -C10 common/src/utils/passports/passport.ts
# Check the literal values of the 4096-bit DSC constants
rg -nP 'n_dsc_4096' -C5 common/src/constants/constants.jsLength of output: 1908
Synchronize DSC circuit chunking with JS splitToWords parameters
• Algorithm ID 50 correctly maps to rsa_sha256_107903_4096 in signatureAlgorithm.circom, but the circuit instantiates DSC(50, 120, 35) (120-bit words × 35 chunks) whereas getNAndK('rsa_sha256_107903_4096') yields wordsize 32 bits and 128 chunks (4096/32 = 128). Update the circuit parameters or JS mapping so both use the same (bits-per-word, number-of-words).
🤖 Prompt for AI Agents
In circuits/circuits/dsc/instances/dsc_sha256_rsa_107903_4096.circom around line
5 the DSC instantiation uses DSC(50, 120, 35) which mismatches the JS
getNAndK('rsa_sha256_107903_4096') that returns wordsize=32 and chunks=128;
update the circuit parameters to use DSC(50, 32, 128) so bits-per-word and
number-of-words match the JS splitToWords logic (alternatively, if you prefer
changing JS, adjust getNAndK/mapping for rsa_sha256_107903_4096 to return 120
and 35 and update any dependent code), and then run tests to ensure both circuit
and JS splitting produce identical word/chunk counts.
| include "../register_id.circom"; | ||
|
|
||
| component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 37, 64, 6, 512, 128); | ||
| component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 37, 64, 6, 512, 256); |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Confirm param semantics and repo-wide consistency (breaking-change risk).
You changed the last REGISTER_ID param from 128 → 256. If this param controls SHA-256 digest/truncation length or max signed-attr bytes, this is a protocol-level change that can invalidate existing proofs/keys and any mobile/contract integration expecting the old shape. Verify the template’s param order and ensure all dependent instances, witness builders, and verifiers are aligned.
Run to confirm template signature and spot any remaining 128s:
If production relies on the 128-param variant, prefer adding a new v2 instance (filename + circuit ID) and deprecate the old one, so mobile clients and contracts can migrate explicitly.
🏁 Script executed:
#!/bin/bash
# 1) Inspect REGISTER_ID template signature(s)
rg -nC3 -g 'circuits/**/*.circom' -P '\btemplate\s+REGISTER_ID\s*\('
# 2) List all REGISTER_ID instantiations and diff the last param
rg -n -g 'circuits/**/*.circom' 'REGISTER_ID\(' | sed -E 's/.*REGISTER_ID\((.*)\).*/\1/' | awk -F, '{print NF "\t" $0}' | sort -u
# 3) Find any lingering instances still using 128 as last arg
rg -n -g 'circuits/**/*.circom' -P 'REGISTER_ID\([^)]*128\s*\)\s*;'Length of output: 2866
Align REGISTER_ID last parameter across all instances
Five circuits still instantiate REGISTER_ID with a trailing 128 (e.g.,
- circuits/circuits/register_id/instances/register_id_sha256_sha224_sha224_ecdsa_secp224r1.circom:5
- circuits/circuits/register_id/instances/register_id_sha224_sha224_sha224_ecdsa_brainpoolP224r1.circom:5
- circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_rsa_65537_4096.circom:5
- circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_ecdsa_secp256r1.circom:5
- circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_ecdsa_brainpoolP224r1.circom:5)
causing inconsistent digests/truncation lengths and breaking-change risk. Either update all existing instances to use256via a new “v2” circuit (and deprecate the old ones), or revert this change and plan a coordinated versioned rollout.
💡 Verification agent
🧩 Analysis chain
Boundary conditions and witness-builder alignment.
If 256 represents max bytes for the SHA-256 preimage of signed attributes, add/verify checks that:
- Inputs >256 bytes are rejected at witness-build time,
- Edge cases at 0, 1, 255, 256 bytes pass, and 257 fails,
- The same limit is enforced consistently in the RN/TS client, server, and circuit.
🏁 Script executed:
#!/bin/bash
# Grep for the REGISTER_ID param usage in the witness builder to ensure 256 is reflected there
rg -n -C3 -P '(Sha256(Bytes|General)|REGISTER_ID).*256' app/witnesscalc src scripts
# Find tests touching REGISTER_ID limits to extend with 0/1/255/256/257 byte cases
rg -n -g '**/*test*' -P 'REGISTER_ID|sha256.*(limit|bytes|max|length)'Length of output: 460
🏁 Script executed:
#!/bin/bash
# Locate REGISTER_ID usage in the TypeScript client
rg -n -C3 'REGISTER_ID' --glob 'app/**/*.ts'
# Find witness-builder or similar implementations
rg -n -C3 'witness' --glob 'app/**/*.ts'
# Check for SHA-256 preimage handling
rg -n -C3 'sha256' --glob 'app/**/*.ts'
# Search for hardcoded 256 limit references
rg -n -C3 '256' --glob 'app/**/*.ts'Length of output: 19341
Enforce 256-byte SHA-256 preimage limit across all layers
- No checks in the RN/TS client (e.g. in
provingMachine.tsorvalidateDocument.ts) or API server reject inputs >256 bytes. - Add validations in the witness-builder, client, and server to reject >256-byte preimages at build/runtime.
- Add unit tests covering boundary cases: 0, 1, 255, 256 (should pass) and 257 (should fail).
🤖 Prompt for AI Agents
In
circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circom
around line 5, the circuit is configured for 256-byte SHA-256 preimages but
there are no enforced preimage-size checks in the RN/TS client or server; add
runtime/build-time validations to reject inputs >256 bytes: update the
witness-builder to validate preimage length before constructing witnesses, add
checks in provingMachine.ts and validateDocument.ts to throw/return an error
when preimage.byteLength > 256, and add equivalent validation on the API server
request handler to return 4xx for oversized preimages; finally add unit tests
that assert success for lengths 0, 1, 255, 256 and failure for 257 to cover
boundary cases.
💡 Verification agent
🧩 Analysis chain
Domain separation/tag invariants.
Per spec, Register outputs must keep the Poseidon domain tag “register-v1”. Ensure this param change did not alter the commitment derivation or tag; otherwise, on-chain/verifier-side equality checks can silently break.
If semantics changed (e.g., digest width), consider bumping the circuit ID or file name to make versioning explicit and prevent accidental mixing in clients/contracts.
🏁 Script executed:
#!/bin/bash
# Ensure the domain tag remains unchanged across register/register_id circuits
rg -n -g 'circuits/**/*.circom' -P 'register-v1|register_id.*domain|Poseidon.*domain'Length of output: 87
🏁 Script executed:
#!/bin/bash
# Locate REGISTER_ID definition and inspect Poseidon domain separation tag usage
rg -n 'template REGISTER_ID' -g 'circuits/**/*.circom'
rg -n 'REGISTER_ID\(' -C3 -g 'circuits/**/*.circom'
rg -n 'Poseidon' -C3 -g 'circuits/**/*.circom'Length of output: 37528
🏁 Script executed:
#!/bin/bash
# Inspect header of register circuit for domain tag definitions
sed -n '1,200p' circuits/circuits/register/register.circom
# Inspect header of register_id circuit for domain tag definitions
sed -n '1,200p' circuits/circuits/register_id/register_id.circom
# Search for any domain or tag constants across all circom files
rg -n 'domain' -g 'circuits/**/*.circom'
rg -n 'tag' -g 'circuits/**/*.circom'Length of output: 16846
🏁 Script executed:
#!/bin/bash
# Inspect constants for domain separation tags
sed -n '1,200p' circuits/circuits/utils/passport/constants.circom
rg -n 'register-v1' -g circuits/circuits/utils/passport/constants.circom
rg -n 'domain' -g circuits/circuits/utils/passport/constants.circomLength of output: 909
Commitment generation omits required register-v1 domain tag
The Poseidon hash in both REGISTER and REGISTER_ID templates currently hashes [secret, attestation_id, …] without the spec-mandated "register-v1" tag. Insert the tag as an explicit input (e.g. Poseidon(6)([registerTag, secret, …])) or bump the circuit version to v2 to prevent on-chain/verifier mismatches.
🤖 Prompt for AI Agents
In
circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circom
around line 5, the instantiated REGISTER_ID call (component main ...) leads to
templates that currently compute Poseidon over [secret, attestation_id, …]
without the required "register-v1" domain tag; update the REGISTER and
REGISTER_ID templates (and this instance if needed) to include an explicit
registerTag as the first Poseidon input (e.g. Poseidon(6)([registerTag, secret,
attestation_id, ...])) or alternatively bump the circuit version to v2 and
adjust all related inputs/verifiers accordingly so the commitment matches the
spec-mandated "register-v1" domain tag.
| include "../register_id.circom"; | ||
|
|
||
| component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 23, 64, 6, 512, 128); | ||
| component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 23, 64, 6, 512, 256); |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Bump to 256: verify REGISTER_ID’s 7th param semantics and capacity
If this arg is the SHA-256 input byte bound (as implied by the PR), confirm register_id.circom resized buffers, range checks, and any packing logic accordingly. A mismatch (old 128 caps still in template) would truncate/overflow and silently weaken soundness; also watch for proving-time/constraint growth regressions.
Run to confirm template contract and repo-wide consistency:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# 1) Inspect REGISTER_ID signature/param names
rg -nC3 -P 'template\s+REGISTER_ID\s*\(' circuits/circuits/register_id.circom
# 2) Ensure all instances use 256 as the last arg (no stragglers at 128)
echo "[instances last-arg distribution]"
rg -nP 'REGISTER_ID\([^)]*\)' circuits/circuits/register_id/instances \
| sed -E 's/.*REGISTER_ID\((.*)\).*/\1/' \
| awk -F',' '{gsub(/ /,"",$NF); print $NF}' | sort | uniq -c
rg -nP 'REGISTER_ID\([^)]*128\)' circuits/circuits/register_id/instances || true
# 3) Confirm domain-separation tag still enforced in base template
rg -nP 'register-v1' circuits/circuits/register_id.circom circuits/circuits/register/register.circom || trueLength of output: 176
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# 1) Locate REGISTER_ID template definition across all .circom files
echo "Locating REGISTER_ID template definition"
rg -nC3 -P 'template\s+REGISTER_ID\s*\(' -g '*.circom'
# 2) Enumerate all REGISTER_ID invocations project-wide
echo "Listing REGISTER_ID invocations"
rg -nHP 'REGISTER_ID\(' -g '*.circom'
# 3) Check last-arg distribution in instances under register_id/instances
echo "[instances last-arg distribution under circuits/circuits/register_id/instances]"
rg -nP 'REGISTER_ID\([^)]*\)' circuits/circuits/register_id/instances/**/*.circom \
| sed -E 's/.*REGISTER_ID\((.*)\).*/\1/' \
| awk -F',' '{gsub(/ /,"",$NF); print $NF}' | sort | uniq -c
# 4) Verify domain-separation tag enforcement in base templates
echo "Checking for domain separation tag 'register-v1'"
rg -nP 'register-v1' -g '*.circom'Length of output: 6597
#!/usr/bin/env bash
set -euo pipefail
echo "1) Inspect REGISTER_ID template signature"
rg -nC3 -P 'template\s+REGISTER_ID\s*\(' circuits/circuits/register_id/register_id.circom
echo
echo "2) List all REGISTER_ID instances and check 7th parameter distribution"
rg -nP 'REGISTER_ID\([^)]*\)' circuits/circuits/register_id/instances/*.circom \
| sed -E 's/.*REGISTER_ID\((.*)\).*/\1/' \
| awk -F',' '{gsub(/ /,"",$NF); print "last_arg="$NF}' \
| sort | uniq -c
echo
echo "3) Verify domain-separation tag 'register-v1' is still enforced"
rg -nP 'register-v1' circuits/circuits/register_id/register_id.circom circuits/circuits/register/register.circom || echo "tag not found"Bump all REGISTER_ID instances’ 7th param to 256 and verify template logic & domain-sep tag
-
Instances still passing
128as the 7th arg (must be updated to256):
• circuits/circuits/register_id/instances/register_id_sha256_sha224_sha224_ecdsa_secp224r1.circom
• circuits/circuits/register_id/instances/register_id_sha224_sha224_sha224_ecdsa_brainpoolP224r1.circom
• circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_rsa_65537_4096.circom
• circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_ecdsa_secp256r1.circom
• circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_ecdsa_brainpoolP224r1.circom -
In circuits/circuits/register_id/register_id.circom, confirm bump to 256 bytes is reflected in buffer sizing, range checks, and packing logic to prevent truncation/overflow.
-
Verify the
"register-v1"domain separation tag remains enforced in the REGISTER_ID template.
🤖 Prompt for AI Agents
In
circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp384r1.circom
around line 5, change the 7th argument of the REGISTER_ID instantiation from 128
to 256 and update the other listed instance files likewise; then open
circuits/circuits/register_id/register_id.circom and ensure the template’s
buffer sizes, byte/bit range checks, and packing/unpacking logic use 256-byte
sizing (no truncation or overflow), and confirm the domain separation tag
"register-v1" is still applied and enforced in the template.
| include "../register_id.circom"; | ||
|
|
||
| component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 13, 120, 35, 512, 128); | ||
| component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 13, 120, 35, 512, 256); |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Verify 128→256 parameter bump is fully plumbed (inputs, constants, and witnesses).
If this arg maps to max SHA padded bytes or signed-attr length, you must align:
- common/src/constants (e.g., MAX_PADDED_SIGNED_ATTR_LEN) = 256
- Input generators pass datahashes_padded_length accordingly
- All REGISTER_ID instances use the same value to avoid key/verifier mismatches
Run:
🏁 Script executed:
#!/bin/bash
# Find all REGISTER_ID invocations and last-arg values
rg -nP 'REGISTER_ID\([^)]*\)' circuits | sed -E 's/.*REGISTER_ID\(([^)]*)\).*/\1/' | awk -F, '{print $NF}' | sort -u
# Check constants and usage in TS
rg -n 'MAX_PADDED_SIGNED_ATTR_LEN|MAX_SHA_BYTES|datahashes_padded_length' common | catLength of output: 537
Align REGISTER_ID size parameter across all instances
– rg shows both 128 and 256 as the last argument to REGISTER_ID(…) in circuits; change any trailing 128 to 256 so every instance matches.
– In common/src/constants/constants.ts, update MAX_PADDED_SIGNED_ATTR_LEN entries to reflect a padded length of 256 for all relevant hash algorithms.
– Ensure generateInputs.ts (common/src/utils/circuits/generateInputs.ts) uses the updated 256-byte padding.
🤖 Prompt for AI Agents
In
circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsa_3_4096.circom
around line 5 and across other circuit instance files, the trailing size
argument to REGISTER_ID must be 256 (not 128) — update any REGISTER_ID(..., 128)
to REGISTER_ID(..., 256) so all instances align; in
common/src/constants/constants.ts update all MAX_PADDED_SIGNED_ATTR_LEN entries
for the affected hash algorithms to 256 (replace any 128 values with 256); and
in common/src/utils/circuits/generateInputs.ts adjust the padding logic to use a
256-byte padded length when generating inputs so it matches the changed
constants and circuit instances.
| include "../register_id.circom"; | ||
|
|
||
| component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 4, 120, 35, 512, 128); | ||
| component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 4, 120, 35, 512, 256); |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Parameter bump to 256: confirm it matches the intended signed-attr/byte-cap and is applied repo-wide.
If this is the SHA-256 signed-attributes/cert-bytes cap, centralize it as a named constant to avoid drift and recompile all dependent instances. Also check proving key size impact.
Run:
Optional refactor within this file:
-component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 4, 120, 35, 512, 256);
+// TODO: replace 256 with a shared constant (e.g., SIGNED_ATTR_MAX_BYTES) defined once
+component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 4, 120, 35, 512, 256);🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Any remaining REGISTER_ID/REGISTER instances still using 128 as the last arg?
rg -nP 'REGISTER(_ID)?\([^)]*[, ]128\)' circuits/circuits -g '!**/node_modules/**' -S | sed -n '1,200p'Length of output: 2269
Define a shared constant for the signed-attributes cap and replace all literal 128 usages
Replace the last argument in every REGISTER and REGISTER_ID call (12 instances still use 128) with a single constant, e.g.
// shared/constants.circom
const SIGNED_ATTR_MAX_BYTES = 256;then update each instance:
- … REGISTER_ID(…, 128);
+ … REGISTER_ID(…, SIGNED_ATTR_MAX_BYTES);Finally, regenerate all proving keys to account for the new cap.
Comment on lines
271
to
276
| # RSA-PSS certificates | ||
| generate_certificate csca sha256 rsapss 32 65537 4096 | ||
| generate_certificate csca sha256 rsapss 32 65537 4096 --force | ||
| generate_certificate csca sha256 rsapss 32 65537 2048 | ||
| generate_certificate csca sha256 rsapss 32 65537 3072 | ||
| generate_certificate dsc sha256 rsapss 32 65537 4096 --signer sha256_rsapss_32_65537_4096 --force | ||
| generate_certificate dsc sha256 rsapss 32 65537 4096 --signer sha256_rsapss_32_65537_4096 |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Make RSASSA-PSS parameters explicit to avoid verifier mismatches.
OpenSSL’s defaults can vary; explicitly pin MGF1 hash to match the message hash for both CSCA self-sign and DSC signing. This prevents interop bugs in downstream verifiers.
Apply:
- -sigopt rsa_padding_mode:pss \
- -sigopt rsa_pss_saltlen:"$salt" \
+ -sigopt rsa_padding_mode:pss \
+ -sigopt rsa_pss_saltlen:"$salt" \
+ -sigopt rsa_mgf1_md:"$hash" \Also applies to: 289-292
🤖 Prompt for AI Agents
In common/src/scripts/generateCertificates.sh around lines 271 to 276 (and also
apply the same change to lines 289 to 292), the RSASSA-PSS invocations omit an
explicit MGF1 hash, relying on OpenSSL defaults which can differ between
implementations; update each generate_certificate rsapss call to include an
explicit MGF1 parameter that pins the MGF1 hash to sha256 (so the MGF1 hash
matches the message hash) for both CSCA self-sign and DSC signing invocations to
prevent verifier mismatches.
| import * as asn1 from 'asn1js'; | ||
| import elliptic from 'elliptic'; | ||
| import * as forge from 'node-forge'; | ||
| import forge from 'node-forge'; |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Default import of node-forge can break without esModuleInterop; harden the interop or revert to namespace import.
Risk: RN/web bundlers may fail if tsconfig lacks esModuleInterop/allowSyntheticDefaultImports; also the runtime fallback at Line 149 assumes both shapes. Make the interop explicit and ensure Buffer is polyfilled for RN.
-
Verify tsconfig flags and repo-wide forge import style:
-
Safer pattern (keep default import but robustify the fallback at use-site):
-import forge from 'node-forge';
+import forge from 'node-forge';Outside this line range, update the resolver:
// near Line 149
const actualForge: any =
(forge as any)?.pki
? forge
: (forge as any)?.default?.pki
? (forge as any).default
: forge;- For React Native, explicitly import Buffer to avoid global absence:
import { Buffer } from 'buffer';🏁 Script executed:
#!/bin/bash
set -euo pipefail
jq -r '.compilerOptions.esModuleInterop,.compilerOptions.allowSyntheticDefaultImports' tsconfig.json 2>/dev/null || echo "tsconfig not found or flags missing"
rg -nP "from 'node-forge'" -S | sed -n '1,200p'Length of output: 1080
🏁 Script executed:
#!/bin/bash
set -euo pipefail
files=( $(find . -type f -iname 'tsconfig*.json') )
if [ ${#files[@]} -eq 0 ]; then
echo "No tsconfig files found"
else
for f in "${files[@]}"; do
echo "File: $f"
jq '.compilerOptions | {esModuleInterop, allowSyntheticDefaultImports}' "$f" || echo "Error parsing $f"
done
fiLength of output: 4656
Use namespace import for node-forge and polyfill Buffer
At common/src/utils/passports/genMockPassportData.ts:3, replace the default import:
-import forge from 'node-forge';
+import * as forge from 'node-forge';And ensure React Native supplies Buffer (for example, in your entry‐point):
import { Buffer } from 'buffer';
global.Buffer ||= Buffer;🤖 Prompt for AI Agents
In common/src/utils/passports/genMockPassportData.ts around line 3, the file
currently uses a default import from node-forge which can cause runtime issues
in some environments; replace the default import with a namespace import from
'node-forge' (i.e., import everything from node-forge as a single namespace)
and, for React Native, ensure Buffer is polyfilled at the app entry-point by
importing Buffer from the 'buffer' package and assigning it to global.Buffer if
not already present.
Comment on lines
+172
to
+191
| case 'rsa_sha1_64321_4096': | ||
| privateKeyPem = mockCertificates.mock_dsc_sha1_rsa_64321_4096_key; | ||
| dsc = mockCertificates.mock_dsc_sha1_rsa_64321_4096; | ||
| break; | ||
| case 'rsa_sha256_130689_4096': | ||
| privateKeyPem = mockCertificates.mock_dsc_sha256_rsa_130689_4096_key; | ||
| dsc = mockCertificates.mock_dsc_sha256_rsa_130689_4096; | ||
| break; | ||
| case 'rsa_sha256_122125_4096': | ||
| privateKeyPem = mockCertificates.mock_dsc_sha256_rsa_122125_4096_key; | ||
| dsc = mockCertificates.mock_dsc_sha256_rsa_122125_4096; | ||
| break; | ||
| case 'rsa_sha256_107903_4096': | ||
| privateKeyPem = mockCertificates.mock_dsc_sha256_rsa_107903_4096_key; | ||
| dsc = mockCertificates.mock_dsc_sha256_rsa_107903_4096; | ||
| break; | ||
| case 'rsa_sha256_56611_4096': | ||
| privateKeyPem = mockCertificates.mock_dsc_sha256_rsa_56611_4096_key; | ||
| dsc = mockCertificates.mock_dsc_sha256_rsa_56611_4096; | ||
| break; |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Verify new RSA exponents have matching mocks and circuit support.
Ensure mock certs/keys exist and verifier circuits/tests cover 64321, 130689, 122125, 107903, 56611 to prevent dead enums.
🏁 Script executed:
#!/bin/bash
# Check mock artifacts exist
rg -n 'mock_dsc_.*(64321|130689|122125|107903|56611)' common/src/constants/mockCertificates.ts
# Check circuit verifiers/tests exist
fd -a 'verifyRsa*Pkcs1v1_5.circom' circuits/circuits/utils/crypto/signature/rsa
fd -a 'test_rsa_sha256_*.circom' circuits/circuits/tests/utils/rsaLength of output: 1061
Add RSA verification circuits and tests for new exponents
Mocks for exponents 64321, 130689, 122125, 107903 and 56611 are present, but no corresponding verifier circuits in circuits/circuits/utils/crypto/signature/rsa or test files in circuits/circuits/tests/utils/rsa. Add per-exponent verifyRsaPkcs1v1_5_4096.circom and matching test_rsa_sha256.circom to prevent dead enums.
🤖 Prompt for AI Agents
In common/src/utils/passports/getMockDSC.ts around lines 172 to 191, the switch
selects mock DSCs for RSA exponents 64321, 130689, 122125, 107903 and 56611 but
there are no corresponding verifier circuits or tests, which will leave these
enum cases dead; add per-exponent verifier circuits named
circuits/circuits/utils/crypto/signature/rsa/verifyRsaPkcs1v1_5_<exponent>_4096.circom
(one file per exponent) implementing the PKCS#1 v1.5 SHA-1/SHA-256 verification
as used by existing RSA verifiers, and add matching test files
circuits/circuits/tests/utils/rsa/test_rsa_sha256_<exponent>.circom that mirror
existing test patterns to exercise each new circuit; ensure the new circuits are
exported/registered the same way as existing RSA verifier circuits and update
any test harness or index files to include the new tests so the enum cases are
exercised.
| @@ -1,5 +1,5 @@ | |||
| import * as asn1js from 'asn1js'; | |||
| import * as forge from 'node-forge'; | |||
| import forge from 'node-forge'; | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Default import for node-forge may break without interop flags (React Native bundling risk)
Ensure tsconfig has esModuleInterop and allowSyntheticDefaultImports enabled, and that Metro/Babel config supports CJS default interop for node-forge. Mixing default and namespace imports across the repo will cause subtle runtime/type errors.
🏁 Script executed:
#!/bin/bash
# 1) Check TS interop flags.
fd -a tsconfig*.json | xargs -I{} sh -c 'echo "== {} =="; cat {} | jq ".compilerOptions.esModuleInterop, .compilerOptions.allowSyntheticDefaultImports"'
# 2) Find any remaining namespace imports to standardize.
rg -n "import\s+\*\s+as\s+forge\s+from\s+'node-forge'" -S
rg -n "import\s+\*\s+as\s+forge\s+from\s+\"node-forge\"" -S
# 3) Find default imports and confirm consistency.
rg -n "import\s+forge\s+from\s+'node-forge'" -SLength of output: 1582
Standardize node-forge imports and confirm interop flags
- app/tests/tsconfig.json doesn’t declare
esModuleInterop(and thus relies on defaults); ensure it extends the main tsconfig (whereesModuleInterop: trueis set) or explicitly add"esModuleInterop": trueundercompilerOptions. - Detected both
•import * as forge from 'node-forge'(e.g. common/src/utils/passports/passport.ts)
•import forge from 'node-forge'(e.g. brutForceDscSignature.ts),
pick one import style for all usages to prevent subtle runtime/type mismatches. - Verify your Metro/Babel setup supports CommonJS default interop if you continue using
import forge from 'node-forge'.
🤖 Prompt for AI Agents
In common/src/utils/passports/passport_parsing/brutForceDscSignature.ts around
line 2, the file imports node-forge using the default import syntax which is
inconsistent with other files and may fail when esModuleInterop is not enabled;
standardize imports by using the same import style across the codebase (either
`import * as forge from 'node-forge'` everywhere or enable esModuleInterop in
tsconfig and ensure all test tsconfigs extend the main tsconfig), update this
file to match the chosen import style, and confirm Metro/Babel configuration
supports CommonJS default interop if you choose to keep the default-import form.
Comment on lines
+101
to
109
| | 'ecdsa_sha512_brainpoolP512r1_512' | ||
| | 'rsapss_sha256_65537_4096_32' | ||
| | 'rsapss_sha256_65537_2048_32' | ||
| | 'rsa_sha1_64321_4096' | ||
| | 'rsa_sha256_130689_4096' | ||
| | 'rsa_sha256_122125_4096' | ||
| | 'rsa_sha256_107903_4096' | ||
| | 'rsa_sha256_56611_4096'; | ||
|
|
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Wire new algorithm strings across routing, constants, and mocks
The added variants must be fully supported end‑to‑end (routing in circuits/SDK, MAX_CERT_BYTES entries, mock DSCs/fixtures). Missing any piece will cause runtime errors or failing proofs.
Run:
Additionally, consider centralizing algorithm metadata (hash, exponent, key size, expected byte budgets) in a single source to eliminate stringly‑typed drift across SDK and circuits.
🏁 Script executed:
#!/bin/bash
# 1) Ensure string constants appear in mock DSC generator
rg -n "rsapss_sha256_65537_4096_32|rsapss_sha256_65537_2048_32|rsa_sha1_64321_4096|rsa_sha256_130689_4096|rsa_sha256_122125_4096|rsa_sha256_107903_4096|rsa_sha256_56611_4096" common/src/utils/passports
# 2) Ensure circuit routing includes them
rg -n "64321_4096|56611_4096|107903_4096|122125_4096|130689_4096" circuits/circuits
# 3) Ensure constants include MAX_CERT_BYTES for all new RSA PKCS1 v1.5 SHA-256 variants
rg -n "rsa_sha256_56611_4096|rsa_sha256_107903_4096|rsa_sha256_122125_4096|rsa_sha256_130689_4096" common/src/constants/constants.tsLength of output: 1436
Add missing MAX_CERT_BYTES entries for new RSA SHA-256 variants
common/src/constants/constants.ts lacks definitions for rsa_sha256_56611_4096, rsa_sha256_107903_4096, rsa_sha256_122125_4096, and rsa_sha256_130689_4096—add these to prevent runtime errors.
Consider centralizing algorithm metadata (hash, exponent, key size, byte budgets) to avoid stringly-typed drift across SDK and circuits.
🤖 Prompt for AI Agents
In common/src/utils/types.ts around lines 101-109, the new union members
rsa_sha256_56611_4096, rsa_sha256_107903_4096, rsa_sha256_122125_4096, and
rsa_sha256_130689_4096 lack corresponding MAX_CERT_BYTES entries in
common/src/constants/constants.ts; add entries for each of these keys in the
constants file (use the existing naming pattern and set MAX_CERT_BYTES to the
correct byte budget for 4096-bit RSA keys, e.g., 512 bytes) so imports
referencing these algorithm identifiers no longer fail at runtime, and consider
moving algorithm metadata (hash, exponent, key size, MAX_CERT_BYTES) into a
single centralized map for future additions.
There was a problem hiding this comment.
Actionable comments posted: 6
🧹 Nitpick comments (1)
circuits/circuits/utils/passport/signatureVerifier.circom (1)
53-67: Assert kLengthFactor == 1 in RSA signature branches
Addassert(kLengthFactor == 1);at the top of each RSA branch in circuits/utils/passport/signatureVerifier.circom (e.g. lines 53–67) to explicitly guard against future k-scaling mismatches—getKLengthFactor(47–51) returns 1.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (10)
circuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circom(1 hunks)circuits/circuits/tests/utils/rsa/test_rsa_sha256_107903_4096.circom(1 hunks)circuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circom(1 hunks)circuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circom(1 hunks)circuits/circuits/tests/utils/rsa/test_rsa_sha256_56611_4096.circom(1 hunks)circuits/circuits/utils/crypto/signature/FpPowMod.circom(2 hunks)circuits/circuits/utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circom(1 hunks)circuits/circuits/utils/passport/signatureVerifier.circom(7 hunks)circuits/tests/dsc/test_cases.ts(1 hunks)common/src/scripts/generateCertificates.sh(4 hunks)
🚧 Files skipped from review as they are similar to previous changes (4)
- circuits/circuits/tests/utils/rsa/test_rsa_sha256_107903_4096.circom
- circuits/circuits/tests/utils/rsa/test_rsa_sha256_56611_4096.circom
- circuits/tests/dsc/test_cases.ts
- common/src/scripts/generateCertificates.sh
🧰 Additional context used
📓 Path-based instructions (1)
circuits/**/*.circom
⚙️ CodeRabbit configuration file
circuits/**/*.circom: Review ZK circuit code for:
- Circuit correctness and completeness
- Constraint efficiency
- Input validation
- Security considerations for zero-knowledge proofs
Files:
circuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circomcircuits/circuits/utils/passport/signatureVerifier.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circomcircuits/circuits/utils/crypto/signature/FpPowMod.circom
🧠 Learnings (4)
📓 Common learnings
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to circuits/circuits/dsc/dsc.circom : DSC proof circuit must support signature algorithms RSA-2048 and ECDSA-P256
📚 Learning: 2025-08-24T18:55:07.940Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to circuits/circuits/dsc/dsc.circom : DSC proof circuit must support signature algorithms RSA-2048 and ECDSA-P256
Applied to files:
circuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circomcircuits/circuits/utils/passport/signatureVerifier.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circom
📚 Learning: 2025-08-24T18:52:25.796Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to noir/crates/dg1/src/dg1/dg1.nr : Document verification processing using ICAO standards and DSC verification with multiple signature algorithms in dg1.nr
Applied to files:
circuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circomcircuits/circuits/utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circomcircuits/circuits/utils/passport/signatureVerifier.circomcircuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circom
📚 Learning: 2025-08-24T18:55:07.940Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to circuits/circuits/dsc/dsc.circom : DSC proof circuit must verify certificate chain from CSCA to DSC
Applied to files:
circuits/circuits/utils/passport/signatureVerifier.circom
🧬 Code graph analysis (5)
circuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (3)
RSAVerify65537_278_run(969764-970010)RSAVerify65537_278_create(969754-969762)RSAPad_268_run(967709-968146)
circuits/circuits/utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (1)
RSAVerify65537_278_run(969764-970010)
circuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (2)
RSAVerify65537_278_run(969764-970010)PassportVerifier_279_run(970022-970527)
circuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (2)
RSAVerify65537_278_run(969764-970010)RSAVerify65537_278_create(969754-969762)
circuits/circuits/utils/crypto/signature/FpPowMod.circom (1)
app/witnesscalc/src/proof_of_passport.cpp (2)
FpPow65537Mod_277_run(969442-969752)FpMul_276_run(969019-969430)
⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: build-ios
- GitHub Check: build-android
- GitHub Check: test
🔇 Additional comments (6)
circuits/circuits/utils/crypto/signature/FpPowMod.circom (1)
5-5: Include looks correctThe dependency on signatureAlgorithm utilities is appropriate for deriving exponent metadata.
circuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circom (1)
1-14: Test coverage complete for RSA SHA256 IDs 49–51
Complementary tests for IDs 50 (107903) and 51 (56611) exist under circuits/circuits/tests/utils/rsa.circuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circom (1)
1-14: Test harness LGTMExercises rsa_sha1_64321_4096 (ID 47) with HASH_LEN_BITS=160 as expected.
circuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circom (1)
1-14: Test harness LGTMTargets rsa_sha256_130689_4096 (ID 48); parameters are consistent.
circuits/circuits/utils/passport/signatureVerifier.circom (2)
8-8: Include of generic RSA verifier is correctNo path/case mismatches detected; aligns with new routing.
31-31: Hash parsing wiring LGTMAssigning HashParser output into hashParsed[] is consistent with downstream usage.
Comment on lines
+86
to
+104
| function getPowerIndicesLength(signatureAlgorithm) { | ||
| if (signatureAlgorithm == 47) { | ||
| return 8; | ||
| } | ||
| if (signatureAlgorithm == 48) { | ||
| return 9; | ||
| } | ||
| if (signatureAlgorithm == 49) { | ||
| return 9; | ||
| } | ||
| if (signatureAlgorithm == 50) { | ||
| return 11; | ||
| } | ||
| if (signatureAlgorithm == 51) { | ||
| return 8; | ||
| } | ||
| assert(1 == 0); | ||
| return 0; | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Avoid duplicating signature-algorithm knowledge here
getPowerIndicesLength hard-codes per-algorithm data that likely also lives in signatureAlgorithm.circom. Duplicated mappings will drift and are easy to forget in future edits.
Consider moving both getPowerIndicesLength and getPowerIndices into signatureAlgorithm.circom (source of truth) and import them here. If that’s undesirable, add a clear comment pointing to the corresponding constants and a checklist item in the PR template to keep them in sync.
🤖 Prompt for AI Agents
In circuits/circuits/utils/crypto/signature/FpPowMod.circom around lines 86–104,
getPowerIndicesLength contains hard-coded per-algorithm mappings duplicate to
signatureAlgorithm.circom; remove this duplication by moving
getPowerIndicesLength (and getPowerIndices if present) into
signatureAlgorithm.circom as the single source of truth, export them there and
import them here, updating any call sites to use the imported functions; if
moving is not acceptable, add a clear top-of-file comment referencing the exact
constants/line locations in signatureAlgorithm.circom and add a PR-template
checklist item to update both locations when changing algorithm mappings so they
stay in sync.
Comment on lines
+106
to
+124
|
|
||
| function getPowerIndices(signatureAlgorithm) { | ||
| if (signatureAlgorithm == 47) { | ||
| return [15, 14, 13, 12, 11, 9, 8, 6]; | ||
| } | ||
| if (signatureAlgorithm == 48) { | ||
| return [16, 15, 14, 13, 12, 11, 10, 9, 7]; | ||
| } | ||
| if (signatureAlgorithm == 49) { | ||
| return [16, 15, 14, 12, 11, 10, 8, 3, 2]; | ||
| } | ||
| if (signatureAlgorithm == 50) { | ||
| return [16, 15, 13, 10, 8, 6, 5, 4, 3, 2, 1]; | ||
| } | ||
| if (signatureAlgorithm == 51) { | ||
| return [15, 14, 12, 11, 10, 8, 5, 1]; | ||
| } | ||
| assert(1 == 0); | ||
| return [1]; |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Validate indices against exponent bit-length to prevent out-of-bounds
These tables look right for 47–51 (sum(2^idx) + 1 equals the claimed exponents), but a mismatch with getExponentBits would cause doublers[powerIndices[i]-1] to index out of range at compile time.
Add static checks tying the tables to exponent_bits:
function getPowerIndices(signatureAlgorithm) {
...
}
template FpPowGenericMod(n, k, signatureAlgorithm) {
...
var powerIndices[powerIndicesLength] = getPowerIndices(signatureAlgorithm);
+ // Static safety: max(powerIndices) must fit in doublers
+ var maxIndex = 0;
+ for (var i = 0; i < powerIndicesLength; i++) {
+ if (powerIndices[i] > maxIndex) { maxIndex = powerIndices[i]; }
+ }
+ assert(maxIndex <= exponent_bits);
for (var i = 0; i < k; i++) {
muls[0].a[i] <== doublers[powerIndices[0] - 1].out[i];
...📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| function getPowerIndices(signatureAlgorithm) { | |
| if (signatureAlgorithm == 47) { | |
| return [15, 14, 13, 12, 11, 9, 8, 6]; | |
| } | |
| if (signatureAlgorithm == 48) { | |
| return [16, 15, 14, 13, 12, 11, 10, 9, 7]; | |
| } | |
| if (signatureAlgorithm == 49) { | |
| return [16, 15, 14, 12, 11, 10, 8, 3, 2]; | |
| } | |
| if (signatureAlgorithm == 50) { | |
| return [16, 15, 13, 10, 8, 6, 5, 4, 3, 2, 1]; | |
| } | |
| if (signatureAlgorithm == 51) { | |
| return [15, 14, 12, 11, 10, 8, 5, 1]; | |
| } | |
| assert(1 == 0); | |
| return [1]; | |
| } | |
| template FpPowGenericMod(n, k, signatureAlgorithm) { | |
| ... | |
| // Collect the precomputed doubling indices for this algorithm | |
| var powerIndices[powerIndicesLength] = getPowerIndices(signatureAlgorithm); | |
| // Static safety: ensure no index exceeds the number of doublers available | |
| var maxIndex = 0; | |
| for (var i = 0; i < powerIndicesLength; i++) { | |
| if (powerIndices[i] > maxIndex) { | |
| maxIndex = powerIndices[i]; | |
| } | |
| } | |
| assert(maxIndex <= exponent_bits); | |
| // Proceed to assign the selected doublers | |
| for (var i = 0; i < k; i++) { | |
| muls[0].a[i] <== doublers[powerIndices[0] - 1].out[i]; | |
| ... |
🤖 Prompt for AI Agents
In circuits/circuits/utils/crypto/signature/FpPowMod.circom around lines
106-124, add static validation that each hard-coded power index in the returned
arrays is within the exponent bit-length returned by
getExponentBits(signatureAlgorithm) (and > 0) to prevent
doublers[powerIndices[i]-1] from indexing out of range at compile time; after
selecting the array, call getExponentBits(signatureAlgorithm) and assert for
each index that 1 <= index <= exponent_bits (fail early with assert if not), so
the table is tied to exponent_bits and any mismatch is detected during
compilation.
Comment on lines
+126
to
+187
|
|
||
| template FpPowGenericMod(n, k, signatureAlgorithm) { | ||
| signal input base[k]; | ||
| signal input modulus[k]; | ||
| signal output out[k]; | ||
|
|
||
| var exponent_bits = getExponentBits(signatureAlgorithm); | ||
|
|
||
| component doublers[exponent_bits - 1]; | ||
| for (var i = 0; i < exponent_bits - 1; i++) { | ||
| doublers[i] = FpMul(n, k); | ||
| } | ||
|
|
||
| var powerIndicesLength = getPowerIndicesLength(signatureAlgorithm); | ||
| component muls[powerIndicesLength]; | ||
| for (var i = 0; i < powerIndicesLength; i++) { | ||
| muls[i] = FpMul(n, k); | ||
| } | ||
|
|
||
| for (var j = 0; j < k; j++) { | ||
| for (var i = 0; i < exponent_bits - 1; i++) { | ||
| doublers[i].p[j] <== modulus[j]; | ||
| } | ||
| for (var i = 0; i < powerIndicesLength; i++) { | ||
| muls[i].p[j] <== modulus[j]; | ||
| } | ||
| } | ||
|
|
||
| for (var j = 0; j < k; j++) { | ||
| doublers[0].a[j] <== base[j]; | ||
| doublers[0].b[j] <== base[j]; | ||
| } | ||
|
|
||
| for (var i = 0; i < exponent_bits - 2; i++) { | ||
| for (var j = 0; j < k; j++) { | ||
| doublers[i+1].a[j] <== doublers[i].out[j]; | ||
| doublers[i+1].b[j] <== doublers[i].out[j]; | ||
| } | ||
| } | ||
|
|
||
| var powerIndices[powerIndicesLength] = getPowerIndices(signatureAlgorithm); | ||
| for (var i = 0; i < k; i++) { | ||
| muls[0].a[i] <== doublers[powerIndices[0] - 1].out[i]; | ||
| muls[0].b[i] <== doublers[powerIndices[1] - 1].out[i]; | ||
| } | ||
|
|
||
| for (var i = 1; i < powerIndicesLength - 1; i++) { | ||
| for (var j = 0; j < k; j++) { | ||
| muls[i].a[j] <== muls[i - 1].out[j]; | ||
| muls[i].b[j] <== doublers[powerIndices[i + 1] - 1].out[j]; | ||
| } | ||
| } | ||
|
|
||
| for (var i = 0; i < k; i++) { | ||
| muls[powerIndicesLength - 1].a[i] <== muls[powerIndicesLength - 2].out[i]; | ||
| muls[powerIndicesLength - 1].b[i] <== base[i]; | ||
| } | ||
|
|
||
| // Output | ||
| for (var j = 0; j < k; j++) { | ||
| out[j] <== muls[powerIndicesLength - 1].out[j]; | ||
| } |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Generic pow mod: add minimal guards and document odd-exponent assumption
The construction assumes an odd exponent (final multiply by base). It also relies on powerIndicesLength ≥ 2.
Add guards and a brief note:
template FpPowGenericMod(n, k, signatureAlgorithm) {
...
var exponent_bits = getExponentBits(signatureAlgorithm);
+ // Guard: needs at least one square
+ assert(exponent_bits >= 2);
component doublers[exponent_bits - 1];
...
var powerIndicesLength = getPowerIndicesLength(signatureAlgorithm);
+ // Guard: tables list ≥2 powers; we multiply them then by base (LSB=1)
+ assert(powerIndicesLength >= 2);
var powerIndices[powerIndicesLength] = getPowerIndices(signatureAlgorithm);
+ // Note: exponent is 1 + Σ(2^powerIndices[i]); only valid for odd exponents
+ // (all RSA e in use here are odd).
...
}To double-check the tables encode the intended exponents, run:
🏁 Script executed:
#!/bin/bash
python - << 'PY'
import re, pathlib
p = pathlib.Path("circuits/circuits/utils/crypto/signature/FpPowMod.circom")
s = p.read_text()
cases = {47:64321,48:130689,49:122125,50:107903,51:56611}
for a in cases:
m = re.search(rf'if\s*\(signatureAlgorithm\s*==\s*{a}\)\s*{{\s*return\s*\[([^\]]+)\];', s)
nums = [int(x.strip()) for x in m.group(1).split(',')]
val = 1 + sum(1<<i for i in nums)
print(a, val, "OK" if val==cases[a] else f"Mismatch expected {cases[a]}")
PYLength of output: 73
Add guards for exponent_bits and powerIndicesLength, document odd-exponent assumption
The FpPowGenericMod template assumes exponent_bits ≥ 2 (at least one squaring) and powerIndicesLength ≥ 2, and only supports odd exponents (1 + Σ2^powerIndices[i]). Add these assertions and a clarifying comment:
--- a/circuits/utils/crypto/signature/FpPowMod.circom
+++ b/circuits/utils/crypto/signature/FpPowMod.circom
@@ template FpPowGenericMod(n, k, signatureAlgorithm) {
var exponent_bits = getExponentBits(signatureAlgorithm);
+ // Guard: needs at least one squaring step
+ assert(exponent_bits >= 2);
component doublers[exponent_bits - 1];
@@
var powerIndicesLength = getPowerIndicesLength(signatureAlgorithm);
+ // Guard: must list ≥2 powers since we multiply then final-by-base
+ assert(powerIndicesLength >= 2);
var powerIndices[powerIndicesLength] = getPowerIndices(signatureAlgorithm);
+ // Note: exponent = 1 + Σ(2^powerIndices[i]); only valid for odd exponents📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| template FpPowGenericMod(n, k, signatureAlgorithm) { | |
| signal input base[k]; | |
| signal input modulus[k]; | |
| signal output out[k]; | |
| var exponent_bits = getExponentBits(signatureAlgorithm); | |
| component doublers[exponent_bits - 1]; | |
| for (var i = 0; i < exponent_bits - 1; i++) { | |
| doublers[i] = FpMul(n, k); | |
| } | |
| var powerIndicesLength = getPowerIndicesLength(signatureAlgorithm); | |
| component muls[powerIndicesLength]; | |
| for (var i = 0; i < powerIndicesLength; i++) { | |
| muls[i] = FpMul(n, k); | |
| } | |
| for (var j = 0; j < k; j++) { | |
| for (var i = 0; i < exponent_bits - 1; i++) { | |
| doublers[i].p[j] <== modulus[j]; | |
| } | |
| for (var i = 0; i < powerIndicesLength; i++) { | |
| muls[i].p[j] <== modulus[j]; | |
| } | |
| } | |
| for (var j = 0; j < k; j++) { | |
| doublers[0].a[j] <== base[j]; | |
| doublers[0].b[j] <== base[j]; | |
| } | |
| for (var i = 0; i < exponent_bits - 2; i++) { | |
| for (var j = 0; j < k; j++) { | |
| doublers[i+1].a[j] <== doublers[i].out[j]; | |
| doublers[i+1].b[j] <== doublers[i].out[j]; | |
| } | |
| } | |
| var powerIndices[powerIndicesLength] = getPowerIndices(signatureAlgorithm); | |
| for (var i = 0; i < k; i++) { | |
| muls[0].a[i] <== doublers[powerIndices[0] - 1].out[i]; | |
| muls[0].b[i] <== doublers[powerIndices[1] - 1].out[i]; | |
| } | |
| for (var i = 1; i < powerIndicesLength - 1; i++) { | |
| for (var j = 0; j < k; j++) { | |
| muls[i].a[j] <== muls[i - 1].out[j]; | |
| muls[i].b[j] <== doublers[powerIndices[i + 1] - 1].out[j]; | |
| } | |
| } | |
| for (var i = 0; i < k; i++) { | |
| muls[powerIndicesLength - 1].a[i] <== muls[powerIndicesLength - 2].out[i]; | |
| muls[powerIndicesLength - 1].b[i] <== base[i]; | |
| } | |
| // Output | |
| for (var j = 0; j < k; j++) { | |
| out[j] <== muls[powerIndicesLength - 1].out[j]; | |
| } | |
| } | |
| template FpPowGenericMod(n, k, signatureAlgorithm) { | |
| signal input base[k]; | |
| signal input modulus[k]; | |
| signal output out[k]; | |
| var exponent_bits = getExponentBits(signatureAlgorithm); | |
| // Guard: needs at least one squaring step | |
| assert(exponent_bits >= 2); | |
| component doublers[exponent_bits - 1]; | |
| for (var i = 0; i < exponent_bits - 1; i++) { | |
| doublers[i] = FpMul(n, k); | |
| } | |
| var powerIndicesLength = getPowerIndicesLength(signatureAlgorithm); | |
| // Guard: must list ≥2 powers since we multiply then final-by-base | |
| assert(powerIndicesLength >= 2); | |
| component muls[powerIndicesLength]; | |
| for (var i = 0; i < powerIndicesLength; i++) { | |
| muls[i] = FpMul(n, k); | |
| } | |
| for (var j = 0; j < k; j++) { | |
| for (var i = 0; i < exponent_bits - 1; i++) { | |
| doublers[i].p[j] <== modulus[j]; | |
| } | |
| for (var i = 0; i < powerIndicesLength; i++) { | |
| muls[i].p[j] <== modulus[j]; | |
| } | |
| } | |
| for (var j = 0; j < k; j++) { | |
| doublers[0].a[j] <== base[j]; | |
| doublers[0].b[j] <== base[j]; | |
| } | |
| for (var i = 0; i < exponent_bits - 2; i++) { | |
| for (var j = 0; j < k; j++) { | |
| doublers[i+1].a[j] <== doublers[i].out[j]; | |
| doublers[i+1].b[j] <== doublers[i].out[j]; | |
| } | |
| } | |
| var powerIndices[powerIndicesLength] = getPowerIndices(signatureAlgorithm); | |
| // Note: exponent = 1 + Σ(2^powerIndices[i]); only valid for odd exponents | |
| for (var i = 0; i < k; i++) { | |
| muls[0].a[i] <== doublers[powerIndices[0] - 1].out[i]; | |
| muls[0].b[i] <== doublers[powerIndices[1] - 1].out[i]; | |
| } | |
| for (var i = 1; i < powerIndicesLength - 1; i++) { | |
| for (var j = 0; j < k; j++) { | |
| muls[i].a[j] <== muls[i - 1].out[j]; | |
| muls[i].b[j] <== doublers[powerIndices[i + 1] - 1].out[j]; | |
| } | |
| } | |
| for (var i = 0; i < k; i++) { | |
| muls[powerIndicesLength - 1].a[i] <== muls[powerIndicesLength - 2].out[i]; | |
| muls[powerIndicesLength - 1].b[i] <== base[i]; | |
| } | |
| // Output | |
| for (var j = 0; j < k; j++) { | |
| out[j] <== muls[powerIndicesLength - 1].out[j]; | |
| } | |
| } |
Comment on lines
+16
to
+21
| template VerifyRsaGenericPkcs1v1_5(CHUNK_SIZE, CHUNK_NUMBER, HASH_SIZE, signatureAlgorithm) { | ||
| signal input signature[CHUNK_NUMBER]; | ||
| signal input modulus[CHUNK_NUMBER]; | ||
|
|
||
| signal input message[CHUNK_NUMBER]; | ||
|
|
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Ensure these inputs are public at the top level (security property of the proof)
This template relies on assertions only. If signature, modulus, and the hashed message are not exposed as public inputs by the parent circuit, verifiers won’t be binding to them. Please confirm the caller circuit marks them public.
🏁 Script executed:
#!/bin/bash
# Find call sites and check whether these signals are routed to public inputs in top-level circuits.
rg -nP -C3 'VerifyRsaGenericPkcs1v1_5\s*\(' circuits
rg -nP -C5 'signal\s+input.*public|component\s+.*VerifyRsaGenericPkcs1v1_5' circuits | sed -n '1,200p'Length of output: 6314
Make RSA inputs public in signatureVerifier.circom
Signature, modulus and message are wired into VerifyRsaGenericPkcs1v1_5 but aren’t declared as public top-level signals, so verifiers can’t bind them. In circuits/utils/passport/signatureVerifier.circom, change their declarations to:
public signal input signature[n];
public signal input modulus[n];
public signal input message[n];
🤖 Prompt for AI Agents
circuits/circuits/utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circom
around lines 16-21: the signature, modulus and message arrays are currently
declared as private inputs and thus cannot be bound by external verifiers;
update their top-level declarations in
circuits/utils/passport/signatureVerifier.circom to be public signal inputs
(i.e., make signature, modulus and message public) so verifiers can bind them,
keeping the same array sizes.
Comment on lines
+22
to
+27
| // 1. Add padding to the hashed message | ||
| component padder = Pkcs1v1_5Padding(CHUNK_SIZE, CHUNK_NUMBER, HASH_SIZE); | ||
| for (var i = 0; i < CHUNK_NUMBER; i++) { | ||
| padder.modulus[i] <== modulus[i]; | ||
| padder.message[i] <== message[i]; | ||
| } |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Confirm PKCS#1 v1.5 padding selects the correct DigestInfo OID (HASH_SIZE alone may be ambiguous)
Pkcs1v1_5Padding receives only HASH_SIZE. If it maps OIDs solely by bit length, families with the same length (e.g., SHA-256 vs SHA3-256) could be misinterpreted. Either pass an explicit hash algorithm ID/OID or ensure the padder rejects unsupported combos and is locked to the intended set (SHA-1/256/384/512).
🏁 Script executed:
#!/bin/bash
# Inspect padder to ensure OID selection and message bit-bound enforcement.
rg -nP -C3 'template\s+Pkcs1v1_5Padding\(' circuits
rg -nP -C3 'DigestInfo|OID|sha1|sha256|sha384|sha512|HASH_SIZE' circuits/circuits/utils/crypto/signature/rsa/pkcs1v1_5Padding.circomLength of output: 5264
Require explicit hash algorithm or assert supported HASH_SIZE
getOID/getOIDSize currently map OIDs solely by HASH_SIZE, so a 256-bit input (e.g. SHA3-256) would wrongly select the SHA-2-256 OID. Either extend Pkcs1v1_5Padding to take an explicit hash-algorithm/OID parameter or add a compile-time/assertion guard enforcing HASH_SIZE ∈ {160, 224, 256, 384, 512} to prevent silent mis-selection.
🤖 Prompt for AI Agents
In circuits/circuits/utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circom
around lines 22 to 27, the padding component currently infers the hash OID only
from HASH_SIZE which can mis-select OIDs for different hash families (e.g.
SHA3-256 vs SHA-2-256); update the invocation and/or component to avoid silent
mis-selection: either (A) extend Pkcs1v1_5Padding to accept an explicit hash
identifier/OID parameter and pass the correct OID/enum when instantiating
padder, updating all call sites and internal mapping to use that parameter, or
(B) add a compile-time/assertion guard inside this file before instantiating
padder that asserts HASH_SIZE is one of the supported sizes
{160,224,256,384,512} so unsupported hash sizes fail compilation; implement one
of these fixes and update related comments and tests accordingly.
Comment on lines
+29
to
+39
| // 2. Check that the signature is in proper form and reduced mod modulus. | ||
| component signatureRangeCheck[CHUNK_NUMBER]; | ||
| component bigLessThan = BigLessThan(CHUNK_SIZE, CHUNK_NUMBER); | ||
| for (var i = 0; i < CHUNK_NUMBER; i++) { | ||
| signatureRangeCheck[i] = Num2Bits(CHUNK_SIZE); | ||
| signatureRangeCheck[i].in <== signature[i]; | ||
| bigLessThan.a[i] <== signature[i]; | ||
| bigLessThan.b[i] <== modulus[i]; | ||
| } | ||
| bigLessThan.out === 1; | ||
|
|
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Critical: Missing modulus limb range-checks can break BigLessThan and modexp assumptions
Only signature[i] is constrained via Num2Bits(CHUNK_SIZE). If any modulus[i] ≥ 2^CHUNK_SIZE, the limb-based compare (BigLessThan) and the modular reduction inside FpPowGenericMod can be unsound, enabling invalid signatures to satisfy constraints. Constrain every modulus limb to CHUNK_SIZE bits (or prove it’s already enforced inside FpPowGenericMod; see verification script below).
Apply this diff near the existing signature range-check loop:
// 2. Check that the signature is in proper form and reduced mod modulus.
component signatureRangeCheck[CHUNK_NUMBER];
+ // Ensure modulus is also canonically limb-bounded to CHUNK_SIZE bits.
+ component modulusRangeCheck[CHUNK_NUMBER];
component bigLessThan = BigLessThan(CHUNK_SIZE, CHUNK_NUMBER);
for (var i = 0; i < CHUNK_NUMBER; i++) {
signatureRangeCheck[i] = Num2Bits(CHUNK_SIZE);
signatureRangeCheck[i].in <== signature[i];
+ modulusRangeCheck[i] = Num2Bits(CHUNK_SIZE);
+ modulusRangeCheck[i].in <== modulus[i];
bigLessThan.a[i] <== signature[i];
bigLessThan.b[i] <== modulus[i];
}🏁 Script executed:
#!/bin/bash
# Verify whether modulus limb range-checks already exist inside FpPowGenericMod.
# If present, the added checks above may be redundant; otherwise they are required.
rg -nP -C3 'template\s+FpPowGenericMod\(' circuits | sed -n '1,200p'
rg -nP -C2 '\bNum2Bits\s*\(\s*CHUNK_SIZE\s*\)' circuits/circuits/utils/crypto/signature/FpPowMod.circom
rg -nP -C2 '\bmodulus\b.*<==|\bmodulus\[[^\]]+\]' circuits/circuits/utils/crypto/signature/FpPowMod.circomLength of output: 1929
Enforce CHUNK_SIZE bit-range on modulus limbs
Add a modulusRangeCheck[CHUNK_NUMBER] with Num2Bits(CHUNK_SIZE) for each modulus[i] in the existing loop in circuits/circuits/utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circom (lines 29–39) to guarantee limbs < 2^CHUNK_SIZE and maintain the soundness of BigLessThan and FpPowGenericMod.
There was a problem hiding this comment.
Actionable comments posted: 6
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
circuits/circuits/utils/passport/passportVerifier.circom (2)
31-41: Add missing compile-time guards for new max lengths.With increased signed-attr/eContent sizes, enforce SHA block alignment and the comparator bit-width constraints.
assert(MAX_ECONTENT_PADDED_LEN % 64 == 0); + assert(MAX_SIGNED_ATTR_PADDED_LEN % 64 == 0); + // Ensure sizes fit the 16-bit range checks below. Bump if you increase caps again. + assert(MAX_ECONTENT_PADDED_LEN < (1 << 16)); + assert(MAX_SIGNED_ATTR_PADDED_LEN < (1 << 16));
52-66: 12-bit range checks will overflow with larger inputs; upgrade to 16-bit and bound dynamic lengths.Current Num2Bits/LessEqThan(12) can underconstrain when lengths exceed 4095. Also, dynamic padded lengths aren’t range-checked or enforced to be multiples of 64 bytes.
- // Assert `dg1_hash_offset` fits in 2^12 - component is_dg1_hash_offset_valid = Num2Bits(12); + // Assert `dg1_hash_offset` fits in 2^16 + component is_dg1_hash_offset_valid = Num2Bits(16); is_dg1_hash_offset_valid.in <== dg1_hash_offset; - // Assert `signed_attr_econtent_hash_offset` fits in 2^12 - component is_signed_attr_econtent_hash_offset_valid = Num2Bits(12); + // Assert `signed_attr_econtent_hash_offset` fits in 2^16 + component is_signed_attr_econtent_hash_offset_valid = Num2Bits(16); is_signed_attr_econtent_hash_offset_valid.in <== signed_attr_econtent_hash_offset; - // check offsets refer to valid ranges - signal dg1OffsetInRange <== LessEqThan(12)([dg1_hash_offset + DG_HASH_ALGO_BYTES, eContent_padded_length]); + // Bound dynamic padded lengths to 16 bits and enforce 64-byte alignment (SHA padding) + component eContentLenBits = Num2Bits(16); + eContentLenBits.in <== eContent_padded_length; + component signedAttrLenBits = Num2Bits(16); + signedAttrLenBits.in <== signed_attr_padded_length; + for (var i2 = 0; i2 < 6; i2++) { + eContentLenBits.out[i2] === 0; + signedAttrLenBits.out[i2] === 0; + } + + // check offsets refer to valid ranges (16-bit domain) + signal dg1OffsetInRange <== LessEqThan(16)([dg1_hash_offset + DG_HASH_ALGO_BYTES, eContent_padded_length]); dg1OffsetInRange === 1; - signal signedAttrOffsetInRange <== LessEqThan(12)([signed_attr_econtent_hash_offset + ECONTENT_HASH_ALGO_BYTES, signed_attr_padded_length]); + signal signedAttrOffsetInRange <== LessEqThan(16)([signed_attr_econtent_hash_offset + ECONTENT_HASH_ALGO_BYTES, signed_attr_padded_length]); signedAttrOffsetInRange === 1;Note: If you keep 12-bit checks, add compile-time asserts that both MAX_* values are < 4096; otherwise constraints are unsound.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (4)
circuits/circuits/utils/passport/passportVerifier.circom(1 hunks)circuits/tests/register/test_cases.ts(1 hunks)circuits/tests/register_id/test_cases.ts(1 hunks)common/src/utils/passports/passport.ts(1 hunks)
🧰 Additional context used
📓 Path-based instructions (3)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)
**/*.{ts,tsx}: Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')
Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)
Files:
common/src/utils/passports/passport.tscircuits/tests/register/test_cases.tscircuits/tests/register_id/test_cases.ts
common/src/**/*.{ts,tsx,js,jsx}
⚙️ CodeRabbit configuration file
common/src/**/*.{ts,tsx,js,jsx}: Review shared utilities for:
- Reusability and modular design
- Type safety and error handling
- Side-effect management
- Documentation and naming clarity
Files:
common/src/utils/passports/passport.ts
circuits/**/*.circom
⚙️ CodeRabbit configuration file
circuits/**/*.circom: Review ZK circuit code for:
- Circuit correctness and completeness
- Constraint efficiency
- Input validation
- Security considerations for zero-knowledge proofs
Files:
circuits/circuits/utils/passport/passportVerifier.circom
🧠 Learnings (4)
📓 Common learnings
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to circuits/circuits/dsc/dsc.circom : DSC proof circuit must support signature algorithms RSA-2048 and ECDSA-P256
📚 Learning: 2025-08-24T18:52:25.796Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to contracts/contracts/IdentityVerificationHubImplV2.sol : Identity Verification Hub: manage multi-step verification for passports and EU ID cards, handle document attestation via ZK proofs, and implement E-PASSPORT and EU_ID_CARD paths in IdentityVerificationHubImplV2.sol
Applied to files:
circuits/circuits/utils/passport/passportVerifier.circom
📚 Learning: 2025-08-24T18:52:25.796Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to noir/crates/dg1/src/dg1/dg1.nr : Document verification processing using ICAO standards and DSC verification with multiple signature algorithms in dg1.nr
Applied to files:
circuits/circuits/utils/passport/passportVerifier.circom
📚 Learning: 2025-08-24T18:55:07.940Z
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to **/*.{ts,tsx} : Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Applied to files:
circuits/tests/register/test_cases.ts
🧬 Code graph analysis (2)
circuits/tests/register/test_cases.ts (1)
common/src/constants/constants.ts (1)
SignatureAlgorithmIndex(23-30)
circuits/tests/register_id/test_cases.ts (3)
common/src/constants/constants.ts (1)
SignatureAlgorithmIndex(23-30)common/src/utils/generateInputs.ts (2)
generateCircuitInputsRegister(30-133)alg(56-56)common/src/utils/shaPad.ts (1)
shaPad(3-9)
⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: build-android
- GitHub Check: build-ios
🔇 Additional comments (10)
common/src/utils/passports/passport.ts (1)
36-52: Remove Node Buffer usage and harden ASN.1 validation for RN/browser safety.
Bufferis not guaranteed in RN/web bundles; relying on it will crash without a polyfill. Also, the DER validation only counts elements, not tags. Use forge’s ByteBuffer and assert SEQUENCE/INTEGER tags to avoid parsing malformed signatures.
[Suggest_essential_refactor]
Apply:export function extractRSFromSignature(signatureBytes: number[]): { r: string; s: string } { - const derSignature = Buffer.from(signatureBytes).toString('binary'); - const asn1 = forge.asn1.fromDer(derSignature); - const signatureAsn1 = asn1.value; - - if (signatureAsn1.length !== 2) { - throw new Error('Invalid signature format'); - } - - if (!Array.isArray(asn1.value) || asn1.value.length !== 2) { - throw new Error('Invalid signature format'); - } - const r = forge.util.createBuffer(asn1.value[0].value as string).toHex(); - const s = forge.util.createBuffer(asn1.value[1].value as string).toHex(); + const bb = forge.util.createBuffer(new Uint8Array(signatureBytes)); + const asn1 = forge.asn1.fromDer(bb); + // Structural checks: SEQUENCE of two INTEGERs + if ( + asn1.tagClass !== forge.asn1.Class.UNIVERSAL || + asn1.type !== forge.asn1.Type.SEQUENCE || + !Array.isArray(asn1.value) || + asn1.value.length !== 2 + ) { + throw new Error('Invalid ECDSA DER signature: expected SEQUENCE(r,s)'); + } + const [rNode, sNode] = asn1.value as any[]; + if (rNode.type !== forge.asn1.Type.INTEGER || sNode.type !== forge.asn1.Type.INTEGER) { + throw new Error('Invalid ECDSA DER signature: r/s not INTEGER'); + } + const r = forge.util.createBuffer(rNode.value as string).toHex(); + const s = forge.util.createBuffer(sNode.value as string).toHex(); return { r, s }; }If you must keep
Bufferelsewhere, ensure a global polyfill is set up in RN (entrypoint):import { Buffer } from 'buffer'; (global as any).Buffer = (global as any).Buffer || Buffer;.circuits/tests/register/test_cases.ts (1)
21-121: No action needed.Large commented matrices can live here temporarily while wiring RSA coverage; prefer data-driven generation later, but not blocking this PR.
circuits/tests/register_id/test_cases.ts (8)
37-44: LGTM: ECDSA P-256 + SHA-256 is within supported combinations.This aligns with our supportedAlgorithms and baseline circuit coverage.
45-52: RSA e=3 with 4096-bit modulus: verify circuit sizing and small-exponent handling.Supporting e=3 at 4096 may require distinct precomputation and padding checks (PKCS#1 v1.5) in the new generic verifier. If the register_id circuit isn’t compiled for 4096, this will fail.
If unsupported, remove from sigAlgs:
- { - dgHashAlgo: 'sha256', - eContentHashAlgo: 'sha256', - hashFunction: 'sha256', - sigAlg: 'rsa', - domainParameter: '3', - keyLength: '4096', - },
59-60: Bumping RSA 65537 to 4096 bits may outsize current register_id circuits.Ensure the register_id circuit and witness generator were rebuilt for 4096-bit RSA inputs (n_dsc/k_dsc, padding length, and big-int limb widths). Otherwise, keep a 2048-bit variant in sigAlgs and move 4096 to fullSigAlgs.
61-68: RSAPSS with e=3: confirm exponent generalization and PSS params are plumbed.If the PSS circuit assumes e=65537 (common), e=3 will fail. Validate that exponent is fully generic in the new circuits and correctly passed through in test harness.
69-76: LGTM: RSAPSS 65537/2048 with SHA-256 matches supported combinations.Assuming PSS salt defaults are consistent across generator and circuit, this case should pass.
77-84: RSAPSS 65537/3072: verify 3072-bit support end-to-end.Confirm limb sizing and padding bounds for 3072 are compiled into the register_id circuit. If not, move to fullSigAlgs.
29-36: The scripts are running; I’ll review the outputs to confirm whetherbrainpoolP256r1is supported by the register_id circuits and update the comment accordingly.
85-93: saltLength wiring is correct
The register_id tests passsaltLengthinto the generatedsignatureType(circuits/tests/register_id/register_id.test.ts) and the circuit loader uses that value to pick the RSAPSS subcircuit via circuitsName (common/src/utils/circuits/circuitsName.ts). No changes needed.
Comment on lines
93
to
94
| // SignatureVerifier(signatureAlgorithm, n, k)(signedAttrShaBits, pubKey_dsc, signature_passport); | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Signature verification is disabled — this breaks the security guarantees of the passport flow.
Re-enable signature verification and align the chunk count with the scaled key length to avoid dimension mismatches.
Apply:
- // SignatureVerifier(signatureAlgorithm, n, k)(signedAttrShaBits, pubKey_dsc, signature_passport);
+ SignatureVerifier(signatureAlgorithm, n, kScaled)(signedAttrShaBits, pubKey_dsc, signature_passport);If tests need a no-verify variant, gate it behind a separate test-only template; do not ship production circuits with verification bypassed.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| // SignatureVerifier(signatureAlgorithm, n, k)(signedAttrShaBits, pubKey_dsc, signature_passport); | |
| } | |
| SignatureVerifier(signatureAlgorithm, n, kScaled)(signedAttrShaBits, pubKey_dsc, signature_passport); | |
| } |
🤖 Prompt for AI Agents
In circuits/circuits/utils/passport/passportVerifier.circom around lines 93-94,
signature verification was commented out which disables security; restore the
SignatureVerifier invocation (uncomment and call SignatureVerifier with the
correct parameters) and ensure the chunk count argument matches the scaled
public key length (compute n/k or adjust k so that n divides into the expected
number of chunks used by the verifier) to avoid dimension mismatches; if you
need a no-verify path for tests only, implement a separate test-only template
guarded by a compile-time or test flag rather than leaving verification bypassed
in production.
Comment on lines
13
to
20
| { | ||
| dgHashAlgo: 'sha1', | ||
| eContentHashAlgo: 'sha256', | ||
| hashFunction: 'sha256', | ||
| sigAlg: 'rsa', | ||
| domainParameter: '65537', | ||
| keyLength: '4096', | ||
| }, |
There was a problem hiding this comment.
💡 Verification agent
❓ Verification inconclusive
Confirm 4096-bit RSA support in register_id path (likely unsupported by current generators/circuits).
generateInputs.register only supports rsa/sha1 and rsa/sha256 but doesn’t gate by key size; however the DSC circuit learning indicates baseline support is RSA-2048. Unless the 4096-bit variant is wired into the register_id circuits in this PR, this test will fail at witness generation or constraint sizing. Prefer moving this case to fullSigAlgs (or a gated “extended” set) until 4096 is proven end-to-end.
Apply this removal if you decide to move it out of sigAlgs:
- {
- dgHashAlgo: 'sha1',
- eContentHashAlgo: 'sha256',
- hashFunction: 'sha256',
- sigAlg: 'rsa',
- domainParameter: '65537',
- keyLength: '4096',
- },Optionally add the same object under fullSigAlgs.
Gate 4096-bit RSA in register_id tests
DSC circuits only support RSA-2048 as a baseline, so this 4096-bit case will fail witness generation; move it from the sigAlgs set into fullSigAlgs or otherwise gate it under an “extended” suite.
🤖 Prompt for AI Agents
In circuits/tests/register_id/test_cases.ts around lines 13 to 20, the test case
uses a 4096-bit RSA key which DSC circuits do not support (only RSA-2048
baseline); remove or relocate this 4096-bit entry out of the standard sigAlgs
set and either place it into the fullSigAlgs array or wrap it in an “extended”
test suite gated by a feature flag (or environment var) so it is not executed
with the baseline tests; update any arrays or test-suite selectors accordingly
so baseline runs only include RSA-2048.
Comment on lines
95
to
102
| dgHashAlgo: 'sha512', | ||
| eContentHashAlgo: 'sha512', | ||
| hashFunction: 'sha256', | ||
| sigAlg: 'rsapss', | ||
| domainParameter: '65537', | ||
| keyLength: '2048', | ||
| saltLength: '32', | ||
| }, |
There was a problem hiding this comment.
Mixed-hash vector likely invalid for register_id: eContent/dg SHA-512 but hashFunction SHA-256.
generateCircuitInputsRegister hashes concat(dataGroupHashes) using hashFunction (SHA-256 here) and asserts equality against the tail of eContent using hashLen derived from the certificate. With eContentHashAlgo=sha512, this will mismatch by both value and length. Align the hashes or move this to a suite that does not use that generator.
Align to SHA-256:
- dgHashAlgo: 'sha512',
- eContentHashAlgo: 'sha512',
+ dgHashAlgo: 'sha256',
+ eContentHashAlgo: 'sha256',
hashFunction: 'sha256',
sigAlg: 'rsapss',
domainParameter: '65537',
keyLength: '2048',
saltLength: '32',📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| dgHashAlgo: 'sha512', | |
| eContentHashAlgo: 'sha512', | |
| hashFunction: 'sha256', | |
| sigAlg: 'rsapss', | |
| domainParameter: '65537', | |
| keyLength: '2048', | |
| saltLength: '32', | |
| }, | |
| dgHashAlgo: 'sha256', | |
| eContentHashAlgo: 'sha256', | |
| hashFunction: 'sha256', | |
| sigAlg: 'rsapss', | |
| domainParameter: '65537', | |
| keyLength: '2048', | |
| saltLength: '32', | |
| }, |
🤖 Prompt for AI Agents
In circuits/tests/register_id/test_cases.ts around lines 95 to 102, the test
vector mixes hash algorithms (eContentHashAlgo and dgHashAlgo set to 'sha512'
while hashFunction is 'sha256') which will cause the circuit's
generateCircuitInputsRegister to compute concat(dataGroupHashes) with SHA-256
and fail length/value checks against eContent tail; fix by making the three hash
algorithm fields consistent (set eContentHashAlgo and dgHashAlgo to 'sha256') or
if the intent is to test mixed-hash behavior, move this case to a separate suite
that uses a generator aware of mixed hash algorithms and adjusts expected
lengths accordingly.
| @@ -1,4 +1,4 @@ | |||
| import * as forge from 'node-forge'; | |||
| import forge from 'node-forge'; | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Default import for node-forge can break without esModuleInterop; verify build settings across all targets.
Switching from import * as forge to import forge requires esModuleInterop: true (and typically allowSyntheticDefaultImports: true). Without it, TypeScript or the runtime may resolve forge as undefined, especially in mixed CJS/ESM or React Native bundlers. Confirm tsconfig and avoid import-style drift across files to prevent subtle environment-specific failures.
Run:
If interop isn’t uniformly enabled, prefer reverting to the namespace import for safety in this file:
-import forge from 'node-forge';
+import * as forge from 'node-forge';🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== tsconfig files =="
fd -a 'tsconfig*.json' || true
echo "== esModuleInterop checks =="
rg -nS '"esModuleInterop"\s*:\s*true' tsconfig*.json -C1 || true
rg -nS '"allowSyntheticDefaultImports"\s*:\s*true' tsconfig*.json -C1 || true
echo "== files using default forge import =="
rg -nP "import\\s+forge\\s+from\\s+['\"]node-forge['\"]" common/src -C2 || trueLength of output: 2548
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Checking esModuleInterop and allowSyntheticDefaultImports in all tsconfig*.json files"
for file in $(find . -type f -name 'tsconfig*.json'); do
echo "=== $file ==="
grep -E -n '"esModuleInterop": *true' "$file" || echo " esModuleInterop not enabled"
grep -E -n '"allowSyntheticDefaultImports": *true' "$file" || echo " allowSyntheticDefaultImports not enabled"
doneLength of output: 7079
Replace default imports of node-forge with namespace imports
Several tsconfig files (e.g. sdk/qrcode/tsconfig.cjs.json, circuits/tsconfig.types.json) don’t enable esModuleInterop/allowSyntheticDefaultImports, so using
import forge from 'node-forge';can yield undefined at runtime. Change to:
-import forge from 'node-forge';
+import * as forge from 'node-forge';in common/src/utils/passports/passport.ts (and all other files importing forge) to ensure consistent behavior.
🤖 Prompt for AI Agents
In common/src/utils/passports/passport.ts around lines 1 to 1, the file uses a
default import "import forge from 'node-forge';" which can resolve to undefined
when esModuleInterop/allowSyntheticDefaultImports are disabled; replace this
with a namespace import (e.g., "import * as forge from 'node-forge';") and
update any usages accordingly; apply the same replacement to all other files
that import node-forge to ensure consistent runtime behavior across tsconfig
setups.
Nesopie
had a problem deploying
to
development
GitHub Actions
Failure
Nesopie
had a problem deploying
to
development
GitHub Actions
Failure
remicolin
approved these changes
Sep 1, 2025
|
lgtm |
remicolin
added a commit
that referenced
this pull request
Sep 22, 2025
* SDK Go version (#920) * feat: helper functions and constant for go-sdk * feat: formatRevealedDataPacked in go * chore: refactor * feat: define struct for selfBackendVerifier * feat: verify function for selfBackendVerifier * feat(wip): custom hasher * feat: SelfVerifierBacked in go * test(wip): scope and userContextHash is failing * test: zk proof verified * fix: MockConfigStore getactionId function * chore: refactor * chore: remove abi duplicate files * chore: move configStore to utils * chore: modified VcAndDiscloseProof struct * chore: more review changes * feat: impl DefaultConfig and InMemoryConfigStore * chore: refactor and export functions * fix: module import and README * chore: remove example folder * chore: remove pointers from VerificationConfig * chore: coderabbit review fixes * chore: more coderabbit review fix * chore: add license * fix: convert attestationIdd to int * chore: remove duplicate code --------- Co-authored-by: ayman <[email protected]> * Moving proving Utils to common (#935) * remove react dom * moves proving utils to the common * need to use rn components * fix imports * add proving-utils and dedeuplicate entry configs for esm and cjs. * must wrap in text component * fix metro bundling * fix mock import * fix builds and tests * please save me * solution? * fix test * Move proving inputs to the common package (#937) * create ofactTree type to share * move proving inputs from app to register inputs in common * missed reexport * ok * add some validations as suggested by our ai overlords * Fix mock passport flow (#942) * fix dev screens * add hint * rename * fix path * fix mobile-ci path * fix: extractMRZ (#938) * fix: extractMRZ * yarn nice && yarn types * fix test: remove unused * fix mobile ci * add script --------- Co-authored-by: Justin Hernandez <[email protected]> * Move Proving attest and cose (#950) * moved attest and cose utils to common with cursor converted tests in common to use vitest and converted coseVerify.test to vitest after moving from app to common what does cryptoLoader do? * moved away * get buff Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * SELF-253 feat: add user email feedback (#889) * feat: add sentry feedback * add sentry feedback to web * feat: add custom feedback modal & fix freeze on IOS * yarn nice * update lock * feat: show feedback widget on NFC scan issues (#948) * feat: show feedback widget on NFC scan issues * fix ref * clean up * fix report issue screen * abstract send user feedback email logic * fixes * change text to Report Issue * sanitize email and track event messge * remove unnecessary sanitization * add sanitize error message tests * fix tests * save wip. almost done * fix screen test * fix screen test * remove non working test --------- Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> * chore: centralize license header checks (#952) * chore: centralize license header scripts * chore: run license header checks from root * add header to other files * add header to bundle * add migration script and update check license headers * convert license to mobile sdk * migrate license headers * remove headers from common; convert remaining * fix headers * add license header checks * update unsupported passport screen (#953) * update unsupported passport screen * yarn nice * Migrate Analytics (#951) * setup analytics adapter for self mobile sdk client and use in app * wrap for context * fix build * yarn types is an alias for build when build just compiles ts * ok unlock * deeper * ok this looks to work * fix license check * make sure it starts with this line * someone didnt commit * fix double analytics bug and builds * lint * Read document catalog from selfClient (#936) * [SELF-676] feat: upgrade React Native from 0.75.4 to 0.76.9 (#943) * chore: upgrade build tooling to Node 22 and AGP 8.6 * chore: upgrade react-native to 0.76.9 * update lock files and formatting * fix path * fix: handle hermes-engine cache mismatch in CI after React Native upgrade - Add fallback logic to run 'pod update hermes-engine' when pod install fails - This resolves CocoaPods cache issues that occur after React Native version upgrades - Fixes CI pipeline failures on codex/update-core-tooling-for-react-native-upgrade branch * fix: improve hermes-engine cache handling in CI - Preemptively clear CocoaPods cache before pod install - This prevents dependency analysis failures that occur when cached podspecs conflict - Addresses the root cause: cache conflicts during 'Analyzing dependencies' phase - Keeps fallback logic for additional safety * fix: handle hermes-engine cache in mobile-bundle-analysis workflow - Add pod-install-with-cache-fix.sh script to handle hermes-engine cache conflicts - Update install-app:setup script to use the new cache fix approach - This fixes the mobile-bundle-analysis.yml workflow failures after React Native upgrade - Proactively clears CocoaPods cache and has fallback for hermes-engine updates * formatting * fix: robust hermes-engine cache handling in CI workflows - Apply comprehensive cache clearing to mobile-ci.yml and mobile-e2e.yml - Pre-emptively run 'pod update hermes-engine' before pod install - Clear multiple cache locations to handle CI environment differences - This prevents 'hermes-engine differs from Pods/Local Podspecs' errors - Fixes all workflows affected by React Native 0.76.9 upgrade cache issues * fixes * clean up * update lock files * fix tests * sort * fixes * fix ci * fix deployment target * android fixes * upgrade fix * fixes * fix: streamline mobile CI build and caching (#946) * fix: streamline mobile CI build and caching * Enable mobile E2E tests on codex/fix-mobile-ci-workflow-errors branch * test * simplify and fix path * workflow fixes * fix loading on 0.76.9 * clean up unnecessary comments * fix readme * finalize upgrade to 0.76.9 * fix android build and upgrade * fix bundler caching * download cli to fix "yarn start" issues * fix cli build erorr * fix script path * better path * abstract build step to prevent race condition * fixes * better cache * fix corepack build error * update lock * update lock * add yarn cache to workflows * fix test building * ci caching improvements * fix common type check * fix common ci * better mobile sdk alpha building logic * chore: speed up mobile e2e workflow (#962) * chore: speed up mobile e2e workflow * chore: disable android e2e job * chore: speed up ios build * fix: bundle js for ios debug build * fix e2e * fix mobile ci (#964) * feat: improve mixpanel flush strategy (#960) * feat: improve mixpanel flush strategy * fixes * fix build * update lock * refactor methods * conslidate calls * update package and lock * refactor: remove namespace imports (#969) * refactor: remove namespace imports * refactor: use named fs imports * refactor(app): replace path and fs namespace imports * format * format * Mixpanel tweaks (#971) * udpates * fox * update license * Add DSC parsing check (#836) * Handle missing dsc parsed * nice * fix test * throw * fix * chore(app): upgrade dependencies (#968) * chore(app): upgrade dependencies * update package * update lock files * fixes * lock * fix * Auth Adapter + (#958) * basic auth adapater * remove SelfMobileSDk, this was another architecture which the adapter patern replaced * rename to avoid confusion with client.test.ts * basic auth adapater * remove SelfMobileSDk, this was another architecture which the adapter patern replaced * rename to avoid confusion with client.test.ts * self * fix * remove prototypes * make sure its mounted * fix tests * fmt * require required adapters * fix types * not a partial * adds missing exports * fix missing data * Fix nfc configuration scanning issue (#978) * fix nfc scanning on ios and android * save test * fix tests * fix lint * Chore fix ios nfc scanning and compiling (#979) * fixes * silence error * fix debugge * fix nfc scanning * lint and pipeline fixes * large runner (#980) * chore: update to macos latest large runner (#981) * bump up to macos-latest-large * fix ci * Move loadSelectedDocument to SDK (#967) Co-authored-by: Aaron DeRuvo <[email protected]> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * docs: update mobile SDK migration progress (#982) * docs: record app integration progress * docs: consolidate mobile SDK migration tracking * docs: humanize migration tracking and merge prompts * docs: add common consolidation tasks * docs: reprioritize migration tasks * docs: soften migration plan tone * docs: detail agent prompts with file paths * docs: catalog Linear tasks for SDK * updates * remove artifact management * moves validateDocument functions into the common package. (#977) * moves validateDocument functions into the common package. * fix build issues and lint * handle bad connections better in nullifiier * add an abort controler to nullifer fetcher, ignore fals positives * import types separately * take it as an arg * chore: update yarn.lock * chore(app): resolve lint warnings (#990) * chore(app): resolve lint warnings * update lock * clean up any types * fix types * feedback from cr * [SELF-703] feat: Migrate mock generator to mobile sdk (#992) * feat: expose mock generator * formatting * fix tests and lint * rename passport to document * fix types * [SELF-698] scaffold mobile sdk demo app (#993) * chore: scaffold mobile sdk demo app * test: cover demo app menu * prettier and types * sort * add android app foundation * fix android loading * get ios app running * update script * cr feedback * disable fabric * fixes * fixes * fix * SELF-702: Refactor navigation structure and dev utilities (#994) * Refactor navigation and dev screens * refactor: rename passport screens to document * fixes * add missing header * fixes * type files * feat: clarify proof verification analytics (#996) * feat: increase sha256 byte size and add new rsa circuits (#986) * feat: increase sha256 byte size and add new rsa circuits * feat: modularise the rsa fp pow mod * chore: comment signature verifier for testing * fix: sha256_sha256_sha224_ecdsa_secp224r1 * lint * chore: implement google play suggestions (#997) * google play suggestions * update gitguardian ignore * remove unused * chore: address yarn lock issues (#1004) * address yarn lock issues * fix postinstall * skip postinstall for ci (#1005) * [SELF-654] feat: add native modules (#919) * feat: add ios native modules * fix: extractMRZ * Add android OCR native module * wire native mrz module with adapter * wire Native modules and fix tests * fixes * fix license header logic * fix tests * fix types * fix: ci test * fix: android build ci * fix: ios build CI * add podfile.lock * add yarn.lock * update lock files * add yarn.lock * add license * order methods * update lock * pipeline fixes * prettier * update lock file * fix native modules on external apps * bundle @selfxyz/common into mobile-sdk-alpha * chore: address yarn lock issues (#1004) * address yarn lock issues * fix postinstall * update lock * fix build issues * fix pipeline issue * fix ci * fix bad merge * fix android ci * fix ci errors * fix mobile sdk ci. stop gap fix for now until we create a package * tweaks * retry aapt2 approach * use ^0.8.4 instead of ^0.8.0 due to the use of custom errors * workflow fixes * fix file * update * fix ci * test ci fix * fix test --------- Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> * chore: update dev with staging 09/06/25 (#1007) * update CI * bump iOS version * update readme * update mobile-deploy ci * bump version iOS * update workflow to use workload identity federation (#933) * update workflow to use workload identity federation * add token permissions * correct provider name * chore: incrementing android build version for version 2.6.4 [github action] --------- Co-authored-by: Self GitHub Actions <[email protected]> * update ci * update ci * update ci * update ci * update ci * fix ci * fix ci * fix ci * remove fastlane use for android * bump iOS build version * update CI python script * iterate on CI * iterate on CI * iterate on CI * Dev (#941) * SDK Go version (#920) * feat: helper functions and constant for go-sdk * feat: formatRevealedDataPacked in go * chore: refactor * feat: define struct for selfBackendVerifier * feat: verify function for selfBackendVerifier * feat(wip): custom hasher * feat: SelfVerifierBacked in go * test(wip): scope and userContextHash is failing * test: zk proof verified * fix: MockConfigStore getactionId function * chore: refactor * chore: remove abi duplicate files * chore: move configStore to utils * chore: modified VcAndDiscloseProof struct * chore: more review changes * feat: impl DefaultConfig and InMemoryConfigStore * chore: refactor and export functions * fix: module import and README * chore: remove example folder * chore: remove pointers from VerificationConfig * chore: coderabbit review fixes * chore: more coderabbit review fix * chore: add license * fix: convert attestationIdd to int * chore: remove duplicate code --------- Co-authored-by: ayman <[email protected]> * Moving proving Utils to common (#935) * remove react dom * moves proving utils to the common * need to use rn components * fix imports * add proving-utils and dedeuplicate entry configs for esm and cjs. * must wrap in text component * fix metro bundling * fix mock import * fix builds and tests * please save me * solution? * fix test * Move proving inputs to the common package (#937) * create ofactTree type to share * move proving inputs from app to register inputs in common * missed reexport * ok * add some validations as suggested by our ai overlords * Fix mock passport flow (#942) * fix dev screens * add hint * rename * fix path * fix mobile-ci path * fix: extractMRZ (#938) * fix: extractMRZ * yarn nice && yarn types * fix test: remove unused * fix mobile ci * add script --------- Co-authored-by: Justin Hernandez <[email protected]> * Move Proving attest and cose (#950) * moved attest and cose utils to common with cursor converted tests in common to use vitest and converted coseVerify.test to vitest after moving from app to common what does cryptoLoader do? * moved away * get buff Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * SELF-253 feat: add user email feedback (#889) * feat: add sentry feedback * add sentry feedback to web * feat: add custom feedback modal & fix freeze on IOS * yarn nice * update lock * feat: show feedback widget on NFC scan issues (#948) * feat: show feedback widget on NFC scan issues * fix ref * clean up * fix report issue screen * abstract send user feedback email logic * fixes * change text to Report Issue * sanitize email and track event messge * remove unnecessary sanitization * add sanitize error message tests * fix tests * save wip. almost done * fix screen test * fix screen test * remove non working test --------- Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> * chore: centralize license header checks (#952) * chore: centralize license header scripts * chore: run license header checks from root * add header to other files * add header to bundle * add migration script and update check license headers * convert license to mobile sdk * migrate license headers * remove headers from common; convert remaining * fix headers * add license header checks * update unsupported passport screen (#953) * update unsupported passport screen * yarn nice --------- Co-authored-by: Vishalkulkarni45 <[email protected]> Co-authored-by: ayman <[email protected]> Co-authored-by: Aaron DeRuvo <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Seshanth.S🐺 <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * bump version * bump yarn.lock * update ci (#966) * chore: Manually bump and release v2.6.4 (#961) * update lock files * bump and build android * update build artifacts * show generate mock document button * update lock * fix formatting and update failing e2e test * revert podfile * fixes * fix cold start of the app with deeplink * update ci * update ci * Sync MARKETING_VERSION to iOS project files after version bump * chore: incrementing android build version for version 2.6.4 [github action] (#976) Co-authored-by: remicolin <[email protected]> * chore: add build dependencies step for iOS and Android in mobile deploy workflow * chore: enhance mobile deploy workflow by adding CMake installation step * bump android build version * chore: incrementing android build version for version 2.6.4 [github action] (#985) Co-authored-by: remicolin <[email protected]> * chore: configure Metro bundler for production compatibility in mobile deploy workflow * chore: incrementing android build version for version 2.6.4 [github action] (#987) Co-authored-by: remicolin <[email protected]> * Revert "chore: configure Metro bundler for production compatibility in mobile deploy workflow" This reverts commit 60fc1f2580c2f6ad3105d8b904d969412a18bd2e. * reduce max old space size in mobile-deploy ci * fix android french id card (#957) * fix android french id card * fix common ci cache * feat: log apdu (#988) --------- Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Seshanth.S🐺 <[email protected]> * unblock ci * fix merge * merge fixes * fix tests * make ci happy --------- Co-authored-by: turnoffthiscomputer <[email protected]> Co-authored-by: pputman-clabs <[email protected]> Co-authored-by: Self GitHub Actions <[email protected]> Co-authored-by: turnoffthiscomputer <[email protected]> Co-authored-by: Vishalkulkarni45 <[email protected]> Co-authored-by: ayman <[email protected]> Co-authored-by: Aaron DeRuvo <[email protected]> Co-authored-by: Seshanth.S🐺 <[email protected]> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: fix yarn format (#1009) * fix yarn format * yarn format * fix lint * undo temporary disabling * pipeline fixes * revert nvmrc change * add new home screen (#1019) * add new home screen * fix typing issue * yarn nice * chore: update the cpp build script (#1021) * chore: install node (#1022) * chore: use node v22 (#1023) * chore: install yarn (#1024) * chore: yarn cache (#1025) * chore: sanitise node version (#1026) * remove lazy loading (#1018) * remove lazy loading * fix tests * formatting * fix imports and web ci * fix tests * fix building * fix * debug ci * fix web ci issue * fix * fix * fix ci * remove web render test * coderabbit feedback * fix ci * use import * fix lint * fix compiling * update lock * update lock * fix: update yarn.lock hash for @selfxyz/mobile-sdk-alpha Resolves CI error where yarn install --immutable failed due to outdated package hash. The hash changed from b2afc4 to f9ebb9. * fix: update yarn.lock hash after mobile-sdk-alpha changes - Hash changed from c0e6b9 to 0d0f72 due to package modifications - Cleaned caches and regenerated lockfile to ensure consistency - This resolves CI cache mismatch where old artifacts had stale hash * fix: update yarn.lock hash after building mobile-sdk-alpha - Final hash: 89f5a6 (includes built dist artifacts) - Built mobile-sdk-alpha to ensure package is in stable state - This should resolve CI immutable install errors * fix yarn lock and build * chore(ci): improve mobile e2e caching (#1010) * chore(ci): improve mobile e2e caching * chore(ci): restore deriveddata cache * chore(ci): remove ios deriveddata cache * chore(ci): cache ios derived data * chore(ci): optimize mobile deploy caching * chore(ci): enable ccache for ios e2e builds * fix(ci): add ccache path for ios e2e * moves ofac and protocol store (#1012) * move ofact tree fetch to common * move protocol store to the msdk, fix some dependencies on msdk * chore: remove register id from register circuits (#1028) * chore: remove register id from register circuits * chore: only use 128ram instance * Feat/build cpp (#1029) * chore: remove register id from register circuits * chore: only use 128ram instance * chore: build 2 circuits at a time * Remove navigationRef from provingMachine (#1011) * SDK: minimize amount of data sent through PROVING_PASSPORT_NOT_SUPPORTED event (#1030) * Fix mock passport generation (#1031) * fix mock passport generation * fix mobile ci tests * Feat/aadhaar (#949) * make contract sdk simpler (#514) * make contract sdk simpler * reduce root inputs * delete convert function * summarize our library * update npm package * update package version * update attestation id * add util function to get revealed data * Revert "make contract sdk simpler (#514)" (#518) This reverts commit 847b88d5ecc0d449b976a552f68af38eec8e561b. * merge dev into main (#576) * Feat: Show error code in SDK (#500) * feat: emit `error_code` and `reason` in app * feat: add `onError` in sdk * feat: Display reason in app * lint & fmt * feat: add scrollview in ProofRequestStatusScreen for long reasons * Fix input generation for 521bit curves (#481) * fix EC point padding for 521 bit curves * rename modulus to point in findStartIndexEC as it is a point * simplify matching logic * simplify padding logic * remove comment * remove log removing .only so the CI/CD runs circuit tests fix disclosure test fix scope in test fix scope error in circuit tests remove .only fix test * run ci/cd * Feat/simpler contract sdk (#519) * make contract sdk simpler * reduce root inputs * delete convert function * summarize our library * update npm package * update package version * update attestation id * add util function to get revealed data --------- Co-authored-by: motemotech <[email protected]> * forgot to include package update (#521) * Bump version to 2.5.1 (#522) * bump version * update fastlane * fix bump version * bump build and add todo * disable commit for now * [SEL-154] Step 1: Scan your passport (#511) * simplify navigation logic * use aesop design hook * save wip * add new aesop redesign screens * save wip design * refactor nav bar logic * fix paths * save wip * stub progress navbar and save wip * save wip progress bar animation * save wip progress bar, almost done with design * fix progress bar design * fix bottom padding * disable git commit for now * fix flaky android downloads that causes pipeline to crash * update lock for ci * [SEL-46] FE: Add minimum bottom padding (#510) * fix bottom padding for smaller screens * fix podfile post install hook permissions check * update pod lock and disable git commit action step for now * update lock * fix flaky android downloads that causes pipeline to crash * fix: improve error handling for forbidden countries list mismatch (#494) * Update SelfBackendVerifier.ts * Update constants.ts * Update formatInputs.ts * Update formatCallData.ts * DX: Auto format on save (#526) * save wip * use elint instead of prettier to sort imports * set imports to warn * sync prettier settigns * update prettier settings * save working version * fix export and disable mobile pipeline for now * limit auto formatting to the app folder * remove artefacts * SEL-187: Make bottom layout scrollable on smaller screens (#525) * fix design check * add an option to disable local sending of sentry events * better sentry enable / disable * fix scan passport height * make bottom layout scrollable so it doesn't squish top screen * simpler logic check. don't create new env var * fix internet connection issues * readd comment * use isConnected instead of internet reachable * use a dynamic bottom panel height * add missing recovery screens * move aesop below * remove dupe export * fix rebase * fix android package download issue * Feat/extend id support (#517) * refactor proving impleting xstate, speedup proving * add disclosure proof support * keep refactoring provingMachine, clean old implementation * call init method when switching from dsc to register * rebase with dev to display why the proof verification failed * refactor ws connexion between front-end and mobile to retrieve self-app * update the webclient at proofVerification and use selfAppStore in provingMachine * fix provintStore.init in ProveScreen * yarn nice * fetch data correctly in splash screen * Bump build versions for 2.5.1 (#531) * release new builds * fix app and build versions * fix env check * display error animation on failure on loading screen (#532) * display error animation on failure on loading screen * remove log --------- Co-authored-by: Justin Hernandez <[email protected]> * ci: bump actions/checkout to v4 (#529) * make contract sdk simpler (#514) * make contract sdk simpler * reduce root inputs * delete convert function * summarize our library * update npm package * update package version * update attestation id * add util function to get revealed data * Revert "make contract sdk simpler (#514)" (#518) This reverts commit 847b88d5ecc0d449b976a552f68af38eec8e561b. * ci: bump actions/checkout to v4 --------- Co-authored-by: nicoshark <[email protected]> Co-authored-by: turnoffthiscomputer <[email protected]> * fix italy (#530) * Fix/proving machine endpoint type (#538) * store endpoint type in proving machine * yarn nice * fix splash screen error (#539) * New bug fix build for v2.5.1 (#540) * bump new build for dev fixes * update lock * reinstall before running local deploy * SEL-178: Improve haptic feedback library (#535) * fix dev settings typing * add dev screens file * save haptic feedback progress * change ordedr * fix initial route and add haptic feedback screen to dev settings options * add delete scripts (#542) * update staging registry address (#545) * feat: Add Disclose history (#533) * feat: Add Disclose history * fix: Duplicate history in list * fix: Outdated disclosures * Delete app/ios/Self copy-Info.plist * allow a scale of up to 1.3 (#546) * allow a scale of up to 1.3 * update lock files * clean up unused imports * fix settings * add common sdk (#537) * add common sdk * remove sdk backend api * remove registry * regenerate sha256 rsa dsc each time * download ski-pem dynamically on staging, refactor initpassportDataParsing * add state machine for button on prove screen, improve ux on splash screen * fetch ski-pem in production * fix linter issues * fix prove screen button bugs * update podfile.lock and yarn.lock * run linter in circuits repo * bump build * bump version for sentry debugging * bump ios to version 118 --------- Co-authored-by: Justin Hernandez <[email protected]> * better connection check (#548) * Clean up navigation and setup Jest (#549) * remove dupe account screens and prefer the term home * organize screen loading better * sort keys * rename screen files wip * fix deleted directory issues * rename folders * fix paths and naming * save working jest import test * save base working jest navigation test * finalize navigation refactor and jest test * update test name and podfile lock * remove unused packages * use the correct version of react test renderer * bump build (#552) * Eth dublin (#554) * add mock id card generator * add genMockIdDoc in common/sdk exports * onboard developer id using deeplink, allow custom birthdate on mockpassport * log more dsc info (#558) * Push notification (#536) * add push notification feature * merge new app impl * change dsc key * import * reverse mock dsc * worked in the ios * checked in android * update url and delete console * delete small changes * lint * add yarn.lock * fix warning message * add mock notification service for test code * fix path for the mock implementation * add mock deeplink to the test code * nice notificationServiceMock.js * delete unused firebase related implementation * fix wording and UI related to notification service * hotfix on mockdatascreen --------- Co-authored-by: turnoffthiscomputer <[email protected]> * Fix deeplink 2 (#560) * fix deeplink * fix deeplink * yarn nice * feat: Use vision for MRZ scanning (SEL-47) (#557) * feat: Use vision for MRZ scanning * modify label to position the smartphone during the OCR scan --------- Co-authored-by: turnoffthiscomputer <[email protected]> * SEL-255: improved loading screen with estimated wait times (#550) * create new loading screen and rename static to misc * fix route * save wip loading screen * save wip animation * save static wip design * continue * splash * add a loading screen text helper * add test for loading screen text * save wip. almost there * update haptic logic * better feedback and add dev scren * save current work * update text logic and tests * load passport metadata in loading screen * simplify and fix tests * test for additional exponents * add new animation * rename file * consolidate ui useEffect and fix loading screen layout * fix current state * remove mockPassportFlow param * merge new loading screen and new notification logic * simplify * update lock * use passportMetadata instead of metadata * save simplification * update loading text based on pr feedback and tests * Bump v2.5.1: ios 122; android 60 (#561) * increment build to 120 * bump builds for 2.5.1. ios 121; android 60 * clean up logic * upgrade react native firebase for privacy manifests * update react native keychain to fix could not recover issue (#564) * fix: update ocr corrections (#563) * Chore: Polish proof history to prep for release (#566) * clean up nav and home boundaries, passport data screen insets * migrate proof history screen out of settings * minor clean up * save wip * add new ibm plex mono font and clean up proof detail screen * remove test data * remove extra loading screen text * remove unnecessary ceil * Bump v2.5.1; ios 123; android 62 (#565) * bump to build 61 * bump ios version * update version * Feature/add prettier formatter (#568) * Add Prettier configuration and ignore files for code formatting - Created .prettierignore to exclude specific directories and files from formatting. - Added .prettierrc.yml with custom settings for print width and trailing commas. - Updated package.json to include Prettier and its Solidity plugin as dependencies, along with scripts for formatting and checking code. * Run prettier formatting * fix nationality using mock passports * SEL-181 & SEL-252: Update mobile app events (#570) * improve analytics handling * add error boundary that flushes segment events before error occurs * upgrade segment analytics package * flush analytics when user encounters error screen * track all click events * add tracking to loading screen * better init and click event names * track cloud backup and modal actions * use __DEV__ for debugging * add tracking to account recovery, auth, mock data * return false instead of throwing * add more tracking events * save wip event updating * abstract analytic event names * update click events * clean up * move reasons comment * add unsupported passport event * Feature/enhance self verification root (#569) * Add SelfVerificationConsumer contract for self-verification logic - Introduced an abstract contract, SelfVerificationConsumer, that extends SelfVerificationRoot. - Implemented nullifier tracking, verification success events, and customizable validation and update methods for nullifiers. - Added error handling for nullifier check failures and hooks for derived contracts to implement custom logic after successful verification. * Add SelfHappyBirthday contract example using SelfVerificationConsumer - Introduced SelfHappyBirthday contract that allows users to claim USDC on their birthday. - Integrated SelfVerificationConsumer for handling verification and nullifier tracking. - Added functions to set claimable amount and window, along with event emissions for state changes. - Implemented logic to check if the claim is within the user's birthday window and transfer USDC accordingly. * Refactor imports in HappyBirthday contract for better organization - Updated import statements in HappyBirthday.sol to use relative paths for ISelfVerificationRoot, SelfCircuitLibrary, and SelfVerificationConsumer. - Improved code readability and maintainability by organizing imports more logically. * Refactor Airdrop contract to use SelfVerificationConsumer for registration logic - Updated Airdrop contract to inherit from SelfVerificationConsumer instead of SelfVerificationRoot. - Refactored mappings for user identifiers and nullifiers for improved clarity and functionality. - Enhanced error handling and updated function parameters for consistency. - Implemented new validation and update methods for nullifiers, streamlining the registration process. - Removed deprecated verifySelfProof function and integrated logic into new methods. * Add events and refactor SelfVerificationRoot and related contracts - Introduced new events in SelfVerificationRoot for verification configuration updates, scope changes, and attestation ID management. - Updated Airdrop contract to remove deprecated events and added a new event for Merkle root updates. - Refactored SelfPassportERC721 to inherit from SelfVerificationConsumer, enhancing verification logic and event handling. - Improved function parameters for consistency and clarity across contracts. * Refactor contracts to use SelfVerificationRoot and enhance verification logic - Removed SelfVerificationConsumer contract and updated related contracts to inherit from SelfVerificationRoot. - Refactored mappings and event emissions in Airdrop, HappyBirthday, and SelfPassportERC721 for improved clarity and functionality. - Enhanced verification success hooks to include user identifiers and nullifiers for better tracking. - Updated constructor parameters for consistency across contracts and improved error handling for user registration and claims. * Refactor constructor in SelfPassportERC721 for improved readability * Refactor function parameters in SelfVerificationRoot and related contracts * Refactor constructor parameter names in IdentityVerificationHub, Airdrop, IdentityRegistry, and ProxyRoot contracts for improved clarity and consistency * fix getCircuitName function (#575) * fix getCircuitName function * fix getCircuitName function * feat: Read ID cards (#571) * Update GitHub checkout action from v3 to v4 (#544) * Bump build version 2.5.2 to test react native keychain (#572) * bump build and version * bump version 2.5.2 * don't downgrade react native keychain * update app/README.md toolchain instructions (#140) * bump build (#580) --------- Co-authored-by: Seshanth.S🐺 <[email protected]> Co-authored-by: turboblitz <[email protected]> Co-authored-by: motemotech <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: crStiv <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: James Niken <[email protected]> Co-authored-by: Kevin Lin <[email protected]> Co-authored-by: leopardracer <[email protected]> Co-authored-by: Olof Andersson <[email protected]> * feat(wip): register circuit for aadhaar * chore: add anon aadhar circuits * chore: remove sc and disclose selfrica test * feat: extract aadhaar qr data * test: aadhaar qr data extract circuit * test: aadhaar register circuit * feat: extract pincode and ph no last 4 digit * fix: register aadhaar nullifier and commitment * test: Verify commitment circuit of aadhaar * feat: add photoHash inside commitment * feat: build Aadhaar OFAC SMT * feat: ofac check and reveal data (test done) * test: qr extractor for custom data input * feat: add state as reveal data inside VC and disclose * chore: add comments * fix: num2Ceil component * chore: review changes * chore: use passport SignatureVerifier * fix: signatureVerifier inputs * feat: extract ascii values of fields * feat: provide users the flexibility to reveal specific characters of a field * chore: refactor * test: register aadhaar for tampered data * test(wip): should return 0 if in ofac list * test: ofac check * test: register aadhaar circuit for different qr data * merge dev into main (#683) * remove sdk/tests (#622) * remove sdk/tests * chore: update yarn.lock --------- Co-authored-by: Ayman <[email protected]> * fix: add range check on paddedInLength of shaBytesDynamic (#623) * fix ci (#626) * implement self uups upgradeable (#592) * implement self uups upgradeable * small changes in identityVerificationHubImplV2 * delete aderyn.toml * chore: add custom verifier * chnage return output * feat: use self structs and a Generic output struct * feat: add userIdentifier, nullifier, forbiddencountries to returned output * add root view functions from registry * fix: build and compilation errors * add userDefined data into selfVerificationRoot * "resolve conflicts" * fix compilation problem * fix how to register verification config * test: CustomVerifier * fix verification root and hub integration * add scope check in hub impl * replace poseidon hash to ripemd+sha256 * add todo list * feat: refactor and add test cases for generic formatter * add performUserIdentifierCheck in basicVerification * change how to handle additionalData and fix stack too deep * start adding test codes * fix dependency problems in monorepo * fix: forbidden countries (#612) LGTM! * able to run test code * pass happy path * delete unused codes * change error code name, add caller address validation and add scripts to run test and build in monorepo * add all test cases in vcAndDisclose flow * remove comment out * chore: use actual user identifier outputs * success in registration tests * cover all cases * pass contractVersion instead of circuitVersion * fix disclose test * chore: add natspecs for ImplHubV2, CustomVerifier and GenericFormatter * change val name and remove unused lines * add val name change * remove userIdentifier from return data * feat: use GenericDiscloseOutput struct in verfication hook fix test cases for user identifier * chore: change the function order for Hub Impl V2 (#625) * fix nat specs * add nat spec in SelfStructs --------- Co-authored-by: Ayman <[email protected]> Co-authored-by: Nesopie <[email protected]> * prettier (#629) * CAN auth - android (#613) * add missed files * add NFCMethodSelectionScreen * bump android build --------- Co-authored-by: Justin Hernandez <[email protected]> * feat: add MRZ correction method to NFCMethodSelectionScreen (#627) * add npm auth token env (#632) * bump sdk version (#633) * publish npm package when merging on dev * bump common sdk version * replace yarn publish by npm publish * update common package version * Simplify dev mode gesture (#635) * Simplify developer mode gesture * Enable dev mode on MockData screen with five taps * add build smt function to common sdk * update vc_and_disclose_id test (dev branch) (#641) * fix: vc_and_disclose_id test * chore: yarn prettier * Show modal on NFC scan error (#642) * Add help button and error modal actions * fix the screen management * yarn nice * Bump build v2.5.4: ios 132; android 71 (#631) * bump version and build numbers * remove tamagui/toast * fix marketing version * fix: update TD1 and TD3 checks (#643) * bum yarn.lock * Bump build: ios 133; android 72 and build fixes (#654) * update gesture version and bump android build * bump and fix ios build * update lock files * fixes * fix fotoapparat library source * Update example contracts to include EUID usage (#656) * refactor: update HappyBirthday contract to V2 with support for E-Passport and EUID cards, introduce bonus multipliers, and enhance verification logic * refactor: update Airdrop contract to V2 with support for E-Passport and EU ID Card attestations * refactor: remove BASIS_POINTS constant from Airdrop contract * feat: introduce SelfIdentityERC721 contract for issuing NFTs based on verified identity credentials, replacing SelfPassportERC721 * fix: update verification functions in Airdrop, HappyBirthday, and SelfIdentityERC721 contracts to use customVerificationHook * cherry pick commit from add-test-self-verification... * block non-dev pr to main branch * audit fixes (#645) * merge dev branch into main (#624) * remove sdk/tests (#622) * remove sdk/tests * chore: update yarn.lock --------- Co-authored-by: Ayman <[email protected]> * fix: add range check on paddedInLength of shaBytesDynamic (#623) * fix ci (#626) --------- Co-authored-by: Ayman <[email protected]> Co-authored-by: Vishalkulkarni45 <[email protected]> * update contracts (#628) * remove sdk/tests (#622) * remove sdk/tests * chore: update yarn.lock --------- Co-authored-by: Ayman <[email protected]> * fix: add range check on paddedInLength of shaBytesDynamic (#623) * fix ci (#626) * implement self uups upgradeable (#592) * implement self uups upgradeable * small changes in identityVerificationHubImplV2 * delete aderyn.toml * chore: add custom verifier * chnage return output * feat: use self structs and a Generic output struct * feat: add userIdentifier, nullifier, forbiddencountries to returned output * add root view functions from registry * fix: build and compilation errors * add userDefined data into selfVerificationRoot * "resolve conflicts" * fix compilation problem * fix how to register verification config * test: CustomVerifier * fix verification root and hub integration * add scope check in hub impl * replace poseidon hash to ripemd+sha256 * add todo list * feat: refactor and add test cases for generic formatter * add performUserIdentifierCheck in basicVerification * change how to handle additionalData and fix stack too deep * start adding test codes * fix dependency problems in monorepo * fix: forbidden countries (#612) LGTM! * able to run test code * pass happy path * delete unused codes * change error code name, add caller address validation and add scripts to run test and build in monorepo * add all test cases in vcAndDisclose flow * remove comment out * chore: use actual user identifier outputs * success in registration tests * cover all cases * pass contractVersion instead of circuitVersion * fix disclose test * chore: add natspecs for ImplHubV2, CustomVerifier and GenericFormatter * change val name and remove unused lines * add val name change * remove userIdentifier from return data * feat: use GenericDiscloseOutput struct in verfication hook fix test cases for user identifier * chore: change the function order for Hub Impl V2 (#625) * fix nat specs * add nat spec in SelfStructs --------- Co-authored-by: Ayman <[email protected]> Co-authored-by: Nesopie <[email protected]> * prettier (#629) --------- Co-authored-by: Ayman <[email protected]> Co-authored-by: Vishalkulkarni45 <[email protected]> Co-authored-by: nicoshark <[email protected]> Co-authored-by: Nesopie <[email protected]> * fix: vc_and_disclose_id test (#640) * fix: vc_and_disclose_id test * chore: yarn prettier * fix: check if a config id exists * chore: change the function where the config not set verification is happening * fix: add await * feat: add getConfigId function in SelfVerificationRoot (#650) * feat: add getConfigId function in SelfVerificationRoot * update comment --------- Co-authored-by: motemotech <[email protected]> * chore: fix ofac end index in eu id cards * chore: fix tests * fix: example contracts and tests --------- Co-authored-by: turnoffthiscomputer <[email protected]> Co-authored-by: Vishalkulkarni45 <[email protected]> Co-authored-by: nicoshark <[email protected]> * Update deployment module for Identity Verification Hub V2 with detailed documentation and library linkage for CustomVerifier. Update initialization process to reflect changes in V2 implementation, ensuring proper setup for proxy deployment. (#658) * publish npm-package (#651) * App/eu id updates (#638) * fix build issues * generate disclosure proof with euids * generate disclosure proof with euids * Eu id updates 2 (#648) * update vc_and_disclose_id test (dev branch) (#641) * fix: vc_and_disclose_id test * chore: yarn prettier * Show modal on NFC scan error (#642) * Add help button and error modal actions * fix the screen management * yarn nice * Bump build v2.5.4: ios 132; android 71 (#631) * bump version and build numbers * remove tamagui/toast * fix marketing version * fix: update TD1 and TD3 checks (#643) * bum yarn.lock * add version and user defined data --------- Co-authored-by: Vishalkulkarni45 <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Seshanth.S🐺 <[email protected]> * remove the mock user define data * get the useridentifier as a hash from the user defined data * chore: add version and userDefinedData * feat: use the version in register / dsc proofs as well * update calculateUserIdentifierHash * yarn nice * refactor: consolidate user context data handling and update payload structure * fix typing issues on sha1 * remove console.log(sha1) * fix sha1 import * refactor: streamline userDefinedData handling and adjust payload type for circuit * refactor: update sha1 usage and enhance logging in calculateUserIdentifierHash * yarn nice * yarn lint common * use ts-ignore for sha1 import * fix app ci tests * fix typing issue * remove unused ts-ignore * cast uuid before calling generateinputs * bump qrcode version * add tsup on the qrcode sdk * fix: exports on selfxyz/qrcode * update how we define config.version * fix yarn imports * yarn format --------- Co-authored-by: Vishalkulkarni45 <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Seshanth.S🐺 <[email protected]> Co-authored-by: Ayman <[email protected]> * Hotfix contract compile error (#660) * Fix previous rebase error * Refactor deployment module for Identity Verification Hub V2. * Fix/sdk (#652) * fix: sdk build configs * chore: SelfBackendVerifier (WIP) * feat: add custom verification * feat: consider destination chain in user defined data * chore: export attestation id * chore: export attestation id * chore: export config storage * chore: don't throw an error if the proof is not valid * chore: trim abi and rm typechain types * refactor * chore: rm unnecessary exports * 📝 Add docstrings to `fix/sdk` (#653) Docstrings generation was requested by @remicolin. * https://github.com/selfxyz/self/pull/652#issuecomment-2992046545 The following files were modified: * `sdk/core/src/utils/hash.ts` * `sdk/core/src/utils/proof.ts` * `sdk/core/src/utils/utils.ts` Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * review fixes * chore: fix package.json cjs types * chore: add minor changes to checks * feat: add InMemoryConfigStore, allIds constant and verificationResult type * chore: export Verification config * feat: change the verification config types * fix: throw issues early if verification config is null * fix: update yarn.lock file * chore: lint * fix: rm ts expect error directive * fix: contract tests * use excluded countries instead forbidden countries list * chore: change types in constnats --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update npm-publish workflow and bump core package version to 1.0.0 (#661) * update import * Update get verification config visibility (#664) * Update deployment module for Identity Verification Hub V2 to correct file paths and module name for deployment commands. * Add troubleshooting documentation for verification issues in deployHubV2.ts. Include manual verification steps and common failure reasons to assist users during deployment. * Change visibility of getVerificationConfigV2 function from internal to public in IdentityVerificationHubImplV2 contract to allow external access. * Apply BUSL v1.1 license headers to app (#665) * Add BSL license headers to app sources * prettier * fix license reference - https://spdx.org/licenses/BUSL-1.1.html * bump build: android 73 (#659) * Contracts/deploy staging (#668) * update scripts * deploy vc and disclose id * fix the deployment scripts on staging * update yarn.lock * bump ios build and version (#669) * configure coderabbitai (#670) * tweak coderabbit * bump * more thorough test spec * Apply BSL to app codebase (#639) * Clean up root license wording * Simplify SPDX header * simplify license and rename BSL to BUSL * fix merge issues * fix missing method --------- Co-authored-by: Justin Hernandez <[email protected]> * SEL-423 apply xcode build suggestions (#671) * apply recommended app settings from xcode * stick to portrait orientation and update target settings * remove app clip references * Circuit audit fixes (#644) * feat: add range checks before use of LessEqThan and SelectSubArray * fix: Num2Bits_strict to constrain virtualKey * bump core version * bump core version and fix ci * chore: use npm_auth_token in yarnrc * chroe: rm yarnrc changes * chore: update npm publish * chore: run npm publish manually * chore: change hub contract address (#675) * Update npm-publish.yml * chore: use proper secret when publishing * feat: enable publishing if workflow was triggered manually * Contracts/update verifier (#673) * update hardhat config * update vc and disclose verifier * update vc and disclose verifier script and run it * update test self verification root * update verifier * bump sdk version and use new hub address * chore: update zk-kit binary merkle root dep (#674) * refactor deployment scripts (#678) * feat: add register eu id instances (#682) * feat: add register eu id instances * feat: add new instances * chore: update scripts * chore: fix sig alg * chore: rm circuits --------- Co-authored-by: Ayman <[email protected]> Co-authored-by: Vishalkulkarni45 <[email protected]> Co-authored-by: nicoshark <[email protected]> Co-authored-by: Nesopie <[email protected]> Co-authored-by: Seshanth.S🐺 <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Kevin Lin <[email protected]> Co-authored-by: kevinsslin <[email protected]> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Eric Nakagawa <[email protected]> * fix: commitment hash * fix: register aadhaar test * chore: refactor * feat: reveal data in packed bytes * feat: add constrain on delimiterIndices * feat: reveal timestamp * merge main to feat/aadhaar * fix: tests * feat: hash pubKey * feat: add registry contract * feat: Update HubImplV2 (WIP) * add functions to generate aadhaar data (WIP) * modularize aadhaar data generation (WIP) * fix(wip): register test * fix: test qr extractor * fix * chore: refactor functions * feat: add age extractor and tested * feat: add isMiniumAge check * fix: prepareAadhaarTestData func * registry contract tests * feat: registry contract tests * feat: extract fields from qr data bytes * chore: refactor mockData * feat: move minimum age to revealPackedData * feat: create a constant.ts to retrive fields from unpacked bytes * chore: refactor * fix: exports * rebase * rebase * feat: add public signal ,indices mapping * chore: add public output to indices mapping * fix:AADHAAR_PUBLIC_SIGNAL_INDICES * feat: make nullifier public * fix: nullifier cal for disclose circuits * feat: merge isMiniumAgeValid and miniumAge signal * fix: disclsoe test * feat: support for user identifier and secret * chore :refactor * feat: ofac test last name , firstname * feat: add forbidden_countries_list check * feat: add tests for aadhaar (WIP) * failing ofac tests * feat: finish contract tests * fix: merge conflicts * update the common package to be usable in circuits and contracts * lint everything * coderabbit fixes * chore: update name dob,yob aadhaar ofac tree * feat: merge ofac and reverse ofac check into one * test: merged ofac constrain * SELF-253 feat: add user email feedback (#889) * feat: add sentry feedback * add sentry feedback to web * feat: add custom feedback modal & fix freeze on IOS * yarn nice * update lock * feat: show feedback widget on NFC scan issues (#948) * feat: show feedback widget on NFC scan issues * fix ref * clean up * fix report issue screen * abstract send user feedback email logic * fixes * change text to Report Issue * sanitize email and track event messge * remove unnecessary sanitization * add sanitize error message tests * fix tests * save wip. almost done * fix screen test * fix screen test * remove non working test --------- Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> * chore: centralize license header checks (#952) * chore: centralize license header scripts * chore: run license header checks from root * add header to other files * add header to bundle * add migration script and update check license headers * convert license to mobile sdk * migrate license headers * remove headers from common; convert remaining * fix headers * add license header checks * update unsupported passport screen (#953) * update unsupported passport screen * yarn nice * feat: support new ofac trees * fix: qr extractor tests * chore: remove unassigned age signal * chore: modify timestamp func comment * fix: add constrain on photo bytes delimiter * fix: add range check on minimumAge within 2^7 * fix: range check for country not in list * chore: remove dummy constrain * fix: assert lessthan * fix: check is photoEOI valid * fix: replace maxDataLength with qrPaddedLength for valid del indices * feat: update forbidden countries in disclose and disclose id * feat: convert name to uppercase * fix: add constrain between delimiter and photoEOI * feat: support for phno len 4 and 10 * chore: hard-code attestaion_ID to 3 * feat: calculate nullifier using uppercase name * feat: add real id support * fix: rebase error * chore: refactor * add new nullifier and commitment calc * fix: reuse uppercase name from verify commitment * feat: add a function that will iterate though all pubkeys * chore: skip real id test * chore: yarn format * chore: update yarn.lock * chore: rm trailing / from import * chore: add support for issuing state * chore: linting and types * chore: rm types script from circuits * chore: add license header --------- Co-authored-by: nicoshark <[email protected]> Co-authored-by: turnoffthiscomputer <[email protected]> Co-authored-by: Seshanth.S🐺 <[email protected]> Co-authored-by: turboblitz <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: crStiv <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: James Niken <[email protected]> Co-authored-by: Kevin Lin <[email protected]> Co-authored-by: leopardracer <[email protected]> Co-authored-by: Olof Andersson <[email protected]> Co-authored-by: vishal <[email protected]> Co-authored-by: Vishalkulkarni45 <[email protected]> Co-authored-by: kevinsslin <[email protected]> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Eric Nakagawa <[email protected]> * fix: CLA not supported (#1027) * fix: CLA not supported * fix "yarn android" building * remove unnecessary commands --------- Co-authored-by: Justin Hernandez <[email protected]> * chore: bump app version v2.6.5 (#1034) * update gem lock * bump build and version * fix app versions * chore: fix nfc passport reader private repo access (#1042) * add internal repo pat * update nfc passport reader location * update workflows to use PAT to access NFC Passport Reader * fix ci * update logic to access private repo * build(android): support 16KB page size (#1043) * build(android): support 16KB page size * fix 16kb * update lock * chore: bump v2.6.5 for release (#1036) * bump build * update to ssh clone to fix local build * update podfile lock * fix version * Feat/build aadhaar (#1044) * feat: build aadhaar circuits as well in the ci * feat: add register aadhaar case handling * fix aadhaar register output after building the cpp circuit (#1045) * fix: metro js crypto module build issues (#1047) * fix sdk build issues * fix build error * sort and fix dependencies * add constants-browserify * feat: add new verifiers (#1049) * feat: add new verifiers * format: contracts * fix: ofac check to aadhaar (#1050) * fix: hub-v2 (#1051) * Add DisclosureVerified event for comprehensive verification tracking (#945) * Add VerificationPerformed event to track verification calls - Added VerificationPerformed event with comprehensive tracking fields - Captures requestor contract, version, attestation ID, chain ID, config ID, user identifier, output, and user data - Enhanced _executeVerificationFlow to return additional tracking data - Event emission placed after verification completion for accurate tracking * chore: run formatter * chore: rename verify event name to DisclosureVerified * move clearPassportData, markCurrentDocumentAsRegistered, reStorePassportDataWithRightCSCA to SDK (#1041) * Move self app store to mobile sdk (#1040) * chore(mobile-sdk-alpha): remove unused tslib dependency (#1053) * remove tslib -- seems unused * remove deps accidentally added to root * build file * remove unused imports (#1055) * fix: sha256 signed attr tests (#1058) * fix mock screen launch (#1059) * Hotfix: Belgium ID cards (#1061) * feat: parse belgium TD1 mrz android * feat: Parse Belgium TD1 MRZ IOS * fix: OFAC trees not found (#1060) * fix: relax OFAC tree response validation * test: cover OFAC tree edge cases * fix stateless * revert and fix types * fix tests * [SELF-723] feat: add structured NFC and Proof logging (#1048) * feat: add structured NFC logging * fix ci * Fix: add deps * logging fixes. use breadcrumbs * fix android build * update SeverityLevel * [SELF-705] feat: add proof event logging (#1057) * feat: add proof event logging * refactor: unify sentry event logging * fix types * fix mock * simplify * code rabbit feedback * fix tests --------- Co-authored-by: seshanthS <[email protected]> * skip on dev (#1063) * don't get fancy just disable (#1064) * saw it building so gonna try (#1065) * Dev (#1074) * chore: bump v2.6.5 rd2 (#1067) * commit wip version bump * remove from building * chore: update tooling dependencies (#1069) * chore: update tooling dependencies * chore: align react typings and node types * update lock * chore: minor fixes across monorepo (#1068) * small fixes * fixes * fix gesture handler error * ci fixes * fix yarn build; add workflow ci (#1075) * add new workspace ci * disable package version check for now * build before checks * format * fix in future pr * feat: add functions for disclosing aadhaar attributes (#1033) * feat: add functions for disclosing aadhaar attributes * format * chore: update monorepo artifacts (#1079) * remove unneeded artifacts, skip building circuits * update md files * cleans up unused parts of sdk interface, adds inline documentation, (#1078) * cleans up unused parts of sdk interface, adds inline documentation, * fix up build * yolo * Feat/aadhaar sdk (#1082) * feat: add aadhaar support to the ts sdk * feat: aadhaar support to go sdk * chore: refactor * move clearPassportData, markCurrentDocumentAsRegistered, reStorePassportDataWithRightCSCA to SDK (#1041) * Move self app store to mobile sdk (#1040) * chore(mobile-sdk-alpha): remove unused tslib dependency (#1053) * remove tslib -- seems unused * remove deps accidentally added to root * build file * remove unused imports (#1055) * fix: sha256 signed attr tests (#1058) * fix mock screen launch (#1059) * Hotfix: Belgium ID cards (#1061) * feat: parse belgium TD1 mrz android * feat: Parse Belgium TD1 MRZ IOS * fix: OFAC trees not found (#1060) * fix: relax OFAC tree response validation * test: cover OFAC tree edge cases * fix stateless * revert and fix types * fix tests * [SELF-723] feat: add structured NFC and Proof logging (#1048) * feat: add structured NFC logging * fix ci * Fix: add deps * logging fixes. use breadcrumbs * fix android build * update SeverityLevel * [SELF-705] feat: add proof event logging (#1057) * feat: add proof event logging * refactor: unify sentry event logging * fix types * fix mock * simplify * code rabbit feedback * fix tests --------- Co-authored-by: seshanthS <[email protected]> * skip on dev (#1063) * don't get fancy just disable (#1064) * saw it building so gonna try (#1065) * chore: bump v2.6.5 rd2 (#1067) * commit wip version bump * remove from building * chore: update tooling dependencies (#1069) * chore: update tooling dependencies * chore: align react typings and node types * update lock * chore: minor fixes across monorepo (#1068) * small fixes * fixes * fix gesture handler error * ci fixes * fix yarn build; add workflow ci (#1075) * add new workspace ci * disable package version check for now * build before checks * format * fix in future pr * feat: add functions for disclosing aadhaar attributes (#1033) * feat: add functions for disclosing aadhaar attributes * format * chore: update monorepo artifacts (#1079) * remove unneeded artifacts, skip building circuits * update md files * chore: update hub contract address * format * fix: add aadhaar in AllIds * chore: bump to v1.1.0-beta --------- Co-authored-by: vishal <[email protected]> Co-authored-by: Leszek Stachowski <[email protected]> Co-authored-by: Aaron DeRuvo <[email protected]> Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Seshanth.S🐺 <[email protected]> Co-authored-by: seshanthS <[email protected]> * feat: change to gcp attestation verification (#959) * feat: change to gcp attestation verification * lint * fix e2e test * chore: don't check PCR0 mapping if building the app locally * fmt:fix --------- Co-authored-by: Justin Hernandez <[email protected]> * Mobile SDK: move provingMachine from the app (#1052) * Mobile SDK: move provingMachine from the app * lint, fixes * fix web build? * lint * fix metro build, add deps * update lock files * move the status handlers and proving machine tests * may it be * fix up * yolo --------- Co-authored-by: Justin Hernandez <[email protected]> Co-authored-by: Aaron DeRuvo <[email protected]> * Revert "Mobile SDK: move provingMachine from the app (#1052)" (#1084) This reverts commit 8983ac22688f731bca8890cbf9be9c85b4ac2bf…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Changes
Tests
Chores